From d652e878540936e6b676189863553337fa037b98 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Apr 12 2011 14:58:28 +0000
Subject: Policy files should not be in repository


---

diff --git a/policy/constraints b/policy/constraints
deleted file mode 100644
index 155883b..0000000
--- a/policy/constraints
+++ /dev/null
@@ -1,245 +0,0 @@
-
-#
-# Define the constraints
-#
-# constrain class_set perm_set expression ;
-#
-# expression : ( expression ) 
-#	     | not expression
-#	     | expression and expression
-#	     | expression or expression
-#	     | u1 op u2
-#	     | r1 role_op r2
-#	     | t1 op t2
-#	     | u1 op names
-#	     | u2 op names
-#	     | r1 op names
-#	     | r2 op names
-#	     | t1 op names
-#	     | t2 op names
-#
-# op : == | != 
-# role_op : == | != | eq | dom | domby | incomp
-#
-# names : name | { name_list }
-# name_list : name | name_list name		
-#
-
-define(`basic_ubac_conditions',`
-	ifdef(`enable_ubac',`
-		u1 == u2
-		or u1 == system_u
-		or u2 == system_u
-		or t1 != ubac_constrained_type
-		or t2 != ubac_constrained_type
-	')
-')
-
-define(`basic_ubac_constraint',`
-	ifdef(`enable_ubac',`
-		constrain $1 all_$1_perms
-		(
-			basic_ubac_conditions
-		);
-	')
-')
-
-define(`exempted_ubac_constraint',`
-	ifdef(`enable_ubac',`
-		constrain $1 all_$1_perms
-		(
-			basic_ubac_conditions
-			or t1 == $2
-		);
-	')
-')
-
-########################################
-#
-# File rules
-#
-
-exempted_ubac_constraint(dir, ubacfile)
-exempted_ubac_constraint(file, ubacfile)
-exempted_ubac_constraint(lnk_file, ubacfile)
-exempted_ubac_constraint(fifo_file, ubacfile)
-exempted_ubac_constraint(sock_file, ubacfile)
-exempted_ubac_constraint(chr_file, ubacfile)
-exempted_ubac_constraint(blk_file, ubacfile)
-
-# SELinux object identity change constraint:
-constrain dir_file_class_set { create relabelto relabelfrom } 
-(
-	u1 == u2
-	or t1 == can_change_object_identity
-);
-
-########################################
-#
-# Process rules
-#
-
-ifdef(`enable_ubac',`
-	constrain process { sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setrlimit }
-	(
-		basic_ubac_conditions
-		or t1 == ubacproc
-	);
-')
-
-constrain process { transition noatsecure siginh rlimitinh }
-(
-	u1 == u2
-	or ( t1 == can_change_process_identity and t2 == process_user_target )
-       	or ( t1 == cron_source_domain and ( t2 == cron_job_domain or u2 == system_u ) )
-	or ( t1 == can_system_change and u2 == system_u )
-	or ( t1 == process_uncond_exempt )
-);
-
-constrain process { transition noatsecure siginh rlimitinh }
-(
-	r1 == r2 
-	or ( t1 == can_change_process_role and t2 == process_user_target )
-   	or ( t1 == cron_source_domain and t2 == cron_job_domain )
-	or ( t1 == can_system_change and r2 == system_r )
-	or ( t1 == process_uncond_exempt )
-);
-
-constrain process dyntransition
-(
-	u1 == u2 and r1 == r2
-);
-
-# These permissions do not have ubac constraints:
-# fork
-# setexec
-# setfscreate
-# setcurrent
-# execmem
-# execstack
-# execheap
-# setkeycreate
-# setsockcreate
-
-########################################
-#
-# File descriptor rules
-#
-
-exempted_ubac_constraint(fd, ubacfd)
-
-########################################
-#
-# Socket rules
-#
-
-exempted_ubac_constraint(socket, ubacsock)
-exempted_ubac_constraint(tcp_socket, ubacsock)
-exempted_ubac_constraint(udp_socket, ubacsock)
-exempted_ubac_constraint(rawip_socket, ubacsock)
-exempted_ubac_constraint(netlink_socket, ubacsock)
-exempted_ubac_constraint(packet_socket, ubacsock)
-exempted_ubac_constraint(key_socket, ubacsock)
-exempted_ubac_constraint(unix_stream_socket, ubacsock)
-exempted_ubac_constraint(unix_dgram_socket, ubacsock)
-exempted_ubac_constraint(netlink_route_socket, ubacsock)
-exempted_ubac_constraint(netlink_firewall_socket, ubacsock)
-exempted_ubac_constraint(netlink_tcpdiag_socket, ubacsock)
-exempted_ubac_constraint(netlink_nflog_socket, ubacsock)
-exempted_ubac_constraint(netlink_xfrm_socket, ubacsock)
-exempted_ubac_constraint(netlink_selinux_socket, ubacsock)
-exempted_ubac_constraint(netlink_audit_socket, ubacsock)
-exempted_ubac_constraint(netlink_ip6fw_socket, ubacsock)
-exempted_ubac_constraint(netlink_dnrt_socket, ubacsock)
-exempted_ubac_constraint(netlink_kobject_uevent_socket, ubacsock)
-exempted_ubac_constraint(appletalk_socket, ubacsock)
-exempted_ubac_constraint(dccp_socket, ubacsock)
-
-constrain socket_class_set { create relabelto relabelfrom } 
-(
-	u1 == u2
-	or t1 == can_change_object_identity
-);
-
-########################################
-#
-# SysV IPC rules
-
-exempted_ubac_constraint(sem, ubacipc)
-exempted_ubac_constraint(msg, ubacipc)
-exempted_ubac_constraint(msgq, ubacipc)
-exempted_ubac_constraint(shm, ubacipc)
-exempted_ubac_constraint(ipc, ubacipc)
-
-########################################
-#
-# SE-X Windows rules
-#
-
-exempted_ubac_constraint(x_drawable, ubacxwin)
-exempted_ubac_constraint(x_screen, ubacxwin)
-exempted_ubac_constraint(x_gc, ubacxwin)
-exempted_ubac_constraint(x_font, ubacxwin)
-exempted_ubac_constraint(x_colormap, ubacxwin)
-exempted_ubac_constraint(x_property, ubacxwin)
-exempted_ubac_constraint(x_selection, ubacxwin)
-exempted_ubac_constraint(x_cursor, ubacxwin)
-exempted_ubac_constraint(x_client, ubacxwin)
-exempted_ubac_constraint(x_device, ubacxwin)
-exempted_ubac_constraint(x_server, ubacxwin)
-exempted_ubac_constraint(x_extension, ubacxwin)
-exempted_ubac_constraint(x_resource, ubacxwin)
-exempted_ubac_constraint(x_event, ubacxwin)
-exempted_ubac_constraint(x_synthetic_event, ubacxwin)
-exempted_ubac_constraint(x_application_data, ubacxwin)
-
-########################################
-#
-# D-BUS rules
-#
-
-exempted_ubac_constraint(dbus, ubacdbus)
-
-########################################
-#
-# Key rules
-#
-
-exempted_ubac_constraint(key, ubackey)
-
-########################################
-#
-# Database rules
-#
-
-exempted_ubac_constraint(db_database, ubacdb)
-exempted_ubac_constraint(db_table, ubacdb)
-exempted_ubac_constraint(db_procedure, ubacdb)
-exempted_ubac_constraint(db_column, ubacdb)
-exempted_ubac_constraint(db_tuple, ubacdb)
-exempted_ubac_constraint(db_blob, ubacdb)
-
-
-
-basic_ubac_constraint(association)
-basic_ubac_constraint(peer)
-
-
-# these classes have no UBAC restrictions
-#class security
-#class system
-#class capability
-#class memprotect
-#class passwd			# userspace
-#class node
-#class netif
-#class packet
-#class capability2
-#class nscd			# userspace
-#class context			# userspace
-
-
-
-undefine(`basic_ubac_constraint')
-undefine(`basic_ubac_conditions')
-undefine(`exempted_ubac_constraint')
diff --git a/policy/flask/Makefile b/policy/flask/Makefile
deleted file mode 100644
index 17dc174..0000000
--- a/policy/flask/Makefile
+++ /dev/null
@@ -1,51 +0,0 @@
-PYTHON ?= python
-
-# flask needs to know where to export the libselinux headers.
-LIBSELINUX_D ?= ../../libselinux
-
-# flask needs to know where to export the kernel headers.
-LINUX_D ?= ../../../linux-2.6
-
-ACCESS_VECTORS_F = access_vectors
-INITIAL_SIDS_F = initial_sids
-SECURITY_CLASSES_F = security_classes
-
-USER_D = userspace
-KERN_D = kernel
-
-LIBSELINUX_INCLUDE_H = flask.h av_permissions.h
-LIBSELINUX_SOURCE_H = class_to_string.h av_inherit.h common_perm_to_string.h av_perm_to_string.h
-
-FLASK_H = class_to_string.h flask.h initial_sid_to_string.h
-ACCESS_VECTORS_H = av_inherit.h common_perm_to_string.h av_perm_to_string.h av_permissions.h
-ALL_H = $(FLASK_H) $(ACCESS_VECTORS_H)
-
-USER_H = $(addprefix $(USER_D)/, $(ALL_H))
-KERN_H = $(addprefix $(KERN_D)/, $(ALL_H))
-
-FLASK_NOWARNINGS = --nowarnings
-
-all:  $(USER_H) $(KERN_H)
-
-$(USER_H): flask.py $(ACCESS_VECTORS_F) $(INITIAL_SIDS_F) $(SECURITY_CLASSES_F)
-	mkdir -p $(USER_D)
-	$(PYTHON) flask.py -a $(ACCESS_VECTORS_F) -i $(INITIAL_SIDS_F) -s $(SECURITY_CLASSES_F) -o $(USER_D) -u $(FLASK_NOWARNINGS)
-
-$(KERN_H): flask.py $(ACCESS_VECTORS_F) $(INITIAL_SIDS_F) $(SECURITY_CLASSES_F)
-	mkdir -p $(KERN_D) 
-	$(PYTHON) flask.py -a $(ACCESS_VECTORS_F) -i $(INITIAL_SIDS_F) -s $(SECURITY_CLASSES_F) -o $(KERN_D) -k $(FLASK_NOWARNINGS)
-
-tolib: all
-	install -m 644 $(addprefix $(USER_D)/, $(LIBSELINUX_INCLUDE_H)) $(LIBSELINUX_D)/include/selinux
-	install -m 644 $(addprefix $(USER_D)/, $(LIBSELINUX_SOURCE_H)) $(LIBSELINUX_D)/src
-
-tokern: all
-	install -m 644 $(KERN_H) $(LINUX_D)/security/selinux/include
-
-install: all
-
-relabel:
-
-clean:  
-	rm -fr userspace
-	rm -fr kernel
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
deleted file mode 100644
index 6760c95..0000000
--- a/policy/flask/access_vectors
+++ /dev/null
@@ -1,818 +0,0 @@
-#
-# Define common prefixes for access vectors
-#
-# common common_name { permission_name ... }
-
-
-#
-# Define a common prefix for file access vectors.
-#
-
-common file
-{
-	ioctl
-	read
-	write
-	create
-	getattr
-	setattr
-	lock
-	relabelfrom
-	relabelto
-	append
-	unlink
-	link
-	rename
-	execute
-	swapon
-	quotaon
-	mounton
-}
-
-
-#
-# Define a common prefix for socket access vectors.
-#
-
-common socket
-{
-# inherited from file
-	ioctl
-	read
-	write
-	create
-	getattr
-	setattr
-	lock
-	relabelfrom
-	relabelto
-	append
-# socket-specific
-	bind
-	connect
-	listen
-	accept
-	getopt
-	setopt
-	shutdown
-	recvfrom
-	sendto
-	recv_msg
-	send_msg
-	name_bind
-}	
-
-#
-# Define a common prefix for ipc access vectors.
-#
-
-common ipc
-{
-	create
-	destroy
-	getattr
-	setattr
-	read
-	write
-	associate
-	unix_read
-	unix_write
-}
-
-#
-#  Define a common prefix for userspace database object access vectors.
-#
-
-common database
-{
-	create
-	drop
-	getattr
-	setattr
-	relabelfrom
-	relabelto
-}
-
-#
-# Define a common prefix for pointer and keyboard access vectors.
-#
-
-common x_device
-{
-	getattr
-	setattr
-	use
-	read
-	write
-	getfocus
-	setfocus
-	bell
-	force_cursor
-	freeze
-	grab
-	manage
-	list_property
-	get_property
-	set_property
-	add
-	remove
-	create
-	destroy
-}
-
-#
-# Define the access vectors.
-#
-# class class_name [ inherits common_name ] { permission_name ... }
-
-
-#
-# Define the access vector interpretation for file-related objects.
-#
-
-class filesystem
-{
-	mount
-	remount
-	unmount
-	getattr
-	relabelfrom
-	relabelto
-	transition
-	associate
-	quotamod
-	quotaget
-}
-
-class dir
-inherits file
-{
-	add_name
-	remove_name
-	reparent
-	search
-	rmdir
-	open
-}
-
-class file
-inherits file
-{
-	execute_no_trans
-	entrypoint
-	execmod
-	open
-}
-
-class lnk_file
-inherits file
-
-class chr_file
-inherits file
-{
-	execute_no_trans
-	entrypoint
-	execmod
-	open
-}
-
-class blk_file
-inherits file
-{
-	open
-}
-
-class sock_file
-inherits file
-{
-	open
-}
-
-class fifo_file
-inherits file
-{
-	open
-}
-
-class fd
-{
-	use
-}
-
-
-#
-# Define the access vector interpretation for network-related objects.
-#
-
-class socket
-inherits socket
-
-class tcp_socket
-inherits socket
-{
-	connectto
-	newconn
-	acceptfrom
-	node_bind
-	name_connect
-}
-
-class udp_socket
-inherits socket
-{
-	node_bind
-}
-
-class rawip_socket
-inherits socket
-{
-	node_bind
-}
-
-class node 
-{
-	tcp_recv
-	tcp_send
-	udp_recv
-	udp_send
-	rawip_recv
-	rawip_send
-	enforce_dest
-	dccp_recv
-	dccp_send
-	recvfrom
-	sendto
-}
-
-class netif
-{
-	tcp_recv
-	tcp_send
-	udp_recv
-	udp_send
-	rawip_recv
-	rawip_send
-	dccp_recv
-	dccp_send
-	ingress
-	egress
-}
-
-class netlink_socket
-inherits socket
-
-class packet_socket
-inherits socket
-
-class key_socket
-inherits socket
-
-class unix_stream_socket
-inherits socket
-{
-	connectto
-	newconn
-	acceptfrom
-}
-
-class unix_dgram_socket
-inherits socket
-
-#
-# Define the access vector interpretation for process-related objects
-#
-
-class process
-{
-	fork
-	transition
-	sigchld # commonly granted from child to parent
-	sigkill # cannot be caught or ignored
-	sigstop # cannot be caught or ignored
-	signull # for kill(pid, 0)
-	signal  # all other signals
-	ptrace
-	getsched
-	setsched
-	getsession
-	getpgid
-	setpgid
-	getcap
-	setcap
-	share
-	getattr
-	setexec
-	setfscreate
-	noatsecure
-	siginh
-	setrlimit
-	rlimitinh
-	dyntransition
-	setcurrent
-	execmem
-	execstack
-	execheap
-	setkeycreate
-	setsockcreate
-}
-
-
-#
-# Define the access vector interpretation for ipc-related objects
-#
-
-class ipc
-inherits ipc
-
-class sem
-inherits ipc
-
-class msgq
-inherits ipc
-{
-	enqueue
-}
-
-class msg
-{
-	send
-	receive
-}
-
-class shm
-inherits ipc
-{
-	lock
-}
-
-
-#
-# Define the access vector interpretation for the security server. 
-#
-
-class security
-{
-	compute_av
-	compute_create
-	compute_member
-	check_context
-	load_policy
-	compute_relabel
-	compute_user
-	setenforce     # was avc_toggle in system class
-	setbool
-	setsecparam
-	setcheckreqprot
-}
-
-
-#
-# Define the access vector interpretation for system operations.
-#
-
-class system
-{
-	ipc_info
-	syslog_read  
-	syslog_mod
-	syslog_console
-	module_request
-}
-
-#
-# Define the access vector interpretation for controling capabilies
-#
-
-class capability
-{
-	# The capabilities are defined in include/linux/capability.h
-	# Capabilities >= 32 are defined in the capability2 class.
-	# Care should be taken to ensure that these are consistent with
-	# those definitions. (Order matters)
-
-	chown           
-	dac_override    
-	dac_read_search 
-	fowner          
-	fsetid          
-	kill            
-	setgid           
-	setuid           
-	setpcap          
-	linux_immutable  
-	net_bind_service 
-	net_broadcast    
-	net_admin        
-	net_raw          
-	ipc_lock         
-	ipc_owner        
-	sys_module       
-	sys_rawio        
-	sys_chroot       
-	sys_ptrace       
-	sys_pacct        
-	sys_admin        
-	sys_boot         
-	sys_nice         
-	sys_resource     
-	sys_time         
-	sys_tty_config  
-	mknod
-	lease
-	audit_write
-	audit_control
-	setfcap
-}
-
-class capability2 
-{
-	mac_override	# unused by SELinux
-	mac_admin	# unused by SELinux
-}
-
-#
-# Define the access vector interpretation for controlling
-# changes to passwd information.
-#
-class passwd
-{
-	passwd	# change another user passwd
-	chfn	# change another user finger info
-	chsh	# change another user shell
-	rootok  # pam_rootok check (skip auth)
-	crontab # crontab on another user
-}
-
-#
-# SE-X Windows stuff
-#
-class x_drawable
-{
-	create
-	destroy
-	read
-	write
-	blend
-	getattr
-	setattr
-	list_child
-	add_child
-	remove_child
-	list_property
-	get_property
-	set_property
-	manage
-	override
-	show
-	hide
-	send
-	receive
-}
-
-class x_screen
-{
-	getattr
-	setattr
-	hide_cursor
-	show_cursor
-	saver_getattr
-	saver_setattr
-	saver_hide
-	saver_show
-}
-
-class x_gc
-{
-	create
-	destroy
-	getattr
-	setattr
-	use
-}
-
-class x_font
-{
-	create
-	destroy
-	getattr
-	add_glyph
-	remove_glyph
-	use
-}
-
-class x_colormap
-{
-	create
-	destroy
-	read
-	write
-	getattr
-	add_color
-	remove_color
-	install
-	uninstall
-	use
-}
-
-class x_property
-{
-	create
-	destroy
-	read
-	write
-	append
-	getattr
-	setattr
-}
-
-class x_selection
-{
-	read
-	write
-	getattr
-	setattr
-}
-
-class x_cursor
-{
-	create
-	destroy
-	read
-	write
-	getattr
-	setattr
-	use
-}
-
-class x_client
-{
-	destroy
-	getattr
-	setattr
-	manage
-}
-
-class x_device
-inherits x_device
-
-class x_server
-{
-	getattr
-	setattr
-	record
-	debug
-	grab
-	manage
-}
-
-class x_extension
-{
-	query
-	use
-}
-
-class x_resource
-{
-	read
-	write
-}
-
-class x_event
-{
-	send
-	receive
-}
-
-class x_synthetic_event
-{
-	send
-	receive
-}
-
-#
-# Extended Netlink classes
-#
-class netlink_route_socket
-inherits socket
-{
-	nlmsg_read
-	nlmsg_write
-}
-
-class netlink_firewall_socket
-inherits socket
-{
-	nlmsg_read
-	nlmsg_write
-}
-
-class netlink_tcpdiag_socket
-inherits socket
-{
-	nlmsg_read
-	nlmsg_write
-}
-
-class netlink_nflog_socket
-inherits socket
-
-class netlink_xfrm_socket
-inherits socket
-{
-	nlmsg_read
-	nlmsg_write
-}
-
-class netlink_selinux_socket
-inherits socket
-
-class netlink_audit_socket
-inherits socket
-{
-	nlmsg_read
-	nlmsg_write
-	nlmsg_relay
-	nlmsg_readpriv
-	nlmsg_tty_audit
-}
-
-class netlink_ip6fw_socket
-inherits socket
-{
-	nlmsg_read
-	nlmsg_write
-}
-
-class netlink_dnrt_socket
-inherits socket
-
-# Define the access vector interpretation for controlling
-# access and communication through the D-BUS messaging
-# system.
-#
-class dbus
-{
-	acquire_svc
-	send_msg
-}
-
-# Define the access vector interpretation for controlling
-# access through the name service cache daemon (nscd).
-#
-class nscd
-{
-	getpwd
-	getgrp
-	gethost
-	getstat
-	admin
-	shmempwd
-	shmemgrp
-	shmemhost
-	getserv
-	shmemserv
-}
-
-# Define the access vector interpretation for controlling
-# access to IPSec network data by association
-#
-class association
-{
-	sendto
-	recvfrom
-	setcontext
-	polmatch
-}
-
-# Updated Netlink class for KOBJECT_UEVENT family.
-class netlink_kobject_uevent_socket
-inherits socket
-
-class appletalk_socket
-inherits socket
-
-class packet
-{
-	send
-	recv
-	relabelto
-	flow_in		# deprecated
-	flow_out	# deprecated
-	forward_in
-	forward_out
-}
-
-class key
-{
-	view
-	read
-	write
-	search
-	link
-	setattr
-	create
-}
-
-class context
-{
-	translate
-	contains
-}
-
-class dccp_socket
-inherits socket
-{
-	node_bind
-	name_connect
-}
-
-class memprotect
-{
-	mmap_zero
-}
-
-class db_database
-inherits database
-{
-	access
-	install_module
-	load_module
-	get_param	# deprecated
-	set_param	# deprecated
-}
-
-class db_table
-inherits database
-{
-	use		# deprecated
-	select
-	update
-	insert
-	delete
-	lock
-}
-
-class db_procedure
-inherits database
-{
-	execute
-	entrypoint
-	install
-}
-
-class db_column
-inherits database
-{
-	use		# deprecated
-	select
-	update
-	insert
-}
-
-class db_tuple
-{
-	relabelfrom
-	relabelto
-	use		# deprecated
-	select
-	update
-	insert
-	delete
-}
-
-class db_blob
-inherits database
-{
-	read
-	write
-	import
-	export
-}
-
-# network peer labels
-class peer
-{
-	recv
-}
-
-class x_application_data
-{
-	paste
-	paste_after_confirm
-	copy
-}
-
-class kernel_service
-{
-	use_as_override
-	create_files_as	
-}
-
-class tun_socket
-inherits socket
-
-class x_pointer
-inherits x_device
-
-class x_keyboard
-inherits x_device
diff --git a/policy/flask/flask.py b/policy/flask/flask.py
deleted file mode 100644
index 8b4be50..0000000
--- a/policy/flask/flask.py
+++ /dev/null
@@ -1,536 +0,0 @@
-#!/usr/bin/python -E
-#
-# Author(s):	Caleb Case <ccase@tresys.com>
-#
-# Adapted from the bash/awk scripts mkflask.sh and mkaccess_vector.sh
-#
-
-import getopt
-import os
-import sys
-import re
-
-class ParseError(Exception):
-	def __init__(self, type, file, line):
-		self.type = type
-		self.file = file
-		self.line = line
-	def __str__(self):
-		typeS = self.type
-		if type(self.type) is not str: typeS = Flask.CONSTANT_S[self.type]
-		return "Parse Error: Unexpected %s on line %d of %s." % (typeS, self.line, self.file)
-
-class DuplicateError(Exception):
-	def __init__(self, type, file, line, symbol):
-		self.type = type
-		self.file = file
-		self.line = line
-		self.symbol = symbol
-	def __str__(self):
-		typeS = self.type
-		if type(self.type) is not str: typeS = Flask.CONSTANT_S[self.type]
-		return "Duplicate Error: Duplicate %s '%s' on line %d of %s." % (typeS, self.symbol, self.line, self.file)
-
-class UndefinedError(Exception):
-	def __init__(self, type, file, line, symbol):
-		self.type = type
-		self.file = file
-		self.line = line
-		self.symbol = symbol
-	def __str__(self):
-		typeS = self.type
-		if type(self.type) is not str: typeS = Flask.CONSTANT_S[self.type]
-		return "Undefined Error: %s '%s' is not defined but used on line %d of %s." % (typeS, self.symbol, self.line, self.file)
-
-class UnusedError(Exception):
-	def __init__(self, info):
-		self.info = info
-	def __str__(self):
-		return "Unused Error: %s" % self.info
-
-class Flask:
-	'''
-	FLASK container class with utilities for parsing definition
-	files and creating c header files.
-	'''
-
-	#Constants used in definitions parsing.
-	WHITE    = re.compile(r'^\s*$')
-	COMMENT  = re.compile(r'^\s*#')
-	USERFLAG = re.compile(r'# userspace')
-	CLASS    = re.compile(r'^class (?P<name>\w+)')
-	COMMON   = re.compile(r'^common (?P<name>\w+)')
-	INHERITS = re.compile(r'^inherits (?P<name>\w+)')
-	OPENB    = re.compile(r'^{')
-	VECTOR   = re.compile(r'^\s*(?P<name>\w+)')
-	CLOSEB   = re.compile(r'^}')
-	SID      = re.compile(r'^sid (?P<name>\w+)')
-	EOF      = "end of file"
-
-	#Constants used in header generation.
-	USERSPACE = 0
-	KERNEL    = 1
-
-	CONSTANT_S = { \
-		#parsing constants
-		WHITE    : "whitespace", \
-		COMMENT  : "comment", \
-		USERFLAG : "userspace flag", \
-		CLASS    : "class definition", \
-		COMMON   : "common definition", \
-		INHERITS : "inherits definition", \
-		OPENB    : "'{'", \
-		VECTOR   : "access vector definition", \
-		CLOSEB   : "'}'", \
-		SID      : "security identifier", \
-		EOF      : "end of file", \
-		#generation constants
-		USERSPACE : "userspace mode", \
-		KERNEL    : "kernel mode", \
-	}
-
-	def __init__(self, warn = True):
-		self.WARN = warn
-		self.autogen   = "/* This file is automatically generated.  Do not edit. */\n"
-		self.commons   = []
-		self.user_commons = []
-		self.common    = {}
-		self.classes   = []
-		self.vectors   = []
-		self.vector    = {}
-		self.userspace = {}
-		self.sids      = []
-		self.inherits  = {}
-	
-	def warning(self, msg):
-		'''
-		Prints a warning message out to stderr if warnings are enabled.
-		'''
-		if self.WARN: sys.stderr.write("Warning: %s\n" % msg)
-
-	def parseClasses(self, path):
-		'''
-		Parses security class definitions from the given path.
-		'''
-		classes = []
-		input = open(path, 'r')
-
-		number = 0
-		for line in input:
-			number += 1
-			m = self.COMMENT.search(line)
-			if m: continue
-
-			m = self.WHITE.search(line)
-			if m: continue
-
-			m = self.CLASS.search(line)
-			if m:
-				g = m.groupdict()
-				c = g['name']
-				if c in classes: raise DuplicateError, (self.CLASS, path, number, c)
-				classes.append(c)
-				if self.USERFLAG.search(line):
-					self.userspace[c] = True
-				else:
-					self.userspace[c] = False
-				continue
-
-			raise ParseError, ("data.  Was expecting either a comment, whitespace, or class definition. ", path, number)
-
-		self.classes = classes
-		return classes
-
-	def parseSids(self, path):
-		'''
-		Parses initial SID definitions from the given path.
-		'''
-
-		sids = []
-		input = open(path, 'r')
-		for line in input:
-			m = self.COMMENT.search(line)
-			if m: continue
-
-			m = self.WHITE.search(line)
-			if m: continue
-
-			m = self.SID.search(line)
-			if m:
-				g = m.groupdict()
-				s = g['name']
-				if s in sids: raise DuplicateError, (self.SID, path, number, s)
-				sids.append(s)
-				continue
-			
-			raise ParseError, ("data. Was expecting either a comment, whitespace, or security identifier. ", path, number)
-
-		self.sids = sids
-		return sids
-
-	def parseVectors(self, path):
-		'''
-		Parses access vector definitions from the given path.
-		'''
-		vectors = []
-		vector  = {}
-		commons = []
-		common = {}
-		inherits = {}
-		user_commons = {}
-		input = open(path, 'r')
-
-		# states
-		NONE    = 0
-		COMMON  = 1
-		CLASS   = 2
-		INHERIT = 3
-		OPEN    = 4
-
-		state = NONE
-		state2 = NONE
-		number = 0
-		for line in input:
-			number += 1
-			m = self.COMMENT.search(line)
-			if m: continue
-
-			m = self.WHITE.search(line)
-			if m: 
-				if state == INHERIT:
-					state = NONE
-				continue
-
-			m = self.COMMON.search(line)
-			if m:
-				if state != NONE: raise ParseError, (self.COMMON, path, number)
-				g = m.groupdict()
-				c = g['name']
-				if c in commons: raise DuplicateError, (self.COMMON, path, number, c)
-				commons.append(c)
-				common[c] = []
-				user_commons[c] = True
-				state = COMMON
-				continue
-
-			m = self.CLASS.search(line)
-			if m:
-				if state != NONE: raise ParseError, (self.CLASS, number)
-				g = m.groupdict()
-				c = g['name']
-				if c in vectors: raise DuplicateError, (self.CLASS, path, number, c)
-				if c not in self.classes: raise UndefinedError, (self.CLASS, path, number, c)
-				vectors.append(c)
-				vector[c] = []
-				state = CLASS
-				continue
-			
-			m = self.INHERITS.search(line)
-			if m:
-				if state != CLASS: raise ParseError, (self.INHERITS, number)
-				g = m.groupdict()
-				i = g['name']
-				if c in inherits: raise DuplicateError, (self.INHERITS, path, number, c)
-				if i not in common: raise UndefinedError, (self.COMMON, path, number, i)
-				inherits[c] = i
-				state = INHERIT
-				if not self.userspace[c]: user_commons[i] = False
-				continue
-
-			m = self.OPENB.search(line)
-			if m:
-				if (state != CLASS \
-				and state != INHERIT \
-				and state != COMMON) \
-				or state2 != NONE: 
-					raise ParseError, (self.OPENB, path, number)
-				state2 = OPEN
-				continue
-
-			m = self.VECTOR.search(line)
-			if m:
-				if state2 != OPEN: raise ParseError, (self.VECTOR, path, number)
-				g = m.groupdict()
-				v = g['name']
-				if state == CLASS or state == INHERIT:
-					if v in vector[c]: raise DuplicateError, (self.VECTOR, path, number, v)
-					vector[c].append(v)
-				elif state == COMMON:
-					if v in common[c]: raise DuplicateError, (self.VECTOR, path, number, v)
-					common[c].append(v)
-				continue
-
-			m = self.CLOSEB.search(line)
-			if m:
-				if state2 != OPEN: raise ParseError, (self.CLOSEB, path, number)
-				state = NONE
-				state2 = NONE
-				c = None
-				continue
-			
-			raise ParseError, ("data", path, number)
-
-		if state != NONE and state2 != NONE: raise ParseError, (self.EOF, path, number)
-
-		cvdiff = set(self.classes) - set(vectors)
-		if cvdiff: raise UnusedError, "Not all security classes were used in access vectors: %s" % cvdiff # the inverse of this will be caught as an undefined class error
-
-		self.commons = commons
-		self.user_commons = user_commons
-		self.common = common
-		self.vectors = vectors
-		self.vector = vector
-		self.inherits = inherits
-		return vector
-
-	def createHeaders(self, path, mode = USERSPACE):
-		'''
-		Creates the C header files in the specified MODE and outputs
-		them to give PATH.
-		'''
-		headers = { \
-			'av_inherit.h'            : self.createAvInheritH(mode), \
-			'av_perm_to_string.h'     : self.createAvPermToStringH(mode), \
-			'av_permissions.h'        : self.createAvPermissionsH(mode), \
-			'class_to_string.h'       : self.createClassToStringH(mode), \
-			'common_perm_to_string.h' : self.createCommonPermToStringH(mode), \
-			'flask.h'                 : self.createFlaskH(mode), \
-			'initial_sid_to_string.h' : self.createInitialSidToStringH(mode) \
-		}
-
-		for key, value in headers.items():
-			of = open(os.path.join(path, key), 'w')
-			of.writelines(value)
-			of.close()
-
-	def createUL(self, count):
-		fields = [1, 2, 4, 8]
-		return "0x%08xUL" % (fields[count % 4] << 4 * (count / 4))
-
-	def createAvInheritH(self, mode = USERSPACE):
-		'''
-		'''
-		results = []
-		results.append(self.autogen)
-		for c in self.vectors:
-			if self.inherits.has_key(c):
-				i = self.inherits[c]
-				count = len(self.common[i])
-				if not (mode == self.KERNEL and self.userspace[c]):
-					results.append("   S_(SECCLASS_%s, %s, %s)\n" % (c.upper(), i, self.createUL(count)))
-		return results
-
-	def createAvPermToStringH(self, mode = USERSPACE):
-		'''
-		'''
-		results = []
-		results.append(self.autogen)
-		for c in self.vectors:
-			for p in self.vector[c]:
-				if not (mode == self.KERNEL and self.userspace[c]):
-					results.append("   S_(SECCLASS_%s, %s__%s, \"%s\")\n" % (c.upper(), c.upper(), p.upper(), p))
-
-		return results
-
-	def createAvPermissionsH(self, mode = USERSPACE):
-		'''
-		'''
-		results = []
-		results.append(self.autogen)
-
-		width = 57
-		count = 0
-		for common in self.commons:
-			count = 0
-			shift = 0
-			for p in self.common[common]:
-				if not (mode == self.KERNEL and self.user_commons[common]):
-					columnA = "#define COMMON_%s__%s " % (common.upper(), p.upper())
-					columnA += "".join([" " for i in range(width - len(columnA))])
-					results.append("%s%s\n" % (columnA, self.createUL(count)))
-					count += 1
-
-		width = 50 # broken for old tools whitespace
-		for c in self.vectors:
-			count = 0
-
-			ps = []
-			if self.inherits.has_key(c):
-				ps += self.common[self.inherits[c]]
-			ps += self.vector[c]
-			for p in ps: 
-				columnA = "#define %s__%s " % (c.upper(), p.upper())
-				columnA += "".join([" " for i in range(width - len(columnA))])
-				if not (mode == self.KERNEL and self.userspace[c]):
-					results.append("%s%s\n" % (columnA, self.createUL(count)))
-				count += 1
-
-		return results
-
-	def createClassToStringH(self, mode = USERSPACE):
-		'''
-		'''
-		results = []
-		results.append(self.autogen)
-		results.append("/*\n * Security object class definitions\n */\n")
-
-		if mode == self.KERNEL:
-			results.append("    S_(NULL)\n")
-		else:
-			results.append("    S_(\"null\")\n")
-
-		for c in self.classes:
-			if mode == self.KERNEL and self.userspace[c]:
-				results.append("    S_(NULL)\n")
-			else:
-				results.append("    S_(\"%s\")\n" % c)
-		return results
-
-	def createCommonPermToStringH(self, mode = USERSPACE):
-		'''
-		'''
-		results = []
-		results.append(self.autogen)
-		for common in self.commons:
-			if not (mode == self.KERNEL and self.user_commons[common]):
-				results.append("TB_(common_%s_perm_to_string)\n" % common)
-				for p in self.common[common]:
-					results.append("    S_(\"%s\")\n" % p)
-				results.append("TE_(common_%s_perm_to_string)\n\n" % common)
-		return results
-	
-	def createFlaskH(self, mode = USERSPACE):
-		'''
-		'''
-		results = []
-		results.append(self.autogen)
-		results.append("#ifndef _SELINUX_FLASK_H_\n")
-		results.append("#define _SELINUX_FLASK_H_\n")
-		results.append("\n")
-		results.append("/*\n")
-		results.append(" * Security object class definitions\n")
-		results.append(" */\n")
-
-		count = 0
-		width = 57
-		for c in self.classes:
-			count += 1
-			columnA = "#define SECCLASS_%s " % c.upper()
-			columnA += "".join([" " for i in range(width - len(columnA))])
-			if not (mode == self.KERNEL and self.userspace[c]):
-				results.append("%s%d\n" % (columnA, count))
-
-		results.append("\n")
-		results.append("/*\n")
-		results.append(" * Security identifier indices for initial entities\n")
-		results.append(" */\n")
-		
-		count = 0
-		width = 56 # broken for old tools whitespace
-		for s in self.sids:
-			count += 1
-			columnA = "#define SECINITSID_%s " % s.upper()
-			columnA += "".join([" " for i in range(width - len(columnA))])
-			results.append("%s%d\n" % (columnA, count))
-
-		results.append("\n")
-		columnA = "#define SECINITSID_NUM "
-		columnA += "".join([" " for i in range(width - len(columnA))])
-		results.append("%s%d\n" % (columnA, count))
-
-		results.append("\n")
-		results.append("#endif\n")
-		return results
-
-
-
-	def createInitialSidToStringH(self, mode = USERSPACE):
-		'''
-		'''
-		results = []
-		results.append(self.autogen)
-		results.append("static char *initial_sid_to_string[] =\n")
-		results.append("{\n")
-		results.append("    \"null\",\n")
-		for s in self.sids:
-			results.append("    \"%s\",\n" % s)
-		results.append("};\n")
-		results.append("\n")
-
-		return results
-
-def usage():
-	'''
-	Returns the usage string.
-	'''
-	usage  = 'Usage: %s -a ACCESS_VECTORS -i INITIAL_SIDS -s SECURITY_CLASSES -o OUTPUT_DIRECTORY -k|-u [-w]\n' % os.path.basename(sys.argv[0])
-	usage += '\n'
-	usage += ' -a --access_vectors\taccess vector definitions\n'
-	usage += ' -i --initial_sids\tinitial sid definitions\n'
-	usage += ' -s --security_classes\tsecurity class definitions\n'
-	usage += ' -o --output\toutput directory for generated files\n'
-	usage += ' -k --kernel\toutput mode set to kernel (kernel headers contain empty blocks for all classes specified with # userspace in the security_classes file)\n'
-	usage += ' -u --user\toutput mode set to userspace\n'
-	usage += ' -w --nowarnings\tsupresses output of warning messages\n'
-	return usage
-
-########## MAIN ##########
-if __name__ == '__main__':
-	
-	# Parse command line args
-	try:
-		opts, args = getopt.getopt(sys.argv[1:], 'a:i:s:o:kuwh', ['access_vectors=', 'initial_sids=', 'security_classes=', 'output=', 'kernel', 'user', 'nowarnings', 'help'])
-	except getopt.GetoptError:
-		print(usage())
-		sys.exit(2)
-	
-	avec = None
-	isid = None
-	secc = None
-	outd = None
-	mode = None
-	warn = True
-	for o, a in opts:
-		if o in ('-h', '--help'):
-			print(usage())
-			sys.exit(0)
-		elif o in ('-a', '--access_vectors'):
-			avec = a
-		elif o in ('-i', '--initial_sids'):
-			isid = a
-		elif o in ('-s', '--security_classes'):
-			secc = a
-		elif o in ('-o', '--output'):
-			outd = a
-		elif o in ('-k', '--kernel'):
-			if mode != None:
-				print(usage())
-				sys.exit(2)
-			mode = Flask.KERNEL
-		elif o in ('-u', '--user'):
-			if mode != None:
-				print(usage())
-				sys.exit(2)
-			mode = Flask.USERSPACE
-		elif o in ('-w', '--nowarnings'):
-			warn = False
-		else:
-			print(usage())
-			sys.exit(2)
-
-	if avec == None or \
-	   isid == None or \
-	   secc == None or \
-	   outd == None:
-		   print(usage())
-		   sys.exit(2)
-
-	try:
-		f = Flask(warn)
-		f.parseSids(isid)
-		f.parseClasses(secc)
-		f.parseVectors(avec)
-		f.createHeaders(outd, mode)
-	except Exception, e:
-		print(e)
-		sys.exit(2)
diff --git a/policy/flask/initial_sids b/policy/flask/initial_sids
deleted file mode 100644
index 95894eb..0000000
--- a/policy/flask/initial_sids
+++ /dev/null
@@ -1,35 +0,0 @@
-# FLASK
-
-#
-# Define initial security identifiers 
-#
-
-sid kernel
-sid security
-sid unlabeled
-sid fs
-sid file
-sid file_labels
-sid init
-sid any_socket
-sid port
-sid netif
-sid netmsg
-sid node
-sid igmp_packet
-sid icmp_socket
-sid tcp_socket
-sid sysctl_modprobe
-sid sysctl
-sid sysctl_fs
-sid sysctl_kernel
-sid sysctl_net
-sid sysctl_net_unix
-sid sysctl_vm
-sid sysctl_dev
-sid kmod
-sid policy
-sid scmp_packet
-sid devnull
-
-# FLASK
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
deleted file mode 100644
index fa65db2..0000000
--- a/policy/flask/security_classes
+++ /dev/null
@@ -1,128 +0,0 @@
-# FLASK
-
-#
-# Define the security object classes 
-#
-
-# Classes marked as userspace are classes
-# for userspace object managers
-
-class security
-class process
-class system
-class capability
-
-# file-related classes
-class filesystem
-class file
-class dir
-class fd
-class lnk_file
-class chr_file
-class blk_file
-class sock_file
-class fifo_file
-
-# network-related classes
-class socket
-class tcp_socket
-class udp_socket
-class rawip_socket
-class node
-class netif
-class netlink_socket
-class packet_socket
-class key_socket
-class unix_stream_socket
-class unix_dgram_socket
-
-# sysv-ipc-related classes
-class sem
-class msg
-class msgq
-class shm
-class ipc
-
-#
-# userspace object manager classes
-#
-
-# passwd/chfn/chsh
-class passwd			# userspace
-
-# SE-X Windows stuff (more classes below)
-class x_drawable		# userspace
-class x_screen			# userspace
-class x_gc			# userspace
-class x_font			# userspace
-class x_colormap		# userspace
-class x_property		# userspace
-class x_selection		# userspace
-class x_cursor			# userspace
-class x_client			# userspace
-class x_device			# userspace
-class x_server			# userspace
-class x_extension		# userspace
-
-# extended netlink sockets
-class netlink_route_socket
-class netlink_firewall_socket
-class netlink_tcpdiag_socket
-class netlink_nflog_socket
-class netlink_xfrm_socket
-class netlink_selinux_socket
-class netlink_audit_socket
-class netlink_ip6fw_socket
-class netlink_dnrt_socket
-
-class dbus			# userspace
-class nscd			# userspace
-
-# IPSec association
-class association
-
-# Updated Netlink class for KOBJECT_UEVENT family.
-class netlink_kobject_uevent_socket
-
-class appletalk_socket
-
-class packet
-
-# Kernel access key retention
-class key
-
-class context			# userspace
-
-class dccp_socket
-
-class memprotect
-
-class db_database		# userspace
-class db_table			# userspace
-class db_procedure		# userspace
-class db_column			# userspace
-class db_tuple			# userspace
-class db_blob			# userspace
-
-# network peer labels
-class peer
-
-# Capabilities >= 32
-class capability2
-
-# More SE-X Windows stuff
-class x_resource		# userspace
-class x_event			# userspace
-class x_synthetic_event		# userspace
-class x_application_data	# userspace
-
-# kernel services that need to override task security, e.g. cachefiles
-class kernel_service 
-
-class tun_socket
-
-# Still More SE-X Windows stuff
-class x_pointer			# userspace
-class x_keyboard		# userspace
-
-# FLASK
diff --git a/policy/global_booleans b/policy/global_booleans
deleted file mode 100644
index 111d004..0000000
--- a/policy/global_booleans
+++ /dev/null
@@ -1,30 +0,0 @@
-#
-# This file is for the declaration of global booleans.
-# To change the default value at build time, the booleans.conf
-# file should be used.
-#
-
-## <desc>
-## <p>
-## Enabling secure mode disallows programs, such as
-## newrole, from transitioning to administrative
-## user domains.
-## </p>
-## </desc>
-gen_bool(secure_mode,false)
-
-## <desc>
-## <p>
-## Disable transitions to insmod.
-## </p>
-## </desc>
-gen_bool(secure_mode_insmod,false)
-
-## <desc>
-## <p>
-## boolean to determine whether the system permits loading policy, setting
-## enforcing mode, and changing boolean values.  Set this to true and you
-## have to reboot to set it back
-## </p>
-## </desc>
-gen_bool(secure_mode_policyload,false)
diff --git a/policy/global_tunables b/policy/global_tunables
deleted file mode 100644
index 6e82b1e..0000000
--- a/policy/global_tunables
+++ /dev/null
@@ -1,112 +0,0 @@
-#
-# This file is for the declaration of global tunables.
-# To change the default value at build time, the booleans.conf
-# file should be used.
-#
-
-## <desc>
-## <p>
-## Allow unconfined executables to make their heap memory executable.  Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
-## </p>
-## </desc>
-gen_tunable(allow_execheap,false)
-
-## <desc>
-## <p>
-## Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla
-## </p>
-## </desc>
-gen_tunable(allow_execmem,false)
-
-## <desc>
-## <p>
-## Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t
-## </p>
-## </desc>
-gen_tunable(allow_execmod,false)
-
-## <desc>
-## <p>
-## Allow unconfined executables to make their stack executable.  This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
-## </p>
-## </desc>
-gen_tunable(allow_execstack,false)
-
-## <desc>
-## <p>
-## Enable polyinstantiated directory support.
-## </p>
-## </desc>
-gen_tunable(allow_polyinstantiation,false)
-
-## <desc>
-## <p>
-## Allow system to run with NIS
-## </p>
-## </desc>
-gen_tunable(allow_ypbind,false)
-
-## <desc>
-## <p>
-## Enable reading of urandom for all domains.
-## </p>
-## <p>
-## This should be enabled when all programs
-## are compiled with ProPolice/SSP
-## stack smashing protection.  All domains will
-## be allowed to read from /dev/urandom.
-## </p>
-## </desc>
-gen_tunable(global_ssp,false)
-
-## <desc>
-## <p>
-## Allow any files/directories to be exported read/write via NFS.
-## </p>
-## </desc>
-gen_tunable(nfs_export_all_rw,false)
-
-## <desc>
-## <p>
-## Allow any files/directories to be exported read/only via NFS.
-## </p>
-## </desc>
-gen_tunable(nfs_export_all_ro,false)
-
-## <desc>
-## <p>
-## Support NFS home directories
-## </p>
-## </desc>
-gen_tunable(use_nfs_home_dirs,false)
-
-## <desc>
-## <p>
-## Support SAMBA home directories
-## </p>
-## </desc>
-gen_tunable(use_samba_home_dirs,false)
-
-## <desc>
-## <p>
-## Support fusefs home directories
-## </p>
-## </desc>
-gen_tunable(use_fusefs_home_dirs,false)
-
-## <desc>
-## <p>
-## Allow users to run TCP servers (bind to ports and accept connection from
-## the same domain and outside users)  disabling this forces FTP passive mode
-## and may change other protocols.
-## </p>
-## </desc>
-gen_tunable(user_tcp_server,false)
-
-## <desc>
-## <p>
-## Allow direct login to the console device. Required for System 390
-## </p>
-## </desc>
-gen_tunable(allow_console_login,false)
-
diff --git a/policy/mcs b/policy/mcs
deleted file mode 100644
index 9fef0f8..0000000
--- a/policy/mcs
+++ /dev/null
@@ -1,138 +0,0 @@
-ifdef(`enable_mcs',`
-#
-# Define sensitivities 
-#
-# MCS is single-sensitivity.
-
-gen_sens(1)
-
-#
-# Define the categories
-#
-# Generate declarations
-
-gen_cats(mcs_num_cats)
-
-#
-# Each MCS level specifies a sensitivity and zero or more categories which may
-# be associated with that sensitivity.
-#
-
-gen_levels(1,mcs_num_cats)
-
-#
-# Define the MCS policy
-#
-# mlsconstrain class_set perm_set expression ;
-#
-# mlsvalidatetrans class_set expression ;
-#
-# expression : ( expression )
-#	     | not expression
-#	     | expression and expression
-#	     | expression or expression
-#	     | u1 op u2
-#	     | r1 role_mls_op r2
-#	     | t1 op t2
-#	     | l1 role_mls_op l2
-#	     | l1 role_mls_op h2
-#	     | h1 role_mls_op l2
-#	     | h1 role_mls_op h2
-#	     | l1 role_mls_op h1
-#	     | l2 role_mls_op h2
-#	     | u1 op names
-#	     | u2 op names
-#	     | r1 op names
-#	     | r2 op names
-#	     | t1 op names
-#	     | t2 op names
-#	     | u3 op names (NOTE: this is only available for mlsvalidatetrans)
-#	     | r3 op names (NOTE: this is only available for mlsvalidatetrans)
-#	     | t3 op names (NOTE: this is only available for mlsvalidatetrans)
-#
-# op : == | !=
-# role_mls_op : == | != | eq | dom | domby | incomp
-#
-# names : name | { name_list }
-# name_list : name | name_list name
-#
-
-#
-# MCS policy for the file classes
-#
-# Constrain file access so that the high range of the process dominates
-# the high range of the file.  We use the high range of the process so
-# that processes can always simply run at s0.
-#
-# Note:
-#  - getattr on dirs/files is not constrained.
-#  - /proc/pid operations are not constrained.
-
-mlsconstrain file { read ioctl lock execute execute_no_trans }
-	(( h1 dom h2 ) or ( t1 == mcsreadall ) or ( t2 == domain ));
-
-mlsconstrain file { write setattr append unlink link rename }
-	(( h1 dom h2 ) or ( t1 == mcswriteall ) or ( t2 == domain ));
-
-mlsconstrain dir { search read ioctl lock }
-	(( h1 dom h2 ) or ( t1 == mcsreadall ) or ( t2 == domain ));
-
-mlsconstrain dir { write setattr append unlink link rename add_name remove_name }
-	(( h1 dom h2 ) or ( t1 == mcswriteall ) or ( t2 == domain ));
-
-# New filesystem object labels must be dominated by the relabeling subject
-# clearance, also the objects are single-level.
-mlsconstrain file { create relabelto }
-	(( h1 dom h2 ) and ( l2 eq h2 ));
-
-# new file labels must be dominated by the relabeling subject clearance
-mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file file } { relabelfrom }
-	( h1 dom h2 );
-
-mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file file } { create relabelto }
-	(( h1 dom h2 ) and ( l2 eq h2 ));
-
-mlsconstrain process { transition dyntransition }
-	(( h1 dom h2 ) or ( t1 == mcssetcats ));
-
-mlsconstrain process { ptrace }
-	(( h1 dom h2) or ( t1 == mcsptraceall ));
-
-mlsconstrain process { sigkill sigstop }
-	(( h1 dom h2 ) or ( t1 == mcskillall ));
-
-mlsconstrain process { signal }
-	(( h1 dom h2 ) or ( t1 != mcsuntrustedproc ));
-
-#
-# MCS policy for SELinux-enabled databases
-#
-
-# Any database object must be dominated by the relabeling subject
-# clearance, also the objects are single-level.
-mlsconstrain { db_database db_table db_procedure db_column db_blob } { create relabelto }
-	(( h1 dom h2 ) and ( l2 eq h2 ));
-
-mlsconstrain { db_tuple } { insert relabelto }
-	(( h1 dom h2 ) and ( l2 eq h2 ));
-
-# Access control for any database objects based on MCS rules.
-mlsconstrain db_database { drop getattr setattr relabelfrom access install_module load_module get_param set_param }
-	( h1 dom h2 );
-
-mlsconstrain db_table { drop getattr setattr relabelfrom select update insert delete use lock }
-	( h1 dom h2 );
-
-mlsconstrain db_column { drop getattr setattr relabelfrom select update insert use }
-	( h1 dom h2 );
-
-mlsconstrain db_tuple { relabelfrom select update delete use }
-	( h1 dom h2 );
-
-mlsconstrain db_procedure { drop getattr setattr execute install }
-	( h1 dom h2 );
-
-mlsconstrain db_blob { drop getattr setattr relabelfrom read write import export }
-	( h1 dom h2 );
-
-') dnl end enable_mcs
diff --git a/policy/mls b/policy/mls
deleted file mode 100644
index b9f0a3e..0000000
--- a/policy/mls
+++ /dev/null
@@ -1,830 +0,0 @@
-ifdef(`enable_mls',`
-#
-# Define sensitivities 
-#
-# Domination of sensitivities is in increasin
-# numerical order, with s0 being the lowest
-
-gen_sens(mls_num_sens)
-
-#
-# Define the categories
-#
-# Generate declarations
-
-gen_cats(mls_num_cats)
-
-#
-# Each MLS level specifies a sensitivity and zero or more categories which may
-# be associated with that sensitivity.
-#
-# Generate levels from all sensitivities
-# with all categories
-
-gen_levels(mls_num_sens,mls_num_cats)
-
-#
-# Define the MLS policy
-#
-# mlsconstrain class_set perm_set expression ;
-#
-# mlsvalidatetrans class_set expression ;
-#
-# expression : ( expression )
-#	     | not expression
-#	     | expression and expression
-#	     | expression or expression
-#	     | u1 op u2
-#	     | r1 role_mls_op r2
-#	     | t1 op t2
-#	     | l1 role_mls_op l2
-#	     | l1 role_mls_op h2
-#	     | h1 role_mls_op l2
-#	     | h1 role_mls_op h2
-#	     | l1 role_mls_op h1
-#	     | l2 role_mls_op h2
-#	     | u1 op names
-#	     | u2 op names
-#	     | r1 op names
-#	     | r2 op names
-#	     | t1 op names
-#	     | t2 op names
-#	     | u3 op names (NOTE: this is only available for mlsvalidatetrans)
-#	     | r3 op names (NOTE: this is only available for mlsvalidatetrans)
-#	     | t3 op names (NOTE: this is only available for mlsvalidatetrans)
-#
-# op : == | !=
-# role_mls_op : == | != | eq | dom | domby | incomp
-#
-# names : name | { name_list }
-# name_list : name | name_list name
-#
-
-#
-# MLS policy for the file classes
-#
-
-# make sure these file classes are "single level"
-mlsconstrain { file lnk_file fifo_file } { create relabelto }
-	( l2 eq h2 );
-
-# new file labels must be dominated by the relabeling subjects clearance
-mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } relabelto
-	( h1 dom h2 );
-
-# the file "read" ops (note the check is dominance of the low level)
-mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } { read getattr execute }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsfilereadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsfileread ) or
-	 ( t2 == mlstrustedobject ));
-
-mlsconstrain dir search
-	(( l1 dom l2 ) or
-	 (( t1 == mlsfilereadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsfileread ) or
-	 ( t2 == mlstrustedobject ));
-
-# the "single level" file "write" ops
-mlsconstrain { file lnk_file fifo_file dir chr_file blk_file sock_file } { write create setattr relabelfrom append unlink link rename mounton }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsfilewritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 (( t2 == mlsfilewriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
-	 ( t1 == mlsfilewrite ) or
-	 ( t2 == mlstrustedobject ));
-
-# Directory "write" ops
-mlsconstrain dir { add_name remove_name reparent rmdir }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsfilewriteinrange ) and ( l1 dom l2 ) and ( l1 domby h2 )) or
-	 (( t1 == mlsfilewritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsfilewrite ) or
-	 ( t2 == mlstrustedobject ));
-
-# these access vectors have no MLS restrictions
-# { dir file lnk_file chr_file blk_file sock_file fifo_file } { ioctl lock swapon quotaon }
-#
-# { file chr_file } { execute_no_trans entrypoint execmod }
-
-# the file upgrade/downgrade rule
-mlsvalidatetrans { dir file lnk_file chr_file blk_file sock_file fifo_file }
-	((( l1 eq l2 ) or
-	  (( t3 == mlsfileupgrade ) and ( l1 domby l2 )) or
-	  (( t3 == mlsfiledowngrade ) and ( l1 dom l2 )) or
-	  (( t3 == mlsfiledowngrade ) and ( l1 incomp l2 ))) and
-	 (( h1 eq h2 ) or
-	  (( t3 == mlsfileupgrade ) and ( h1 domby h2 )) or
-	  (( t3 == mlsfiledowngrade ) and ( h1 dom h2 )) or
-	  (( t3 == mlsfiledowngrade ) and ( h1 incomp h2 ))));
-
-# create can also require the upgrade/downgrade checks if the creating process
-# has used setfscreate (note that both the high and low level of the object
-# default to the process sensitivity level)
-mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } create
-	((( l1 eq l2 ) or
-	  (( t1 == mlsfileupgrade ) and ( l1 domby l2 )) or
-	  (( t1 == mlsfiledowngrade ) and ( l1 dom l2 )) or
-	  (( t1 == mlsfiledowngrade ) and ( l1 incomp l2 ))) and
-	 (( l1 eq h2 ) or
-	  (( t1 == mlsfileupgrade ) and ( l1 domby h2 )) or
-	  (( t1 == mlsfiledowngrade ) and ( l1 dom h2 )) or
-	  (( t1 == mlsfiledowngrade ) and ( l1 incomp h2 ))));
-
-
-
-
-#
-# MLS policy for the filesystem class
-#
-
-# new filesystem labels must be dominated by the relabeling subjects clearance
-mlsconstrain filesystem relabelto
-	( h1 dom h2 );
-
-# the filesystem "read" ops (implicit single level)
-mlsconstrain filesystem { getattr quotaget }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsfilereadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsfileread ));
-
-# all the filesystem "write" ops (implicit single level)
-mlsconstrain filesystem { mount remount unmount relabelfrom quotamod }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsfilewritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsfilewrite ));
-
-# these access vectors have no MLS restrictions
-# filesystem { transition associate }
-
-
-
-
-#
-# MLS policy for the socket classes
-#
-
-# new socket labels must be dominated by the relabeling subjects clearance
-mlsconstrain { socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket } relabelto
-	( h1 dom h2 );
-
-# the socket "read+write" ops
-# (Socket FDs are generally bidirectional, equivalent to open(..., O_RDWR),
-# require equal levels for unprivileged subjects, or read *and* write overrides)
-mlsconstrain { socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket } { accept connect }
-	(( l1 eq l2 ) or
-	 (((( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or
-	   ( t1 == mlsnetread )) and
-	  ((( t1 == mlsnetwriteranged ) and ( l1 dom l2 ) and ( l1 domby h2 )) or
-	   (( t1 == mlsnetwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	   ( t1 == mlsnetwrite ))));
-
-
-# the socket "read" ops (note the check is dominance of the low level)
-mlsconstrain { socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket } { read getattr listen accept getopt recv_msg }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsnetread ));
-
-mlsconstrain { netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_xfrm_socket netlink_audit_socket netlink_ip6fw_socket } nlmsg_read
-	(( l1 dom l2 ) or
-	 (( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsnetread ));
-
-# the socket "write" ops
-mlsconstrain { socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket } { write setattr relabelfrom connect setopt shutdown }
-	(( l1 eq l2 ) or 
-	 (( t1 == mlsnetwriteranged ) and ( l1 dom l2 ) and ( l1 domby h2 )) or
-	 (( t1 == mlsnetwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsnetwrite ));
-
-# used by netlabel to restrict normal domains to same level connections
-mlsconstrain { tcp_socket udp_socket rawip_socket } recvfrom
-	(( l1 eq l2 ) or
-	 (( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsnetread ));
-
-# UNIX domain socket ops
-mlsconstrain unix_stream_socket connectto
-	(( l1 eq l2 ) or 
-	 (( t1 == mlsnetwriteranged ) and ( l1 dom l2 ) and ( l1 domby h2 )) or
-	 (( t1 == mlsnetwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsnetwrite ) or
-	 ( t2 == mlstrustedobject ));
-
-mlsconstrain unix_dgram_socket sendto
-	(( l1 eq l2 ) or 
-	 (( t1 == mlsnetwriteranged ) and ( l1 dom l2 ) and ( l1 domby h2 )) or
-	 (( t1 == mlsnetwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsnetwrite ) or
-	 ( t2 == mlstrustedobject ));
-
-# these access vectors have no MLS restrictions
-# { socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket } { ioctl create lock append bind sendto send_msg name_bind }
-#
-# { tcp_socket udp_socket rawip_socket } node_bind
-#
-# { tcp_socket unix_stream_socket } { connectto newconn acceptfrom }
-#
-# tcp_socket name_connect
-#
-# { netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_xfrm_socket netlink_audit_socket netlink_ip6fw_socket } nlmsg_write
-#
-# netlink_audit_socket { nlmsg_relay nlmsg_readpriv }
-#
-# netlink_kobject_uevent_socket *
-#
-
-
-
-
-#
-# MLS policy for the ipc classes
-#
-
-# the ipc "read" ops (implicit single level)
-mlsconstrain { ipc sem msgq shm } { getattr read unix_read }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsipcreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsipcread ));
-
-mlsconstrain msg receive
-	(( l1 dom l2 ) or
-	 (( t1 == mlsipcreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsipcread ));
-
-# the ipc "write" ops (implicit single level)
-mlsconstrain { ipc sem msgq shm } { create destroy setattr write unix_write }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsipcwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsipcwrite ));
-
-mlsconstrain msgq enqueue
-	(( l1 eq l2 ) or
-	 (( t1 == mlsipcwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsipcwrite ));
-
-mlsconstrain shm lock
-	(( l1 eq l2 ) or
-	 (( t1 == mlsipcwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsipcwrite ));
-
-mlsconstrain msg send
-	(( l1 eq l2 ) or
-	 (( t1 == mlsipcwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsipcwrite ));
-
-# these access vectors have no MLS restrictions
-# { ipc sem msgq shm } associate
-
-
-
-
-#
-# MLS policy for the fd class
-#
-
-# No sharing of open file descriptors between levels unless
-# the process type is authorized to use fds created by 
-# other levels (mlsfduse) or the fd type is authorized to
-# shared among levels (mlsfdshare). 
-mlsconstrain fd use (
-	l1 eq l2
-	or t1 == mlsfduse
-	or t2 == mlsfdshare
-);
-
-#
-# MLS policy for the network object classes
-#
-
-# the netif/node "read" ops (implicit single level socket doing the read)
-#                           (note the check is dominance of the low level)
-mlsconstrain { node netif } { tcp_recv udp_recv rawip_recv }
-	(( l1 dom l2 ) or ( t1 == mlsnetrecvall ));
-
-# the netif/node "write" ops (implicit single level socket doing the write)
-mlsconstrain { netif node } { tcp_send udp_send rawip_send }
-	(( l1 eq l2 ) or
-	(( t1 == mlsnetwriteranged ) and ( l1 dom l2 ) and ( l1 domby h2 )));
-
-# these access vectors have no MLS restrictions
-# node enforce_dest
-
-
-
-
-#
-# MLS policy for the network ingress/egress controls
-#
-
-# the netif ingress/egress ops, the ingress permission is a "write" operation
-# because the subject in this particular case is the remote domain which is
-# writing data out the network interface which is acting as the object
-mlsconstrain { netif } { ingress }
-	((( l1 dom l2 ) and ( l1 domby h2 )) or
-	 ( t1 == mlsnetinbound ) or
-	 ( t1 == unlabeled_t ));
-mlsconstrain { netif } { egress }
-	((( l1 dom l2 ) and ( l1 domby h2 )) or
-	 ( t1 == mlsnetoutbound ));
-
-# the node recvfrom/sendto ops, the recvfrom permission is a "write" operation
-# because the subject in this particular case is the remote domain which is
-# writing data out the network node which is acting as the object
-mlsconstrain { node } { recvfrom }
-	((( l1 dom l2 ) and ( l1 domby h2 )) or
-	 ( t1 == mlsnetinbound ) or
-	 ( t1 == unlabeled_t ));
-mlsconstrain { node } { sendto }
-	((( l1 dom l2 ) and ( l1 domby h2 )) or
-	 ( t1 == mlsnetoutbound ));
-
-# the forward ops, the forward_in permission is a "write" operation because the
-# subject in this particular case is the remote domain which is writing data
-# to the network with a secmark label, the object in this case
-mlsconstrain { packet } { forward_in }
-	((( l1 dom l2 ) and ( l1 domby h2 )) or
-	 ( t1 == mlsnetinbound ) or
-	 ( t1 == unlabeled_t ));
-mlsconstrain { packet } { forward_out }
-	((( l1 dom l2 ) and ( l1 domby h2 )) or
-	 ( t1 == mlsnetoutbound ) or
-	 ( t1 == unlabeled_t ));
-
-#
-# MLS policy for the secmark and peer controls
-#
-
-# the peer/packet recv op
-mlsconstrain { peer packet } { recv }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsnetread ));
-
-
-
-
-#
-# MLS policy for the process class
-#
-
-# new process labels must be dominated by the relabeling subjects clearance
-# and sensitivity level changes require privilege
-mlsconstrain process transition
-	(( h1 dom h2 ) and
-	 (( l1 eq l2 ) or ( t1 == mlsprocsetsl ) or
-	  (( t1 == privrangetrans ) and ( t2 == mlsrangetrans ))));
-mlsconstrain process dyntransition
-	(( h1 dom h2 ) and
-	 (( l1 eq l2 ) or ( t1 == mlsprocsetsl )));
-
-# all the process "read" ops
-mlsconstrain process { getsched getsession getpgid getcap getattr ptrace share }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsprocreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsprocread ));
-
-# all the process "write" ops (note the check is equality on the low level)
-mlsconstrain process { sigkill sigstop signal setsched setpgid setcap setexec setfscreate setcurrent ptrace share }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsprocwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsprocwrite ));
-
-# these access vectors have no MLS restrictions
-# process { fork sigchld signull noatsecure siginh setrlimit rlimitinh execmem execstack execheap }
-
-
-
-
-#
-# MLS policy for the security class
-#
-
-# these access vectors have no MLS restrictions
-# security *
-
-
-
-
-#
-# MLS policy for the system class
-#
-
-# these access vectors have no MLS restrictions
-# system *
-
-
-
-
-#
-# MLS policy for the capability class
-#
-
-# these access vectors have no MLS restrictions
-# capability *
-
-
-
-
-#
-# MLS policy for the passwd class
-#
-
-# these access vectors have no MLS restrictions
-# passwd *
-
-
-
-
-#
-# MLS policy for the x_drawable class
-#
-
-# the x_drawable "read" ops (implicit single level)
-mlsconstrain x_drawable { read blend getattr list_child list_property get_property receive }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsxwinread ));
-
-# the x_drawable "write" ops (implicit single level)
-mlsconstrain x_drawable { create destroy write setattr add_child remove_child send manage }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsxwinwrite ));
-
-# No MLS restrictions: x_drawable { show hide override }
-
-
-#
-# MLS policy for the x_gc class
-#
-
-# the x_gc "read" ops (implicit single level)
-mlsconstrain x_gc { getattr use }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsxwinread ));
-
-# the x_gc "write" ops (implicit single level)
-mlsconstrain x_gc { create destroy setattr }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsxwinwrite ));
-
-
-#
-# MLS policy for the x_font class
-#
-
-# the x_font "read" ops (implicit single level)
-mlsconstrain x_font { use }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsxwinread ));
-
-# the x_font "write" ops (implicit single level)
-mlsconstrain x_font { create destroy add_glyph remove_glyph }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsxwinwrite ));
-
-# these access vectors have no MLS restrictions
-# font use
-
-
-#
-# MLS policy for the x_colormap class
-#
-
-# the x_colormap "read" ops (implicit single level)
-mlsconstrain x_colormap { read getattr use }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsxwinreadcolormap ) or
-	 ( t1 == mlsxwinread ));
-
-# the x_colormap "write" ops (implicit single level)
-mlsconstrain x_colormap { create destroy write add_color remove_color install uninstall }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsxwinwritecolormap ) or
-	 ( t1 == mlsxwinwrite ));
-
-
-#
-# MLS policy for the x_property class
-#
-
-# the x_property "read" ops (implicit single level)
-mlsconstrain x_property { read getattr }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsxwinreadproperty ) or
-	 ( t1 == mlsxwinread ));
-
-# the x_property "write" ops (implicit single level)
-mlsconstrain x_property { create destroy write append setattr }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsxwinwriteproperty ) or
-	 ( t1 == mlsxwinwrite ));
-
-
-#
-# MLS policy for the x_selection class
-#
-
-# the x_selection "read" ops (implicit single level)
-mlsconstrain x_selection { read getattr }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsxwinreadselection ) or
-	 ( t1 == mlsxwinread ));
-
-# the x_selection "write" ops (implicit single level)
-mlsconstrain x_selection { write setattr }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsxwinwriteselection ) or
-	 ( t1 == mlsxwinwrite ));
-
-
-#
-# MLS policy for the x_cursor class
-#
-
-# the x_cursor "read" ops (implicit single level)
-mlsconstrain x_cursor { read getattr use }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsxwinread ));
-	
-# the x_cursor "write" ops (implicit single level)
-mlsconstrain x_cursor { create destroy write setattr }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsxwinwrite ));
-
-
-#
-# MLS policy for the x_client class
-#
-
-# the x_client "read" ops (implicit single level)
-mlsconstrain x_client { getattr }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsxwinread ));
-
-# the x_client "write" ops (implicit single level)
-mlsconstrain x_client { destroy setattr manage }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsxwinwrite ));
-
-
-#
-# MLS policy for the x_device class
-#
-
-# the x_device "read" ops (implicit single level)
-mlsconstrain x_device { getattr use read getfocus grab }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsxwinread ));
-
-# the x_device "write" ops (implicit single level)
-mlsconstrain x_device { setattr write setfocus bell force_cursor freeze manage }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsxwinwritexinput ) or
-	 ( t1 == mlsxwinwrite ));
-
-
-#
-# MLS policy for the x_server class
-#
-
-# these access vectors have no MLS restrictions
-# x_server *
-
-
-#
-# MLS policy for the x_extension class
-#
-
-# these access vectors have no MLS restrictions
-# x_extension { query use }
-
-
-#
-# MLS policy for the x_resource class
-#
-
-# the x_resource "read" ops (implicit single level)
-mlsconstrain x_resource { read }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsxwinread ));
-
-# the x_resource "write" ops (implicit single level)
-mlsconstrain x_resource { write }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsxwinwritexinput ) or
-	 ( t1 == mlsxwinwrite ));
-
-
-#
-# MLS policy for the x_event class
-#
-
-# the x_event "read" ops (implicit single level)
-mlsconstrain x_event { receive }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsxwinread ));
-
-# the x_event "write" ops (implicit single level)
-mlsconstrain x_event { send }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 ( t1 == mlsxwinwritexinput ) or
-	 ( t1 == mlsxwinwrite ));
-
-
-#
-# MLS policy for the x_application_data class
-#
-
-# the x_application_data "paste" ops
-mlsconstrain x_application_data { paste }
-	( l1 domby l2 );
-
-# the x_application_data "paste_after_confirm" ops
-mlsconstrain x_application_data { paste_after_confirm }
-	( l1 dom l2 );
-
-
-
-#
-# MLS policy for the dbus class
-#
-
-mlsconstrain dbus { send_msg }
-	(( l1 eq l2 ) or
-	 ( t1 == mlsdbussend ) or
-	 ( t2 == mlsdbusrecv ));
-
-# these access vectors have no MLS restrictions
-# dbus { acquire_svc }
-
-
-
-
-#
-# MLS policy for the nscd class
-#
-
-# these access vectors have no MLS restrictions
-# nscd { getpwd getgrp gethost getstat admin shmempwd shmemgrp shmemhost }
-
-
-
-
-#
-# MLS policy for the association class
-#
-
-mlsconstrain association { recvfrom }
-	((( l1 dom l2 ) and ( l1 domby h2 )) or
-	 (( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsnetread ) or
-	 ( t2 == unlabeled_t ));
-
-mlsconstrain association { sendto }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsnetwriteranged ) and ( l1 dom l2 ) and ( l1 domby h2 )) or
-	 ( t2 == unlabeled_t ));
-
-mlsconstrain association { polmatch }
-	(( l1 dom l2 ) and ( h1 domby h2 ));
-
-
-
-#
-# MLS policy for the context class
-#
-
-mlsconstrain context translate
-	(( h1 dom h2 ) or ( t1 == mlstranslate ));
-
-mlsconstrain context contains
-	( h1 dom h2 );
-
-#
-# MLS policy for database classes
-#
-
-# make sure these database classes are "single level"
-mlsconstrain { db_database db_table db_procedure db_column db_blob } { create relabelto }
-	( l2 eq h2 );
-mlsconstrain { db_tuple } { insert relabelto }
-	( l2 eq h2 );
-
-# new database labels must be dominated by the relabeling subjects clearance
-mlsconstrain { db_database db_table db_procedure db_column db_tuple db_blob } { relabelto }
-	( h1 dom h2 );
-
-# the database "read" ops (note the check is dominance of the low level)
-mlsconstrain { db_database } { getattr access get_param }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsdbread ) or
-	 ( t2 == mlstrustedobject ));
-
-mlsconstrain { db_table } { getattr use select lock }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsdbread ) or
-	 ( t2 == mlstrustedobject ));
-
-mlsconstrain { db_column } { getattr use select }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsdbread ) or
-	 ( t2 == mlstrustedobject ));
-
-mlsconstrain { db_procedure } { getattr execute install }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsdbread ) or
-	 ( t2 == mlstrustedobject ));
-
-mlsconstrain { db_blob } { getattr read export }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsdbread ) or
-	 ( t2 == mlstrustedobject ));
-
-mlsconstrain { db_tuple } { use select }
-	(( l1 dom l2 ) or
-	 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
-	 ( t1 == mlsdbread ) or
-	 ( t2 == mlstrustedobject ));
-
-# the "single level" file "write" ops
-mlsconstrain { db_database } { create drop setattr relabelfrom install_module load_module set_param }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
-	 ( t1 == mlsdbwrite ) or
-	 ( t2 == mlstrustedobject ));
-
-mlsconstrain { db_table } { create drop setattr relabelfrom update insert delete }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
-	 ( t1 == mlsdbwrite ) or
-	 ( t2 == mlstrustedobject ));
-
-mlsconstrain { db_column } { create drop setattr relabelfrom update insert }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
-	 ( t1 == mlsdbwrite ) or
-	 ( t2 == mlstrustedobject ));
-
-mlsconstrain { db_procedure } { create drop setattr relabelfrom }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
-	 ( t1 == mlsdbwrite ) or
-	 ( t2 == mlstrustedobject ));
-
-mlsconstrain { db_blob } { create drop setattr relabelfrom write import }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
-	 ( t1 == mlsdbwrite ) or
-	 ( t2 == mlstrustedobject ));
-
-mlsconstrain { db_tuple } { relabelfrom update insert delete }
-	(( l1 eq l2 ) or
-	 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-	 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
-	 ( t1 == mlsdbwrite ) or
-	 ( t2 == mlstrustedobject ));
-
-# the database upgrade/downgrade rule
-mlsvalidatetrans { db_database db_table db_procedure db_column db_tuple db_blob }
-	((( l1 eq l2 ) or
-	  (( t3 == mlsdbupgrade ) and ( l1 domby l2 )) or
-	  (( t3 == mlsdbdowngrade ) and ( l1 dom l2 )) or
-	  (( t3 == mlsdbdowngrade ) and ( l1 incomp l2 ))) and
-	 (( l1 eq h2 ) or
-	  (( t3 == mlsdbupgrade ) and ( h1 domby h2 )) or
-	  (( t3 == mlsdbdowngrade ) and ( h1 dom h2 )) or
-	  (( t3 == mlsdbdowngrade ) and ( h1 incomp h2 ))));
-
-') dnl end enable_mls
diff --git a/policy/modules/admin/acct.fc b/policy/modules/admin/acct.fc
deleted file mode 100644
index e81367c..0000000
--- a/policy/modules/admin/acct.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-
-/etc/cron\.(daily|monthly)/acct -- gen_context(system_u:object_r:acct_exec_t,s0)
-
-/sbin/accton		--	gen_context(system_u:object_r:acct_exec_t,s0)
-
-/usr/sbin/accton	--	gen_context(system_u:object_r:acct_exec_t,s0)
-
-/var/account(/.*)?		gen_context(system_u:object_r:acct_data_t,s0)
-/var/log/account(/.*)?		gen_context(system_u:object_r:acct_data_t,s0)
diff --git a/policy/modules/admin/acct.if b/policy/modules/admin/acct.if
deleted file mode 100644
index e66c296..0000000
--- a/policy/modules/admin/acct.if
+++ /dev/null
@@ -1,80 +0,0 @@
-## <summary>Berkeley process accounting</summary>
-
-########################################
-## <summary>
-##	Transition to the accounting management domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`acct_domtrans',`
-	gen_require(`
-		type acct_t, acct_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, acct_exec_t, acct_t)
-')
-
-########################################
-## <summary>
-##	Execute accounting management tools in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`acct_exec',`
-	gen_require(`
-		type acct_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, acct_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute accounting management data in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: this is added for logrotate, and does
-# not make sense to me.
-interface(`acct_exec_data',`
-	gen_require(`
-		type acct_data_t;
-	')
-
-	files_search_var($1)
-	can_exec($1, acct_data_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete process accounting data.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`acct_manage_data',`
-	gen_require(`
-		type acct_data_t;
-	')
-
-	files_search_var($1)
-	manage_files_pattern($1, acct_data_t, acct_data_t)
-	manage_lnk_files_pattern($1, acct_data_t, acct_data_t)
-')
diff --git a/policy/modules/admin/acct.te b/policy/modules/admin/acct.te
deleted file mode 100644
index 321798e..0000000
--- a/policy/modules/admin/acct.te
+++ /dev/null
@@ -1,89 +0,0 @@
-policy_module(acct, 1.4.1)
-
-########################################
-#
-# Declarations
-#
-
-type acct_t;
-type acct_exec_t;
-init_system_domain(acct_t, acct_exec_t)
-
-type acct_data_t;
-logging_log_file(acct_data_t)
-
-########################################
-#
-# Local Policy
-#
-
-# gzip needs chown capability for some reason
-allow acct_t self:capability { sys_pacct chown fsetid };
-# not sure why we need kill, the command "last" is reported as using it
-dontaudit acct_t self:capability { kill sys_tty_config };
-
-allow acct_t self:fifo_file rw_fifo_file_perms;
-allow acct_t self:process signal_perms;
-
-manage_files_pattern(acct_t, acct_data_t, acct_data_t)
-manage_lnk_files_pattern(acct_t, acct_data_t, acct_data_t)
-
-can_exec(acct_t, acct_exec_t)
-
-kernel_list_proc(acct_t)
-kernel_read_system_state(acct_t)
-kernel_read_kernel_sysctls(acct_t)
-
-dev_read_sysfs(acct_t)
-# for SSP
-dev_read_urand(acct_t)
-
-fs_search_auto_mountpoints(acct_t)
-fs_getattr_xattr_fs(acct_t)
-
-term_dontaudit_use_console(acct_t)
-term_dontaudit_use_generic_ptys(acct_t)
-
-corecmd_exec_bin(acct_t)
-corecmd_exec_shell(acct_t)
-
-domain_use_interactive_fds(acct_t)
-
-files_read_etc_files(acct_t)
-files_read_etc_runtime_files(acct_t)
-files_list_usr(acct_t)
-# for nscd
-files_dontaudit_search_pids(acct_t)
-
-init_use_fds(acct_t)
-init_use_script_ptys(acct_t)
-init_exec_script_files(acct_t)
-
-logging_send_syslog_msg(acct_t)
-
-miscfiles_read_localization(acct_t)
-
-userdom_dontaudit_use_unpriv_user_fds(acct_t)
-userdom_dontaudit_search_user_home_dirs(acct_t)
-
-optional_policy(`
-	optional_policy(`
-		# for monthly cron job
-		auth_log_filetrans_login_records(acct_t)
-		auth_manage_login_records(acct_t)
-	')
-
-	cron_system_entry(acct_t, acct_exec_t)
-')
-
-optional_policy(`
-	nscd_socket_use(acct_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(acct_t)
-')
-
-optional_policy(`
-	udev_read_db(acct_t)
-')
diff --git a/policy/modules/admin/alsa.fc b/policy/modules/admin/alsa.fc
deleted file mode 100644
index 72a0458..0000000
--- a/policy/modules/admin/alsa.fc
+++ /dev/null
@@ -1,18 +0,0 @@
-HOME_DIR/\.asoundrc	--	gen_context(system_u:object_r:alsa_home_t,s0)
-
-/bin/alsaunmute		--	gen_context(system_u:object_r:alsa_exec_t,s0)
-
-/etc/alsa/asound\.state --	gen_context(system_u:object_r:alsa_etc_rw_t,s0)
-/etc/alsa/pcm(/.*)?		gen_context(system_u:object_r:alsa_etc_rw_t,s0)
-/etc/asound(/.*)?		gen_context(system_u:object_r:alsa_etc_rw_t,s0)
-/etc/asound\.state	--	gen_context(system_u:object_r:alsa_etc_rw_t,s0)
-
-/sbin/alsactl 		--	gen_context(system_u:object_r:alsa_exec_t,s0)
-/sbin/salsa 		--	gen_context(system_u:object_r:alsa_exec_t,s0)
-
-/usr/bin/ainit 		--	gen_context(system_u:object_r:alsa_exec_t,s0)
-
-/usr/share/alsa/alsa\.conf	gen_context(system_u:object_r:alsa_etc_rw_t,s0)
-/usr/share/alsa/pcm(/.*)?	gen_context(system_u:object_r:alsa_etc_rw_t,s0)
-
-/var/lib/alsa(/.*)?		gen_context(system_u:object_r:alsa_var_lib_t,s0)
diff --git a/policy/modules/admin/alsa.if b/policy/modules/admin/alsa.if
deleted file mode 100644
index 20d51d0..0000000
--- a/policy/modules/admin/alsa.if
+++ /dev/null
@@ -1,170 +0,0 @@
-## <summary>Ainit ALSA configuration tool.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run Alsa.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`alsa_domtrans',`
-	gen_require(`
-		type alsa_t, alsa_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, alsa_exec_t, alsa_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run
-##	Alsa, and allow the specified role
-##	the Alsa domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`alsa_run',`
-	gen_require(`
-		type alsa_t;
-	')
-
-	alsa_domtrans($1)
-	role $2 types alsa_t;
-')
-
-########################################
-## <summary>
-##	Read and write Alsa semaphores.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`alsa_rw_semaphores',`
-	gen_require(`
-		type alsa_t;
-	')
-
-	allow $1 alsa_t:sem rw_sem_perms;
-')
-
-########################################
-## <summary>
-##	Read and write Alsa shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`alsa_rw_shared_mem',`
-	gen_require(`
-		type alsa_t;
-	')
-
-	allow $1 alsa_t:shm rw_shm_perms;
-')
-
-########################################
-## <summary>
-##	Read writable Alsa config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`alsa_read_rw_config',`
-	gen_require(`
-		type alsa_etc_rw_t;
-	')
-
-	files_search_etc($1)
-	allow $1 alsa_etc_rw_t:dir list_dir_perms;
-	read_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
-	read_lnk_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
-
-	ifdef(`distro_debian',`
-		files_search_usr($1)
-	')
-')
-
-########################################
-## <summary>
-##	Manage writable Alsa config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`alsa_manage_rw_config',`
-	gen_require(`
-		type alsa_etc_rw_t;
-	')
-
-	files_search_etc($1)
-	allow $1 alsa_etc_rw_t:dir list_dir_perms;
-	manage_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
-	read_lnk_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
-
-	ifdef(`distro_debian',`
-		files_search_usr($1)
-	')
-')
-
-########################################
-## <summary>
-##	Read Alsa home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`alsa_read_home_files',`
-	gen_require(`
-		type alsa_home_t;
-	')
-
-	userdom_search_user_home_dirs($1)
-	allow $1 alsa_home_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Read Alsa lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`alsa_read_lib',`
-	gen_require(`
-		type alsa_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t)
-')
diff --git a/policy/modules/admin/alsa.te b/policy/modules/admin/alsa.te
deleted file mode 100644
index 0f227f1..0000000
--- a/policy/modules/admin/alsa.te
+++ /dev/null
@@ -1,76 +0,0 @@
-policy_module(alsa, 1.9.2)
-
-########################################
-#
-# Declarations
-#
-
-type alsa_t;
-type alsa_exec_t;
-init_system_domain(alsa_t, alsa_exec_t)
-role system_r types alsa_t;
-
-type alsa_etc_rw_t;
-files_type(alsa_etc_rw_t)
-
-type alsa_var_lib_t;
-files_type(alsa_var_lib_t)
-
-type alsa_home_t;
-userdom_user_home_content(alsa_home_t)
-
-########################################
-#
-# Local policy
-#
-
-allow alsa_t self:capability { dac_read_search dac_override setgid setuid ipc_owner };
-dontaudit alsa_t self:capability sys_admin;
-allow alsa_t self:sem create_sem_perms;
-allow alsa_t self:shm create_shm_perms;
-allow alsa_t self:unix_stream_socket create_stream_socket_perms;
-allow alsa_t self:unix_dgram_socket create_socket_perms;
-
-allow alsa_t alsa_home_t:file read_file_perms;
-
-manage_files_pattern(alsa_t, alsa_etc_rw_t, alsa_etc_rw_t)
-manage_lnk_files_pattern(alsa_t, alsa_etc_rw_t, alsa_etc_rw_t)
-files_etc_filetrans(alsa_t, alsa_etc_rw_t, file)
-
-can_exec(alsa_t, alsa_exec_t)
-
-manage_dirs_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t)
-manage_files_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t)
-files_search_var_lib(alsa_t)
-
-kernel_read_system_state(alsa_t)
-
-dev_read_sound(alsa_t)
-dev_write_sound(alsa_t)
-dev_read_sysfs(alsa_t)
-
-corecmd_exec_bin(alsa_t)
-
-files_read_etc_files(alsa_t)
-files_read_usr_files(alsa_t)
-
-term_dontaudit_use_console(alsa_t)
-term_dontaudit_use_generic_ptys(alsa_t)
-term_dontaudit_use_all_ptys(alsa_t)
-
-auth_use_nsswitch(alsa_t)
-
-init_use_fds(alsa_t)
-
-logging_send_syslog_msg(alsa_t)
-
-miscfiles_read_localization(alsa_t)
-
-userdom_manage_unpriv_user_semaphores(alsa_t)
-userdom_manage_unpriv_user_shared_mem(alsa_t)
-userdom_search_user_home_dirs(alsa_t)
-
-optional_policy(`
-	hal_use_fds(alsa_t)
-	hal_write_log(alsa_t)
-')
diff --git a/policy/modules/admin/amanda.fc b/policy/modules/admin/amanda.fc
deleted file mode 100644
index e3e0701..0000000
--- a/policy/modules/admin/amanda.fc
+++ /dev/null
@@ -1,26 +0,0 @@
-/etc/amanda(/.*)?			gen_context(system_u:object_r:amanda_config_t,s0)
-/etc/amanda/.*/tapelist(/.*)?		gen_context(system_u:object_r:amanda_data_t,s0)
-/etc/amandates				gen_context(system_u:object_r:amanda_amandates_t,s0)
-/etc/dumpdates				gen_context(system_u:object_r:amanda_dumpdates_t,s0)
-# empty m4 string so the index macro is not invoked
-/etc/amanda/.*/index`'(/.*)?		gen_context(system_u:object_r:amanda_data_t,s0)
-
-/root/restore			-d	gen_context(system_u:object_r:amanda_recover_dir_t,s0)
-
-/usr/lib(64)?/amanda		-d	gen_context(system_u:object_r:amanda_usr_lib_t,s0)
-/usr/lib(64)?/amanda/.+		--	gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/amandad	--	gen_context(system_u:object_r:amanda_inetd_exec_t,s0)
-/usr/lib(64)?/amanda/amidxtaped	--	gen_context(system_u:object_r:amanda_inetd_exec_t,s0)
-/usr/lib(64)?/amanda/amindexd	--	gen_context(system_u:object_r:amanda_inetd_exec_t,s0)
-
-/usr/sbin/amrecover		--	gen_context(system_u:object_r:amanda_recover_exec_t,s0)
-
-/var/lib/amanda			-d	gen_context(system_u:object_r:amanda_var_lib_t,s0)
-/var/lib/amanda/[^/]+(/.*)?		gen_context(system_u:object_r:amanda_data_t,s0)
-/var/lib/amanda/[^/]*/log(/.*)?		gen_context(system_u:object_r:amanda_log_t,s0)
-/var/lib/amanda/\.amandahosts	--	gen_context(system_u:object_r:amanda_config_t,s0)
-/var/lib/amanda/gnutar-lists(/.*)?	gen_context(system_u:object_r:amanda_gnutarlists_t,s0)
-# the null string in here because index is a m4 builtin function
-/var/lib/amanda/[^/]+/index`'(/.*)?	gen_context(system_u:object_r:amanda_var_lib_t,s0)
-
-/var/log/amanda(/.*)?			gen_context(system_u:object_r:amanda_log_t,s0)
diff --git a/policy/modules/admin/amanda.if b/policy/modules/admin/amanda.if
deleted file mode 100644
index 8498e97..0000000
--- a/policy/modules/admin/amanda.if
+++ /dev/null
@@ -1,161 +0,0 @@
-## <summary>Advanced Maryland Automatic Network Disk Archiver.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run
-##	Amanda recover.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`amanda_domtrans_recover',`
-	gen_require(`
-		type amanda_recover_t, amanda_recover_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, amanda_recover_exec_t, amanda_recover_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run
-##	Amanda recover, and allow the specified
-##	role the Amanda recover domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`amanda_run_recover',`
-	gen_require(`
-		type amanda_recover_t;
-	')
-
-	amanda_domtrans_recover($1)
-	role $2 types amanda_recover_t;
-')
-
-########################################
-## <summary>
-##	Search Amanda library directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amanda_search_lib',`
-	gen_require(`
-		type amanda_usr_lib_t;
-	')
-
-	files_search_usr($1)
-	allow $1 amanda_usr_lib_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read /etc/dumpdates.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`amanda_dontaudit_read_dumpdates',`
-	gen_require(`
-		type amanda_dumpdates_t;
-	')
-
-	dontaudit $1 amanda_dumpdates_t:file { getattr read };
-')
-
-########################################
-## <summary>
-##	Read and write /etc/dumpdates.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amanda_rw_dumpdates_files',`
-	gen_require(`
-		type amanda_dumpdates_t;
-	')
-
-	files_search_etc($1)
-	allow $1 amanda_dumpdates_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Search Amanda library directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amanda_manage_lib',`
-	gen_require(`
-		type amanda_usr_lib_t;
-	')
-
-	files_search_usr($1)
-	allow $1 amanda_usr_lib_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read and append amanda logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amanda_append_log_files',`
-	gen_require(`
-		type amanda_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 amanda_log_t:file { read_file_perms append_file_perms };
-')
-
-#######################################
-## <summary>
-##	Search Amanda var library directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amanda_search_var_lib',`
-	gen_require(`
-		type amanda_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 amanda_var_lib_t:dir search_dir_perms;
-')
diff --git a/policy/modules/admin/amanda.te b/policy/modules/admin/amanda.te
deleted file mode 100644
index a05f32f..0000000
--- a/policy/modules/admin/amanda.te
+++ /dev/null
@@ -1,211 +0,0 @@
-policy_module(amanda, 1.12.1)
-
-#######################################
-#
-# Declarations
-#
-
-type amanda_t;
-type amanda_inetd_exec_t;
-inetd_service_domain(amanda_t, amanda_inetd_exec_t)
-role system_r types amanda_t;
-
-type amanda_exec_t;
-domain_entry_file(amanda_t, amanda_exec_t)
-
-type amanda_log_t;
-logging_log_file(amanda_log_t)
-
-type amanda_config_t;
-files_type(amanda_config_t)
-
-type amanda_usr_lib_t;
-files_type(amanda_usr_lib_t)
-
-type amanda_var_lib_t;
-files_type(amanda_var_lib_t)
-
-type amanda_gnutarlists_t;
-files_type(amanda_gnutarlists_t)
-
-type amanda_tmp_t;
-files_tmp_file(amanda_tmp_t)
-
-type amanda_amandates_t;
-files_type(amanda_amandates_t)
-
-type amanda_dumpdates_t;
-files_type(amanda_dumpdates_t)
-
-type amanda_data_t;
-files_type(amanda_data_t)
-
-type amanda_recover_t;
-type amanda_recover_exec_t;
-application_domain(amanda_recover_t, amanda_recover_exec_t)
-role system_r types amanda_recover_t;
-
-type amanda_recover_dir_t;
-files_type(amanda_recover_dir_t)
-
-optional_policy(`
-	prelink_object_file(amanda_usr_lib_t)
-')
-
-########################################
-#
-# Amanda local policy
-#
-
-allow amanda_t self:capability { chown dac_override setuid kill };
-allow amanda_t self:process { setpgid signal };
-allow amanda_t self:fifo_file rw_fifo_file_perms;
-allow amanda_t self:unix_stream_socket create_stream_socket_perms;
-allow amanda_t self:unix_dgram_socket create_socket_perms;
-allow amanda_t self:tcp_socket create_stream_socket_perms;
-allow amanda_t self:udp_socket create_socket_perms;
-
-allow amanda_t amanda_amandates_t:file rw_file_perms;
-
-allow amanda_t amanda_config_t:file read_file_perms;
-
-manage_dirs_pattern(amanda_t, amanda_data_t, amanda_data_t)
-manage_files_pattern(amanda_t, amanda_data_t, amanda_data_t)
-filetrans_pattern(amanda_t, amanda_config_t, amanda_data_t, { file dir })
-
-allow amanda_t amanda_dumpdates_t:file rw_file_perms;
-
-can_exec(amanda_t, amanda_exec_t)
-can_exec(amanda_t, amanda_inetd_exec_t)
-
-allow amanda_t amanda_gnutarlists_t:dir rw_dir_perms;
-allow amanda_t amanda_gnutarlists_t:file manage_file_perms;
-allow amanda_t amanda_gnutarlists_t:lnk_file manage_lnk_file_perms;
-
-manage_dirs_pattern(amanda_t, amanda_var_lib_t, amanda_var_lib_t)
-manage_files_pattern(amanda_t, amanda_var_lib_t, amanda_var_lib_t)
-
-manage_files_pattern(amanda_t, amanda_log_t, amanda_log_t)
-manage_dirs_pattern(amanda_t, amanda_log_t, amanda_log_t)
-logging_log_filetrans(amanda_t, amanda_log_t, { file dir })
-
-manage_files_pattern(amanda_t, amanda_tmp_t, amanda_tmp_t)
-manage_dirs_pattern(amanda_t, amanda_tmp_t, amanda_tmp_t)
-files_tmp_filetrans(amanda_t, amanda_tmp_t, { file dir })
-
-kernel_read_system_state(amanda_t)
-kernel_read_kernel_sysctls(amanda_t)
-kernel_dontaudit_getattr_unlabeled_files(amanda_t)
-kernel_dontaudit_read_proc_symlinks(amanda_t)
-
-corecmd_exec_shell(amanda_t)
-corecmd_exec_bin(amanda_t)
-
-corenet_all_recvfrom_unlabeled(amanda_t)
-corenet_all_recvfrom_netlabel(amanda_t)
-corenet_tcp_sendrecv_generic_if(amanda_t)
-corenet_udp_sendrecv_generic_if(amanda_t)
-corenet_raw_sendrecv_generic_if(amanda_t)
-corenet_tcp_sendrecv_generic_node(amanda_t)
-corenet_udp_sendrecv_generic_node(amanda_t)
-corenet_raw_sendrecv_generic_node(amanda_t)
-corenet_tcp_sendrecv_all_ports(amanda_t)
-corenet_udp_sendrecv_all_ports(amanda_t)
-corenet_tcp_bind_generic_node(amanda_t)
-corenet_udp_bind_generic_node(amanda_t)
-corenet_tcp_bind_all_rpc_ports(amanda_t)
-corenet_tcp_bind_generic_port(amanda_t)
-corenet_dontaudit_tcp_bind_all_ports(amanda_t)
-
-dev_getattr_all_blk_files(amanda_t)
-dev_getattr_all_chr_files(amanda_t)
-
-files_read_etc_files(amanda_t)
-files_read_etc_runtime_files(amanda_t)
-files_list_all(amanda_t)
-files_read_all_files(amanda_t)
-files_read_all_symlinks(amanda_t)
-files_read_all_blk_files(amanda_t)
-files_read_all_chr_files(amanda_t)
-files_getattr_all_pipes(amanda_t)
-files_getattr_all_sockets(amanda_t)
-
-fs_getattr_xattr_fs(amanda_t)
-fs_list_all(amanda_t)
-
-storage_raw_read_fixed_disk(amanda_t)
-storage_read_tape(amanda_t)
-storage_write_tape(amanda_t)
-
-auth_use_nsswitch(amanda_t)
-auth_read_shadow(amanda_t)
-
-logging_send_syslog_msg(amanda_t)
-
-########################################
-#
-# Amanda recover local policy
-#
-
-allow amanda_recover_t self:capability { fowner fsetid kill setgid setuid chown dac_override };
-allow amanda_recover_t self:process { sigkill sigstop signal };
-allow amanda_recover_t self:fifo_file rw_fifo_file_perms;
-allow amanda_recover_t self:unix_stream_socket { connect create read write };
-allow amanda_recover_t self:tcp_socket create_stream_socket_perms;
-allow amanda_recover_t self:udp_socket create_socket_perms;
-
-manage_files_pattern(amanda_recover_t, amanda_log_t, amanda_log_t)
-manage_lnk_files_pattern(amanda_recover_t, amanda_log_t, amanda_log_t)
-
-manage_dirs_pattern(amanda_recover_t, amanda_recover_dir_t, amanda_recover_dir_t)
-manage_files_pattern(amanda_recover_t, amanda_recover_dir_t, amanda_recover_dir_t)
-manage_lnk_files_pattern(amanda_recover_t, amanda_recover_dir_t, amanda_recover_dir_t)
-manage_fifo_files_pattern(amanda_recover_t, amanda_recover_dir_t, amanda_recover_dir_t)
-manage_sock_files_pattern(amanda_recover_t, amanda_recover_dir_t, amanda_recover_dir_t)
-userdom_user_home_dir_filetrans(amanda_recover_t, amanda_recover_dir_t, { dir file lnk_file sock_file fifo_file })
-
-manage_dirs_pattern(amanda_recover_t, amanda_tmp_t, amanda_tmp_t)
-manage_files_pattern(amanda_recover_t, amanda_tmp_t, amanda_tmp_t)
-manage_lnk_files_pattern(amanda_recover_t, amanda_tmp_t, amanda_tmp_t)
-manage_fifo_files_pattern(amanda_recover_t, amanda_tmp_t, amanda_tmp_t)
-manage_sock_files_pattern(amanda_recover_t, amanda_tmp_t, amanda_tmp_t)
-files_tmp_filetrans(amanda_recover_t, amanda_tmp_t, { dir file lnk_file sock_file fifo_file })
-
-kernel_read_system_state(amanda_recover_t)
-kernel_read_kernel_sysctls(amanda_recover_t)
-
-corecmd_exec_shell(amanda_recover_t)
-corecmd_exec_bin(amanda_recover_t)
-
-corenet_all_recvfrom_unlabeled(amanda_recover_t)
-corenet_all_recvfrom_netlabel(amanda_recover_t)
-corenet_tcp_sendrecv_generic_if(amanda_recover_t)
-corenet_udp_sendrecv_generic_if(amanda_recover_t)
-corenet_tcp_sendrecv_generic_node(amanda_recover_t)
-corenet_udp_sendrecv_generic_node(amanda_recover_t)
-corenet_tcp_sendrecv_all_ports(amanda_recover_t)
-corenet_udp_sendrecv_all_ports(amanda_recover_t)
-corenet_tcp_bind_generic_node(amanda_recover_t)
-corenet_udp_bind_generic_node(amanda_recover_t)
-corenet_tcp_bind_reserved_port(amanda_recover_t)
-corenet_tcp_connect_amanda_port(amanda_recover_t)
-corenet_sendrecv_amanda_client_packets(amanda_recover_t)
-
-domain_use_interactive_fds(amanda_recover_t)
-
-files_read_etc_files(amanda_recover_t)
-files_read_etc_runtime_files(amanda_recover_t)
-files_search_tmp(amanda_recover_t)
-files_search_pids(amanda_recover_t)
-
-auth_use_nsswitch(amanda_recover_t)
-
-fstools_domtrans(amanda_t)
-fstools_signal(amanda_t)
-
-logging_search_logs(amanda_recover_t)
-
-miscfiles_read_localization(amanda_recover_t)
-
-userdom_use_user_terminals(amanda_recover_t)
-userdom_search_user_home_content(amanda_recover_t)
diff --git a/policy/modules/admin/amtu.fc b/policy/modules/admin/amtu.fc
deleted file mode 100644
index d97160e..0000000
--- a/policy/modules/admin/amtu.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/bin/amtu	--	gen_context(system_u:object_r:amtu_exec_t,s0)
diff --git a/policy/modules/admin/amtu.if b/policy/modules/admin/amtu.if
deleted file mode 100644
index be82315..0000000
--- a/policy/modules/admin/amtu.if
+++ /dev/null
@@ -1,46 +0,0 @@
-## <summary>Abstract Machine Test Utility.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run Amtu.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`amtu_domtrans',`
-	gen_require(`
-		type amtu_t, amtu_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, amtu_exec_t, amtu_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run
-##	Amtu, and allow the specified role
-##	the Amtu domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`amtu_run',`
-	gen_require(`
-		type amtu_t;
-	')
-
-	amtu_domtrans($1)
-	role $2 types amtu_t;
-')
diff --git a/policy/modules/admin/amtu.te b/policy/modules/admin/amtu.te
deleted file mode 100644
index 057abb0..0000000
--- a/policy/modules/admin/amtu.te
+++ /dev/null
@@ -1,34 +0,0 @@
-policy_module(amtu, 1.2.0)
-
-########################################
-#
-# Declarations
-#
-
-type amtu_t;
-type amtu_exec_t;
-domain_type(amtu_t)
-domain_entry_file(amtu_t, amtu_exec_t)
-
-########################################
-#
-# amtu local policy
-#
-
-kernel_read_system_state(amtu_t)
-
-files_manage_boot_files(amtu_t)
-files_read_etc_runtime_files(amtu_t)
-files_read_etc_files(amtu_t)
-
-logging_send_audit_msgs(amtu_t)
-
-userdom_use_user_terminals(amtu_t)
-
-optional_policy(`
-	nscd_dontaudit_search_pid(amtu_t)
-')
-
-optional_policy(`
-	seutil_use_newrole_fds(amtu_t)
-')
diff --git a/policy/modules/admin/anaconda.fc b/policy/modules/admin/anaconda.fc
deleted file mode 100644
index b098089..0000000
--- a/policy/modules/admin/anaconda.fc
+++ /dev/null
@@ -1 +0,0 @@
-# No file context specifications.
diff --git a/policy/modules/admin/anaconda.if b/policy/modules/admin/anaconda.if
deleted file mode 100644
index 14a61b7..0000000
--- a/policy/modules/admin/anaconda.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>Anaconda installer.</summary>
diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
deleted file mode 100644
index 9a9526a..0000000
--- a/policy/modules/admin/anaconda.te
+++ /dev/null
@@ -1,60 +0,0 @@
-policy_module(anaconda, 1.5.1)
-
-########################################
-#
-# Declarations
-#
-
-type anaconda_t;
-type anaconda_exec_t;
-domain_type(anaconda_t)
-domain_obj_id_change_exemption(anaconda_t)
-role system_r types anaconda_t;
-
-########################################
-#
-# Local policy
-#
-
-allow anaconda_t self:process execmem;
-
-kernel_domtrans_to(anaconda_t, anaconda_exec_t)
-
-init_domtrans_script(anaconda_t)
-
-libs_domtrans_ldconfig(anaconda_t)
-
-logging_send_syslog_msg(anaconda_t)
-
-modutils_domtrans_insmod(anaconda_t)
-modutils_domtrans_depmod(anaconda_t)
-
-seutil_domtrans_semanage(anaconda_t)
-seutil_domtrans_setsebool(anaconda_t)
-
-userdom_user_home_dir_filetrans_user_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
-
-optional_policy(`
-	kudzu_domtrans(anaconda_t)
-')
-
-optional_policy(`
-	rpm_domtrans(anaconda_t)
-	rpm_domtrans_script(anaconda_t)
-')
-
-optional_policy(`
-	ssh_domtrans_keygen(anaconda_t)
-')
-
-optional_policy(`
-	udev_domtrans(anaconda_t)
-')
-
-optional_policy(`
-	unconfined_domain_noaudit(anaconda_t)
-')
-
-optional_policy(`
-	usermanage_domtrans_admin_passwd(anaconda_t)
-')
diff --git a/policy/modules/admin/apt.fc b/policy/modules/admin/apt.fc
deleted file mode 100644
index e4f4850..0000000
--- a/policy/modules/admin/apt.fc
+++ /dev/null
@@ -1,21 +0,0 @@
-/usr/bin/apt-get		--	gen_context(system_u:object_r:apt_exec_t,s0)
-# apt-shell is redhat specific
-/usr/bin/apt-shell		--	gen_context(system_u:object_r:apt_exec_t,s0)
-# other package managers
-/usr/bin/aptitude		--	gen_context(system_u:object_r:apt_exec_t,s0)
-/usr/sbin/synaptic		--	gen_context(system_u:object_r:apt_exec_t,s0)
-
-# package cache repository
-/var/cache/apt(/.*)?			gen_context(system_u:object_r:apt_var_cache_t,s0)
-
-# package list repository
-/var/lib/apt(/.*)?			gen_context(system_u:object_r:apt_var_lib_t,s0)
-/var/lib/aptitude(/.*)?		gen_context(system_u:object_r:apt_var_lib_t,s0)
-
-# aptitude lock
-/var/lock/aptitude			gen_context(system_u:object_r:apt_lock_t,s0)
-# aptitude log
-/var/log/aptitude			gen_context(system_u:object_r:apt_var_log_t,s0)
-
-# dpkg terminal log
-/var/log/apt(/.*)?			gen_context(system_u:object_r:apt_var_log_t,s0)
diff --git a/policy/modules/admin/apt.if b/policy/modules/admin/apt.if
deleted file mode 100644
index e696b80..0000000
--- a/policy/modules/admin/apt.if
+++ /dev/null
@@ -1,225 +0,0 @@
-## <summary>APT advanced package tool.</summary>
-
-########################################
-## <summary>
-##	Execute apt programs in the apt domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`apt_domtrans',`
-	gen_require(`
-		type apt_t, apt_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, apt_exec_t, apt_t)
-')
-
-########################################
-## <summary>
-##	Execute apt programs in the apt domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the apt domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`apt_run',`
-	gen_require(`
-		type apt_t;
-	')
-
-	apt_domtrans($1)
-	role $2 types apt_t;
-	# TODO: likely have to add dpkg_run here.
-')
-
-########################################
-## <summary>
-##	Inherit and use file descriptors from apt.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apt_use_fds',`
-	gen_require(`
-		type apt_t;
-	')
-
-	allow $1 apt_t:fd use;
-	# TODO: enforce dpkg_use_fd?
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to use file descriptors from apt.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`apt_dontaudit_use_fds',`
-	gen_require(`
-		type apt_t;
-	')
-
-	dontaudit $1 apt_t:fd use;
-')
-
-########################################
-## <summary>
-##	Read from an unnamed apt pipe.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apt_read_pipes',`
-	gen_require(`
-		type apt_t;
-	')
-
-	allow $1 apt_t:fifo_file read_fifo_file_perms;
-	# TODO: enforce dpkg_read_pipes?
-')
-
-########################################
-## <summary>
-##	Read and write an unnamed apt pipe.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apt_rw_pipes',`
-	gen_require(`
-		type apt_t;
-	')
-
-	allow $1 apt_t:fifo_file rw_file_perms;
-	# TODO: enforce dpkg_rw_pipes?
-')
-
-########################################
-## <summary>
-##	Read from and write to apt ptys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apt_use_ptys',`
-	gen_require(`
-		type apt_devpts_t;
-	')
-
-	allow $1 apt_devpts_t:chr_file rw_term_perms;
-')
-
-########################################
-## <summary>
-##	Read the apt package cache.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apt_read_cache',`
-	gen_require(`
-		type apt_var_cache_t;
-	')
-
-	files_search_var($1)
-	allow $1 apt_var_cache_t:dir list_dir_perms;
-	dontaudit $1 apt_var_cache_t:dir write;
-	allow $1 apt_var_cache_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Read the apt package database.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apt_read_db',`
-	gen_require(`
-		type apt_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 apt_var_lib_t:dir list_dir_perms;
-	read_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
-	read_lnk_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete the apt package database.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apt_manage_db',`
-	gen_require(`
-		type apt_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
-	# cjp: shouldnt this be manage_lnk_files?
-	rw_lnk_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
-	delete_lnk_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to create, read, 
-##	write, and delete the apt package database.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`apt_dontaudit_manage_db',`
-	gen_require(`
-		type apt_var_lib_t;
-	')
-
-	dontaudit $1 apt_var_lib_t:dir rw_dir_perms;
-	dontaudit $1 apt_var_lib_t:file manage_file_perms;
-	dontaudit $1 apt_var_lib_t:lnk_file manage_lnk_file_perms;
-')
diff --git a/policy/modules/admin/apt.te b/policy/modules/admin/apt.te
deleted file mode 100644
index 4044710..0000000
--- a/policy/modules/admin/apt.te
+++ /dev/null
@@ -1,162 +0,0 @@
-policy_module(apt, 1.6.0)
-
-########################################
-#
-# Declarations
-#
-
-type apt_t;
-type apt_exec_t;
-init_system_domain(apt_t, apt_exec_t)
-domain_system_change_exemption(apt_t)
-role system_r types apt_t;
-
-# pseudo terminal for running dpkg
-type apt_devpts_t;
-term_pty(apt_devpts_t)
-
-# aptitude lock file
-type apt_lock_t;
-files_lock_file(apt_lock_t)
-
-type apt_tmp_t;
-files_tmp_file(apt_tmp_t)
-
-type apt_tmpfs_t;
-files_tmpfs_file(apt_tmpfs_t)
-
-# package cache
-type apt_var_cache_t alias var_cache_apt_t;
-files_type(apt_var_cache_t)
-
-# status files
-type apt_var_lib_t alias var_lib_apt_t;
-files_type(apt_var_lib_t)
-
-# aptitude log file
-type apt_var_log_t;
-logging_log_file(apt_var_log_t)
-
-########################################
-#
-# apt Local policy
-#
-
-allow apt_t self:capability { chown dac_override fowner fsetid };
-allow apt_t self:process { signal setpgid fork };
-allow apt_t self:fd use;
-allow apt_t self:fifo_file rw_fifo_file_perms;
-allow apt_t self:unix_dgram_socket create_socket_perms;
-allow apt_t self:unix_stream_socket rw_stream_socket_perms;
-allow apt_t self:unix_dgram_socket sendto;
-allow apt_t self:unix_stream_socket connectto;
-allow apt_t self:udp_socket { connect create_socket_perms };
-allow apt_t self:tcp_socket create_stream_socket_perms;
-allow apt_t self:shm create_shm_perms;
-allow apt_t self:sem create_sem_perms;
-allow apt_t self:msgq create_msgq_perms;
-allow apt_t self:msg { send receive };
-# Run update
-allow apt_t self:netlink_route_socket r_netlink_socket_perms;
-
-# lock files
-allow apt_t apt_lock_t:dir manage_dir_perms;
-allow apt_t apt_lock_t:file manage_file_perms;
-files_lock_filetrans(apt_t, apt_lock_t, {dir file})
-
-manage_dirs_pattern(apt_t, apt_tmp_t, apt_tmp_t)
-manage_files_pattern(apt_t, apt_tmp_t, apt_tmp_t)
-files_tmp_filetrans(apt_t, apt_tmp_t, { file dir })
-
-manage_dirs_pattern(apt_t, apt_tmpfs_t, apt_tmpfs_t)
-manage_files_pattern(apt_t, apt_tmpfs_t, apt_tmpfs_t)
-manage_lnk_files_pattern(apt_t, apt_tmpfs_t, apt_tmpfs_t)
-manage_fifo_files_pattern(apt_t, apt_tmpfs_t, apt_tmpfs_t)
-manage_sock_files_pattern(apt_t, apt_tmpfs_t, apt_tmpfs_t)
-fs_tmpfs_filetrans(apt_t, apt_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-# Access /var/cache/apt files
-manage_files_pattern(apt_t, apt_var_cache_t, apt_var_cache_t)
-files_var_filetrans(apt_t, apt_var_cache_t, dir)
-
-# Access /var/lib/apt files
-manage_files_pattern(apt_t, apt_var_lib_t, apt_var_lib_t)
-files_var_lib_filetrans(apt_t, apt_var_lib_t, dir)
-
-# log files
-allow apt_t apt_var_log_t:file manage_file_perms;
-logging_log_filetrans(apt_t, apt_var_log_t, file)
-
-kernel_read_system_state(apt_t)
-kernel_read_kernel_sysctls(apt_t)
-
-# to launch dpkg-preconfigure
-corecmd_exec_bin(apt_t)
-corecmd_exec_shell(apt_t)
-
-corenet_all_recvfrom_unlabeled(apt_t)
-corenet_all_recvfrom_netlabel(apt_t)
-corenet_tcp_sendrecv_generic_if(apt_t)
-corenet_udp_sendrecv_generic_if(apt_t)
-corenet_tcp_sendrecv_generic_node(apt_t)
-corenet_udp_sendrecv_generic_node(apt_t)
-corenet_tcp_sendrecv_all_ports(apt_t)
-corenet_udp_sendrecv_all_ports(apt_t)
-# TODO: really allow all these?
-corenet_tcp_bind_generic_node(apt_t)
-corenet_udp_bind_generic_node(apt_t)
-corenet_tcp_connect_all_ports(apt_t)
-corenet_sendrecv_all_client_packets(apt_t)
-
-dev_read_urand(apt_t)
-
-domain_getattr_all_domains(apt_t)
-domain_use_interactive_fds(apt_t)
-
-files_exec_usr_files(apt_t)
-files_read_etc_files(apt_t)
-files_read_etc_runtime_files(apt_t)
-
-fs_getattr_all_fs(apt_t)
-
-term_create_pty(apt_t, apt_devpts_t)
-term_list_ptys(apt_t)
-term_use_all_terms(apt_t)
-
-libs_exec_ld_so(apt_t)
-libs_exec_lib_files(apt_t)
-
-logging_send_syslog_msg(apt_t)
-
-miscfiles_read_localization(apt_t)
-
-seutil_use_newrole_fds(apt_t)
-
-sysnet_read_config(apt_t)
-
-userdom_use_user_terminals(apt_t)
-
-# with boolean, for cron-apt and such?
-#optional_policy(`
-#	cron_system_entry(apt_t,apt_exec_t)
-#')
-
-optional_policy(`
-	# dpkg interaction
-	dpkg_read_db(apt_t)
-	dpkg_domtrans(apt_t)
-	dpkg_lock_db(apt_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(apt_t)
-')
-
-optional_policy(`
-	rpm_read_db(apt_t)
-	rpm_domtrans(apt_t)
-')
-
-optional_policy(`
-	unconfined_domain(apt_t)
-')
diff --git a/policy/modules/admin/backup.fc b/policy/modules/admin/backup.fc
deleted file mode 100644
index 223b7f2..0000000
--- a/policy/modules/admin/backup.fc
+++ /dev/null
@@ -1,13 +0,0 @@
-# backup
-# label programs that do backups to other files on disk (IE a cron job that
-# calls tar) in backup_exec_t and label the directory for storing them as
-# backup_store_t, Debian uses /var/backups
-
-#/usr/local/bin/backup-script	--	gen_context(system_u:object_r:backup_exec_t,s0)
-
-ifdef(`distro_debian',`
-/etc/cron.daily/aptitude	--	gen_context(system_u:object_r:backup_exec_t,s0)
-/etc/cron.daily/standard	--	gen_context(system_u:object_r:backup_exec_t,s0)
-')
-
-/var/backups(/.*)?			gen_context(system_u:object_r:backup_store_t,s0)
diff --git a/policy/modules/admin/backup.if b/policy/modules/admin/backup.if
deleted file mode 100644
index 1017b7a..0000000
--- a/policy/modules/admin/backup.if
+++ /dev/null
@@ -1,45 +0,0 @@
-## <summary>System backup scripts</summary>
-
-########################################
-## <summary>
-##	Execute backup in the backup domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`backup_domtrans',`
-	gen_require(`
-		type backup_t, backup_exec_t;
-	')
-
-	domtrans_pattern($1, backup_exec_t, backup_t)
-')
-
-########################################
-## <summary>
-##	Execute backup in the backup domain, and
-##	allow the specified role the backup domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`backup_run',`
-	gen_require(`
-		type backup_t;
-	')
-
-	backup_domtrans($1)
-	role $2 types backup_t;
-')
diff --git a/policy/modules/admin/backup.te b/policy/modules/admin/backup.te
deleted file mode 100644
index 0bfc958..0000000
--- a/policy/modules/admin/backup.te
+++ /dev/null
@@ -1,85 +0,0 @@
-policy_module(backup, 1.5.0)
-
-########################################
-#
-# Declarations
-#
-
-type backup_t;
-type backup_exec_t;
-domain_type(backup_t)
-domain_entry_file(backup_t, backup_exec_t)
-role system_r types backup_t;
-
-type backup_store_t;
-files_type(backup_store_t)
-
-########################################
-#
-# Local policy
-#
-
-allow backup_t self:capability dac_override;
-allow backup_t self:process signal;
-allow backup_t self:fifo_file rw_fifo_file_perms;
-allow backup_t self:tcp_socket create_socket_perms;
-allow backup_t self:udp_socket create_socket_perms;
-
-allow backup_t backup_store_t:file setattr;
-manage_files_pattern(backup_t, backup_store_t, backup_store_t)
-rw_files_pattern(backup_t, backup_store_t, backup_store_t)
-read_lnk_files_pattern(backup_t, backup_store_t, backup_store_t)
-
-kernel_read_system_state(backup_t)
-kernel_read_kernel_sysctls(backup_t)
-
-corecmd_exec_bin(backup_t)
-corecmd_exec_shell(backup_t)
-
-corenet_all_recvfrom_unlabeled(backup_t)
-corenet_all_recvfrom_netlabel(backup_t)
-corenet_tcp_sendrecv_generic_if(backup_t)
-corenet_udp_sendrecv_generic_if(backup_t)
-corenet_raw_sendrecv_generic_if(backup_t)
-corenet_tcp_sendrecv_generic_node(backup_t)
-corenet_udp_sendrecv_generic_node(backup_t)
-corenet_raw_sendrecv_generic_node(backup_t)
-corenet_tcp_sendrecv_all_ports(backup_t)
-corenet_udp_sendrecv_all_ports(backup_t)
-corenet_tcp_connect_all_ports(backup_t)
-corenet_sendrecv_all_client_packets(backup_t)
-
-dev_getattr_all_blk_files(backup_t)
-dev_getattr_all_chr_files(backup_t)
-# for SSP
-dev_read_urand(backup_t)
-
-domain_use_interactive_fds(backup_t)
-
-files_read_all_files(backup_t)
-files_read_all_symlinks(backup_t)
-files_getattr_all_pipes(backup_t)
-files_getattr_all_sockets(backup_t)
-
-fs_getattr_xattr_fs(backup_t)
-fs_list_all(backup_t)
-
-auth_read_shadow(backup_t)
-
-logging_send_syslog_msg(backup_t)
-
-sysnet_read_config(backup_t)
-
-userdom_use_user_terminals(backup_t)
-
-optional_policy(`
-	cron_system_entry(backup_t, backup_exec_t)
-')
-
-optional_policy(`
-	hostname_exec(backup_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(backup_t)
-')
diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc
deleted file mode 100644
index 7a6f06f..0000000
--- a/policy/modules/admin/bootloader.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-
-/etc/lilo\.conf.*	--	gen_context(system_u:object_r:bootloader_etc_t,s0)
-/etc/yaboot\.conf.*	--	gen_context(system_u:object_r:bootloader_etc_t,s0)
-
-/sbin/grub		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
-/sbin/lilo.*		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
-/sbin/ybin.*		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
-
-/usr/sbin/grub		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
diff --git a/policy/modules/admin/bootloader.if b/policy/modules/admin/bootloader.if
deleted file mode 100644
index ebe8570..0000000
--- a/policy/modules/admin/bootloader.if
+++ /dev/null
@@ -1,129 +0,0 @@
-## <summary>Policy for the kernel modules, kernel image, and bootloader.</summary>
-
-########################################
-## <summary>
-##	Execute bootloader in the bootloader domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`bootloader_domtrans',`
-	gen_require(`
-		type bootloader_t, bootloader_exec_t;
-	')
-
-	domtrans_pattern($1, bootloader_exec_t, bootloader_t)
-')
-
-########################################
-## <summary>
-##	Execute bootloader interactively and do
-##	a domain transition to the bootloader domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`bootloader_run',`
-	gen_require(`
-		type bootloader_t;
-	')
-
-	bootloader_domtrans($1)
-
-	role $2 types bootloader_t;
-
-	ifdef(`distro_redhat',`
-		# for mke2fs
-		mount_run(bootloader_t, $2)
-	')
-')
-
-########################################
-## <summary>
-##	Read the bootloader configuration file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bootloader_read_config',`
-	gen_require(`
-		type bootloader_etc_t;
-	')
-
-	allow $1 bootloader_etc_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write the bootloader
-##	configuration file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`bootloader_rw_config',`
-	gen_require(`
-		type bootloader_etc_t;
-	')
-
-	allow $1 bootloader_etc_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write the bootloader
-##	temporary data in /tmp.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bootloader_rw_tmp_files',`
-	gen_require(`
-		type bootloader_tmp_t;
-	')
-
-	# FIXME: read tmp_t dir
-	allow $1 bootloader_tmp_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write the bootloader
-##	temporary data in /tmp.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bootloader_create_runtime_file',`
-	gen_require(`
-		type boot_runtime_t;
-	')
-
-	allow $1 boot_runtime_t:file { create_file_perms rw_file_perms };
-	files_boot_filetrans($1, boot_runtime_t, file)
-')
diff --git a/policy/modules/admin/bootloader.te b/policy/modules/admin/bootloader.te
deleted file mode 100644
index a9bc854..0000000
--- a/policy/modules/admin/bootloader.te
+++ /dev/null
@@ -1,215 +0,0 @@
-policy_module(bootloader, 1.11.0)
-
-########################################
-#
-# Declarations
-#
-
-#
-# boot_runtime_t is the type for /boot/kernel.h,
-# which is automatically generated at boot time.
-# only for Red Hat
-#
-type boot_runtime_t;
-files_type(boot_runtime_t)
-
-type bootloader_t;
-type bootloader_exec_t;
-application_domain(bootloader_t, bootloader_exec_t)
-role system_r types bootloader_t;
-
-#
-# bootloader_etc_t is the configuration file,
-# grub.conf, lilo.conf, etc.
-#
-type bootloader_etc_t alias etc_bootloader_t;
-files_type(bootloader_etc_t)
-
-#
-# The temp file is used for initrd creation;
-# it consists of files and device nodes
-#
-type bootloader_tmp_t;
-files_tmp_file(bootloader_tmp_t)
-dev_node(bootloader_tmp_t)
-
-#
-# /var/log/ksyms
-# cjp: this probably can be removed, I do not
-# think it is used on 2.6 kernels
-type var_log_ksyms_t;
-logging_log_file(var_log_ksyms_t)
-
-########################################
-#
-# bootloader local policy
-#
-
-allow bootloader_t self:capability { dac_override dac_read_search fsetid sys_rawio sys_admin mknod chown };
-allow bootloader_t self:process { sigkill sigstop signull signal execmem };
-allow bootloader_t self:fifo_file rw_fifo_file_perms;
-
-allow bootloader_t bootloader_etc_t:file read_file_perms;
-# uncomment the following lines if you use "lilo -p"
-#allow bootloader_t bootloader_etc_t:file manage_file_perms;
-#files_etc_filetrans(bootloader_t,bootloader_etc_t,file)
-
-manage_dirs_pattern(bootloader_t, bootloader_tmp_t, bootloader_tmp_t)
-manage_files_pattern(bootloader_t, bootloader_tmp_t, bootloader_tmp_t)
-manage_lnk_files_pattern(bootloader_t, bootloader_tmp_t, bootloader_tmp_t)
-manage_blk_files_pattern(bootloader_t, bootloader_tmp_t, bootloader_tmp_t)
-manage_chr_files_pattern(bootloader_t, bootloader_tmp_t, bootloader_tmp_t)
-files_tmp_filetrans(bootloader_t, bootloader_tmp_t, { dir file lnk_file chr_file blk_file })
-# for tune2fs (cjp: ?)
-files_root_filetrans(bootloader_t, bootloader_tmp_t, file)
-
-kernel_getattr_core_if(bootloader_t)
-kernel_read_network_state(bootloader_t)
-kernel_read_system_state(bootloader_t)
-kernel_read_software_raid_state(bootloader_t)
-kernel_read_kernel_sysctls(bootloader_t)
-
-storage_raw_read_fixed_disk(bootloader_t)
-storage_raw_write_fixed_disk(bootloader_t)
-storage_raw_read_removable_device(bootloader_t)
-storage_raw_write_removable_device(bootloader_t)
-
-dev_getattr_all_chr_files(bootloader_t)
-dev_getattr_all_blk_files(bootloader_t)
-dev_dontaudit_rw_generic_dev_nodes(bootloader_t)
-dev_read_rand(bootloader_t)
-dev_read_urand(bootloader_t)
-dev_read_sysfs(bootloader_t)
-# needed on some hardware
-dev_rw_nvram(bootloader_t)
-
-fs_getattr_xattr_fs(bootloader_t)
-fs_getattr_tmpfs(bootloader_t)
-fs_read_tmpfs_symlinks(bootloader_t)
-#Needed for ia64
-fs_manage_dos_files(bootloader_t)
-
-mls_file_read_all_levels(bootloader_t)
-mls_file_write_all_levels(bootloader_t)
-
-term_getattr_all_ttys(bootloader_t)
-term_dontaudit_manage_pty_dirs(bootloader_t)
-
-corecmd_exec_all_executables(bootloader_t)
-
-domain_use_interactive_fds(bootloader_t)
-
-files_create_boot_dirs(bootloader_t)
-files_manage_boot_files(bootloader_t)
-files_manage_boot_symlinks(bootloader_t)
-files_read_etc_files(bootloader_t)
-files_exec_etc_files(bootloader_t)
-files_read_usr_src_files(bootloader_t)
-files_read_usr_files(bootloader_t)
-files_read_var_files(bootloader_t)
-files_read_kernel_modules(bootloader_t)
-# for nscd
-files_dontaudit_search_pids(bootloader_t)
-# for blkid.tab
-files_manage_etc_runtime_files(bootloader_t)
-files_etc_filetrans_etc_runtime(bootloader_t, file)
-files_dontaudit_search_home(bootloader_t)
-
-init_getattr_initctl(bootloader_t)
-init_use_script_ptys(bootloader_t)
-init_use_script_fds(bootloader_t)
-init_rw_script_pipes(bootloader_t)
-
-libs_read_lib_files(bootloader_t)
-libs_exec_lib_files(bootloader_t)
-
-logging_send_syslog_msg(bootloader_t)
-logging_rw_generic_logs(bootloader_t)
-
-miscfiles_read_localization(bootloader_t)
-
-modutils_domtrans_insmod_uncond(bootloader_t)
-
-seutil_read_bin_policy(bootloader_t)
-seutil_read_loadpolicy(bootloader_t)
-seutil_dontaudit_search_config(bootloader_t)
-
-userdom_use_user_terminals(bootloader_t)
-userdom_dontaudit_search_user_home_dirs(bootloader_t)
-
-ifdef(`distro_debian',`
-	allow bootloader_t bootloader_tmp_t:{ dir file } { relabelfrom relabelto };
-	fs_list_tmpfs(bootloader_t)
-
-	files_relabel_kernel_modules(bootloader_t)
-	files_relabelfrom_boot_files(bootloader_t)
-	files_delete_kernel_modules(bootloader_t)
-	files_relabelto_usr_files(bootloader_t)
-	files_search_var_lib(bootloader_t)
-	# for /usr/share/initrd-tools/scripts
-	files_exec_usr_files(bootloader_t)
-
-	fstools_manage_entry_files(bootloader_t)
-	fstools_relabelto_entry_files(bootloader_t)
-
-	libs_relabelto_lib_files(bootloader_t)
-')
-
-ifdef(`distro_redhat',`
-	# for memlock
-	allow bootloader_t self:capability ipc_lock;
-
-	# new file system defaults to file_t, granting file_t access is still bad.
-	allow bootloader_t boot_runtime_t:file { read_file_perms unlink };
-
-	# new file system defaults to file_t, granting file_t access is still bad.
-	files_manage_isid_type_dirs(bootloader_t)
-	files_manage_isid_type_files(bootloader_t)
-	files_manage_isid_type_symlinks(bootloader_t)
-	files_manage_isid_type_blk_files(bootloader_t)
-	files_manage_isid_type_chr_files(bootloader_t)
-
-	# for mke2fs
-	mount_domtrans(bootloader_t)
-
-	optional_policy(`
-		unconfined_domain(bootloader_t)
-	')
-')
-
-optional_policy(`
-	fstools_exec(bootloader_t)
-')
-
-optional_policy(`
-	hal_dontaudit_append_lib_files(bootloader_t)
-	hal_write_log(bootloader_t)
-')
-
-optional_policy(`
-	kudzu_domtrans(bootloader_t)
-')
-
-optional_policy(`
-	dev_rw_lvm_control(bootloader_t)
-
-	lvm_domtrans(bootloader_t)
-	lvm_read_config(bootloader_t)
-')
-
-optional_policy(`
-	modutils_exec_insmod(bootloader_t)
-	modutils_read_module_deps(bootloader_t)
-	modutils_read_module_config(bootloader_t)
-	modutils_exec_insmod(bootloader_t)
-	modutils_exec_depmod(bootloader_t)
-	modutils_exec_update_mods(bootloader_t)
-')
-
-optional_policy(`
-	nscd_socket_use(bootloader_t)
-')
-
-optional_policy(`
-	rpm_rw_pipes(bootloader_t)
-')
diff --git a/policy/modules/admin/brctl.fc b/policy/modules/admin/brctl.fc
deleted file mode 100644
index 642f67e..0000000
--- a/policy/modules/admin/brctl.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/sbin/brctl		--	gen_context(system_u:object_r:brctl_exec_t,s0)
diff --git a/policy/modules/admin/brctl.if b/policy/modules/admin/brctl.if
deleted file mode 100644
index fdb453c..0000000
--- a/policy/modules/admin/brctl.if
+++ /dev/null
@@ -1,38 +0,0 @@
-## <summary>Utilities for configuring the linux ethernet bridge</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run brctl.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`brctl_domtrans',`
-	gen_require(`
-		type brctl_t, brctl_exec_t;
-	')
-
-	domtrans_pattern($1, brctl_exec_t, brctl_t)
-')
-
-#####################################
-## <summary>
-##      Execute brctl in the brctl domain.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`brctl_run',`
-        gen_require(`
-                type brctl_t, brctl_exec_t;
-        ')
-
-        brctl_domtrans($1)
-        role $2 types brctl_t;
-')
diff --git a/policy/modules/admin/brctl.te b/policy/modules/admin/brctl.te
deleted file mode 100644
index 0ff3679..0000000
--- a/policy/modules/admin/brctl.te
+++ /dev/null
@@ -1,45 +0,0 @@
-policy_module(brctl, 1.5.0)
-
-########################################
-#
-# Declarations
-#
-
-type brctl_t;
-type brctl_exec_t;
-domain_type(brctl_t)
-init_system_domain(brctl_t, brctl_exec_t)
-
-########################################
-#
-# brctl local policy
-#
-
-allow brctl_t self:capability net_admin;
-allow brctl_t self:fifo_file rw_file_perms;
-allow brctl_t self:unix_stream_socket create_stream_socket_perms;
-allow brctl_t self:unix_dgram_socket create_socket_perms;
-allow brctl_t self:tcp_socket create_socket_perms;
-
-kernel_request_load_module(brctl_t)
-kernel_read_network_state(brctl_t)
-kernel_read_sysctl(brctl_t)
-
-corenet_rw_tun_tap_dev(brctl_t)
-
-dev_rw_sysfs(brctl_t)
-dev_write_sysfs_dirs(brctl_t)
-
-# Init script handling
-domain_use_interactive_fds(brctl_t)
-
-files_read_etc_files(brctl_t)
-
-term_dontaudit_use_console(brctl_t)
-
-miscfiles_read_localization(brctl_t)
-
-optional_policy(`
-	xen_append_log(brctl_t)
-	xen_dontaudit_rw_unix_stream_sockets(brctl_t)
-')
diff --git a/policy/modules/admin/certwatch.fc b/policy/modules/admin/certwatch.fc
deleted file mode 100644
index b8a3414..0000000
--- a/policy/modules/admin/certwatch.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/bin/certwatch	-- gen_context(system_u:object_r:certwatch_exec_t,s0)
diff --git a/policy/modules/admin/certwatch.if b/policy/modules/admin/certwatch.if
deleted file mode 100644
index 953451a..0000000
--- a/policy/modules/admin/certwatch.if
+++ /dev/null
@@ -1,78 +0,0 @@
-## <summary>Digital Certificate Tracking</summary>
-
-########################################
-## <summary>
-##	Domain transition to certwatch.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`certwatch_domtrans',`
-	gen_require(`
-		type certwatch_exec_t, certwatch_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, certwatch_exec_t, certwatch_t)
-')
-
-########################################
-## <summary>
-##	Execute certwatch in the certwatch domain, and
-##	allow the specified role the certwatch domain,
-##	and use the caller's terminal. Has a sigchld
-##	backchannel.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`certwatch_run',`
-	gen_require(`
-		type certwatch_t;
-	')
-
-	certwatch_domtrans($1)
-	role $2 types certwatch_t;
-')
-
-########################################
-## <summary>
-##	Execute certwatch in the certwatch domain, and
-##	allow the specified role the certwatch domain,
-##	and use the caller's terminal. Has a sigchld
-##	backchannel.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <param name="terminal">
-##	<summary>
-##	The type of the terminal allow the certwatch domain to use.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`certwatach_run',`
-	refpolicywarn(`$0($*) has been deprecated, please use certwatch_run() instead.')
-	certwatch_run($*)
-')
diff --git a/policy/modules/admin/certwatch.te b/policy/modules/admin/certwatch.te
deleted file mode 100644
index cec5c56..0000000
--- a/policy/modules/admin/certwatch.te
+++ /dev/null
@@ -1,53 +0,0 @@
-policy_module(certwatch, 1.5.2)
-
-########################################
-#
-# Declarations
-#
-
-type certwatch_t;
-type certwatch_exec_t;
-application_domain(certwatch_t, certwatch_exec_t)
-role system_r types certwatch_t;
-
-########################################
-#
-# Local policy
-#
-allow certwatch_t self:capability sys_nice;
-allow certwatch_t self:process { setsched getsched };
-
-dev_read_urand(certwatch_t)
-
-files_read_etc_files(certwatch_t)
-files_read_usr_files(certwatch_t)
-files_read_usr_symlinks(certwatch_t)
-files_list_tmp(certwatch_t)
-
-fs_list_inotifyfs(certwatch_t)
-
-auth_manage_cache(certwatch_t)
-auth_var_filetrans_cache(certwatch_t)
-
-logging_send_syslog_msg(certwatch_t)
-
-miscfiles_read_generic_certs(certwatch_t)
-miscfiles_read_localization(certwatch_t)
-
-userdom_use_user_terminals(certwatch_t)
-userdom_dontaudit_list_admin_dir(certwatch_t)
-
-optional_policy(`
-	apache_exec_modules(certwatch_t)
-	apache_read_config(certwatch_t)
-')
-
-optional_policy(`
-	cron_system_entry(certwatch_t, certwatch_exec_t)
-')
-
-optional_policy(`
-	pcscd_domtrans(certwatch_t)
-	pcscd_stream_connect(certwatch_t)
-	pcscd_read_pub_files(certwatch_t)
-')
diff --git a/policy/modules/admin/consoletype.fc b/policy/modules/admin/consoletype.fc
deleted file mode 100644
index b7f053b..0000000
--- a/policy/modules/admin/consoletype.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-
-/sbin/consoletype	--	gen_context(system_u:object_r:consoletype_exec_t,s0)
diff --git a/policy/modules/admin/consoletype.if b/policy/modules/admin/consoletype.if
deleted file mode 100644
index 0f57d3b..0000000
--- a/policy/modules/admin/consoletype.if
+++ /dev/null
@@ -1,71 +0,0 @@
-## <summary>
-##	Determine of the console connected to the controlling terminal.
-## </summary>
-
-########################################
-## <summary>
-##	Execute consoletype in the consoletype domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`consoletype_domtrans',`
-	gen_require(`
-		type consoletype_t, consoletype_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, consoletype_exec_t, consoletype_t)
-
-	ifdef(`hide_broken_symptoms', `
-		dontaudit consoletype_t $1:socket_class_set { read write };
-	')
-')
-
-########################################
-## <summary>
-##	Execute consoletype in the consoletype domain, and
-##	allow the specified role the consoletype domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`consoletype_run',`
-	gen_require(`
-		type consoletype_t;
-	')
-
-	consoletype_domtrans($1)
-	role $2 types consoletype_t;
-')
-
-########################################
-## <summary>
-##	Execute consoletype in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`consoletype_exec',`
-	gen_require(`
-		type consoletype_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, consoletype_exec_t)
-')
diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te
deleted file mode 100644
index a370656..0000000
--- a/policy/modules/admin/consoletype.te
+++ /dev/null
@@ -1,118 +0,0 @@
-policy_module(consoletype, 1.9.1)
-
-########################################
-#
-# Declarations
-#
-
-type consoletype_t;
-type consoletype_exec_t;
-application_executable_file(consoletype_exec_t)
-init_domain(consoletype_t, consoletype_exec_t)
-init_system_domain(consoletype_t, consoletype_exec_t)
-role system_r types consoletype_t;
-
-########################################
-#
-# Local declarations
-#
-
-allow consoletype_t self:capability { sys_admin sys_tty_config };
-allow consoletype_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow consoletype_t self:fd use;
-allow consoletype_t self:fifo_file rw_fifo_file_perms;
-allow consoletype_t self:sock_file read_sock_file_perms;
-allow consoletype_t self:unix_dgram_socket create_socket_perms;
-allow consoletype_t self:unix_stream_socket create_stream_socket_perms;
-allow consoletype_t self:unix_dgram_socket sendto;
-allow consoletype_t self:unix_stream_socket connectto;
-allow consoletype_t self:shm create_shm_perms;
-allow consoletype_t self:sem create_sem_perms;
-allow consoletype_t self:msgq create_msgq_perms;
-allow consoletype_t self:msg { send receive };
-
-kernel_use_fds(consoletype_t)
-kernel_dontaudit_read_system_state(consoletype_t)
-
-fs_getattr_all_fs(consoletype_t)
-fs_search_auto_mountpoints(consoletype_t)
-fs_write_nfs_files(consoletype_t)
-fs_list_inotifyfs(consoletype_t)
-
-mls_file_read_all_levels(consoletype_t)
-mls_file_write_all_levels(consoletype_t)
-
-term_use_all_terms(consoletype_t)
-
-init_use_fds(consoletype_t)
-init_use_script_ptys(consoletype_t)
-init_use_script_fds(consoletype_t)
-init_rw_script_pipes(consoletype_t)
-
-domain_use_interactive_fds(consoletype_t)
-
-files_dontaudit_read_root_files(consoletype_t)
-files_list_usr(consoletype_t)
-
-userdom_use_user_terminals(consoletype_t)
-
-ifdef(`distro_redhat',`
-	fs_rw_tmpfs_chr_files(consoletype_t)
-')
-
-optional_policy(`
-	apm_use_fds(consoletype_t)
-	apm_write_pipes(consoletype_t)
-')
-
-optional_policy(`
-	auth_read_pam_pid(consoletype_t)
-')
-
-optional_policy(`
-	cron_read_pipes(consoletype_t)
-	cron_use_system_job_fds(consoletype_t)
-')
-
-optional_policy(`
-	files_read_etc_files(consoletype_t)
-	firstboot_use_fds(consoletype_t)
-	firstboot_rw_pipes(consoletype_t)
-')
-
-optional_policy(`
-	hal_dontaudit_leaks(consoletype_t)
-')
-
-optional_policy(`
-	hotplug_dontaudit_use_fds(consoletype_t)
-')
-
-optional_policy(`
-	logrotate_dontaudit_use_fds(consoletype_t)
-')
-
-optional_policy(`
-	lpd_read_config(consoletype_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(consoletype_t)
-')
-
-optional_policy(`
-	# Commonly used from postinst scripts
-	rpm_read_pipes(consoletype_t)
-')
-
-optional_policy(`
-	userdom_use_unpriv_users_fds(consoletype_t)
-')
-
-optional_policy(`
-	kernel_read_xen_state(consoletype_t)
-	kernel_write_xen_state(consoletype_t)
-	xen_append_log(consoletype_t)
-	xen_dontaudit_rw_unix_stream_sockets(consoletype_t)
-	xen_dontaudit_use_fds(consoletype_t)
-')
diff --git a/policy/modules/admin/ddcprobe.fc b/policy/modules/admin/ddcprobe.fc
deleted file mode 100644
index 49e6a25..0000000
--- a/policy/modules/admin/ddcprobe.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-#
-# /usr
-#
-/usr/sbin/ddcprobe	--	gen_context(system_u:object_r:ddcprobe_exec_t,s0)
diff --git a/policy/modules/admin/ddcprobe.if b/policy/modules/admin/ddcprobe.if
deleted file mode 100644
index 9868652..0000000
--- a/policy/modules/admin/ddcprobe.if
+++ /dev/null
@@ -1,45 +0,0 @@
-## <summary>ddcprobe retrieves monitor and graphics card information</summary>
-
-########################################
-## <summary>
-##	Execute ddcprobe in the ddcprobe domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ddcprobe_domtrans',`
-	gen_require(`
-		type ddcprobe_t, ddcprobe_exec_t;
-	')
-
-	domtrans_pattern($1, ddcprobe_exec_t, ddcprobe_t)
-')
-
-########################################
-## <summary>
-##	Execute ddcprobe in the ddcprobe domain, and
-##	allow the specified role the ddcprobe domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role to be authenticated for ddcprobe domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ddcprobe_run',`
-	gen_require(`
-		type ddcprobe_t;
-	')
-
-	ddcprobe_domtrans($1)
-	role $2 types ddcprobe_t;
-')
diff --git a/policy/modules/admin/ddcprobe.te b/policy/modules/admin/ddcprobe.te
deleted file mode 100644
index 5e062bc..0000000
--- a/policy/modules/admin/ddcprobe.te
+++ /dev/null
@@ -1,51 +0,0 @@
-policy_module(ddcprobe, 1.2.0)
-
-########################################
-#
-# Declarations
-#
-
-type ddcprobe_t;
-type ddcprobe_exec_t;
-application_domain(ddcprobe_t, ddcprobe_exec_t)
-role system_r types ddcprobe_t;
-
-########################################
-#
-# Local policy
-#
-
-allow ddcprobe_t self:capability { sys_rawio sys_admin };
-allow ddcprobe_t self:process execmem;
-
-kernel_read_system_state(ddcprobe_t)
-kernel_read_kernel_sysctls(ddcprobe_t)
-kernel_change_ring_buffer_level(ddcprobe_t)
-
-files_search_kernel_modules(ddcprobe_t)
-
-corecmd_list_bin(ddcprobe_t)
-corecmd_exec_bin(ddcprobe_t)
-
-dev_read_urand(ddcprobe_t)
-dev_read_raw_memory(ddcprobe_t)
-dev_wx_raw_memory(ddcprobe_t)
-
-files_read_etc_files(ddcprobe_t)
-files_read_etc_runtime_files(ddcprobe_t)
-files_read_usr_files(ddcprobe_t)
-
-term_use_all_ttys(ddcprobe_t)
-term_use_all_ptys(ddcprobe_t)
-
-libs_read_lib_files(ddcprobe_t)
-
-miscfiles_read_localization(ddcprobe_t)
-
-modutils_read_module_deps(ddcprobe_t)
-
-userdom_use_user_terminals(ddcprobe_t)
-userdom_use_all_users_fds(ddcprobe_t)
-
-#reh why? this does not seem even necessary to function properly
-kudzu_getattr_exec_files(ddcprobe_t)
diff --git a/policy/modules/admin/dmesg.fc b/policy/modules/admin/dmesg.fc
deleted file mode 100644
index d6cc2d9..0000000
--- a/policy/modules/admin/dmesg.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-
-/bin/dmesg		--		gen_context(system_u:object_r:dmesg_exec_t,s0)
diff --git a/policy/modules/admin/dmesg.if b/policy/modules/admin/dmesg.if
deleted file mode 100644
index e1973c7..0000000
--- a/policy/modules/admin/dmesg.if
+++ /dev/null
@@ -1,40 +0,0 @@
-## <summary>Policy for dmesg.</summary>
-
-########################################
-## <summary>
-##	Execute dmesg in the dmesg domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`dmesg_domtrans',`
-	gen_require(`
-		type dmesg_t, dmesg_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, dmesg_exec_t, dmesg_t)
-')
-
-########################################
-## <summary>
-##	Execute dmesg in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`dmesg_exec',`
-	gen_require(`
-		type dmesg_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, dmesg_exec_t)
-')
diff --git a/policy/modules/admin/dmesg.te b/policy/modules/admin/dmesg.te
deleted file mode 100644
index 5421065..0000000
--- a/policy/modules/admin/dmesg.te
+++ /dev/null
@@ -1,64 +0,0 @@
-policy_module(dmesg, 1.3.0)
-
-########################################
-#
-# Declarations
-#
-
-type dmesg_t;
-type dmesg_exec_t;
-init_system_domain(dmesg_t, dmesg_exec_t)
-
-########################################
-#
-# Local policy
-#
-
-allow dmesg_t self:capability sys_admin;
-dontaudit dmesg_t self:capability sys_tty_config;
-
-allow dmesg_t self:process signal_perms;
-
-kernel_read_kernel_sysctls(dmesg_t)
-kernel_read_ring_buffer(dmesg_t)
-kernel_clear_ring_buffer(dmesg_t)
-kernel_change_ring_buffer_level(dmesg_t)
-kernel_list_proc(dmesg_t)
-kernel_read_proc_symlinks(dmesg_t)
-
-dev_read_sysfs(dmesg_t)
-
-fs_search_auto_mountpoints(dmesg_t)
-
-term_dontaudit_use_console(dmesg_t)
-
-domain_use_interactive_fds(dmesg_t)
-
-files_list_etc(dmesg_t)
-# for when /usr is not mounted:
-files_dontaudit_search_isid_type_dirs(dmesg_t)
-
-init_use_fds(dmesg_t)
-init_use_script_ptys(dmesg_t)
-
-logging_send_syslog_msg(dmesg_t)
-logging_write_generic_logs(dmesg_t)
-
-miscfiles_read_localization(dmesg_t)
-
-userdom_dontaudit_use_unpriv_user_fds(dmesg_t)
-userdom_use_user_terminals(dmesg_t)
-
-optional_policy(`
-	abrt_cache_append(dmesg_t)
-	abrt_rw_fifo_file(dmesg_t)
-	abrt_manage_pid_files(dmesg_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(dmesg_t)
-')
-
-optional_policy(`
-	udev_read_db(dmesg_t)
-')
diff --git a/policy/modules/admin/dmidecode.fc b/policy/modules/admin/dmidecode.fc
deleted file mode 100644
index 016e6b8..0000000
--- a/policy/modules/admin/dmidecode.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-
-/usr/sbin/dmidecode	--	gen_context(system_u:object_r:dmidecode_exec_t,s0)
-/usr/sbin/ownership	--	gen_context(system_u:object_r:dmidecode_exec_t,s0)
-/usr/sbin/vpddecode	--	gen_context(system_u:object_r:dmidecode_exec_t,s0)
diff --git a/policy/modules/admin/dmidecode.if b/policy/modules/admin/dmidecode.if
deleted file mode 100644
index 4bf435c..0000000
--- a/policy/modules/admin/dmidecode.if
+++ /dev/null
@@ -1,50 +0,0 @@
-## <summary>Decode DMI data for x86/ia64 bioses.</summary>
-
-########################################
-## <summary>
-##	Execute dmidecode in the dmidecode domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`dmidecode_domtrans',`
-	gen_require(`
-		type dmidecode_t, dmidecode_exec_t;
-	')
-
-	domain_auto_trans($1, dmidecode_exec_t, dmidecode_t)
-
-	allow $1 dmidecode_t:fd use;
-	allow dmidecode_t $1:fd use;
-	allow dmidecode_t $1:fifo_file rw_file_perms;
-	allow dmidecode_t $1:process sigchld;
-')
-
-########################################
-## <summary>
-##	Execute dmidecode in the dmidecode domain, and
-##	allow the specified role the dmidecode domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`dmidecode_run',`
-	gen_require(`
-		type dmidecode_t;
-	')
-
-	dmidecode_domtrans($1)
-	role $2 types dmidecode_t;
-')
diff --git a/policy/modules/admin/dmidecode.te b/policy/modules/admin/dmidecode.te
deleted file mode 100644
index d6356b5..0000000
--- a/policy/modules/admin/dmidecode.te
+++ /dev/null
@@ -1,30 +0,0 @@
-policy_module(dmidecode, 1.4.0)
-
-########################################
-#
-# Declarations
-#
-
-type dmidecode_t;
-type dmidecode_exec_t;
-application_domain(dmidecode_t, dmidecode_exec_t)
-role system_r types dmidecode_t;
-
-########################################
-#
-# Local policy
-#
-
-allow dmidecode_t self:capability sys_rawio;
-
-dev_read_sysfs(dmidecode_t)
-# Allow dmidecode to read /dev/mem
-dev_read_raw_memory(dmidecode_t)
-
-mls_file_read_all_levels(dmidecode_t)
-
-files_list_usr(dmidecode_t)
-
-locallogin_use_fds(dmidecode_t)
-
-userdom_use_user_terminals(dmidecode_t)
diff --git a/policy/modules/admin/dpkg.fc b/policy/modules/admin/dpkg.fc
deleted file mode 100644
index 6d0f9ee..0000000
--- a/policy/modules/admin/dpkg.fc
+++ /dev/null
@@ -1,12 +0,0 @@
-# Debian package manager
-/usr/bin/debsums		--	gen_context(system_u:object_r:dpkg_exec_t,s0)
-/usr/bin/dpkg			--	gen_context(system_u:object_r:dpkg_exec_t,s0)
-# not sure if dselect should be in apt instead?
-/usr/bin/dselect		--	gen_context(system_u:object_r:dpkg_exec_t,s0)
-
-/var/lib/dpkg(/.*)?			gen_context(system_u:object_r:dpkg_var_lib_t,s0)
-# lockfile is treated specially, since used by apt, too
-/var/lib/dpkg/(meth)?lock	--	gen_context(system_u:object_r:dpkg_lock_t,s0)
-
-/usr/sbin/dpkg-preconfigure	--	gen_context(system_u:object_r:dpkg_exec_t,s0)
-/usr/sbin/dpkg-reconfigure	--	gen_context(system_u:object_r:dpkg_exec_t,s0)
diff --git a/policy/modules/admin/dpkg.if b/policy/modules/admin/dpkg.if
deleted file mode 100644
index 9317171..0000000
--- a/policy/modules/admin/dpkg.if
+++ /dev/null
@@ -1,226 +0,0 @@
-## <summary>Policy for the Debian package manager.</summary>
-# TODO: need debconf policy
-# TODO: need install-menu policy
-
-########################################
-## <summary>
-##	Execute dpkg programs in the dpkg domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`dpkg_domtrans',`
-	gen_require(`
-		type dpkg_t, dpkg_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, dpkg_exec_t, dpkg_t)
-')
-
-########################################
-## <summary>
-##	Execute dpkg_script programs in the dpkg_script domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`dpkg_domtrans_script',`
-	gen_require(`
-		type dpkg_script_t;
-	')
-
-	# transition to dpkg script:
-	corecmd_shell_domtrans($1, dpkg_script_t)
-	allow dpkg_script_t $1:fd use;
-	allow dpkg_script_t $1:fifo_file rw_file_perms;
-	allow dpkg_script_t $1:process sigchld;
-')
-
-########################################
-## <summary>
-##	Execute dpkg programs in the dpkg domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the dpkg domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`dpkg_run',`
-	gen_require(`
-		type dpkg_t, dpkg_script_t;
-	')
-
-	dpkg_domtrans($1)
-	role $2 types dpkg_t;
-	role $2 types dpkg_script_t;
-	seutil_run_loadpolicy(dpkg_script_t, $2)
-')
-
-########################################
-## <summary>
-##	Inherit and use file descriptors from dpkg.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dpkg_use_fds',`
-	gen_require(`
-		type dpkg_t;
-	')
-
-	allow $1 dpkg_t:fd use;
-')
-
-########################################
-## <summary>
-##	Read from an unnamed dpkg pipe.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dpkg_read_pipes',`
-	gen_require(`
-		type dpkg_t;
-	')
-
-	allow $1 dpkg_t:fifo_file read_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write an unnamed dpkg pipe.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dpkg_rw_pipes',`
-	gen_require(`
-		type dpkg_t;
-	')
-
-	allow $1 dpkg_t:fifo_file rw_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Inherit and use file descriptors from dpkg scripts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dpkg_use_script_fds',`
-	gen_require(`
-		type dpkg_script_t;
-	')
-
-	allow $1 dpkg_script_t:fd use;
-')
-
-########################################
-## <summary>
-##	Read the dpkg package database.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dpkg_read_db',`
-	gen_require(`
-		type dpkg_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 dpkg_var_lib_t:dir list_dir_perms;
-	read_files_pattern($1, dpkg_var_lib_t, dpkg_var_lib_t)
-	read_lnk_files_pattern($1, dpkg_var_lib_t, dpkg_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete the dpkg package database.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dpkg_manage_db',`
-	gen_require(`
-		type dpkg_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, dpkg_var_lib_t, dpkg_var_lib_t)
-	manage_lnk_files_pattern($1, dpkg_var_lib_t, dpkg_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to create, read, 
-##	write, and delete the dpkg package database.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dpkg_dontaudit_manage_db',`
-	gen_require(`
-		type dpkg_var_lib_t;
-	')
-
-	dontaudit $1 dpkg_var_lib_t:dir rw_dir_perms;
-	dontaudit $1 dpkg_var_lib_t:file manage_file_perms;
-	dontaudit $1 dpkg_var_lib_t:lnk_file manage_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Lock the dpkg package database.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dpkg_lock_db',`
-	gen_require(`
-		type dpkg_lock_t, dpkg_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 dpkg_var_lib_t:dir list_dir_perms;
-	allow $1 dpkg_lock_t:file manage_file_perms;
-')
diff --git a/policy/modules/admin/dpkg.te b/policy/modules/admin/dpkg.te
deleted file mode 100644
index 6776b69..0000000
--- a/policy/modules/admin/dpkg.te
+++ /dev/null
@@ -1,338 +0,0 @@
-policy_module(dpkg, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type dpkg_t;
-type dpkg_exec_t;
-# dpkg can start/stop services
-init_system_domain(dpkg_t, dpkg_exec_t)
-# dpkg can change file labels, roles, IO
-domain_obj_id_change_exemption(dpkg_t)
-domain_role_change_exemption(dpkg_t)
-domain_system_change_exemption(dpkg_t)
-domain_interactive_fd(dpkg_t)
-role system_r types dpkg_t;
-
-# lockfile
-type dpkg_lock_t;
-files_type(dpkg_lock_t)
-
-type dpkg_tmp_t;
-files_tmp_file(dpkg_tmp_t)
-
-type dpkg_tmpfs_t;
-files_tmpfs_file(dpkg_tmpfs_t)
-
-# status files
-type dpkg_var_lib_t alias var_lib_dpkg_t;
-files_type(dpkg_var_lib_t)
-
-# package scripts
-type dpkg_script_t;
-domain_type(dpkg_script_t)
-domain_entry_file(dpkg_t, dpkg_var_lib_t)
-corecmd_shell_entry_type(dpkg_script_t)
-domain_obj_id_change_exemption(dpkg_script_t)
-domain_system_change_exemption(dpkg_script_t)
-domain_interactive_fd(dpkg_script_t)
-role system_r types dpkg_script_t;
-
-type dpkg_script_tmp_t;
-files_tmp_file(dpkg_script_tmp_t)
-
-type dpkg_script_tmpfs_t;
-files_tmpfs_file(dpkg_script_tmpfs_t)
-
-########################################
-#
-# dpkg Local policy
-#
-
-allow dpkg_t self:capability { chown dac_override fowner fsetid setgid setuid kill sys_tty_config sys_nice sys_resource mknod linux_immutable };
-allow dpkg_t self:process { setpgid fork getsched setfscreate };
-allow dpkg_t self:fd use;
-allow dpkg_t self:fifo_file rw_fifo_file_perms;
-allow dpkg_t self:unix_dgram_socket create_socket_perms;
-allow dpkg_t self:unix_stream_socket rw_stream_socket_perms;
-allow dpkg_t self:unix_dgram_socket sendto;
-allow dpkg_t self:unix_stream_socket connectto;
-allow dpkg_t self:udp_socket { connect create_socket_perms };
-allow dpkg_t self:tcp_socket create_stream_socket_perms;
-allow dpkg_t self:shm create_shm_perms;
-allow dpkg_t self:sem create_sem_perms;
-allow dpkg_t self:msgq create_msgq_perms;
-allow dpkg_t self:msg { send receive };
-
-allow dpkg_t dpkg_lock_t:file manage_file_perms;
-
-manage_dirs_pattern(dpkg_t, dpkg_tmp_t, dpkg_tmp_t)
-manage_files_pattern(dpkg_t, dpkg_tmp_t, dpkg_tmp_t)
-files_tmp_filetrans(dpkg_t, dpkg_tmp_t, { file dir })
-
-manage_dirs_pattern(dpkg_t, dpkg_tmpfs_t, dpkg_tmpfs_t)
-manage_files_pattern(dpkg_t, dpkg_tmpfs_t, dpkg_tmpfs_t)
-manage_lnk_files_pattern(dpkg_t, dpkg_tmpfs_t, dpkg_tmpfs_t)
-manage_sock_files_pattern(dpkg_t, dpkg_tmpfs_t, dpkg_tmpfs_t)
-manage_fifo_files_pattern(dpkg_t, dpkg_tmpfs_t, dpkg_tmpfs_t)
-fs_tmpfs_filetrans(dpkg_t, dpkg_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-# Access /var/lib/dpkg files
-manage_files_pattern(dpkg_t, dpkg_var_lib_t, dpkg_var_lib_t)
-files_var_lib_filetrans(dpkg_t, dpkg_var_lib_t, dir)
-
-kernel_read_system_state(dpkg_t)
-kernel_read_kernel_sysctls(dpkg_t)
-
-corecmd_exec_all_executables(dpkg_t)
-
-# TODO: do we really need all networking?
-corenet_all_recvfrom_unlabeled(dpkg_t)
-corenet_all_recvfrom_netlabel(dpkg_t)
-corenet_tcp_sendrecv_generic_if(dpkg_t)
-corenet_raw_sendrecv_generic_if(dpkg_t)
-corenet_udp_sendrecv_generic_if(dpkg_t)
-corenet_tcp_sendrecv_generic_node(dpkg_t)
-corenet_raw_sendrecv_generic_node(dpkg_t)
-corenet_udp_sendrecv_generic_node(dpkg_t)
-corenet_tcp_sendrecv_all_ports(dpkg_t)
-corenet_udp_sendrecv_all_ports(dpkg_t)
-corenet_tcp_connect_all_ports(dpkg_t)
-corenet_sendrecv_all_client_packets(dpkg_t)
-
-dev_list_sysfs(dpkg_t)
-dev_list_usbfs(dpkg_t)
-dev_read_urand(dpkg_t)
-#devices_manage_all_device_types(dpkg_t)
-
-domain_read_all_domains_state(dpkg_t)
-domain_getattr_all_domains(dpkg_t)
-domain_dontaudit_ptrace_all_domains(dpkg_t)
-domain_use_interactive_fds(dpkg_t)
-domain_dontaudit_getattr_all_pipes(dpkg_t)
-domain_dontaudit_getattr_all_tcp_sockets(dpkg_t)
-domain_dontaudit_getattr_all_udp_sockets(dpkg_t)
-domain_dontaudit_getattr_all_packet_sockets(dpkg_t)
-domain_dontaudit_getattr_all_raw_sockets(dpkg_t)
-domain_dontaudit_getattr_all_stream_sockets(dpkg_t)
-domain_dontaudit_getattr_all_dgram_sockets(dpkg_t)
-
-fs_manage_nfs_dirs(dpkg_t)
-fs_manage_nfs_files(dpkg_t)
-fs_manage_nfs_symlinks(dpkg_t)
-fs_getattr_all_fs(dpkg_t)
-fs_search_auto_mountpoints(dpkg_t)
-
-mls_file_read_all_levels(dpkg_t)
-mls_file_write_all_levels(dpkg_t)
-mls_file_upgrade(dpkg_t)
-
-selinux_get_fs_mount(dpkg_t)
-selinux_validate_context(dpkg_t)
-selinux_compute_access_vector(dpkg_t)
-selinux_compute_create_context(dpkg_t)
-selinux_compute_relabel_context(dpkg_t)
-selinux_compute_user_contexts(dpkg_t)
-
-storage_raw_write_fixed_disk(dpkg_t)
-# for installing kernel packages
-storage_raw_read_fixed_disk(dpkg_t)
-
-auth_relabel_all_files_except_shadow(dpkg_t)
-auth_manage_all_files_except_shadow(dpkg_t)
-auth_dontaudit_read_shadow(dpkg_t)
-
-files_exec_etc_files(dpkg_t)
-
-init_domtrans_script(dpkg_t)
-init_use_script_ptys(dpkg_t)
-
-libs_exec_ld_so(dpkg_t)
-libs_exec_lib_files(dpkg_t)
-libs_domtrans_ldconfig(dpkg_t)
-
-logging_send_syslog_msg(dpkg_t)
-
-# allow compiling and loading new policy
-seutil_manage_src_policy(dpkg_t)
-seutil_manage_bin_policy(dpkg_t)
-
-sysnet_read_config(dpkg_t)
-
-userdom_use_user_terminals(dpkg_t)
-userdom_use_unpriv_users_fds(dpkg_t)
-
-# transition to dpkg script:
-dpkg_domtrans_script(dpkg_t)
-# since the scripts aren't labeled correctly yet...
-allow dpkg_t dpkg_var_lib_t:file mmap_file_perms;
-
-optional_policy(`
-	apt_use_ptys(dpkg_t)
-')
-
-# TODO: allow?
-#optional_policy(`
-#	cron_system_entry(dpkg_t,dpkg_exec_t)
-#')
-
-optional_policy(`
-	nis_use_ypbind(dpkg_t)
-')
-
-optional_policy(`
-	unconfined_domain(dpkg_t)
-')
-
-# TODO: the following was copied from dpkg_script_t, and could probably
-# be removed again when dpkg_script_t is actually used...
-domain_signal_all_domains(dpkg_t)
-domain_signull_all_domains(dpkg_t)
-files_read_etc_runtime_files(dpkg_t)
-files_exec_usr_files(dpkg_t)
-miscfiles_read_localization(dpkg_t)
-modutils_domtrans_depmod(dpkg_t)
-modutils_domtrans_insmod(dpkg_t)
-seutil_domtrans_loadpolicy(dpkg_t)
-seutil_domtrans_setfiles(dpkg_t)
-userdom_use_all_users_fds(dpkg_t)
-optional_policy(`
-	mta_send_mail(dpkg_t)
-')
-optional_policy(`
-	usermanage_domtrans_groupadd(dpkg_t)
-	usermanage_domtrans_useradd(dpkg_t)
-')
-
-########################################
-#
-# dpkg-script Local policy
-#
-# TODO: actually use dpkg_script_t
-
-allow dpkg_script_t self:capability { chown dac_override dac_read_search fowner fsetid setgid setuid ipc_lock sys_chroot sys_nice mknod kill };
-allow dpkg_script_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow dpkg_script_t self:fd use;
-allow dpkg_script_t self:fifo_file rw_fifo_file_perms;
-allow dpkg_script_t self:unix_dgram_socket create_socket_perms;
-allow dpkg_script_t self:unix_stream_socket rw_stream_socket_perms;
-allow dpkg_script_t self:unix_dgram_socket sendto;
-allow dpkg_script_t self:unix_stream_socket connectto;
-allow dpkg_script_t self:shm create_shm_perms;
-allow dpkg_script_t self:sem create_sem_perms;
-allow dpkg_script_t self:msgq create_msgq_perms;
-allow dpkg_script_t self:msg { send receive };
-
-allow dpkg_script_t dpkg_tmp_t:file read_file_perms;
-
-allow dpkg_script_t dpkg_script_tmp_t:dir { manage_dir_perms mounton };
-allow dpkg_script_t dpkg_script_tmp_t:file manage_file_perms;
-files_tmp_filetrans(dpkg_script_t, dpkg_script_tmp_t, { file dir })
-
-allow dpkg_script_t dpkg_script_tmpfs_t:dir manage_dir_perms;
-allow dpkg_script_t dpkg_script_tmpfs_t:file manage_file_perms;
-allow dpkg_script_t dpkg_script_tmpfs_t:lnk_file manage_lnk_file_perms;
-allow dpkg_script_t dpkg_script_tmpfs_t:sock_file manage_sock_file_perms;
-allow dpkg_script_t dpkg_script_tmpfs_t:fifo_file manage_fifo_file_perms;
-fs_tmpfs_filetrans(dpkg_script_t, dpkg_script_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-kernel_read_kernel_sysctls(dpkg_script_t)
-kernel_read_system_state(dpkg_script_t)
-
-corecmd_exec_all_executables(dpkg_script_t)
-
-dev_list_sysfs(dpkg_script_t)
-# ideally we would not need this
-dev_manage_generic_blk_files(dpkg_script_t)
-dev_manage_generic_chr_files(dpkg_script_t)
-dev_manage_all_blk_files(dpkg_script_t)
-dev_manage_all_chr_files(dpkg_script_t)
-
-domain_read_all_domains_state(dpkg_script_t)
-domain_getattr_all_domains(dpkg_script_t)
-domain_dontaudit_ptrace_all_domains(dpkg_script_t)
-domain_use_interactive_fds(dpkg_script_t)
-domain_signal_all_domains(dpkg_script_t)
-domain_signull_all_domains(dpkg_script_t)
-
-files_exec_etc_files(dpkg_script_t)
-files_read_etc_runtime_files(dpkg_script_t)
-files_exec_usr_files(dpkg_script_t)
-
-fs_manage_nfs_files(dpkg_script_t)
-fs_getattr_nfs(dpkg_script_t)
-# why is this not using mount?
-fs_getattr_xattr_fs(dpkg_script_t)
-fs_mount_xattr_fs(dpkg_script_t)
-fs_unmount_xattr_fs(dpkg_script_t)
-fs_search_auto_mountpoints(dpkg_script_t)
-
-mls_file_read_all_levels(dpkg_script_t)
-mls_file_write_all_levels(dpkg_script_t)
-
-selinux_get_fs_mount(dpkg_script_t)
-selinux_validate_context(dpkg_script_t)
-selinux_compute_access_vector(dpkg_script_t)
-selinux_compute_create_context(dpkg_script_t)
-selinux_compute_relabel_context(dpkg_script_t)
-selinux_compute_user_contexts(dpkg_script_t)
-
-storage_raw_read_fixed_disk(dpkg_script_t)
-storage_raw_write_fixed_disk(dpkg_script_t)
-
-term_use_all_terms(dpkg_script_t)
-
-auth_dontaudit_getattr_shadow(dpkg_script_t)
-# ideally we would not need this
-auth_manage_all_files_except_shadow(dpkg_script_t)
-
-init_domtrans_script(dpkg_script_t)
-init_use_script_fds(dpkg_script_t)
-
-libs_exec_ld_so(dpkg_script_t)
-libs_exec_lib_files(dpkg_script_t)
-libs_domtrans_ldconfig(dpkg_script_t)
-
-logging_send_syslog_msg(dpkg_script_t)
-
-miscfiles_read_localization(dpkg_script_t)
-
-modutils_domtrans_depmod(dpkg_script_t)
-modutils_domtrans_insmod(dpkg_script_t)
-
-seutil_domtrans_loadpolicy(dpkg_script_t)
-seutil_domtrans_setfiles(dpkg_script_t)
-
-userdom_use_all_users_fds(dpkg_script_t)
-
-tunable_policy(`allow_execmem',`
-	allow dpkg_script_t self:process execmem;
-')
-
-optional_policy(`
-	apt_rw_pipes(dpkg_script_t)
-	apt_use_fds(dpkg_script_t)
-')
-
-optional_policy(`
-	bootloader_domtrans(dpkg_script_t)
-')
-
-optional_policy(`
-	mta_send_mail(dpkg_script_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(dpkg_script_t)
-')
-
-optional_policy(`
-	unconfined_domain(dpkg_script_t)
-')
-
-optional_policy(`
-	usermanage_domtrans_groupadd(dpkg_script_t)
-	usermanage_domtrans_useradd(dpkg_script_t)
-')
diff --git a/policy/modules/admin/firstboot.fc b/policy/modules/admin/firstboot.fc
deleted file mode 100644
index ba614e4..0000000
--- a/policy/modules/admin/firstboot.fc
+++ /dev/null
@@ -1,3 +0,0 @@
-/usr/sbin/firstboot		--	gen_context(system_u:object_r:firstboot_exec_t,s0)
-
-/usr/share/firstboot/firstboot\.py --	gen_context(system_u:object_r:firstboot_exec_t,s0)
diff --git a/policy/modules/admin/firstboot.if b/policy/modules/admin/firstboot.if
deleted file mode 100644
index 8fa451c..0000000
--- a/policy/modules/admin/firstboot.if
+++ /dev/null
@@ -1,157 +0,0 @@
-## <summary>
-##	Final system configuration run during the first boot
-##	after installation of Red Hat/Fedora systems.
-## </summary>
-
-########################################
-## <summary>
-##	Execute firstboot in the firstboot domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`firstboot_domtrans',`
-	gen_require(`
-		type firstboot_t, firstboot_exec_t;
-	')
-
-	domtrans_pattern($1, firstboot_exec_t, firstboot_t)
-')
-
-########################################
-## <summary>
-##	Execute firstboot in the firstboot domain, and
-##	allow the specified role the firstboot domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`firstboot_run',`
-	gen_require(`
-		type firstboot_t;
-	')
-
-	firstboot_domtrans($1)
-	role $2 types firstboot_t;
-')
-
-########################################
-## <summary>
-##	Inherit and use a file descriptor from firstboot.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`firstboot_use_fds',`
-	gen_require(`
-		type firstboot_t;
-	')
-
-	allow $1 firstboot_t:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to inherit a
-##	file descriptor from firstboot.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`firstboot_dontaudit_use_fds',`
-	gen_require(`
-		type firstboot_t;
-	')
-
-	dontaudit $1 firstboot_t:fd use;
-')
-
-########################################
-## <summary>
-##	Write to a firstboot unnamed pipe.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`firstboot_write_pipes',`
-	gen_require(`
-		type firstboot_t;
-	')
-
-	allow $1 firstboot_t:fifo_file write;
-')
-
-########################################
-## <summary>
-##	Read and Write to a firstboot unnamed pipe.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`firstboot_rw_pipes',`
-	gen_require(`
-		type firstboot_t;
-	')
-
-	allow $1 firstboot_t:fifo_file { read write };
-')
-
-########################################
-## <summary>
-## 	Do not audit attemps to read and write to a firstboot unnamed pipe.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`firstboot_dontaudit_rw_pipes',`
-	gen_require(`
-		type firstboot_t;
-	')
-
-	dontaudit $1 firstboot_t:fifo_file { read write };
-')
-
-########################################
-## <summary>
-## 	Do not audit attemps to read and write to a firstboot
-##	unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`firstboot_dontaudit_rw_stream_sockets',`
-	gen_require(`
-		type firstboot_t;
-	')
-
-	dontaudit $1 firstboot_t:unix_stream_socket { read write };
-')
diff --git a/policy/modules/admin/firstboot.te b/policy/modules/admin/firstboot.te
deleted file mode 100644
index bfda8e9..0000000
--- a/policy/modules/admin/firstboot.te
+++ /dev/null
@@ -1,140 +0,0 @@
-policy_module(firstboot, 1.11.2)
-
-gen_require(`
-	class passwd rootok;
-')
-
-########################################
-#
-# Declarations
-#
-
-type firstboot_t;
-type firstboot_exec_t;
-init_system_domain(firstboot_t, firstboot_exec_t)
-domain_obj_id_change_exemption(firstboot_t)
-domain_subj_id_change_exemption(firstboot_t)
-role system_r types firstboot_t;
-
-type firstboot_etc_t;
-files_config_file(firstboot_etc_t)
-
-########################################
-#
-# Local policy
-#
-
-allow firstboot_t self:capability { dac_override setgid };
-allow firstboot_t self:process setfscreate;
-allow firstboot_t self:fifo_file rw_fifo_file_perms;
-allow firstboot_t self:tcp_socket create_stream_socket_perms;
-allow firstboot_t self:unix_stream_socket { connect create };
-allow firstboot_t self:passwd rootok;
-
-allow firstboot_t firstboot_etc_t:file read_file_perms;
-
-kernel_read_system_state(firstboot_t)
-kernel_read_kernel_sysctls(firstboot_t)
-
-corenet_all_recvfrom_unlabeled(firstboot_t)
-corenet_all_recvfrom_netlabel(firstboot_t)
-corenet_tcp_sendrecv_generic_if(firstboot_t)
-corenet_tcp_sendrecv_generic_node(firstboot_t)
-corenet_tcp_sendrecv_all_ports(firstboot_t)
-
-dev_read_urand(firstboot_t)
-
-selinux_get_fs_mount(firstboot_t)
-selinux_validate_context(firstboot_t)
-selinux_compute_access_vector(firstboot_t)
-selinux_compute_create_context(firstboot_t)
-selinux_compute_relabel_context(firstboot_t)
-selinux_compute_user_contexts(firstboot_t)
-
-auth_dontaudit_getattr_shadow(firstboot_t)
-
-corecmd_exec_all_executables(firstboot_t)
-
-files_exec_etc_files(firstboot_t)
-files_manage_etc_files(firstboot_t)
-files_manage_etc_runtime_files(firstboot_t)
-files_read_usr_files(firstboot_t)
-files_manage_var_dirs(firstboot_t)
-files_manage_var_files(firstboot_t)
-files_manage_var_symlinks(firstboot_t)
-
-init_domtrans_script(firstboot_t)
-init_rw_utmp(firstboot_t)
-
-libs_exec_ld_so(firstboot_t)
-libs_exec_lib_files(firstboot_t)
-
-locallogin_use_fds(firstboot_t)
-
-logging_send_syslog_msg(firstboot_t)
-
-miscfiles_read_localization(firstboot_t)
-
-modutils_domtrans_insmod(firstboot_t)
-modutils_domtrans_depmod(firstboot_t)
-modutils_read_module_config(firstboot_t)
-modutils_read_module_deps(firstboot_t)
-
-userdom_use_user_terminals(firstboot_t)
-# Add/remove user home directories
-userdom_manage_user_home_content_dirs(firstboot_t)
-userdom_manage_user_home_content_files(firstboot_t)
-userdom_manage_user_home_content_symlinks(firstboot_t)
-userdom_manage_user_home_content_pipes(firstboot_t)
-userdom_manage_user_home_content_sockets(firstboot_t)
-userdom_home_filetrans_user_home_dir(firstboot_t)
-userdom_user_home_dir_filetrans_user_home_content(firstboot_t, { dir file lnk_file fifo_file sock_file })
-
-optional_policy(`
-	consoletype_domtrans(firstboot_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(firstboot_t)
-
-	optional_policy(`
-		hal_dbus_chat(firstboot_t)
-	')
-')
-
-optional_policy(`
-	iptables_domtrans(firstboot_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(firstboot_t)
-')
-
-optional_policy(`
-	samba_rw_config(firstboot_t)
-')
-
-optional_policy(`
-	unconfined_domtrans(firstboot_t)
-	# The big hammer
-	unconfined_domain(firstboot_t)
-')
-
-optional_policy(`
-	usermanage_domtrans_chfn(firstboot_t)
-	usermanage_domtrans_groupadd(firstboot_t)
-	usermanage_domtrans_passwd(firstboot_t)
-	usermanage_domtrans_useradd(firstboot_t)
-	usermanage_domtrans_admin_passwd(firstboot_t)
-')
-
-optional_policy(`
-	gnome_admin_home_gconf_filetrans(firstboot_t, dir)
-	gnome_manage_config(firstboot_t)
-')
-
-optional_policy(`
-	xserver_domtrans(firstboot_t)
-	xserver_rw_shm(firstboot_t)
-	xserver_unconfined(firstboot_t)
-')
diff --git a/policy/modules/admin/kismet.fc b/policy/modules/admin/kismet.fc
deleted file mode 100644
index dae60e5..0000000
--- a/policy/modules/admin/kismet.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-HOME_DIR/\.kismet(/.*)?			gen_context(system_u:object_r:kismet_home_t,s0)
-
-/usr/bin/kismet			--	gen_context(system_u:object_r:kismet_exec_t,s0)
-/var/lib/kismet(/.*)?			gen_context(system_u:object_r:kismet_var_lib_t,s0)
-/var/log/kismet(/.*)?			gen_context(system_u:object_r:kismet_log_t,s0)
-/var/run/kismet_server.pid	--	gen_context(system_u:object_r:kismet_var_run_t,s0)
diff --git a/policy/modules/admin/kismet.if b/policy/modules/admin/kismet.if
deleted file mode 100644
index c18c920..0000000
--- a/policy/modules/admin/kismet.if
+++ /dev/null
@@ -1,247 +0,0 @@
-## <summary>Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run kismet.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`kismet_domtrans',`
-	gen_require(`
-		type kismet_t, kismet_exec_t;
-	')
-
-	domtrans_pattern($1, kismet_exec_t, kismet_t)
-	allow kismet_t $1:process signull;
-')
-
-########################################
-## <summary>
-##	Execute kismet in the kismet domain, and
-##	allow the specified role the kismet domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`kismet_run',`
-	gen_require(`
-		type kismet_t;
-	')
-
-	kismet_domtrans($1)
-	role $2 types kismet_t;
-')
-
-########################################
-## <summary>
-##	Read kismet PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kismet_read_pid_files',`
-	gen_require(`
-		type kismet_var_run_t;
-	')
-
-	allow $1 kismet_var_run_t:file read_file_perms;
-	files_search_pids($1)
-')
-
-########################################
-## <summary>
-##	Manage kismet var_run files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kismet_manage_pid_files',`
-	gen_require(`
-		type kismet_var_run_t;
-	')
-
-	allow $1 kismet_var_run_t:file manage_file_perms;
-	files_search_pids($1)	
-')
-
-########################################
-## <summary>
-##	Search kismet lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kismet_search_lib',`
-	gen_require(`
-		type kismet_var_lib_t;
-	')
-
-	allow $1 kismet_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Read kismet lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kismet_read_lib_files',`
-	gen_require(`
-		type kismet_var_lib_t;
-	')
-
-	allow $1 kismet_var_lib_t:file read_file_perms;
-	allow $1 kismet_var_lib_t:dir list_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	kismet lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kismet_manage_lib_files',`
-	gen_require(`
-		type kismet_var_lib_t;
-	')
-
-	manage_files_pattern($1, kismet_var_lib_t, kismet_var_lib_t)
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Manage kismet var_lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kismet_manage_lib',`
-	gen_require(`
-		type kismet_var_lib_t;
-	')
-
-	manage_dirs_pattern($1, kismet_var_lib_t, kismet_var_lib_t)
-	manage_files_pattern($1, kismet_var_lib_t, kismet_var_lib_t)
-	manage_lnk_files_pattern($1, kismet_var_lib_t, kismet_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read kismet's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kismet_read_log',`
-	gen_require(`
-		type kismet_log_t;
-	')
-
-	logging_search_logs($1)
-	read_files_pattern($1, kismet_log_t, kismet_log_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to append
-##	kismet log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kismet_append_log',`
-	gen_require(`
-		type kismet_log_t;
-	')
-
-	logging_search_logs($1)
-	append_files_pattern($1, kismet_log_t, kismet_log_t)
-')
-
-########################################
-## <summary>
-##	Allow domain to manage kismet log files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kismet_manage_log',`
-	gen_require(`
-		type kismet_log_t;
-	')
-
-	manage_dirs_pattern($1, kismet_log_t, kismet_log_t)
-	manage_files_pattern($1, kismet_log_t, kismet_log_t)
-	manage_lnk_files_pattern($1, kismet_log_t, kismet_log_t)
-	logging_search_logs($1)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate an kismet environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kismet_admin',`
-	gen_require(`
-		type kismet_t;
-	')
-
-	ps_process_pattern($1, kismet_t)
-	allow $1 kismet_t:process { ptrace signal_perms };
-
-	kismet_manage_pid_files($1)
-	kismet_manage_lib($1)
-	kismet_manage_log($1)
-')
diff --git a/policy/modules/admin/kismet.te b/policy/modules/admin/kismet.te
deleted file mode 100644
index 908622a..0000000
--- a/policy/modules/admin/kismet.te
+++ /dev/null
@@ -1,101 +0,0 @@
-policy_module(kismet, 1.5.1)
-
-########################################
-#
-# Declarations
-#
-
-type kismet_t;
-type kismet_exec_t;
-application_domain(kismet_t, kismet_exec_t)
-role system_r types kismet_t;
-
-type kismet_home_t;
-userdom_user_home_content(kismet_home_t)
-
-type kismet_log_t;
-logging_log_file(kismet_log_t)
-
-type kismet_tmp_t;
-files_tmp_file(kismet_tmp_t)
-
-type kismet_tmpfs_t;
-files_tmp_file(kismet_tmpfs_t)
-
-type kismet_var_lib_t;
-files_type(kismet_var_lib_t)
-
-type kismet_var_run_t;
-files_pid_file(kismet_var_run_t)
-
-########################################
-#
-# kismet local policy
-#
-
-allow kismet_t self:capability { dac_override kill net_admin net_raw setuid setgid };
-allow kismet_t self:process signal_perms;
-allow kismet_t self:fifo_file rw_file_perms;
-allow kismet_t self:packet_socket create_socket_perms;
-allow kismet_t self:unix_dgram_socket { create_socket_perms sendto };
-allow kismet_t self:unix_stream_socket create_stream_socket_perms;
-allow kismet_t self:tcp_socket create_stream_socket_perms;
-
-manage_dirs_pattern(kismet_t, kismet_home_t, kismet_home_t)
-manage_files_pattern(kismet_t, kismet_home_t, kismet_home_t)
-manage_lnk_files_pattern(kismet_t, kismet_home_t, kismet_home_t)
-userdom_user_home_dir_filetrans(kismet_t, kismet_home_t, { file dir })
-userdom_search_user_home_dirs(kismet_t)
-
-manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t)
-allow kismet_t kismet_log_t:dir setattr;
-logging_log_filetrans(kismet_t, kismet_log_t, { file dir })
-
-manage_dirs_pattern(kismet_t, kismet_tmp_t, kismet_tmp_t)
-manage_files_pattern(kismet_t, kismet_tmp_t, kismet_tmp_t)
-manage_sock_files_pattern(kismet_t, kismet_tmp_t, kismet_tmp_t)
-files_tmp_filetrans(kismet_t, kismet_tmp_t, { file dir sock_file })
-
-manage_dirs_pattern(kismet_t, kismet_tmpfs_t, kismet_tmpfs_t)
-manage_files_pattern(kismet_t, kismet_tmpfs_t, kismet_tmpfs_t)
-fs_tmpfs_filetrans(kismet_t, kismet_tmpfs_t, { dir file })
-
-allow kismet_t kismet_var_lib_t:file manage_file_perms;
-allow kismet_t kismet_var_lib_t:dir manage_dir_perms;
-files_var_lib_filetrans(kismet_t, kismet_var_lib_t, { file dir })
-
-allow kismet_t kismet_var_run_t:file manage_file_perms;
-allow kismet_t kismet_var_run_t:dir manage_dir_perms;
-files_pid_filetrans(kismet_t, kismet_var_run_t, { file dir })
-
-kernel_search_debugfs(kismet_t)
-kernel_read_system_state(kismet_t)
-kernel_read_network_state(kismet_t)
-
-corecmd_exec_bin(kismet_t)
-
-corenet_all_recvfrom_unlabeled(kismet_t)
-corenet_all_recvfrom_netlabel(kismet_t)
-corenet_tcp_sendrecv_generic_if(kismet_t)
-corenet_tcp_sendrecv_generic_node(kismet_t)
-corenet_tcp_sendrecv_all_ports(kismet_t)
-corenet_tcp_bind_generic_node(kismet_t)
-corenet_tcp_bind_kismet_port(kismet_t)
-corenet_tcp_connect_kismet_port(kismet_t)
-corenet_tcp_connect_pulseaudio_port(kismet_t)
-
-auth_use_nsswitch(kismet_t)
-
-files_read_etc_files(kismet_t)
-files_read_usr_files(kismet_t)
-
-miscfiles_read_localization(kismet_t)
-
-userdom_use_user_terminals(kismet_t)
-userdom_read_user_tmpfs_files(kismet_t)
-
-optional_policy(`
-	dbus_system_bus_client(kismet_t)
-
-	networkmanager_dbus_chat(kismet_t)
-')
diff --git a/policy/modules/admin/kudzu.fc b/policy/modules/admin/kudzu.fc
deleted file mode 100644
index dd88f74..0000000
--- a/policy/modules/admin/kudzu.fc
+++ /dev/null
@@ -1,5 +0,0 @@
-
-/sbin/kmodule	--	gen_context(system_u:object_r:kudzu_exec_t,s0)
-/sbin/kudzu	--	gen_context(system_u:object_r:kudzu_exec_t,s0)
-
-/usr/sbin/kudzu	--	gen_context(system_u:object_r:kudzu_exec_t,s0)
diff --git a/policy/modules/admin/kudzu.if b/policy/modules/admin/kudzu.if
deleted file mode 100644
index 65bcaff..0000000
--- a/policy/modules/admin/kudzu.if
+++ /dev/null
@@ -1,64 +0,0 @@
-## <summary>Hardware detection and configuration tools</summary>
-
-########################################
-## <summary>
-##	Execute kudzu in the kudzu domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`kudzu_domtrans',`
-	gen_require(`
-		type kudzu_t, kudzu_exec_t;
-	')
-
-	domtrans_pattern($1, kudzu_exec_t, kudzu_t)
-')
-
-########################################
-## <summary>
-##	Execute kudzu in the kudzu domain, and
-##	allow the specified role the kudzu domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kudzu_run',`
-	gen_require(`
-		type kudzu_t;
-	')
-
-	kudzu_domtrans($1)
-	role $2 types kudzu_t;
-')
-
-########################################
-## <summary>
-##	Get attributes of kudzu executable.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for ddcprobe
-interface(`kudzu_getattr_exec_files',`
-	gen_require(`
-		type kudzu_exec_t;
-	')
-
-	allow $1 kudzu_exec_t:file getattr;
-')
diff --git a/policy/modules/admin/kudzu.te b/policy/modules/admin/kudzu.te
deleted file mode 100644
index 4f7bd3c..0000000
--- a/policy/modules/admin/kudzu.te
+++ /dev/null
@@ -1,145 +0,0 @@
-policy_module(kudzu, 1.8.0)
-
-########################################
-#
-# Declarations
-#
-
-type kudzu_t;
-type kudzu_exec_t;
-init_system_domain(kudzu_t, kudzu_exec_t)
-
-type kudzu_tmp_t;
-files_tmp_file(kudzu_tmp_t)
-
-type kudzu_var_run_t;
-files_pid_file(kudzu_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow kudzu_t self:capability { dac_override sys_admin sys_ptrace sys_rawio net_admin sys_tty_config mknod };
-dontaudit kudzu_t self:capability sys_tty_config;
-allow kudzu_t self:process { signal_perms execmem };
-allow kudzu_t self:fifo_file rw_fifo_file_perms;
-allow kudzu_t self:unix_stream_socket { connectto create_stream_socket_perms };
-allow kudzu_t self:unix_dgram_socket create_socket_perms;
-allow kudzu_t self:udp_socket { create ioctl };
-
-manage_dirs_pattern(kudzu_t, kudzu_tmp_t, kudzu_tmp_t)
-manage_files_pattern(kudzu_t, kudzu_tmp_t, kudzu_tmp_t)
-manage_chr_files_pattern(kudzu_t, kudzu_tmp_t, kudzu_tmp_t)
-files_tmp_filetrans(kudzu_t, kudzu_tmp_t, { file dir chr_file })
-
-manage_dirs_pattern(kudzu_t, kudzu_var_run_t, kudzu_var_run_t)
-manage_files_pattern(kudzu_t, kudzu_var_run_t, kudzu_var_run_t)
-files_pid_filetrans(kudzu_t, kudzu_var_run_t, file)
-
-kernel_change_ring_buffer_level(kudzu_t)
-kernel_list_proc(kudzu_t)
-kernel_read_device_sysctls(kudzu_t)
-kernel_read_kernel_sysctls(kudzu_t)
-kernel_read_proc_symlinks(kudzu_t)
-kernel_read_network_state(kudzu_t)
-kernel_read_system_state(kudzu_t)
-kernel_rw_hotplug_sysctls(kudzu_t)
-kernel_rw_kernel_sysctl(kudzu_t)
-
-files_read_kernel_modules(kudzu_t)
-
-dev_list_sysfs(kudzu_t)
-dev_read_usbfs(kudzu_t)
-dev_read_sysfs(kudzu_t)
-dev_rx_raw_memory(kudzu_t)
-dev_wx_raw_memory(kudzu_t)
-dev_rw_mouse(kudzu_t)
-dev_rwx_zero(kudzu_t)
-
-fs_search_auto_mountpoints(kudzu_t)
-fs_search_ramfs(kudzu_t)
-fs_write_ramfs_sockets(kudzu_t)
-
-mls_file_read_all_levels(kudzu_t)
-mls_file_write_all_levels(kudzu_t)
-
-storage_read_scsi_generic(kudzu_t)
-storage_read_tape(kudzu_t)
-storage_raw_write_fixed_disk(kudzu_t)
-storage_raw_write_removable_device(kudzu_t)
-storage_raw_read_fixed_disk(kudzu_t)
-storage_raw_read_removable_device(kudzu_t)
-
-term_dontaudit_use_console(kudzu_t)
-# so it can write messages to the console
-term_use_unallocated_ttys(kudzu_t)
-
-corecmd_exec_all_executables(kudzu_t)
-
-domain_use_interactive_fds(kudzu_t)
-
-files_search_var(kudzu_t)
-files_search_locks(kudzu_t)
-files_manage_etc_files(kudzu_t)
-files_manage_etc_runtime_files(kudzu_t)
-files_etc_filetrans_etc_runtime(kudzu_t, file)
-files_manage_mnt_files(kudzu_t)
-files_manage_mnt_symlinks(kudzu_t)
-files_dontaudit_search_src(kudzu_t)
-# Read /usr/share/hwdata/.* and /usr/share/terminfo/l/linux
-files_read_usr_files(kudzu_t)
-# for /etc/sysconfig/hwconf - probably need a new type
-files_rw_etc_runtime_files(kudzu_t)
-# for file systems that are not yet mounted
-files_dontaudit_search_isid_type_dirs(kudzu_t)
-
-init_use_fds(kudzu_t)
-init_use_script_ptys(kudzu_t)
-init_stream_connect_script(kudzu_t)
-init_read_state(kudzu_t)
-init_ptrace(kudzu_t)
-# kudzu will telinit to make init re-read
-# the inittab after configuring serial consoles
-init_telinit(kudzu_t)
-
-# Read /usr/lib/gconv/gconv-modules.*
-libs_read_lib_files(kudzu_t)
-
-logging_send_syslog_msg(kudzu_t)
-
-miscfiles_read_hwdata(kudzu_t)
-miscfiles_read_localization(kudzu_t)
-
-modutils_read_module_config(kudzu_t)
-modutils_read_module_deps(kudzu_t)
-modutils_rename_module_config(kudzu_t)
-modutils_delete_module_config(kudzu_t)
-modutils_domtrans_insmod(kudzu_t)
-
-sysnet_read_config(kudzu_t)
-
-userdom_use_user_terminals(kudzu_t)
-userdom_dontaudit_use_unpriv_user_fds(kudzu_t)
-userdom_search_user_home_dirs(kudzu_t)
-
-optional_policy(`
-	gpm_getattr_gpmctl(kudzu_t)
-')
-
-optional_policy(`
-	nscd_socket_use(kudzu_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(kudzu_t)
-')
-
-optional_policy(`
-	udev_read_db(kudzu_t)
-')
-
-optional_policy(`
-	unconfined_domtrans(kudzu_t)
-	unconfined_domain(kudzu_t)
-')
diff --git a/policy/modules/admin/logrotate.fc b/policy/modules/admin/logrotate.fc
deleted file mode 100644
index 36c8de7..0000000
--- a/policy/modules/admin/logrotate.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-/etc/cron\.(daily|weekly)/sysklogd -- gen_context(system_u:object_r:logrotate_exec_t,s0)
-
-/usr/sbin/logrotate	--	gen_context(system_u:object_r:logrotate_exec_t,s0)
-
-ifdef(`distro_debian', `
-/var/lib/logrotate(/.*)?	gen_context(system_u:object_r:logrotate_var_lib_t,s0)
-', `
-/var/lib/logrotate\.status --	gen_context(system_u:object_r:logrotate_var_lib_t,s0)
-')
diff --git a/policy/modules/admin/logrotate.if b/policy/modules/admin/logrotate.if
deleted file mode 100644
index 6672183..0000000
--- a/policy/modules/admin/logrotate.if
+++ /dev/null
@@ -1,118 +0,0 @@
-## <summary>Rotate and archive system logs</summary>
-
-########################################
-## <summary>
-##	Execute logrotate in the logrotate domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`logrotate_domtrans',`
-	gen_require(`
-		type logrotate_t, logrotate_exec_t;
-	')
-
-	domtrans_pattern($1, logrotate_exec_t, logrotate_t)
-')
-
-########################################
-## <summary>
-##	Execute logrotate in the logrotate domain, and
-##	allow the specified role the logrotate domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`logrotate_run',`
-	gen_require(`
-		type logrotate_t;
-	')
-
-	logrotate_domtrans($1)
-	role $2 types logrotate_t;
-')
-
-########################################
-## <summary>
-##	Execute logrotate in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logrotate_exec',`
-	gen_require(`
-		type logrotate_exec_t;
-	')
-
-	can_exec($1, logrotate_exec_t)
-')
-
-########################################
-## <summary>
-##	Inherit and use logrotate file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logrotate_use_fds',`
-	gen_require(`
-		type logrotate_t;
-	')
-
-	allow $1 logrotate_t:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to inherit logrotate file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`logrotate_dontaudit_use_fds',`
-	gen_require(`
-		type logrotate_t;
-	')
-
-	dontaudit $1 logrotate_t:fd use;
-')
-
-########################################
-## <summary>
-##	Read a logrotate temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logrotate_read_tmp_files',`
-	gen_require(`
-		type logrotate_tmp_t;
-	')
-
-	files_search_tmp($1)
-	allow $1 logrotate_tmp_t:file read_file_perms;
-')
diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te
deleted file mode 100644
index d64682f..0000000
--- a/policy/modules/admin/logrotate.te
+++ /dev/null
@@ -1,236 +0,0 @@
-policy_module(logrotate, 1.13.0)
-
-########################################
-#
-# Declarations
-#
-
-type logrotate_t;
-domain_type(logrotate_t)
-domain_obj_id_change_exemption(logrotate_t)
-domain_system_change_exemption(logrotate_t)
-role system_r types logrotate_t;
-
-type logrotate_exec_t;
-domain_entry_file(logrotate_t, logrotate_exec_t)
-
-type logrotate_lock_t;
-files_lock_file(logrotate_lock_t)
-
-type logrotate_tmp_t;
-files_tmp_file(logrotate_tmp_t)
-
-type logrotate_var_lib_t;
-files_type(logrotate_var_lib_t)
-
-########################################
-#
-# Local policy
-#
-
-# Change ownership on log files.
-allow logrotate_t self:capability { chown dac_override dac_read_search kill fsetid fowner sys_resource sys_nice };
-# for mailx
-dontaudit logrotate_t self:capability { setuid setgid sys_ptrace };
-
-allow logrotate_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-
-# Set a context other than the default one for newly created files.
-allow logrotate_t self:process setfscreate;
-
-allow logrotate_t self:fd use;
-allow logrotate_t self:fifo_file rw_fifo_file_perms;
-allow logrotate_t self:unix_dgram_socket create_socket_perms;
-allow logrotate_t self:unix_stream_socket create_stream_socket_perms;
-allow logrotate_t self:unix_dgram_socket sendto;
-allow logrotate_t self:unix_stream_socket connectto;
-allow logrotate_t self:shm create_shm_perms;
-allow logrotate_t self:sem create_sem_perms;
-allow logrotate_t self:msgq create_msgq_perms;
-allow logrotate_t self:msg { send receive };
-
-allow logrotate_t logrotate_lock_t:file manage_file_perms;
-files_lock_filetrans(logrotate_t, logrotate_lock_t, file)
-
-can_exec(logrotate_t, logrotate_tmp_t)
-
-manage_dirs_pattern(logrotate_t, logrotate_tmp_t, logrotate_tmp_t)
-manage_files_pattern(logrotate_t, logrotate_tmp_t, logrotate_tmp_t)
-files_tmp_filetrans(logrotate_t, logrotate_tmp_t, { file dir })
-
-# for /var/lib/logrotate.status and /var/lib/logcheck
-create_dirs_pattern(logrotate_t, logrotate_var_lib_t, logrotate_var_lib_t)
-manage_files_pattern(logrotate_t, logrotate_var_lib_t, logrotate_var_lib_t)
-files_var_lib_filetrans(logrotate_t, logrotate_var_lib_t, file)
-
-kernel_read_system_state(logrotate_t)
-kernel_read_kernel_sysctls(logrotate_t)
-
-dev_read_urand(logrotate_t)
-
-fs_search_auto_mountpoints(logrotate_t)
-fs_getattr_xattr_fs(logrotate_t)
-fs_list_inotifyfs(logrotate_t)
-
-mls_file_read_all_levels(logrotate_t)
-mls_file_write_all_levels(logrotate_t)
-mls_file_upgrade(logrotate_t)
-
-selinux_get_fs_mount(logrotate_t)
-selinux_get_enforce_mode(logrotate_t)
-
-auth_manage_login_records(logrotate_t)
-auth_use_nsswitch(logrotate_t)
-
-# Run helper programs.
-corecmd_exec_bin(logrotate_t)
-corecmd_exec_shell(logrotate_t)
-
-domain_signal_all_domains(logrotate_t)
-domain_use_interactive_fds(logrotate_t)
-domain_getattr_all_entry_files(logrotate_t)
-# Read /proc/PID directories for all domains.
-domain_read_all_domains_state(logrotate_t)
-
-files_read_usr_files(logrotate_t)
-files_read_etc_files(logrotate_t)
-files_read_etc_runtime_files(logrotate_t)
-files_read_all_pids(logrotate_t)
-files_search_all(logrotate_t)
-files_read_var_lib_files(logrotate_t)
-# Write to /var/spool/slrnpull - should be moved into its own type.
-files_manage_generic_spool(logrotate_t)
-files_manage_generic_spool_dirs(logrotate_t)
-files_getattr_generic_locks(logrotate_t)
-
-# cjp: why is this needed?
-init_domtrans_script(logrotate_t)
-
-logging_manage_all_logs(logrotate_t)
-logging_send_syslog_msg(logrotate_t)
-logging_send_audit_msgs(logrotate_t)
-# cjp: why is this needed?
-logging_exec_all_logs(logrotate_t)
-
-miscfiles_read_localization(logrotate_t)
-
-seutil_dontaudit_read_config(logrotate_t)
-
-userdom_use_user_terminals(logrotate_t)
-userdom_list_user_home_dirs(logrotate_t)
-userdom_use_unpriv_users_fds(logrotate_t)
-userdom_dontaudit_list_admin_dir(logrotate_t)
-
-cron_system_entry(logrotate_t, logrotate_exec_t)
-cron_search_spool(logrotate_t)
-
-#mta_send_mail(logrotate_t)
-mta_base_mail_template(logrotate)
-mta_sendmail_domtrans(logrotate_t, logrotate_mail_t)
-role system_r types logrotate_mail_t;
-logging_read_all_logs(logrotate_mail_t)
-manage_files_pattern(logrotate_mail_t, logrotate_tmp_t, logrotate_tmp_t)
-
-ifdef(`distro_debian', `
-	allow logrotate_t logrotate_tmp_t:file relabel_file_perms;
-	# for savelog
-	can_exec(logrotate_t, logrotate_exec_t)
-
-	# for syslogd-listfiles
-	logging_read_syslog_config(logrotate_t)
-
-	# for "test -x /sbin/syslogd"
-	logging_check_exec_syslog(logrotate_t)
-')
-
-optional_policy(`
-	abrt_cache_manage(logrotate_t)
-')
-
-optional_policy(`
-	acct_domtrans(logrotate_t)
-	acct_manage_data(logrotate_t)
-	acct_exec_data(logrotate_t)
-')
-
-optional_policy(`
-	apache_read_config(logrotate_t)
-	apache_domtrans(logrotate_t)
-	apache_signull(logrotate_t)
-')
-
-optional_policy(`
-	asterisk_domtrans(logrotate_t)
-')
-
-optional_policy(`
-	bind_manage_cache(logrotate_t)
-')
-
-optional_policy(`
-	consoletype_exec(logrotate_t)
-')
-
-optional_policy(`
-	cups_domtrans(logrotate_t)
-')
-
-optional_policy(`
-	fail2ban_stream_connect(logrotate_t)
-')
-
-optional_policy(`
-	hostname_exec(logrotate_t)
-')
-
-optional_policy(`
-	icecast_signal(logrotate_t)
-')
-
-optional_policy(`
-	mailman_domtrans(logrotate_t)
-	mailman_search_data(logrotate_t)
-	mailman_manage_log(logrotate_t)
-')
-
-optional_policy(`
-	munin_read_config(logrotate_t)
-	munin_stream_connect(logrotate_t)
-	munin_search_lib(logrotate_t)
-')
-
-optional_policy(`
-	mysql_read_config(logrotate_t)
-	mysql_search_db(logrotate_t)
-	mysql_stream_connect(logrotate_t)
-')
-
-optional_policy(`
-	psad_domtrans(logrotate_t)
-')
-
-
-optional_policy(`
-	samba_exec_log(logrotate_t)
-')
-
-optional_policy(`
-	sssd_domtrans(logrotate_t)
-')
-
-optional_policy(`
-	slrnpull_manage_spool(logrotate_t)
-')
-
-optional_policy(`
-	squid_domtrans(logrotate_t)
-')
-
-optional_policy(`
-	#Red Hat bug 564565
-	su_exec(logrotate_t)
-')
-
-optional_policy(`
-	varnishd_manage_log(logrotate_t)
-')
diff --git a/policy/modules/admin/logwatch.fc b/policy/modules/admin/logwatch.fc
deleted file mode 100644
index 1e155f5..0000000
--- a/policy/modules/admin/logwatch.fc
+++ /dev/null
@@ -1,11 +0,0 @@
-/usr/sbin/logcheck	--	gen_context(system_u:object_r:logwatch_exec_t,s0)
-/usr/sbin/epylog	--	gen_context(system_u:object_r:logwatch_exec_t,s0)
-
-/usr/share/logwatch/scripts/logwatch\.pl -- gen_context(system_u:object_r:logwatch_exec_t, s0)
-
-/var/cache/logwatch(/.*)?	gen_context(system_u:object_r:logwatch_cache_t, s0)
-/var/lib/logcheck(/.*)?		gen_context(system_u:object_r:logwatch_cache_t,s0)
-/var/lib/epylog(/.*)?		gen_context(system_u:object_r:logwatch_cache_t,s0)
-/var/log/logcheck/.+	--	gen_context(system_u:object_r:logwatch_lock_t,s0)
-
-/var/run/epylog\.pid		gen_context(system_u:object_r:logwatch_var_run_t,s0)
diff --git a/policy/modules/admin/logwatch.if b/policy/modules/admin/logwatch.if
deleted file mode 100644
index d878e75..0000000
--- a/policy/modules/admin/logwatch.if
+++ /dev/null
@@ -1,38 +0,0 @@
-## <summary>System log analyzer and reporter</summary>
-
-########################################
-## <summary>
-##	Read logwatch temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logwatch_read_tmp_files',`
-	gen_require(`
-		type logwatch_tmp_t;
-	')
-
-	files_search_tmp($1)
-	allow $1 logwatch_tmp_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Search logwatch cache directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logwatch_search_cache_dir',`
-	gen_require(`
-		type logwatch_cache_t;
-	')
-
-	allow $1 logwatch_cache_t:dir search_dir_perms;
-')
diff --git a/policy/modules/admin/logwatch.te b/policy/modules/admin/logwatch.te
deleted file mode 100644
index b845467..0000000
--- a/policy/modules/admin/logwatch.te
+++ /dev/null
@@ -1,161 +0,0 @@
-policy_module(logwatch, 1.11.0)
-
-#################################
-#
-# Declarations
-#
-
-type logwatch_t;
-type logwatch_exec_t;
-application_domain(logwatch_t, logwatch_exec_t)
-role system_r types logwatch_t;
-
-type logwatch_cache_t;
-files_type(logwatch_cache_t)
-
-type logwatch_lock_t;
-files_lock_file(logwatch_lock_t)
-
-type logwatch_tmp_t;
-files_tmp_file(logwatch_tmp_t)
-
-type logwatch_var_run_t;
-files_pid_file(logwatch_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow logwatch_t self:capability { dac_override dac_read_search setgid };
-allow logwatch_t self:process signal;
-allow logwatch_t self:fifo_file rw_file_perms;
-allow logwatch_t self:unix_stream_socket create_stream_socket_perms;
-
-manage_dirs_pattern(logwatch_t, logwatch_cache_t, logwatch_cache_t)
-manage_files_pattern(logwatch_t, logwatch_cache_t, logwatch_cache_t)
-
-allow logwatch_t logwatch_lock_t:file manage_file_perms;
-files_lock_filetrans(logwatch_t, logwatch_lock_t, file)
-
-manage_dirs_pattern(logwatch_t, logwatch_tmp_t, logwatch_tmp_t)
-manage_files_pattern(logwatch_t, logwatch_tmp_t, logwatch_tmp_t)
-files_tmp_filetrans(logwatch_t, logwatch_tmp_t, { file dir })
-
-allow logwatch_t logwatch_var_run_t:file manage_file_perms;
-files_pid_filetrans(logwatch_t, logwatch_var_run_t, file)
-
-kernel_read_fs_sysctls(logwatch_t)
-kernel_read_kernel_sysctls(logwatch_t)
-kernel_read_system_state(logwatch_t)
-kernel_read_net_sysctls(logwatch_t)
-kernel_read_network_state(logwatch_t)
-
-corecmd_exec_bin(logwatch_t)
-corecmd_exec_shell(logwatch_t)
-
-dev_read_urand(logwatch_t)
-dev_read_sysfs(logwatch_t)
-
-# Read /proc/PID directories for all domains.
-domain_read_all_domains_state(logwatch_t)
-
-files_list_var(logwatch_t)
-files_read_var_symlinks(logwatch_t)
-files_read_etc_files(logwatch_t)
-files_read_etc_runtime_files(logwatch_t)
-files_read_usr_files(logwatch_t)
-files_search_spool(logwatch_t)
-files_search_mnt(logwatch_t)
-files_dontaudit_search_home(logwatch_t)
-files_dontaudit_search_boot(logwatch_t)
-# Execs df and if file system mounted with a context avc raised
-files_dontaudit_search_all_dirs(logwatch_t)
-
-fs_getattr_all_fs(logwatch_t)
-fs_dontaudit_list_auto_mountpoints(logwatch_t)
-fs_list_inotifyfs(logwatch_t)
-
-term_dontaudit_getattr_pty_dirs(logwatch_t)
-term_dontaudit_list_ptys(logwatch_t)
-
-auth_use_nsswitch(logwatch_t)
-auth_dontaudit_read_shadow(logwatch_t)
-
-init_read_utmp(logwatch_t)
-init_dontaudit_write_utmp(logwatch_t)
-
-libs_read_lib_files(logwatch_t)
-
-logging_read_all_logs(logwatch_t)
-logging_send_syslog_msg(logwatch_t) 
-
-miscfiles_read_localization(logwatch_t)
-
-selinux_dontaudit_getattr_dir(logwatch_t)
-
-sysnet_dns_name_resolve(logwatch_t)
-sysnet_exec_ifconfig(logwatch_t)
-
-userdom_dontaudit_search_user_home_dirs(logwatch_t)
-userdom_dontaudit_list_admin_dir(logwatch_t)
-
-#mta_send_mail(logwatch_t)
-mta_base_mail_template(logwatch)
-mta_sendmail_domtrans(logwatch_t, logwatch_mail_t)
-role system_r types logwatch_mail_t;
-logging_read_all_logs(logwatch_mail_t)
-manage_files_pattern(logwatch_mail_t, logwatch_tmp_t, logwatch_tmp_t)
-allow logwatch_mail_t self:capability { dac_read_search dac_override };
-mta_read_home(logwatch_mail_t)
-
-ifdef(`distro_redhat',`
-	files_search_all(logwatch_t)
-	files_getattr_all_file_type_fs(logwatch_t)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_list_nfs(logwatch_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_list_cifs(logwatch_t)
-')
-
-optional_policy(`
-	apache_read_log(logwatch_t)
-')
-
-optional_policy(`
-	avahi_dontaudit_search_pid(logwatch_t)
-')
-
-optional_policy(`
-	bind_read_config(logwatch_t)
-	bind_read_zone(logwatch_t)
-')
-
-optional_policy(`
-	cron_system_entry(logwatch_t, logwatch_exec_t)
-')
-
-optional_policy(`
-	hostname_exec(logwatch_t)
-')
-
-optional_policy(`
-	mta_getattr_spool(logwatch_t)
-')
-
-optional_policy(`
-	ntp_domtrans(logwatch_t)
-')
-
-optional_policy(`
-	rpc_search_nfs_state_data(logwatch_t)
-')
-
-optional_policy(`
-	samba_read_log(logwatch_t)
-	samba_read_share_files(logwatch_t)
-')
diff --git a/policy/modules/admin/mcelog.fc b/policy/modules/admin/mcelog.fc
deleted file mode 100644
index 56c43c0..0000000
--- a/policy/modules/admin/mcelog.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/sbin/mcelog	--	gen_context(system_u:object_r:mcelog_exec_t,s0)
diff --git a/policy/modules/admin/mcelog.if b/policy/modules/admin/mcelog.if
deleted file mode 100644
index 3d4cb1a..0000000
--- a/policy/modules/admin/mcelog.if
+++ /dev/null
@@ -1,20 +0,0 @@
-## <summary>policy for mcelog</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run mcelog.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`mcelog_domtrans',`
-	gen_require(`
-		type mcelog_t, mcelog_exec_t;
-	')
-
-	domtrans_pattern($1, mcelog_exec_t, mcelog_t)
-')
-
diff --git a/policy/modules/admin/mcelog.te b/policy/modules/admin/mcelog.te
deleted file mode 100644
index 5a9cebf..0000000
--- a/policy/modules/admin/mcelog.te
+++ /dev/null
@@ -1,32 +0,0 @@
-policy_module(mcelog, 1.0.1)
-
-########################################
-#
-# Declarations
-#
-
-type mcelog_t;
-type mcelog_exec_t;
-application_domain(mcelog_t, mcelog_exec_t)
-cron_system_entry(mcelog_t, mcelog_exec_t)
-
-########################################
-#
-# mcelog local policy
-#
-
-allow mcelog_t self:capability sys_admin;
-
-kernel_read_system_state(mcelog_t)
-
-dev_read_raw_memory(mcelog_t)
-dev_read_kmsg(mcelog_t)
-
-files_read_etc_files(mcelog_t)
-
-# for /dev/mem access
-mls_file_read_all_levels(mcelog_t)
-
-logging_send_syslog_msg(mcelog_t)
-
-miscfiles_read_localization(mcelog_t)
diff --git a/policy/modules/admin/metadata.xml b/policy/modules/admin/metadata.xml
deleted file mode 100644
index bd8d174..0000000
--- a/policy/modules/admin/metadata.xml
+++ /dev/null
@@ -1,3 +0,0 @@
-<summary>
-	Policy modules for administrative functions, such as package management.
-</summary>
diff --git a/policy/modules/admin/mrtg.fc b/policy/modules/admin/mrtg.fc
deleted file mode 100644
index 37fb953..0000000
--- a/policy/modules/admin/mrtg.fc
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# /etc
-#
-/etc/mrtg.*			gen_context(system_u:object_r:mrtg_etc_t,s0)
-
-#
-# /usr
-#
-/usr/bin/mrtg		--	gen_context(system_u:object_r:mrtg_exec_t,s0)
-/etc/mrtg/mrtg\.ok	--	gen_context(system_u:object_r:mrtg_lock_t,s0)
-
-#
-# /var
-#
-/var/lib/mrtg(/.*)?		gen_context(system_u:object_r:mrtg_var_lib_t,s0)
-/var/lock/mrtg(/.*)?		gen_context(system_u:object_r:mrtg_lock_t,s0)
-/var/log/mrtg(/.*)?		gen_context(system_u:object_r:mrtg_log_t,s0)
-/var/run/mrtg\.pid		gen_context(system_u:object_r:mrtg_var_run_t,s0)
diff --git a/policy/modules/admin/mrtg.if b/policy/modules/admin/mrtg.if
deleted file mode 100644
index 5970b9c..0000000
--- a/policy/modules/admin/mrtg.if
+++ /dev/null
@@ -1,20 +0,0 @@
-## <summary>Network traffic graphing</summary>
-
-########################################
-## <summary>
-##	Create and append mrtg logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mrtg_append_create_logs',`
-	gen_require(`
-		type mrtg_log_t;
-	')
-
-	append_files_pattern($1, mrtg_log_t, mrtg_log_t)
-	create_files_pattern($1, mrtg_log_t, mrtg_log_t)
-')
diff --git a/policy/modules/admin/mrtg.te b/policy/modules/admin/mrtg.te
deleted file mode 100644
index 9d58abe..0000000
--- a/policy/modules/admin/mrtg.te
+++ /dev/null
@@ -1,161 +0,0 @@
-policy_module(mrtg, 1.8.0)
-
-########################################
-#
-# Declarations
-#
-
-type mrtg_t;
-type mrtg_exec_t;
-init_system_domain(mrtg_t, mrtg_exec_t)
-
-type mrtg_etc_t;
-files_config_file(mrtg_etc_t)
-
-type mrtg_lock_t;
-files_lock_file(mrtg_lock_t)
-
-type mrtg_log_t;
-logging_log_file(mrtg_log_t)
-
-type mrtg_var_lib_t;
-files_type(mrtg_var_lib_t)
-
-type mrtg_var_run_t;
-files_pid_file(mrtg_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow mrtg_t self:capability { setgid setuid chown };
-dontaudit mrtg_t self:capability sys_tty_config;
-allow mrtg_t self:process signal_perms;
-allow mrtg_t self:fifo_file rw_fifo_file_perms;
-allow mrtg_t self:unix_stream_socket create_socket_perms;
-allow mrtg_t self:tcp_socket create_socket_perms;
-allow mrtg_t self:udp_socket create_socket_perms;
-
-allow mrtg_t mrtg_etc_t:dir list_dir_perms;
-read_files_pattern(mrtg_t, mrtg_etc_t, mrtg_etc_t)
-read_lnk_files_pattern(mrtg_t, mrtg_etc_t, mrtg_etc_t)
-dontaudit mrtg_t mrtg_etc_t:dir write;
-dontaudit mrtg_t mrtg_etc_t:file { write ioctl };
-
-manage_files_pattern(mrtg_t, mrtg_lock_t, mrtg_lock_t)
-manage_lnk_files_pattern(mrtg_t, mrtg_lock_t, mrtg_lock_t)
-
-manage_files_pattern(mrtg_t, mrtg_log_t, mrtg_log_t)
-logging_log_filetrans(mrtg_t, mrtg_log_t, { file dir })
-
-manage_files_pattern(mrtg_t, mrtg_var_lib_t, mrtg_var_lib_t)
-manage_lnk_files_pattern(mrtg_t, mrtg_var_lib_t, mrtg_var_lib_t)
-
-allow mrtg_t mrtg_var_run_t:file manage_file_perms;
-files_pid_filetrans(mrtg_t, mrtg_var_run_t, file)
-
-kernel_read_system_state(mrtg_t)
-kernel_read_network_state(mrtg_t)
-kernel_read_kernel_sysctls(mrtg_t)
-
-corecmd_exec_bin(mrtg_t)
-corecmd_exec_shell(mrtg_t)
-
-corenet_all_recvfrom_unlabeled(mrtg_t)
-corenet_all_recvfrom_netlabel(mrtg_t)
-corenet_tcp_sendrecv_generic_if(mrtg_t)
-corenet_udp_sendrecv_generic_if(mrtg_t)
-corenet_tcp_sendrecv_generic_node(mrtg_t)
-corenet_udp_sendrecv_generic_node(mrtg_t)
-corenet_tcp_sendrecv_all_ports(mrtg_t)
-corenet_udp_sendrecv_all_ports(mrtg_t)
-corenet_tcp_connect_all_ports(mrtg_t)
-corenet_sendrecv_all_client_packets(mrtg_t)
-
-dev_read_sysfs(mrtg_t)
-dev_read_urand(mrtg_t)
-
-domain_use_interactive_fds(mrtg_t)
-domain_dontaudit_search_all_domains_state(mrtg_t)
-
-files_read_usr_files(mrtg_t)
-files_search_var(mrtg_t)
-files_search_locks(mrtg_t)
-files_search_var_lib(mrtg_t)
-files_search_spool(mrtg_t)
-files_getattr_tmp_dirs(mrtg_t)
-# for uptime
-files_read_etc_runtime_files(mrtg_t)
-# read config files
-files_read_etc_files(mrtg_t)
-
-fs_search_auto_mountpoints(mrtg_t)
-fs_getattr_xattr_fs(mrtg_t)
-fs_list_inotifyfs(mrtg_t)
-
-term_dontaudit_use_console(mrtg_t)
-
-init_use_fds(mrtg_t)
-init_use_script_ptys(mrtg_t)
-# for uptime
-init_read_utmp(mrtg_t)
-init_dontaudit_write_utmp(mrtg_t)
-
-auth_use_nsswitch(mrtg_t)
-
-libs_read_lib_files(mrtg_t)
-
-logging_send_syslog_msg(mrtg_t)
-
-miscfiles_read_localization(mrtg_t)
-
-selinux_dontaudit_getattr_dir(mrtg_t)
-
-userdom_use_user_terminals(mrtg_t)
-userdom_dontaudit_read_user_home_content_files(mrtg_t)
-userdom_dontaudit_use_unpriv_user_fds(mrtg_t)
-userdom_dontaudit_list_admin_dir(mrtg_t)
-
-netutils_domtrans_ping(mrtg_t)
-
-ifdef(`enable_mls',`
-	corenet_udp_sendrecv_lo_if(mrtg_t)
-')
-
-ifdef(`distro_redhat',`
-	allow mrtg_t mrtg_lock_t:file manage_file_perms;
-	filetrans_pattern(mrtg_t, mrtg_etc_t, mrtg_lock_t, file)
-')
-
-optional_policy(`
-	apache_manage_sys_content(mrtg_t)
-')
-
-optional_policy(`
-	cron_system_entry(mrtg_t, mrtg_exec_t)
-')
-
-optional_policy(`
-	hostname_exec(mrtg_t)
-')
-
-optional_policy(`
-	hddtemp_domtrans(mrtg_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(mrtg_t)
-')
-
-optional_policy(`
-	quota_dontaudit_getattr_db(mrtg_t)
-')
-
-optional_policy(`
-	snmp_read_snmp_var_lib_files(mrtg_t)
-')
-
-optional_policy(`
-	udev_read_db(mrtg_t)
-')
diff --git a/policy/modules/admin/ncftool.fc b/policy/modules/admin/ncftool.fc
deleted file mode 100644
index ae4045e..0000000
--- a/policy/modules/admin/ncftool.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-
-/usr/bin/ncftool		--	gen_context(system_u:object_r:ncftool_exec_t,s0)
diff --git a/policy/modules/admin/ncftool.if b/policy/modules/admin/ncftool.if
deleted file mode 100644
index 8c2e044..0000000
--- a/policy/modules/admin/ncftool.if
+++ /dev/null
@@ -1,78 +0,0 @@
-
-## <summary>policy for ncftool</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run ncftool.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`ncftool_domtrans',`
-	gen_require(`
-		type ncftool_t, ncftool_exec_t;
-	')
-
-	domtrans_pattern($1, ncftool_exec_t, ncftool_t)
-')
-
-########################################
-## <summary>
-##	Execute ncftool in the ncftool domain, and
-##	allow the specified role the ncftool domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed the ncftool domain.
-##	</summary>
-## </param>
-#
-interface(`ncftool_run',`
-	gen_require(`
-		type ncftool_t;
-	')
-
-	ncftool_domtrans($1)
-	role $2 types ncftool_t;
-
-	optional_policy(`
-        	brctl_run(ncftool_t, $2)
-	')
-')
-
-########################################
-## <summary>
-##	Role access for ncftool
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`ncftool_role',`
-	gen_require(`
-              type ncftool_t;
-	')
-
-	role $1 types ncftool_t;
-
-	ncftool_domtrans($2)
-
-	ps_process_pattern($2, ncftool_t)
-	allow $2 ncftool_t:process signal;
-')
-
diff --git a/policy/modules/admin/ncftool.te b/policy/modules/admin/ncftool.te
deleted file mode 100644
index eef0c87..0000000
--- a/policy/modules/admin/ncftool.te
+++ /dev/null
@@ -1,91 +0,0 @@
-policy_module(ncftool, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type ncftool_t;
-type ncftool_exec_t;
-application_domain(ncftool_t, ncftool_exec_t)
-domain_obj_id_change_exemption(ncftool_t)
-domain_system_change_exemption(ncftool_t)
-role system_r types ncftool_t;
-
-permissive ncftool_t;
-
-########################################
-#
-# ncftool local policy
-#
-
-allow ncftool_t self:capability { net_admin sys_ptrace };
-
-allow ncftool_t self:process signal;
-
-allow ncftool_t self:fifo_file manage_fifo_file_perms;
-allow ncftool_t self:unix_stream_socket create_stream_socket_perms;
-
-allow ncftool_t self:netlink_route_socket create_netlink_socket_perms;
-allow ncftool_t self:tcp_socket create_stream_socket_perms;
-
-kernel_read_kernel_sysctls(ncftool_t)
-kernel_read_modprobe_sysctls(ncftool_t)
-kernel_read_network_state(ncftool_t)
-kernel_read_system_state(ncftool_t)
-kernel_request_load_module(ncftool_t)
-kernel_rw_net_sysctls(ncftool_t)
-
-corecmd_exec_bin(ncftool_t)
-corecmd_exec_shell(ncftool_t)
-
-domain_read_all_domains_state(ncftool_t)
-
-dev_read_sysfs(ncftool_t)
-
-files_manage_system_conf_files(ncftool_t)
-files_relabelto_system_conf_files(ncftool_t)
-files_read_etc_files(ncftool_t)
-files_read_etc_runtime_files(ncftool_t)
-files_read_usr_files(ncftool_t)
-
-term_use_all_terms(ncftool_t)
-
-miscfiles_read_localization(ncftool_t)
-
-modutils_list_module_config(ncftool_t)
-modutils_read_module_config(ncftool_t)
-modutils_domtrans_insmod(ncftool_t)
-
-sysnet_delete_dhcpc_pid(ncftool_t)
-sysnet_domtrans_dhcpc(ncftool_t)
-sysnet_domtrans_ifconfig(ncftool_t)
-sysnet_etc_filetrans_config(ncftool_t)
-sysnet_manage_config(ncftool_t)
-sysnet_read_dhcpc_state(ncftool_t)
-sysnet_relabelfrom_net_conf(ncftool_t)
-sysnet_relabelto_net_conf(ncftool_t)
-sysnet_read_dhcpc_pid(ncftool_t)
-sysnet_signal_dhcpc(ncftool_t)
-
-userdom_read_user_tmp_files(ncftool_t)
-
-optional_policy(`
-	consoletype_exec(ncftool_t)
-')
-
-optional_policy(`
-        dbus_system_bus_client(ncftool_t)
-')
-
-optional_policy(`
-	iptables_initrc_domtrans(ncftool_t)
-')
-
-optional_policy(`
-	iptables_initrc_domtrans(ncftool_t)
-')
-
-optional_policy(`
-	netutils_domtrans(ncftool_t)
-')
diff --git a/policy/modules/admin/netutils.fc b/policy/modules/admin/netutils.fc
deleted file mode 100644
index 407078f..0000000
--- a/policy/modules/admin/netutils.fc
+++ /dev/null
@@ -1,15 +0,0 @@
-/bin/ping.* 		--	gen_context(system_u:object_r:ping_exec_t,s0)
-/bin/tracepath.*		--	gen_context(system_u:object_r:traceroute_exec_t,s0)
-/bin/traceroute.*	--	gen_context(system_u:object_r:traceroute_exec_t,s0)
-
-/sbin/arping		--	gen_context(system_u:object_r:netutils_exec_t,s0)
-
-/usr/bin/lft		--	gen_context(system_u:object_r:traceroute_exec_t,s0)
-/usr/bin/nmap		--	gen_context(system_u:object_r:traceroute_exec_t,s0)
-/usr/bin/traceroute.*	--	gen_context(system_u:object_r:traceroute_exec_t,s0)
-
-/usr/sbin/fping 	--	gen_context(system_u:object_r:ping_exec_t,s0)
-/usr/sbin/traceroute.*	--	gen_context(system_u:object_r:traceroute_exec_t,s0)
-/usr/sbin/hping2	--	gen_context(system_u:object_r:ping_exec_t,s0)
-/usr/sbin/send_arp	--	gen_context(system_u:object_r:ping_exec_t,s0)
-/usr/sbin/tcpdump	--	gen_context(system_u:object_r:netutils_exec_t,s0)
diff --git a/policy/modules/admin/netutils.if b/policy/modules/admin/netutils.if
deleted file mode 100644
index a005782..0000000
--- a/policy/modules/admin/netutils.if
+++ /dev/null
@@ -1,301 +0,0 @@
-## <summary>Network analysis utilities</summary>
-
-########################################
-## <summary>
-##	Execute network utilities in the netutils domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`netutils_domtrans',`
-	gen_require(`
-		type netutils_t, netutils_exec_t;
-	')
-
-	domtrans_pattern($1, netutils_exec_t, netutils_t)
-')
-
-########################################
-## <summary>
-##	Execute network utilities in the netutils domain, and
-##	allow the specified role the netutils domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`netutils_run',`
-	gen_require(`
-		type netutils_t;
-	')
-
-	netutils_domtrans($1)
-	role $2 types netutils_t;
-')
-
-########################################
-## <summary>
-##	Execute network utilities in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`netutils_exec',`
-	gen_require(`
-		type netutils_exec_t;
-	')
-
-	can_exec($1, netutils_exec_t)
-')
-
-########################################
-## <summary>
-##	Send generic signals to network utilities.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`netutils_signal',`
-	gen_require(`
-		type netutils_t;
-	')
-
-	allow $1 netutils_t:process signal;
-')
-
-########################################
-## <summary>
-##	Execute ping in the ping domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`netutils_domtrans_ping',`
-	gen_require(`
-		type ping_t, ping_exec_t;
-	')
-
-	domtrans_pattern($1, ping_exec_t, ping_t)
-')
-
-########################################
-## <summary>
-##	Send a kill (SIGKILL) signal to ping.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`netutils_kill_ping',`
-	gen_require(`
-		type ping_t;
-	')
-
-	allow $1 ping_t:process sigkill;
-')
-
-########################################
-## <summary>
-##	Send generic signals to ping.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`netutils_signal_ping',`
-	gen_require(`
-		type ping_t;
-	')
-
-	allow $1 ping_t:process signal;
-')
-
-########################################
-## <summary>
-##	Execute ping in the ping domain, and
-##	allow the specified role the ping domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`netutils_run_ping',`
-	gen_require(`
-		type ping_t;
-	')
-
-	netutils_domtrans_ping($1)
-	role $2 types ping_t;
-')
-
-########################################
-## <summary>
-##	Conditionally execute ping in the ping domain, and
-##	allow the specified role the ping domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`netutils_run_ping_cond',`
-	gen_require(`
-		type ping_t;
-		bool user_ping;
-	')
-
-	role $2 types ping_t;
-
-	if ( user_ping ) {
-		netutils_domtrans_ping($1)
-	}
-')
-
-########################################
-## <summary>
-##	Execute ping in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`netutils_exec_ping',`
-	gen_require(`
-		type ping_exec_t;
-	')
-
-	can_exec($1, ping_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute traceroute in the traceroute domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`netutils_domtrans_traceroute',`
-	gen_require(`
-		type traceroute_t, traceroute_exec_t;
-	')
-
-	domtrans_pattern($1, traceroute_exec_t, traceroute_t)
-')
-
-########################################
-## <summary>
-##	Execute traceroute in the traceroute domain, and
-##	allow the specified role the traceroute domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`netutils_run_traceroute',`
-	gen_require(`
-		type traceroute_t;
-	')
-
-	netutils_domtrans_traceroute($1)
-	role $2 types traceroute_t;
-')
-
-########################################
-## <summary>
-##	Conditionally execute traceroute in the traceroute domain, and
-##	allow the specified role the traceroute domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`netutils_run_traceroute_cond',`
-	gen_require(`
-		type traceroute_t;
-		bool user_ping;
-	')
-
-	role $2 types traceroute_t;
-
-	if( user_ping ) {
-		netutils_domtrans_traceroute($1)
-	}
-')
-
-########################################
-## <summary>
-##	Execute traceroute in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`netutils_exec_traceroute',`
-	gen_require(`
-		type traceroute_exec_t;
-	')
-
-	can_exec($1, traceroute_exec_t)
-')
diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
deleted file mode 100644
index 4f38995..0000000
--- a/policy/modules/admin/netutils.te
+++ /dev/null
@@ -1,240 +0,0 @@
-policy_module(netutils, 1.10.1)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Control users use of ping and traceroute
-## </p>
-## </desc>
-gen_tunable(user_ping, false)
-
-type netutils_t;
-type netutils_exec_t;
-init_system_domain(netutils_t, netutils_exec_t)
-role system_r types netutils_t;
-
-type netutils_tmp_t;
-files_tmp_file(netutils_tmp_t)
-
-type ping_t;
-type ping_exec_t;
-init_system_domain(ping_t, ping_exec_t)
-role system_r types ping_t;
-
-type traceroute_t;
-type traceroute_exec_t;
-init_system_domain(traceroute_t, traceroute_exec_t)
-role system_r types traceroute_t;
-
-########################################
-#
-# Netutils local policy
-#
-
-# Perform network administration operations and have raw access to the network.
-allow netutils_t self:capability { net_admin net_raw setuid setgid };
-dontaudit netutils_t self:capability sys_tty_config;
-allow netutils_t self:process { sigkill sigstop signull signal };
-allow netutils_t self:netlink_route_socket { bind create getattr nlmsg_read nlmsg_write read write };
-allow netutils_t self:packet_socket create_socket_perms;
-allow netutils_t self:udp_socket create_socket_perms;
-allow netutils_t self:tcp_socket create_stream_socket_perms;
-allow netutils_t self:socket create_socket_perms;
-
-manage_dirs_pattern(netutils_t, netutils_tmp_t, netutils_tmp_t)
-manage_files_pattern(netutils_t, netutils_tmp_t, netutils_tmp_t)
-files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
-
-kernel_search_proc(netutils_t)
-kernel_read_all_sysctls(netutils_t)
-kernel_read_network_state(netutils_t)
-kernel_request_load_module(netutils_t)
-
-corenet_all_recvfrom_unlabeled(netutils_t)
-corenet_all_recvfrom_netlabel(netutils_t)
-corenet_tcp_sendrecv_generic_if(netutils_t)
-corenet_raw_sendrecv_generic_if(netutils_t)
-corenet_udp_sendrecv_generic_if(netutils_t)
-corenet_tcp_sendrecv_generic_node(netutils_t)
-corenet_raw_sendrecv_generic_node(netutils_t)
-corenet_udp_sendrecv_generic_node(netutils_t)
-corenet_tcp_sendrecv_all_ports(netutils_t)
-corenet_udp_sendrecv_all_ports(netutils_t)
-corenet_tcp_connect_all_ports(netutils_t)
-corenet_sendrecv_all_client_packets(netutils_t)
-corenet_udp_bind_generic_node(netutils_t)
-
-dev_read_sysfs(netutils_t)
-dev_read_usbmon_dev(netutils_t)
-dev_write_usbmon_dev(netutils_t)
-dev_rw_generic_usb_dev(netutils_t)
-
-fs_getattr_xattr_fs(netutils_t)
-
-domain_use_interactive_fds(netutils_t)
-
-files_read_etc_files(netutils_t)
-# for nscd
-files_dontaudit_search_var(netutils_t)
-
-init_use_fds(netutils_t)
-init_use_script_ptys(netutils_t)
-
-auth_use_nsswitch(netutils_t)
-
-logging_send_syslog_msg(netutils_t)
-
-miscfiles_read_localization(netutils_t)
-
-term_dontaudit_use_console(netutils_t)
-userdom_use_user_terminals(netutils_t)
-userdom_use_all_users_fds(netutils_t)
-
-optional_policy(`
-	nis_use_ypbind(netutils_t)
-')
-
-optional_policy(`
-	vmware_append_log(netutils_t)
-')
-
-optional_policy(`
-	xen_append_log(netutils_t)
-')
-
-########################################
-#
-# Ping local policy
-#
-
-allow ping_t self:capability { setuid net_raw };
-dontaudit ping_t self:capability sys_tty_config;
-allow ping_t self:tcp_socket create_socket_perms;
-allow ping_t self:rawip_socket { create ioctl read write bind getopt setopt };
-allow ping_t self:packet_socket { create ioctl read write bind getopt setopt };
-allow ping_t self:netlink_route_socket create_netlink_socket_perms;
-
-corenet_all_recvfrom_unlabeled(ping_t)
-corenet_all_recvfrom_netlabel(ping_t)
-corenet_tcp_sendrecv_generic_if(ping_t)
-corenet_raw_sendrecv_generic_if(ping_t)
-corenet_raw_sendrecv_generic_node(ping_t)
-corenet_tcp_sendrecv_generic_node(ping_t)
-corenet_raw_bind_generic_node(ping_t)
-corenet_tcp_sendrecv_all_ports(ping_t)
-
-fs_dontaudit_getattr_xattr_fs(ping_t)
-
-domain_use_interactive_fds(ping_t)
-
-files_read_etc_files(ping_t)
-files_dontaudit_search_var(ping_t)
-
-kernel_read_system_state(ping_t)
-
-auth_use_nsswitch(ping_t)
-
-logging_send_syslog_msg(ping_t)
-
-miscfiles_read_localization(ping_t)
-
-ifdef(`hide_broken_symptoms',`
-	init_dontaudit_use_fds(ping_t)
-
-	optional_policy(`
-		nagios_dontaudit_rw_log(ping_t)
-		nagios_dontaudit_rw_pipes(ping_t)
-	')
-')
-
-term_use_all_terms(ping_t)
-
-tunable_policy(`user_ping',`
-	term_use_all_ttys(ping_t)
-	term_use_all_ptys(ping_t)
-',`
-	term_dontaudit_use_all_ttys(ping_t)
-	term_dontaudit_use_all_ptys(ping_t)
-')
-
-optional_policy(`
-	munin_append_log(ping_t)
-')
-
-optional_policy(`
-	nagios_rw_inerited_tmp_files(ping_t)
-')
-
-optional_policy(`
-	pcmcia_use_cardmgr_fds(ping_t)
-')
-
-optional_policy(`
-	hotplug_use_fds(ping_t)
-')
-
-########################################
-#
-# Traceroute local policy
-#
-
-allow traceroute_t self:capability { net_admin net_raw setuid setgid };
-allow traceroute_t self:rawip_socket create_socket_perms;
-allow traceroute_t self:packet_socket create_socket_perms;
-allow traceroute_t self:udp_socket create_socket_perms;
-
-kernel_read_system_state(traceroute_t)
-kernel_read_network_state(traceroute_t)
-
-corenet_all_recvfrom_unlabeled(traceroute_t)
-corenet_all_recvfrom_netlabel(traceroute_t)
-corenet_tcp_sendrecv_generic_if(traceroute_t)
-corenet_udp_sendrecv_generic_if(traceroute_t)
-corenet_raw_sendrecv_generic_if(traceroute_t)
-corenet_tcp_sendrecv_generic_node(traceroute_t)
-corenet_udp_sendrecv_generic_node(traceroute_t)
-corenet_raw_sendrecv_generic_node(traceroute_t)
-corenet_tcp_sendrecv_all_ports(traceroute_t)
-corenet_udp_sendrecv_all_ports(traceroute_t)
-corenet_udp_bind_generic_node(traceroute_t)
-corenet_tcp_bind_generic_node(traceroute_t)
-# traceroute needs this but not tracepath
-corenet_raw_bind_generic_node(traceroute_t)
-corenet_udp_bind_traceroute_port(traceroute_t)
-corenet_tcp_connect_all_ports(traceroute_t)
-corenet_sendrecv_all_client_packets(traceroute_t)
-corenet_sendrecv_traceroute_server_packets(traceroute_t)
-
-fs_dontaudit_getattr_xattr_fs(traceroute_t)
-
-domain_use_interactive_fds(traceroute_t)
-
-files_read_etc_files(traceroute_t)
-files_read_usr_files(traceroute_t)
-files_dontaudit_search_var(traceroute_t)
-
-init_use_fds(traceroute_t)
-
-auth_use_nsswitch(traceroute_t)
-
-logging_send_syslog_msg(traceroute_t)
-
-miscfiles_read_localization(traceroute_t)
-
-#rules needed for nmap
-dev_read_rand(traceroute_t)
-dev_read_urand(traceroute_t)
-
-term_use_all_terms(traceroute_t)
-
-tunable_policy(`user_ping',`
-	term_use_all_ttys(traceroute_t)
-	term_use_all_ptys(traceroute_t)
-',`
-	term_dontaudit_use_all_ttys(traceroute_t)
-	term_dontaudit_use_all_ptys(traceroute_t)
-')
diff --git a/policy/modules/admin/portage.fc b/policy/modules/admin/portage.fc
deleted file mode 100644
index db46387..0000000
--- a/policy/modules/admin/portage.fc
+++ /dev/null
@@ -1,24 +0,0 @@
-/etc/make\.conf			--	gen_context(system_u:object_r:portage_conf_t,s0)
-/etc/make\.globals		--	gen_context(system_u:object_r:portage_conf_t,s0)
-/etc/portage(/.*)?			gen_context(system_u:object_r:portage_conf_t,s0)
-
-/usr/bin/gcc-config		--	gen_context(system_u:object_r:gcc_config_exec_t,s0)
-/usr/bin/sandbox		--	gen_context(system_u:object_r:portage_exec_t,s0)
-
-/usr/lib(64)?/portage/bin/ebuild --	gen_context(system_u:object_r:portage_exec_t,s0)
-/usr/lib(64)?/portage/bin/emerge --	gen_context(system_u:object_r:portage_exec_t,s0)
-/usr/lib(64)?/portage/bin/quickpkg --	gen_context(system_u:object_r:portage_exec_t,s0)
-/usr/lib(64)?/portage/bin/ebuild\.sh --	gen_context(system_u:object_r:portage_exec_t,s0)
-/usr/lib(64)?/portage/bin/regenworld --	gen_context(system_u:object_r:portage_exec_t,s0)
-/usr/lib(64)?/portage/bin/sandbox --	gen_context(system_u:object_r:portage_exec_t,s0)
-
-/usr/portage(/.*)?			gen_context(system_u:object_r:portage_ebuild_t,s0)
-
-/var/db/pkg(/.*)?			gen_context(system_u:object_r:portage_db_t,s0)
-/var/cache/edb(/.*)?			gen_context(system_u:object_r:portage_cache_t,s0)
-/var/log/emerge\.log.*		--	gen_context(system_u:object_r:portage_log_t,s0)
-/var/log/emerge-fetch.log	--	gen_context(system_u:object_r:portage_log_t,s0)
-/var/log/portage(/.*)?			gen_context(system_u:object_r:portage_log_t,s0)
-/var/lib/portage(/.*)?			gen_context(system_u:object_r:portage_cache_t,s0)
-/var/tmp/portage(/.*)?			gen_context(system_u:object_r:portage_tmp_t,s0)
-/var/tmp/portage-pkg(/.*)?		gen_context(system_u:object_r:portage_tmp_t,s0)
diff --git a/policy/modules/admin/portage.if b/policy/modules/admin/portage.if
deleted file mode 100644
index 8aaa46d..0000000
--- a/policy/modules/admin/portage.if
+++ /dev/null
@@ -1,283 +0,0 @@
-## <summary>
-##	Portage Package Management System. The primary package management and
-##	distribution system for Gentoo.
-## </summary>
-
-########################################
-## <summary>
-##	Execute emerge in the portage domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`portage_domtrans',`
-	gen_require(`
-		type portage_t, portage_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-
-	# transition to portage
-	domtrans_pattern($1, portage_exec_t, portage_t)
-')
-
-########################################
-## <summary>
-##	Execute emerge in the portage domain, and
-##	allow the specified role the portage domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the portage domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`portage_run',`
-	gen_require(`
-		type portage_t, portage_fetch_t, portage_sandbox_t;
-	')
-
-	portage_domtrans($1)
-	role $2 types { portage_t portage_fetch_t portage_sandbox_t };
-')
-
-########################################
-## <summary>
-##	Template for portage sandbox.
-## </summary>
-## <desc>
-##	<p>
-##	Template for portage sandbox.  Portage
-##	does all compiling in the sandbox.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain Allowed Access
-##	</summary>
-## </param>
-#
-interface(`portage_compile_domain',`
-
-	gen_require(`
-		class dbus send_msg;
-		type portage_devpts_t, portage_log_t, portage_tmp_t;
-		type portage_tmpfs_t;
-	')
-
-	allow $1 self:capability { fowner fsetid mknod setgid setuid chown dac_override net_raw };
-	dontaudit $1 self:capability sys_chroot;
-	allow $1 self:process { setpgid setsched setrlimit signal_perms execmem };
-	allow $1 self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-	allow $1 self:fd use;
-	allow $1 self:fifo_file rw_fifo_file_perms;
-	allow $1 self:shm create_shm_perms;
-	allow $1 self:sem create_sem_perms;
-	allow $1 self:msgq create_msgq_perms;
-	allow $1 self:msg { send receive };
-	allow $1 self:unix_dgram_socket create_socket_perms;
-	allow $1 self:unix_stream_socket create_stream_socket_perms;
-	allow $1 self:unix_dgram_socket sendto;
-	allow $1 self:unix_stream_socket connectto;
-	# really shouldnt need this
-	allow $1 self:tcp_socket create_stream_socket_perms;
-	allow $1 self:udp_socket create_socket_perms;
-	# misc networking stuff (esp needed for compiling perl):
-	allow $1 self:rawip_socket { create ioctl };
-	# needed for merging dbus:
-	allow $1 self:netlink_selinux_socket { bind create read };
-	allow $1 self:dbus send_msg;
-
-	allow $1 portage_devpts_t:chr_file { rw_chr_file_perms setattr };
-	term_create_pty($1, portage_devpts_t)
-
-	# write compile logs
-	allow $1 portage_log_t:dir setattr;
-	allow $1 portage_log_t:file { write_file_perms setattr };
-
-	# run scripts out of the build directory
-	can_exec(portage_sandbox_t, portage_tmp_t)
-
-	manage_dirs_pattern($1, portage_tmp_t, portage_tmp_t)
-	manage_files_pattern($1, portage_tmp_t, portage_tmp_t)
-	manage_lnk_files_pattern($1, portage_tmp_t, portage_tmp_t)
-	manage_fifo_files_pattern($1, portage_tmp_t, portage_tmp_t)
-	manage_sock_files_pattern($1, portage_tmp_t, portage_tmp_t)
-	files_tmp_filetrans($1, portage_tmp_t, { dir file lnk_file sock_file fifo_file })
-	# SELinux-enabled programs running in the sandbox
-	allow $1 portage_tmp_t:file relabel_file_perms;
-
-	manage_files_pattern($1, portage_tmpfs_t, portage_tmpfs_t)
-	manage_lnk_files_pattern($1, portage_tmpfs_t, portage_tmpfs_t)
-	manage_fifo_files_pattern($1, portage_tmpfs_t, portage_tmpfs_t)
-	manage_sock_files_pattern($1, portage_tmpfs_t, portage_tmpfs_t)
-	fs_tmpfs_filetrans($1, portage_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-	kernel_read_system_state($1)
-	kernel_read_network_state($1)
-	kernel_read_software_raid_state($1)
-	kernel_getattr_core_if($1)
-	kernel_getattr_message_if($1)
-	kernel_read_kernel_sysctls($1)
-
-	corecmd_exec_all_executables($1)
-
-	# really shouldnt need this but some packages test
-	# network access, such as during configure
-	# also distcc--need to reinvestigate confining distcc client
-	corenet_all_recvfrom_unlabeled($1)
-	corenet_all_recvfrom_netlabel($1)
-	corenet_tcp_sendrecv_generic_if($1)
-	corenet_udp_sendrecv_generic_if($1)
-	corenet_raw_sendrecv_generic_if($1)
-	corenet_tcp_sendrecv_generic_node($1)
-	corenet_udp_sendrecv_generic_node($1)
-	corenet_raw_sendrecv_generic_node($1)
-	corenet_tcp_sendrecv_all_ports($1)
-	corenet_udp_sendrecv_all_ports($1)
-	corenet_tcp_connect_all_reserved_ports($1)
-	corenet_tcp_connect_distccd_port($1)
-
-	dev_read_sysfs($1)
-	dev_read_rand($1)
-	dev_read_urand($1)
-
-	domain_use_interactive_fds($1)
-	domain_dontaudit_read_all_domains_state($1)
-	# SELinux-aware installs doing relabels in the sandbox
-	domain_obj_id_change_exemption($1)
-
-	files_exec_etc_files($1)
-	files_exec_usr_src_files($1)
-
-	fs_getattr_xattr_fs($1)
-	fs_list_noxattr_fs($1)
-	fs_read_noxattr_fs_files($1)
-	fs_read_noxattr_fs_symlinks($1)
-	fs_search_auto_mountpoints($1)
-
-	selinux_validate_context($1)
-	# needed for merging dbus:
-	selinux_compute_access_vector($1)
-
-	auth_read_all_dirs_except_shadow($1)
-	auth_read_all_files_except_shadow($1)
-	auth_read_all_symlinks_except_shadow($1)
-
-	libs_exec_lib_files($1)
-	# some config scripts use ldd
-	libs_exec_ld_so($1)
-	# this violates the idea of sandbox, but
-	# regular sandbox allows it
-	libs_domtrans_ldconfig($1)
-
-	logging_send_syslog_msg($1)
-
-	userdom_use_user_terminals($1)
-
-	# SELinux-enabled programs running in the sandbox
-	seutil_libselinux_linked($1)
-
-	ifdef(`TODO',`
-	# some gui ebuilds want to interact with X server, like xawtv
-	optional_policy(`
-		allow $1 xdm_xserver_tmp_t:dir { add_name remove_name write };
-		allow $1 xdm_xserver_tmp_t:sock_file { create getattr unlink write };
-	')
-	') dnl end TODO
-')
-
-########################################
-## <summary>
-##	Execute gcc-config in the gcc_config domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`portage_domtrans_gcc_config',`
-	gen_require(`
-		type gcc_config_t, gcc_config_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-
-	domtrans_pattern($1, gcc_config_exec_t, gcc_config_t)
-')
-
-########################################
-## <summary>
-##	Execute gcc-config in the gcc_config domain, and
-##	allow the specified role the gcc_config domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the gcc_config domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`portage_run_gcc_config',`
-	gen_require(`
-		type gcc_config_t;
-	')
-
-	portage_domtrans_gcc_config($1)
-	role $2 types gcc_config_t;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search the
-##	portage temporary directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`portage_dontaudit_search_tmp',`
-	gen_require(`
-		type portage_tmp_t;
-	')
-
-	dontaudit $1 portage_tmp_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write
-##	the portage temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`portage_dontaudit_rw_tmp_files',`
-	gen_require(`
-		type portage_tmp_t;
-	')
-
-	dontaudit $1 portage_tmp_t:file rw_file_perms;
-')
diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
deleted file mode 100644
index c633aea..0000000
--- a/policy/modules/admin/portage.te
+++ /dev/null
@@ -1,276 +0,0 @@
-policy_module(portage, 1.10.0)
-
-########################################
-#
-# Declarations
-#
-
-type gcc_config_t;
-type gcc_config_exec_t;
-application_domain(gcc_config_t, gcc_config_exec_t)
-
-# constraining type
-type portage_t;
-type portage_exec_t;
-application_domain(portage_t, portage_exec_t)
-domain_obj_id_change_exemption(portage_t)
-rsync_entry_type(portage_t)
-corecmd_shell_entry_type(portage_t)
-
-# portage compile sandbox domain
-type portage_sandbox_t;
-application_domain(portage_sandbox_t, portage_exec_t)
-# the shell is the entrypoint if regular sandbox is disabled
-# portage_exec_t is the entrypoint if regular sandbox is enabled
-corecmd_shell_entry_type(portage_sandbox_t)
-
-# portage package fetching domain
-type portage_fetch_t;
-application_type(portage_fetch_t)
-corecmd_shell_entry_type(portage_fetch_t)
-rsync_entry_type(portage_fetch_t)
-
-type portage_devpts_t;
-term_pty(portage_devpts_t)
-
-type portage_ebuild_t;
-files_type(portage_ebuild_t)
-
-type portage_fetch_tmp_t;
-files_tmp_file(portage_fetch_tmp_t)
-
-type portage_db_t;
-files_type(portage_db_t)
-
-type portage_conf_t;
-files_type(portage_conf_t)
-
-type portage_cache_t;
-files_type(portage_cache_t)
-
-type portage_log_t;
-logging_log_file(portage_log_t)
-
-type portage_tmp_t;
-files_tmp_file(portage_tmp_t)
-
-type portage_tmpfs_t;
-files_tmpfs_file(portage_tmpfs_t)
-
-########################################
-#
-# gcc-config policy
-#
-
-allow gcc_config_t self:capability { chown fsetid };
-allow gcc_config_t self:fifo_file rw_file_perms;
-
-manage_files_pattern(gcc_config_t, portage_cache_t, portage_cache_t)
-
-read_files_pattern(gcc_config_t, portage_conf_t, portage_conf_t)
-
-allow gcc_config_t portage_ebuild_t:dir list_dir_perms;
-read_files_pattern(gcc_config_t, portage_ebuild_t, portage_ebuild_t)
-
-allow gcc_config_t portage_exec_t:file mmap_file_perms;
-
-kernel_read_system_state(gcc_config_t)
-kernel_read_kernel_sysctls(gcc_config_t)
-
-corecmd_exec_shell(gcc_config_t)
-corecmd_exec_bin(gcc_config_t)
-corecmd_manage_bin_files(gcc_config_t)
-
-domain_use_interactive_fds(gcc_config_t)
-
-files_manage_etc_files(gcc_config_t)
-files_rw_etc_runtime_files(gcc_config_t)
-files_read_usr_files(gcc_config_t)
-files_search_var_lib(gcc_config_t)
-files_search_pids(gcc_config_t)
-# complains loudly about not being able to list
-# the directory it is being run from
-files_list_all(gcc_config_t)
-
-# seems to be ok without this
-init_dontaudit_read_script_status_files(gcc_config_t)
-
-libs_read_lib_files(gcc_config_t)
-libs_domtrans_ldconfig(gcc_config_t)
-libs_manage_shared_libs(gcc_config_t)
-# gcc-config creates a temp dir for the libs
-libs_manage_lib_dirs(gcc_config_t)
-
-logging_send_syslog_msg(gcc_config_t)
-
-miscfiles_read_localization(gcc_config_t)
-
-userdom_use_user_terminals(gcc_config_t)
-
-consoletype_exec(gcc_config_t)
-
-optional_policy(`
-	seutil_use_newrole_fds(gcc_config_t)
-')
-
-########################################
-#
-# Portage Merging Rules
-#
-
-# - setfscreate for merging to live fs
-# - setexec to run portage fetch
-allow portage_t self:process { setfscreate setexec };
-# - kill for mysql merging, at least
-allow portage_t self:capability { sys_nice kill };
-
-# user post-sync scripts
-can_exec(portage_t, portage_conf_t)
-
-allow portage_t portage_log_t:file manage_file_perms;
-logging_log_filetrans(portage_t, portage_log_t, file)
-
-allow portage_t { portage_fetch_t portage_sandbox_t }:process signal;
-
-# transition for rsync and wget
-corecmd_shell_spec_domtrans(portage_t, portage_fetch_t)
-rsync_entry_domtrans(portage_t, portage_fetch_t)
-allow portage_fetch_t portage_t:fd use;
-allow portage_fetch_t portage_t:fifo_file rw_file_perms;
-allow portage_fetch_t portage_t:process sigchld;
-
-# transition to sandbox for compiling
-domain_trans(portage_t, portage_exec_t, portage_sandbox_t)
-corecmd_shell_spec_domtrans(portage_t, portage_sandbox_t)
-allow portage_sandbox_t portage_t:fd use;
-allow portage_sandbox_t portage_t:fifo_file rw_file_perms;
-allow portage_sandbox_t portage_t:process sigchld;
-
-# run scripts out of the build directory
-can_exec(portage_t, portage_tmp_t)
-
-# merging baselayout will need this:
-kernel_write_proc_files(portage_t)
-
-domain_dontaudit_read_all_domains_state(portage_t)
-
-# modify any files in the system
-files_manage_all_files(portage_t)
-
-selinux_get_fs_mount(portage_t)
-
-auth_manage_shadow(portage_t)
-
-# merging baselayout will need this:
-init_exec(portage_t)
-
-# run setfiles -r
-seutil_domtrans_setfiles(portage_t)
-# run semodule
-seutil_domtrans_semanage(portage_t)
-
-portage_domtrans_gcc_config(portage_t)
-# if sesandbox is disabled, compiling is performed in this domain
-portage_compile_domain(portage_t)
-
-optional_policy(`
-	bootloader_domtrans(portage_t)
-')
-
-optional_policy(`
-	modutils_domtrans_depmod(portage_t)
-	modutils_domtrans_update_mods(portage_t)
-	#dontaudit update_modules_t portage_tmp_t:dir search_dir_perms;
-')
-
-optional_policy(`
-	usermanage_domtrans_groupadd(portage_t)
-	usermanage_domtrans_useradd(portage_t)
-')
-
-ifdef(`TODO',`
-# seems to work ok without these
-dontaudit portage_t device_t:{ blk_file chr_file } getattr;
-dontaudit portage_t proc_t:dir setattr;
-dontaudit portage_t device_type:chr_file read_chr_file_perms;
-dontaudit portage_t device_type:blk_file read_blk_file_perms;
-')
-
-##########################################
-#
-# Portage fetch domain
-# - for rsync and distfile fetching
-#
-
-allow portage_fetch_t self:capability { dac_override fowner fsetid };
-allow portage_fetch_t self:process signal;
-allow portage_fetch_t self:unix_stream_socket create_socket_perms;
-allow portage_fetch_t self:tcp_socket create_stream_socket_perms;
-
-allow portage_fetch_t portage_conf_t:dir list_dir_perms;
-read_files_pattern(portage_fetch_t, portage_conf_t, portage_conf_t)
-
-manage_dirs_pattern(portage_fetch_t, portage_ebuild_t, portage_ebuild_t)
-manage_files_pattern(portage_fetch_t, portage_ebuild_t, portage_ebuild_t)
-
-manage_dirs_pattern(portage_fetch_t, portage_fetch_tmp_t, portage_fetch_tmp_t)
-manage_files_pattern(portage_fetch_t, portage_fetch_tmp_t, portage_fetch_tmp_t)
-files_tmp_filetrans(portage_fetch_t, portage_fetch_tmp_t, { file dir })
-
-# portage makes home dir the portage tmp dir, so
-# wget looks for .wgetrc there
-dontaudit portage_fetch_t portage_tmp_t:dir search_dir_perms;
-# rsync server timestamp check
-allow portage_fetch_t portage_tmp_t:file { read_file_perms delete_file_perms };
-
-kernel_read_system_state(portage_fetch_t)
-kernel_read_kernel_sysctls(portage_fetch_t)
-
-corecmd_exec_bin(portage_fetch_t)
-
-corenet_all_recvfrom_unlabeled(portage_fetch_t)
-corenet_all_recvfrom_netlabel(portage_fetch_t)
-corenet_tcp_sendrecv_generic_if(portage_fetch_t)
-corenet_tcp_sendrecv_generic_node(portage_fetch_t)
-corenet_tcp_sendrecv_all_ports(portage_fetch_t)
-# would rather not connect to unspecified ports, but
-# it occasionally comes up
-corenet_tcp_connect_all_reserved_ports(portage_fetch_t)
-corenet_tcp_connect_generic_port(portage_fetch_t)
-
-dev_dontaudit_read_rand(portage_fetch_t)
-
-domain_use_interactive_fds(portage_fetch_t)
-
-files_read_etc_files(portage_fetch_t)
-files_read_etc_runtime_files(portage_fetch_t)
-files_search_var(portage_fetch_t)
-files_dontaudit_search_pids(portage_fetch_t)
-
-term_search_ptys(portage_fetch_t)
-
-miscfiles_read_localization(portage_fetch_t)
-
-sysnet_read_config(portage_fetch_t)
-sysnet_dns_name_resolve(portage_fetch_t)
-
-userdom_use_user_terminals(portage_fetch_t)
-userdom_dontaudit_read_user_home_content_files(portage_fetch_t)
-
-ifdef(`hide_broken_symptoms',`
-	dontaudit portage_fetch_t portage_cache_t:file read;
-')
-
-##########################################
-#
-# Portage sandbox domain
-# - SELinux-enforced sandbox
-#
-
-portage_compile_domain(portage_sandbox_t)
-
-ifdef(`hide_broken_symptoms',`
-	# leaked descriptors
-	dontaudit portage_sandbox_t portage_cache_t:dir { setattr };
-	dontaudit portage_sandbox_t portage_cache_t:file { setattr write };
-')
diff --git a/policy/modules/admin/prelink.fc b/policy/modules/admin/prelink.fc
deleted file mode 100644
index ec0e76a..0000000
--- a/policy/modules/admin/prelink.fc
+++ /dev/null
@@ -1,11 +0,0 @@
-/etc/cron\.daily/prelink	--	gen_context(system_u:object_r:prelink_cron_system_exec_t,s0)
-
-/etc/prelink\.cache		--	gen_context(system_u:object_r:prelink_cache_t,s0)
-
-/usr/sbin/prelink(\.bin)?	--	gen_context(system_u:object_r:prelink_exec_t,s0)
-
-/var/log/prelink\.log		--	gen_context(system_u:object_r:prelink_log_t,s0)
-/var/log/prelink(/.*)?			gen_context(system_u:object_r:prelink_log_t,s0)
-
-/var/lib/misc/prelink.*		--	gen_context(system_u:object_r:prelink_var_lib_t,s0)
-/var/lib/prelink(/.*)?			gen_context(system_u:object_r:prelink_var_lib_t,s0)
diff --git a/policy/modules/admin/prelink.if b/policy/modules/admin/prelink.if
deleted file mode 100644
index 93ec175..0000000
--- a/policy/modules/admin/prelink.if
+++ /dev/null
@@ -1,204 +0,0 @@
-## <summary>Prelink ELF shared library mappings.</summary>
-
-########################################
-## <summary>
-##	Execute the prelink program in the prelink domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`prelink_domtrans',`
-	gen_require(`
-		type prelink_t, prelink_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, prelink_exec_t, prelink_t)
-
-	ifdef(`hide_broken_symptoms', `
-		dontaudit prelink_t $1:socket_class_set { read write };
-		dontaudit prelink_t $1:fifo_file setattr;
-	')
-')
-
-########################################
-## <summary>
-##	Execute the prelink program in the current domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`prelink_exec',`
-	gen_require(`
-		type prelink_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, prelink_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute the prelink program in the prelink domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the prelink domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`prelink_run',`
-	gen_require(`
-		type prelink_t;
-	')
-
-	prelink_domtrans($1)
-	role $2 types prelink_t;
-')
-
-########################################
-## <summary>
-##	Make the specified file type prelinkable.
-## </summary>
-## <param name="file_type">
-##	<summary>
-##	File type to be prelinked.
-##	</summary>
-## </param>
-#
-# cjp: added for misc non-entrypoint objects
-interface(`prelink_object_file',`
-	gen_require(`
-		attribute prelink_object;
-	')
-
-	typeattribute $1 prelink_object;
-')
-
-########################################
-## <summary>
-##	Read the prelink cache.
-## </summary>
-## <param name="file_type">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`prelink_read_cache',`
-	gen_require(`
-		type prelink_cache_t;
-	')
-
-	files_search_etc($1)
-	allow $1 prelink_cache_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Delete the prelink cache.
-## </summary>
-## <param name="file_type">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`prelink_delete_cache',`
-	gen_require(`
-		type prelink_cache_t;
-	')
-
-	allow $1 prelink_cache_t:file unlink;
-	files_rw_etc_dirs($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	prelink log files.
-## </summary>
-## <param name="file_type">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`prelink_manage_log',`
-	gen_require(`
-		type prelink_log_t;
-	')
-
-	logging_search_logs($1)
-	manage_files_pattern($1, prelink_log_t, prelink_log_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	prelink var_lib files.
-## </summary>
-## <param name="file_type">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`prelink_manage_lib',`
-	gen_require(`
-		type prelink_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Relabel from files in the /boot directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`prelink_relabelfrom_lib',`
-	gen_require(`
-		type prelink_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	relabelfrom_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Relabel from files in the /boot directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`prelink_relabel_lib',`
-	gen_require(`
-		type prelink_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	relabel_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t)
-')
diff --git a/policy/modules/admin/prelink.te b/policy/modules/admin/prelink.te
deleted file mode 100644
index 0faba2a..0000000
--- a/policy/modules/admin/prelink.te
+++ /dev/null
@@ -1,182 +0,0 @@
-policy_module(prelink, 1.9.1)
-
-########################################
-#
-# Declarations
-
-attribute prelink_object;
-
-type prelink_t;
-type prelink_exec_t;
-init_system_domain(prelink_t, prelink_exec_t)
-domain_obj_id_change_exemption(prelink_t)
-
-type prelink_cache_t;
-files_type(prelink_cache_t)
-
-type prelink_cron_system_t;
-type prelink_cron_system_exec_t;
-domain_type(prelink_cron_system_t)
-domain_entry_file(prelink_cron_system_t, prelink_cron_system_exec_t)
-
-type prelink_log_t;
-logging_log_file(prelink_log_t)
-
-type prelink_tmp_t;
-files_tmp_file(prelink_tmp_t)
-
-type prelink_tmpfs_t;
-files_tmpfs_file(prelink_tmpfs_t)
-
-type prelink_var_lib_t;
-files_type(prelink_var_lib_t)
-
-########################################
-#
-# Local policy
-#
-
-allow prelink_t self:capability { chown dac_override fowner fsetid sys_resource };
-allow prelink_t self:process { execheap execmem execstack signal };
-allow prelink_t self:fifo_file rw_fifo_file_perms;
-
-allow prelink_t prelink_cache_t:file manage_file_perms;
-files_etc_filetrans(prelink_t, prelink_cache_t, file)
-
-allow prelink_t prelink_log_t:dir setattr;
-create_files_pattern(prelink_t, prelink_log_t, prelink_log_t)
-append_files_pattern(prelink_t, prelink_log_t, prelink_log_t)
-read_lnk_files_pattern(prelink_t, prelink_log_t, prelink_log_t)
-logging_log_filetrans(prelink_t, prelink_log_t, file)
-
-allow prelink_t prelink_tmp_t:file { manage_file_perms execute relabelfrom execmod };
-files_tmp_filetrans(prelink_t, prelink_tmp_t, file)
-
-allow prelink_t prelink_tmpfs_t:file { manage_file_perms execute relabelfrom execmod };
-fs_tmpfs_filetrans(prelink_t, prelink_tmpfs_t, file)
-
-manage_dirs_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
-manage_files_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
-relabel_files_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
-files_var_lib_filetrans(prelink_t, prelink_var_lib_t, { dir file })
-files_search_var_lib(prelink_t)
-
-# prelink misc objects that are not system
-# libraries or entrypoints
-allow prelink_t prelink_object:file { manage_file_perms execute relabel_file_perms };
-
-kernel_read_system_state(prelink_t)
-kernel_read_kernel_sysctls(prelink_t)
-
-corecmd_manage_all_executables(prelink_t)
-corecmd_relabel_all_executables(prelink_t)
-corecmd_mmap_all_executables(prelink_t)
-corecmd_read_bin_symlinks(prelink_t)
-
-dev_read_urand(prelink_t)
-dev_getattr_all_chr_files(prelink_t)
-
-files_list_all(prelink_t)
-files_getattr_all_files(prelink_t)
-files_write_non_security_dirs(prelink_t)
-files_read_etc_files(prelink_t)
-files_read_etc_runtime_files(prelink_t)
-files_dontaudit_read_all_symlinks(prelink_t)
-files_manage_usr_files(prelink_t)
-files_manage_var_files(prelink_t)
-files_relabelfrom_usr_files(prelink_t)
-
-fs_getattr_xattr_fs(prelink_t)
-
-storage_getattr_fixed_disk_dev(prelink_t)
-
-selinux_get_enforce_mode(prelink_t)
-
-libs_exec_ld_so(prelink_t)
-libs_legacy_use_shared_libs(prelink_t)
-libs_manage_ld_so(prelink_t)
-libs_relabel_ld_so(prelink_t)
-libs_manage_shared_libs(prelink_t)
-libs_relabel_shared_libs(prelink_t)
-libs_delete_lib_symlinks(prelink_t)
-
-miscfiles_read_localization(prelink_t)
-
-userdom_use_user_terminals(prelink_t)
-userdom_manage_user_home_content(prelink_t)
-userdom_execmod_user_home_files(prelink_t)
-
-optional_policy(`
-	amanda_manage_lib(prelink_t)
-')
-
-optional_policy(`
-	cron_system_entry(prelink_t, prelink_exec_t)
-')
-
-optional_policy(`
-	nsplugin_manage_rw_files(prelink_t)
-')
-
-optional_policy(`
-	rpm_manage_tmp_files(prelink_t)
-')
-
-optional_policy(`
-	unconfined_domain(prelink_t)
-')
-
-########################################
-#
-# Prelink Cron system Policy
-#
-
-optional_policy(`
-	allow prelink_cron_system_t self:capability setuid;
-	allow prelink_cron_system_t self:process { setsched setfscreate signal };
-	allow prelink_cron_system_t self:fifo_file rw_fifo_file_perms;
-	allow prelink_cron_system_t self:unix_dgram_socket { write bind create setopt };
-
-	read_files_pattern(prelink_cron_system_t, prelink_cache_t, prelink_cache_t)
-	allow prelink_cron_system_t prelink_cache_t:file unlink;
-	files_delete_etc_dir_entry(prelink_cron_system_t)
-
-	domtrans_pattern(prelink_cron_system_t, prelink_exec_t, prelink_t)
-	allow prelink_cron_system_t prelink_t:process noatsecure;
-
-	manage_files_pattern(prelink_cron_system_t, prelink_log_t, prelink_log_t)
-
-	manage_files_pattern(prelink_cron_system_t, prelink_var_lib_t, prelink_var_lib_t)
-	files_var_lib_filetrans(prelink_cron_system_t, prelink_var_lib_t, file)
-	allow prelink_cron_system_t prelink_var_lib_t:file { relabelfrom relabelto };
-
-	kernel_read_system_state(prelink_cron_system_t)
-
-	corecmd_exec_bin(prelink_cron_system_t)
-	corecmd_exec_shell(prelink_cron_system_t)
-
-	files_dontaudit_search_all_mountpoints(prelink_cron_system_t)
-	files_read_etc_files(prelink_cron_system_t)
-	files_search_var_lib(prelink_cron_system_t)
-
-	init_telinit(prelink_cron_system_t)
-
-	libs_exec_ld_so(prelink_cron_system_t)
-
-	logging_search_logs(prelink_cron_system_t)
-
-	miscfiles_read_localization(prelink_cron_system_t)
-
-	cron_system_entry(prelink_cron_system_t, prelink_cron_system_exec_t)
-
-	userdom_dontaudit_list_admin_dir(prelink_cron_system_t)
-
-	optional_policy(`
-		rpm_read_db(prelink_cron_system_t)
-	')
-')
-ifdef(`hide_broken_symptoms', `
-	optional_policy(`
-	      dbus_read_config(prelink_t)
-	')
-')
diff --git a/policy/modules/admin/quota.fc b/policy/modules/admin/quota.fc
deleted file mode 100644
index f387230..0000000
--- a/policy/modules/admin/quota.fc
+++ /dev/null
@@ -1,19 +0,0 @@
-HOME_ROOT/a?quota\.(user|group)	--	gen_context(system_u:object_r:quota_db_t,s0)
-
-/a?quota\.(user|group)	--	gen_context(system_u:object_r:quota_db_t,s0)
-
-/boot/a?quota\.(user|group)	--	gen_context(system_u:object_r:quota_db_t,s0)
-
-/etc/a?quota\.(user|group)	--	gen_context(system_u:object_r:quota_db_t,s0)
-
-/sbin/quota(check|on)		--	gen_context(system_u:object_r:quota_exec_t,s0)
-
-/var/a?quota\.(user|group)	--	gen_context(system_u:object_r:quota_db_t,s0)
-/var/lib/quota(/.*)?			gen_context(system_u:object_r:quota_flag_t,s0)
-/var/spool/a?quota\.(user|group) --	gen_context(system_u:object_r:quota_db_t,s0)
-
-ifdef(`distro_redhat',`
-/usr/sbin/convertquota		--	gen_context(system_u:object_r:quota_exec_t,s0)
-',`
-/sbin/convertquota		--	gen_context(system_u:object_r:quota_exec_t,s0)
-')
diff --git a/policy/modules/admin/quota.if b/policy/modules/admin/quota.if
deleted file mode 100644
index 6382d3c..0000000
--- a/policy/modules/admin/quota.if
+++ /dev/null
@@ -1,84 +0,0 @@
-## <summary>File system quota management</summary>
-
-########################################
-## <summary>
-##	Execute quota management tools in the quota domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`quota_domtrans',`
-	gen_require(`
-		type quota_t, quota_exec_t;
-	')
-
-	domtrans_pattern($1, quota_exec_t, quota_t)
-')
-
-########################################
-## <summary>
-##	Execute quota management tools in the quota domain, and
-##	allow the specified role the quota domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`quota_run',`
-	gen_require(`
-		type quota_t;
-	')
-
-	quota_domtrans($1)
-	role $2 types quota_t;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of filesystem quota data files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`quota_dontaudit_getattr_db',`
-	gen_require(`
-		type quota_db_t;
-	')
-
-	dontaudit $1 quota_db_t:file getattr;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete quota
-##	flag files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`quota_manage_flags',`
-	gen_require(`
-		type quota_flag_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, quota_flag_t, quota_flag_t)
-')
diff --git a/policy/modules/admin/quota.te b/policy/modules/admin/quota.te
deleted file mode 100644
index d47698a..0000000
--- a/policy/modules/admin/quota.te
+++ /dev/null
@@ -1,84 +0,0 @@
-policy_module(quota, 1.4.1)
-
-########################################
-#
-# Declarations
-#
-
-type quota_t;
-type quota_exec_t;
-init_system_domain(quota_t, quota_exec_t)
-
-type quota_db_t;
-files_type(quota_db_t)
-
-type quota_flag_t;
-files_type(quota_flag_t)
-
-########################################
-#
-# Local policy
-#
-
-allow quota_t self:capability { sys_admin dac_override };
-dontaudit quota_t self:capability sys_tty_config;
-allow quota_t self:process signal_perms;
-
-# for /quota.*
-allow quota_t quota_db_t:file { manage_file_perms quotaon };
-files_root_filetrans(quota_t, quota_db_t, file)
-files_boot_filetrans(quota_t, quota_db_t, file)
-files_etc_filetrans(quota_t, quota_db_t, file)
-files_tmp_filetrans(quota_t, quota_db_t, file)
-files_home_filetrans(quota_t, quota_db_t, file)
-files_usr_filetrans(quota_t, quota_db_t, file)
-files_var_filetrans(quota_t, quota_db_t, file)
-files_spool_filetrans(quota_t, quota_db_t, file)
-
-kernel_list_proc(quota_t)
-kernel_read_proc_symlinks(quota_t)
-kernel_read_kernel_sysctls(quota_t)
-kernel_setsched(quota_t)
-
-dev_read_sysfs(quota_t)
-dev_getattr_all_blk_files(quota_t)
-dev_getattr_all_chr_files(quota_t)
-
-fs_get_xattr_fs_quotas(quota_t)
-fs_set_xattr_fs_quotas(quota_t)
-fs_getattr_xattr_fs(quota_t)
-fs_remount_xattr_fs(quota_t)
-fs_search_auto_mountpoints(quota_t)
-
-mls_file_read_all_levels(quota_t)
-
-storage_raw_read_fixed_disk(quota_t)
-
-term_dontaudit_use_console(quota_t)
-
-domain_use_interactive_fds(quota_t)
-
-files_list_all(quota_t)
-files_read_all_files(quota_t)
-files_read_all_symlinks(quota_t)
-files_getattr_all_pipes(quota_t)
-files_getattr_all_sockets(quota_t)
-files_getattr_all_file_type_fs(quota_t)
-# Read /etc/mtab.
-files_read_etc_runtime_files(quota_t)
-
-init_use_fds(quota_t)
-init_use_script_ptys(quota_t)
-
-logging_send_syslog_msg(quota_t)
-
-userdom_use_user_terminals(quota_t)
-userdom_dontaudit_use_unpriv_user_fds(quota_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(quota_t)
-')
-
-optional_policy(`
-	udev_read_db(quota_t)
-')
diff --git a/policy/modules/admin/readahead.fc b/policy/modules/admin/readahead.fc
deleted file mode 100644
index 7077413..0000000
--- a/policy/modules/admin/readahead.fc
+++ /dev/null
@@ -1,3 +0,0 @@
-/usr/sbin/readahead.*	--	gen_context(system_u:object_r:readahead_exec_t,s0)
-/sbin/readahead.*	--	gen_context(system_u:object_r:readahead_exec_t,s0)
-/var/lib/readahead(/.*)?	gen_context(system_u:object_r:readahead_var_lib_t,s0)
diff --git a/policy/modules/admin/readahead.if b/policy/modules/admin/readahead.if
deleted file mode 100644
index 47c4723..0000000
--- a/policy/modules/admin/readahead.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>Readahead, read files into page cache for improved performance</summary>
diff --git a/policy/modules/admin/readahead.te b/policy/modules/admin/readahead.te
deleted file mode 100644
index c1aaa79..0000000
--- a/policy/modules/admin/readahead.te
+++ /dev/null
@@ -1,103 +0,0 @@
-policy_module(readahead, 1.11.1)
-
-########################################
-#
-# Declarations
-#
-
-type readahead_t;
-type readahead_exec_t;
-init_daemon_domain(readahead_t, readahead_exec_t)
-application_domain(readahead_t, readahead_exec_t)
-
-type readahead_var_lib_t;
-files_type(readahead_var_lib_t)
-typealias readahead_var_lib_t alias readahead_etc_rw_t;
-
-type readahead_var_run_t;
-files_pid_file(readahead_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow readahead_t self:capability { fowner dac_override dac_read_search };
-dontaudit readahead_t self:capability { net_admin sys_tty_config };
-allow readahead_t self:process { setsched signal_perms };
-
-manage_dirs_pattern(readahead_t, readahead_var_lib_t, readahead_var_lib_t)
-manage_files_pattern(readahead_t, readahead_var_lib_t, readahead_var_lib_t)
-files_search_var_lib(readahead_t)
-
-manage_files_pattern(readahead_t, readahead_var_run_t, readahead_var_run_t)
-files_pid_filetrans(readahead_t, readahead_var_run_t, file)
-
-kernel_read_all_sysctls(readahead_t)
-kernel_read_system_state(readahead_t)
-kernel_dontaudit_getattr_core_if(readahead_t)
-
-dev_read_sysfs(readahead_t)
-dev_getattr_generic_chr_files(readahead_t)
-dev_getattr_generic_blk_files(readahead_t)
-dev_getattr_all_chr_files(readahead_t)
-dev_getattr_all_blk_files(readahead_t)
-dev_dontaudit_read_all_blk_files(readahead_t)
-dev_dontaudit_getattr_memory_dev(readahead_t)
-dev_dontaudit_getattr_nvram_dev(readahead_t)
-# Early devtmpfs, before udev relabel
-dev_dontaudit_rw_generic_chr_files(readahead_t)
-
-domain_use_interactive_fds(readahead_t)
-domain_read_all_domains_state(readahead_t)
-
-files_list_non_security(readahead_t)
-files_read_non_security_files(readahead_t)
-files_dontaudit_read_security_files(readahead_t)
-files_create_boot_flag(readahead_t)
-files_getattr_all_pipes(readahead_t)
-files_dontaudit_getattr_all_sockets(readahead_t)
-files_dontaudit_getattr_non_security_blk_files(readahead_t)
-
-fs_getattr_all_fs(readahead_t)
-fs_search_auto_mountpoints(readahead_t)
-fs_getattr_all_pipes(readahead_t)
-fs_getattr_all_files(readahead_t)
-fs_read_cgroup_files(readahead_t)
-fs_read_tmpfs_files(readahead_t)
-fs_read_tmpfs_symlinks(readahead_t)
-fs_list_inotifyfs(readahead_t)
-fs_dontaudit_read_tmpfs_blk_dev(readahead_t)
-fs_dontaudit_search_ramfs(readahead_t)
-fs_dontaudit_read_ramfs_pipes(readahead_t)
-fs_dontaudit_read_ramfs_files(readahead_t)
-fs_dontaudit_use_tmpfs_chr_dev(readahead_t)
-
-mls_file_read_all_levels(readahead_t)
-
-storage_raw_read_fixed_disk(readahead_t)
-
-term_dontaudit_use_console(readahead_t)
-
-auth_dontaudit_read_shadow(readahead_t)
-
-init_use_fds(readahead_t)
-init_use_script_ptys(readahead_t)
-init_getattr_initctl(readahead_t)
-
-logging_send_syslog_msg(readahead_t)
-logging_set_audit_parameters(readahead_t)
-logging_dontaudit_search_audit_config(readahead_t)
-
-miscfiles_read_localization(readahead_t)
-
-userdom_dontaudit_use_unpriv_user_fds(readahead_t)
-userdom_dontaudit_search_user_home_dirs(readahead_t)
-
-optional_policy(`
-	cron_system_entry(readahead_t, readahead_exec_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(readahead_t)
-')
diff --git a/policy/modules/admin/rpm.fc b/policy/modules/admin/rpm.fc
deleted file mode 100644
index 48922c9..0000000
--- a/policy/modules/admin/rpm.fc
+++ /dev/null
@@ -1,58 +0,0 @@
-
-/bin/rpm 			--	gen_context(system_u:object_r:rpm_exec_t,s0)
-
-/usr/bin/debuginfo-install	--	gen_context(system_u:object_r:debuginfo_exec_t,s0)
-/usr/bin/rpm 			--	gen_context(system_u:object_r:rpm_exec_t,s0)
-/usr/bin/smart 			--	gen_context(system_u:object_r:rpm_exec_t,s0)
-
-/usr/bin/yum 			--	gen_context(system_u:object_r:rpm_exec_t,s0)
-
-/usr/libexec/packagekitd	--	gen_context(system_u:object_r:rpm_exec_t,s0)
-/usr/libexec/yumDBUSBackend.py	--	gen_context(system_u:object_r:rpm_exec_t,s0)
-
-/usr/sbin/yum-complete-transaction --	gen_context(system_u:object_r:rpm_exec_t,s0)
-
-/usr/sbin/system-install-packages --	gen_context(system_u:object_r:rpm_exec_t,s0)
-/usr/sbin/yum-updatesd		--	gen_context(system_u:object_r:rpm_exec_t,s0)
-/usr/sbin/packagekitd		--	gen_context(system_u:object_r:rpm_exec_t,s0)
-
-/usr/share/yumex/yumex-yum-backend --	gen_context(system_u:object_r:rpm_exec_t,s0)
-/usr/share/yumex/yum_childtask\.py --	gen_context(system_u:object_r:rpm_exec_t,s0)
-
-ifdef(`distro_redhat', `
-/usr/bin/fedora-rmdevelrpms	--	gen_context(system_u:object_r:rpm_exec_t,s0)
-/usr/bin/rpmdev-rmdevelrpms	--	gen_context(system_u:object_r:rpm_exec_t,s0)
-/usr/sbin/pirut			--	gen_context(system_u:object_r:rpm_exec_t,s0)
-/usr/sbin/pup			--	gen_context(system_u:object_r:rpm_exec_t,s0)
-/usr/sbin/rhn_check		--	gen_context(system_u:object_r:rpm_exec_t,s0)
-/usr/sbin/up2date		--	gen_context(system_u:object_r:rpm_exec_t,s0)
-/usr/sbin/synaptic		--	gen_context(system_u:object_r:rpm_exec_t,s0)
-/usr/bin/apt-get		--	gen_context(system_u:object_r:rpm_exec_t,s0)
-/usr/bin/apt-shell		--	gen_context(system_u:object_r:rpm_exec_t,s0)
-')
-
-/var/cache/yum(/.*)?			gen_context(system_u:object_r:rpm_var_cache_t,s0)
-
-/var/lib/alternatives(/.*)?		gen_context(system_u:object_r:rpm_var_lib_t,s0)
-/var/lib/rpm(/.*)?			gen_context(system_u:object_r:rpm_var_lib_t,s0)
-/var/lib/yum(/.*)?			gen_context(system_u:object_r:rpm_var_lib_t,s0)
-
-/var/log/rpmpkgs.*		--	gen_context(system_u:object_r:rpm_log_t,s0)
-/var/log/yum\.log.*		--	gen_context(system_u:object_r:rpm_log_t,s0)
-
-/var/spool/up2date(/.*)?		gen_context(system_u:object_r:rpm_var_cache_t,s0)
-
-/var/run/yum.*			--	gen_context(system_u:object_r:rpm_var_run_t,s0)
-/var/run/PackageKit(/.*)?		gen_context(system_u:object_r:rpm_var_run_t,s0)
-
-# SuSE
-ifdef(`distro_suse', `
-/usr/bin/online_update		--	gen_context(system_u:object_r:rpm_exec_t,s0)
-/sbin/yast2			--	gen_context(system_u:object_r:rpm_exec_t,s0)
-/var/lib/YaST2(/.*)?			gen_context(system_u:object_r:rpm_var_lib_t,s0)
-/var/log/YaST2(/.*)?			gen_context(system_u:object_r:rpm_log_t,s0)
-')
-
-ifdef(`enable_mls',`
-/sbin/cpio			--	gen_context(system_u:object_r:rpm_exec_t,s0)
-')
diff --git a/policy/modules/admin/rpm.if b/policy/modules/admin/rpm.if
deleted file mode 100644
index ddbb3af..0000000
--- a/policy/modules/admin/rpm.if
+++ /dev/null
@@ -1,690 +0,0 @@
-## <summary>Policy for the RPM package manager.</summary>
-
-########################################
-## <summary>
-##	Execute rpm programs in the rpm domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`rpm_domtrans',`
-	gen_require(`
-		type rpm_t, rpm_exec_t;
-		attribute rpm_transition_domain;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, rpm_exec_t, rpm_t)
-	typeattribute $1 rpm_transition_domain;
-	rpm_debuginfo_domtrans($1)
-')
-
-########################################
-## <summary>
-##	Execute debuginfo_install programs in the rpm domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`rpm_debuginfo_domtrans',`
-	gen_require(`
-		type rpm_t;
-		type debuginfo_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, debuginfo_exec_t, rpm_t)
-')
-
-########################################
-## <summary>
-##	Execute rpm_script programs in the rpm_script domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`rpm_domtrans_script',`
-	gen_require(`
-		type rpm_script_t;
-	')
-
-	# transition to rpm script:
-	corecmd_shell_domtrans($1, rpm_script_t)
-	allow rpm_script_t $1:fd use;
-	allow rpm_script_t $1:fifo_file rw_file_perms;
-	allow rpm_script_t $1:process sigchld;
-')
-
-########################################
-## <summary>
-##	Execute RPM programs in the RPM domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the RPM domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`rpm_run',`
-	gen_require(`
-		type rpm_t, rpm_script_t;
-	')
-
-	rpm_domtrans($1)
-	role $2 types rpm_t;
-	role $2 types rpm_script_t;
-
-	domain_system_change_exemption($1)
-	role_transition $2 rpm_exec_t system_r;
-	allow $2 system_r;
-
-	seutil_run_loadpolicy(rpm_script_t, $2)
-	seutil_run_semanage(rpm_script_t, $2)
-	seutil_run_setfiles(rpm_script_t, $2)
-')
-
-########################################
-## <summary>
-##	Execute the rpm client in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_exec',`
-	gen_require(`
-		type rpm_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, rpm_exec_t)
-')
-
-########################################
-## <summary>
-##	Send a null signal to rpm.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_signull',`
-	gen_require(`
-		type rpm_t;
-	')
-
-	allow $1 rpm_t:process signull;
-')
-
-########################################
-## <summary>
-##	Inherit and use file descriptors from RPM.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_use_fds',`
-	gen_require(`
-		type rpm_t;
-	')
-
-	allow $1 rpm_t:fd use;
-')
-
-########################################
-## <summary>
-##	Read from an unnamed RPM pipe.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_read_pipes',`
-	gen_require(`
-		type rpm_t;
-	')
-
-	allow $1 rpm_t:fifo_file read_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write an unnamed RPM pipe.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_rw_pipes',`
-	gen_require(`
-		type rpm_t;
-	')
-
-	allow $1 rpm_t:fifo_file rw_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	dontaudit read and write an leaked file descriptors
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_dontaudit_leaks',`
-	gen_require(`
-		type rpm_t, rpm_var_cache_t;
-		type rpm_script_t, rpm_var_run_t, rpm_tmp_t;
-		type rpm_tmpfs_t, rpm_script_tmp_t, rpm_var_lib_t;
-	')
-
-	dontaudit $1 rpm_t:fifo_file rw_inherited_fifo_file_perms;
- 	dontaudit $1 rpm_t:tcp_socket { read write };
-	dontaudit $1 rpm_t:unix_dgram_socket { read write };
-	dontaudit $1 rpm_t:shm rw_shm_perms;
-
-	dontaudit $1 rpm_script_t:fd use;
-	dontaudit $1 rpm_script_t:fifo_file rw_inherited_fifo_file_perms;
-
-	dontaudit $1 rpm_var_run_t:file rw_inherited_file_perms;
-
-	dontaudit $1 rpm_tmp_t:file rw_inherited_file_perms;
- 	dontaudit $1 rpm_tmpfs_t:dir rw_dir_perms;
- 	dontaudit $1 rpm_tmpfs_t:file rw_inherited_file_perms;
-	dontaudit $1 rpm_script_tmp_t:file rw_inherited_file_perms;
-	dontaudit $1 rpm_var_lib_t:file rw_inherited_file_perms;
-	dontaudit $1 rpm_var_cache_t:file  rw_inherited_file_perms;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	rpm over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_dbus_chat',`
-	gen_require(`
-		type rpm_t;
-		class dbus send_msg;
-	')
-
-	allow $1 rpm_t:dbus send_msg;
-	allow rpm_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to send and
-##	receive messages from rpm over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`rpm_dontaudit_dbus_chat',`
-	gen_require(`
-		type rpm_t;
-		class dbus send_msg;
-	')
-
-	dontaudit $1 rpm_t:dbus send_msg;
-	dontaudit rpm_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	rpm_script over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_script_dbus_chat',`
-	gen_require(`
-		type rpm_script_t;
-		class dbus send_msg;
-	')
-
-	allow $1 rpm_script_t:dbus send_msg;
-	allow rpm_script_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Search RPM log directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_search_log',`
-	gen_require(`
-		type rpm_log_t;
-	')
-
-	allow $1 rpm_log_t:dir search_dir_perms;
-')
-
-#####################################
-## <summary>
-##	Allow the specified domain to append
-##	to rpm log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_append_log',`
-	gen_require(`
-		type rpm_log_t;
-	')
-
-	logging_search_logs($1)
-	append_files_pattern($1, rpm_log_t, rpm_log_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete the RPM log.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_manage_log',`
-	gen_require(`
-		type rpm_log_t;
-	')
-
-	logging_rw_generic_log_dirs($1)
-	allow $1 rpm_log_t:file manage_file_perms;
-')
-
-########################################
-## <summary>
-##	Inherit and use file descriptors from RPM scripts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_use_script_fds',`
-	gen_require(`
-		type rpm_script_t;
-	')
-
-	allow $1 rpm_script_t:fd use;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete RPM
-##	script temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_manage_script_tmp_files',`
-	gen_require(`
-		type rpm_script_tmp_t;
-	')
-
-	files_search_tmp($1)
-	manage_dirs_pattern($1, rpm_script_tmp_t, rpm_script_tmp_t)
-	manage_files_pattern($1, rpm_script_tmp_t, rpm_script_tmp_t)
-	manage_lnk_files_pattern($1, rpm_script_tmp_t, rpm_script_tmp_t)
-')
-
-#####################################
-## <summary>
-##	Allow the specified domain to append
-##	to rpm tmp files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_append_tmp_files',`
-	gen_require(`
-		type rpm_tmp_t;
-	')
-
-	files_search_tmp($1)
-	append_files_pattern($1, rpm_tmp_t, rpm_tmp_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete RPM
-##	 temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_manage_tmp_files',`
-	gen_require(`
-		type rpm_tmp_t;
-	')
-
-	files_search_tmp($1)
-	manage_dirs_pattern($1, rpm_tmp_t, rpm_tmp_t)
-	manage_files_pattern($1, rpm_tmp_t, rpm_tmp_t)
-	manage_lnk_files_pattern($1, rpm_tmp_t, rpm_tmp_t)
-')
-
-########################################
-## <summary>
-##	Read RPM script temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_read_script_tmp_files',`
-	gen_require(`
-		type rpm_script_tmp_t;
-	')
-
-	read_files_pattern($1, rpm_script_tmp_t, rpm_script_tmp_t)
-	read_lnk_files_pattern($1, rpm_script_tmp_t, rpm_script_tmp_t)
-')
-
-########################################
-## <summary>
-##	Read the RPM cache.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_read_cache',`
-	gen_require(`
-		type rpm_var_cache_t;
-	')
-
-	files_search_var($1)
-	allow $1 rpm_var_cache_t:dir list_dir_perms;
-	read_files_pattern($1, rpm_var_cache_t, rpm_var_cache_t)
-	read_lnk_files_pattern($1, rpm_var_cache_t, rpm_var_cache_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete the RPM package database.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_manage_cache',`
-	gen_require(`
-		type rpm_var_cache_t;
-	')
-
-	files_search_var_lib($1)
-	manage_dirs_pattern($1, rpm_var_cache_t, rpm_var_cache_t)
-	manage_files_pattern($1, rpm_var_cache_t, rpm_var_cache_t)
-	manage_lnk_files_pattern($1, rpm_var_cache_t, rpm_var_cache_t)
-')
-
-########################################
-## <summary>
-##	Read the RPM package database.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_read_db',`
-	gen_require(`
-		type rpm_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 rpm_var_lib_t:dir list_dir_perms;
-	read_files_pattern($1, rpm_var_lib_t, rpm_var_lib_t)
-	read_lnk_files_pattern($1, rpm_var_lib_t, rpm_var_lib_t)
-	rpm_read_cache($1)
-')
-
-########################################
-## <summary>
-##	Delete the RPM package database.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_delete_db',`
-	gen_require(`
-		type rpm_var_lib_t;
-	')
-
-	delete_files_pattern($1, rpm_var_lib_t, rpm_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete the RPM package database.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_manage_db',`
-	gen_require(`
-		type rpm_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, rpm_var_lib_t, rpm_var_lib_t)
-	manage_lnk_files_pattern($1, rpm_var_lib_t, rpm_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to create, read,
-##	write, and delete the RPM package database.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`rpm_dontaudit_manage_db',`
-	gen_require(`
-		type rpm_var_lib_t;
-	')
-
-	dontaudit $1 rpm_var_lib_t:dir rw_dir_perms;
-	dontaudit $1 rpm_var_lib_t:file manage_file_perms;
-	dontaudit $1 rpm_var_lib_t:lnk_file manage_lnk_file_perms;
-')
-
-#####################################
-## <summary>
-##	Read rpm pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_read_pid_files',`
-	gen_require(`
-		type rpm_var_run_t;
-	')
-
-	read_files_pattern($1, rpm_var_run_t, rpm_var_run_t)
-	files_search_pids($1)
-')
-
-#####################################
-## <summary>
-##	Create, read, write, and delete rpm pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_manage_pid_files',`
-	gen_require(`
-		type rpm_var_run_t;
-	')
-
-	manage_files_pattern($1, rpm_var_run_t, rpm_var_run_t)
-	files_search_pids($1)
-')
-
-######################################
-## <summary>
-##	Create files in /var/run with the rpm pid file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_pid_filetrans',`
-	gen_require(`
-		type rpm_var_run_t;
-	')
-
-	files_pid_filetrans($1, rpm_var_run_t, file)
-')
-
-########################################
-## <summary>
-##	Send a null signal to rpm.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_inherited_fifo',`
-	gen_require(`
-		attribute rpm_transition_domain;
-	')
-
-	allow $1 rpm_transition_domain:fifo_file rw_inherited_fifo_file_perms;
-')
-
-
-########################################
-## <summary>
-##	Make rpm_exec_t an entry point for
-##	the specified domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-# 
-interface(`rpm_entry_type',`
-	gen_require(`
-		type rpm_exec_t;
-	')
-
-	domain_entry_file($1, rpm_exec_t)
-')
-
-########################################
-## <summary>
-##	Allow application to transition to rpm_script domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpm_transition_script',`
-	gen_require(`
-		type rpm_script_t;
-		attribute rpm_transition_domain;
-	')
-
-	typeattribute $1 rpm_transition_domain;
-	allow $1 rpm_script_t:process transition;
-
-	allow $1 rpm_script_t:fd use;
-	allow rpm_script_t $1:fd use;
-	allow rpm_script_t $1:fifo_file rw_fifo_file_perms;
-	allow rpm_script_t $1:process sigchld;
-')
diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
deleted file mode 100644
index bdba9c5..0000000
--- a/policy/modules/admin/rpm.te
+++ /dev/null
@@ -1,404 +0,0 @@
-policy_module(rpm, 1.11.1)
-
-attribute rpm_transition_domain;
-
-########################################
-#
-# Declarations
-#
-type debuginfo_exec_t;
-domain_entry_file(rpm_t, debuginfo_exec_t)
-
-type rpm_t;
-type rpm_exec_t;
-init_system_domain(rpm_t, rpm_exec_t)
-domain_obj_id_change_exemption(rpm_t)
-domain_role_change_exemption(rpm_t)
-domain_system_change_exemption(rpm_t)
-domain_interactive_fd(rpm_t)
-role system_r types rpm_t;
-
-type rpm_file_t;
-files_type(rpm_file_t)
-
-type rpm_tmp_t;
-files_tmp_file(rpm_tmp_t)
-
-type rpm_tmpfs_t;
-files_tmpfs_file(rpm_tmpfs_t)
-
-type rpm_log_t;
-logging_log_file(rpm_log_t)
-
-type rpm_var_lib_t;
-files_type(rpm_var_lib_t)
-typealias rpm_var_lib_t alias var_lib_rpm_t;
-
-type rpm_var_cache_t;
-files_type(rpm_var_cache_t)
-
-type rpm_var_run_t;
-files_pid_file(rpm_var_run_t)
-
-type rpm_script_t;
-type rpm_script_exec_t;
-domain_obj_id_change_exemption(rpm_script_t)
-domain_system_change_exemption(rpm_script_t)
-corecmd_shell_entry_type(rpm_script_t)
-corecmd_bin_entry_type(rpm_script_t)
-domain_type(rpm_script_t)
-domain_entry_file(rpm_t, rpm_script_exec_t)
-domain_interactive_fd(rpm_script_t)
-role system_r types rpm_script_t;
-
-type rpm_script_tmp_t;
-files_tmp_file(rpm_script_tmp_t)
-
-type rpm_script_tmpfs_t;
-files_tmpfs_file(rpm_script_tmpfs_t)
-
-########################################
-#
-# rpm Local policy
-#
-
-allow rpm_t self:capability { chown dac_override fowner fsetid ipc_lock setgid setuid sys_chroot sys_nice sys_tty_config mknod };
-
-allow rpm_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execstack execheap };
-allow rpm_t self:process { getattr setexec setfscreate setrlimit };
-allow rpm_t self:fd use;
-allow rpm_t self:fifo_file rw_fifo_file_perms;
-allow rpm_t self:unix_dgram_socket create_socket_perms;
-allow rpm_t self:unix_stream_socket rw_stream_socket_perms;
-allow rpm_t self:unix_dgram_socket sendto;
-allow rpm_t self:unix_stream_socket connectto;
-allow rpm_t self:udp_socket { connect };
-allow rpm_t self:udp_socket create_socket_perms;
-allow rpm_t self:tcp_socket create_stream_socket_perms;
-allow rpm_t self:shm create_shm_perms;
-allow rpm_t self:sem create_sem_perms;
-allow rpm_t self:msgq create_msgq_perms;
-allow rpm_t self:msg { send receive };
-allow rpm_t self:dir search;
-allow rpm_t self:file rw_file_perms;;
-
-allow rpm_t rpm_log_t:file manage_file_perms;
-logging_log_filetrans(rpm_t, rpm_log_t, file)
-
-manage_dirs_pattern(rpm_t, rpm_tmp_t, rpm_tmp_t)
-manage_files_pattern(rpm_t, rpm_tmp_t, rpm_tmp_t)
-files_tmp_filetrans(rpm_t, rpm_tmp_t, { file dir })
-can_exec(rpm_t, rpm_tmp_t)
-
-manage_dirs_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
-manage_files_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
-manage_lnk_files_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
-manage_fifo_files_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
-manage_sock_files_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
-fs_tmpfs_filetrans(rpm_t, rpm_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-can_exec(rpm_t, rpm_tmpfs_t)
-
-manage_dirs_pattern(rpm_t, rpm_var_cache_t, rpm_var_cache_t)
-manage_files_pattern(rpm_t, rpm_var_cache_t, rpm_var_cache_t)
-files_var_filetrans(rpm_t, rpm_var_cache_t, dir)
-
-# Access /var/lib/rpm files
-manage_files_pattern(rpm_t, rpm_var_lib_t, rpm_var_lib_t)
-files_var_lib_filetrans(rpm_t, rpm_var_lib_t, dir)
-
-manage_dirs_pattern(rpm_t, rpm_var_run_t, rpm_var_run_t)
-manage_files_pattern(rpm_t, rpm_var_run_t, rpm_var_run_t)
-files_pid_filetrans(rpm_t, rpm_var_run_t, { file dir })
-
-kernel_read_network_state(rpm_t)
-kernel_read_system_state(rpm_t)
-kernel_read_kernel_sysctls(rpm_t)
-kernel_read_network_state_symlinks(rpm_t)
-
-corecmd_exec_all_executables(rpm_t)
-
-corenet_all_recvfrom_unlabeled(rpm_t)
-corenet_all_recvfrom_netlabel(rpm_t)
-corenet_tcp_sendrecv_generic_if(rpm_t)
-corenet_raw_sendrecv_generic_if(rpm_t)
-corenet_udp_sendrecv_generic_if(rpm_t)
-corenet_tcp_sendrecv_generic_node(rpm_t)
-corenet_raw_sendrecv_generic_node(rpm_t)
-corenet_udp_sendrecv_generic_node(rpm_t)
-corenet_tcp_sendrecv_all_ports(rpm_t)
-corenet_udp_sendrecv_all_ports(rpm_t)
-corenet_tcp_connect_all_ports(rpm_t)
-corenet_sendrecv_all_client_packets(rpm_t)
-
-dev_list_sysfs(rpm_t)
-dev_list_usbfs(rpm_t)
-dev_read_urand(rpm_t)
-dev_read_raw_memory(rpm_t)
-#devices_manage_all_device_types(rpm_t)
-
-fs_getattr_all_dirs(rpm_t)
-fs_list_inotifyfs(rpm_t)
-fs_manage_nfs_dirs(rpm_t)
-fs_manage_nfs_files(rpm_t)
-fs_manage_nfs_symlinks(rpm_t)
-fs_getattr_all_fs(rpm_t)
-fs_search_auto_mountpoints(rpm_t)
-
-mls_file_read_all_levels(rpm_t)
-mls_file_write_all_levels(rpm_t)
-mls_file_upgrade(rpm_t)
-mls_file_downgrade(rpm_t)
-
-selinux_get_fs_mount(rpm_t)
-selinux_validate_context(rpm_t)
-selinux_compute_access_vector(rpm_t)
-selinux_compute_create_context(rpm_t)
-selinux_compute_relabel_context(rpm_t)
-selinux_compute_user_contexts(rpm_t)
-
-storage_raw_write_fixed_disk(rpm_t)
-# for installing kernel packages
-storage_raw_read_fixed_disk(rpm_t)
-
-term_list_ptys(rpm_t)
-
-auth_relabel_all_files_except_shadow(rpm_t)
-auth_manage_all_files_except_shadow(rpm_t)
-auth_dontaudit_read_shadow(rpm_t)
-auth_use_nsswitch(rpm_t)
-
-# transition to rpm script:
-rpm_domtrans_script(rpm_t)
-
-domain_read_all_domains_state(rpm_t)
-domain_getattr_all_domains(rpm_t)
-domain_dontaudit_ptrace_all_domains(rpm_t)
-domain_use_interactive_fds(rpm_t)
-domain_dontaudit_getattr_all_pipes(rpm_t)
-domain_dontaudit_getattr_all_tcp_sockets(rpm_t)
-domain_dontaudit_getattr_all_udp_sockets(rpm_t)
-domain_dontaudit_getattr_all_packet_sockets(rpm_t)
-domain_dontaudit_getattr_all_raw_sockets(rpm_t)
-domain_dontaudit_getattr_all_stream_sockets(rpm_t)
-domain_dontaudit_getattr_all_dgram_sockets(rpm_t)
-
-files_exec_etc_files(rpm_t)
-
-init_domtrans_script(rpm_t)
-init_use_script_ptys(rpm_t)
-
-libs_exec_ld_so(rpm_t)
-libs_exec_lib_files(rpm_t)
-libs_domtrans_ldconfig(rpm_t)
-
-logging_send_syslog_msg(rpm_t)
-
-# allow compiling and loading new policy
-seutil_manage_src_policy(rpm_t)
-seutil_manage_bin_policy(rpm_t)
-
-userdom_use_user_terminals(rpm_t)
-userdom_use_unpriv_users_fds(rpm_t)
-
-optional_policy(`
-	cron_system_entry(rpm_t, rpm_exec_t)
-')
-
-optional_policy(`
-	dbus_system_domain(rpm_t, rpm_exec_t)
-	dbus_system_domain(rpm_t, debuginfo_exec_t)
-
-	optional_policy(`
-		hal_dbus_chat(rpm_t)
-	')
-
-	optional_policy(`
-		networkmanager_dbus_chat(rpm_t)
-	')
-
-')
-
-optional_policy(`
-	prelink_domtrans(rpm_t)
-')
-
-optional_policy(`
-	unconfined_domain_noaudit(rpm_t)
-	# yum-updatesd requires this
-	unconfined_dbus_chat(rpm_t)
-	unconfined_dbus_chat(rpm_script_t)
-')
-
-########################################
-#
-# rpm-script Local policy
-#
-
-allow rpm_script_t self:capability { chown dac_override dac_read_search fowner fsetid setgid setuid ipc_lock sys_admin sys_chroot sys_ptrace sys_rawio sys_nice mknod kill net_admin };
-allow rpm_script_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execheap };
-allow rpm_script_t self:fd use;
-allow rpm_script_t self:fifo_file rw_fifo_file_perms;
-allow rpm_script_t self:unix_dgram_socket create_socket_perms;
-allow rpm_script_t self:unix_stream_socket rw_stream_socket_perms;
-allow rpm_script_t self:unix_dgram_socket sendto;
-allow rpm_script_t self:unix_stream_socket connectto;
-allow rpm_script_t self:shm create_shm_perms;
-allow rpm_script_t self:sem create_sem_perms;
-allow rpm_script_t self:msgq create_msgq_perms;
-allow rpm_script_t self:msg { send receive };
-allow rpm_script_t self:netlink_kobject_uevent_socket create_socket_perms;
-
-allow rpm_script_t rpm_tmp_t:file read_file_perms;
-
-allow rpm_script_t rpm_script_tmp_t:dir mounton;
-manage_dirs_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
-manage_files_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
-manage_blk_files_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
-manage_chr_files_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
-files_tmp_filetrans(rpm_script_t, rpm_script_tmp_t, { file dir })
-
-manage_dirs_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
-manage_files_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
-manage_lnk_files_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
-manage_fifo_files_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
-manage_sock_files_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
-fs_tmpfs_filetrans(rpm_script_t, rpm_script_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-kernel_read_kernel_sysctls(rpm_script_t)
-kernel_read_system_state(rpm_script_t)
-kernel_read_network_state(rpm_script_t)
-kernel_list_all_proc(rpm_script_t)
-kernel_read_software_raid_state(rpm_script_t)
-
-dev_list_sysfs(rpm_script_t)
-
-# ideally we would not need this
-dev_manage_generic_blk_files(rpm_script_t)
-dev_manage_generic_chr_files(rpm_script_t)
-dev_manage_all_blk_files(rpm_script_t)
-dev_manage_all_chr_files(rpm_script_t)
-
-fs_manage_nfs_files(rpm_script_t)
-fs_getattr_nfs(rpm_script_t)
-fs_search_all(rpm_script_t)
-fs_getattr_all_fs(rpm_script_t)
-# why is this not using mount?
-fs_getattr_xattr_fs(rpm_script_t)
-fs_mount_xattr_fs(rpm_script_t)
-fs_unmount_xattr_fs(rpm_script_t)
-fs_search_auto_mountpoints(rpm_script_t)
-
-mcs_killall(rpm_script_t)
-mcs_ptrace_all(rpm_script_t)
-
-mls_file_read_all_levels(rpm_script_t)
-mls_file_write_all_levels(rpm_script_t)
-
-selinux_get_fs_mount(rpm_script_t)
-selinux_validate_context(rpm_script_t)
-selinux_compute_access_vector(rpm_script_t)
-selinux_compute_create_context(rpm_script_t)
-selinux_compute_relabel_context(rpm_script_t)
-selinux_compute_user_contexts(rpm_script_t)
-
-storage_raw_read_fixed_disk(rpm_script_t)
-storage_raw_write_fixed_disk(rpm_script_t)
-
-term_getattr_unallocated_ttys(rpm_script_t)
-term_list_ptys(rpm_script_t)
-term_use_all_terms(rpm_script_t)
-
-auth_dontaudit_getattr_shadow(rpm_script_t)
-auth_use_nsswitch(rpm_script_t)
-# ideally we would not need this
-auth_manage_all_files_except_shadow(rpm_script_t)
-auth_relabel_shadow(rpm_script_t)
-
-corecmd_exec_all_executables(rpm_script_t)
-can_exec(rpm_script_t, rpm_script_tmp_t)
-can_exec(rpm_script_t, rpm_script_tmpfs_t)
-
-domain_read_all_domains_state(rpm_script_t)
-domain_getattr_all_domains(rpm_script_t)
-domain_dontaudit_ptrace_all_domains(rpm_script_t)
-domain_use_interactive_fds(rpm_script_t)
-domain_signal_all_domains(rpm_script_t)
-domain_signull_all_domains(rpm_script_t)
-
-files_exec_etc_files(rpm_script_t)
-files_read_etc_runtime_files(rpm_script_t)
-files_exec_usr_files(rpm_script_t)
-files_relabel_all_files(rpm_script_t)
-
-init_domtrans_script(rpm_script_t)
-init_telinit(rpm_script_t)
-
-libs_exec_ld_so(rpm_script_t)
-libs_exec_lib_files(rpm_script_t)
-libs_domtrans_ldconfig(rpm_script_t)
-
-logging_send_syslog_msg(rpm_script_t)
-
-miscfiles_read_localization(rpm_script_t)
-
-modutils_domtrans_depmod(rpm_script_t)
-modutils_domtrans_insmod(rpm_script_t)
-
-seutil_domtrans_loadpolicy(rpm_script_t)
-seutil_domtrans_setfiles(rpm_script_t)
-seutil_domtrans_semanage(rpm_script_t)
-seutil_domtrans_setsebool(rpm_script_t)
-
-userdom_use_all_users_fds(rpm_script_t)
-userdom_exec_admin_home_files(rpm_script_t)
-
-ifdef(`distro_redhat',`
-	optional_policy(`
-		mta_send_mail(rpm_script_t)
-		mta_system_content(rpm_var_run_t)
-	')
-')
-
-tunable_policy(`allow_execmem',`
-	allow rpm_script_t self:process execmem;
-')
-
-optional_policy(`
-	bootloader_domtrans(rpm_script_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(rpm_script_t)
-')
-
-optional_policy(`
-	lvm_domtrans(rpm_script_t)
-')
-
-optional_policy(`
-	tzdata_domtrans(rpm_t)
-	tzdata_domtrans(rpm_script_t)
-')
-
-optional_policy(`
-	udev_domtrans(rpm_script_t)
-')
-
-optional_policy(`
-	unconfined_domain_noaudit(rpm_script_t)
-	unconfined_domtrans(rpm_script_t)
-	unconfined_execmem_domtrans(rpm_script_t)
-
-	optional_policy(`
-		java_domtrans_unconfined(rpm_script_t)
-	')
-
-	optional_policy(`
-		mono_domtrans(rpm_script_t)
-	')
-')
-
-optional_policy(`
-	usermanage_domtrans_groupadd(rpm_script_t)
-	usermanage_domtrans_useradd(rpm_script_t)
-')
diff --git a/policy/modules/admin/sectoolm.fc b/policy/modules/admin/sectoolm.fc
deleted file mode 100644
index 1ed6870..0000000
--- a/policy/modules/admin/sectoolm.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-/usr/libexec/sectool-mechanism\.py	--	gen_context(system_u:object_r:sectoolm_exec_t,s0)
-
-/var/lib/sectool(/.*)?				gen_context(system_u:object_r:sectool_var_lib_t,s0)
-/var/log/sectool\.log			--	gen_context(system_u:object_r:sectool_var_log_t,s0)
diff --git a/policy/modules/admin/sectoolm.if b/policy/modules/admin/sectoolm.if
deleted file mode 100644
index 9007451..0000000
--- a/policy/modules/admin/sectoolm.if
+++ /dev/null
@@ -1,2 +0,0 @@
-## <summary>Sectool security audit tool</summary>
-
diff --git a/policy/modules/admin/sectoolm.te b/policy/modules/admin/sectoolm.te
deleted file mode 100644
index c8ef84b..0000000
--- a/policy/modules/admin/sectoolm.te
+++ /dev/null
@@ -1,106 +0,0 @@
-policy_module(sectoolm, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type sectoolm_t;
-type sectoolm_exec_t;
-dbus_system_domain(sectoolm_t, sectoolm_exec_t)
-
-type sectool_var_lib_t;
-files_type(sectool_var_lib_t)
-
-type sectool_var_log_t;
-logging_log_file(sectool_var_log_t)
-
-type sectool_tmp_t;
-files_tmp_file(sectool_tmp_t)
-
-########################################
-#
-# sectool local policy
-#
-
-allow sectoolm_t self:capability { dac_override net_admin sys_nice sys_ptrace };
-allow sectoolm_t self:process { getcap getsched	signull setsched };
-dontaudit sectoolm_t self:process { execstack execmem };
-allow sectoolm_t self:fifo_file rw_fifo_file_perms;
-allow sectoolm_t self:unix_dgram_socket { create_socket_perms sendto };
-
-manage_dirs_pattern(sectoolm_t, sectool_tmp_t, sectool_tmp_t)
-manage_files_pattern(sectoolm_t, sectool_tmp_t, sectool_tmp_t)
-files_tmp_filetrans(sectoolm_t, sectool_tmp_t, { file dir })
-
-manage_files_pattern(sectoolm_t, sectool_var_lib_t, sectool_var_lib_t)
-manage_dirs_pattern(sectoolm_t, sectool_var_lib_t, sectool_var_lib_t)
-files_var_lib_filetrans(sectoolm_t, sectool_var_lib_t, { file dir })
-
-manage_files_pattern(sectoolm_t, sectool_var_log_t, sectool_var_log_t)
-logging_log_filetrans(sectoolm_t, sectool_var_log_t, file)
-
-kernel_read_net_sysctls(sectoolm_t)
-kernel_read_network_state(sectoolm_t)
-kernel_read_kernel_sysctls(sectoolm_t)
-
-corecmd_exec_bin(sectoolm_t)
-corecmd_exec_shell(sectoolm_t)
-
-dev_read_sysfs(sectoolm_t)
-dev_read_urand(sectoolm_t)
-dev_getattr_all_blk_files(sectoolm_t)
-dev_getattr_all_chr_files(sectoolm_t)
-
-domain_getattr_all_domains(sectoolm_t)
-domain_read_all_domains_state(sectoolm_t)
-
-files_getattr_all_pipes(sectoolm_t)
-files_getattr_all_sockets(sectoolm_t)
-files_read_all_files(sectoolm_t)
-files_read_all_symlinks(sectoolm_t)
-
-fs_getattr_all_fs(sectoolm_t)
-fs_list_noxattr_fs(sectoolm_t)
-
-selinux_validate_context(sectoolm_t)
-
-# tcp_wrappers test
-application_exec_all(sectoolm_t)
-
-auth_use_nsswitch(sectoolm_t)
-
-# tests related to network
-hostname_exec(sectoolm_t)
-
-# tests related to network
-iptables_domtrans(sectoolm_t)
-
-libs_exec_ld_so(sectoolm_t)
-
-logging_send_syslog_msg(sectoolm_t)
-
-# tests related to network
-sysnet_domtrans_ifconfig(sectoolm_t)
-
-userdom_manage_user_tmp_sockets(sectoolm_t)
-
-optional_policy(`
-	mount_exec(sectoolm_t)
-')
-
-optional_policy(`
-	policykit_dbus_chat(sectoolm_t)
-')
-
-# suid test using
-# rpm -Vf option
-optional_policy(`
-	prelink_domtrans(sectoolm_t)
-')
-
-optional_policy(`
-	rpm_exec(sectoolm_t)
-	rpm_dontaudit_manage_db(sectoolm_t)
-')
-
diff --git a/policy/modules/admin/shorewall.fc b/policy/modules/admin/shorewall.fc
deleted file mode 100644
index 029cb7e..0000000
--- a/policy/modules/admin/shorewall.fc
+++ /dev/null
@@ -1,14 +0,0 @@
-/etc/rc\.d/init\.d/shorewall		--	gen_context(system_u:object_r:shorewall_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/shorewall-lite	--	gen_context(system_u:object_r:shorewall_initrc_exec_t,s0)
-
-/etc/shorewall(/.*)?				gen_context(system_u:object_r:shorewall_etc_t,s0)
-/etc/shorewall-lite(/.*)?			gen_context(system_u:object_r:shorewall_etc_t,s0)
-
-/sbin/shorewall6?			--	gen_context(system_u:object_r:shorewall_exec_t,s0)
-/sbin/shorewall-lite			--	gen_context(system_u:object_r:shorewall_exec_t,s0)
-
-/var/lib/shorewall(/.*)?			gen_context(system_u:object_r:shorewall_var_lib_t,s0)
-/var/lib/shorewall6(/.*)?			gen_context(system_u:object_r:shorewall_var_lib_t,s0)
-/var/lib/shorewall-lite(/.*)?			gen_context(system_u:object_r:shorewall_var_lib_t,s0)
-
-/var/log/shorewall.*				gen_context(system_u:object_r:shorewall_log_t,s0)
diff --git a/policy/modules/admin/shorewall.if b/policy/modules/admin/shorewall.if
deleted file mode 100644
index f198119..0000000
--- a/policy/modules/admin/shorewall.if
+++ /dev/null
@@ -1,202 +0,0 @@
-## <summary>Shoreline Firewall high-level tool for configuring netfilter</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run shorewall.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`shorewall_domtrans',`
-	gen_require(`
-		type shorewall_t, shorewall_exec_t;
-	')
-
-	domtrans_pattern($1, shorewall_exec_t, shorewall_t)
-')
-
-######################################
-## <summary>
-##      Execute a domain transition to run shorewall.
-## </summary>
-## <param name="domain">
-## <summary>
-##      Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`shorewall_domtrans_lib',`
-        gen_require(`
-                type shorewall_t, shorewall_var_lib_t;
-        ')
-
-        domtrans_pattern($1, shorewall_var_lib_t, shorewall_t)
-')
-
-#######################################
-## <summary>
-##	Read shorewall etc configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`shorewall_read_config',`
-	gen_require(`
-		type shorewall_etc_t;
-	')
-
-	files_search_etc($1)
-	read_files_pattern($1, shorewall_etc_t, shorewall_etc_t)
-')
-
-#######################################
-## <summary>
-##	Read shorewall PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`shorewall_read_pid_files',`
-	gen_require(`
-		type shorewall_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, shorewall_var_run_t, shorewall_var_run_t)
-')
-
-#######################################
-## <summary>
-##	Read and write shorewall PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`shorewall_rw_pid_files',`
-	gen_require(`
-		type shorewall_var_run_t;
-	')
-
-	files_search_pids($1)
-	rw_files_pattern($1, shorewall_var_run_t, shorewall_var_run_t)
-')
-
-######################################
-## <summary>
-##      Read shorewall /var/lib files.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`shorewall_read_lib_files',`
-        gen_require(`
-                type shorewall_t;
-       ')
-
-        files_search_var_lib($1)
-        search_dirs_pattern($1, shorewall_var_lib_t, shorewall_var_lib_t)
-        read_files_pattern($1, shorewall_var_lib_t, shorewall_var_lib_t)
-')
-
-#######################################
-## <summary>
-##      Read and write shorewall /var/lib files.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`shorewall_rw_lib_files',`
-        gen_require(`
-                type shorewall_var_lib_t;
-       ')
-
-        files_search_var_lib($1)
-        search_dirs_pattern($1, shorewall_var_lib_t, shorewall_var_lib_t)
-        rw_files_pattern($1, shorewall_var_lib_t, shorewall_var_lib_t)
-')
-
-#######################################
-## <summary>
-##      Read shorewall tmp files.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`shorewall_read_tmp_files',`
-        gen_require(`
-                type shorewall_tmp_t;
-        ')
-
-        files_search_tmp($1)
-        read_files_pattern($1, shorewall_tmp_t, shorewall_tmp_t)
-')
-
-#######################################
-## <summary>
-##	All of the rules required to administrate 
-##	an shorewall environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the syslog domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`shorewall_admin',`
-	gen_require(`
-		type shorewall_t, shorewall_lock_t;
-		type shorewall_log_t;
-		type shorewall_initrc_exec_t, shorewall_var_lib_t;
-		type shorewall_tmp_t, shorewall_etc_t;
-	')
-
-	allow $1 shorewall_t:process { ptrace signal_perms };
-	ps_process_pattern($1, shorewall_t)
-
-	init_labeled_script_domtrans($1, shorewall_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 shorewall_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, shorewall_etc_t)
-
-	files_list_locks($1)
-	admin_pattern($1, shorewall_lock_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, shorewall_var_lib_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, shorewall_log_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, shorewall_tmp_t)
-')
diff --git a/policy/modules/admin/shorewall.te b/policy/modules/admin/shorewall.te
deleted file mode 100644
index ffc0571..0000000
--- a/policy/modules/admin/shorewall.te
+++ /dev/null
@@ -1,113 +0,0 @@
-policy_module(shorewall, 1.1.1)
-
-########################################
-#
-# Declarations
-#
-
-type shorewall_t;
-type shorewall_exec_t;
-init_daemon_domain(shorewall_t, shorewall_exec_t)
-
-type shorewall_initrc_exec_t;
-init_script_file(shorewall_initrc_exec_t)
-
-# etc files
-type shorewall_etc_t;
-files_config_file(shorewall_etc_t)
-
-# lock files
-type shorewall_lock_t;
-files_lock_file(shorewall_lock_t)
-
-# tmp files
-type shorewall_tmp_t;
-files_tmp_file(shorewall_tmp_t)
-
-# var/lib files
-type shorewall_var_lib_t;
-files_type(shorewall_var_lib_t)
-
-type shorewall_log_t;
-logging_log_file(shorewall_log_t)
-
-########################################
-#
-# shorewall local policy
-#
-
-allow shorewall_t self:capability { dac_override net_admin net_raw setuid setgid sys_nice sys_ptrace };
-dontaudit shorewall_t self:capability sys_tty_config;
-allow shorewall_t self:fifo_file rw_fifo_file_perms;
-
-read_files_pattern(shorewall_t, shorewall_etc_t, shorewall_etc_t)
-list_dirs_pattern(shorewall_t, shorewall_etc_t, shorewall_etc_t)
-
-manage_files_pattern(shorewall_t, shorewall_lock_t, shorewall_lock_t)
-files_lock_filetrans(shorewall_t, shorewall_lock_t, file)
-
-manage_files_pattern(shorewall_t, shorewall_log_t, shorewall_log_t)
-manage_dirs_pattern(shorewall_t, shorewall_log_t, shorewall_log_t)
-logging_log_filetrans(shorewall_t, shorewall_log_t, { file dir })
-
-manage_dirs_pattern(shorewall_t, shorewall_tmp_t, shorewall_tmp_t)
-manage_files_pattern(shorewall_t, shorewall_tmp_t, shorewall_tmp_t)
-files_tmp_filetrans(shorewall_t, shorewall_tmp_t, { file dir })
-
-exec_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
-manage_dirs_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
-manage_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
-files_var_lib_filetrans(shorewall_t, shorewall_var_lib_t, { dir file })
-allow shorewall_t shorewall_var_lib_t:file entrypoint;
-
-allow shorewall_t shorewall_initrc_exec_t:file read_file_perms;
-
-kernel_read_kernel_sysctls(shorewall_t)
-kernel_read_network_state(shorewall_t)
-kernel_read_system_state(shorewall_t)
-kernel_rw_net_sysctls(shorewall_t)
-
-corecmd_exec_bin(shorewall_t)
-corecmd_exec_shell(shorewall_t)
-
-dev_read_urand(shorewall_t)
-
-domain_read_all_domains_state(shorewall_t)
-
-files_getattr_kernel_modules(shorewall_t)
-files_read_etc_files(shorewall_t)
-files_read_usr_files(shorewall_t)
-files_search_kernel_modules(shorewall_t)
-
-fs_getattr_all_fs(shorewall_t)
-
-init_rw_utmp(shorewall_t)
-
-logging_read_generic_logs(shorewall_t)
-logging_send_syslog_msg(shorewall_t)
-
-miscfiles_read_localization(shorewall_t)
-
-sysnet_domtrans_ifconfig(shorewall_t)
-
-userdom_dontaudit_list_admin_dir(shorewall_t)
-
-optional_policy(`
-        brctl_domtrans(shorewall_t)
-')
-
-optional_policy(`
-	hostname_exec(shorewall_t)
-')
-
-optional_policy(`
-	iptables_domtrans(shorewall_t)
-')
-
-optional_policy(`
-	modutils_domtrans_insmod(shorewall_t)
-')
-
-optional_policy(`
-	ulogd_search_log(shorewall_t)
-')
diff --git a/policy/modules/admin/shutdown.fc b/policy/modules/admin/shutdown.fc
deleted file mode 100644
index 09c3771..0000000
--- a/policy/modules/admin/shutdown.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-/etc/nologin		--	gen_context(system_u:object_r:shutdown_etc_t,s0)
-
-/sbin/shutdown		--	gen_context(system_u:object_r:shutdown_exec_t,s0)
-
-/var/run/shutdown\.pid 	--	gen_context(system_u:object_r:shutdown_var_run_t,s0)
-
-/lib/upstart/shutdown 	--	gen_context(system_u:object_r:shutdown_exec_t,s0)
diff --git a/policy/modules/admin/shutdown.if b/policy/modules/admin/shutdown.if
deleted file mode 100644
index 914e1ac..0000000
--- a/policy/modules/admin/shutdown.if
+++ /dev/null
@@ -1,135 +0,0 @@
-## <summary>System shutdown command</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run shutdown.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`shutdown_domtrans',`
-	gen_require(`
-		type shutdown_t, shutdown_exec_t;
-	')
-
-	domtrans_pattern($1, shutdown_exec_t, shutdown_t)
-
-	ifdef(`hide_broken_symptoms', `
-		dontaudit shutdown_t $1:socket_class_set { read write };
-		dontaudit shutdown_t $1:fifo_file rw_inherited_fifo_file_perms;
-	')
-')
-
-
-########################################
-## <summary>
-##	Execute shutdown in the shutdown domain, and
-##	allow the specified role the shutdown domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`shutdown_run',`
-	gen_require(`
-		type shutdown_t;
-	')
-
-	shutdown_domtrans($1)
-	role $2 types shutdown_t;
-')
-
-########################################
-## <summary>
-##	Role access for shutdown
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`shutdown_role',`
-	gen_require(`
-              type shutdown_t;
-	')
-
-	role $1 types shutdown_t;
-
-	shutdown_domtrans($2)
-
-	ps_process_pattern($2, shutdown_t)
-	allow $2 shutdown_t:process signal;
-')
-
-########################################
-## <summary>
-##	Recieve sigchld from shutdown
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-#
-interface(`shutdown_send_sigchld',`
-	gen_require(`
-              type shutdown_t;
-	')
-
-	allow shutdown_t $1:process signal;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	shutdown over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`shutdown_dbus_chat',`
-	gen_require(`
-		type shutdown_t;
-		class dbus send_msg;
-	')
-
-	allow $1 shutdown_t:dbus send_msg;
-	allow shutdown_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Get attributes of shutdown executable.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`shutdown_getattr_exec_files',`
-	gen_require(`
-		type shutdown_exec_t;
-	')
-
-	allow $1 shutdown_exec_t:file getattr;
-')
diff --git a/policy/modules/admin/shutdown.te b/policy/modules/admin/shutdown.te
deleted file mode 100644
index eb63a79..0000000
--- a/policy/modules/admin/shutdown.te
+++ /dev/null
@@ -1,66 +0,0 @@
-policy_module(shutdown, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type shutdown_t;
-type shutdown_exec_t;
-application_domain(shutdown_t, shutdown_exec_t)
-role system_r types shutdown_t;
-
-type shutdown_etc_t;
-files_config_file(shutdown_etc_t)
-
-type shutdown_var_run_t;
-files_pid_file(shutdown_var_run_t)
-
-########################################
-#
-# shutdown local policy
-#
-
-allow shutdown_t self:capability { dac_override kill setuid sys_tty_config };
-allow shutdown_t self:process { fork signal signull };
-
-allow shutdown_t self:fifo_file manage_fifo_file_perms;
-allow shutdown_t self:unix_stream_socket create_stream_socket_perms;
-
-manage_files_pattern(shutdown_t, shutdown_etc_t, shutdown_etc_t)
-files_etc_filetrans(shutdown_t, shutdown_etc_t, file)
-
-manage_files_pattern(shutdown_t, shutdown_var_run_t, shutdown_var_run_t)
-files_pid_filetrans(shutdown_t, shutdown_var_run_t, file)
-
-files_read_etc_files(shutdown_t)
-files_read_generic_pids(shutdown_t)
-
-mls_file_write_to_clearance(shutdown_t)
-
-term_use_all_terms(shutdown_t)
-
-auth_use_nsswitch(shutdown_t)
-auth_write_login_records(shutdown_t)
-
-init_rw_utmp(shutdown_t)
-init_telinit(shutdown_t)
-
-logging_search_logs(shutdown_t)
-logging_send_audit_msgs(shutdown_t)
-
-miscfiles_read_localization(shutdown_t)
-
-optional_policy(`
-	dbus_system_bus_client(shutdown_t)
-	dbus_connect_system_bus(shutdown_t)
-')
-
-optional_policy(`
-    oddjob_dontaudit_rw_fifo_file(shutdown_t)
-    oddjob_sigchld(shutdown_t)
-')
-
-optional_policy(`
-	xserver_dontaudit_write_log(shutdown_t)
-')
diff --git a/policy/modules/admin/smoltclient.fc b/policy/modules/admin/smoltclient.fc
deleted file mode 100644
index 47cc440..0000000
--- a/policy/modules/admin/smoltclient.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-/usr/share/smolt/client/sendProfile.py	--	gen_context(system_u:object_r:smoltclient_exec_t,s0)	
-
diff --git a/policy/modules/admin/smoltclient.if b/policy/modules/admin/smoltclient.if
deleted file mode 100644
index a54079b..0000000
--- a/policy/modules/admin/smoltclient.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>The Fedora hardware profiler client</summary>
diff --git a/policy/modules/admin/smoltclient.te b/policy/modules/admin/smoltclient.te
deleted file mode 100644
index f48e9dd..0000000
--- a/policy/modules/admin/smoltclient.te
+++ /dev/null
@@ -1,68 +0,0 @@
-policy_module(smoltclient, 1.0.1)
-
-########################################
-#
-# Declarations
-#
-
-type smoltclient_t;
-type smoltclient_exec_t;
-application_domain(smoltclient_t, smoltclient_exec_t)
-cron_system_entry(smoltclient_t, smoltclient_exec_t)
-
-type smoltclient_tmp_t;
-files_tmp_file(smoltclient_tmp_t)
-
-########################################
-#
-# Local policy
-#
-
-allow smoltclient_t self:process { setsched getsched };
-
-allow smoltclient_t self:fifo_file rw_fifo_file_perms;
-allow smoltclient_t self:tcp_socket create_socket_perms;
-allow smoltclient_t self:udp_socket create_socket_perms;
-
-can_exec(smoltclient_t, smoltclient_tmp_t)
-manage_dirs_pattern(smoltclient_t, smoltclient_tmp_t, smoltclient_tmp_t)
-manage_files_pattern(smoltclient_t, smoltclient_tmp_t, smoltclient_tmp_t)
-files_tmp_filetrans(smoltclient_t, smoltclient_tmp_t, { dir file })
-
-kernel_read_system_state(smoltclient_t)
-kernel_read_network_state(smoltclient_t)
-kernel_read_kernel_sysctls(smoltclient_t)
-
-corecmd_exec_bin(smoltclient_t)
-corecmd_exec_shell(smoltclient_t)
-
-corenet_tcp_connect_http_port(smoltclient_t)
-
-dev_read_sysfs(smoltclient_t)
-
-fs_getattr_all_fs(smoltclient_t)
-fs_getattr_all_dirs(smoltclient_t)
-fs_list_auto_mountpoints(smoltclient_t)
-
-files_getattr_generic_locks(smoltclient_t)
-files_read_etc_files(smoltclient_t)
-files_read_usr_files(smoltclient_t)
-
-auth_use_nsswitch(smoltclient_t)
-
-logging_send_syslog_msg(smoltclient_t)
-
-miscfiles_read_localization(smoltclient_t)
-
-optional_policy(`
-	dbus_system_bus_client(smoltclient_t)
-')
-
-optional_policy(`
-	hal_dbus_chat(smoltclient_t)
-')
-
-optional_policy(`
-	rpm_exec(smoltclient_t)
-	rpm_read_db(smoltclient_t)
-')
diff --git a/policy/modules/admin/su.fc b/policy/modules/admin/su.fc
deleted file mode 100644
index 688abc2..0000000
--- a/policy/modules/admin/su.fc
+++ /dev/null
@@ -1,5 +0,0 @@
-
-/bin/su			--	gen_context(system_u:object_r:su_exec_t,s0)
-
-/usr/(local/)?bin/ksu	--	gen_context(system_u:object_r:su_exec_t,s0)
-/usr/bin/kdesu		--	gen_context(system_u:object_r:su_exec_t,s0)
diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
deleted file mode 100644
index 1b60ad8..0000000
--- a/policy/modules/admin/su.if
+++ /dev/null
@@ -1,339 +0,0 @@
-## <summary>Run shells with substitute user and group</summary>
-
-#######################################
-## <summary>
-##	Restricted su domain template.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a derived domain which is allowed
-##	to change the linux user id, to run shells as a different
-##	user.
-##	</p>
-## </desc>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-#
-template(`su_restricted_domain_template', `
-	gen_require(`
-		type su_exec_t;
-	')
-
-	type $1_su_t;
-	domain_entry_file($1_su_t, su_exec_t)
-	domain_type($1_su_t)
-	domain_interactive_fd($1_su_t)
-	role $3 types $1_su_t;
-
-	allow $2 $1_su_t:process signal;
-
-	allow $1_su_t self:capability { audit_control audit_write setuid setgid net_bind_service chown dac_override fowner sys_nice sys_resource };
-	dontaudit $1_su_t self:capability sys_tty_config;
-	allow $1_su_t self:key { search write };
-	allow $1_su_t self:process { setexec setsched setrlimit };
-	allow $1_su_t self:fifo_file rw_fifo_file_perms;
-	allow $1_su_t self:netlink_audit_socket { nlmsg_relay create_netlink_socket_perms };
-	allow $1_su_t self:unix_stream_socket create_stream_socket_perms;
-
-	# Transition from the user domain to this domain.
-	domtrans_pattern($2, su_exec_t, $1_su_t)
-
-	# By default, revert to the calling domain when a shell is executed.
-	corecmd_shell_domtrans($1_su_t,$2)
-	allow $2 $1_su_t:fd use;
-	allow $2 $1_su_t:fifo_file rw_file_perms;
-	allow $2 $1_su_t:process sigchld;
-
-	kernel_read_system_state($1_su_t)
-	kernel_read_kernel_sysctls($1_su_t)
-	kernel_search_key($1_su_t)
-	kernel_link_key($1_su_t)
-
-	# for SSP
-	dev_read_urand($1_su_t)
-
-	files_read_etc_files($1_su_t)
-	files_read_etc_runtime_files($1_su_t)
-	files_search_var_lib($1_su_t)
-	files_dontaudit_getattr_tmp_dirs($1_su_t)
-
-	# for the rootok check
-	selinux_compute_access_vector($1_su_t)
-
-	auth_domtrans_chk_passwd($1_su_t)
-	auth_dontaudit_read_shadow($1_su_t)
-	auth_use_nsswitch($1_su_t)
-	auth_rw_faillog($1_su_t)
-
-	domain_use_interactive_fds($1_su_t)
-
-	init_dontaudit_use_fds($1_su_t)
-	init_dontaudit_use_script_ptys($1_su_t)
-	# Write to utmp.
-	init_rw_utmp($1_su_t)
-
-	logging_send_syslog_msg($1_su_t)
-
-	miscfiles_read_localization($1_su_t)
-
-	ifdef(`distro_redhat',`
-		# RHEL5 and possibly newer releases incl. Fedora
-		auth_domtrans_upd_passwd($1_su_t)
-
-		optional_policy(`
-			locallogin_search_keys($1_su_t)
-		')
-	')
-
-	ifdef(`distro_rhel4',`
-		domain_role_change_exemption($1_su_t)
-		domain_subj_id_change_exemption($1_su_t)
-		domain_obj_id_change_exemption($1_su_t)
-
-		selinux_get_fs_mount($1_su_t)
-		selinux_validate_context($1_su_t)
-		selinux_compute_access_vector($1_su_t)
-		selinux_compute_create_context($1_su_t)
-		selinux_compute_relabel_context($1_su_t)
-		selinux_compute_user_contexts($1_su_t)
-
-		seutil_read_config($1_su_t)
-		seutil_read_default_contexts($1_su_t)
-
-		# Only allow transitions to unprivileged user domains.
-		userdom_spec_domtrans_unpriv_users($1_su_t)
-	')
-
-	ifdef(`hide_broken_symptoms',`
-		# dontaudit leaked sockets from parent
-		dontaudit $1_su_t $2:socket_class_set { read write };
-	')
-
-	optional_policy(`
-		cron_read_pipes($1_su_t)
-	')
-
-	optional_policy(`
-		kerberos_use($1_su_t)
-	')
-
-	optional_policy(`
-		# used when the password has expired
-		usermanage_read_crack_db($1_su_t)
-	')
-
-	ifdef(`TODO',`
-	# Caused by su - init scripts
-	dontaudit $1_su_t initrc_devpts_t:chr_file { getattr ioctl };
-	') dnl end TODO
-')
-
-#######################################
-## <summary>
-##	The role template for the su module.
-## </summary>
-## <param name="role_prefix">
-##	<summary>
-##	The prefix of the user role (e.g., user
-##	is the prefix for user_r).
-##	</summary>
-## </param>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-template(`su_role_template',`
-	gen_require(`
-		attribute su_domain_type;
-		type su_exec_t;
-		bool secure_mode;
-	')
-
-	type $1_su_t, su_domain_type;
-	domain_entry_file($1_su_t, su_exec_t)
-	domain_type($1_su_t)
-	domain_interactive_fd($1_su_t)
-	ubac_constrained($1_su_t)
-	role $2 types $1_su_t;
-
-	allow $3 $1_su_t:process signal;
-
-	allow $1_su_t self:capability { audit_control audit_write setuid setgid net_bind_service chown dac_override fowner sys_nice sys_resource };
-	dontaudit $1_su_t self:capability sys_tty_config;
-	allow $1_su_t self:process { setexec setsched setrlimit };
-	allow $1_su_t self:fifo_file rw_fifo_file_perms;
-	allow $1_su_t self:netlink_audit_socket { nlmsg_relay create_netlink_socket_perms };
-	allow $1_su_t self:key { search write };
-
-	# Transition from the user domain to this domain.
-	domtrans_pattern($3, su_exec_t, $1_su_t)
-
-	ps_process_pattern($3, $1_su_t)
-
-	# By default, revert to the calling domain when a shell is executed.
-	corecmd_shell_domtrans($1_su_t, $3)
-	allow $3 $1_su_t:fd use;
-	allow $3 $1_su_t:fifo_file rw_file_perms;
-	allow $3 $1_su_t:process sigchld;
-
-	kernel_read_system_state($1_su_t)
-	kernel_read_kernel_sysctls($1_su_t)
-	kernel_search_key($1_su_t)
-	kernel_link_key($1_su_t)
-
-	# for SSP
-	dev_read_urand($1_su_t)
-
-	fs_search_auto_mountpoints($1_su_t)
-
-	# needed for pam_rootok
-	selinux_compute_access_vector($1_su_t)
-
-	auth_domtrans_chk_passwd($1_su_t)
-	auth_dontaudit_read_shadow($1_su_t)
-	auth_use_pam($1_su_t)
-	auth_rw_faillog($1_su_t)
-
-	corecmd_search_bin($1_su_t)
-
-	domain_use_interactive_fds($1_su_t)
-
-	files_read_etc_files($1_su_t)
-	files_read_etc_runtime_files($1_su_t)
-	files_search_var_lib($1_su_t)
-	files_dontaudit_getattr_tmp_dirs($1_su_t)
-
-	init_dontaudit_use_fds($1_su_t)
-	# Write to utmp.
-	init_rw_utmp($1_su_t)
-
-	mls_file_write_all_levels($1_su_t)
-
-	logging_send_syslog_msg($1_su_t)
-
-	miscfiles_read_localization($1_su_t)
-
-	userdom_use_user_terminals($1_su_t)
-	userdom_search_user_home_dirs($1_su_t)
-	userdom_search_admin_dir($1_su_t)
-
-	ifdef(`distro_redhat',`
-		# RHEL5 and possibly newer releases incl. Fedora
-		auth_domtrans_upd_passwd($1_su_t)
-
-		optional_policy(`
-			locallogin_search_keys($1_su_t)
-		')
-	')
-
-	ifdef(`distro_rhel4',`
-		domain_role_change_exemption($1_su_t)
-		domain_subj_id_change_exemption($1_su_t)
-		domain_obj_id_change_exemption($1_su_t)
-
-		selinux_get_fs_mount($1_su_t)
-		selinux_validate_context($1_su_t)
-		selinux_compute_create_context($1_su_t)
-		selinux_compute_relabel_context($1_su_t)
-		selinux_compute_user_contexts($1_su_t)
-
-		# Relabel ttys and ptys.
-		term_relabel_all_ttys($1_su_t)
-		term_relabel_all_ptys($1_su_t)
-		# Close and re-open ttys and ptys to get the fd into the correct domain.
-		term_use_all_ttys($1_su_t)
-		term_use_all_ptys($1_su_t)
-
-		seutil_read_config($1_su_t)
-		seutil_read_default_contexts($1_su_t)
-
-		if(secure_mode) {
-			# Only allow transitions to unprivileged user domains.
-			userdom_spec_domtrans_unpriv_users($1_su_t)
-		} else {
-			# Allow transitions to all user domains
-			userdom_spec_domtrans_all_users($1_su_t)
-		}
-
-		optional_policy(`
-			unconfined_domtrans($1_su_t)
-			unconfined_signal($1_su_t)
-		')
-	')
-
-	ifdef(`hide_broken_symptoms',`
-		# dontaudit leaked sockets from parent
-		dontaudit $1_su_t $3:socket_class_set { read write };
-	')
-
-	tunable_policy(`allow_polyinstantiation',`
-		fs_mount_xattr_fs($1_su_t)
-		fs_unmount_xattr_fs($1_su_t)
-	')
-
-	tunable_policy(`use_nfs_home_dirs',`
-		fs_search_nfs($1_su_t)
-	')
-
-	tunable_policy(`use_samba_home_dirs',`
-		fs_search_cifs($1_su_t)
-	')
-
-	optional_policy(`
-		cron_read_pipes($1_su_t)
-	')
-
-	optional_policy(`
-		kerberos_use($1_su_t)
-	')
-
-	optional_policy(`
-		# used when the password has expired
-		usermanage_read_crack_db($1_su_t)
-	')
-
-	# Modify .Xauthority file (via xauth program).
-	optional_policy(`
-		xserver_user_home_dir_filetrans_user_xauth($1_su_t)
-		xserver_domtrans_xauth($1_su_t)
-	')
-')
-
-#######################################
-## <summary>
-##	Execute su in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`su_exec',`
-	gen_require(`
-		type su_exec_t;
-	')
-
-	can_exec($1, su_exec_t)
-')
diff --git a/policy/modules/admin/su.te b/policy/modules/admin/su.te
deleted file mode 100644
index b62353a..0000000
--- a/policy/modules/admin/su.te
+++ /dev/null
@@ -1,11 +0,0 @@
-policy_module(su, 1.10.1)
-
-########################################
-#
-# Declarations
-#
-
-attribute su_domain_type;
-
-type su_exec_t;
-corecmd_executable_file(su_exec_t)
diff --git a/policy/modules/admin/sudo.fc b/policy/modules/admin/sudo.fc
deleted file mode 100644
index 2b59ed0..0000000
--- a/policy/modules/admin/sudo.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-
-/usr/bin/sudo(edit)?	--	gen_context(system_u:object_r:sudo_exec_t,s0)
-
-/var/db/sudo(/.*)?		gen_context(system_u:object_r:sudo_db_t,s0)
diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
deleted file mode 100644
index bb95e79..0000000
--- a/policy/modules/admin/sudo.if
+++ /dev/null
@@ -1,191 +0,0 @@
-## <summary>Execute a command with a substitute user</summary>
-
-#######################################
-## <summary>
-##	The role template for the sudo module.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a derived domain which is allowed
-##	to change the linux user id, to run commands as a different
-##	user.
-##	</p>
-## </desc>
-## <param name="role_prefix">
-##	<summary>
-##	The prefix of the user role (e.g., user
-##	is the prefix for user_r).
-##	</summary>
-## </param>
-## <param name="user_role">
-##	<summary>
-##	The user role.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The user domain associated with the role.
-##	</summary>
-## </param>
-#
-template(`sudo_role_template',`
-
-	gen_require(`
-		type sudo_exec_t;
-		type sudo_db_t;
-		attribute sudodomain;
-	')
-
-	##############################
-	#
-	# Declarations
-	#
-
-	type $1_sudo_t, sudodomain; 
-	application_domain($1_sudo_t, sudo_exec_t)
-	domain_interactive_fd($1_sudo_t)
-	domain_role_change_exemption($1_sudo_t)
-	ubac_constrained($1_sudo_t)
-	role $2 types $1_sudo_t;
-
-	manage_dirs_pattern($1_sudo_t, sudo_db_t, sudo_db_t)
-	manage_files_pattern($1_sudo_t, sudo_db_t, sudo_db_t)
-
-	##############################
-	#
-	# Local Policy
-	#
-
-	# Use capabilities.
-	allow $1_sudo_t self:capability { fowner setuid setgid dac_override sys_nice sys_resource };
-	allow $1_sudo_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-	allow $1_sudo_t self:process { setexec setrlimit };
-	allow $1_sudo_t self:fd use;
-	allow $1_sudo_t self:fifo_file rw_fifo_file_perms;
-	allow $1_sudo_t self:shm create_shm_perms;
-	allow $1_sudo_t self:sem create_sem_perms;
-	allow $1_sudo_t self:msgq create_msgq_perms;
-	allow $1_sudo_t self:msg { send receive };
-	allow $1_sudo_t self:unix_dgram_socket create_socket_perms;
-	allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
-	allow $1_sudo_t self:unix_dgram_socket sendto;
-	allow $1_sudo_t self:unix_stream_socket connectto;
-	allow $1_sudo_t self:key manage_key_perms;
-
-	allow $1_sudo_t $3:key search;
-
-	# Enter this derived domain from the user domain
-	domtrans_pattern($3, sudo_exec_t, $1_sudo_t)
-
-	# By default, revert to the calling domain when a shell is executed.
-	corecmd_shell_domtrans($1_sudo_t, $3)
-	corecmd_bin_domtrans($1_sudo_t, $3)
-	userdom_domtrans_user_home($1_sudo_t, $3)
-	userdom_domtrans_user_tmp($1_sudo_t, $3)
-	allow $3 $1_sudo_t:fd use;
-	allow $3 $1_sudo_t:fifo_file rw_file_perms;
-	allow $3 $1_sudo_t:process signal_perms;
-
-	kernel_read_kernel_sysctls($1_sudo_t)
-	kernel_read_system_state($1_sudo_t)
-	kernel_link_key($1_sudo_t)
-
-	corecmd_read_bin_symlinks($1_sudo_t)
-	corecmd_exec_all_executables($1_sudo_t)
-
-	dev_read_urand($1_sudo_t)
-	dev_rw_generic_usb_dev($1_sudo_t)
-	dev_read_sysfs($1_sudo_t)
-
-	domain_use_interactive_fds($1_sudo_t)
-	domain_sigchld_interactive_fds($1_sudo_t)
-	domain_getattr_all_entry_files($1_sudo_t)
-
-	files_read_etc_files($1_sudo_t)
-	files_read_var_files($1_sudo_t)
-	files_read_usr_symlinks($1_sudo_t)
-	files_getattr_usr_files($1_sudo_t)
-	# for some PAM modules and for cwd
-	files_dontaudit_search_home($1_sudo_t)
-	files_list_tmp($1_sudo_t)
-
-	fs_search_auto_mountpoints($1_sudo_t)
-	fs_getattr_xattr_fs($1_sudo_t)
-
-	selinux_validate_context($1_sudo_t)
-	selinux_compute_relabel_context($1_sudo_t)
-
-	term_relabel_all_ttys($1_sudo_t)
-	term_relabel_all_ptys($1_sudo_t)
-	term_getattr_pty_fs($1_sudo_t)
-
-	auth_run_chk_passwd($1_sudo_t, $2)
-	# sudo stores a token in the pam_pid directory
-	auth_manage_pam_pid($1_sudo_t)
-	auth_use_nsswitch($1_sudo_t)
-
-	application_signal($1_sudo_t)
-
-	init_rw_utmp($1_sudo_t)
-
-	logging_send_audit_msgs($1_sudo_t)
-	logging_send_syslog_msg($1_sudo_t)
-
-	miscfiles_read_localization($1_sudo_t)
-
-	seutil_search_default_contexts($1_sudo_t)
-	seutil_libselinux_linked($1_sudo_t)
-
-	userdom_spec_domtrans_all_users($1_sudo_t)
-	userdom_manage_user_home_content_files($1_sudo_t)
-	userdom_manage_user_home_content_symlinks($1_sudo_t)
-	userdom_manage_user_tmp_files($1_sudo_t)
-	userdom_manage_user_tmp_symlinks($1_sudo_t)
-	userdom_use_user_terminals($1_sudo_t)
-	userdom_signal_unpriv_users($1_sudo_t)
-	# for some PAM modules and for cwd
-	userdom_search_user_home_content($1_sudo_t)
-	userdom_search_admin_dir($1_sudo_t)
-	userdom_manage_all_users_keys($1_sudo_t)
-
-	ifdef(`hide_broken_symptoms', `
-		dontaudit $1_sudo_t $3:socket_class_set { read write };
-	')
-
-	mta_role($2, $1_sudo_t)
-
-	tunable_policy(`use_nfs_home_dirs',`
-		fs_manage_nfs_files($1_sudo_t)
-	')
-
-	tunable_policy(`use_samba_home_dirs',`
-		fs_manage_cifs_files($1_sudo_t)
-	')
-
-	optional_policy(`
-		dbus_system_bus_client($1_sudo_t)
-	')
-
-	optional_policy(`
-		fprintd_dbus_chat($1_sudo_t)
-	')
-
-')
-
-########################################
-## <summary>
-##	Send a SIGCHLD signal to the sudo domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sudo_sigchld',`
-	gen_require(`
-		attribute sudodomain;
-	')
-
-	allow $1 sudodomain:process sigchld;
-')
diff --git a/policy/modules/admin/sudo.te b/policy/modules/admin/sudo.te
deleted file mode 100644
index c927b85..0000000
--- a/policy/modules/admin/sudo.te
+++ /dev/null
@@ -1,13 +0,0 @@
-policy_module(sudo, 1.6.1)
-
-########################################
-#
-# Declarations
-attribute sudodomain;
-
-type sudo_exec_t;
-application_executable_file(sudo_exec_t)
-
-type sudo_db_t;
-files_type(sudo_db_t)
-
diff --git a/policy/modules/admin/sxid.fc b/policy/modules/admin/sxid.fc
deleted file mode 100644
index bc3797b..0000000
--- a/policy/modules/admin/sxid.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-/usr/bin/sxid		--	gen_context(system_u:object_r:sxid_exec_t,s0)
-/usr/sbin/checksecurity\.se --	gen_context(system_u:object_r:sxid_exec_t,s0)
-
-/var/log/setuid.*	--	gen_context(system_u:object_r:sxid_log_t,s0)
-/var/log/setuid\.today.* --	gen_context(system_u:object_r:sxid_log_t,s0)
-/var/log/sxid\.log.*	--	gen_context(system_u:object_r:sxid_log_t,s0)
diff --git a/policy/modules/admin/sxid.if b/policy/modules/admin/sxid.if
deleted file mode 100644
index dd8ac62..0000000
--- a/policy/modules/admin/sxid.if
+++ /dev/null
@@ -1,22 +0,0 @@
-## <summary>SUID/SGID program monitoring</summary>
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	sxid log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`sxid_read_log',`
-	gen_require(`
-		type sxid_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 sxid_log_t:file read_file_perms;
-')
diff --git a/policy/modules/admin/sxid.te b/policy/modules/admin/sxid.te
deleted file mode 100644
index d5aaf0e..0000000
--- a/policy/modules/admin/sxid.te
+++ /dev/null
@@ -1,97 +0,0 @@
-policy_module(sxid, 1.5.0)
-
-########################################
-#
-# Declarations
-#
-
-type sxid_t;
-type sxid_exec_t;
-application_domain(sxid_t, sxid_exec_t)
-
-type sxid_log_t;
-logging_log_file(sxid_log_t)
-
-type sxid_tmp_t;
-files_tmp_file(sxid_tmp_t)
-
-########################################
-#
-# Local policy
-#
-
-allow sxid_t self:capability { dac_override dac_read_search fsetid };
-dontaudit sxid_t self:capability { setuid setgid sys_tty_config };
-allow sxid_t self:process signal_perms;
-allow sxid_t self:fifo_file rw_fifo_file_perms;
-allow sxid_t self:tcp_socket create_stream_socket_perms;
-allow sxid_t self:udp_socket create_socket_perms;
-
-allow sxid_t sxid_log_t:file manage_file_perms;
-logging_log_filetrans(sxid_t, sxid_log_t, file)
-
-manage_dirs_pattern(sxid_t, sxid_tmp_t, sxid_tmp_t)
-manage_files_pattern(sxid_t, sxid_tmp_t, sxid_tmp_t)
-files_tmp_filetrans(sxid_t, sxid_tmp_t, { file dir })
-
-kernel_read_system_state(sxid_t)
-kernel_read_kernel_sysctls(sxid_t)
-
-corecmd_exec_bin(sxid_t)
-corecmd_exec_shell(sxid_t)
-
-corenet_all_recvfrom_unlabeled(sxid_t)
-corenet_all_recvfrom_netlabel(sxid_t)
-corenet_tcp_sendrecv_generic_if(sxid_t)
-corenet_udp_sendrecv_generic_if(sxid_t)
-corenet_tcp_sendrecv_generic_node(sxid_t)
-corenet_udp_sendrecv_generic_node(sxid_t)
-corenet_tcp_sendrecv_all_ports(sxid_t)
-corenet_udp_sendrecv_all_ports(sxid_t)
-
-dev_read_sysfs(sxid_t)
-dev_getattr_all_blk_files(sxid_t)
-dev_getattr_all_chr_files(sxid_t)
-
-domain_use_interactive_fds(sxid_t)
-
-files_list_all(sxid_t)
-files_getattr_all_symlinks(sxid_t)
-files_getattr_all_pipes(sxid_t)
-files_getattr_all_sockets(sxid_t)
-
-fs_getattr_xattr_fs(sxid_t)
-fs_search_auto_mountpoints(sxid_t)
-fs_list_all(sxid_t)
-
-term_dontaudit_use_console(sxid_t)
-
-auth_read_all_files_except_shadow(sxid_t)
-auth_dontaudit_getattr_shadow(sxid_t)
-
-init_use_fds(sxid_t)
-init_use_script_ptys(sxid_t)
-
-logging_send_syslog_msg(sxid_t)
-
-miscfiles_read_localization(sxid_t)
-
-mount_exec(sxid_t)
-
-sysnet_read_config(sxid_t)
-
-userdom_dontaudit_use_unpriv_user_fds(sxid_t)
-
-cron_system_entry(sxid_t, sxid_exec_t)
-
-optional_policy(`
-	mta_send_mail(sxid_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(sxid_t)
-')
-
-optional_policy(`
-	udev_read_db(sxid_t)
-')
diff --git a/policy/modules/admin/tmpreaper.fc b/policy/modules/admin/tmpreaper.fc
deleted file mode 100644
index 81077db..0000000
--- a/policy/modules/admin/tmpreaper.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-/usr/sbin/tmpreaper		--	gen_context(system_u:object_r:tmpreaper_exec_t,s0)
-/usr/sbin/tmpwatch		--	gen_context(system_u:object_r:tmpreaper_exec_t,s0)
diff --git a/policy/modules/admin/tmpreaper.if b/policy/modules/admin/tmpreaper.if
deleted file mode 100644
index 8dfbd80..0000000
--- a/policy/modules/admin/tmpreaper.if
+++ /dev/null
@@ -1,21 +0,0 @@
-## <summary>Manage temporary directory sizes and file ages</summary>
-
-########################################
-## <summary>
-##	Execute tmpreaper in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`tmpreaper_exec',`
-	gen_require(`
-		type tmpreaper_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	can_exec($1, tmpreaper_exec_t)
-')
diff --git a/policy/modules/admin/tmpreaper.te b/policy/modules/admin/tmpreaper.te
deleted file mode 100644
index 50cd538..0000000
--- a/policy/modules/admin/tmpreaper.te
+++ /dev/null
@@ -1,87 +0,0 @@
-policy_module(tmpreaper, 1.5.0)
-
-########################################
-#
-# Declarations
-#
-
-type tmpreaper_t;
-type tmpreaper_exec_t;
-application_domain(tmpreaper_t, tmpreaper_exec_t)
-role system_r types tmpreaper_t;
-
-########################################
-#
-# Local Policy
-#
-
-allow tmpreaper_t self:process { fork sigchld };
-allow tmpreaper_t self:capability { dac_override dac_read_search fowner };
-
-dev_read_urand(tmpreaper_t)
-
-fs_getattr_xattr_fs(tmpreaper_t)
-
-files_read_etc_files(tmpreaper_t)
-files_read_var_lib_files(tmpreaper_t)
-files_purge_tmp(tmpreaper_t)
-files_delete_usr_dirs(tmpreaper_t)
-files_delete_usr_files(tmpreaper_t)
-# why does it need setattr?
-files_setattr_all_tmp_dirs(tmpreaper_t)
-files_setattr_usr_dirs(tmpreaper_t)
-files_getattr_all_dirs(tmpreaper_t)
-files_getattr_all_files(tmpreaper_t)
-
-mls_file_read_all_levels(tmpreaper_t)
-mls_file_write_all_levels(tmpreaper_t)
-
-logging_send_syslog_msg(tmpreaper_t)
-
-miscfiles_read_localization(tmpreaper_t)
-miscfiles_delete_man_pages(tmpreaper_t)
-
-cron_system_entry(tmpreaper_t, tmpreaper_exec_t)
-
-ifdef(`distro_redhat',`
-	userdom_list_user_home_content(tmpreaper_t)
-	userdom_delete_user_home_content_dirs(tmpreaper_t)
-	userdom_delete_user_home_content_files(tmpreaper_t)
-	userdom_delete_user_home_content_symlinks(tmpreaper_t)
-')
-
-optional_policy(`
-	amavis_manage_spool_files(tmpreaper_t)
-')
-
-optional_policy(`
-	apache_delete_sys_content_rw(tmpreaper_t)
-	apache_list_cache(tmpreaper_t)
-	apache_delete_cache_dirs(tmpreaper_t)
-	apache_delete_cache_files(tmpreaper_t)
-	apache_setattr_cache_dirs(tmpreaper_t)
-')
-
-optional_policy(`
-	kismet_manage_log(tmpreaper_t)
-')
-
-optional_policy(`
-	lpd_manage_spool(tmpreaper_t)
-')
-
-optional_policy(`
-	sandbox_list(tmpreaper_t)
-	sandbox_delete_dirs(tmpreaper_t)
-	sandbox_delete_files(tmpreaper_t)
-	sandbox_delete_sock_files(tmpreaper_t)
-	sandbox_setattr_dirs(tmpreaper_t)
-')
-
-optional_policy(`
-	rpm_manage_cache(tmpreaper_t)
-')
-
-optional_policy(`
-	unconfined_domain(tmpreaper_t)
-')
diff --git a/policy/modules/admin/tripwire.fc b/policy/modules/admin/tripwire.fc
deleted file mode 100644
index 962662f..0000000
--- a/policy/modules/admin/tripwire.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-
-/etc/tripwire(/.*)?			gen_context(system_u:object_r:tripwire_etc_t,s0)
-
-/usr/sbin/siggen		--	gen_context(system_u:object_r:siggen_exec_t,s0)
-/usr/sbin/tripwire		--	gen_context(system_u:object_r:tripwire_exec_t,s0)
-/usr/sbin/twadmin		--	gen_context(system_u:object_r:twadmin_exec_t,s0)
-/usr/sbin/twprint		--	gen_context(system_u:object_r:twprint_exec_t,s0)
-
-/var/lib/tripwire(/.*)?			gen_context(system_u:object_r:tripwire_var_lib_t,s0)
-/var/lib/tripwire/report(/.*)?		gen_context(system_u:object_r:tripwire_report_t,s0)
diff --git a/policy/modules/admin/tripwire.if b/policy/modules/admin/tripwire.if
deleted file mode 100644
index 27abd88..0000000
--- a/policy/modules/admin/tripwire.if
+++ /dev/null
@@ -1,190 +0,0 @@
-## <summary>Tripwire file integrity checker.</summary>
-## <desc>
-##	<p>
-##	Tripwire file integrity checker.
-##	</p>
-##	<p>
-##	NOTE: Tripwire creates temp file in its current working directory.
-##	This policy does not allow write access to home directories, so
-##	users will need to either cd to a directory where they have write
-##	permission, or set the TEMPDIRECTORY variable in the tripwire config
-##	file.  The latter is preferable, as then the file_type_auto_trans
-##	rules will kick in and label the files as private to tripwire.
-##	</p>
-## </desc>
-
-########################################
-## <summary>
-##	Execute tripwire in the tripwire domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`tripwire_domtrans_tripwire',`
-	gen_require(`
-		type tripwire_t, tripwire_exec_t;
-	')
-
-	domtrans_pattern($1, tripwire_exec_t, tripwire_t)
-')
-
-########################################
-## <summary>
-##	Execute tripwire in the tripwire domain, and
-##	allow the specified role the tripwire domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`tripwire_run_tripwire',`
-	gen_require(`
-		type tripwire_t;
-	')
-
-	tripwire_domtrans_tripwire($1)
-	role $2 types tripwire_t;
-')
-
-########################################
-## <summary>
-##	Execute twadmin in the twadmin domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`tripwire_domtrans_twadmin',`
-	gen_require(`
-		type twadmin_t, twadmin_exec_t;
-	')
-
-	domtrans_pattern($1, twadmin_exec_t, twadmin_t)
-')
-
-########################################
-## <summary>
-##	Execute twadmin in the twadmin domain, and
-##	allow the specified role the twadmin domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`tripwire_run_twadmin',`
-	gen_require(`
-		type twadmin_t;
-	')
-
-	tripwire_domtrans_twadmin($1)
-	role $2 types twadmin_t;
-')
-
-########################################
-## <summary>
-##	Execute twprint in the twprint domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`tripwire_domtrans_twprint',`
-	gen_require(`
-		type twprint_t, twprint_exec_t;
-	')
-
-	domtrans_pattern($1, twprint_exec_t, twprint_t)
-')
-
-########################################
-## <summary>
-##	Execute twprint in the twprint domain, and
-##	allow the specified role the twprint domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`tripwire_run_twprint',`
-	gen_require(`
-		type twprint_t;
-	')
-
-	tripwire_domtrans_twprint($1)
-	role $2 types twprint_t;
-')
-
-########################################
-## <summary>
-##	Execute siggen in the siggen domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`tripwire_domtrans_siggen',`
-	gen_require(`
-		type siggen_t, siggen_exec_t;
-	')
-
-	domtrans_pattern($1, siggen_exec_t, siggen_t)
-')
-
-########################################
-## <summary>
-##	Execute siggen in the siggen domain, and
-##	allow the specified role the siggen domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`tripwire_run_siggen',`
-	gen_require(`
-		type siggen_t;
-	')
-
-	tripwire_domtrans_siggen($1)
-	role $2 types siggen_t;
-')
diff --git a/policy/modules/admin/tripwire.te b/policy/modules/admin/tripwire.te
deleted file mode 100644
index 2ae8b62..0000000
--- a/policy/modules/admin/tripwire.te
+++ /dev/null
@@ -1,146 +0,0 @@
-policy_module(tripwire, 1.2.0)
-
-########################################
-#
-# Declarations
-#
-
-type siggen_t;
-type siggen_exec_t;
-application_domain(siggen_t, siggen_exec_t)
-
-type tripwire_t;
-type tripwire_exec_t;
-application_domain(tripwire_t, tripwire_exec_t)
-role system_r types tripwire_t;
-
-type tripwire_etc_t;
-files_config_file(tripwire_etc_t)
-
-type tripwire_report_t;
-files_type(tripwire_report_t)
-
-type tripwire_tmp_t;
-files_tmp_file(tripwire_tmp_t)
-
-type tripwire_var_lib_t;
-files_type(tripwire_var_lib_t)
-
-type twadmin_t;
-type twadmin_exec_t;
-application_domain(twadmin_t, twadmin_exec_t)
-
-type twprint_t;
-type twprint_exec_t;
-application_domain(twprint_t, twprint_exec_t)
-
-########################################
-#
-# Tripwire local policy
-#
-
-allow tripwire_t self:capability { setgid setuid dac_override };
-
-allow tripwire_t tripwire_etc_t:dir list_dir_perms;
-read_files_pattern(tripwire_t, tripwire_etc_t, tripwire_etc_t)
-read_lnk_files_pattern(tripwire_t, tripwire_etc_t, tripwire_etc_t)
-files_search_etc(tripwire_t)
-
-# Tripwire report files
-manage_dirs_pattern(tripwire_t, tripwire_report_t, tripwire_report_t)
-manage_files_pattern(tripwire_t, tripwire_report_t, tripwire_report_t)
-manage_lnk_files_pattern(tripwire_t, tripwire_report_t, tripwire_report_t)
-
-manage_dirs_pattern(tripwire_t, tripwire_tmp_t, tripwire_tmp_t)
-manage_files_pattern(tripwire_t, tripwire_tmp_t, tripwire_tmp_t)
-manage_lnk_files_pattern(tripwire_t, tripwire_tmp_t, tripwire_tmp_t)
-manage_fifo_files_pattern(tripwire_t, tripwire_tmp_t, tripwire_tmp_t)
-manage_sock_files_pattern(tripwire_t, tripwire_tmp_t, tripwire_tmp_t)
-files_tmp_filetrans(tripwire_t, tripwire_tmp_t,{ dir file lnk_file sock_file fifo_file })
-
-manage_files_pattern(tripwire_t, tripwire_var_lib_t, tripwire_var_lib_t)
-files_var_lib_filetrans(tripwire_t, tripwire_var_lib_t, file)
-
-kernel_read_system_state(tripwire_t)
-kernel_read_network_state(tripwire_t)
-kernel_read_software_raid_state(tripwire_t)
-kernel_getattr_core_if(tripwire_t)
-kernel_getattr_message_if(tripwire_t)
-kernel_read_kernel_sysctls(tripwire_t)
-
-corecmd_exec_shell(tripwire_t)
-corecmd_exec_bin(tripwire_t)
-
-domain_use_interactive_fds(tripwire_t)
-
-files_read_all_files(tripwire_t)
-files_read_all_symlinks(tripwire_t)
-files_getattr_all_pipes(tripwire_t)
-files_getattr_all_sockets(tripwire_t)
-
-logging_send_syslog_msg(tripwire_t)
-
-userdom_use_user_terminals(tripwire_t)
-
-optional_policy(`
-	cron_system_entry(tripwire_t, tripwire_exec_t)
-')
-
-########################################
-#
-# Twadmin local policy
-#
-
-manage_dirs_pattern(twadmin_t, tripwire_etc_t, tripwire_etc_t)
-manage_files_pattern(twadmin_t, tripwire_etc_t, tripwire_etc_t)
-manage_lnk_files_pattern(twadmin_t, tripwire_etc_t, tripwire_etc_t)
-
-domain_use_interactive_fds(twadmin_t)
-
-logging_send_syslog_msg(twadmin_t)
-
-miscfiles_read_localization(twadmin_t)
-
-userdom_use_user_terminals(twadmin_t)
-
-########################################
-#
-# Twprint local policy
-#
-
-allow twprint_t tripwire_etc_t:dir list_dir_perms;
-read_files_pattern(twprint_t, tripwire_etc_t, tripwire_etc_t)
-read_lnk_files_pattern(twprint_t, tripwire_etc_t, tripwire_etc_t)
-
-allow twprint_t tripwire_report_t:dir list_dir_perms;
-read_files_pattern(twprint_t, tripwire_report_t, tripwire_report_t)
-read_lnk_files_pattern(twprint_t, tripwire_report_t, tripwire_report_t)
-
-allow twprint_t tripwire_var_lib_t:dir list_dir_perms;
-read_files_pattern(twprint_t, tripwire_var_lib_t, tripwire_var_lib_t)
-read_lnk_files_pattern(twprint_t, tripwire_var_lib_t, tripwire_var_lib_t)
-files_search_var_lib(twprint_t)
-
-domain_use_interactive_fds(twprint_t)
-
-logging_send_syslog_msg(twprint_t)
-
-miscfiles_read_localization(twprint_t)
-
-userdom_use_user_terminals(twprint_t)
-
-########################################
-#
-# Siggen local policy
-#
-
-domain_use_interactive_fds(siggen_t)
-
-# Need permission to read files
-files_read_all_files(siggen_t)
-
-logging_send_syslog_msg(siggen_t)
-
-miscfiles_read_localization(siggen_t)
-
-userdom_use_user_terminals(siggen_t)
diff --git a/policy/modules/admin/tzdata.fc b/policy/modules/admin/tzdata.fc
deleted file mode 100644
index 04b8548..0000000
--- a/policy/modules/admin/tzdata.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/sbin/tzdata-update	--	gen_context(system_u:object_r:tzdata_exec_t,s0)
diff --git a/policy/modules/admin/tzdata.if b/policy/modules/admin/tzdata.if
deleted file mode 100644
index 7747b16..0000000
--- a/policy/modules/admin/tzdata.if
+++ /dev/null
@@ -1,44 +0,0 @@
-## <summary>Time zone updater</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run tzdata.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`tzdata_domtrans',`
-	gen_require(`
-		type tzdata_t, tzdata_exec_t;
-	')
-
-	domtrans_pattern($1, tzdata_exec_t, tzdata_t)
-')
-
-########################################
-## <summary>
-##	Execute the tzdata program in the tzdata domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the tzdata domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`tzdata_run',`
-	gen_require(`
-		type tzdata_t;
-	')
-
-	tzdata_domtrans($1)
-	role $2 types tzdata_t;
-')
diff --git a/policy/modules/admin/tzdata.te b/policy/modules/admin/tzdata.te
deleted file mode 100644
index 7851643..0000000
--- a/policy/modules/admin/tzdata.te
+++ /dev/null
@@ -1,36 +0,0 @@
-policy_module(tzdata, 1.3.0)
-
-########################################
-#
-# Declarations
-#
-
-type tzdata_t;
-type tzdata_exec_t;
-init_daemon_domain(tzdata_t, tzdata_exec_t)
-application_domain(tzdata_t, tzdata_exec_t)
-
-########################################
-#
-# tzdata local policy
-#
-
-files_read_config_files(tzdata_t)
-files_search_spool(tzdata_t)
-
-fs_getattr_xattr_fs(tzdata_t)
-
-term_dontaudit_list_ptys(tzdata_t)
-
-locallogin_dontaudit_use_fds(tzdata_t)
-
-miscfiles_read_localization(tzdata_t)
-miscfiles_manage_localization(tzdata_t)
-miscfiles_etc_filetrans_localization(tzdata_t)
-
-userdom_use_user_terminals(tzdata_t)
-
-# tzdata looks for /var/spool/postfix/etc/localtime.
-optional_policy(`
-	postfix_search_spool(tzdata_t)
-')
diff --git a/policy/modules/admin/updfstab.fc b/policy/modules/admin/updfstab.fc
deleted file mode 100644
index e534c88..0000000
--- a/policy/modules/admin/updfstab.fc
+++ /dev/null
@@ -1,3 +0,0 @@
-
-/usr/sbin/fstab-sync	--	gen_context(system_u:object_r:updfstab_exec_t,s0)
-/usr/sbin/updfstab	--	gen_context(system_u:object_r:updfstab_exec_t,s0)
diff --git a/policy/modules/admin/updfstab.if b/policy/modules/admin/updfstab.if
deleted file mode 100644
index 4d4b60e..0000000
--- a/policy/modules/admin/updfstab.if
+++ /dev/null
@@ -1,21 +0,0 @@
-## <summary>Red Hat utility to change /etc/fstab.</summary>
-
-########################################
-## <summary>
-##	Execute updfstab in the updfstab domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`updfstab_domtrans',`
-	gen_require(`
-		type updfstab_t, updfstab_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, updfstab_exec_t, updfstab_t)
-')
diff --git a/policy/modules/admin/updfstab.te b/policy/modules/admin/updfstab.te
deleted file mode 100644
index ef12ed5..0000000
--- a/policy/modules/admin/updfstab.te
+++ /dev/null
@@ -1,116 +0,0 @@
-policy_module(updfstab, 1.5.0)
-
-########################################
-#
-# Declarations
-#
-
-type updfstab_t;
-type updfstab_exec_t;
-init_system_domain(updfstab_t, updfstab_exec_t)
-
-########################################
-#
-# Local policy
-#
-
-allow updfstab_t self:capability dac_override;
-dontaudit updfstab_t self:capability { sys_admin sys_tty_config };
-allow updfstab_t self:process signal_perms;
-allow updfstab_t self:fifo_file rw_fifo_file_perms;
-
-kernel_use_fds(updfstab_t)
-kernel_read_kernel_sysctls(updfstab_t)
-kernel_dontaudit_write_kernel_sysctl(updfstab_t)
-# for /proc/partitions
-kernel_read_system_state(updfstab_t)
-# cjp: why is this required
-kernel_change_ring_buffer_level(updfstab_t)
-
-dev_read_sysfs(updfstab_t)
-dev_manage_generic_symlinks(updfstab_t)
-
-fs_getattr_xattr_fs(updfstab_t)
-fs_getattr_tmpfs(updfstab_t)
-fs_getattr_tmpfs_dirs(updfstab_t)
-fs_search_auto_mountpoints(updfstab_t)
-
-selinux_get_fs_mount(updfstab_t)
-selinux_validate_context(updfstab_t)
-selinux_compute_access_vector(updfstab_t)
-selinux_compute_create_context(updfstab_t)
-selinux_compute_relabel_context(updfstab_t)
-selinux_compute_user_contexts(updfstab_t)
-
-storage_raw_read_fixed_disk(updfstab_t)
-storage_raw_write_fixed_disk(updfstab_t)
-storage_raw_read_removable_device(updfstab_t)
-storage_raw_write_removable_device(updfstab_t)
-storage_read_scsi_generic(updfstab_t)
-storage_write_scsi_generic(updfstab_t)
-
-term_dontaudit_use_console(updfstab_t)
-
-corecmd_exec_bin(updfstab_t)
-
-domain_use_interactive_fds(updfstab_t)
-
-files_manage_mnt_files(updfstab_t)
-files_manage_mnt_dirs(updfstab_t)
-files_manage_mnt_symlinks(updfstab_t)
-files_manage_etc_files(updfstab_t)
-files_dontaudit_search_home(updfstab_t)
-# for /etc/mtab
-files_read_etc_runtime_files(updfstab_t)
-
-init_use_fds(updfstab_t)
-init_use_script_ptys(updfstab_t)
-
-logging_send_syslog_msg(updfstab_t)
-logging_search_logs(updfstab_t)
-
-miscfiles_read_localization(updfstab_t)
-
-seutil_read_config(updfstab_t)
-seutil_read_default_contexts(updfstab_t)
-seutil_read_file_contexts(updfstab_t)
-
-userdom_dontaudit_search_user_home_content(updfstab_t)
-userdom_dontaudit_use_unpriv_user_fds(updfstab_t)
-
-optional_policy(`
-	auth_domtrans_pam_console(updfstab_t)
-')
-
-optional_policy(`
-	init_dbus_chat_script(updfstab_t)
-
-	dbus_system_bus_client(updfstab_t)
-')
-
-optional_policy(`
-	fstools_getattr_swap_files(updfstab_t)
-')
-
-optional_policy(`
-	hal_stream_connect(updfstab_t)
-	hal_dbus_chat(updfstab_t)
-')
-
-optional_policy(`
-	modutils_read_module_config(updfstab_t)
-	modutils_exec_insmod(updfstab_t)
-	modutils_read_module_deps(updfstab_t)
-')
-
-optional_policy(`
-	nscd_socket_use(updfstab_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(updfstab_t)
-')
-
-optional_policy(`
-	udev_read_db(updfstab_t)
-')
diff --git a/policy/modules/admin/usbmodules.fc b/policy/modules/admin/usbmodules.fc
deleted file mode 100644
index a008efb..0000000
--- a/policy/modules/admin/usbmodules.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-#
-# /sbin
-#
-/sbin/usbmodules		--	gen_context(system_u:object_r:usbmodules_exec_t,s0)
-
-#
-# /usr
-#
-/usr/sbin/usbmodules	--	gen_context(system_u:object_r:usbmodules_exec_t,s0)
diff --git a/policy/modules/admin/usbmodules.if b/policy/modules/admin/usbmodules.if
deleted file mode 100644
index b7eade3..0000000
--- a/policy/modules/admin/usbmodules.if
+++ /dev/null
@@ -1,46 +0,0 @@
-## <summary>List kernel modules of USB devices</summary>
-
-########################################
-## <summary>
-##	Execute usbmodules in the usbmodules domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`usbmodules_domtrans',`
-	gen_require(`
-		type usbmodules_t, usbmodules_exec_t;
-	')
-
-	domtrans_pattern($1, usbmodules_exec_t, usbmodules_t)
-')
-
-########################################
-## <summary>
-##	Execute usbmodules in the usbmodules domain, and
-##	allow the specified role the usbmodules domain,
-##	and use the caller's terminal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`usbmodules_run',`
-	gen_require(`
-		type usbmodules_t;
-	')
-
-	usbmodules_domtrans($1)
-	role $2 types usbmodules_t;
-')
diff --git a/policy/modules/admin/usbmodules.te b/policy/modules/admin/usbmodules.te
deleted file mode 100644
index 74354da..0000000
--- a/policy/modules/admin/usbmodules.te
+++ /dev/null
@@ -1,47 +0,0 @@
-policy_module(usbmodules, 1.2.0)
-
-########################################
-#
-# Declarations
-#
-
-type usbmodules_t;
-type usbmodules_exec_t;
-init_system_domain(usbmodules_t, usbmodules_exec_t)
-role system_r types usbmodules_t;
-
-########################################
-#
-# Local policy
-#
-
-kernel_list_proc(usbmodules_t)
-
-files_list_kernel_modules(usbmodules_t)
-
-dev_list_usbfs(usbmodules_t)
-# allow usb device access
-dev_rw_usbfs(usbmodules_t)
-
-files_list_etc(usbmodules_t)
-# needs etc_t read access for the hotplug config, maybe should have a new type
-files_read_etc_files(usbmodules_t)
-
-term_read_console(usbmodules_t)
-term_write_console(usbmodules_t)
-
-init_use_fds(usbmodules_t)
-
-miscfiles_read_hwdata(usbmodules_t)
-
-modutils_read_module_deps(usbmodules_t)
-
-userdom_use_user_terminals(usbmodules_t)
-
-optional_policy(`
-	hotplug_read_config(usbmodules_t)
-')
-
-optional_policy(`
-	logging_send_syslog_msg(usbmodules_t)
-')
diff --git a/policy/modules/admin/usermanage.fc b/policy/modules/admin/usermanage.fc
deleted file mode 100644
index c467144..0000000
--- a/policy/modules/admin/usermanage.fc
+++ /dev/null
@@ -1,33 +0,0 @@
-ifdef(`distro_gentoo',`
-/bin/passwd		--	gen_context(system_u:object_r:passwd_exec_t,s0)
-')
-
-/usr/bin/chage		--	gen_context(system_u:object_r:passwd_exec_t,s0)
-/usr/bin/chfn		--	gen_context(system_u:object_r:chfn_exec_t,s0)
-/usr/bin/chsh		--	gen_context(system_u:object_r:chfn_exec_t,s0)
-/usr/bin/gpasswd	--	gen_context(system_u:object_r:groupadd_exec_t,s0)
-/usr/bin/passwd		--	gen_context(system_u:object_r:passwd_exec_t,s0)
-/usr/bin/vigr		--	gen_context(system_u:object_r:admin_passwd_exec_t,s0)
-/usr/bin/vipw		--	gen_context(system_u:object_r:admin_passwd_exec_t,s0)
-
-/usr/lib(64)?/cracklib_dict.* -- gen_context(system_u:object_r:crack_db_t,s0)
-
-/usr/sbin/crack_[a-z]*	--	gen_context(system_u:object_r:crack_exec_t,s0)
-/usr/sbin/cracklib-[a-z]* --	gen_context(system_u:object_r:crack_exec_t,s0)
-/usr/sbin/gpasswd	--	gen_context(system_u:object_r:groupadd_exec_t,s0)
-/usr/sbin/groupadd	--	gen_context(system_u:object_r:groupadd_exec_t,s0)
-/usr/sbin/groupdel	--	gen_context(system_u:object_r:groupadd_exec_t,s0)
-/usr/sbin/groupmod	--	gen_context(system_u:object_r:groupadd_exec_t,s0)
-/usr/sbin/grpconv	--	gen_context(system_u:object_r:admin_passwd_exec_t,s0)
-/usr/sbin/grpunconv	--	gen_context(system_u:object_r:admin_passwd_exec_t,s0)
-/usr/sbin/pwconv	--	gen_context(system_u:object_r:admin_passwd_exec_t,s0)
-/usr/sbin/pwunconv	--	gen_context(system_u:object_r:admin_passwd_exec_t,s0)
-/usr/sbin/useradd	--	gen_context(system_u:object_r:useradd_exec_t,s0)
-/usr/sbin/userdel	--	gen_context(system_u:object_r:useradd_exec_t,s0)
-/usr/sbin/usermod	--	gen_context(system_u:object_r:useradd_exec_t,s0)
-/usr/sbin/vigr		--	gen_context(system_u:object_r:admin_passwd_exec_t,s0)
-/usr/sbin/vipw		--	gen_context(system_u:object_r:admin_passwd_exec_t,s0)
-
-/usr/share/cracklib(/.*)?	gen_context(system_u:object_r:crack_db_t,s0)
-
-/var/cache/cracklib(/.*)?	gen_context(system_u:object_r:crack_db_t,s0)
diff --git a/policy/modules/admin/usermanage.if b/policy/modules/admin/usermanage.if
deleted file mode 100644
index 0b5e634..0000000
--- a/policy/modules/admin/usermanage.if
+++ /dev/null
@@ -1,319 +0,0 @@
-## <summary>Policy for managing user accounts.</summary>
-
-########################################
-## <summary>
-##	Execute chfn in the chfn domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`usermanage_domtrans_chfn',`
-	gen_require(`
-		type chfn_t, chfn_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, chfn_exec_t, chfn_t)
-
-	ifdef(`hide_broken_symptoms',`
-		dontaudit chfn_t $1:socket_class_set { read write };
-	')
-')
-
-########################################
-## <summary>
-##	Execute chfn in the chfn domain, and
-##	allow the specified role the chfn domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`usermanage_run_chfn',`
-	gen_require(`
-		type chfn_t;
-	')
-
-	usermanage_domtrans_chfn($1)
-	role $2 types chfn_t;
-')
-
-########################################
-## <summary>
-##	Execute groupadd in the groupadd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`usermanage_domtrans_groupadd',`
-	gen_require(`
-		type groupadd_t, groupadd_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, groupadd_exec_t, groupadd_t)
-
-	ifdef(`hide_broken_symptoms',`
-		dontaudit groupadd_t $1:socket_class_set { read write };
-	')
-')
-
-########################################
-## <summary>
-##	Execute groupadd in the groupadd domain, and
-##	allow the specified role the groupadd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`usermanage_run_groupadd',`
-	gen_require(`
-		type groupadd_t;
-	')
-
-	usermanage_domtrans_groupadd($1)
-	role $2 types groupadd_t;
-
-	optional_policy(`
-		nscd_run(groupadd_t, $2)
-	')
-')
-
-########################################
-## <summary>
-##	Execute passwd in the passwd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`usermanage_domtrans_passwd',`
-	gen_require(`
-		type passwd_t, passwd_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, passwd_exec_t, passwd_t)
-
-	ifdef(`hide_broken_symptoms',`
-		dontaudit passwd_t $1:socket_class_set { read write };
-	')
-')
-
-########################################
-## <summary>
-##	Send sigkills to passwd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`usermanage_kill_passwd',`
-	gen_require(`
-		type passwd_t;
-	')
-
-	allow $1 passwd_t:process sigkill;
-')
-
-########################################
-## <summary>
-##	Execute passwd in the passwd domain, and
-##	allow the specified role the passwd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`usermanage_run_passwd',`
-	gen_require(`
-		type passwd_t;
-	')
-
-	usermanage_domtrans_passwd($1)
-	role $2 types passwd_t;
-	auth_run_chk_passwd(passwd_t, $2)
-')
-
-########################################
-## <summary>
-##	Execute password admin functions in
-##	the admin passwd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`usermanage_domtrans_admin_passwd',`
-	gen_require(`
-		type sysadm_passwd_t, admin_passwd_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, admin_passwd_exec_t, sysadm_passwd_t)
-')
-
-########################################
-## <summary>
-##	Execute passwd admin functions in the admin
-##	passwd domain, and allow the specified role
-##	the admin passwd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`usermanage_run_admin_passwd',`
-	gen_require(`
-		type sysadm_passwd_t;
-	')
-
-	usermanage_domtrans_admin_passwd($1)
-	role $2 types sysadm_passwd_t;
-
-	optional_policy(`
-		nscd_run(sysadm_passwd_t, $2)
-	')
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to use useradd fds.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`usermanage_dontaudit_use_useradd_fds',`
-	gen_require(`
-		type useradd_t;
-	')
-
-	dontaudit $1 useradd_t:fd use;
-')
-
-########################################
-## <summary>
-##	Execute useradd in the useradd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`usermanage_domtrans_useradd',`
-	gen_require(`
-		type useradd_t, useradd_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, useradd_exec_t, useradd_t)
-
-	ifdef(`hide_broken_symptoms',`
-		dontaudit useradd_t $1:socket_class_set { read write };
-	')
-')
-
-########################################
-## <summary>
-##	Execute useradd in the useradd domain, and
-##	allow the specified role the useradd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`usermanage_run_useradd',`
-	gen_require(`
-		type useradd_t;
-	')
-
-	usermanage_domtrans_useradd($1)
-	role $2 types useradd_t;
-
-	# Add/remove user home directories
-	userdom_manage_home_role($2, useradd_t)
-
-	seutil_run_semanage(useradd_t, $2)
-
-	optional_policy(`
-		nscd_run(useradd_t, $2)
-	')
-')
-
-########################################
-## <summary>
-##	Read the crack database.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`usermanage_read_crack_db',`
-	gen_require(`
-		type crack_db_t;
-	')
-
-	read_files_pattern($1, crack_db_t, crack_db_t)
-')
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
deleted file mode 100644
index b1a841a..0000000
--- a/policy/modules/admin/usermanage.te
+++ /dev/null
@@ -1,540 +0,0 @@
-policy_module(usermanage, 1.15.1)
-
-########################################
-#
-# Declarations
-#
-
-type admin_passwd_exec_t;
-files_type(admin_passwd_exec_t)
-
-type chfn_t;
-type chfn_exec_t;
-domain_obj_id_change_exemption(chfn_t)
-application_domain(chfn_t, chfn_exec_t)
-role system_r types chfn_t;
-
-type crack_t;
-type crack_exec_t;
-application_domain(crack_t, crack_exec_t)
-role system_r types crack_t;
-
-type crack_db_t;
-files_type(crack_db_t)
-
-type crack_tmp_t;
-files_tmp_file(crack_tmp_t)
-
-type groupadd_t;
-type groupadd_exec_t;
-domain_obj_id_change_exemption(groupadd_t)
-init_system_domain(groupadd_t, groupadd_exec_t)
-role system_r types groupadd_t;
-
-type passwd_t;
-type passwd_exec_t;
-domain_obj_id_change_exemption(passwd_t)
-application_domain(passwd_t, passwd_exec_t)
-role system_r types passwd_t;
-
-type sysadm_passwd_t;
-domain_obj_id_change_exemption(sysadm_passwd_t)
-application_domain(sysadm_passwd_t, admin_passwd_exec_t)
-role system_r types sysadm_passwd_t;
-
-type sysadm_passwd_tmp_t;
-files_tmp_file(sysadm_passwd_tmp_t)
-
-type useradd_t;
-type useradd_exec_t;
-domain_obj_id_change_exemption(useradd_t)
-init_system_domain(useradd_t, useradd_exec_t)
-role system_r types useradd_t;
-
-########################################
-#
-# Chfn local policy
-#
-
-allow chfn_t self:capability { chown dac_override fsetid setuid setgid sys_resource };
-allow chfn_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
-allow chfn_t self:process { setrlimit setfscreate };
-allow chfn_t self:fd use;
-allow chfn_t self:fifo_file rw_fifo_file_perms;
-allow chfn_t self:sock_file read_sock_file_perms;
-allow chfn_t self:shm create_shm_perms;
-allow chfn_t self:sem create_sem_perms;
-allow chfn_t self:msgq create_msgq_perms;
-allow chfn_t self:msg { send receive };
-allow chfn_t self:unix_dgram_socket create_socket_perms;
-allow chfn_t self:unix_stream_socket create_stream_socket_perms;
-allow chfn_t self:unix_dgram_socket sendto;
-allow chfn_t self:unix_stream_socket connectto;
-
-kernel_read_system_state(chfn_t)
-kernel_read_kernel_sysctls(chfn_t)
-
-selinux_get_fs_mount(chfn_t)
-selinux_validate_context(chfn_t)
-selinux_compute_access_vector(chfn_t)
-selinux_compute_create_context(chfn_t)
-selinux_compute_relabel_context(chfn_t)
-selinux_compute_user_contexts(chfn_t)
-
-term_use_all_ttys(chfn_t)
-term_use_all_ptys(chfn_t)
-
-fs_getattr_xattr_fs(chfn_t)
-fs_search_auto_mountpoints(chfn_t)
-
-# for SSP
-dev_read_urand(chfn_t)
-
-auth_use_pam(chfn_t)
-
-# allow checking if a shell is executable
-corecmd_check_exec_shell(chfn_t)
-
-domain_use_interactive_fds(chfn_t)
-
-files_manage_etc_files(chfn_t)
-files_read_etc_runtime_files(chfn_t)
-files_dontaudit_search_var(chfn_t)
-files_dontaudit_search_home(chfn_t)
-
-# /usr/bin/passwd asks for w access to utmp, but it will operate
-# correctly without it.  Do not audit write denials to utmp.
-init_dontaudit_rw_utmp(chfn_t)
-
-miscfiles_read_localization(chfn_t)
-
-logging_send_syslog_msg(chfn_t)
-
-# uses unix_chkpwd for checking passwords
-seutil_dontaudit_search_config(chfn_t)
-
-userdom_use_unpriv_users_fds(chfn_t)
-# user generally runs this from their home directory, so do not audit a search
-# on user home dir
-userdom_dontaudit_search_user_home_content(chfn_t)
-
-########################################
-#
-# Crack local policy
-#
-
-allow crack_t self:process { sigkill sigstop signull signal };
-allow crack_t self:fifo_file rw_fifo_file_perms;
-
-manage_files_pattern(crack_t, crack_db_t, crack_db_t)
-manage_lnk_files_pattern(crack_t, crack_db_t, crack_db_t)
-files_search_var(crack_t)
-
-manage_dirs_pattern(crack_t, crack_tmp_t, crack_tmp_t)
-manage_files_pattern(crack_t, crack_tmp_t, crack_tmp_t)
-files_tmp_filetrans(crack_t, crack_tmp_t, { file dir })
-
-kernel_read_system_state(crack_t)
-
-# for SSP
-dev_read_urand(crack_t)
-
-fs_getattr_xattr_fs(crack_t)
-
-files_read_etc_files(crack_t)
-files_read_etc_runtime_files(crack_t)
-# for dictionaries
-files_read_usr_files(crack_t)
-
-corecmd_exec_bin(crack_t)
-
-logging_send_syslog_msg(crack_t)
-
-userdom_dontaudit_search_user_home_dirs(crack_t)
-
-ifdef(`distro_debian',`
-	# the package cracklib-runtime on Debian contains a daily maintenance
-	# script /etc/cron.daily/cracklib-runtime, that calls
-	# update-cracklib and that calls crack_mkdict, which is a shell script.
-	corecmd_exec_shell(crack_t)
-')
-
-optional_policy(`
-	cron_system_entry(crack_t, crack_exec_t)
-')
-
-########################################
-#
-# Groupadd local policy
-#
-
-allow groupadd_t self:capability { dac_override chown kill setuid sys_resource audit_write };
-dontaudit groupadd_t self:capability { fsetid sys_tty_config };
-allow groupadd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
-allow groupadd_t self:process { setrlimit setfscreate };
-allow groupadd_t self:fd use;
-allow groupadd_t self:fifo_file rw_fifo_file_perms;
-allow groupadd_t self:shm create_shm_perms;
-allow groupadd_t self:sem create_sem_perms;
-allow groupadd_t self:msgq create_msgq_perms;
-allow groupadd_t self:msg { send receive };
-allow groupadd_t self:unix_dgram_socket create_socket_perms;
-allow groupadd_t self:unix_stream_socket create_stream_socket_perms;
-allow groupadd_t self:unix_dgram_socket sendto;
-allow groupadd_t self:unix_stream_socket connectto;
-
-fs_getattr_xattr_fs(groupadd_t)
-fs_search_auto_mountpoints(groupadd_t)
-
-# Allow access to context for shadow file
-selinux_get_fs_mount(groupadd_t)
-selinux_validate_context(groupadd_t)
-selinux_compute_access_vector(groupadd_t)
-selinux_compute_create_context(groupadd_t)
-selinux_compute_relabel_context(groupadd_t)
-selinux_compute_user_contexts(groupadd_t)
-
-term_use_all_ttys(groupadd_t)
-term_use_all_ptys(groupadd_t)
-
-init_use_fds(groupadd_t)
-init_read_utmp(groupadd_t)
-init_dontaudit_write_utmp(groupadd_t)
-
-domain_use_interactive_fds(groupadd_t)
-
-files_manage_etc_files(groupadd_t)
-files_relabel_etc_files(groupadd_t)
-files_read_etc_runtime_files(groupadd_t)
-files_read_usr_symlinks(groupadd_t)
-
-# Execute /usr/bin/{passwd, chfn, chsh} and /usr/sbin/{useradd, vipw}.
-corecmd_exec_bin(groupadd_t)
-
-logging_send_audit_msgs(groupadd_t)
-logging_send_syslog_msg(groupadd_t)
-
-miscfiles_read_localization(groupadd_t)
-
-auth_domtrans_chk_passwd(groupadd_t)
-auth_rw_lastlog(groupadd_t)
-auth_use_nsswitch(groupadd_t)
-# these may be unnecessary due to the above
-# domtrans_chk_passwd() call.
-auth_manage_shadow(groupadd_t)
-auth_relabel_shadow(groupadd_t)
-auth_etc_filetrans_shadow(groupadd_t)
-
-seutil_read_config(groupadd_t)
-
-userdom_use_unpriv_users_fds(groupadd_t)
-# for when /root is the cwd
-userdom_dontaudit_search_user_home_dirs(groupadd_t)
-
-optional_policy(`
-	dpkg_use_fds(groupadd_t)
-	dpkg_rw_pipes(groupadd_t)
-')
-
-optional_policy(`
-	nscd_domtrans(groupadd_t)
-')
-
-optional_policy(`
-	puppet_rw_tmp(groupadd_t)
-')
-
-optional_policy(`
-	rpm_use_fds(groupadd_t)
-	rpm_rw_pipes(groupadd_t)
-')
-
-########################################
-#
-# Passwd local policy
-#
-
-allow passwd_t self:capability { chown dac_override fsetid setuid setgid sys_nice sys_resource };
-dontaudit passwd_t self:capability sys_tty_config;
-allow passwd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow passwd_t self:process { setrlimit setfscreate };
-allow passwd_t self:fd use;
-allow passwd_t self:fifo_file rw_fifo_file_perms;
-allow passwd_t self:sock_file read_sock_file_perms;
-allow passwd_t self:unix_dgram_socket create_socket_perms;
-allow passwd_t self:unix_stream_socket create_stream_socket_perms;
-allow passwd_t self:unix_dgram_socket sendto;
-allow passwd_t self:unix_stream_socket connectto;
-allow passwd_t self:shm create_shm_perms;
-allow passwd_t self:sem create_sem_perms;
-allow passwd_t self:msgq create_msgq_perms;
-allow passwd_t self:msg { send receive };
-
-allow passwd_t crack_db_t:dir list_dir_perms;
-read_files_pattern(passwd_t, crack_db_t, crack_db_t)
-
-kernel_read_kernel_sysctls(passwd_t)
-
-# for SSP
-dev_read_urand(passwd_t)
-
-fs_getattr_xattr_fs(passwd_t)
-fs_search_auto_mountpoints(passwd_t)
-
-mls_file_write_all_levels(passwd_t)
-mls_file_downgrade(passwd_t)
-
-selinux_get_fs_mount(passwd_t)
-selinux_validate_context(passwd_t)
-selinux_compute_access_vector(passwd_t)
-selinux_compute_create_context(passwd_t)
-selinux_compute_relabel_context(passwd_t)
-selinux_compute_user_contexts(passwd_t)
-
-term_use_all_terms(passwd_t)
-
-auth_manage_shadow(passwd_t)
-auth_relabel_shadow(passwd_t)
-auth_etc_filetrans_shadow(passwd_t)
-auth_use_pam(passwd_t)
-
-# allow checking if a shell is executable
-corecmd_check_exec_shell(passwd_t)
-corecmd_exec_bin(passwd_t)
-
-corenet_tcp_connect_kerberos_password_port(passwd_t)
-
-domain_use_interactive_fds(passwd_t)
-
-files_read_etc_runtime_files(passwd_t)
-files_manage_etc_files(passwd_t)
-files_search_var(passwd_t)
-files_dontaudit_search_pids(passwd_t)
-files_relabel_etc_files(passwd_t)
-
-# /usr/bin/passwd asks for w access to utmp, but it will operate
-# correctly without it.  Do not audit write denials to utmp.
-init_dontaudit_rw_utmp(passwd_t)
-init_use_fds(passwd_t)
-
-logging_send_audit_msgs(passwd_t)
-logging_send_syslog_msg(passwd_t)
-
-miscfiles_read_localization(passwd_t)
-
-seutil_dontaudit_search_config(passwd_t)
-
-userdom_use_user_terminals(passwd_t)
-userdom_use_unpriv_users_fds(passwd_t)
-# make sure that getcon succeeds
-userdom_getattr_all_users(passwd_t)
-userdom_read_all_users_state(passwd_t)
-userdom_read_user_tmp_files(passwd_t)
-# user generally runs this from their home directory, so do not audit a search
-# on user home dir
-userdom_dontaudit_search_user_home_content(passwd_t)
-userdom_stream_connect(passwd_t)
-
-optional_policy(`
-	nscd_domtrans(passwd_t)
-')
-
-########################################
-#
-# Password admin local policy
-#
-
-allow sysadm_passwd_t self:capability { chown dac_override fsetid setuid setgid sys_resource };
-allow sysadm_passwd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow sysadm_passwd_t self:process { setrlimit setfscreate };
-allow sysadm_passwd_t self:fd use;
-allow sysadm_passwd_t self:fifo_file rw_fifo_file_perms;
-allow sysadm_passwd_t self:sock_file read_sock_file_perms;
-allow sysadm_passwd_t self:unix_dgram_socket create_socket_perms;
-allow sysadm_passwd_t self:unix_stream_socket create_stream_socket_perms;
-allow sysadm_passwd_t self:unix_dgram_socket sendto;
-allow sysadm_passwd_t self:unix_stream_socket connectto;
-allow sysadm_passwd_t self:shm create_shm_perms;
-allow sysadm_passwd_t self:sem create_sem_perms;
-allow sysadm_passwd_t self:msgq create_msgq_perms;
-allow sysadm_passwd_t self:msg { send receive };
-
-# allow vipw to create temporary files under /var/tmp/vi.recover
-manage_dirs_pattern(sysadm_passwd_t, sysadm_passwd_tmp_t, sysadm_passwd_tmp_t)
-manage_files_pattern(sysadm_passwd_t, sysadm_passwd_tmp_t, sysadm_passwd_tmp_t)
-files_tmp_filetrans(sysadm_passwd_t, sysadm_passwd_tmp_t, { file dir })
-files_search_var(sysadm_passwd_t)
-files_dontaudit_search_home(sysadm_passwd_t)
-
-kernel_read_kernel_sysctls(sysadm_passwd_t)
-# for /proc/meminfo
-kernel_read_system_state(sysadm_passwd_t)
-
-selinux_get_fs_mount(sysadm_passwd_t)
-selinux_validate_context(sysadm_passwd_t)
-selinux_compute_access_vector(sysadm_passwd_t)
-selinux_compute_create_context(sysadm_passwd_t)
-selinux_compute_relabel_context(sysadm_passwd_t)
-selinux_compute_user_contexts(sysadm_passwd_t)
-
-# for SSP
-dev_read_urand(sysadm_passwd_t)
-
-fs_getattr_xattr_fs(sysadm_passwd_t)
-fs_search_auto_mountpoints(sysadm_passwd_t)
-
-term_use_all_ttys(sysadm_passwd_t)
-term_use_all_ptys(sysadm_passwd_t)
-
-auth_manage_shadow(sysadm_passwd_t)
-auth_relabel_shadow(sysadm_passwd_t)
-auth_etc_filetrans_shadow(sysadm_passwd_t)
-auth_use_nsswitch(sysadm_passwd_t)
-
-# allow vipw to exec the editor
-corecmd_exec_bin(sysadm_passwd_t)
-corecmd_exec_shell(sysadm_passwd_t)
-files_read_usr_files(sysadm_passwd_t)
-
-domain_use_interactive_fds(sysadm_passwd_t)
-
-files_manage_etc_files(sysadm_passwd_t)
-files_relabel_etc_files(sysadm_passwd_t)
-files_read_etc_runtime_files(sysadm_passwd_t)
-# for nscd lookups
-files_dontaudit_search_pids(sysadm_passwd_t)
-
-# /usr/bin/passwd asks for w access to utmp, but it will operate
-# correctly without it.  Do not audit write denials to utmp.
-init_dontaudit_rw_utmp(sysadm_passwd_t)
-
-miscfiles_read_localization(sysadm_passwd_t)
-
-logging_send_syslog_msg(sysadm_passwd_t)
-
-seutil_dontaudit_search_config(sysadm_passwd_t)
-
-userdom_use_unpriv_users_fds(sysadm_passwd_t)
-# user generally runs this from their home directory, so do not audit a search
-# on user home dir
-userdom_dontaudit_search_user_home_content(sysadm_passwd_t)
-
-optional_policy(`
-	nscd_domtrans(sysadm_passwd_t)
-')
-
-########################################
-#
-# Useradd local policy
-#
-
-allow useradd_t self:capability { dac_override chown kill fowner fsetid setuid sys_resource sys_ptrace };
-dontaudit useradd_t self:capability sys_tty_config;
-allow useradd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow useradd_t self:process setfscreate;
-allow useradd_t self:fd use;
-allow useradd_t self:fifo_file rw_fifo_file_perms;
-allow useradd_t self:shm create_shm_perms;
-allow useradd_t self:sem create_sem_perms;
-allow useradd_t self:msgq create_msgq_perms;
-allow useradd_t self:msg { send receive };
-allow useradd_t self:unix_dgram_socket create_socket_perms;
-allow useradd_t self:unix_stream_socket create_stream_socket_perms;
-allow useradd_t self:unix_dgram_socket sendto;
-allow useradd_t self:unix_stream_socket connectto;
-
-# for getting the number of groups
-kernel_read_kernel_sysctls(useradd_t)
-
-corecmd_exec_shell(useradd_t)
-# Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}.
-corecmd_exec_bin(useradd_t)
-
-domain_use_interactive_fds(useradd_t)
-domain_read_all_domains_state(useradd_t)
-
-files_manage_etc_files(useradd_t)
-files_search_var_lib(useradd_t)
-files_relabel_etc_files(useradd_t)
-files_read_etc_runtime_files(useradd_t)
-
-fs_search_auto_mountpoints(useradd_t)
-fs_getattr_xattr_fs(useradd_t)
-
-mls_file_upgrade(useradd_t)
-
-# Allow access to context for shadow file
-selinux_get_fs_mount(useradd_t)
-selinux_validate_context(useradd_t)
-selinux_compute_access_vector(useradd_t)
-selinux_compute_create_context(useradd_t)
-selinux_compute_relabel_context(useradd_t)
-selinux_compute_user_contexts(useradd_t)
-
-term_use_all_ttys(useradd_t)
-term_use_all_ptys(useradd_t)
-
-auth_domtrans_chk_passwd(useradd_t)
-auth_rw_lastlog(useradd_t)
-auth_rw_faillog(useradd_t)
-auth_use_nsswitch(useradd_t)
-# these may be unnecessary due to the above
-# domtrans_chk_passwd() call.
-auth_manage_shadow(useradd_t)
-auth_relabel_shadow(useradd_t)
-auth_etc_filetrans_shadow(useradd_t)
-
-init_use_fds(useradd_t)
-init_rw_utmp(useradd_t)
-
-logging_send_audit_msgs(useradd_t)
-logging_send_syslog_msg(useradd_t)
-
-miscfiles_read_localization(useradd_t)
-
-seutil_read_config(useradd_t)
-seutil_read_file_contexts(useradd_t)
-seutil_read_default_contexts(useradd_t)
-seutil_domtrans_semanage(useradd_t)
-seutil_domtrans_setfiles(useradd_t)
-
-userdom_use_unpriv_users_fds(useradd_t)
-# Add/remove user home directories
-userdom_home_filetrans_user_home_dir(useradd_t)
-userdom_manage_home_role(system_r, useradd_t)
-
-mta_manage_spool(useradd_t)
-
-ifdef(`distro_redhat',`
-	optional_policy(`
-		unconfined_domain(useradd_t)
-	')
-')
-
-optional_policy(`
-	apache_manage_all_user_content(useradd_t)
-')
-
-optional_policy(`
-	dpkg_use_fds(useradd_t)
-	dpkg_rw_pipes(useradd_t)
-')
-
-optional_policy(`
-	nscd_domtrans(useradd_t)
-')
-
-optional_policy(`
-	puppet_rw_tmp(useradd_t)
-')
-
-optional_policy(`
-	tunable_policy(`samba_domain_controller',`
-		samba_append_log(useradd_t)
-	')
-')
-
-optional_policy(`
-	rpm_use_fds(useradd_t)
-	rpm_rw_pipes(useradd_t)
-')
diff --git a/policy/modules/admin/vbetool.fc b/policy/modules/admin/vbetool.fc
deleted file mode 100644
index d00970f..0000000
--- a/policy/modules/admin/vbetool.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/sbin/vbetool	--	gen_context(system_u:object_r:vbetool_exec_t,s0)
diff --git a/policy/modules/admin/vbetool.if b/policy/modules/admin/vbetool.if
deleted file mode 100644
index f46ab17..0000000
--- a/policy/modules/admin/vbetool.if
+++ /dev/null
@@ -1,45 +0,0 @@
-## <summary>run real-mode video BIOS code to alter hardware state</summary>
-
-########################################
-## <summary>
-##	Execute vbetool application in the vbetool domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`vbetool_domtrans',`
-	gen_require(`
-		type vbetool_t, vbetool_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, vbetool_exec_t, vbetool_t)
-')
-
-########################################
-## <summary>
-##	Execute vbetool in the vbetool domain, and
-##	allow the specified role the vbetool domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`vbetool_run',`
-	gen_require(`
-		type vbetool_t;
-	')
-
-	vbetool_domtrans($1)
-	role $2 types vbetool_t;
-')
diff --git a/policy/modules/admin/vbetool.te b/policy/modules/admin/vbetool.te
deleted file mode 100644
index 2758c8f..0000000
--- a/policy/modules/admin/vbetool.te
+++ /dev/null
@@ -1,51 +0,0 @@
-policy_module(vbetool, 1.5.2)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-##	Ignore vbetool mmap_zero errors.
-## </p>
-## </desc>
-gen_tunable(vbetool_mmap_zero_ignore, false)
-
-type vbetool_t;
-type vbetool_exec_t;
-init_system_domain(vbetool_t, vbetool_exec_t)
-
-########################################
-#
-# Local policy
-#
-
-allow vbetool_t self:capability { dac_override sys_tty_config sys_admin };
-allow vbetool_t self:process execmem;
-
-dev_wx_raw_memory(vbetool_t)
-dev_read_raw_memory(vbetool_t)
-dev_rwx_zero(vbetool_t)
-dev_rw_sysfs(vbetool_t)
-dev_rw_xserver_misc(vbetool_t)
-dev_rw_mtrr(vbetool_t)
-
-domain_mmap_low(vbetool_t)
-
-mls_file_read_all_levels(vbetool_t)
-mls_file_write_all_levels(vbetool_t)
-
-term_use_unallocated_ttys(vbetool_t)
-
-miscfiles_read_localization(vbetool_t)
-
-tunable_policy(`vbetool_mmap_zero_ignore',`
-	dontaudit vbetool_t self:memprotect mmap_zero;
-')
-
-optional_policy(`
-	hal_rw_pid_files(vbetool_t)
-	hal_write_log(vbetool_t)
-	hal_dontaudit_append_lib_files(vbetool_t)
-')
diff --git a/policy/modules/admin/vpn.fc b/policy/modules/admin/vpn.fc
deleted file mode 100644
index 076dcc3..0000000
--- a/policy/modules/admin/vpn.fc
+++ /dev/null
@@ -1,13 +0,0 @@
-#
-# sbin
-#
-/sbin/vpnc		--	gen_context(system_u:object_r:vpnc_exec_t,s0)
-
-#
-# /usr
-#
-/usr/bin/openconnect	--	gen_context(system_u:object_r:vpnc_exec_t,s0)
-
-/usr/sbin/vpnc		--	gen_context(system_u:object_r:vpnc_exec_t,s0)
-
-/var/run/vpnc(/.*)?		gen_context(system_u:object_r:vpnc_var_run_t,s0)
diff --git a/policy/modules/admin/vpn.if b/policy/modules/admin/vpn.if
deleted file mode 100644
index 64f8cdc..0000000
--- a/policy/modules/admin/vpn.if
+++ /dev/null
@@ -1,139 +0,0 @@
-## <summary>Virtual Private Networking client</summary>
-
-########################################
-## <summary>
-##	Execute VPN clients in the vpnc domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`vpn_domtrans',`
-	gen_require(`
-		type vpnc_t, vpnc_exec_t;
-	')
-
-	domtrans_pattern($1, vpnc_exec_t, vpnc_t)
-')
-
-########################################
-## <summary>
-##	Execute VPN clients in the vpnc domain, and
-##	allow the specified role the vpnc domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`vpn_run',`
-	gen_require(`
-		type vpnc_t;
-	')
-
-	vpn_domtrans($1)
-	role $2 types vpnc_t;
-	sysnet_run_ifconfig(vpnc_t, $2)
-')
-
-########################################
-## <summary>
-##	Send VPN clients the kill signal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vpn_kill',`
-	gen_require(`
-		type vpnc_t;
-	')
-
-	allow $1 vpnc_t:process sigkill;
-')
-
-########################################
-## <summary>
-##	Send generic signals to VPN clients.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vpn_signal',`
-	gen_require(`
-		type vpnc_t;
-	')
-
-	allow $1 vpnc_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send signull to VPN clients.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vpn_signull',`
-	gen_require(`
-		type vpnc_t;
-	')
-
-	allow $1 vpnc_t:process signull;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	Vpnc over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vpn_dbus_chat',`
-	gen_require(`
-		type vpnc_t;
-		class dbus send_msg;
-	')
-
-	allow $1 vpnc_t:dbus send_msg;
-	allow vpnc_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Relabelfrom from vpnc socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vpn_relabelfrom_tun_socket',`
-	gen_require(`
-		type vpnc_t;
-	')
-
-	allow $1 vpnc_t:tun_socket relabelfrom;
-')
diff --git a/policy/modules/admin/vpn.te b/policy/modules/admin/vpn.te
deleted file mode 100644
index 6067b85..0000000
--- a/policy/modules/admin/vpn.te
+++ /dev/null
@@ -1,122 +0,0 @@
-policy_module(vpn, 1.13.1)
-
-########################################
-#
-# Declarations
-#
-
-type vpnc_t;
-type vpnc_exec_t;
-application_domain(vpnc_t, vpnc_exec_t)
-role system_r types vpnc_t;
-
-type vpnc_tmp_t;
-files_tmp_file(vpnc_tmp_t)
-
-type vpnc_var_run_t;
-files_pid_file(vpnc_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow vpnc_t self:capability { dac_read_search dac_override net_admin ipc_lock net_raw };
-allow vpnc_t self:process { getsched signal };
-allow vpnc_t self:fifo_file rw_fifo_file_perms;
-allow vpnc_t self:netlink_route_socket rw_netlink_socket_perms;
-allow vpnc_t self:tcp_socket create_stream_socket_perms;
-allow vpnc_t self:udp_socket create_socket_perms;
-allow vpnc_t self:rawip_socket create_socket_perms;
-allow vpnc_t self:unix_dgram_socket create_socket_perms;
-allow vpnc_t self:unix_stream_socket create_socket_perms;
-allow vpnc_t self:tun_socket { create_socket_perms relabelfrom };
-# cjp: this needs to be fixed
-allow vpnc_t self:socket create_socket_perms;
-
-manage_dirs_pattern(vpnc_t, vpnc_tmp_t, vpnc_tmp_t)
-manage_files_pattern(vpnc_t, vpnc_tmp_t, vpnc_tmp_t)
-files_tmp_filetrans(vpnc_t, vpnc_tmp_t, { file dir })
-
-manage_dirs_pattern(vpnc_t, vpnc_var_run_t, vpnc_var_run_t)
-manage_files_pattern(vpnc_t, vpnc_var_run_t, vpnc_var_run_t)
-files_pid_filetrans(vpnc_t, vpnc_var_run_t, { file dir})
-
-kernel_read_system_state(vpnc_t)
-kernel_read_network_state(vpnc_t)
-kernel_read_all_sysctls(vpnc_t)
-kernel_request_load_module(vpnc_t)
-kernel_rw_net_sysctls(vpnc_t)
-
-corenet_all_recvfrom_unlabeled(vpnc_t)
-corenet_all_recvfrom_netlabel(vpnc_t)
-corenet_tcp_sendrecv_generic_if(vpnc_t)
-corenet_udp_sendrecv_generic_if(vpnc_t)
-corenet_raw_sendrecv_generic_if(vpnc_t)
-corenet_tcp_sendrecv_generic_node(vpnc_t)
-corenet_udp_sendrecv_generic_node(vpnc_t)
-corenet_raw_sendrecv_generic_node(vpnc_t)
-corenet_tcp_sendrecv_all_ports(vpnc_t)
-corenet_udp_sendrecv_all_ports(vpnc_t)
-corenet_udp_bind_generic_node(vpnc_t)
-corenet_udp_bind_generic_port(vpnc_t)
-corenet_udp_bind_isakmp_port(vpnc_t)
-corenet_udp_bind_ipsecnat_port(vpnc_t)
-corenet_tcp_connect_all_ports(vpnc_t)
-corenet_sendrecv_all_client_packets(vpnc_t)
-corenet_sendrecv_isakmp_server_packets(vpnc_t)
-corenet_sendrecv_generic_server_packets(vpnc_t)
-corenet_rw_tun_tap_dev(vpnc_t)
-
-dev_read_rand(vpnc_t)
-dev_read_urand(vpnc_t)
-dev_read_sysfs(vpnc_t)
-
-domain_use_interactive_fds(vpnc_t)
-
-fs_getattr_xattr_fs(vpnc_t)
-fs_getattr_tmpfs(vpnc_t)
-
-term_use_all_ptys(vpnc_t)
-term_use_all_ttys(vpnc_t)
-
-corecmd_exec_all_executables(vpnc_t)
-
-files_exec_etc_files(vpnc_t)
-files_read_etc_runtime_files(vpnc_t)
-files_read_etc_files(vpnc_t)
-files_dontaudit_search_home(vpnc_t)
-
-auth_use_nsswitch(vpnc_t)
-
-libs_exec_ld_so(vpnc_t)
-libs_exec_lib_files(vpnc_t)
-
-locallogin_use_fds(vpnc_t)
-
-logging_send_syslog_msg(vpnc_t)
-logging_dontaudit_search_logs(vpnc_t)
-
-miscfiles_read_localization(vpnc_t)
-
-seutil_dontaudit_search_config(vpnc_t)
-seutil_use_newrole_fds(vpnc_t)
-
-sysnet_etc_filetrans_config(vpnc_t)
-sysnet_manage_config(vpnc_t)
-
-userdom_use_all_users_fds(vpnc_t)
-userdom_read_home_certs(vpnc_t)
-userdom_search_admin_dir(vpnc_t)
-
-optional_policy(`
-	dbus_system_bus_client(vpnc_t)
-
-	optional_policy(`
-		networkmanager_dbus_chat(vpnc_t)
-	')
-')
-
-optional_policy(`
-	networkmanager_attach_tun_iface(vpnc_t)
-')
diff --git a/policy/modules/apps/ada.fc b/policy/modules/apps/ada.fc
deleted file mode 100644
index e802ed5..0000000
--- a/policy/modules/apps/ada.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-#
-# /usr
-#
-/usr/bin/gnatbind	--	gen_context(system_u:object_r:ada_exec_t,s0)
-/usr/bin/gnatls		--	gen_context(system_u:object_r:ada_exec_t,s0)
-/usr/bin/gnatmake	--	gen_context(system_u:object_r:ada_exec_t,s0)
-/usr/libexec/gcc(/.*)?/gnat1 -- gen_context(system_u:object_r:ada_exec_t,s0)
diff --git a/policy/modules/apps/ada.if b/policy/modules/apps/ada.if
deleted file mode 100644
index 43ba21d..0000000
--- a/policy/modules/apps/ada.if
+++ /dev/null
@@ -1,45 +0,0 @@
-## <summary>GNAT Ada95 compiler</summary>
-
-########################################
-## <summary>
-##	Execute the ada program in the ada domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ada_domtrans',`
-	gen_require(`
-		type ada_t, ada_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, ada_exec_t, ada_t)
-')
-
-########################################
-## <summary>
-##	Execute ada in the ada domain, and
-##	allow the specified role the ada domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`ada_run',`
-	gen_require(`
-		type ada_t;
-	')
-
-	ada_domtrans($1)
-	role $2 types ada_t;
-')
diff --git a/policy/modules/apps/ada.te b/policy/modules/apps/ada.te
deleted file mode 100644
index 39c75fb..0000000
--- a/policy/modules/apps/ada.te
+++ /dev/null
@@ -1,24 +0,0 @@
-policy_module(ada, 1.4.0)
-
-########################################
-#
-# Declarations
-#
-
-type ada_t;
-type ada_exec_t;
-application_domain(ada_t, ada_exec_t)
-role system_r types ada_t;
-
-########################################
-#
-# Local policy
-#
-
-allow ada_t self:process { execstack execmem };
-
-userdom_use_user_terminals(ada_t)
-
-optional_policy(`
-	unconfined_domain(ada_t)
-')
diff --git a/policy/modules/apps/authbind.fc b/policy/modules/apps/authbind.fc
deleted file mode 100644
index 48cf11b..0000000
--- a/policy/modules/apps/authbind.fc
+++ /dev/null
@@ -1,3 +0,0 @@
-/etc/authbind(/.*)?			gen_context(system_u:object_r:authbind_etc_t,s0)
-
-/usr/lib(64)?/authbind/helper	--	gen_context(system_u:object_r:authbind_exec_t,s0)
diff --git a/policy/modules/apps/authbind.if b/policy/modules/apps/authbind.if
deleted file mode 100644
index d28020f..0000000
--- a/policy/modules/apps/authbind.if
+++ /dev/null
@@ -1,20 +0,0 @@
-## <summary>Tool for non-root processes to bind to reserved ports</summary>
-
-########################################
-## <summary>
-##	Use authbind to bind to a reserved port.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`authbind_domtrans',`
-	gen_require(`
-		type authbind_t, authbind_exec_t;
-	')
-
-	domtrans_pattern($1, authbind_exec_t, authbind_t)
-	allow authbind_t $1:{ tcp_socket udp_socket } rw_socket_perms;
-')
diff --git a/policy/modules/apps/authbind.te b/policy/modules/apps/authbind.te
deleted file mode 100644
index b4285f7..0000000
--- a/policy/modules/apps/authbind.te
+++ /dev/null
@@ -1,31 +0,0 @@
-policy_module(authbind, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type authbind_t;
-type authbind_exec_t;
-application_domain(authbind_t, authbind_exec_t)
-role system_r types authbind_t;
-
-type authbind_etc_t;
-files_config_file(authbind_etc_t)
-
-########################################
-#
-# Local policy
-#
-
-allow authbind_t self:capability net_bind_service;
-
-allow authbind_t authbind_etc_t:dir list_dir_perms;
-exec_files_pattern(authbind_t, authbind_etc_t, authbind_etc_t)
-read_lnk_files_pattern(authbind_t, authbind_etc_t, authbind_etc_t)
-
-files_list_etc(authbind_t)
-
-term_use_console(authbind_t)
-
-logging_send_syslog_msg(authbind_t)
diff --git a/policy/modules/apps/awstats.fc b/policy/modules/apps/awstats.fc
deleted file mode 100644
index 5f0fa49..0000000
--- a/policy/modules/apps/awstats.fc
+++ /dev/null
@@ -1,5 +0,0 @@
-/usr/share/awstats/tools/.+\.pl		--	gen_context(system_u:object_r:awstats_exec_t,s0)
-/usr/share/awstats/wwwroot(/.*)?		gen_context(system_u:object_r:httpd_awstats_content_t,s0)
-/usr/share/awstats/wwwroot/cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_awstats_script_exec_t,s0)
-
-/var/lib/awstats(/.*)?				gen_context(system_u:object_r:awstats_var_lib_t,s0)
diff --git a/policy/modules/apps/awstats.if b/policy/modules/apps/awstats.if
deleted file mode 100644
index 283ff0d..0000000
--- a/policy/modules/apps/awstats.if
+++ /dev/null
@@ -1,42 +0,0 @@
-## <summary>
-##	AWStats is a free powerful and featureful tool that generates advanced
-##	web, streaming, ftp or mail server statistics, graphically.
-## </summary>
-
-########################################
-## <summary>
-##	Read and write awstats unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`awstats_rw_pipes',`
-	gen_require(`
-		type awstats_t;
-	')
-
-	allow $1 awstats_t:fifo_file rw_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute awstats cgi scripts in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`awstats_cgi_exec',`
-	gen_require(`
-		type httpd_awstats_script_exec_t, httpd_awstats_content_t;
-	')
-
-	allow $1 httpd_awstats_content_t:dir search_dir_perms;
-	allow $1 httpd_awstats_script_exec_t:dir search_dir_perms;
-	can_exec($1, httpd_awstats_script_exec_t)
-')
diff --git a/policy/modules/apps/awstats.te b/policy/modules/apps/awstats.te
deleted file mode 100644
index 25b6f5a..0000000
--- a/policy/modules/apps/awstats.te
+++ /dev/null
@@ -1,81 +0,0 @@
-policy_module(awstats, 1.2.1)
-
-########################################
-#
-# Declarations
-#
-
-type awstats_t;
-type awstats_exec_t;
-domain_type(awstats_t)
-domain_entry_file(awstats_t, awstats_exec_t)
-role system_r types awstats_t;
-
-type awstats_tmp_t;
-files_tmp_file(awstats_tmp_t)
-
-type awstats_var_lib_t;
-files_type(awstats_var_lib_t)
-
-apache_content_template(awstats)
-
-########################################
-#
-# awstats policy
-#
-
-awstats_rw_pipes(awstats_t)
-awstats_cgi_exec(awstats_t)
-
-can_exec(awstats_t, awstats_exec_t)
-
-manage_dirs_pattern(awstats_t, awstats_tmp_t, awstats_tmp_t)
-manage_files_pattern(awstats_t, awstats_tmp_t, awstats_tmp_t)
-files_tmp_filetrans(awstats_t, awstats_tmp_t, { dir file })
-
-manage_files_pattern(awstats_t, awstats_var_lib_t, awstats_var_lib_t)
-files_var_lib_filetrans(awstats_t, awstats_var_lib_t, file)
-
-# dontaudit access to /proc/meminfo
-kernel_dontaudit_read_system_state(awstats_t)
-
-corecmd_exec_bin(awstats_t)
-corecmd_exec_shell(awstats_t)
-
-dev_read_urand(awstats_t)
-
-files_read_etc_files(awstats_t)
-# e.g. /usr/share/awstats/lang/awstats-en.txt
-files_read_usr_files(awstats_t)
-files_dontaudit_search_all_mountpoints(awstats_t)
-
-fs_list_inotifyfs(awstats_t)
-
-libs_read_lib_files(awstats_t)
-
-logging_read_generic_logs(awstats_t)
-
-miscfiles_read_localization(awstats_t)
-
-sysnet_dns_name_resolve(awstats_t)
-
-apache_read_log(awstats_t)
-
-optional_policy(`
-	cron_system_entry(awstats_t, awstats_exec_t)
-')
-
-optional_policy(`
-	# dontaudit searching nscd pid directory
-	nscd_dontaudit_search_pid(awstats_t)
-')
-
-########################################
-#
-# awstats cgi script policy
-#
-
-allow httpd_awstats_script_t awstats_var_lib_t:dir list_dir_perms;
-
-read_files_pattern(httpd_awstats_script_t, awstats_var_lib_t, awstats_var_lib_t)
-files_search_var_lib(httpd_awstats_script_t)
diff --git a/policy/modules/apps/calamaris.fc b/policy/modules/apps/calamaris.fc
deleted file mode 100644
index 9cbd0a0..0000000
--- a/policy/modules/apps/calamaris.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-#
-# /etc
-#
-/etc/cron\.daily/calamaris --	gen_context(system_u:object_r:calamaris_exec_t,s0)
-
-#
-# /var
-#
-/var/log/calamaris(/.*)?	gen_context(system_u:object_r:calamaris_log_t,s0)
-/var/www/calamaris(/.*)?	gen_context(system_u:object_r:calamaris_www_t,s0)
diff --git a/policy/modules/apps/calamaris.if b/policy/modules/apps/calamaris.if
deleted file mode 100644
index df183be..0000000
--- a/policy/modules/apps/calamaris.if
+++ /dev/null
@@ -1,21 +0,0 @@
-## <summary>Squid log analysis</summary>
-
-#######################################
-## <summary>
-##	Allow domain to read calamaris www files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`calamaris_read_www_files',`
-	gen_require(`
-		type calamaris_www_t;
-	')
-
-	allow $1 calamaris_www_t:dir list_dir_perms;
-	read_files_pattern($1, calamaris_www_t, calamaris_www_t)
-	read_lnk_files_pattern($1, calamaris_www_t, calamaris_www_t)
-')
diff --git a/policy/modules/apps/calamaris.te b/policy/modules/apps/calamaris.te
deleted file mode 100644
index 47d81d1..0000000
--- a/policy/modules/apps/calamaris.te
+++ /dev/null
@@ -1,81 +0,0 @@
-policy_module(calamaris, 1.6.0)
-
-########################################
-#
-# Declarations
-#
-
-type calamaris_t;
-type calamaris_exec_t;
-init_system_domain(calamaris_t, calamaris_exec_t)
-
-type calamaris_www_t;
-files_type(calamaris_www_t)
-
-type calamaris_log_t;
-logging_log_file(calamaris_log_t)
-
-########################################
-#
-# Local policy
-#
-
-# for when squid has a different UID
-allow calamaris_t self:capability dac_override;
-allow calamaris_t self:process { fork signal_perms setsched };
-allow calamaris_t self:fifo_file rw_fifo_file_perms;
-allow calamaris_t self:unix_stream_socket create_stream_socket_perms;
-allow calamaris_t self:tcp_socket create_stream_socket_perms;
-allow calamaris_t self:udp_socket create_socket_perms;
-
-manage_files_pattern(calamaris_t, calamaris_www_t, calamaris_www_t)
-manage_lnk_files_pattern(calamaris_t, calamaris_www_t, calamaris_www_t)
-
-manage_files_pattern(calamaris_t, calamaris_log_t, calamaris_log_t)
-logging_log_filetrans(calamaris_t, calamaris_log_t, { file dir })
-
-kernel_read_all_sysctls(calamaris_t)
-kernel_read_system_state(calamaris_t)
-
-corecmd_exec_bin(calamaris_t)
-
-corenet_all_recvfrom_unlabeled(calamaris_t)
-corenet_all_recvfrom_netlabel(calamaris_t)
-corenet_tcp_sendrecv_generic_if(calamaris_t)
-corenet_udp_sendrecv_generic_if(calamaris_t)
-corenet_tcp_sendrecv_generic_node(calamaris_t)
-corenet_udp_sendrecv_generic_node(calamaris_t)
-corenet_tcp_sendrecv_all_ports(calamaris_t)
-corenet_udp_sendrecv_all_ports(calamaris_t)
-
-dev_read_urand(calamaris_t)
-
-files_search_pids(calamaris_t)
-files_read_etc_files(calamaris_t)
-files_read_usr_files(calamaris_t)
-files_read_var_files(calamaris_t)
-files_read_etc_runtime_files(calamaris_t)
-
-libs_read_lib_files(calamaris_t)
-
-auth_use_nsswitch(calamaris_t)
-
-logging_send_syslog_msg(calamaris_t)
-
-miscfiles_read_localization(calamaris_t)
-
-userdom_dontaudit_list_user_home_dirs(calamaris_t)
-
-squid_read_log(calamaris_t)
-
-optional_policy(`
-	apache_search_sys_content(calamaris_t)
-')
-
-optional_policy(`
-	cron_system_entry(calamaris_t, calamaris_exec_t)
-')
-
-optional_policy(`
-	mta_send_mail(calamaris_t)
-')
diff --git a/policy/modules/apps/cdrecord.fc b/policy/modules/apps/cdrecord.fc
deleted file mode 100644
index 91697cc..0000000
--- a/policy/modules/apps/cdrecord.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-#
-# /usr
-#
-/usr/bin/cdrecord	--	gen_context(system_u:object_r:cdrecord_exec_t,s0)
-/usr/bin/growisofs	--	gen_context(system_u:object_r:cdrecord_exec_t,s0)
-/usr/bin/wodim		--	gen_context(system_u:object_r:cdrecord_exec_t,s0)
diff --git a/policy/modules/apps/cdrecord.if b/policy/modules/apps/cdrecord.if
deleted file mode 100644
index 1582faf..0000000
--- a/policy/modules/apps/cdrecord.if
+++ /dev/null
@@ -1,33 +0,0 @@
-## <summary>Policy for cdrecord</summary>
-
-########################################
-## <summary>
-##	Role access for cdrecord
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`cdrecord_role',`
-	gen_require(`
-		type cdrecord_t, cdrecord_exec_t;
-	')
-
-	role $1 types cdrecord_t;
-
-	# Transition from the user domain to the derived domain.
-	domtrans_pattern($2, cdrecord_exec_t, cdrecord_t)
-
-	allow cdrecord_t $2:unix_stream_socket { getattr read write ioctl };
-
-	# allow ps to show cdrecord and allow the user to kill it 
-	ps_process_pattern($2, cdrecord_t)
-	allow $2 cdrecord_t:process signal;
-')
diff --git a/policy/modules/apps/cdrecord.te b/policy/modules/apps/cdrecord.te
deleted file mode 100644
index 1403835..0000000
--- a/policy/modules/apps/cdrecord.te
+++ /dev/null
@@ -1,120 +0,0 @@
-policy_module(cdrecord, 2.3.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Allow cdrecord to read various content.
-## nfs, samba, removable devices, user temp
-## and untrusted content files
-## </p>
-## </desc>
-gen_tunable(cdrecord_read_content, false)
-
-type cdrecord_t;
-type cdrecord_exec_t;
-typealias cdrecord_t alias { user_cdrecord_t staff_cdrecord_t sysadm_cdrecord_t };
-typealias cdrecord_t alias { auditadm_cdrecord_t secadm_cdrecord_t };
-application_domain(cdrecord_t, cdrecord_exec_t)
-ubac_constrained(cdrecord_t)
-
-########################################
-#
-# Local policy
-#
-
-allow cdrecord_t self:capability { ipc_lock sys_nice setuid dac_override sys_rawio };
-allow cdrecord_t self:process { getcap getsched setsched sigkill };
-allow cdrecord_t self:unix_dgram_socket create_socket_perms;
-allow cdrecord_t self:unix_stream_socket create_stream_socket_perms;
-
-# growisofs uses mkisofs
-corecmd_exec_bin(cdrecord_t) 
-
-# allow searching for cdrom-drive
-dev_list_all_dev_nodes(cdrecord_t) 
-dev_read_sysfs(cdrecord_t)
-
-domain_interactive_fd(cdrecord_t)
-domain_use_interactive_fds(cdrecord_t)
-
-files_read_etc_files(cdrecord_t)
-
-term_use_controlling_term(cdrecord_t)
-term_list_ptys(cdrecord_t)
-
-# allow cdrecord to write the CD
-storage_raw_read_removable_device(cdrecord_t)
-storage_raw_write_removable_device(cdrecord_t)
-storage_write_scsi_generic(cdrecord_t)
-
-logging_send_syslog_msg(cdrecord_t)
-
-miscfiles_read_localization(cdrecord_t)
-
-# write to the user domain tty.
-userdom_use_user_terminals(cdrecord_t)
-userdom_read_user_home_content_files(cdrecord_t)
-
-# Handle nfs home dirs
-tunable_policy(`cdrecord_read_content && use_nfs_home_dirs',`
-	fs_list_auto_mountpoints(cdrecord_t)
-	files_list_home(cdrecord_t)
-	fs_read_nfs_files(cdrecord_t)
-	fs_read_nfs_symlinks(cdrecord_t)
-
-',`
-	files_dontaudit_list_home(cdrecord_t)
-	fs_dontaudit_list_auto_mountpoints(cdrecord_t)
-	fs_dontaudit_read_nfs_files(cdrecord_t)
-	fs_dontaudit_list_nfs(cdrecord_t)
-')
-# Handle samba home dirs
-tunable_policy(`cdrecord_read_content && use_samba_home_dirs',`
-	fs_list_auto_mountpoints(cdrecord_t)
-	files_list_home(cdrecord_t)
-	fs_read_cifs_files(cdrecord_t)
-	fs_read_cifs_symlinks(cdrecord_t)
-',`
-	files_dontaudit_list_home(cdrecord_t)
-	fs_dontaudit_list_auto_mountpoints(cdrecord_t)
-	fs_dontaudit_read_cifs_files(cdrecord_t)
-	fs_dontaudit_list_cifs(cdrecord_t)
-')
-
-# Handle removable media, /tmp, and /home
-tunable_policy(`cdrecord_read_content',`
-	userdom_list_user_tmp(cdrecord_t)
-	userdom_read_user_tmp_files(cdrecord_t)
-	userdom_read_user_tmp_symlinks(cdrecord_t)
-	userdom_read_user_home_content_files(cdrecord_t)
-	userdom_read_user_home_content_symlinks(cdrecord_t)
-
-	ifndef(`enable_mls',`
-		fs_search_removable(cdrecord_t)
-		fs_read_removable_files(cdrecord_t)
-		fs_read_removable_symlinks(cdrecord_t)
-	')
-',`
-	files_dontaudit_list_tmp(cdrecord_t)
-	files_dontaudit_list_home(cdrecord_t)
-	fs_dontaudit_list_removable(cdrecord_t)
-	fs_dontaudit_read_removable_files(cdrecord_t)
-	userdom_dontaudit_list_user_tmp(cdrecord_t)
-	userdom_dontaudit_read_user_tmp_files(cdrecord_t)
-	userdom_dontaudit_list_user_home_dirs(cdrecord_t)
-	userdom_dontaudit_read_user_home_content_files(cdrecord_t)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	files_search_mnt(cdrecord_t)
-	fs_read_nfs_files(cdrecord_t)
-	fs_read_nfs_symlinks(cdrecord_t)
-')
-
-optional_policy(`
-	resmgr_stream_connect(cdrecord_t)
-')
diff --git a/policy/modules/apps/chrome.fc b/policy/modules/apps/chrome.fc
deleted file mode 100644
index 432fb25..0000000
--- a/policy/modules/apps/chrome.fc
+++ /dev/null
@@ -1,3 +0,0 @@
- /opt/google/chrome/chrome-sandbox	--	gen_context(system_u:object_r:chrome_sandbox_exec_t,s0)
-
-/usr/lib(64)?/chromium-browser/chrome-sandbox	--	gen_context(system_u:object_r:chrome_sandbox_exec_t,s0)
diff --git a/policy/modules/apps/chrome.if b/policy/modules/apps/chrome.if
deleted file mode 100644
index 5ef90cd..0000000
--- a/policy/modules/apps/chrome.if
+++ /dev/null
@@ -1,90 +0,0 @@
-
-## <summary>policy for chrome</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run chrome_sandbox.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`chrome_domtrans_sandbox',`
-	gen_require(`
-		type chrome_sandbox_t, chrome_sandbox_exec_t;
-	')
-
-	domtrans_pattern($1,chrome_sandbox_exec_t,chrome_sandbox_t)
-	ps_process_pattern(chrome_sandbox_t, $1)
-ifdef(`hide_broken_symptoms', `
-	dontaudit chrome_sandbox_t $1:socket_class_set { read write };
-	fs_dontaudit_rw_anon_inodefs_files(chrome_sandbox_t)
-')
-')
-
-
-########################################
-## <summary>
-##	Execute chrome_sandbox in the chrome_sandbox domain, and
-##	allow the specified role the chrome_sandbox domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed the chrome_sandbox domain.
-##	</summary>
-## </param>
-#
-interface(`chrome_run_sandbox',`
-	gen_require(`
-		type chrome_sandbox_t;
-	')
-
-	chrome_domtrans_sandbox($1)
-	role $2 types chrome_sandbox_t;
-')
-
-########################################
-## <summary>
-##	Role access for chrome sandbox
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`chrome_role',`
-	gen_require(`
-              type chrome_sandbox_t;
-              type chrome_sandbox_tmpfs_t;
-	')
-
-	role $1 types chrome_sandbox_t;
-
-	chrome_domtrans_sandbox($2)
-
-	ps_process_pattern($2, chrome_sandbox_t)
-	allow $2 chrome_sandbox_t:process signal_perms;
-
-	allow chrome_sandbox_t $2:unix_dgram_socket { read write };
-	allow $2 chrome_sandbox_t:unix_dgram_socket { read write };
-	allow chrome_sandbox_t $2:unix_stream_socket { read write };
-	allow $2 chrome_sandbox_t:unix_stream_socket { read write };
-
-	allow $2 chrome_sandbox_t:shm rw_shm_perms;
-
-	allow $2 chrome_sandbox_tmpfs_t:file rw_file_perms;
-')
-
diff --git a/policy/modules/apps/chrome.te b/policy/modules/apps/chrome.te
deleted file mode 100644
index 4e92e87..0000000
--- a/policy/modules/apps/chrome.te
+++ /dev/null
@@ -1,92 +0,0 @@
-policy_module(chrome,1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type chrome_sandbox_t;
-type chrome_sandbox_exec_t;
-application_domain(chrome_sandbox_t, chrome_sandbox_exec_t)
-role system_r types chrome_sandbox_t;
-
-type chrome_sandbox_tmp_t;
-files_tmp_file(chrome_sandbox_tmp_t)
-
-type chrome_sandbox_tmpfs_t;
-files_tmpfs_file(chrome_sandbox_tmpfs_t)
-ubac_constrained(chrome_sandbox_tmpfs_t)
-
-########################################
-#
-# chrome_sandbox local policy
-#
-allow chrome_sandbox_t self:capability { chown dac_override fsetid setgid setuid sys_admin sys_chroot sys_ptrace };
-allow chrome_sandbox_t self:process { signal_perms setrlimit execmem execstack };
-allow chrome_sandbox_t self:fifo_file manage_file_perms;
-allow chrome_sandbox_t self:unix_stream_socket create_stream_socket_perms;
-allow chrome_sandbox_t self:unix_dgram_socket { create_socket_perms sendto };
-allow chrome_sandbox_t self:shm create_shm_perms;
-
-manage_dirs_pattern(chrome_sandbox_t, chrome_sandbox_tmp_t, chrome_sandbox_tmp_t)
-manage_files_pattern(chrome_sandbox_t, chrome_sandbox_tmp_t, chrome_sandbox_tmp_t)
-files_tmp_filetrans(chrome_sandbox_t, chrome_sandbox_tmp_t, { dir file })
-
-manage_files_pattern(chrome_sandbox_t, chrome_sandbox_tmpfs_t, chrome_sandbox_tmpfs_t)
-fs_tmpfs_filetrans(chrome_sandbox_t, chrome_sandbox_tmpfs_t, file)
-
-kernel_read_system_state(chrome_sandbox_t)
-kernel_read_kernel_sysctls(chrome_sandbox_t)
-
-fs_manage_cgroup_dirs(chrome_sandbox_t)
-fs_manage_cgroup_files(chrome_sandbox_t)
-
-corecmd_exec_bin(chrome_sandbox_t)
-
-domain_dontaudit_read_all_domains_state(chrome_sandbox_t)
-
-dev_read_urand(chrome_sandbox_t)
-dev_read_sysfs(chrome_sandbox_t)
-dev_rwx_zero(chrome_sandbox_t)
-
-files_read_etc_files(chrome_sandbox_t)
-files_read_usr_files(chrome_sandbox_t)
-
-fs_dontaudit_getattr_all_fs(chrome_sandbox_t)
-
-userdom_rw_user_tmpfs_files(chrome_sandbox_t)
-userdom_use_user_ptys(chrome_sandbox_t)
-userdom_write_inherited_user_tmp_files(chrome_sandbox_t)
-userdom_read_inherited_user_home_content_files(chrome_sandbox_t)
-userdom_dontaudit_use_user_terminals(chrome_sandbox_t)
-
-miscfiles_read_localization(chrome_sandbox_t)
-miscfiles_read_fonts(chrome_sandbox_t)
-
-sysnet_dontaudit_read_config(chrome_sandbox_t)
-
-optional_policy(`
-	execmem_exec(chrome_sandbox_t)
-')
-
-optional_policy(`
-	gnome_rw_inherited_config(chrome_sandbox_t)
-	gnome_list_home_config(chrome_sandbox_t)
-')
-
-optional_policy(`
-	xserver_use_user_fonts(chrome_sandbox_t)
-	xserver_user_x_domain_template(chrome_sandbox, chrome_sandbox_t, chrome_sandbox_tmpfs_t)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_search_nfs(chrome_sandbox_t)
-	fs_read_inherited_nfs_files(chrome_sandbox_t)
-	fs_read_nfs_symlinks(chrome_sandbox_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_search_cifs(chrome_sandbox_t)
-	fs_read_inherited_cifs_files(chrome_sandbox_t)
-	fs_dontaudit_append_cifs_files(chrome_sandbox_t)
-')
diff --git a/policy/modules/apps/cpufreqselector.fc b/policy/modules/apps/cpufreqselector.fc
deleted file mode 100644
index b187f0f..0000000
--- a/policy/modules/apps/cpufreqselector.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/bin/cpufreq-selector	--	gen_context(system_u:object_r:cpufreqselector_exec_t,s0)
diff --git a/policy/modules/apps/cpufreqselector.if b/policy/modules/apps/cpufreqselector.if
deleted file mode 100644
index ed94975..0000000
--- a/policy/modules/apps/cpufreqselector.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>Command-line CPU frequency settings.</summary>
diff --git a/policy/modules/apps/cpufreqselector.te b/policy/modules/apps/cpufreqselector.te
deleted file mode 100644
index 899e234..0000000
--- a/policy/modules/apps/cpufreqselector.te
+++ /dev/null
@@ -1,52 +0,0 @@
-policy_module(cpufreqselector, 1.1.1)
-
-########################################
-#
-# Declarations
-#
-
-type cpufreqselector_t;
-type cpufreqselector_exec_t;
-application_domain(cpufreqselector_t, cpufreqselector_exec_t)
-
-########################################
-#
-# cpufreq-selector local policy
-#
-
-allow cpufreqselector_t self:capability { sys_nice sys_ptrace };
-allow cpufreqselector_t self:fifo_file rw_fifo_file_perms;
-
-files_read_etc_files(cpufreqselector_t)
-files_read_usr_files(cpufreqselector_t)
-
-corecmd_search_bin(cpufreqselector_t)
-
-dev_rw_sysfs(cpufreqselector_t)
-
-miscfiles_read_localization(cpufreqselector_t)
-
-userdom_read_all_users_state(cpufreqselector_t)
-userdom_dontaudit_search_admin_dir(cpufreqselector_t)
-
-optional_policy(`
-	dbus_system_domain(cpufreqselector_t, cpufreqselector_exec_t)
-
-	optional_policy(`
-		consolekit_dbus_chat(cpufreqselector_t)
-	')
-
-	optional_policy(`
-		policykit_dbus_chat(cpufreqselector_t)
-	')
-')
-
-optional_policy(`
-	nscd_dontaudit_search_pid(cpufreqselector_t)
-')
-
-optional_policy(`
-	policykit_domtrans_auth(cpufreqselector_t)
-	policykit_read_lib(cpufreqselector_t)
-	policykit_read_reload(cpufreqselector_t)
-')
diff --git a/policy/modules/apps/evolution.fc b/policy/modules/apps/evolution.fc
deleted file mode 100644
index c011277..0000000
--- a/policy/modules/apps/evolution.fc
+++ /dev/null
@@ -1,21 +0,0 @@
-#
-# HOME_DIR/
-#
-
-HOME_DIR/\.camel_certs(/.*)?					gen_context(system_u:object_r:evolution_home_t,s0)
-HOME_DIR/\.evolution(/.*)?					gen_context(system_u:object_r:evolution_home_t,s0)
-
-#
-# /tmp
-#
-/tmp/\.exchange-USER(/.*)?					gen_context(system_u:object_r:evolution_exchange_tmp_t,s0)
-
-#
-# /usr
-#
-/usr/bin/evolution.*					--	gen_context(system_u:object_r:evolution_exec_t,s0)
-
-/usr/libexec/evolution/.*evolution-alarm-notify.*	--	gen_context(system_u:object_r:evolution_alarm_exec_t,s0)
-/usr/libexec/evolution/.*evolution-exchange-storage.*	--	gen_context(system_u:object_r:evolution_exchange_exec_t,s0)
-/usr/libexec/evolution-data-server.*			--	gen_context(system_u:object_r:evolution_server_exec_t,s0)
-/usr/libexec/evolution-webcal.*				--	gen_context(system_u:object_r:evolution_webcal_exec_t,s0)
diff --git a/policy/modules/apps/evolution.if b/policy/modules/apps/evolution.if
deleted file mode 100644
index 1cb204c..0000000
--- a/policy/modules/apps/evolution.if
+++ /dev/null
@@ -1,153 +0,0 @@
-## <summary>Evolution email client</summary>
-
-########################################
-## <summary>
-##	Role access for evolution
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`evolution_role',`
-	gen_require(`
-		type evolution_t, evolution_exec_t, evolution_home_t;
-		type evolution_alarm_t, evolution_alarm_exec_t;
-		type evolution_exchange_t, evolution_exchange_exec_t;
-		type evolution_exchange_orbit_tmp_t;
-		type evolution_server_t, evolution_server_exec_t;
-		type evolution_webcal_t, evolution_webcal_exec_t;
-	')
-
-	role $1 types { evolution_t evolution_alarm_t evolution_exchange_t };
-	role $1 types { evolution_server_t evolution_webcal_t };
-
-	domtrans_pattern($2, evolution_exec_t, evolution_t)
-	domtrans_pattern($2, evolution_alarm_exec_t, evolution_alarm_t)
-	domtrans_pattern($2, evolution_exchange_exec_t, evolution_exchange_t)
-	domtrans_pattern($2, evolution_server_exec_t, evolution_server_t)
-	domtrans_pattern($2, evolution_webcal_exec_t, evolution_webcal_t)
-
-	ps_process_pattern($2, evolution_t)
-	ps_process_pattern($2, evolution_alarm_t)
-	ps_process_pattern($2, evolution_exchange_t)
-	ps_process_pattern($2, evolution_server_t)
-	ps_process_pattern($2, evolution_webcal_t)
-
-	allow evolution_t $2:dir search;
-	allow evolution_t $2:file read;
-	allow evolution_t $2:lnk_file read;
-	allow evolution_t $2:unix_stream_socket connectto;
-
-	allow $2 evolution_t:unix_stream_socket connectto;
-	allow $2 evolution_t:process noatsecure;
-	allow $2 evolution_t:process signal_perms;
-
-	# Access .evolution
-	allow $2 evolution_home_t:dir manage_dir_perms;
-	allow $2 evolution_home_t:file manage_file_perms;
-	allow $2 evolution_home_t:lnk_file manage_lnk_file_perms;
-	allow $2 evolution_home_t:{ dir file lnk_file } { relabelfrom relabelto };
-
-	allow evolution_exchange_t $2:unix_stream_socket connectto;
-
-	# Clock applet talks to exchange (FIXME: Needs policy)
-	allow $2 evolution_exchange_t:unix_stream_socket connectto;
-	allow $2 evolution_exchange_orbit_tmp_t:sock_file write;
-')
-
-########################################
-## <summary>
-##	Create objects in users evolution home folders.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="file_type">
-##	<summary>
-##	Private file type.
-##	</summary>
-## </param>
-## <param name="class">
-##	<summary>
-##	The object class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`evolution_home_filetrans',`
-	gen_require(`
-		type evolution_home_t;
-	')
-
-	allow $1 evolution_home_t:dir rw_dir_perms;
-	type_transition $1 evolution_home_t:$3 $2;
-')
-
-########################################
-## <summary>
-##	Connect to evolution unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`evolution_stream_connect',`
-	gen_require(`
-		type evolution_t, evolution_home_t;
-	')
-
-	allow $1 evolution_t:unix_stream_socket connectto;
-	allow $1 evolution_home_t:dir search;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	evolution over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`evolution_dbus_chat',`
-	gen_require(`
-		type evolution_t;
-		class dbus send_msg;
-	')
-
-	allow $1 evolution_t:dbus send_msg;
-	allow evolution_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	evolution_alarm over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`evolution_alarm_dbus_chat',`
-	gen_require(`
-		type evolution_alarm_t;
-		class dbus send_msg;
-	')
-
-	allow $1 evolution_alarm_t:dbus send_msg;
-	allow evolution_alarm_t $1:dbus send_msg;
-')
diff --git a/policy/modules/apps/evolution.te b/policy/modules/apps/evolution.te
deleted file mode 100644
index e15a20c..0000000
--- a/policy/modules/apps/evolution.te
+++ /dev/null
@@ -1,618 +0,0 @@
-policy_module(evolution, 2.1.2)
-
-########################################
-#
-# Declarations
-#
-
-type evolution_t;
-type evolution_exec_t;
-typealias evolution_t alias { user_evolution_t staff_evolution_t sysadm_evolution_t };
-typealias evolution_t alias { auditadm_evolution_t secadm_evolution_t };
-application_domain(evolution_t, evolution_exec_t)
-ubac_constrained(evolution_t)
-
-type evolution_alarm_t;
-type evolution_alarm_exec_t;
-typealias evolution_alarm_t alias { user_evolution_alarm_t staff_evolution_alarm_t sysadm_evolution_alarm_t };
-typealias evolution_alarm_t alias { auditadm_evolution_alarm_t secadm_evolution_alarm_t };
-application_domain(evolution_alarm_t, evolution_alarm_exec_t)
-ubac_constrained(evolution_alarm_t)
-
-type evolution_alarm_tmpfs_t;
-typealias evolution_alarm_tmpfs_t alias { user_evolution_alarm_tmpfs_t staff_evolution_alarm_tmpfs_t sysadm_evolution_alarm_tmpfs_t };
-typealias evolution_alarm_tmpfs_t alias { auditadm_evolution_alarm_tmpfs_t secadm_evolution_alarm_tmpfs_t };
-files_tmpfs_file(evolution_alarm_tmpfs_t)
-ubac_constrained(evolution_alarm_tmpfs_t)
-
-type evolution_alarm_orbit_tmp_t;
-typealias evolution_alarm_orbit_tmp_t alias { user_evolution_alarm_orbit_tmp_t staff_evolution_alarm_orbit_tmp_t sysadm_evolution_alarm_orbit_tmp_t };
-typealias evolution_alarm_orbit_tmp_t alias { auditadm_evolution_alarm_orbit_tmp_t secadm_evolution_alarm_orbit_tmp_t };
-files_tmp_file(evolution_alarm_orbit_tmp_t)
-ubac_constrained(evolution_alarm_orbit_tmp_t)
-
-type evolution_exchange_t;
-type evolution_exchange_exec_t;
-typealias evolution_exchange_t alias { user_evolution_exchange_t staff_evolution_exchange_t sysadm_evolution_exchange_t };
-typealias evolution_exchange_t alias { auditadm_evolution_exchange_t secadm_evolution_exchange_t };
-application_domain(evolution_exchange_t, evolution_exchange_exec_t)
-ubac_constrained(evolution_exchange_t)
-
-type evolution_exchange_tmpfs_t;
-typealias evolution_exchange_tmpfs_t alias { user_evolution_exchange_tmpfs_t staff_evolution_exchange_tmpfs_t sysadm_evolution_exchange_tmpfs_t };
-typealias evolution_exchange_tmpfs_t alias { auditadm_evolution_exchange_tmpfs_t secadm_evolution_exchange_tmpfs_t };
-files_tmpfs_file(evolution_exchange_tmpfs_t)
-ubac_constrained(evolution_exchange_tmpfs_t)
-
-type evolution_exchange_tmp_t;
-typealias evolution_exchange_tmp_t alias { user_evolution_exchange_tmp_t staff_evolution_exchange_tmp_t sysadm_evolution_exchange_tmp_t };
-typealias evolution_exchange_tmp_t alias { auditadm_evolution_exchange_tmp_t secadm_evolution_exchange_tmp_t };
-files_tmp_file(evolution_exchange_tmp_t)
-ubac_constrained(evolution_exchange_tmp_t)
-
-type evolution_exchange_orbit_tmp_t;
-typealias evolution_exchange_orbit_tmp_t alias { user_evolution_exchange_orbit_tmp_t staff_evolution_exchange_orbit_tmp_t sysadm_evolution_exchange_orbit_tmp_t };
-typealias evolution_exchange_orbit_tmp_t alias { auditadm_evolution_exchange_orbit_tmp_t secadm_evolution_exchange_orbit_tmp_t };
-files_tmp_file(evolution_exchange_orbit_tmp_t)
-ubac_constrained(evolution_exchange_orbit_tmp_t)
-
-type evolution_home_t;
-typealias evolution_home_t alias { user_evolution_home_t staff_evolution_home_t sysadm_evolution_home_t };
-typealias evolution_home_t alias { auditadm_evolution_home_t secadm_evolution_home_t };
-userdom_user_home_content(evolution_home_t)
-
-type evolution_orbit_tmp_t;
-typealias evolution_home_t alias { user_evolution_orbit_tmp_t staff_evolution_orbit_tmp_t sysadm_evolution_orbit_tmp_t };
-typealias evolution_home_t alias { auditadm_evolution_orbit_tmp_t secadm_evolution_orbit_tmp_t };
-files_tmp_file(evolution_orbit_tmp_t)
-ubac_constrained(evolution_orbit_tmp_t)
-
-type evolution_server_t;
-type evolution_server_exec_t;
-typealias evolution_server_t alias { user_evolution_server_t staff_evolution_server_t sysadm_evolution_server_t };
-typealias evolution_server_t alias { auditadm_evolution_server_t secadm_evolution_server_t };
-application_domain(evolution_server_t, evolution_server_exec_t)
-ubac_constrained(evolution_server_t)
-
-type evolution_server_orbit_tmp_t;
-typealias evolution_server_orbit_tmp_t alias { user_evolution_server_orbit_tmp_t staff_evolution_server_orbit_tmp_t sysadm_evolution_server_orbit_tmp_t };
-typealias evolution_server_orbit_tmp_t alias { auditadm_evolution_server_orbit_tmp_t secadm_evolution_server_orbit_tmp_t };
-files_tmp_file(evolution_server_orbit_tmp_t)
-ubac_constrained(evolution_server_orbit_tmp_t)
-
-type evolution_tmpfs_t;
-typealias evolution_tmpfs_t alias { user_evolution_tmpfs_t staff_evolution_tmpfs_t sysadm_evolution_tmpfs_t };
-typealias evolution_tmpfs_t alias { auditadm_evolution_tmpfs_t secadm_evolution_tmpfs_t };
-files_tmpfs_file(evolution_tmpfs_t)
-ubac_constrained(evolution_tmpfs_t)
-
-type evolution_webcal_t;
-type evolution_webcal_exec_t;
-typealias evolution_webcal_t alias { user_evolution_webcal_t staff_evolution_webcal_t sysadm_evolution_webcal_t };
-typealias evolution_webcal_t alias { auditadm_evolution_webcal_t secadm_evolution_webcal_t };
-application_domain(evolution_webcal_t, evolution_webcal_exec_t)
-ubac_constrained(evolution_webcal_t)
-
-type evolution_webcal_tmpfs_t;
-typealias evolution_webcal_tmpfs_t alias { user_evolution_webcal_tmpfs_t staff_evolution_webcal_tmpfs_t sysadm_evolution_webcal_tmpfs_t };
-typealias evolution_webcal_tmpfs_t alias { auditadm_evolution_webcal_tmpfs_t secadm_evolution_webcal_tmpfs_t };
-files_tmpfs_file(evolution_webcal_tmpfs_t)
-ubac_constrained(evolution_webcal_tmpfs_t)
-
-########################################
-#
-# Evolution local policy
-#
-
-allow evolution_t self:capability { setuid setgid sys_nice };
-allow evolution_t self:process { signal getsched setsched };
-allow evolution_t self:fifo_file rw_file_perms;
-allow evolution_t self:tcp_socket create_socket_perms;
-allow evolution_t self:udp_socket create_socket_perms;
-
-allow evolution_t evolution_alarm_t:dir search_dir_perms;
-allow evolution_t evolution_alarm_t:file read;
-
-allow evolution_t evolution_alarm_t:unix_stream_socket connectto;
-allow evolution_t evolution_alarm_orbit_tmp_t:sock_file write;
-
-can_exec(evolution_t, evolution_alarm_exec_t)
-
-allow evolution_t evolution_exchange_t:unix_stream_socket connectto;
-allow evolution_t evolution_exchange_orbit_tmp_t:sock_file write;
-
-allow evolution_t evolution_home_t:dir manage_dir_perms;
-allow evolution_t evolution_home_t:file manage_file_perms;
-allow evolution_t evolution_home_t:lnk_file manage_lnk_file_perms;
-userdom_search_user_home_dirs(evolution_t)
-
-allow evolution_t evolution_orbit_tmp_t:dir manage_dir_perms;
-allow evolution_t evolution_orbit_tmp_t:file manage_file_perms;
-files_tmp_filetrans(evolution_t, evolution_orbit_tmp_t, { dir file })
-
-allow evolution_server_t evolution_orbit_tmp_t:dir manage_dir_perms;
-allow evolution_server_t evolution_orbit_tmp_t:file manage_file_perms;
-files_tmp_filetrans(evolution_server_t, evolution_orbit_tmp_t, { dir file })
-
-allow evolution_t evolution_server_t:dir search_dir_perms;
-allow evolution_t evolution_server_t:file read;
-
-allow evolution_t evolution_server_t:unix_stream_socket connectto;
-allow evolution_t evolution_server_orbit_tmp_t:sock_file write;
-
-can_exec(evolution_t, evolution_server_exec_t)
-
-allow evolution_t evolution_tmpfs_t:dir rw_dir_perms;
-allow evolution_t evolution_tmpfs_t:file manage_file_perms;
-allow evolution_t evolution_tmpfs_t:lnk_file manage_lnk_file_perms;
-allow evolution_t evolution_tmpfs_t:sock_file manage_sock_file_perms;
-allow evolution_t evolution_tmpfs_t:fifo_file manage_fifo_file_perms;
-fs_tmpfs_filetrans(evolution_t, evolution_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-#FIXME check to see if really needed
-kernel_read_kernel_sysctls(evolution_t)
-kernel_read_system_state(evolution_t)
-# Allow netstat
-kernel_read_network_state(evolution_t)
-kernel_read_net_sysctls(evolution_t)
-
-corecmd_exec_shell(evolution_t)
-# Run various programs
-corecmd_exec_bin(evolution_t)
-
-corenet_all_recvfrom_unlabeled(evolution_t)
-corenet_all_recvfrom_netlabel(evolution_t)
-corenet_tcp_sendrecv_generic_if(evolution_t)
-corenet_udp_sendrecv_generic_if(evolution_t)
-corenet_raw_sendrecv_generic_if(evolution_t)
-corenet_tcp_sendrecv_generic_node(evolution_t)
-corenet_udp_sendrecv_generic_node(evolution_t)
-corenet_tcp_sendrecv_pop_port(evolution_t)
-corenet_udp_sendrecv_pop_port(evolution_t)
-corenet_tcp_sendrecv_smtp_port(evolution_t)
-corenet_udp_sendrecv_smtp_port(evolution_t)
-corenet_tcp_sendrecv_innd_port(evolution_t)
-corenet_udp_sendrecv_innd_port(evolution_t)
-corenet_tcp_sendrecv_ldap_port(evolution_t)
-corenet_udp_sendrecv_ldap_port(evolution_t)
-corenet_tcp_sendrecv_ipp_port(evolution_t)
-corenet_udp_sendrecv_ipp_port(evolution_t)
-corenet_tcp_connect_pop_port(evolution_t)
-corenet_tcp_connect_smtp_port(evolution_t)
-corenet_tcp_connect_innd_port(evolution_t)
-corenet_tcp_connect_ldap_port(evolution_t)
-corenet_tcp_connect_ipp_port(evolution_t)
-corenet_sendrecv_pop_client_packets(evolution_t)
-corenet_sendrecv_smtp_client_packets(evolution_t)
-corenet_sendrecv_innd_client_packets(evolution_t)
-corenet_sendrecv_ldap_client_packets(evolution_t)
-corenet_sendrecv_ipp_client_packets(evolution_t)
-# not sure about this bind
-corenet_udp_bind_generic_node(evolution_t)
-corenet_udp_bind_generic_port(evolution_t)
-
-dev_read_urand(evolution_t)
-
-domain_dontaudit_read_all_domains_state(evolution_t)
-
-files_read_etc_files(evolution_t)
-files_read_usr_files(evolution_t)
-files_read_usr_symlinks(evolution_t)
-files_read_var_files(evolution_t)
-
-fs_search_auto_mountpoints(evolution_t)
-
-logging_send_syslog_msg(evolution_t)
-
-miscfiles_read_localization(evolution_t)
-
-sysnet_read_config(evolution_t)
-sysnet_dns_name_resolve(evolution_t)
-
-udev_read_state(evolution_t)
-
-userdom_rw_user_tmp_files(evolution_t)
-userdom_manage_user_tmp_dirs(evolution_t)
-userdom_manage_user_tmp_sockets(evolution_t)
-userdom_manage_user_tmp_files(evolution_t)
-userdom_use_user_terminals(evolution_t)
-# FIXME: suppress access to .local/.icons/.themes until properly implemented
-# FIXME: suppress access to .gaim/blist.xml (buddy list synchronization)
-# until properly implemented
-userdom_dontaudit_read_user_home_content_files(evolution_t)
-
-mta_read_config(evolution_t)
-
-xserver_user_x_domain_template(evolution, evolution_t, evolution_tmpfs_t)
-xserver_read_xdm_tmp_files(evolution_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(evolution_t)
-	fs_manage_nfs_files(evolution_t)
-	fs_manage_nfs_symlinks(evolution_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(evolution_t)
-	fs_manage_cifs_files(evolution_t)
-	fs_manage_cifs_symlinks(evolution_t)
-')
-
-tunable_policy(`mail_read_content && use_nfs_home_dirs',`
-	fs_list_auto_mountpoints(evolution_t)
-	files_list_home(evolution_t)
-	fs_read_nfs_files(evolution_t)
-	fs_read_nfs_symlinks(evolution_t)
-
-',`
-	files_dontaudit_list_home(evolution_t)
-	fs_dontaudit_list_auto_mountpoints(evolution_t)
-	fs_dontaudit_read_nfs_files(evolution_t)
-	fs_dontaudit_list_nfs(evolution_t)
-')
-
-tunable_policy(`mail_read_content && use_samba_home_dirs',`
-	fs_list_auto_mountpoints(evolution_t)
-	files_list_home(evolution_t)
-	fs_read_cifs_files(evolution_t)
-	fs_read_cifs_symlinks(evolution_t)
-',`
-	files_dontaudit_list_home(evolution_t)
-	fs_dontaudit_list_auto_mountpoints(evolution_t)
-	fs_dontaudit_read_cifs_files(evolution_t)
-	fs_dontaudit_list_cifs(evolution_t)
-')
-
-tunable_policy(`mail_read_content',`
-	userdom_list_user_tmp(evolution_t)
-	userdom_read_user_tmp_files(evolution_t)
-	userdom_read_user_tmp_symlinks(evolution_t)
-	userdom_read_user_home_content_files(evolution_t)
-	userdom_read_user_home_content_symlinks(evolution_t)
-
-	ifndef(`enable_mls',`
-		fs_search_removable(evolution_t)
-		fs_read_removable_files(evolution_t)
-		fs_read_removable_symlinks(evolution_t)
-	')
-',`
-	files_dontaudit_list_tmp(evolution_t)
-	files_dontaudit_list_home(evolution_t)
-	fs_dontaudit_list_removable(evolution_t)
-	fs_dontaudit_read_removable_files(evolution_t)
-	userdom_dontaudit_list_user_tmp(evolution_t)
-	userdom_dontaudit_read_user_tmp_files(evolution_t)
-	userdom_dontaudit_list_user_home_dirs(evolution_t)
-	userdom_dontaudit_read_user_home_content_files(evolution_t)
-')
-
-optional_policy(`
-	automount_read_state(evolution_t)
-')
-
-# Allow printing the mail
-optional_policy(`
-	cups_read_rw_config(evolution_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(evolution_t)
-	dbus_session_bus_client(evolution_t)
-')
-
-optional_policy(`
-	gnome_stream_connect_gconf(evolution_t)
-')
-
-# Encrypt mail
-optional_policy(`
-	gpg_domtrans(evolution_t)
-	gpg_signal(evolution_t)
-')
-
-optional_policy(`
-	lpd_domtrans_lpr(evolution_t)
-')
-
-optional_policy(`
-	mozilla_read_user_home_files(evolution_t)
-	mozilla_domtrans(evolution_t)
-')
-
-# Allow POP/IMAP/SMTP/NNTP/LDAP/IPP(printing)
-optional_policy(`
-	nis_use_ypbind(evolution_t)
-')
-
-optional_policy(`
-	nscd_socket_use(evolution_t)
-')
-
-### Junk mail filtering (start spamd)
-optional_policy(`
-	spamassassin_exec_spamd(evolution_t)
-	spamassassin_domtrans_client(evolution_t)
-	spamassassin_domtrans_local_client(evolution_t)
-	# Allow evolution to signal the daemon
-	# FIXME: Now evolution can read spamd temp files
-	spamassassin_read_spamd_tmp_files(evolution_t)
-	spamassassin_signal_spamd(evolution_t)
-	spamassassin_dontaudit_getattr_spamd_tmp_sockets(evolution_t)
-')
-
-########################################
-#
-# Evolution alarm local policy
-#
-
-allow evolution_alarm_t self:process { signal getsched };
-allow evolution_alarm_t self:fifo_file rw_fifo_file_perms;
-
-allow evolution_alarm_t evolution_t:unix_stream_socket connectto;
-allow evolution_alarm_t evolution_orbit_tmp_t:sock_file write;
-
-allow evolution_alarm_t evolution_alarm_tmpfs_t:dir rw_dir_perms;
-allow evolution_alarm_t evolution_alarm_tmpfs_t:file manage_file_perms;
-allow evolution_alarm_t evolution_alarm_tmpfs_t:lnk_file manage_lnk_file_perms;
-allow evolution_alarm_t evolution_alarm_tmpfs_t:sock_file manage_sock_file_perms;
-allow evolution_alarm_t evolution_alarm_tmpfs_t:fifo_file manage_fifo_file_perms;
-fs_tmpfs_filetrans(evolution_alarm_t, evolution_alarm_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-allow evolution_alarm_t evolution_exchange_t:unix_stream_socket connectto;
-allow evolution_alarm_t evolution_exchange_orbit_tmp_t:sock_file write;
-
-# Access evolution home
-allow evolution_alarm_t evolution_home_t:dir manage_dir_perms;
-allow evolution_alarm_t evolution_home_t:file manage_file_perms;
-allow evolution_alarm_t evolution_home_t:lnk_file manage_lnk_file_perms;
-
-allow evolution_alarm_t evolution_server_t:unix_stream_socket connectto;
-allow evolution_alarm_t evolution_server_orbit_tmp_t:sock_file write;
-
-dev_read_urand(evolution_alarm_t)
-
-files_read_etc_files(evolution_alarm_t)
-files_read_usr_files(evolution_alarm_t)
-
-fs_search_auto_mountpoints(evolution_alarm_t)
-
-miscfiles_read_localization(evolution_alarm_t)
-
-# Access evolution home
-userdom_search_user_home_dirs(evolution_alarm_t)
-# FIXME: suppress access to .local/.icons/.themes until properly implemented
-# FIXME: suppress access to .gaim/blist.xml (buddy list synchronization)
-# until properly implemented
-userdom_dontaudit_read_user_home_content_files(evolution_alarm_t)
-
-xserver_user_x_domain_template(evolution_alarm, evolution_alarm_t, evolution_alarm_tmpfs_t)
-
-# Access evolution home
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_files(evolution_alarm_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_files(evolution_alarm_t)
-')
-
-optional_policy(`
-	dbus_session_bus_client(evolution_alarm_t)
-')
-
-optional_policy(`
-	gnome_stream_connect_gconf(evolution_alarm_t)
-')
-
-optional_policy(`
-	nscd_socket_use(evolution_alarm_t)
-')
-
-########################################
-#
-# Evolution exchange connector local policy
-#
-
-allow evolution_exchange_t self:process getsched;
-allow evolution_exchange_t self:fifo_file rw_fifo_file_perms;
-
-allow evolution_exchange_t self:tcp_socket create_socket_perms;
-allow evolution_exchange_t self:udp_socket create_socket_perms;
-
-allow evolution_exchange_t evolution_t:unix_stream_socket connectto;
-allow evolution_exchange_t evolution_orbit_tmp_t:sock_file write;
-
-allow evolution_exchange_t evolution_alarm_t:unix_stream_socket connectto;
-allow evolution_exchange_t evolution_alarm_orbit_tmp_t:sock_file write;
-
-# Access evolution home
-allow evolution_exchange_t evolution_home_t:dir manage_dir_perms;
-allow evolution_exchange_t evolution_home_t:file manage_file_perms;
-allow evolution_exchange_t evolution_home_t:lnk_file manage_lnk_file_perms;
-
-allow evolution_exchange_t evolution_server_t:unix_stream_socket connectto;
-allow evolution_exchange_t evolution_server_orbit_tmp_t:sock_file write;
-
-# /tmp/.exchange-$USER
-allow evolution_exchange_t evolution_exchange_tmp_t:dir manage_dir_perms;
-allow evolution_exchange_t evolution_exchange_tmp_t:file manage_file_perms;
-files_tmp_filetrans(evolution_exchange_t, evolution_exchange_tmp_t, { file dir })
-
-allow evolution_exchange_t evolution_exchange_tmpfs_t:dir rw_dir_perms;
-allow evolution_exchange_t evolution_exchange_tmpfs_t:file manage_file_perms;
-allow evolution_exchange_t evolution_exchange_tmpfs_t:lnk_file manage_lnk_file_perms;
-allow evolution_exchange_t evolution_exchange_tmpfs_t:sock_file manage_sock_file_perms;
-allow evolution_exchange_t evolution_exchange_tmpfs_t:fifo_file manage_fifo_file_perms;
-fs_tmpfs_filetrans(evolution_exchange_t, evolution_exchange_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-kernel_read_network_state(evolution_exchange_t)
-kernel_read_net_sysctls(evolution_exchange_t)
-
-# Allow netstat
-corecmd_exec_bin(evolution_exchange_t)
-
-dev_read_urand(evolution_exchange_t)
-
-files_read_etc_files(evolution_exchange_t)
-files_read_usr_files(evolution_exchange_t)
-
-# Access evolution home
-fs_search_auto_mountpoints(evolution_exchange_t)
-
-miscfiles_read_localization(evolution_exchange_t)
-
-userdom_write_user_tmp_sockets(evolution_exchange_t)
-# Access evolution home
-userdom_search_user_home_dirs(evolution_exchange_t)
-# FIXME: suppress access to .local/.icons/.themes until properly implemented
-# FIXME: suppress access to .gaim/blist.xml (buddy list synchronization)
-# until properly implemented
-userdom_dontaudit_read_user_home_content_files(evolution_exchange_t)
-
-xserver_user_x_domain_template(evolution_exchange, evolution_exchange_t, evolution_exchange_tmpfs_t)
-
-# Access evolution home
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_files(evolution_exchange_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_files(evolution_exchange_t)
-')
-
-optional_policy(`
-	gnome_stream_connect_gconf(evolution_exchange_t)
-')
-
-optional_policy(`
-	nscd_socket_use(evolution_exchange_t)
-')
-
-########################################
-#
-# Evolution data server local policy
-#
-
-allow evolution_server_t self:process { getsched signal };
-
-allow evolution_server_t self:fifo_file { read write };
-allow evolution_server_t self:unix_stream_socket { accept connectto };
-# Talk to ldap (address book),
-# Obtain weather data via http (read server name from xml file in /usr)
-allow evolution_server_t self:tcp_socket create_socket_perms;
-
-allow evolution_server_t evolution_t:unix_stream_socket connectto;
-allow evolution_server_t evolution_orbit_tmp_t:sock_file write;
-
-allow evolution_server_t evolution_exchange_t:unix_stream_socket connectto;
-allow evolution_server_t evolution_exchange_orbit_tmp_t:sock_file write;
-
-# Access evolution home
-allow evolution_server_t evolution_home_t:dir manage_dir_perms;
-allow evolution_server_t evolution_home_t:file manage_file_perms;
-allow evolution_server_t evolution_home_t:lnk_file manage_lnk_file_perms;
-
-allow evolution_server_t evolution_alarm_t:unix_stream_socket connectto;
-allow evolution_server_t evolution_alarm_orbit_tmp_t:sock_file write;
-
-kernel_read_system_state(evolution_server_t)
-
-corecmd_exec_shell(evolution_server_t)
-
-# Obtain weather data via http (read server name from xml file in /usr)
-corenet_all_recvfrom_unlabeled(evolution_server_t)
-corenet_all_recvfrom_netlabel(evolution_server_t)
-corenet_tcp_sendrecv_generic_if(evolution_server_t)
-corenet_tcp_sendrecv_generic_node(evolution_server_t)
-corenet_tcp_sendrecv_http_port(evolution_server_t)
-corenet_tcp_sendrecv_http_cache_port(evolution_server_t)
-corenet_tcp_connect_http_cache_port(evolution_server_t)
-corenet_tcp_connect_http_port(evolution_server_t)
-corenet_sendrecv_http_client_packets(evolution_server_t)
-corenet_sendrecv_http_cache_client_packets(evolution_server_t)
-
-dev_read_urand(evolution_server_t)
-
-files_read_etc_files(evolution_server_t)
-# Obtain weather data via http (read server name from xml file in /usr)
-files_read_usr_files(evolution_server_t)
-
-fs_search_auto_mountpoints(evolution_server_t)
-
-miscfiles_read_localization(evolution_server_t)
-# Look in /etc/pki
-miscfiles_read_generic_certs(evolution_server_t)
-
-# Talk to ldap (address book)
-sysnet_read_config(evolution_server_t)
-sysnet_dns_name_resolve(evolution_server_t)
-sysnet_use_ldap(evolution_server_t)
-
-# Access evolution home
-userdom_search_user_home_dirs(evolution_server_t)
-# FIXME: suppress access to .local/.icons/.themes until properly implemented
-# FIXME: suppress access to .gaim/blist.xml (buddy list synchronization)
-# until properly implemented
-userdom_dontaudit_read_user_home_content_files(evolution_server_t)
-
-# Access evolution home
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_files(evolution_server_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_files(evolution_server_t)
-')
-
-optional_policy(`
-	gnome_stream_connect_gconf(evolution_server_t)
-')
-
-optional_policy(`
-	nscd_socket_use(evolution_server_t)
-')
-
-########################################
-#
-# Evolution webcal local policy
-#
-
-allow evolution_webcal_t self:tcp_socket create_socket_perms;
-
-# X/evolution common stuff
-allow evolution_webcal_t evolution_webcal_tmpfs_t:dir rw_dir_perms;
-allow evolution_webcal_t evolution_webcal_tmpfs_t:file manage_file_perms;
-allow evolution_webcal_t evolution_webcal_tmpfs_t:lnk_file manage_lnk_file_perms;
-allow evolution_webcal_t evolution_webcal_tmpfs_t:sock_file manage_sock_file_perms;
-allow evolution_webcal_t evolution_webcal_tmpfs_t:fifo_file manage_fifo_file_perms;
-fs_tmpfs_filetrans(evolution_webcal_t, evolution_webcal_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-corenet_all_recvfrom_unlabeled(evolution_webcal_t)
-corenet_all_recvfrom_netlabel(evolution_webcal_t)
-corenet_tcp_sendrecv_generic_if(evolution_webcal_t)
-corenet_raw_sendrecv_generic_if(evolution_webcal_t)
-corenet_tcp_sendrecv_generic_node(evolution_webcal_t)
-corenet_raw_sendrecv_generic_node(evolution_webcal_t)
-corenet_tcp_sendrecv_http_port(evolution_webcal_t)
-corenet_tcp_sendrecv_http_cache_port(evolution_webcal_t)
-corenet_tcp_connect_http_cache_port(evolution_webcal_t)
-corenet_tcp_connect_http_port(evolution_webcal_t)
-corenet_sendrecv_http_client_packets(evolution_webcal_t)
-corenet_sendrecv_http_cache_client_packets(evolution_webcal_t)
-
-# Networking capability - connect to website and handle ics link
-sysnet_read_config(evolution_webcal_t)
-sysnet_dns_name_resolve(evolution_webcal_t)
-
-# Search home directory (?)
-userdom_search_user_home_dirs(evolution_webcal_t)
-# FIXME: suppress access to .local/.icons/.themes until properly implemented
-# FIXME: suppress access to .gaim/blist.xml (buddy list synchronization)
-# until properly implemented
-userdom_dontaudit_read_user_home_content_files(evolution_webcal_t)
-
-xserver_user_x_domain_template(evolution_webcal, evolution_webcal_t, evolution_webcal_tmpfs_t)
-
-optional_policy(`
-	nscd_socket_use(evolution_webcal_t)
-')
diff --git a/policy/modules/apps/execmem.fc b/policy/modules/apps/execmem.fc
deleted file mode 100644
index 9bd4f45..0000000
--- a/policy/modules/apps/execmem.fc
+++ /dev/null
@@ -1,48 +0,0 @@
-
-/usr/bin/aticonfig	--	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/bin/compiz		--	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/bin/darcs 		--	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/bin/dosbox		--	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/bin/haddock.*  	--	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/bin/hasktags   	--	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/bin/plasma-desktop	--	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/bin/runghc	   	--	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/bin/runhaskell	--	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/bin/sbcl	     	--	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/bin/skype		--	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/bin/valgrind	--	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/sbin/vboxadd-service 	--	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/sbin/VBox.* 	--	gen_context(system_u:object_r:execmem_exec_t,s0)
-
-ifdef(`distro_gentoo',`
-/usr/lib32/openoffice/program/[^/]+\.bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
-')
-/usr/lib(64)?/chromium-browser/chromium-browser  gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/lib64/erlang/erts-[^/]+/bin/beam.smp --	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/lib/erlang/erts-[^/]+/bin/beam.smp --	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/lib64/R/bin/exec/R	   	--	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/lib/R/bin/exec/R	   	--	gen_context(system_u:object_r:execmem_exec_t,s0)
-
-/usr/libexec/ghc-[^/]+/.*bin  --	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/libexec/ghc-[^/]+/ghc.*  --	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/lib(64)?/ghc-[^/]+/ghc.*  --	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/lib/ia32el/ia32x_loader 	--	gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/lib(64)/virtualbox/VirtualBox  --	gen_context(system_u:object_r:execmem_exec_t,s0)
-
-/opt/real/(.*/)?realplay\.bin --	gen_context(system_u:object_r:execmem_exec_t,s0)
-
-/opt/real/RealPlayer/realplay\.bin --	gen_context(system_u:object_r:execmem_exec_t,s0)
-
-/usr/local/RealPlayer/realplay\.bin --	gen_context(system_u:object_r:execmem_exec_t,s0)
-
-/usr/lib/wingide-[^/]+/bin/PyCore/python -- gen_context(system_u:object_r:execmem_exec_t,s0)
-/usr/lib/thunderbird-[^/]+/thunderbird-bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
-
-/opt/Adobe.*AIR/.*/Resources/Adobe.AIR.Updater -- gen_context(system_u:object_r:execmem_exec_t,s0)
-/opt/Adobe.*AIR/.*/Resources/Adobe.AIR.Application -- gen_context(system_u:object_r:execmem_exec_t,s0)
-
-/opt/likewise/bin/domainjoin-cli -- gen_context(system_u:object_r:execmem_exec_t,s0)
-
-/opt/google/chrome/chrome -- gen_context(system_u:object_r:execmem_exec_t,s0)
-/opt/google/chrome/google-chrome -- gen_context(system_u:object_r:execmem_exec_t,s0)
-/opt/Komodo-Edit-5/lib/mozilla/komodo-bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
diff --git a/policy/modules/apps/execmem.if b/policy/modules/apps/execmem.if
deleted file mode 100644
index 06ed3de..0000000
--- a/policy/modules/apps/execmem.if
+++ /dev/null
@@ -1,110 +0,0 @@
-## <summary>execmem domain</summary>
-
-########################################
-## <summary>
-##	Execute the execmem program in the execmem domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`execmem_exec',`
-	gen_require(`
-		type execmem_exec_t;
-	')
-
-	can_exec($1, execmem_exec_t)
-')
-
-#######################################
-## <summary>
-##	The role template for the execmem module.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a derived domains which are used
-##	for execmem applications.
-##	</p>
-## </desc>
-## <param name="role_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-template(`execmem_role_template',`
-	gen_require(`
-		type execmem_exec_t;
-	')
-
-	type $1_execmem_t;
-	domain_type($1_execmem_t)
-	domain_entry_file($1_execmem_t, execmem_exec_t)
-	role $2 types $1_execmem_t;
-
-	userdom_unpriv_usertype($1, $1_execmem_t)
-	userdom_manage_tmp_role($2, $1_execmem_t)
-	userdom_manage_tmpfs_role($2, $1_execmem_t)
-
-	allow $1_execmem_t self:process { execmem execstack };
-	allow $3 $1_execmem_t:process { getattr ptrace noatsecure signal_perms };
-	domtrans_pattern($3, execmem_exec_t, $1_execmem_t)
-ifdef(`hide_broken_symptoms', `
-	dontaudit $1_execmem_t $3:socket_class_set { read write };
-')
-	files_execmod_tmp($1_execmem_t)
-
-	optional_policy(`
-		chrome_role($2, $1_execmem_t)
-	')
-
-	optional_policy(`
-		mozilla_execmod_user_home_files($1_execmem_t)
-	')
-
-	optional_policy(`
-		nsplugin_rw_shm($1_execmem_t)
-		nsplugin_rw_semaphores($1_execmem_t)
-	')
-
-	optional_policy(`
-		xserver_role($2, $1_execmem_t)
-	')
-')
-
-########################################
-## <summary>
-##	Execute a execmem_exec file
-##	in the specified domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the new process.
-##	</summary>
-## </param>
-#
-interface(`execmem_domtrans',`
-	gen_require(`
-		type execmem_exec_t;
-	')
-
-	domtrans_pattern($1, execmem_exec_t, $2)
-')
diff --git a/policy/modules/apps/execmem.te b/policy/modules/apps/execmem.te
deleted file mode 100644
index a7d37e2..0000000
--- a/policy/modules/apps/execmem.te
+++ /dev/null
@@ -1,10 +0,0 @@
-policy_module(execmem, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type execmem_exec_t alias unconfined_execmem_exec_t;
-application_executable_file(execmem_exec_t)
-
diff --git a/policy/modules/apps/firewallgui.fc b/policy/modules/apps/firewallgui.fc
deleted file mode 100644
index ce498b3..0000000
--- a/policy/modules/apps/firewallgui.fc
+++ /dev/null
@@ -1,3 +0,0 @@
-
-/usr/share/system-config-firewall/system-config-firewall-mechanism.py	--	gen_context(system_u:object_r:firewallgui_exec_t,s0)
-
diff --git a/policy/modules/apps/firewallgui.if b/policy/modules/apps/firewallgui.if
deleted file mode 100644
index 7fe26f3..0000000
--- a/policy/modules/apps/firewallgui.if
+++ /dev/null
@@ -1,41 +0,0 @@
-
-## <summary>policy for firewallgui</summary>
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	firewallgui over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`firewallgui_dbus_chat',`
-	gen_require(`
-		type firewallgui_t;
-		class dbus send_msg;
-	')
-
-	allow $1 firewallgui_t:dbus send_msg;
-	allow firewallgui_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Read and write firewallgui unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`firewallgui_dontaudit_rw_pipes',`
-	gen_require(`
-		type firewallgui_t;
-	')
-
-	dontaudit $1 firewallgui_t:fifo_file rw_inherited_fifo_file_perms;
-')
diff --git a/policy/modules/apps/firewallgui.te b/policy/modules/apps/firewallgui.te
deleted file mode 100644
index 0bbd523..0000000
--- a/policy/modules/apps/firewallgui.te
+++ /dev/null
@@ -1,66 +0,0 @@
-policy_module(firewallgui,1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type firewallgui_t;
-type firewallgui_exec_t;
-dbus_system_domain(firewallgui_t, firewallgui_exec_t)
-
-type firewallgui_tmp_t;
-files_tmp_file(firewallgui_tmp_t)
-
-########################################
-#
-# firewallgui local policy
-#
-
-allow firewallgui_t self:capability { net_admin sys_rawio } ;
-allow firewallgui_t self:fifo_file rw_fifo_file_perms;
-
-manage_files_pattern(firewallgui_t,firewallgui_tmp_t,firewallgui_tmp_t)
-manage_dirs_pattern(firewallgui_t,firewallgui_tmp_t,firewallgui_tmp_t)
-files_tmp_filetrans(firewallgui_t,firewallgui_tmp_t, { file dir })
-
-kernel_read_system_state(firewallgui_t)
-kernel_read_network_state(firewallgui_t)
-kernel_rw_net_sysctls(firewallgui_t)
-kernel_rw_kernel_sysctl(firewallgui_t)
-kernel_rw_vm_sysctls(firewallgui_t)
-
-corecmd_exec_shell(firewallgui_t)
-corecmd_exec_bin(firewallgui_t)
-consoletype_exec(firewallgui_t)
-
-dev_read_urand(firewallgui_t)
-dev_read_sysfs(firewallgui_t)
-
-files_manage_system_conf_files(firewallgui_t)
-files_etc_filetrans_system_conf(firewallgui_t)
-files_read_etc_files(firewallgui_t)
-files_read_usr_files(firewallgui_t)
-files_search_kernel_modules(firewallgui_t)
-files_list_kernel_modules(firewallgui_t)
-
-iptables_domtrans(firewallgui_t)
-iptables_initrc_domtrans(firewallgui_t)
-
-modutils_getattr_module_deps(firewallgui_t)
-
-miscfiles_read_localization(firewallgui_t)
-
-userdom_dontaudit_search_user_home_dirs(firewallgui_t)
-
-nscd_dontaudit_search_pid(firewallgui_t)
-nscd_socket_use(firewallgui_t)
-
-optional_policy(`
-	gnome_read_gconf_home_files(firewallgui_t)
-')
-
-optional_policy(`
-        policykit_dbus_chat(firewallgui_t)
-')
-
diff --git a/policy/modules/apps/games.fc b/policy/modules/apps/games.fc
deleted file mode 100644
index 78dc515..0000000
--- a/policy/modules/apps/games.fc
+++ /dev/null
@@ -1,66 +0,0 @@
-#
-# /usr
-#
-/usr/lib/games(/.*)? 		gen_context(system_u:object_r:games_exec_t,s0)
-/usr/games/.*		--	gen_context(system_u:object_r:games_exec_t,s0)
-
-#
-# /var
-#
-/var/lib/games(/.*)? 		gen_context(system_u:object_r:games_data_t,s0)
-/var/games(/.*)?		gen_context(system_u:object_r:games_data_t,s0)
-
-ifndef(`distro_debian',`
-/usr/bin/micq		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/blackjack	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gataxx		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/glines		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnect		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnibbles	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnobots2	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnome-stones	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnomine	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnotravex	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnotski	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gtali		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/iagno		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/mahjongg	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/same-gnome	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/sol		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/atlantik	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kasteroids	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/katomic	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kbackgammon	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kbattleship	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kblackbox	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kbounce	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kenolaba	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kfouleggs	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kgoldrunner	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kjumpingcube	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/klickety	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/klines		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kmahjongg	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kmines		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kolf		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/konquest	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kpat		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kpoker		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kreversi	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ksame		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kshisen	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ksirtet	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ksmiletris	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ksnake		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ksokoban	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kspaceduel	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ktron		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ktuberling	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kwin4		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kwin4proc	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/lskat		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/lskatproc	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/Maelstrom	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/civclient.*	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/civserver.*	--	gen_context(system_u:object_r:games_exec_t,s0)
-')dnl end non-Debian section
diff --git a/policy/modules/apps/games.if b/policy/modules/apps/games.if
deleted file mode 100644
index 7ac736d..0000000
--- a/policy/modules/apps/games.if
+++ /dev/null
@@ -1,51 +0,0 @@
-## <summary>Games</summary>
-
-############################################################
-## <summary>
-##	Role access for games
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`games_role',`
-	gen_require(`
-		type games_t, games_exec_t;
-	')
-
-	role $1 types games_t;
-
-	domtrans_pattern($2, games_exec_t, games_t)
-	allow $2 games_t:unix_stream_socket connectto;
-	allow games_t $2:unix_stream_socket connectto;
-
-	# Allow the user domain to signal/ps.
-	ps_process_pattern($2, games_t)
-	allow $2 games_t:process signal_perms;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read/write
-##	games data.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`games_rw_data',`
-	gen_require(`
-		type games_data_t;
-	')
-
-	rw_files_pattern($1, games_data_t, games_data_t)
-')
diff --git a/policy/modules/apps/games.te b/policy/modules/apps/games.te
deleted file mode 100644
index ac4f509..0000000
--- a/policy/modules/apps/games.te
+++ /dev/null
@@ -1,181 +0,0 @@
-policy_module(games, 2.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type games_t;
-type games_exec_t;
-typealias games_t alias { user_games_t staff_games_t sysadm_games_t };
-typealias games_t alias { auditadm_games_t secadm_games_t };
-application_domain(games_t, games_exec_t)
-ubac_constrained(games_t)
-
-type games_data_t;
-typealias games_data_t alias { user_games_data_t staff_games_data_t sysadm_games_data_t };
-typealias games_data_t alias { auditadm_games_data_t secadm_games_data_t };
-files_type(games_data_t)
-ubac_constrained(games_data_t)
-
-type games_devpts_t;
-typealias games_devpts_t alias { user_games_devpts_t staff_games_devpts_t sysadm_games_devpts_t };
-typealias games_devpts_t alias { auditadm_games_devpts_t secadm_games_devpts_t };
-term_pty(games_devpts_t)
-ubac_constrained(games_devpts_t)
-
-# games_srv_t is for system operation of games, generic games daemons and
-# games recovery scripts
-type games_srv_t;
-init_system_domain(games_srv_t, games_exec_t)
-
-type games_srv_var_run_t;
-files_pid_file(games_srv_var_run_t)
-
-type games_tmp_t;
-typealias games_tmp_t alias { user_games_tmp_t staff_games_tmp_t sysadm_games_tmp_t };
-typealias games_tmp_t alias { auditadm_games_tmp_t secadm_games_tmp_t };
-files_tmp_file(games_tmp_t)
-ubac_constrained(games_tmp_t)
-
-type games_tmpfs_t;
-typealias games_tmpfs_t alias { user_games_tmpfs_t staff_games_tmpfs_t sysadm_games_tmpfs_t };
-typealias games_tmpfs_t alias { auditadm_games_tmpfs_t secadm_games_tmpfs_t };
-files_tmpfs_file(games_tmpfs_t)
-ubac_constrained(games_tmpfs_t)
-
-########################################
-#
-# Server local policy
-#
-
-dontaudit games_srv_t self:capability sys_tty_config;
-allow games_srv_t self:process signal_perms;
-
-manage_files_pattern(games_srv_t, games_data_t, games_data_t)
-manage_lnk_files_pattern(games_srv_t, games_data_t, games_data_t)
-
-manage_files_pattern(games_srv_t, games_srv_var_run_t, games_srv_var_run_t)
-files_pid_filetrans(games_srv_t, games_srv_var_run_t, file)
-
-can_exec(games_srv_t, games_exec_t)
-
-kernel_read_kernel_sysctls(games_srv_t)
-kernel_list_proc(games_srv_t)
-kernel_read_proc_symlinks(games_srv_t)
-
-dev_read_sysfs(games_srv_t)
-
-fs_getattr_all_fs(games_srv_t)
-fs_search_auto_mountpoints(games_srv_t)
-
-term_dontaudit_use_console(games_srv_t)
-
-domain_use_interactive_fds(games_srv_t)
-
-init_use_fds(games_srv_t)
-init_use_script_ptys(games_srv_t)
-
-logging_send_syslog_msg(games_srv_t)
-
-miscfiles_read_localization(games_srv_t)
-
-userdom_dontaudit_use_unpriv_user_fds(games_srv_t)
-
-userdom_dontaudit_search_user_home_dirs(games_srv_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(games_srv_t)
-')
-
-optional_policy(`
-	udev_read_db(games_srv_t)
-')
-
-########################################
-#
-# Local policy
-#
-
-allow games_t self:sem create_sem_perms;
-allow games_t self:tcp_socket create_stream_socket_perms;
-allow games_t self:udp_socket create_socket_perms;
-
-manage_files_pattern(games_t, games_data_t, games_data_t)
-manage_lnk_files_pattern(games_t, games_data_t, games_data_t)
-
-allow games_t games_devpts_t:chr_file { rw_chr_file_perms setattr };
-term_create_pty(games_t, games_devpts_t)
-
-manage_dirs_pattern(games_t, games_tmp_t, games_tmp_t)
-manage_files_pattern(games_t, games_tmp_t, games_tmp_t)
-files_tmp_filetrans(games_t, games_tmp_t, { file dir })
-
-manage_files_pattern(games_t, games_tmpfs_t, games_tmpfs_t)
-manage_lnk_files_pattern(games_t, games_tmpfs_t, games_tmpfs_t)
-manage_fifo_files_pattern(games_t, games_tmpfs_t, games_tmpfs_t)
-manage_sock_files_pattern(games_t, games_tmpfs_t, games_tmpfs_t)
-fs_tmpfs_filetrans(games_t, games_tmpfs_t, { file lnk_file sock_file fifo_file })
-
-can_exec(games_t, games_exec_t)
-
-kernel_read_system_state(games_t)
-
-corecmd_exec_bin(games_t)
-
-corenet_all_recvfrom_unlabeled(games_t)
-corenet_all_recvfrom_netlabel(games_t)
-corenet_tcp_sendrecv_generic_if(games_t)
-corenet_udp_sendrecv_generic_if(games_t)
-corenet_tcp_sendrecv_generic_node(games_t)
-corenet_udp_sendrecv_generic_node(games_t)
-corenet_tcp_sendrecv_all_ports(games_t)
-corenet_udp_sendrecv_all_ports(games_t)
-corenet_tcp_bind_generic_node(games_t)
-corenet_tcp_bind_generic_port(games_t)
-corenet_tcp_connect_generic_port(games_t)
-corenet_sendrecv_generic_client_packets(games_t)
-corenet_sendrecv_generic_server_packets(games_t)
-
-dev_read_sound(games_t)
-dev_write_sound(games_t)
-dev_read_input(games_t)
-dev_read_mouse(games_t)
-dev_read_urand(games_t)
-
-files_list_var(games_t)
-files_search_var_lib(games_t)
-files_dontaudit_search_var(games_t)
-files_read_etc_files(games_t)
-files_read_usr_files(games_t)
-files_read_var_files(games_t)
-
-init_dontaudit_rw_utmp(games_t)
-
-logging_dontaudit_search_logs(games_t)
-
-miscfiles_read_man_pages(games_t)
-miscfiles_read_localization(games_t)
-
-sysnet_read_config(games_t)
-
-userdom_manage_user_tmp_dirs(games_t)
-userdom_manage_user_tmp_files(games_t)
-userdom_manage_user_tmp_symlinks(games_t)
-userdom_manage_user_tmp_sockets(games_t)
-# Suppress .icons denial until properly implemented
-userdom_dontaudit_read_user_home_content_files(games_t)
-
-tunable_policy(`allow_execmem',`
-	allow games_t self:process execmem;
-')
-
-optional_policy(`
-	nscd_socket_use(games_t)
-')
-
-optional_policy(`
-	xserver_user_x_domain_template(games, games_t, games_tmpfs_t)
-	xserver_create_xdm_tmp_sockets(games_t)
-	xserver_read_xdm_lib_files(games_t)
-')
diff --git a/policy/modules/apps/gift.fc b/policy/modules/apps/gift.fc
deleted file mode 100644
index df7ced4..0000000
--- a/policy/modules/apps/gift.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-HOME_DIR/\.giFT(/.*)?			gen_context(system_u:object_r:gift_home_t,s0)
-
-/usr/(local/)?bin/apollon	-- 	gen_context(system_u:object_r:gift_exec_t,s0)
-/usr/(local/)?bin/giftd		--	gen_context(system_u:object_r:giftd_exec_t,s0)
-/usr/(local/)?bin/giftui	-- 	gen_context(system_u:object_r:gift_exec_t,s0)
-/usr/(local/)?bin/giFToxic	--	gen_context(system_u:object_r:gift_exec_t,s0)
diff --git a/policy/modules/apps/gift.if b/policy/modules/apps/gift.if
deleted file mode 100644
index c9b90d3..0000000
--- a/policy/modules/apps/gift.if
+++ /dev/null
@@ -1,42 +0,0 @@
-## <summary>giFT peer to peer file sharing tool</summary>
-
-############################################################
-## <summary>
-##	Role access for gift
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`gift_role',`
-	gen_require(`
-		type gift_t, gift_exec_t;
-		type giftd_t, giftd_exec_t;
-		type gift_home_t;
-	')
-
-	role $1 types { gift_t giftd_t };
-
-	# transition from user domain
-	domtrans_pattern($2, gift_exec_t, gift_t)
-	domtrans_pattern($2, giftd_exec_t, giftd_t)
-
-	# user managed content
-	manage_dirs_pattern($2, gift_home_t, gift_home_t)
-	manage_files_pattern($2, gift_home_t, gift_home_t)
-	manage_lnk_files_pattern($2, gift_home_t, gift_home_t)
-	relabel_dirs_pattern($2, gift_home_t, gift_home_t)
-	relabel_files_pattern($2, gift_home_t, gift_home_t)
-	relabel_lnk_files_pattern($2, gift_home_t, gift_home_t)
-
-	# Allow the user domain to signal/ps.
-	ps_process_pattern($2, { gift_t giftd_t })
-	allow $2 { gift_t giftd_t }:process signal_perms;
-')
diff --git a/policy/modules/apps/gift.te b/policy/modules/apps/gift.te
deleted file mode 100644
index f378681..0000000
--- a/policy/modules/apps/gift.te
+++ /dev/null
@@ -1,147 +0,0 @@
-policy_module(gift, 2.1.1)
-
-########################################
-#
-# Declarations
-#
-
-type gift_t;
-type gift_exec_t;
-typealias gift_t alias { user_gift_t staff_gift_t sysadm_gift_t };
-typealias gift_t alias { auditadm_gift_t secadm_gift_t };
-application_domain(gift_t, gift_exec_t)
-ubac_constrained(gift_t)
-
-type gift_home_t;
-typealias gift_home_t alias { user_gift_home_t staff_gift_home_t sysadm_gift_home_t };
-typealias gift_home_t alias { auditadm_gift_home_t secadm_gift_home_t };
-userdom_user_home_content(gift_home_t)
-
-type gift_tmpfs_t;
-typealias gift_tmpfs_t alias { user_gift_tmpfs_t staff_gift_tmpfs_t sysadm_gift_tmpfs_t };
-typealias gift_tmpfs_t alias { auditadm_gift_tmpfs_t secadm_gift_tmpfs_t };
-files_tmpfs_file(gift_tmpfs_t)
-ubac_constrained(gift_tmpfs_t)
-
-type giftd_t;
-type giftd_exec_t;
-typealias giftd_t alias { user_giftd_t staff_giftd_t sysadm_giftd_t };
-typealias giftd_t alias { auditadm_giftd_t secadm_giftd_t };
-application_domain(giftd_t, giftd_exec_t)
-ubac_constrained(giftd_t)
-
-##############################
-#
-# giFT user interface local policy
-#
-
-allow gift_t self:tcp_socket create_socket_perms;
-
-manage_files_pattern(gift_t, gift_tmpfs_t, gift_tmpfs_t)
-manage_lnk_files_pattern(gift_t, gift_tmpfs_t, gift_tmpfs_t)
-manage_fifo_files_pattern(gift_t, gift_tmpfs_t, gift_tmpfs_t)
-manage_sock_files_pattern(gift_t, gift_tmpfs_t, gift_tmpfs_t)
-fs_tmpfs_filetrans(gift_t, gift_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-manage_dirs_pattern(gift_t, gift_home_t, gift_home_t)
-manage_files_pattern(gift_t, gift_home_t, gift_home_t)
-manage_lnk_files_pattern(gift_t, gift_home_t, gift_home_t)
-userdom_user_home_dir_filetrans(gift_t, gift_home_t, dir)
-
-# Launch gift daemon
-domtrans_pattern(gift_t, giftd_exec_t, giftd_t)
-
-# Read /proc/meminfo
-kernel_read_system_state(gift_t)
-
-# Connect to gift daemon
-corenet_all_recvfrom_unlabeled(gift_t)
-corenet_all_recvfrom_netlabel(gift_t)
-corenet_tcp_sendrecv_generic_if(gift_t)
-corenet_tcp_sendrecv_generic_node(gift_t)
-corenet_tcp_sendrecv_giftd_port(gift_t)
-corenet_tcp_connect_giftd_port(gift_t)
-corenet_sendrecv_giftd_client_packets(gift_t)
-
-fs_search_auto_mountpoints(gift_t)
-
-sysnet_read_config(gift_t)
-
-# giftui looks in .icons, .themes.
-userdom_dontaudit_read_user_home_content_files(gift_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(gift_t)
-	fs_manage_nfs_files(gift_t)
-	fs_manage_nfs_symlinks(gift_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(gift_t)
-	fs_manage_cifs_files(gift_t)
-	fs_manage_cifs_symlinks(gift_t)
-')
-
-optional_policy(`
-	nscd_socket_use(gift_t)
-')
-
-optional_policy(`
-	xserver_user_x_domain_template(gift, gift_t, gift_tmpfs_t)
-')
-
-##############################
-#
-# giFT server local policy
-#
-
-allow giftd_t self:process { signal setsched };
-allow giftd_t self:unix_stream_socket create_socket_perms;
-allow giftd_t self:tcp_socket create_stream_socket_perms;
-allow giftd_t self:udp_socket create_socket_perms;
-
-manage_dirs_pattern(giftd_t, gift_home_t, gift_home_t)
-manage_files_pattern(giftd_t, gift_home_t, gift_home_t)
-manage_lnk_files_pattern(giftd_t, gift_home_t, gift_home_t)
-userdom_user_home_dir_filetrans(giftd_t, gift_home_t, dir)
-
-kernel_read_system_state(giftd_t)
-kernel_read_kernel_sysctls(giftd_t)
-
-# Serve content on various p2p networks. Ports can be random.
-corenet_all_recvfrom_unlabeled(giftd_t)
-corenet_all_recvfrom_netlabel(giftd_t)
-corenet_tcp_sendrecv_generic_if(giftd_t)
-corenet_udp_sendrecv_generic_if(giftd_t)
-corenet_tcp_sendrecv_generic_node(giftd_t)
-corenet_udp_sendrecv_generic_node(giftd_t)
-corenet_tcp_sendrecv_all_ports(giftd_t)
-corenet_udp_sendrecv_all_ports(giftd_t)
-corenet_tcp_bind_generic_node(giftd_t)
-corenet_udp_bind_generic_node(giftd_t)
-corenet_tcp_bind_all_ports(giftd_t)
-corenet_udp_bind_all_ports(giftd_t)
-corenet_tcp_connect_all_ports(giftd_t)
-corenet_sendrecv_all_client_packets(giftd_t)
-
-files_read_usr_files(giftd_t)
-# Read /etc/mtab
-files_read_etc_runtime_files(giftd_t)
-
-miscfiles_read_localization(giftd_t)
-
-sysnet_read_config(giftd_t)
-
-userdom_use_user_terminals(giftd_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(giftd_t)
-	fs_manage_nfs_files(giftd_t)
-	fs_manage_nfs_symlinks(giftd_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(giftd_t)
-	fs_manage_cifs_files(giftd_t)
-	fs_manage_cifs_symlinks(giftd_t)
-')
diff --git a/policy/modules/apps/gitosis.fc b/policy/modules/apps/gitosis.fc
deleted file mode 100644
index 7e90e45..0000000
--- a/policy/modules/apps/gitosis.fc
+++ /dev/null
@@ -1,5 +0,0 @@
-/usr/bin/gitosis-serve			--	gen_context(system_u:object_r:gitosis_exec_t,s0)
-/usr/bin/gl-auth-command		--	gen_context(system_u:object_r:gitosis_exec_t,s0)
-
-/var/lib/gitosis(/.*)?				gen_context(system_u:object_r:gitosis_var_lib_t,s0)
-/var/lib/gitolite(/.*)?				gen_context(system_u:object_r:gitosis_var_lib_t,s0)
diff --git a/policy/modules/apps/gitosis.if b/policy/modules/apps/gitosis.if
deleted file mode 100644
index e898b91..0000000
--- a/policy/modules/apps/gitosis.if
+++ /dev/null
@@ -1,86 +0,0 @@
-## <summary>Tools for managing and hosting git repositories.</summary>
-
-#######################################
-## <summary>
-##	Execute a domain transition to run gitosis.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`gitosis_domtrans',`
-	gen_require(`
-		type gitosis_t, gitosis_exec_t;
-	')
-
-	domtrans_pattern($1, gitosis_exec_t, gitosis_t)
-')
-
-#######################################
-## <summary>
-##	Execute gitosis-serve in the gitosis domain, and
-##	allow the specified role the gitosis domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`gitosis_run',`
-	gen_require(`
-		type gitosis_t;
-	')
-
-	gitosis_domtrans($1)
-	role $2 types gitosis_t;
-')
-
-#######################################
-## <summary>
-##	Allow the specified domain to read
-##	gitosis lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gitosis_read_lib_files',`
-	gen_require(`
-		type gitosis_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
-	read_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
-	list_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
-')
-
-######################################
-## <summary>
-##	Allow the specified domain to manage
-##	gitosis lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gitosis_manage_lib_files',`
-	gen_require(`
-		type gitosis_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
-')
diff --git a/policy/modules/apps/gitosis.te b/policy/modules/apps/gitosis.te
deleted file mode 100644
index df1c189..0000000
--- a/policy/modules/apps/gitosis.te
+++ /dev/null
@@ -1,41 +0,0 @@
-policy_module(gitosis, 1.1.1)
-
-########################################
-#
-# Declarations
-#
-
-type gitosis_t;
-type gitosis_exec_t;
-application_domain(gitosis_t, gitosis_exec_t)
-role system_r types gitosis_t;
-
-type gitosis_var_lib_t;
-files_type(gitosis_var_lib_t)
-
-########################################
-#
-# gitosis local policy
-#
-
-allow gitosis_t self:fifo_file rw_fifo_file_perms;
-
-exec_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
-manage_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
-manage_lnk_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
-manage_dirs_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
-
-kernel_read_system_state(gitosis_t)
-
-corecmd_exec_bin(gitosis_t)
-corecmd_exec_shell(gitosis_t)
-
-dev_read_urand(gitosis_t)
-
-files_read_etc_files(gitosis_t)
-files_read_usr_files(gitosis_t)
-files_search_var_lib(gitosis_t)
-
-miscfiles_read_localization(gitosis_t)
-
-sysnet_read_config(gitosis_t)
diff --git a/policy/modules/apps/gnome.fc b/policy/modules/apps/gnome.fc
deleted file mode 100644
index 46db5ff..0000000
--- a/policy/modules/apps/gnome.fc
+++ /dev/null
@@ -1,30 +0,0 @@
-HOME_DIR/\.cache(/.*)?	gen_context(system_u:object_r:cache_home_t,s0)
-HOME_DIR/\.config(/.*)?	gen_context(system_u:object_r:config_home_t,s0)
-HOME_DIR/\.gconf(d)?(/.*)?	gen_context(system_u:object_r:gconf_home_t,s0)
-HOME_DIR/\.gnome2(/.*)?		gen_context(system_u:object_r:gnome_home_t,s0)
-HOME_DIR/\.gstreamer-.*		gen_context(system_u:object_r:gstreamer_home_t,s0)
-HOME_DIR/\.local.*		gen_context(system_u:object_r:gconf_home_t,s0)
-HOME_DIR/\.local/share(.*)?	gen_context(system_u:object_r:data_home_t,s0)
-/HOME_DIR/\.Xdefaults		gen_context(system_u:object_r:config_home_t,s0)
-/HOME_DIR/\.xine(/.*)?		gen_context(system_u:object_r:config_home_t,s0)
-
-/root/\.config(/.*)?		gen_context(system_u:object_r:config_home_t,s0)
-/root/\.xine(/.*)?		gen_context(system_u:object_r:config_home_t,s0)
-/root/\.gconf(d)?(/.*)?	gen_context(system_u:object_r:gconf_home_t,s0)
-/root/\.gnome2(/.*)?		gen_context(system_u:object_r:gnome_home_t,s0)
-/root/\.gstreamer-.*		gen_context(system_u:object_r:gstreamer_home_t,s0)
-/root/\.local.*			gen_context(system_u:object_r:gconf_home_t,s0)
-/root/\.local/share(.*)?	gen_context(system_u:object_r:data_home_t,s0)
-/root/\.Xdefaults		gen_context(system_u:object_r:config_home_t,s0)
-
-/etc/gconf(/.*)?		gen_context(system_u:object_r:gconf_etc_t,s0)
-
-/tmp/gconfd-USER/.*	--	gen_context(system_u:object_r:gconf_tmp_t,s0)
-
-# Don't use because toolchain is broken
-#/usr/libexec/gconfd-2 --	gen_context(system_u:object_r:gconfd_exec_t,s0)
-
-/usr/libexec/gconf-defaults-mechanism	    	--      gen_context(system_u:object_r:gconfdefaultsm_exec_t,s0)
-
-/usr/libexec/gnome-system-monitor-mechanism 	--      gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
-
diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
deleted file mode 100644
index 91737d4..0000000
--- a/policy/modules/apps/gnome.if
+++ /dev/null
@@ -1,602 +0,0 @@
-## <summary>GNU network object model environment (GNOME)</summary>
-
-############################################################
-## <summary>
-##	Role access for gnome
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`gnome_role',`
-	gen_require(`
-		type gconfd_t, gconfd_exec_t;
-		type gconf_tmp_t;
-	')
-
-	role $1 types gconfd_t;
-
-	domain_auto_trans($2, gconfd_exec_t, gconfd_t)
-	allow gconfd_t $2:fd use;
-	allow gconfd_t $2:fifo_file write;
-	allow gconfd_t $2:unix_stream_socket connectto;
-
-	ps_process_pattern($2, gconfd_t)
-
-	#gnome_stream_connect_gconf_template($1, $2)
-	read_files_pattern($2, gconf_tmp_t, gconf_tmp_t)
-	allow $2 gconfd_t:unix_stream_socket connectto;
-')
-
-########################################
-## <summary>
-##	gconf connection template.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_stream_connect_gconf',`
-	gen_require(`
-		type gconfd_t, gconf_tmp_t;
-	')
-
-	read_files_pattern($1, gconf_tmp_t, gconf_tmp_t)
-	allow $1 gconfd_t:unix_stream_socket connectto;
-')
-
-########################################
-## <summary>
-##	Run gconfd in gconfd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_domtrans_gconfd',`
-	gen_require(`
-		type gconfd_t, gconfd_exec_t;
-	')
-
-	domtrans_pattern($1, gconfd_exec_t, gconfd_t)
-')
-
-########################################
-## <summary>
-##	Dontaudit search gnome homedir content (.config)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_dontaudit_search_config',`
-	gen_require(`
-		attribute gnome_home_type;
-	')
-
-	dontaudit $1 gnome_home_type:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	manage gnome homedir content (.config)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_manage_config',`
-	gen_require(`
-		attribute gnome_home_type;
-	')
-
-	allow $1 gnome_home_type:dir manage_dir_perms;
-	allow $1 gnome_home_type:file manage_file_perms;
-	allow $1 gnome_home_type:lnk_file manage_lnk_file_perms;
-	userdom_search_user_home_dirs($1)
-')
-
-########################################
-## <summary>
-##	Send general signals to all gconf domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_signal_all',`
-	gen_require(`
-		attribute gnomedomain;
-	')
-
-	allow $1 gnomedomain:process signal;
-')
-
-########################################
-## <summary>
-##	Create objects in a Gnome cache home directory
-##	with an automatic type transition to
-##	a specified private type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private_type">
-##	<summary>
-##	The type of the object to create.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The class of the object to be created.
-##	</summary>
-## </param>
-#
-interface(`gnome_cache_filetrans',`
-	gen_require(`
-		type cache_home_t;
-	')
-
-	filetrans_pattern($1, cache_home_t, $2, $3)
-	userdom_search_user_home_dirs($1)
-')
-
-########################################
-## <summary>
-##	Read generic cache home files (.cache)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_read_generic_cache_files',`
-	gen_require(`
-		type cache_home_t;
-	')
-
-	read_files_pattern($1, cache_home_t, cache_home_t)
-	userdom_search_user_home_dirs($1)
-')
-
-########################################
-## <summary>
-##	Set attributes of cache home dir (.cache)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_setattr_cache_home_dir',`
-	gen_require(`
-		type cache_home_t;
-	')
-
-	setattr_dirs_pattern($1, cache_home_t, cache_home_t)
-	userdom_search_user_home_dirs($1)
-')
-
-########################################
-## <summary>
-##	append to generic cache home files (.cache)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_append_generic_cache_files',`
-	gen_require(`
-		type cache_home_t;
-	')
-
-	append_files_pattern($1, cache_home_t, cache_home_t)
-	userdom_search_user_home_dirs($1)
-')
-
-########################################
-## <summary>
-##	write to generic cache home files (.cache)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_write_generic_cache_files',`
-	gen_require(`
-		type cache_home_t;
-	')
-
-	write_files_pattern($1, cache_home_t, cache_home_t)
-	userdom_search_user_home_dirs($1)
-')
-
-########################################
-## <summary>
-##	read gnome homedir content (.config)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-template(`gnome_read_config',`
-	gen_require(`
-		attribute gnome_home_type;
-	')
-
-	list_dirs_pattern($1, gnome_home_type, gnome_home_type)
-	read_files_pattern($1, gnome_home_type, gnome_home_type)
-	read_lnk_files_pattern($1, gnome_home_type, gnome_home_type)
-')
-
-########################################
-## <summary>
-##	Create objects in a Gnome gconf home directory
-##	with an automatic type transition to
-##	a specified private type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private_type">
-##	<summary>
-##	The type of the object to create.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The class of the object to be created.
-##	</summary>
-## </param>
-#
-interface(`gnome_data_filetrans',`
-	gen_require(`
-		type data_home_t;
-	')
-
-	filetrans_pattern($1, data_home_t, $2, $3)
-	gnome_search_gconf($1)
-')
-
-########################################
-## <summary>
-##	Create gconf_home_t objects in the /root directory
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The class of the object to be created.
-##	</summary>
-## </param>
-#
-interface(`gnome_admin_home_gconf_filetrans',`
-	gen_require(`
-		type gconf_home_t;
-	')
-
-	userdom_admin_home_dir_filetrans($1, gconf_home_t, $2)
-')
-
-########################################
-## <summary>
-##	read gconf config files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_read_gconf_config',`
-	gen_require(`
-		type gconf_etc_t;
-	')
-
-	allow $1 gconf_etc_t:dir list_dir_perms;
-	read_files_pattern($1, gconf_etc_t, gconf_etc_t)
-')
-
-#######################################
-## <summary>
-##      Manage gconf config files
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`gnome_manage_gconf_config',`
-        gen_require(`
-                type gconf_etc_t;
-        ')
-
-        allow $1 gconf_etc_t:dir list_dir_perms;
-        manage_files_pattern($1, gconf_etc_t, gconf_etc_t)
-')
-
-########################################
-## <summary>
-##	Execute gconf programs in 
-##	in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_exec_gconf',`
-	gen_require(`
-		type gconfd_exec_t;
-	')
-
-	can_exec($1, gconfd_exec_t)
-')
-
-########################################
-## <summary>
-##	Read gconf home files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_read_gconf_home_files',`
-	gen_require(`
-		type gconf_home_t;
-		type data_home_t;
-	')
-
-	userdom_search_user_home_dirs($1)
-	allow $1 gconf_home_t:dir list_dir_perms;
-	allow $1 data_home_t:dir list_dir_perms;
-	read_files_pattern($1, gconf_home_t, gconf_home_t)
-	read_files_pattern($1, data_home_t, data_home_t)
-')
-
-########################################
-## <summary>
-##	search gconf homedir (.local)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_search_gconf',`
-	gen_require(`
-		type gconf_home_t;
-	')
-
-	allow $1 gconf_home_t:dir search_dir_perms;
-	userdom_search_user_home_dirs($1)
-')
-
-########################################
-## <summary>
-##	Set attributes of Gnome config dirs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_setattr_config_dirs',`
-	gen_require(`
-		type gnome_home_t;
-	')
-
-	setattr_dirs_pattern($1, gnome_home_t, gnome_home_t)
-	files_search_home($1)
-')
-
-########################################
-## <summary>
-##	Append gconf home files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_append_gconf_home_files',`
-	gen_require(`
-		type gconf_home_t;
-	')
-
-	append_files_pattern($1, gconf_home_t, gconf_home_t)
-')
-
-########################################
-## <summary>
-##	manage gconf home files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_manage_gconf_home_files',`
-	gen_require(`
-		type gconf_home_t;
-	')
-
-	allow $1 gconf_home_t:dir list_dir_perms;
-	manage_files_pattern($1, gconf_home_t, gconf_home_t)
-')
-
-########################################
-## <summary>
-##	Connect to gnome over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-interface(`gnome_stream_connect',`
-	gen_require(`
-		attribute gnome_home_type;
-	')
-
-	# Connect to pulseaudit server
-	stream_connect_pattern($1, gnome_home_type, gnome_home_type, $2)
-')
-
-########################################
-## <summary>
-##	list gnome homedir content (.config)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_list_home_config',`
-	gen_require(`
-		type config_home_t;
-	')
-
-	allow $1 config_home_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Set attributes of gnome homedir content (.config)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-template(`gnome_setattr_home_config',`
-	gen_require(`
-		type config_home_t;
-	')
-
-	setattr_dirs_pattern($1, config_home_t, config_home_t)
-	userdom_search_user_home_dirs($1)
-')
-
-########################################
-## <summary>
-##	read gnome homedir content (.config)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_read_home_config',`
-	gen_require(`
-		type config_home_t;
-	')
-
-	read_files_pattern($1, config_home_t, config_home_t)
-')
-
-########################################
-## <summary>
-##	manage gnome homedir content (.config)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-template(`gnome_manage_home_config',`
-	gen_require(`
-		type config_home_t;
-	')
-
-	manage_files_pattern($1, config_home_t, config_home_t)
-')
-
-########################################
-## <summary>
-##	Read/Write all inherited gnome home config 
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_rw_inherited_config',`
-	gen_require(`
-		attribute gnome_home_type;
-	')
-
-	allow $1 gnome_home_type:file rw_inherited_file_perms;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	gconf system service over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_dbus_chat_gconfdefault',`
-	gen_require(`
-		type gconfdefaultsm_t;
-		class dbus send_msg;
-	')
-
-	allow $1 gconfdefaultsm_t:dbus send_msg;
-	allow gconfdefaultsm_t $1:dbus send_msg;
-')
diff --git a/policy/modules/apps/gnome.te b/policy/modules/apps/gnome.te
deleted file mode 100644
index 26852d2..0000000
--- a/policy/modules/apps/gnome.te
+++ /dev/null
@@ -1,186 +0,0 @@
-policy_module(gnome, 2.0.1)
-
-##############################
-#
-# Declarations
-#
-
-attribute gnomedomain;
-attribute gnome_home_type;
-
-type gconf_etc_t;
-files_config_file(gconf_etc_t)
-
-type data_home_t, gnome_home_type;
-userdom_user_home_content(data_home_t)
-
-type config_home_t, gnome_home_type;
-userdom_user_home_content(config_home_t)
-
-type cache_home_t, gnome_home_type;
-userdom_user_home_content(cache_home_t)
-
-type gstreamer_home_t, gnome_home_type;
-userdom_user_home_content(gstreamer_home_t)
-
-type gconf_home_t, gnome_home_type;
-typealias gconf_home_t alias { user_gconf_home_t staff_gconf_home_t sysadm_gconf_home_t };
-typealias gconf_home_t alias { auditadm_gconf_home_t secadm_gconf_home_t };
-typealias gconf_home_t alias unconfined_gconf_home_t;
-userdom_user_home_content(gconf_home_t)
-
-type gconf_tmp_t;
-typealias gconf_tmp_t alias { user_gconf_tmp_t staff_gconf_tmp_t sysadm_gconf_tmp_t };
-typealias gconf_tmp_t alias { auditadm_gconf_tmp_t secadm_gconf_tmp_t };
-typealias gconf_tmp_t alias unconfined_gconf_tmp_t;
-files_tmp_file(gconf_tmp_t)
-ubac_constrained(gconf_tmp_t)
-
-type gconfd_t, gnomedomain;
-type gconfd_exec_t;
-typealias gconfd_t alias { user_gconfd_t staff_gconfd_t sysadm_gconfd_t };
-typealias gconfd_t alias { auditadm_gconfd_t secadm_gconfd_t };
-application_domain(gconfd_t, gconfd_exec_t)
-ubac_constrained(gconfd_t)
-
-type gnome_home_t, gnome_home_type;
-typealias gnome_home_t alias { user_gnome_home_t staff_gnome_home_t sysadm_gnome_home_t };
-typealias gnome_home_t alias { auditadm_gnome_home_t secadm_gnome_home_t };
-typealias gnome_home_t alias unconfined_gnome_home_t;
-userdom_user_home_content(gnome_home_t)
-
-type gconfdefaultsm_t;
-type gconfdefaultsm_exec_t;
-dbus_system_domain(gconfdefaultsm_t, gconfdefaultsm_exec_t)
-
-type gnomesystemmm_t;
-type gnomesystemmm_exec_t;
-dbus_system_domain(gnomesystemmm_t, gnomesystemmm_exec_t)
-
-##############################
-#
-# Local Policy
-#
-
-allow gconfd_t self:process getsched;
-allow gconfd_t self:fifo_file rw_fifo_file_perms;
-
-manage_dirs_pattern(gconfd_t, gconf_home_t, gconf_home_t)
-manage_files_pattern(gconfd_t, gconf_home_t, gconf_home_t)
-userdom_user_home_dir_filetrans(gconfd_t, gconf_home_t, dir)
-
-manage_dirs_pattern(gconfd_t, gconf_tmp_t, gconf_tmp_t)
-manage_files_pattern(gconfd_t, gconf_tmp_t, gconf_tmp_t)
-userdom_user_tmp_filetrans(gconfd_t, gconf_tmp_t, { dir file })
-
-allow gconfd_t gconf_etc_t:dir list_dir_perms;
-read_files_pattern(gconfd_t, gconf_etc_t, gconf_etc_t)
-
-dev_read_urand(gconfd_t)
-
-files_read_etc_files(gconfd_t)
-
-miscfiles_read_localization(gconfd_t)
-
-logging_send_syslog_msg(gconfd_t)
-
-userdom_manage_user_tmp_sockets(gconfd_t)
-userdom_manage_user_tmp_dirs(gconfd_t)
-userdom_tmp_filetrans_user_tmp(gconfd_t, dir)
-
-optional_policy(`
-	nscd_dontaudit_search_pid(gconfd_t)
-')
-
-optional_policy(`
-	xserver_use_xdm_fds(gconfd_t)
-	xserver_rw_xdm_pipes(gconfd_t)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-        fs_manage_nfs_dirs(gconfdefaultsm_t)
-        fs_manage_nfs_files(gconfdefaultsm_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-        fs_manage_cifs_dirs(gconfdefaultsm_t)
-        fs_manage_cifs_files(gconfdefaultsm_t)
-')
-
-#######################################
-#
-# gconf-defaults-mechanisms local policy
-#
-
-allow gconfdefaultsm_t self:capability { dac_override sys_nice sys_ptrace };
-allow gconfdefaultsm_t self:process getsched;
-allow gconfdefaultsm_t self:fifo_file rw_fifo_file_perms;
-
-corecmd_search_bin(gconfdefaultsm_t)
-
-files_read_etc_files(gconfdefaultsm_t)
-files_read_usr_files(gconfdefaultsm_t)
-
-miscfiles_read_localization(gconfdefaultsm_t)
-
-gnome_manage_gconf_home_files(gconfdefaultsm_t)
-gnome_manage_gconf_config(gconfdefaultsm_t)
-
-userdom_read_all_users_state(gconfdefaultsm_t)
-userdom_search_user_home_dirs(gconfdefaultsm_t)
-
-userdom_dontaudit_search_admin_dir(gconfdefaultsm_t)
-
-optional_policy(`
-        consolekit_dbus_chat(gconfdefaultsm_t)
-')
-
-optional_policy(`
-        nscd_dontaudit_search_pid(gconfdefaultsm_t)
-')
-
-optional_policy(`
-        policykit_domtrans_auth(gconfdefaultsm_t)
-        policykit_dbus_chat(gconfdefaultsm_t)
-        policykit_read_lib(gconfdefaultsm_t)
-        policykit_read_reload(gconfdefaultsm_t)
-')
-
-#######################################
-#
-# gnome-system-monitor-mechanisms local policy
-#
-
-allow gnomesystemmm_t self:capability { sys_nice sys_ptrace };
-allow gnomesystemmm_t self:fifo_file rw_fifo_file_perms;
-
-corecmd_search_bin(gnomesystemmm_t)
-
-domain_kill_all_domains(gnomesystemmm_t)
-domain_search_all_domains_state(gnomesystemmm_t)
-domain_setpriority_all_domains(gnomesystemmm_t)
-domain_signal_all_domains(gnomesystemmm_t)
-domain_sigstop_all_domains(gnomesystemmm_t)
-
-files_read_etc_files(gnomesystemmm_t)
-files_read_usr_files(gnomesystemmm_t)
-
-miscfiles_read_localization(gnomesystemmm_t)
-
-userdom_read_all_users_state(gnomesystemmm_t)
-userdom_dontaudit_search_admin_dir(gnomesystemmm_t)
-
-optional_policy(`
-        consolekit_dbus_chat(gnomesystemmm_t)
-')
-
-optional_policy(`
-        nscd_dontaudit_search_pid(gnomesystemmm_t)
-')
-
-optional_policy(`
-        policykit_dbus_chat(gnomesystemmm_t)
-        policykit_domtrans_auth(gnomesystemmm_t)
-        policykit_read_lib(gnomesystemmm_t)
-        policykit_read_reload(gnomesystemmm_t)
-')
diff --git a/policy/modules/apps/gpg.fc b/policy/modules/apps/gpg.fc
deleted file mode 100644
index 717d163..0000000
--- a/policy/modules/apps/gpg.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-HOME_DIR/\.gnupg(/.+)?		gen_context(system_u:object_r:gpg_secret_t,s0)
-/root/\.gnupg(/.+)?		gen_context(system_u:object_r:gpg_secret_t,s0)
-
-/usr/bin/gpg(2)?	--	gen_context(system_u:object_r:gpg_exec_t,s0)
-/usr/bin/gpg-agent	--	gen_context(system_u:object_r:gpg_agent_exec_t,s0)
-/usr/bin/kgpg		--	gen_context(system_u:object_r:gpg_exec_t,s0)
-/usr/bin/pinentry.*	--	gen_context(system_u:object_r:pinentry_exec_t,s0)
-
-/usr/lib(64)?/gnupg/.*	--	gen_context(system_u:object_r:gpg_exec_t,s0)
-/usr/lib(64)?/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
diff --git a/policy/modules/apps/gpg.if b/policy/modules/apps/gpg.if
deleted file mode 100644
index 13d939a..0000000
--- a/policy/modules/apps/gpg.if
+++ /dev/null
@@ -1,202 +0,0 @@
-## <summary>Policy for GNU Privacy Guard and related programs.</summary>
-
-############################################################
-## <summary>
-##	Role access for gpg
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`gpg_role',`
-	gen_require(`
-		type gpg_t, gpg_exec_t;
-		type gpg_agent_t, gpg_agent_exec_t;
-		type gpg_agent_tmp_t;
-		type gpg_helper_t, gpg_pinentry_t;
-		type gpg_pinentry_tmp_t;
-	')
-
-	role $1 types { gpg_t gpg_agent_t gpg_helper_t gpg_pinentry_t };
-
-	# transition from the userdomain to the derived domain
-	domtrans_pattern($2, gpg_exec_t, gpg_t)
-
-	# allow ps to show gpg
-	ps_process_pattern($2, gpg_t)
-	allow $2 gpg_t:process { signull sigstop signal sigkill };
-
-	# communicate with the user
-	allow gpg_helper_t $2:fd use;
-	allow gpg_helper_t $2:fifo_file write;
-
-	# allow ps to show gpg-agent
-	ps_process_pattern($2, gpg_agent_t)
-
-	# Allow the user shell to signal the gpg-agent program.
-	allow $2 gpg_agent_t:process { signal sigkill };
-
-	manage_dirs_pattern($2, gpg_agent_tmp_t, gpg_agent_tmp_t)
-	manage_files_pattern($2, gpg_agent_tmp_t, gpg_agent_tmp_t)
-	manage_sock_files_pattern($2, gpg_agent_tmp_t, gpg_agent_tmp_t)
-	files_tmp_filetrans(gpg_agent_t, gpg_agent_tmp_t, { file sock_file dir })
-
-	# Transition from the user domain to the agent domain.
-	domtrans_pattern($2, gpg_agent_exec_t, gpg_agent_t)
-
-	manage_sock_files_pattern($2, gpg_pinentry_tmp_t, gpg_pinentry_tmp_t)
-	relabel_sock_files_pattern($2, gpg_pinentry_tmp_t, gpg_pinentry_tmp_t)
-
-	allow gpg_pinentry_t $2:fifo_file { read write };
-
-	optional_policy(`
-		gpg_pinentry_dbus_chat($2)
-	')
-
-	ifdef(`hide_broken_symptoms',`
-		#Leaked File Descriptors
-		dontaudit gpg_t $2:socket_class_set { getattr read write };
-		dontaudit gpg_t $2:fifo_file rw_fifo_file_perms;
-		dontaudit gpg_agent_t $2:socket_class_set { getattr read write };
-		dontaudit gpg_agent_t $2:fifo_file rw_fifo_file_perms;
-	')
-')
-
-########################################
-## <summary>
-##	Transition to a user gpg domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`gpg_domtrans',`
-	gen_require(`
-		type gpg_t, gpg_exec_t;
-	')
-
-	domtrans_pattern($1, gpg_exec_t, gpg_t)
-')
-
-######################################
-## <summary>
-##  Transition to a gpg web domain.
-## </summary>
-## <param name="domain">
-##  <summary>
-##  Domain allowed access.
-##  </summary>
-## </param>
-#
-interface(`gpg_domtrans_web',`
-    gen_require(`
-        type gpg_web_t, gpg_exec_t;
-    ')
-
-    domtrans_pattern($1, gpg_exec_t, gpg_web_t)
-')
-
-######################################
-## <summary>
-##  Make gpg an entrypoint for
-##  the specified domain.
-## </summary>
-## <param name="domain">
-##  <summary>
-##  The domain for which cifs_t is an entrypoint.
-##  </summary>
-## </param>
-#
-interface(`gpg_entry_type',`
-    gen_require(`
-        type gpg_exec_t;
-    ')
-
-    domain_entry_file($1, gpg_exec_t)
-')
-
-########################################
-## <summary>
-##	Send generic signals to user gpg processes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gpg_signal',`
-	gen_require(`
-		type gpg_t;
-	')
-
-	allow $1 gpg_t:process signal;
-')
-
-########################################
-## <summary>
-##	Read and write GPG agent pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gpg_rw_agent_pipes',`
-	# Just wants read/write could this be a leak?
-	gen_require(`
-		type gpg_agent_t;
-	')
-
-	allow $1 gpg_agent_t:fifo_file rw_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Send messages to and from GPG
-##	Pinentry over DBUS.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gpg_pinentry_dbus_chat',`
-	gen_require(`
-		type gpg_pinentry_t;
-		class dbus send_msg;
-	')
-
-	allow $1 gpg_pinentry_t:dbus send_msg;
-	allow gpg_pinentry_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	List Gnu Privacy Guard user secrets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gpg_list_user_secrets',`
-	gen_require(`
-		type gpg_secret_t;
-	')
-
-	list_dirs_pattern($1, gpg_secret_t, gpg_secret_t)
-	userdom_search_user_home_dirs($1)
-')
diff --git a/policy/modules/apps/gpg.te b/policy/modules/apps/gpg.te
deleted file mode 100644
index e9a7937..0000000
--- a/policy/modules/apps/gpg.te
+++ /dev/null
@@ -1,414 +0,0 @@
-policy_module(gpg, 2.3.1)
-
-########################################
-#
-# Declarations
-#
-attribute gpgdomain;
-
-## <desc>
-## <p>
-## Allow usage of the gpg-agent --write-env-file option.
-## This also allows gpg-agent to manage user files.
-## </p>
-## </desc>
-gen_tunable(gpg_agent_env_file, false)
-
-## <desc>
-## <p>
-## Allow gpg web domain to modify public files
-## used for public file transfer services.
-## </p>
-## </desc>
-gen_tunable(gpg_web_anon_write, false)
-
-type gpg_t, gpgdomain;
-type gpg_exec_t;
-typealias gpg_t alias { user_gpg_t staff_gpg_t sysadm_gpg_t };
-typealias gpg_t alias { auditadm_gpg_t secadm_gpg_t };
-application_domain(gpg_t, gpg_exec_t)
-ubac_constrained(gpg_t)
-role system_r types gpg_t;
-
-type gpg_agent_t;
-type gpg_agent_exec_t;
-typealias gpg_agent_t alias { user_gpg_agent_t staff_gpg_agent_t sysadm_gpg_agent_t };
-typealias gpg_agent_t alias { auditadm_gpg_agent_t secadm_gpg_agent_t };
-application_domain(gpg_agent_t, gpg_agent_exec_t)
-ubac_constrained(gpg_agent_t)
-
-type gpg_agent_tmp_t;
-typealias gpg_agent_tmp_t alias { user_gpg_agent_tmp_t staff_gpg_agent_tmp_t sysadm_gpg_agent_tmp_t };
-typealias gpg_agent_tmp_t alias { auditadm_gpg_agent_tmp_t secadm_gpg_agent_tmp_t };
-files_tmp_file(gpg_agent_tmp_t)
-ubac_constrained(gpg_agent_tmp_t)
-
-type gpg_secret_t;
-typealias gpg_secret_t alias { user_gpg_secret_t staff_gpg_secret_t sysadm_gpg_secret_t };
-typealias gpg_secret_t alias { auditadm_gpg_secret_t secadm_gpg_secret_t };
-userdom_user_home_content(gpg_secret_t)
-
-type gpg_helper_t;
-type gpg_helper_exec_t;
-typealias gpg_helper_t alias { user_gpg_helper_t staff_gpg_helper_t sysadm_gpg_helper_t };
-typealias gpg_helper_t alias { auditadm_gpg_helper_t secadm_gpg_helper_t };
-application_domain(gpg_helper_t, gpg_helper_exec_t)
-ubac_constrained(gpg_helper_t)
-role system_r types gpg_helper_t;
-
-type gpg_pinentry_t;
-type pinentry_exec_t;
-typealias gpg_pinentry_t alias { user_gpg_pinentry_t staff_gpg_pinentry_t sysadm_gpg_pinentry_t };
-typealias gpg_pinentry_t alias { auditadm_gpg_pinentry_t secadm_gpg_pinentry_t };
-application_domain(gpg_pinentry_t, pinentry_exec_t)
-ubac_constrained(gpg_pinentry_t)
-
-type gpg_pinentry_tmp_t;
-files_tmp_file(gpg_pinentry_tmp_t)
-ubac_constrained(gpg_pinentry_tmp_t)
-
-type gpg_pinentry_tmpfs_t;
-files_tmpfs_file(gpg_pinentry_tmpfs_t)
-ubac_constrained(gpg_pinentry_tmpfs_t)
-
-type gpg_web_t;
-domain_type(gpg_web_t)
-gpg_entry_type(gpg_web_t)
-role system_r types gpg_web_t;
-
-########################################
-#
-# GPG local policy
-#
-
-allow gpgdomain self:capability { ipc_lock setuid };
-allow gpgdomain self:process { getsched setsched };
-#at setrlimit is for ulimit -c 0
-allow gpgdomain self:process { signal signull setrlimit getcap setcap setpgid };
-
-allow gpgdomain self:fifo_file rw_fifo_file_perms;
-allow gpgdomain self:tcp_socket create_stream_socket_perms;
-
-manage_dirs_pattern(gpg_t, gpg_agent_tmp_t, gpg_agent_tmp_t)
-manage_files_pattern(gpg_t, gpg_agent_tmp_t, gpg_agent_tmp_t)
-files_tmp_filetrans(gpg_t, gpg_agent_tmp_t, { dir file })
-
-domtrans_pattern(gpg_t, gpg_agent_exec_t, gpg_agent_t)
-
-# transition from the gpg domain to the helper domain
-domtrans_pattern(gpg_t, gpg_helper_exec_t, gpg_helper_t)
-
-allow gpg_t gpg_secret_t:dir create_dir_perms;
-manage_files_pattern(gpg_t, gpg_secret_t, gpg_secret_t)
-manage_lnk_files_pattern(gpg_t, gpg_secret_t, gpg_secret_t)
-userdom_user_home_dir_filetrans(gpg_t, gpg_secret_t, dir)
-
-kernel_read_sysctl(gpg_t)
-
-corecmd_exec_shell(gpg_t)
-corecmd_exec_bin(gpg_t)
-
-corenet_all_recvfrom_unlabeled(gpg_t)
-corenet_all_recvfrom_netlabel(gpg_t)
-corenet_tcp_sendrecv_generic_if(gpg_t)
-corenet_udp_sendrecv_generic_if(gpg_t)
-corenet_tcp_sendrecv_generic_node(gpg_t)
-corenet_udp_sendrecv_generic_node(gpg_t)
-corenet_tcp_sendrecv_all_ports(gpg_t)
-corenet_udp_sendrecv_all_ports(gpg_t)
-corenet_tcp_connect_all_ports(gpg_t)
-corenet_sendrecv_all_client_packets(gpg_t)
-
-dev_read_rand(gpg_t)
-dev_read_urand(gpg_t)
-dev_read_generic_usb_dev(gpg_t)
-
-fs_getattr_xattr_fs(gpg_t)
-fs_list_inotifyfs(gpg_t)
-
-domain_use_interactive_fds(gpg_t)
-
-files_read_etc_files(gpg_t)
-files_read_usr_files(gpg_t)
-files_dontaudit_search_var(gpg_t)
-
-auth_use_nsswitch(gpg_t)
-
-logging_send_syslog_msg(gpg_t)
-
-miscfiles_read_localization(gpg_t)
-
-userdom_use_user_terminals(gpg_t)
-# sign/encrypt user files
-userdom_manage_user_tmp_files(gpg_t)
-userdom_manage_user_home_content_files(gpg_t)
-userdom_user_home_dir_filetrans_user_home_content(gpg_t, file)
-userdom_stream_connect(gpg_t)
-
-mta_write_config(gpg_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(gpg_t)
-	fs_manage_nfs_files(gpg_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(gpg_t)
-	fs_manage_cifs_files(gpg_t)
-')
-
-optional_policy(`
-	gnome_read_config(gpg_t)
-')
-
-optional_policy(`
-	mozilla_read_user_home_files(gpg_t)
-	mozilla_write_user_home_files(gpg_t)
-')
-
-optional_policy(`
-	xserver_use_xdm_fds(gpg_t)
-	xserver_rw_xdm_pipes(gpg_t)
-')
-
-#optional_policy(`
-#	cron_system_entry(gpg_t, gpg_exec_t)
-#	cron_read_system_job_tmp_files(gpg_t)
-#')
-
-########################################
-#
-# GPG helper local policy
-#
-
-allow gpg_helper_t self:process { getsched setsched };
-
-# for helper programs (which automatically fetch keys)
-# Note: this is only tested with the hkp interface. If you use eg the
-# mail interface you will likely need additional permissions.
-
-allow gpg_helper_t self:unix_stream_socket create_stream_socket_perms;
-allow gpg_helper_t self:tcp_socket { connect connected_socket_perms };
-allow gpg_helper_t self:udp_socket { connect connected_socket_perms };
-
-dontaudit gpg_helper_t gpg_secret_t:file read;
-
-corenet_all_recvfrom_unlabeled(gpg_helper_t)
-corenet_all_recvfrom_netlabel(gpg_helper_t)
-corenet_tcp_sendrecv_generic_if(gpg_helper_t)
-corenet_raw_sendrecv_generic_if(gpg_helper_t)
-corenet_udp_sendrecv_generic_if(gpg_helper_t)
-corenet_tcp_sendrecv_generic_node(gpg_helper_t)
-corenet_udp_sendrecv_generic_node(gpg_helper_t)
-corenet_raw_sendrecv_generic_node(gpg_helper_t)
-corenet_tcp_sendrecv_all_ports(gpg_helper_t)
-corenet_udp_sendrecv_all_ports(gpg_helper_t)
-corenet_tcp_bind_generic_node(gpg_helper_t)
-corenet_udp_bind_generic_node(gpg_helper_t)
-corenet_tcp_connect_all_ports(gpg_helper_t)
-
-files_read_etc_files(gpg_helper_t)
-
-auth_use_nsswitch(gpg_helper_t)
-
-userdom_use_user_terminals(gpg_helper_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_dontaudit_rw_nfs_files(gpg_helper_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_dontaudit_rw_cifs_files(gpg_helper_t)
-')
-
-########################################
-#
-# GPG agent local policy
-#
-domtrans_pattern(gpg_t, gpg_agent_exec_t, gpg_agent_t)
-
-# rlimit: gpg-agent wants to prevent coredumps
-allow gpg_agent_t self:process setrlimit;
-
-allow gpg_agent_t self:unix_stream_socket create_stream_socket_perms ;
-allow gpg_agent_t self:fifo_file rw_fifo_file_perms;
-
-# read and write ~/.gnupg (gpg-agent stores secret keys in ~/.gnupg/private-keys-v1.d )
-manage_dirs_pattern(gpg_agent_t, gpg_secret_t, gpg_secret_t)
-manage_files_pattern(gpg_agent_t, gpg_secret_t, gpg_secret_t)
-manage_lnk_files_pattern(gpg_agent_t, gpg_secret_t, gpg_secret_t)
-
-# Allow the gpg-agent to manage its tmp files (socket)
-manage_dirs_pattern(gpg_agent_t, gpg_agent_tmp_t, gpg_agent_tmp_t)
-manage_files_pattern(gpg_agent_t, gpg_agent_tmp_t, gpg_agent_tmp_t)
-manage_sock_files_pattern(gpg_agent_t, gpg_agent_tmp_t, gpg_agent_tmp_t)
-files_tmp_filetrans(gpg_agent_t, gpg_agent_tmp_t, { file sock_file dir })
-
-# allow gpg to connect to the gpg agent
-stream_connect_pattern(gpg_t, gpg_agent_tmp_t, gpg_agent_tmp_t, gpg_agent_t)
-
-corecmd_read_bin_symlinks(gpg_agent_t)
-corecmd_search_bin(gpg_agent_t)
-corecmd_exec_shell(gpg_agent_t)
-
-dev_read_urand(gpg_agent_t)
-
-domain_use_interactive_fds(gpg_agent_t)
-
-fs_dontaudit_list_inotifyfs(gpg_agent_t)
-
-miscfiles_read_localization(gpg_agent_t)
-
-# Write to the user domain tty.
-userdom_use_user_terminals(gpg_agent_t)
-# read and write ~/.gnupg (gpg-agent stores secret keys in ~/.gnupg/private-keys-v1.d )
-userdom_search_user_home_dirs(gpg_agent_t)
-
-ifdef(`hide_broken_symptoms',`
-	userdom_dontaudit_read_user_tmp_files(gpg_agent_t)
-	userdom_dontaudit_write_user_tmp_files(gpg_agent_t)
-')
-
-tunable_policy(`gpg_agent_env_file',`
-	# write ~/.gpg-agent-info or a similar to the users home dir
-	# or subdir (gpg-agent --write-env-file option)
-	#
-	userdom_user_home_dir_filetrans_user_home_content(gpg_agent_t, file)
-	userdom_manage_user_home_content_dirs(gpg_agent_t)
-	userdom_manage_user_home_content_files(gpg_agent_t)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(gpg_agent_t)
-	fs_manage_nfs_files(gpg_agent_t)
-	fs_manage_nfs_symlinks(gpg_agent_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(gpg_agent_t)
-	fs_manage_cifs_files(gpg_agent_t)
-	fs_manage_cifs_symlinks(gpg_agent_t)
-')
-
-optional_policy(`
-	mozilla_dontaudit_rw_user_home_files(gpg_agent_t)
-')
-
-##############################
-#
-# Pinentry local policy
-#
-
-allow gpg_pinentry_t self:process { getcap getsched setsched signal };
-allow gpg_pinentry_t self:fifo_file rw_fifo_file_perms;
-allow gpg_pinentry_t self:netlink_route_socket create_netlink_socket_perms;
-allow gpg_pinentry_t self:shm create_shm_perms;
-allow gpg_pinentry_t self:tcp_socket create_stream_socket_perms;
-allow gpg_pinentry_t self:unix_dgram_socket sendto;
-allow gpg_pinentry_t self:unix_stream_socket { connect create getattr read shutdown write };
-
-can_exec(gpg_pinentry_t, pinentry_exec_t)
-
-# we need to allow gpg-agent to call pinentry so it can get the passphrase
-# from the user.
-domtrans_pattern(gpg_agent_t, pinentry_exec_t, gpg_pinentry_t)
-
-manage_sock_files_pattern(gpg_pinentry_t, gpg_pinentry_tmp_t, gpg_pinentry_tmp_t)
-userdom_user_tmp_filetrans(gpg_pinentry_t, gpg_pinentry_tmp_t, sock_file)
-
-manage_dirs_pattern(gpg_pinentry_t, gpg_pinentry_tmpfs_t, gpg_pinentry_tmpfs_t)
-manage_files_pattern(gpg_pinentry_t, gpg_pinentry_tmpfs_t, gpg_pinentry_tmpfs_t)
-fs_tmpfs_filetrans(gpg_pinentry_t, gpg_pinentry_tmpfs_t, { file dir })
-
-# read /proc/meminfo
-kernel_read_system_state(gpg_pinentry_t)
-
-corecmd_exec_bin(gpg_pinentry_t)
-
-corenet_all_recvfrom_netlabel(gpg_pinentry_t)
-corenet_all_recvfrom_unlabeled(gpg_pinentry_t)
-corenet_sendrecv_pulseaudio_client_packets(gpg_pinentry_t)
-corenet_tcp_bind_generic_node(gpg_pinentry_t)
-corenet_tcp_connect_pulseaudio_port(gpg_pinentry_t)
-corenet_tcp_sendrecv_generic_if(gpg_pinentry_t)
-corenet_tcp_sendrecv_generic_node(gpg_pinentry_t)
-corenet_tcp_sendrecv_generic_port(gpg_pinentry_t)
-
-dev_read_urand(gpg_pinentry_t)
-dev_read_rand(gpg_pinentry_t)
-
-files_read_usr_files(gpg_pinentry_t)
-# read /etc/X11/qtrc
-files_read_etc_files(gpg_pinentry_t)
-
-fs_dontaudit_list_inotifyfs(gpg_pinentry_t)
-fs_getattr_tmpfs(gpg_pinentry_t)
-
-auth_use_nsswitch(gpg_pinentry_t)
-
-logging_send_syslog_msg(gpg_pinentry_t)
-
-miscfiles_read_fonts(gpg_pinentry_t)
-miscfiles_read_localization(gpg_pinentry_t)
-
-# for .Xauthority
-userdom_read_user_home_content_files(gpg_pinentry_t)
-userdom_read_user_tmpfs_files(gpg_pinentry_t)
-# Bug: user pulseaudio files need open,read and unlink:
-allow gpg_pinentry_t user_tmpfs_t:file unlink;
-userdom_signull_unpriv_users(gpg_pinentry_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_read_nfs_files(gpg_pinentry_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_read_cifs_files(gpg_pinentry_t)
-')
-
-optional_policy(`
-	dbus_session_bus_client(gpg_pinentry_t)
-	dbus_system_bus_client(gpg_pinentry_t)
-')
-
-optional_policy(`
-	gnome_write_generic_cache_files(gpg_pinentry_t)
-	gnome_read_generic_cache_files(gpg_pinentry_t)
-	gnome_read_gconf_home_files(gpg_pinentry_t)
-')
-
-optional_policy(`
-	pulseaudio_exec(gpg_pinentry_t)
-	pulseaudio_rw_home_files(gpg_pinentry_t)
-	pulseaudio_setattr_home_dir(gpg_pinentry_t)
-	pulseaudio_stream_connect(gpg_pinentry_t)
-	pulseaudio_signull(gpg_pinentry_t)
-')
-
-optional_policy(`
-	xserver_user_x_domain_template(gpg_pinentry, gpg_pinentry_t, gpg_pinentry_tmpfs_t)
-
-')
-
-#############################
-#
-# gpg web local policy
-#
-
-allow gpg_web_t self:process setrlimit;
-
-dev_read_rand(gpg_web_t)
-dev_read_urand(gpg_web_t)
-
-can_exec(gpg_web_t, gpg_exec_t)
-
-files_read_usr_files(gpg_web_t)
-
-miscfiles_read_localization(gpg_web_t)
-
-apache_dontaudit_rw_tmp_files(gpg_web_t)
-apache_manage_sys_content_rw(gpg_web_t)
-
-tunable_policy(`gpg_web_anon_write',`
-    miscfiles_manage_public_files(gpg_web_t)
-')
diff --git a/policy/modules/apps/irc.fc b/policy/modules/apps/irc.fc
deleted file mode 100644
index 6bfdfd3..0000000
--- a/policy/modules/apps/irc.fc
+++ /dev/null
@@ -1,15 +0,0 @@
-#
-# /home
-#
-HOME_DIR/\.ircmotd	--	gen_context(system_u:object_r:irc_home_t,s0)
-HOME_DIR/\.irssi(/.*)?	gen_context(system_u:object_r:irssi_home_t,s0)
-
-/etc/irssi\.conf	--	gen_context(system_u:object_r:irssi_etc_t,s0)
-
-#
-# /usr
-#
-/usr/bin/[st]irc	--	gen_context(system_u:object_r:irc_exec_t,s0)
-/usr/bin/ircII		--	gen_context(system_u:object_r:irc_exec_t,s0)
-/usr/bin/irssi		--	gen_context(system_u:object_r:irssi_exec_t,s0)
-/usr/bin/tinyirc	--	gen_context(system_u:object_r:irc_exec_t,s0)
diff --git a/policy/modules/apps/irc.if b/policy/modules/apps/irc.if
deleted file mode 100644
index 8dc8a5f..0000000
--- a/policy/modules/apps/irc.if
+++ /dev/null
@@ -1,46 +0,0 @@
-## <summary>IRC client policy</summary>
-
-########################################
-## <summary>
-##	Role access for IRC
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`irc_role',`
-	gen_require(`
-		type irc_t, irc_exec_t;
-		type irssi_t, irssi_exec_t, irssi_home_t;
-	')
-
-	role $1 types irc_t;
-	role $1 types irssi_t;
-
-	# Transition from the user domain to the derived domain.
-	domtrans_pattern($2, irc_exec_t, irc_t)
-
-	# allow ps to show irc
-	ps_process_pattern($2, irc_t)
-	allow $2 irc_t:process signal;
-
-	domtrans_pattern($2, irssi_exec_t, irssi_t)
-
-	allow $2 irssi_t:process { ptrace signal_perms };
-	ps_process_pattern($2, irssi_t)
-
-	manage_dirs_pattern($2, irssi_home_t, irssi_home_t)
-	manage_files_pattern($2, irssi_home_t, irssi_home_t)
-	manage_lnk_files_pattern($2, irssi_home_t, irssi_home_t)
-
-	relabel_dirs_pattern($2, irssi_home_t, irssi_home_t)
-	relabel_files_pattern($2, irssi_home_t, irssi_home_t)
-	relabel_lnk_files_pattern($2, irssi_home_t, irssi_home_t)
-')
diff --git a/policy/modules/apps/irc.te b/policy/modules/apps/irc.te
deleted file mode 100644
index b7c6502..0000000
--- a/policy/modules/apps/irc.te
+++ /dev/null
@@ -1,207 +0,0 @@
-policy_module(irc, 2.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type irc_t;
-type irc_exec_t;
-typealias irc_t alias { user_irc_t staff_irc_t sysadm_irc_t };
-typealias irc_t alias { auditadm_irc_t secadm_irc_t };
-application_domain(irc_t, irc_exec_t)
-ubac_constrained(irc_t)
-
-type irc_home_t;
-typealias irc_home_t alias { user_irc_home_t staff_irc_home_t sysadm_irc_home_t };
-typealias irc_home_t alias { auditadm_irc_home_t secadm_irc_home_t };
-userdom_user_home_content(irc_home_t)
-
-type irc_tmp_t;
-typealias irc_tmp_t alias { user_irc_tmp_t staff_irc_tmp_t sysadm_irc_tmp_t };
-typealias irc_tmp_t alias { auditadm_irc_tmp_t secadm_irc_tmp_t };
-userdom_user_home_content(irc_tmp_t)
-
-########################################
-#
-# Irssi personal declarations.
-#
-
-## <desc>
-## <p>
-## Allow the Irssi IRC Client to connect to any port,
-## and to bind to any unreserved port.
-## </p>
-## </desc>
-gen_tunable(irssi_use_full_network, false)
-
-type irssi_t;
-type irssi_exec_t;
-application_domain(irssi_t, irssi_exec_t)
-ubac_constrained(irssi_t)
-
-type irssi_etc_t;
-files_config_file(irssi_etc_t)
-
-type irssi_home_t;
-userdom_user_home_content(irssi_home_t)
-
-########################################
-#
-# Local policy
-#
-
-allow irc_t self:unix_stream_socket create_stream_socket_perms;
-allow irc_t self:tcp_socket create_socket_perms;
-allow irc_t self:udp_socket create_socket_perms;
-
-manage_dirs_pattern(irc_t, irc_home_t, irc_home_t)
-manage_files_pattern(irc_t, irc_home_t, irc_home_t)
-manage_lnk_files_pattern(irc_t, irc_home_t, irc_home_t)
-userdom_user_home_dir_filetrans(irc_t, irc_home_t, { dir file lnk_file })
-
-# access files under /tmp
-manage_dirs_pattern(irc_t, irc_tmp_t, irc_tmp_t)
-manage_files_pattern(irc_t, irc_tmp_t, irc_tmp_t)
-manage_lnk_files_pattern(irc_t, irc_tmp_t, irc_tmp_t)
-manage_fifo_files_pattern(irc_t, irc_tmp_t, irc_tmp_t)
-manage_sock_files_pattern(irc_t, irc_tmp_t, irc_tmp_t)
-files_tmp_filetrans(irc_t, irc_tmp_t, { file dir lnk_file sock_file fifo_file })
-
-kernel_read_proc_symlinks(irc_t)
-
-corenet_all_recvfrom_unlabeled(irc_t)
-corenet_all_recvfrom_netlabel(irc_t)
-corenet_tcp_sendrecv_generic_if(irc_t)
-corenet_udp_sendrecv_generic_if(irc_t)
-corenet_tcp_sendrecv_generic_node(irc_t)
-corenet_udp_sendrecv_generic_node(irc_t)
-corenet_tcp_sendrecv_all_ports(irc_t)
-corenet_udp_sendrecv_all_ports(irc_t)
-corenet_sendrecv_ircd_client_packets(irc_t)
-# cjp: this seems excessive:
-corenet_tcp_connect_all_ports(irc_t)
-corenet_sendrecv_all_client_packets(irc_t)
-
-domain_use_interactive_fds(irc_t)
-
-files_dontaudit_search_pids(irc_t)
-files_search_var(irc_t)
-files_read_etc_files(irc_t)
-files_read_usr_files(irc_t)
-
-fs_getattr_xattr_fs(irc_t)
-fs_search_auto_mountpoints(irc_t)
-
-term_use_controlling_term(irc_t)
-term_list_ptys(irc_t)
-
-# allow utmp access
-init_read_utmp(irc_t)
-init_dontaudit_lock_utmp(irc_t)
-
-miscfiles_read_localization(irc_t)
-
-# Inherit and use descriptors from newrole.
-seutil_use_newrole_fds(irc_t)
-
-sysnet_read_config(irc_t)
-
-# Write to the user domain tty.
-userdom_use_user_terminals(irc_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(irc_t)
-	fs_manage_nfs_files(irc_t)
-	fs_manage_nfs_symlinks(irc_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(irc_t)
-	fs_manage_cifs_files(irc_t)
-	fs_manage_cifs_symlinks(irc_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(irc_t)
-')
-
-########################################
-#
-# Irssi personal declarations.
-#
-
-allow irssi_t self:process { signal sigkill };
-allow irssi_t self:fifo_file rw_fifo_file_perms;
-allow irssi_t self:netlink_route_socket create_netlink_socket_perms;
-allow irssi_t self:tcp_socket create_stream_socket_perms;
-allow irssi_t self:udp_socket create_socket_perms;
-
-read_files_pattern(irssi_t, irssi_etc_t, irssi_etc_t)
-
-manage_dirs_pattern(irssi_t, irssi_home_t, irssi_home_t)
-manage_files_pattern(irssi_t, irssi_home_t, irssi_home_t)
-manage_lnk_files_pattern(irssi_t, irssi_home_t, irssi_home_t)
-userdom_user_home_dir_filetrans(irssi_t, irssi_home_t, { dir file lnk_file })
-userdom_search_user_home_dirs(irssi_t)
-
-corecmd_search_bin(irssi_t)
-corecmd_read_bin_symlinks(irssi_t)
-
-corenet_tcp_connect_ircd_port(irssi_t)
-corenet_sendrecv_ircd_client_packets(irssi_t)
-
-# Privoxy
-corenet_tcp_connect_http_cache_port(irssi_t)
-corenet_sendrecv_http_cache_client_packets(irssi_t)
-
-corenet_all_recvfrom_netlabel(irssi_t)
-corenet_all_recvfrom_unlabeled(irssi_t)
-corenet_tcp_sendrecv_generic_if(irssi_t)
-corenet_tcp_sendrecv_generic_node(irssi_t)
-corenet_tcp_sendrecv_generic_port(irssi_t)
-corenet_tcp_bind_generic_node(irssi_t)
-corenet_udp_bind_generic_node(irssi_t)
-
-dev_read_urand(irssi_t)
-# irssi-otr genkey.
-dev_read_rand(irssi_t)
-
-files_read_etc_files(irssi_t)
-files_read_usr_files(irssi_t)
-
-fs_search_auto_mountpoints(irssi_t)
-
-miscfiles_read_localization(irssi_t)
-
-sysnet_read_config(irssi_t)
-
-userdom_use_user_terminals(irssi_t)
-
-tunable_policy(`irssi_use_full_network', `
-	corenet_tcp_bind_all_unreserved_ports(irssi_t)
-	corenet_tcp_connect_all_ports(irssi_t)
-	corenet_sendrecv_generic_server_packets(irssi_t)
-	corenet_sendrecv_all_client_packets(irssi_t)
-')
-
-tunable_policy(`use_nfs_home_dirs', `
-	fs_manage_nfs_dirs(irssi_t)
-	fs_manage_nfs_files(irssi_t)
-	fs_manage_nfs_symlinks(irssi_t)
-')
-
-tunable_policy(`use_samba_home_dirs', `
-	fs_manage_cifs_dirs(irssi_t)
-	fs_manage_cifs_files(irssi_t)
-	fs_manage_cifs_symlinks(irssi_t)
-')
-
-optional_policy(`
-	automount_dontaudit_getattr_tmp_dirs(irssi_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(irssi_t)
-')
-
diff --git a/policy/modules/apps/java.fc b/policy/modules/apps/java.fc
deleted file mode 100644
index 87d560b..0000000
--- a/policy/modules/apps/java.fc
+++ /dev/null
@@ -1,42 +0,0 @@
-#
-# /opt
-#
-/opt/(.*/)?bin/java[^/]* --	gen_context(system_u:object_r:java_exec_t,s0)
-/opt/ibm/java.*/(bin|javaws)(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
-/opt/local/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
-/opt/matlab.*/bin.*/MATLAB.* --	gen_context(system_u:object_r:java_exec_t,s0)
-
-#
-# /usr
-#
-/usr/Aptana[^/]*/AptanaStudio	--	gen_context(system_u:object_r:java_exec_t,s0)
-/usr/(.*/)?bin/java.* 	--	gen_context(system_u:object_r:java_exec_t,s0)
-/usr/bin/fastjar	--	gen_context(system_u:object_r:java_exec_t,s0)
-/usr/bin/frysk		--	gen_context(system_u:object_r:java_exec_t,s0)
-/usr/bin/gappletviewer	--	gen_context(system_u:object_r:java_exec_t,s0)
-/usr/bin/gcj-dbtool	--	gen_context(system_u:object_r:java_exec_t,s0)
-/usr/bin/gij		--	gen_context(system_u:object_r:java_exec_t,s0)
-/usr/bin/gjarsigner	--	gen_context(system_u:object_r:java_exec_t,s0)
-/usr/bin/gkeytool	--	gen_context(system_u:object_r:java_exec_t,s0)
-/usr/bin/grmic		--	gen_context(system_u:object_r:java_exec_t,s0)
-/usr/bin/grmiregistry	--	gen_context(system_u:object_r:java_exec_t,s0)
-/usr/bin/jv-convert	--	gen_context(system_u:object_r:java_exec_t,s0)
-/usr/bin/octave-[^/]*	--	gen_context(system_u:object_r:java_exec_t,s0)
-
-/usr/lib(.*/)?bin/java[^/]* --	gen_context(system_u:object_r:java_exec_t,s0)
-/usr/lib/eclipse/eclipse --	gen_context(system_u:object_r:java_exec_t,s0)
-/usr/lib/jvm/java(.*/)bin(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
-/usr/lib/opera(/.*)?/opera --	gen_context(system_u:object_r:java_exec_t,s0)
-/usr/lib/opera(/.*)?/works --	gen_context(system_u:object_r:java_exec_t,s0)
-/usr/lib64/jvm/java(.*/)bin(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
-
-/usr/local/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
-
-/usr/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
-
-/opt/ibm/lotus/Symphony/framework/rcp/eclipse/plugins(/.*)?	--	gen_context(system_u:object_r:java_exec_t,s0)
-/opt/ibm(/.*)?/eclipse/plugins(/.*)?	--	gen_context(system_u:object_r:java_exec_t,s0)
-
-ifdef(`distro_redhat',`
-/usr/java/eclipse[^/]*/eclipse	--	gen_context(system_u:object_r:java_exec_t,s0)
-')
diff --git a/policy/modules/apps/java.if b/policy/modules/apps/java.if
deleted file mode 100644
index f0c4777..0000000
--- a/policy/modules/apps/java.if
+++ /dev/null
@@ -1,202 +0,0 @@
-## <summary>Java virtual machine</summary>
-
-########################################
-## <summary>
-##	Role access for java
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`java_role',`
-	gen_require(`
-		type java_t, java_exec_t;
-	')
-
-	role $1 types java_t;
-
-	# The user role is authorized for this domain.
-	domtrans_pattern($2, java_exec_t, java_t)
-	allow java_t $2:process signull;
-	# Unrestricted inheritance from the caller.
-	allow $2 java_t:process { noatsecure siginh rlimitinh };
-
-	allow java_t $2:unix_stream_socket connectto;
-	allow java_t $2:unix_stream_socket { read write };
-	allow java_t $2:tcp_socket { read write };
-')
-
-#######################################
-## <summary>
-##	The role template for the java module.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a derived domains which are used
-##	for java applications.
-##	</p>
-## </desc>
-## <param name="role_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-template(`java_role_template',`
-	gen_require(`
-		type java_exec_t;
-	')
-
-	type $1_java_t;
-	domain_type($1_java_t)
-	domain_entry_file($1_java_t, java_exec_t)
-	role $2 types $1_java_t;
-
-	domain_interactive_fd($1_java_t)
-
-	userdom_unpriv_usertype($1, $1_java_t)
-	userdom_manage_tmpfs_role($2, $1_java_t)
-
-	allow $1_java_t self:process { ptrace signal getsched execmem execstack };
-
-	dontaudit $1_java_t $3:tcp_socket { read write };
-
-	allow $3 $1_java_t:process { getattr ptrace noatsecure signal_perms };
-
-	domtrans_pattern($3, java_exec_t, $1_java_t)
-
-	corecmd_bin_domtrans($1_java_t, $1_t)
-
-	dev_dontaudit_append_rand($1_java_t)
-
-	files_execmod_all_files($1_java_t)
-
-	fs_dontaudit_rw_tmpfs_files($1_java_t)
-
-	optional_policy(`
-		xserver_role($2, $1_java_t)
-	')
-')
-
-########################################
-## <summary>
-##	Run java in javaplugin domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-template(`java_domtrans',`
-	gen_require(`
-		type java_t, java_exec_t;
-	')
-
-	domtrans_pattern($1, java_exec_t, java_t)
-')
-
-########################################
-## <summary>
-##	Execute java in the java domain, and
-##	allow the specified role the java domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`java_run',`
-	gen_require(`
-		type java_t;
-	')
-
-	java_domtrans($1)
-	role $2 types java_t;
-')
-
-########################################
-## <summary>
-##	Execute the java program in the unconfined java domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`java_domtrans_unconfined',`
-	gen_require(`
-		type unconfined_java_t, java_exec_t;
-	')
-
-	domtrans_pattern($1, java_exec_t, unconfined_java_t)
-	corecmd_search_bin($1)
-')
-
-########################################
-## <summary>
-##	Execute the java program in the unconfined java domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`java_run_unconfined',`
-	gen_require(`
-		type unconfined_java_t;
-	')
-
-	java_domtrans_unconfined($1)
-	role $2 types unconfined_java_t;
-	nsplugin_role_notrans($2, unconfined_java_t)
-')
-
-########################################
-## <summary>
-##	Execute the java program in the java domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`java_exec',`
-	gen_require(`
-		type java_exec_t;
-	')
-
-	can_exec($1, java_exec_t)
-')
diff --git a/policy/modules/apps/java.te b/policy/modules/apps/java.te
deleted file mode 100644
index 90ce46a..0000000
--- a/policy/modules/apps/java.te
+++ /dev/null
@@ -1,159 +0,0 @@
-policy_module(java, 2.3.1)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Allow java executable stack
-## </p>
-## </desc>
-gen_tunable(allow_java_execstack, false)
-
-type java_t;
-type java_exec_t;
-application_domain(java_t, java_exec_t)
-ubac_constrained(java_t)
-typealias java_t alias { staff_javaplugin_t user_javaplugin_t sysadm_javaplugin_t };
-typealias java_t alias { auditadm_javaplugin_t secadm_javaplugin_t };
-role system_r types java_t;
-
-type java_tmp_t;
-files_tmp_file(java_tmp_t)
-ubac_constrained(java_tmp_t)
-typealias java_tmp_t alias { staff_javaplugin_tmp_t user_javaplugin_tmp_t sysadm_javaplugin_tmp_t };
-typealias java_tmp_t alias { auditadm_tmp_javaplugin_t secadm_javaplugin_tmp_t };
-
-type java_tmpfs_t;
-ubac_constrained(java_tmpfs_t)
-files_tmpfs_file(java_tmpfs_t)
-typealias java_tmpfs_t alias { staff_javaplugin_tmpfs_t user_javaplugin_tmpfs_t sysadm_javaplugin_tmpfs_t };
-typealias java_tmpfs_t alias { auditadm_tmpfs_javaplugin_t secadm_tmpfs_javaplugin_t };
-
-type unconfined_java_t;
-init_system_domain(unconfined_java_t, java_exec_t)
-
-########################################
-#
-# Local policy
-#
-
-allow java_t self:process { signal_perms getsched setsched execmem };
-allow java_t self:fifo_file rw_fifo_file_perms;
-allow java_t self:tcp_socket create_socket_perms;
-allow java_t self:udp_socket create_socket_perms;
-
-manage_dirs_pattern(java_t, java_tmp_t, java_tmp_t)
-manage_files_pattern(java_t, java_tmp_t, java_tmp_t)
-files_tmp_filetrans(java_t, java_tmp_t, { file dir })
-
-manage_files_pattern(java_t, java_tmpfs_t, java_tmpfs_t)
-manage_lnk_files_pattern(java_t, java_tmpfs_t, java_tmpfs_t)
-manage_fifo_files_pattern(java_t, java_tmpfs_t, java_tmpfs_t)
-manage_sock_files_pattern(java_t, java_tmpfs_t, java_tmpfs_t)
-fs_tmpfs_filetrans(java_t, java_tmpfs_t, { file lnk_file sock_file fifo_file })
-
-can_exec(java_t, java_exec_t)
-
-kernel_read_all_sysctls(java_t)
-kernel_search_vm_sysctl(java_t)
-kernel_read_network_state(java_t)
-kernel_read_system_state(java_t)
-
-# Search bin directory under java for java executable
-corecmd_search_bin(java_t)
-
-corenet_all_recvfrom_unlabeled(java_t)
-corenet_all_recvfrom_netlabel(java_t)
-corenet_tcp_sendrecv_generic_if(java_t)
-corenet_udp_sendrecv_generic_if(java_t)
-corenet_tcp_sendrecv_generic_node(java_t)
-corenet_udp_sendrecv_generic_node(java_t)
-corenet_tcp_sendrecv_all_ports(java_t)
-corenet_udp_sendrecv_all_ports(java_t)
-corenet_tcp_connect_all_ports(java_t)
-corenet_sendrecv_all_client_packets(java_t)
-
-dev_read_sound(java_t)
-dev_write_sound(java_t)
-dev_read_urand(java_t)
-dev_read_rand(java_t)
-dev_dontaudit_append_rand(java_t)
-
-files_read_etc_files(java_t)
-files_read_usr_files(java_t)
-files_search_home(java_t)
-files_search_var_lib(java_t)
-files_read_etc_runtime_files(java_t)
-# Read global fonts and font config
-
-fs_getattr_xattr_fs(java_t)
-fs_dontaudit_rw_tmpfs_files(java_t)
-
-logging_send_syslog_msg(java_t)
-
-miscfiles_read_localization(java_t)
-# Read global fonts and font config
-miscfiles_read_fonts(java_t)
-
-sysnet_read_config(java_t)
-
-userdom_dontaudit_use_user_terminals(java_t)
-userdom_dontaudit_setattr_user_home_content_files(java_t)
-userdom_dontaudit_exec_user_home_content_files(java_t)
-userdom_manage_user_home_content_dirs(java_t)
-userdom_manage_user_home_content_files(java_t)
-userdom_manage_user_home_content_symlinks(java_t)
-userdom_manage_user_home_content_pipes(java_t)
-userdom_manage_user_home_content_sockets(java_t)
-userdom_user_home_dir_filetrans_user_home_content(java_t, { file lnk_file sock_file fifo_file })
-userdom_write_user_tmp_sockets(java_t)
-
-tunable_policy(`allow_java_execstack',`
-	allow java_t self:process execstack;
-
-	allow java_t java_tmp_t:file execute;
-
-	libs_legacy_use_shared_libs(java_t)
-	libs_legacy_use_ld_so(java_t)
-
-	miscfiles_legacy_read_localization(java_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(java_t)
-')
-
-optional_policy(`
-	nscd_socket_use(java_t)
-')
-
-optional_policy(`
-	xserver_user_x_domain_template(java, java_t, java_tmpfs_t)
-')
-
-########################################
-#
-# Unconfined java local policy
-#
-
-optional_policy(`
-	# execheap is needed for itanium/BEA jrocket
-	allow unconfined_java_t self:process { execstack execmem execheap };
-
-	init_dbus_chat_script(unconfined_java_t)
-
-	files_execmod_all_files(unconfined_java_t)
-
-	init_dbus_chat_script(unconfined_java_t)
-
-	unconfined_domain_noaudit(unconfined_java_t)
-	unconfined_dbus_chat(unconfined_java_t)
-	userdom_unpriv_usertype(unconfined, unconfined_java_t)
-
-	optional_policy(`
-		rpm_domtrans(unconfined_java_t)
-	')
-')
diff --git a/policy/modules/apps/kdumpgui.fc b/policy/modules/apps/kdumpgui.fc
deleted file mode 100644
index 250679c..0000000
--- a/policy/modules/apps/kdumpgui.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/share/system-config-kdump/system-config-kdump-backend\.py	--	gen_context(system_u:object_r:kdumpgui_exec_t,s0)
diff --git a/policy/modules/apps/kdumpgui.if b/policy/modules/apps/kdumpgui.if
deleted file mode 100644
index d6af9b0..0000000
--- a/policy/modules/apps/kdumpgui.if
+++ /dev/null
@@ -1,2 +0,0 @@
-## <summary>system-config-kdump GUI</summary>
-
diff --git a/policy/modules/apps/kdumpgui.te b/policy/modules/apps/kdumpgui.te
deleted file mode 100644
index 3812a46..0000000
--- a/policy/modules/apps/kdumpgui.te
+++ /dev/null
@@ -1,67 +0,0 @@
-policy_module(kdumpgui, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type kdumpgui_t;
-type kdumpgui_exec_t;
-dbus_system_domain(kdumpgui_t, kdumpgui_exec_t)
-
-######################################
-#
-# system-config-kdump local policy
-#
-
-allow kdumpgui_t self:capability { net_admin sys_admin sys_rawio };
-allow kdumpgui_t self:fifo_file rw_fifo_file_perms;
-allow kdumpgui_t self:netlink_kobject_uevent_socket create_socket_perms;
-
-kernel_read_system_state(kdumpgui_t)
-kernel_read_network_state(kdumpgui_t)
-
-corecmd_exec_bin(kdumpgui_t)
-corecmd_exec_shell(kdumpgui_t)
-
-dev_dontaudit_getattr_all_chr_files(kdumpgui_t)
-dev_read_sysfs(kdumpgui_t)
-
-files_manage_boot_files(kdumpgui_t)
-files_manage_boot_symlinks(kdumpgui_t)
-# Needed for running chkconfig
-files_manage_etc_symlinks(kdumpgui_t)
-# for blkid.tab
-files_manage_etc_runtime_files(kdumpgui_t)
-files_etc_filetrans_etc_runtime(kdumpgui_t, file)
-files_read_usr_files(kdumpgui_t)
-
-storage_raw_read_fixed_disk(kdumpgui_t)
-storage_raw_write_fixed_disk(kdumpgui_t)
-
-auth_use_nsswitch(kdumpgui_t)
-
-consoletype_exec(kdumpgui_t)
-
-kdump_manage_config(kdumpgui_t)
-kdump_initrc_domtrans(kdumpgui_t)
-
-logging_send_syslog_msg(kdumpgui_t)
-
-miscfiles_read_localization(kdumpgui_t)
-
-init_dontaudit_read_all_script_files(kdumpgui_t)
-
-userdom_dontaudit_search_admin_dir(kdumpgui_t)
-
-optional_policy(`
-	dev_rw_lvm_control(kdumpgui_t)
-')
-
-optional_policy(`
-	gnome_dontaudit_search_config(kdumpgui_t)
-')
-
-optional_policy(`
-	policykit_dbus_chat(kdumpgui_t)
-')
diff --git a/policy/modules/apps/livecd.fc b/policy/modules/apps/livecd.fc
deleted file mode 100644
index 34937fc..0000000
--- a/policy/modules/apps/livecd.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/bin/livecd-creator	--	gen_context(system_u:object_r:livecd_exec_t,s0)
diff --git a/policy/modules/apps/livecd.if b/policy/modules/apps/livecd.if
deleted file mode 100644
index b67cf26..0000000
--- a/policy/modules/apps/livecd.if
+++ /dev/null
@@ -1,124 +0,0 @@
-## <summary>Livecd tool for building alternate livecd for different os and policy versions.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run livecd.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`livecd_domtrans',`
-	gen_require(`
-		type livecd_t, livecd_exec_t;
-	')
-
-	domtrans_pattern($1, livecd_exec_t, livecd_t)
-')
-
-########################################
-## <summary>
-##	Execute livecd in the livecd domain, and
-##	allow the specified role the livecd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`livecd_run',`
-	gen_require(`
-		type livecd_t;
-	')
-
-	livecd_domtrans($1)
-	role $2 types livecd_t;
-	
-	seutil_run_setfiles_mac(livecd_t, $2)
-
-	optional_policy(`
-		mount_run(livecd_t, $2)
-	')
-')
-
-########################################
-## <summary>
-##	Dontaudit read/write to a livecd leaks
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`livecd_dontaudit_leaks',`
-	gen_require(`
-		type livecd_t;
-	')
-
-	dontaudit $1 livecd_t:unix_dgram_socket { read write };
-')
-
-########################################
-## <summary>
-##	Read livecd temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`livecd_read_tmp_files',`
-	gen_require(`
-		type livecd_tmp_t;
-	')
-
-	files_search_tmp($1)
-	read_files_pattern($1, livecd_tmp_t, livecd_tmp_t)
-')
-
-########################################
-## <summary>
-##	Read and write livecd temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`livecd_rw_tmp_files',`
-	gen_require(`
-		type livecd_tmp_t;
-	')
-
-	files_search_tmp($1)
-	rw_files_pattern($1, livecd_tmp_t, livecd_tmp_t)
-')
-
-########################################
-## <summary>
-##	Allow read and write access to livecd semaphores.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`livecd_rw_semaphores',`
-	gen_require(`
-		type livecd_t;
-	')
-
-	allow $1 livecd_t:sem { unix_read unix_write associate read write };
-')
diff --git a/policy/modules/apps/livecd.te b/policy/modules/apps/livecd.te
deleted file mode 100644
index 47a193c..0000000
--- a/policy/modules/apps/livecd.te
+++ /dev/null
@@ -1,35 +0,0 @@
-policy_module(livecd, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type livecd_t;
-type livecd_exec_t;
-application_domain(livecd_t, livecd_exec_t)
-role system_r types livecd_t;
-
-type livecd_tmp_t;
-files_tmp_file(livecd_tmp_t)
-
-########################################
-#
-# livecd local policy
-#
-
-dontaudit livecd_t self:capability2 mac_admin;
-
-domain_ptrace_all_domains(livecd_t)
-
-manage_dirs_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t)
-manage_files_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t)
-files_tmp_filetrans(livecd_t, livecd_tmp_t, { dir file })
-
-optional_policy(`
-	unconfined_domain_noaudit(livecd_t)
-')
-
-optional_policy(`
-	hal_dbus_chat(livecd_t)
-')
diff --git a/policy/modules/apps/loadkeys.fc b/policy/modules/apps/loadkeys.fc
deleted file mode 100644
index 8549f9f..0000000
--- a/policy/modules/apps/loadkeys.fc
+++ /dev/null
@@ -1,3 +0,0 @@
-
-/bin/loadkeys		--	gen_context(system_u:object_r:loadkeys_exec_t,s0)
-/bin/unikeys		--	gen_context(system_u:object_r:loadkeys_exec_t,s0)
diff --git a/policy/modules/apps/loadkeys.if b/policy/modules/apps/loadkeys.if
deleted file mode 100644
index b55edd0..0000000
--- a/policy/modules/apps/loadkeys.if
+++ /dev/null
@@ -1,67 +0,0 @@
-## <summary>Load keyboard mappings.</summary>
-
-########################################
-## <summary>
-##	Execute the loadkeys program in the loadkeys domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`loadkeys_domtrans',`
-	gen_require(`
-		type loadkeys_t, loadkeys_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, loadkeys_exec_t, loadkeys_t)
-
-	ifdef(`hide_broken_symptoms',`
-		dontaudit loadkeys_t $1:socket_class_set { read write };
-	')
-')
-
-########################################
-## <summary>
-##	Execute the loadkeys program in the loadkeys domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the loadkeys domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`loadkeys_run',`
-	gen_require(`
-		type loadkeys_t;
-	')
-
-	loadkeys_domtrans($1)
-	role $2 types loadkeys_t;
-')
-
-########################################
-## <summary>
-##	Execute the loadkeys program in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`loadkeys_exec',`
-	gen_require(`
-		type loadkeys_exec_t;
-	')
-
-	can_exec($1, loadkeys_exec_t)
-')
diff --git a/policy/modules/apps/loadkeys.te b/policy/modules/apps/loadkeys.te
deleted file mode 100644
index a076ebb..0000000
--- a/policy/modules/apps/loadkeys.te
+++ /dev/null
@@ -1,50 +0,0 @@
-policy_module(loadkeys, 1.7.1)
-
-########################################
-#
-# Declarations
-#
-
-# cjp: this should probably be rewritten
-# per user domain, since it can rw
-# all user domain ttys
-type loadkeys_t;
-type loadkeys_exec_t;
-init_system_domain(loadkeys_t, loadkeys_exec_t)
-
-########################################
-#
-# Local policy
-#
-
-allow loadkeys_t self:capability { dac_override dac_read_search setuid sys_tty_config };
-allow loadkeys_t self:fifo_file rw_fifo_file_perms;
-
-kernel_read_system_state(loadkeys_t)
-
-corecmd_exec_bin(loadkeys_t)
-corecmd_exec_shell(loadkeys_t)
-
-files_read_etc_files(loadkeys_t)
-files_read_etc_runtime_files(loadkeys_t)
-
-term_dontaudit_use_console(loadkeys_t)
-term_use_unallocated_ttys(loadkeys_t)
-
-init_dontaudit_use_fds(loadkeys_t)
-init_dontaudit_use_script_ptys(loadkeys_t)
-
-locallogin_use_fds(loadkeys_t)
-
-miscfiles_read_localization(loadkeys_t)
-
-userdom_use_user_ttys(loadkeys_t)
-userdom_list_user_home_content(loadkeys_t)
-
-ifdef(`hide_broken_symptoms',`
-	dev_dontaudit_rw_lvm_control(loadkeys_t)
-')
-
-optional_policy(`
-	nscd_dontaudit_search_pid(loadkeys_t)
-')
diff --git a/policy/modules/apps/lockdev.fc b/policy/modules/apps/lockdev.fc
deleted file mode 100644
index 8b5ce03..0000000
--- a/policy/modules/apps/lockdev.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-
-/usr/sbin/lockdev	--	gen_context(system_u:object_r:lockdev_exec_t,s0)
diff --git a/policy/modules/apps/lockdev.if b/policy/modules/apps/lockdev.if
deleted file mode 100644
index 8e7d279..0000000
--- a/policy/modules/apps/lockdev.if
+++ /dev/null
@@ -1,33 +0,0 @@
-## <summary>device locking policy for lockdev</summary>
-
-########################################
-## <summary>
-##	Role access for lockdev
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`lockdev_role',`
-	gen_require(`
-		type lockdev_t, lockdev_exec_t;
-		type lockdev_lock_t;
-	')
-
-	role $1 types lockdev_t;
-
-	# Transition from the user domain to the derived domain.
-	domtrans_pattern($2, lockdev_exec_t, lockdev_t)
-	allow lockdev_t $2:process signull;
-
-	# allow ps to show lockdev
-	ps_process_pattern($2, lockdev_t)
-	allow $2 lockdev_t:process signal;
-')
diff --git a/policy/modules/apps/lockdev.te b/policy/modules/apps/lockdev.te
deleted file mode 100644
index 0bac996..0000000
--- a/policy/modules/apps/lockdev.te
+++ /dev/null
@@ -1,39 +0,0 @@
-policy_module(lockdev, 1.3.0)
-
-########################################
-#
-# Declarations
-#
-
-type lockdev_t;
-type lockdev_exec_t;
-typealias lockdev_t alias { user_lockdev_t staff_lockdev_t sysadm_lockdev_t };
-typealias lockdev_t alias { auditadm_lockdev_t secadm_lockdev_t };
-application_domain(lockdev_t, lockdev_exec_t)
-ubac_constrained(lockdev_t)
-
-type lockdev_lock_t;
-typealias lockdev_lock_t alias { user_lockdev_lock_t staff_lockdev_lock_t sysadm_lockdev_lock_t };
-typealias lockdev_lock_t alias { auditadm_lockdev_lock_t secadm_lockdev_lock_t };
-files_lock_file(lockdev_lock_t)
-ubac_constrained(lockdev_lock_t)
-
-########################################
-#
-# Local policy
-#
-
-# Use capabilities.
-allow lockdev_t self:capability setgid;
-
-allow lockdev_t lockdev_lock_t:file manage_file_perms;
-files_lock_filetrans(lockdev_t, lockdev_lock_t, file)
-
-files_read_all_locks(lockdev_t)
-
-fs_getattr_xattr_fs(lockdev_t)
-
-logging_send_syslog_msg(lockdev_t)
-
-userdom_use_user_terminals(lockdev_t)
-
diff --git a/policy/modules/apps/mediawiki.fc b/policy/modules/apps/mediawiki.fc
deleted file mode 100644
index bf872ef..0000000
--- a/policy/modules/apps/mediawiki.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-
-/usr/lib(64)?/mediawiki/math/texvc	--	gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0)	
-/usr/lib(64)?/mediawiki/math/texvc_tex --      gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0)
-/usr/lib(64)?/mediawiki/math/texvc_tes --      gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0)
-
-/var/www/wiki(/.*)?		  gen_context(system_u:object_r:httpd_mediawiki_rw_content_t,s0)
-
-/var/www/wiki/.*\.php    --           gen_context(system_u:object_r:httpd_mediawiki_content_t,s0)
-
-/usr/share/mediawiki(/.*)?	  gen_context(system_u:object_r:httpd_mediawiki_content_t,s0)
diff --git a/policy/modules/apps/mediawiki.if b/policy/modules/apps/mediawiki.if
deleted file mode 100644
index 1c1d012..0000000
--- a/policy/modules/apps/mediawiki.if
+++ /dev/null
@@ -1,40 +0,0 @@
-## <summary>Mediawiki policy</summary>
-
-#######################################
-## <summary>
-##      Allow the specified domain to read
-##      mediawiki tmp files.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`mediawiki_read_tmp_files',`
-        gen_require(`
-                type httpd_mediawiki_tmp_t;
-        ')
-
-        files_search_tmp($1)
-        read_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
-	read_lnk_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
-')
-
-#######################################
-## <summary>
-##      Delete mediawiki tmp files.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`mediawiki_delete_tmp_files',`
-        gen_require(`
-                type httpd_mediawiki_tmp_t;
-        ')
-
-        delete_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
-')
diff --git a/policy/modules/apps/mediawiki.te b/policy/modules/apps/mediawiki.te
deleted file mode 100644
index b7f569d..0000000
--- a/policy/modules/apps/mediawiki.te
+++ /dev/null
@@ -1,35 +0,0 @@
-
-policy_module(mediawiki, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-apache_content_template(mediawiki)
-
-type httpd_mediawiki_tmp_t;
-files_tmp_file(httpd_mediawiki_tmp_t)
-
-permissive httpd_mediawiki_script_t;
-
-########################################
-#
-# mediawiki local policy
-#
-
-manage_dirs_pattern(httpd_mediawiki_script_t, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
-manage_files_pattern(httpd_mediawiki_script_t, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
-manage_lnk_files_pattern(httpd_mediawiki_script_t, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
-files_tmp_filetrans(httpd_mediawiki_script_t, httpd_mediawiki_tmp_t, { file dir lnk_file })
-
-files_search_var_lib(httpd_mediawiki_script_t)
-
-userdom_read_user_tmp_files(httpd_mediawiki_script_t)
-
-miscfiles_read_tetex_data(httpd_mediawiki_script_t)
-
-optional_policy(`
-	apache_dontaudit_rw_tmp_files(httpd_mediawiki_script_t)
-')
-
diff --git a/policy/modules/apps/metadata.xml b/policy/modules/apps/metadata.xml
deleted file mode 100644
index a5ad4c0..0000000
--- a/policy/modules/apps/metadata.xml
+++ /dev/null
@@ -1 +0,0 @@
-<summary>Policy modules for applications</summary>
diff --git a/policy/modules/apps/mono.fc b/policy/modules/apps/mono.fc
deleted file mode 100644
index b01bc91..0000000
--- a/policy/modules/apps/mono.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/bin/mono.*	--	gen_context(system_u:object_r:mono_exec_t,s0)
diff --git a/policy/modules/apps/mono.if b/policy/modules/apps/mono.if
deleted file mode 100644
index 9c9e6c1..0000000
--- a/policy/modules/apps/mono.if
+++ /dev/null
@@ -1,142 +0,0 @@
-## <summary>Run .NET server and client applications on Linux.</summary>
-
-#######################################
-## <summary>
-##	The role template for the mono module.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a derived domains which are used
-##	for mono applications.
-##	</p>
-## </desc>
-## <param name="role_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-template(`mono_role_template',`
-	gen_require(`
-		type mono_exec_t;
-	')
-
-	type $1_mono_t;
-	domain_type($1_mono_t)
-	domain_entry_file($1_mono_t, mono_exec_t)
-	role $2 types $1_mono_t;
-
-	domain_interactive_fd($1_mono_t)
-	application_type($1_mono_t)
-
-	allow $1_mono_t self:process { ptrace signal getsched execheap execmem execstack };
-	allow $3 $1_mono_t:process { getattr ptrace noatsecure signal_perms };
-
-	domtrans_pattern($3, mono_exec_t, $1_mono_t)
-
-	fs_dontaudit_rw_tmpfs_files($1_mono_t)
-	corecmd_bin_domtrans($1_mono_t, $1_t)
-
-	userdom_unpriv_usertype($1, $1_mono_t)
-	userdom_manage_tmpfs_role($2, $1_mono_t)
-
-	ifdef(`hide_broken_symptoms', `
-		dontaudit $1_t $1_mono_t:socket_class_set { read write };
-	')
-
-	optional_policy(`
-		xserver_role($1_r, $1_mono_t)
-	')
-')
-
-########################################
-## <summary>
-##	Execute the mono program in the mono domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`mono_domtrans',`
-	gen_require(`
-		type mono_t, mono_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, mono_exec_t, mono_t)
-')
-
-########################################
-## <summary>
-##	Execute mono in the mono domain, and
-##	allow the specified role the mono domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`mono_run',`
-	gen_require(`
-		type mono_t;
-	')
-
-	mono_domtrans($1)
-	role $2 types mono_t;
-')
-
-########################################
-## <summary>
-##	Execute the mono program in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mono_exec',`
-	gen_require(`
-		type mono_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, mono_exec_t)
-')
-
-########################################
-## <summary>
-##	Read and write to mono shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mono_rw_shm',`
-	gen_require(`
-		type mono_t;
-	')
-
-	allow $1 mono_t:shm rw_shm_perms;
-')
diff --git a/policy/modules/apps/mono.te b/policy/modules/apps/mono.te
deleted file mode 100644
index c101631..0000000
--- a/policy/modules/apps/mono.te
+++ /dev/null
@@ -1,52 +0,0 @@
-policy_module(mono, 1.7.1)
-
-########################################
-#
-# Declarations
-#
-
-type mono_t;
-type mono_exec_t;
-application_type(mono_t)
-init_system_domain(mono_t, mono_exec_t)
-
-########################################
-#
-# Local policy
-#
-
-allow mono_t self:process { ptrace signal getsched execheap execmem execstack };
-
-init_dbus_chat_script(mono_t)
-
-userdom_user_home_dir_filetrans_user_home_content(mono_t, { dir file lnk_file fifo_file sock_file })
-
-optional_policy(`
-	avahi_dbus_chat(mono_t)
-')
-
-optional_policy(`
-	cups_dbus_chat(mono_t)
-')
-
-optional_policy(`
-	hal_dbus_chat(mono_t)
-')
-
-optional_policy(`
-	networkmanager_dbus_chat(mono_t)
-')
-
-optional_policy(`
-	rpm_dbus_chat(mono_t)
-')
-
-optional_policy(`
-	unconfined_domain(mono_t)
-	unconfined_dbus_chat(mono_t)
-	unconfined_dbus_connect(mono_t)
-')
-
-optional_policy(`
-	xserver_rw_shm(mono_t)
-')
diff --git a/policy/modules/apps/mozilla.fc b/policy/modules/apps/mozilla.fc
deleted file mode 100644
index aafece7..0000000
--- a/policy/modules/apps/mozilla.fc
+++ /dev/null
@@ -1,31 +0,0 @@
-HOME_DIR/\.galeon(/.*)?			gen_context(system_u:object_r:mozilla_home_t,s0)
-HOME_DIR/\.java(/.*)?			gen_context(system_u:object_r:mozilla_home_t,s0)
-HOME_DIR/\.mozilla(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
-HOME_DIR/\.thunderbird(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
-HOME_DIR/\.netscape(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
-HOME_DIR/\.phoenix(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
-
-#
-# /bin
-#
-/usr/bin/netscape		--	gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/bin/mozilla		--	gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/bin/mozilla-snapshot	--	gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/bin/epiphany-bin		--	gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/bin/epiphany		--	gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/bin/mozilla-[0-9].*	--	gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/bin/mozilla-bin-[0-9].*	--	gen_context(system_u:object_r:mozilla_exec_t,s0)
-
-#
-# /lib
-#
-/usr/lib(64)?/galeon/galeon 	--	gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib(64)?/netscape/.+/communicator/communicator-smotif\.real -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib(64)?/netscape/base-4/wrapper -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib(64)?/mozilla[^/]*/reg.+ --	gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib(64)?/mozilla[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib(64)?/firefox[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib(64)?/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib/[^/]*firefox[^/]*/firefox --	gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib(64)?/xulrunner[^/]*/plugin-container		--	gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if
deleted file mode 100644
index b0c1197..0000000
--- a/policy/modules/apps/mozilla.if
+++ /dev/null
@@ -1,296 +0,0 @@
-## <summary>Policy for Mozilla and related web browsers</summary>
-
-########################################
-## <summary>
-##	Role access for mozilla
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`mozilla_role',`
-	gen_require(`
-		type mozilla_t, mozilla_exec_t, mozilla_home_t;
-	')
-
-	role $1 types mozilla_t;
-
-	domain_auto_trans($2, mozilla_exec_t, mozilla_t)
-	# Unrestricted inheritance from the caller.
-	allow $2 mozilla_t:process { noatsecure siginh rlimitinh };
-	allow mozilla_t $2:fd use;
-	allow mozilla_t $2:process { sigchld signull };
-	allow mozilla_t $2:unix_stream_socket connectto;
-
-	mozilla_run_plugin(mozilla_t, $2)
-
-	# Allow the user domain to signal/ps.
-	ps_process_pattern($2, mozilla_t)
-	allow $2 mozilla_t:process signal_perms;
-
-	allow $2 mozilla_t:fd use;
-	allow $2 mozilla_t:shm { associate getattr };
-	allow $2 mozilla_t:shm { unix_read unix_write };
-	allow $2 mozilla_t:unix_stream_socket connectto;
-
-	# X access, Home files
-	manage_dirs_pattern($2, mozilla_home_t, mozilla_home_t)
-	manage_files_pattern($2, mozilla_home_t, mozilla_home_t)
-	manage_lnk_files_pattern($2, mozilla_home_t, mozilla_home_t)
-	relabel_dirs_pattern($2, mozilla_home_t, mozilla_home_t)
-	relabel_files_pattern($2, mozilla_home_t, mozilla_home_t)
-	relabel_lnk_files_pattern($2, mozilla_home_t, mozilla_home_t)
-
-	mozilla_dbus_chat($2)
-
-	userdom_manage_tmp_role($1, mozilla_t)
-
-	optional_policy(`
-		nsplugin_role($1, mozilla_t)
-	')
-
-	optional_policy(`
-		pulseaudio_role($1, mozilla_t)
-	')
-')
-
-########################################
-## <summary>
-##	Read mozilla home directory content
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mozilla_read_user_home_files',`
-	gen_require(`
-		type mozilla_home_t;
-	')
-
-	allow $1 mozilla_home_t:dir list_dir_perms;
-	allow $1 mozilla_home_t:file read_file_perms;
-	allow $1 mozilla_home_t:lnk_file read_lnk_file_perms;
-	userdom_search_user_home_dirs($1)
-')
-
-########################################
-## <summary>
-##	Write mozilla home directory content
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mozilla_write_user_home_files',`
-	gen_require(`
-		type mozilla_home_t;
-	')
-
-	write_files_pattern($1, mozilla_home_t, mozilla_home_t)
-	userdom_search_user_home_dirs($1)
-')
-
-########################################
-## <summary>
-##	Dontaudit attempts to read/write mozilla home directory content
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`mozilla_dontaudit_rw_user_home_files',`
-	gen_require(`
-		type mozilla_home_t;
-	')
-
-	dontaudit $1 mozilla_home_t:file rw_inherited_file_perms;
-')
-
-########################################
-## <summary>
-##	Dontaudit attempts to write mozilla home directory content
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`mozilla_dontaudit_manage_user_home_files',`
-	gen_require(`
-		type mozilla_home_t;
-	')
-
-	dontaudit $1 mozilla_home_t:dir manage_dir_perms;
-	dontaudit $1 mozilla_home_t:file manage_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute mozilla home directory content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mozilla_execute_user_home_files',`
-	gen_require(`
-		type mozilla_home_t;
-	')
-
-	can_exec($1, mozilla_home_t)
-')
-
-########################################
-## <summary>
-##	Execmod mozilla home directory content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mozilla_execmod_user_home_files',`
-	gen_require(`
-		type mozilla_home_t;
-	')
-
-	allow $1 mozilla_home_t:file execmod;
-')
-
-########################################
-## <summary>
-##	Run mozilla in the mozilla domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`mozilla_domtrans',`
-	gen_require(`
-		type mozilla_t, mozilla_exec_t;
-	')
-
-	domtrans_pattern($1, mozilla_exec_t, mozilla_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run mozilla_plugin.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`mozilla_domtrans_plugin',`
-	gen_require(`
-		type mozilla_plugin_t, mozilla_plugin_exec_t;
-	')
-
-	domtrans_pattern($1, mozilla_plugin_exec_t, mozilla_plugin_t)
-	allow mozilla_plugin_t $1:process signull;	
-')
-
-
-########################################
-## <summary>
-##	Execute mozilla_plugin in the mozilla_plugin domain, and
-##	allow the specified role the mozilla_plugin domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed the mozilla_plugin domain.
-##	</summary>
-## </param>
-#
-interface(`mozilla_run_plugin',`
-	gen_require(`
-		type mozilla_plugin_t;
-	')
-
-	mozilla_domtrans_plugin($1)
-	role $2 types mozilla_plugin_t;
-	allow $1 mozilla_plugin_t:unix_stream_socket connectto;
-')
-
-########################################
-## <summary>
-##	Execute qemu unconfined programs in the role.
-## </summary>
-## <param name="role">
-##	<summary>
-##	The role to allow the mozilla_plugin domain.
-##	</summary>
-## </param>
-#
-interface(`mozilla_role_plugin',`
-	gen_require(`
-		type mozilla_plugin_t;
-	')
-
-	role $1 types mozilla_plugin_t;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	mozilla over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mozilla_dbus_chat',`
-	gen_require(`
-		type mozilla_t;
-		class dbus send_msg;
-	')
-
-	allow $1 mozilla_t:dbus send_msg;
-	allow mozilla_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	read/write mozilla per user tcp_socket
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mozilla_rw_tcp_sockets',`
-	gen_require(`
-		type mozilla_t;
-	')
-
-	allow $1 mozilla_t:tcp_socket rw_socket_perms;
-')
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
deleted file mode 100644
index d4cb9c4..0000000
--- a/policy/modules/apps/mozilla.te
+++ /dev/null
@@ -1,415 +0,0 @@
-policy_module(mozilla, 2.2.2)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Control mozilla content access
-## </p>
-## </desc>
-gen_tunable(mozilla_read_content, false)
-
-type mozilla_t;
-type mozilla_exec_t;
-typealias mozilla_t alias { user_mozilla_t staff_mozilla_t sysadm_mozilla_t };
-typealias mozilla_t alias { auditadm_mozilla_t secadm_mozilla_t };
-application_domain(mozilla_t, mozilla_exec_t)
-ubac_constrained(mozilla_t)
-
-type mozilla_conf_t;
-files_config_file(mozilla_conf_t)
-
-type mozilla_home_t;
-typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
-typealias mozilla_home_t alias { auditadm_mozilla_home_t secadm_mozilla_home_t };
-files_poly_member(mozilla_home_t)
-userdom_user_home_content(mozilla_home_t)
-
-type mozilla_tmpfs_t;
-typealias mozilla_tmpfs_t alias { user_mozilla_tmpfs_t staff_mozilla_tmpfs_t sysadm_mozilla_tmpfs_t };
-typealias mozilla_tmpfs_t alias { auditadm_mozilla_tmpfs_t secadm_mozilla_tmpfs_t };
-files_tmpfs_file(mozilla_tmpfs_t)
-ubac_constrained(mozilla_tmpfs_t)
-
-type mozilla_plugin_t;
-type mozilla_plugin_exec_t;
-application_domain(mozilla_plugin_t, mozilla_plugin_exec_t)
-role system_r types mozilla_plugin_t;
-
-type mozilla_plugin_tmp_t;
-files_tmp_file(mozilla_plugin_tmp_t)
-
-type mozilla_plugin_tmpfs_t;
-files_tmpfs_file(mozilla_plugin_tmpfs_t)
-ubac_constrained(mozilla_plugin_tmpfs_t)
-
-permissive mozilla_plugin_t;
-
-########################################
-#
-# Local policy
-#
-
-allow mozilla_t self:capability { sys_nice setgid setuid };
-allow mozilla_t self:process { sigkill signal setsched getsched setrlimit };
-allow mozilla_t self:fifo_file rw_fifo_file_perms;
-allow mozilla_t self:shm { unix_read unix_write read write destroy create };
-allow mozilla_t self:sem create_sem_perms;
-allow mozilla_t self:socket create_socket_perms;
-allow mozilla_t self:unix_stream_socket { listen accept };
-# Browse the web, connect to printer
-allow mozilla_t self:tcp_socket create_socket_perms;
-allow mozilla_t self:netlink_route_socket r_netlink_socket_perms;
-
-# for bash - old mozilla binary
-can_exec(mozilla_t, mozilla_exec_t)
-
-# X access, Home files
-manage_dirs_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
-manage_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
-manage_lnk_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
-userdom_search_user_home_dirs(mozilla_t)
-userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir)
-
-# Mozpluggerrc
-allow mozilla_t mozilla_conf_t:file read_file_perms;
-
-manage_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
-manage_lnk_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
-manage_fifo_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
-manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
-fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file fifo_file })
-
-kernel_read_kernel_sysctls(mozilla_t)
-kernel_read_network_state(mozilla_t)
-# Access /proc, sysctl
-kernel_read_system_state(mozilla_t)
-kernel_read_net_sysctls(mozilla_t)
-
-# Look for plugins
-corecmd_list_bin(mozilla_t)
-# for bash - old mozilla binary
-corecmd_exec_shell(mozilla_t)
-corecmd_exec_bin(mozilla_t)
-
-# Browse the web, connect to printer
-corenet_all_recvfrom_unlabeled(mozilla_t)
-corenet_all_recvfrom_netlabel(mozilla_t)
-corenet_tcp_sendrecv_generic_if(mozilla_t)
-corenet_raw_sendrecv_generic_if(mozilla_t)
-corenet_tcp_sendrecv_generic_node(mozilla_t)
-corenet_raw_sendrecv_generic_node(mozilla_t)
-corenet_tcp_sendrecv_http_port(mozilla_t)
-corenet_tcp_sendrecv_http_cache_port(mozilla_t)
-corenet_tcp_sendrecv_squid_port(mozilla_t)
-corenet_tcp_connect_flash_port(mozilla_t)
-corenet_tcp_sendrecv_ftp_port(mozilla_t)
-corenet_tcp_sendrecv_ipp_port(mozilla_t)
-corenet_tcp_connect_http_port(mozilla_t)
-corenet_tcp_connect_http_cache_port(mozilla_t)
-corenet_tcp_connect_squid_port(mozilla_t)
-corenet_tcp_connect_ftp_port(mozilla_t)
-corenet_tcp_connect_ipp_port(mozilla_t)
-corenet_tcp_connect_generic_port(mozilla_t)
-corenet_tcp_connect_soundd_port(mozilla_t)
-corenet_sendrecv_http_client_packets(mozilla_t)
-corenet_sendrecv_http_cache_client_packets(mozilla_t)
-corenet_sendrecv_squid_client_packets(mozilla_t)
-corenet_sendrecv_ftp_client_packets(mozilla_t)
-corenet_sendrecv_ipp_client_packets(mozilla_t)
-corenet_sendrecv_generic_client_packets(mozilla_t)
-# Should not need other ports
-corenet_dontaudit_tcp_sendrecv_generic_port(mozilla_t)
-corenet_dontaudit_tcp_bind_generic_port(mozilla_t)
-corenet_tcp_connect_speech_port(mozilla_t)
-
-dev_read_urand(mozilla_t)
-dev_read_rand(mozilla_t)
-dev_write_sound(mozilla_t)
-dev_read_sound(mozilla_t)
-dev_dontaudit_rw_dri(mozilla_t)
-dev_getattr_sysfs_dirs(mozilla_t)
-
-domain_dontaudit_read_all_domains_state(mozilla_t)
-
-files_read_etc_runtime_files(mozilla_t)
-files_read_usr_files(mozilla_t)
-files_read_etc_files(mozilla_t)
-# /var/lib
-files_read_var_lib_files(mozilla_t)
-# interacting with gstreamer
-files_read_var_files(mozilla_t)
-files_read_var_symlinks(mozilla_t)
-files_dontaudit_getattr_boot_dirs(mozilla_t)
-
-fs_search_auto_mountpoints(mozilla_t)
-fs_list_inotifyfs(mozilla_t)
-fs_rw_tmpfs_files(mozilla_t)
-
-term_dontaudit_getattr_pty_dirs(mozilla_t)
-
-logging_send_syslog_msg(mozilla_t)
-
-miscfiles_read_fonts(mozilla_t)
-miscfiles_read_localization(mozilla_t)
-miscfiles_dontaudit_setattr_fonts_dirs(mozilla_t)
-
-# Browse the web, connect to printer
-sysnet_dns_name_resolve(mozilla_t)
-
-userdom_use_user_ptys(mozilla_t)
-
-xserver_user_x_domain_template(mozilla, mozilla_t, mozilla_tmpfs_t)
-xserver_dontaudit_read_xdm_tmp_files(mozilla_t)
-xserver_dontaudit_getattr_xdm_tmp_sockets(mozilla_t)
-
-tunable_policy(`allow_execmem',`
-	allow mozilla_t self:process { execmem execstack };
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(mozilla_t)
-	fs_manage_nfs_files(mozilla_t)
-	fs_manage_nfs_symlinks(mozilla_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(mozilla_t)
-	fs_manage_cifs_files(mozilla_t)
-	fs_manage_cifs_symlinks(mozilla_t)
-')
-
-# Uploads, local html
-tunable_policy(`mozilla_read_content && use_nfs_home_dirs',`
-	fs_list_auto_mountpoints(mozilla_t)
-	files_list_home(mozilla_t)
-	fs_read_nfs_files(mozilla_t)
-	fs_read_nfs_symlinks(mozilla_t)
-
-',`
-	files_dontaudit_list_home(mozilla_t)
-	fs_dontaudit_list_auto_mountpoints(mozilla_t)
-	fs_dontaudit_read_nfs_files(mozilla_t)
-	fs_dontaudit_list_nfs(mozilla_t)
-')
-
-tunable_policy(`mozilla_read_content && use_samba_home_dirs',`
-	fs_list_auto_mountpoints(mozilla_t)
-	files_list_home(mozilla_t)
-	fs_read_cifs_files(mozilla_t)
-	fs_read_cifs_symlinks(mozilla_t)
-',`
-	files_dontaudit_list_home(mozilla_t)
-	fs_dontaudit_list_auto_mountpoints(mozilla_t)
-	fs_dontaudit_read_cifs_files(mozilla_t)
-	fs_dontaudit_list_cifs(mozilla_t)
-')
-
-tunable_policy(`mozilla_read_content',`
-	userdom_list_user_tmp(mozilla_t)
-	userdom_read_user_tmp_files(mozilla_t)
-	userdom_read_user_tmp_symlinks(mozilla_t)
-	userdom_read_user_home_content_files(mozilla_t)
-	userdom_read_user_home_content_symlinks(mozilla_t)
-
-	ifdef(`enable_mls',`',`
-		fs_search_removable(mozilla_t)
-		fs_read_removable_files(mozilla_t)
-		fs_read_removable_symlinks(mozilla_t)
-	')
-',`
-	files_dontaudit_list_tmp(mozilla_t)
-	files_dontaudit_list_home(mozilla_t)
-	fs_dontaudit_list_removable(mozilla_t)
-	fs_dontaudit_read_removable_files(mozilla_t)
-	userdom_dontaudit_list_user_tmp(mozilla_t)
-	userdom_dontaudit_read_user_tmp_files(mozilla_t)
-	userdom_dontaudit_list_user_home_dirs(mozilla_t)
-	userdom_dontaudit_read_user_home_content_files(mozilla_t)
-')
-
-optional_policy(`
-	apache_read_user_scripts(mozilla_t)
-	apache_read_user_content(mozilla_t)
-')
-
-optional_policy(`
-	automount_dontaudit_getattr_tmp_dirs(mozilla_t)
-')
-
-optional_policy(`
-	cups_read_rw_config(mozilla_t)
-	cups_dbus_chat(mozilla_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(mozilla_t)
-	dbus_session_bus_client(mozilla_t)
-
-	optional_policy(`
-		networkmanager_dbus_chat(mozilla_t)
-	')
-')
-
-optional_policy(`
-	gnome_stream_connect_gconf(mozilla_t)
-	gnome_manage_config(mozilla_t)
-	gnome_manage_gconf_home_files(mozilla_t)
-')
-
-optional_policy(`
-	java_domtrans(mozilla_t)
-')
-
-optional_policy(`
-	lpd_domtrans_lpr(mozilla_t)
-')
-
-optional_policy(`
-	mplayer_domtrans(mozilla_t)
-	mplayer_read_user_home_files(mozilla_t)
-')
-
-optional_policy(`
-	nscd_socket_use(mozilla_t)
-')
-
-optional_policy(`
-	nsplugin_manage_rw(mozilla_t)
-	nsplugin_manage_home_files(mozilla_t)
-')
-
-optional_policy(`
-	pulseaudio_exec(mozilla_t)
-	pulseaudio_stream_connect(mozilla_t)
-	pulseaudio_manage_home_files(mozilla_t)
-')
-
-optional_policy(`
-	thunderbird_domtrans(mozilla_t)
-')
-
-########################################
-#
-# mozilla_plugin local policy
-#
-allow mozilla_plugin_t self:process { setsched signal_perms execmem };
-allow mozilla_plugin_t self:netlink_route_socket r_netlink_socket_perms;
-allow mozilla_plugin_t self:tcp_socket create_socket_perms;
-allow mozilla_plugin_t self:udp_socket create_socket_perms;
-
-allow mozilla_plugin_t self:sem create_sem_perms;
-allow mozilla_plugin_t self:shm create_shm_perms;
-allow mozilla_plugin_t self:fifo_file manage_fifo_file_perms;
-allow mozilla_plugin_t self:unix_stream_socket { connectto create_stream_socket_perms };
-
-can_exec(mozilla_plugin_t, mozilla_home_t)
-read_files_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)
-
-manage_dirs_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
-manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
-files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file })
-can_exec(mozilla_plugin_t, mozilla_plugin_tmp_t)
-
-manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
-manage_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
-manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
-manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
-fs_tmpfs_filetrans(mozilla_plugin_t, mozilla_plugin_tmpfs_t, { file lnk_file sock_file fifo_file })
-
-can_exec(mozilla_plugin_t, mozilla_exec_t)
-
-kernel_read_kernel_sysctls(mozilla_plugin_t)
-kernel_read_system_state(mozilla_plugin_t)
-kernel_request_load_module(mozilla_plugin_t)
-
-corecmd_exec_bin(mozilla_plugin_t)
-corecmd_exec_shell(mozilla_plugin_t)
-
-corenet_tcp_connect_flash_port(mozilla_plugin_t)
-corenet_tcp_connect_streaming_port(mozilla_plugin_t)
-corenet_tcp_connect_pulseaudio_port(mozilla_plugin_t)
-corenet_tcp_connect_http_port(mozilla_plugin_t)
-corenet_tcp_connect_http_cache_port(mozilla_plugin_t)
-corenet_tcp_connect_squid_port(mozilla_plugin_t)
-corenet_tcp_connect_ipp_port(mozilla_plugin_t)
-corenet_tcp_connect_speech_port(mozilla_plugin_t)
-
-dev_read_urand(mozilla_plugin_t)
-dev_read_video_dev(mozilla_plugin_t)
-dev_write_video_dev(mozilla_plugin_t)
-dev_read_sysfs(mozilla_plugin_t)
-dev_read_sound(mozilla_plugin_t)
-dev_write_sound(mozilla_plugin_t)
-dev_dontaudit_rw_dri(mozilla_plugin_t)
-
-domain_use_interactive_fds(mozilla_plugin_t)
-domain_dontaudit_read_all_domains_state(mozilla_plugin_t)
-
-files_read_config_files(mozilla_plugin_t)
-files_read_usr_files(mozilla_plugin_t)
-
-fs_getattr_tmpfs(mozilla_plugin_t)
-
-miscfiles_read_localization(mozilla_plugin_t)
-miscfiles_read_fonts(mozilla_plugin_t)
-
-sysnet_dns_name_resolve(mozilla_plugin_t)
-
-term_getattr_all_ttys(mozilla_plugin_t)
-term_getattr_all_ptys(mozilla_plugin_t)
-
-userdom_rw_user_tmpfs_files(mozilla_plugin_t)
-userdom_delete_user_tmpfs_files(mozilla_plugin_t)
-userdom_stream_connect(mozilla_plugin_t)
-userdom_dontaudit_use_user_ptys(mozilla_plugin_t)
-userdom_manage_user_tmp_sockets(mozilla_plugin_t)
-
-userdom_list_user_tmp(mozilla_plugin_t)
-userdom_manage_user_tmp_dirs(mozilla_plugin_t)
-userdom_read_user_tmp_files(mozilla_plugin_t)
-userdom_read_user_tmp_symlinks(mozilla_plugin_t)
-userdom_read_user_home_content_files(mozilla_plugin_t)
-userdom_read_user_home_content_files(mozilla_plugin_t)
-userdom_read_user_home_content_symlinks(mozilla_plugin_t)
-
-optional_policy(`
-	alsa_read_rw_config(mozilla_plugin_t)
-	alsa_read_home_files(mozilla_plugin_t)
-')
-
-optional_policy(`
-	dbus_session_bus_client(mozilla_plugin_t)
-	dbus_read_lib_files(mozilla_plugin_t)
-')
-
-optional_policy(`
-	gnome_manage_config(mozilla_plugin_t)
-	gnome_setattr_home_config(mozilla_plugin_t)
-')
-
-optional_policy(`
-	nsplugin_domtrans(mozilla_plugin_t)
-	nsplugin_rw_exec(mozilla_plugin_t)
-	nsplugin_manage_home_dirs(mozilla_plugin_t)
-	nsplugin_manage_home_files(mozilla_plugin_t)
-	nsplugin_user_home_dir_filetrans(mozilla_plugin_t, dir)
-	nsplugin_signal(mozilla_plugin_t)
-')
-
-optional_policy(`
-	pulseaudio_exec(mozilla_plugin_t)
-	pulseaudio_stream_connect(mozilla_plugin_t)
-	pulseaudio_setattr_home_dir(mozilla_plugin_t)
-	pulseaudio_manage_home_files(mozilla_plugin_t)
-')
-
-optional_policy(`
-	xserver_read_xdm_pid(mozilla_plugin_t)
-	xserver_stream_connect(mozilla_plugin_t)
-	xserver_use_user_fonts(mozilla_plugin_t)
-	xserver_read_user_iceauth(mozilla_plugin_t)
-')
diff --git a/policy/modules/apps/mplayer.fc b/policy/modules/apps/mplayer.fc
deleted file mode 100644
index 5a37c50..0000000
--- a/policy/modules/apps/mplayer.fc
+++ /dev/null
@@ -1,14 +0,0 @@
-#
-# /etc
-#
-/etc/mplayer(/.*)?		gen_context(system_u:object_r:mplayer_etc_t,s0)
-
-#
-# /usr
-#
-/usr/bin/mplayer	--	gen_context(system_u:object_r:mplayer_exec_t,s0)
-/usr/bin/mencoder	--	gen_context(system_u:object_r:mencoder_exec_t,s0)
-/usr/bin/vlc		--	gen_context(system_u:object_r:mplayer_exec_t,s0)
-/usr/bin/xine		--	gen_context(system_u:object_r:mplayer_exec_t,s0)
-
-HOME_DIR/\.mplayer(/.*)?	gen_context(system_u:object_r:mplayer_home_t,s0)
diff --git a/policy/modules/apps/mplayer.if b/policy/modules/apps/mplayer.if
deleted file mode 100644
index 8bdc526..0000000
--- a/policy/modules/apps/mplayer.if
+++ /dev/null
@@ -1,140 +0,0 @@
-## <summary>Mplayer media player and encoder</summary>
-
-########################################
-## <summary>
-##	Role access for mplayer
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`mplayer_role',`
-	gen_require(`
-		type mencoder_t, mencoder_exec_t;
-		type mplayer_t, mplayer_exec_t;
-		type mplayer_home_t;
-	')
-
-	role $1 types { mencoder_t mplayer_t };
-
-	# domain transition
-	domtrans_pattern($2, mencoder_exec_t, mencoder_t)
-
-	# Allow the user domain to signal/ps.
-	ps_process_pattern($2, mencoder_t)
-	allow $2 mencoder_t:process signal_perms;
-
-	# Home access
-	manage_dirs_pattern($2, mplayer_home_t, mplayer_home_t)
-	manage_files_pattern($2, mplayer_home_t, mplayer_home_t)
-	manage_lnk_files_pattern($2, mplayer_home_t, mplayer_home_t)
-	relabel_dirs_pattern($2, mplayer_home_t, mplayer_home_t)
-	relabel_files_pattern($2, mplayer_home_t, mplayer_home_t)
-	relabel_lnk_files_pattern($2, mplayer_home_t, mplayer_home_t)
-
-	# domain transition
-	domtrans_pattern($2, mplayer_exec_t, mplayer_t)
-
-	# Allow the user domain to signal/ps.
-	ps_process_pattern($2, mplayer_t)
-	allow $2 mplayer_t:process signal_perms;
-')
-
-########################################
-## <summary>
-##	Run mplayer in mplayer domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`mplayer_domtrans',`
-	gen_require(`
-		type mplayer_t, mplayer_exec_t;
-	')
-
-	domtrans_pattern($1, mplayer_exec_t, mplayer_t)
-')
-
-########################################
-## <summary>
-##	Execute mplayer in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-#
-interface(`mplayer_exec',`
-	gen_require(`
-		type mplayer_exec_t;
-	')
-
-	can_exec($1, mplayer_exec_t)
-')
-
-########################################
-## <summary>
-##	Read mplayer per user homedir
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mplayer_read_user_home_files',`
-	gen_require(`
-		type mplayer_home_t;
-	')
-
-	read_files_pattern($1, mplayer_home_t, mplayer_home_t)
-	userdom_search_user_home_dirs($1)
-')
-
-########################################
-## <summary>
-##	Execute mplayer_exec_t 
-##	in the specified domain.
-## </summary>
-## <desc>
-##	<p>
-##	Execute a mplayer_exec_t
-##	in the specified domain.  
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the new process.
-##	</summary>
-## </param>
-#
-interface(`mplayer_exec_domtrans',`
-	gen_require(`
-		type mplayer_exec_t;
-	')
-
-	allow $2 mplayer_exec_t:file entrypoint;
-	domtrans_pattern($1, mplayer_exec_t, $2)
-')
diff --git a/policy/modules/apps/mplayer.te b/policy/modules/apps/mplayer.te
deleted file mode 100644
index 192d54e..0000000
--- a/policy/modules/apps/mplayer.te
+++ /dev/null
@@ -1,319 +0,0 @@
-policy_module(mplayer, 2.1.2)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Allow mplayer executable stack
-## </p>
-## </desc>
-gen_tunable(allow_mplayer_execstack, false)
-
-type mencoder_t;
-type mencoder_exec_t;
-typealias mencoder_t alias { user_mencoder_t staff_mencoder_t sysadm_mencoder_t };
-typealias mencoder_t alias { auditadm_mencoder_t secadm_mencoder_t };
-application_domain(mencoder_t, mencoder_exec_t)
-ubac_constrained(mencoder_t)
-
-type mplayer_t;
-type mplayer_exec_t;
-typealias mplayer_t alias { user_mplayer_t staff_mplayer_t sysadm_mplayer_t };
-typealias mplayer_t alias { auditadm_mplayer_t secadm_mplayer_t };
-application_domain(mplayer_t, mplayer_exec_t)
-ubac_constrained(mplayer_t)
-
-type mplayer_etc_t;
-files_config_file(mplayer_etc_t)
-
-type mplayer_home_t;
-typealias mplayer_home_t alias { user_mplayer_home_t staff_mplayer_home_t sysadm_mplayer_home_t };
-typealias mplayer_home_t alias { auditadm_mplayer_home_t secadm_mplayer_home_t };
-files_poly_member(mplayer_home_t)
-userdom_user_home_content(mplayer_home_t)
-
-type mplayer_tmpfs_t;
-typealias mplayer_tmpfs_t alias { user_mplayer_tmpfs_t staff_mplayer_tmpfs_t sysadm_mplayer_tmpfs_t };
-typealias mplayer_tmpfs_t alias { auditadm_mplayer_tmpfs_t secadm_mplayer_tmpfs_t };
-files_tmpfs_file(mplayer_tmpfs_t)
-ubac_constrained(mplayer_tmpfs_t)
-
-########################################
-#
-# mencoder local policy
-#
-
-manage_dirs_pattern(mencoder_t, mplayer_home_t, mplayer_home_t)
-manage_files_pattern(mencoder_t, mplayer_home_t, mplayer_home_t)
-manage_lnk_files_pattern(mencoder_t, mplayer_home_t, mplayer_home_t)
-
-# Read global config
-allow mencoder_t mplayer_etc_t:dir list_dir_perms;
-read_files_pattern(mencoder_t, mplayer_etc_t, mplayer_etc_t)
-read_lnk_files_pattern(mencoder_t, mplayer_etc_t, mplayer_etc_t)
-
-# Read /proc files and directories
-# Necessary for /proc/meminfo, /proc/cpuinfo, etc..
-kernel_read_system_state(mencoder_t)
-# Sysctl on kernel version 
-kernel_read_kernel_sysctls(mencoder_t)
-
-# Required for win32 binary loader 
-dev_rwx_zero(mencoder_t)
-# Access to DVD/CD/V4L
-dev_read_video_dev(mencoder_t)
-
-# Read data in /usr/share (fonts, icons..)
-files_read_usr_files(mencoder_t)
-files_read_usr_symlinks(mencoder_t)
-
-fs_search_auto_mountpoints(mencoder_t)
-
-# Access to DVD/CD/V4L
-storage_raw_read_removable_device(mencoder_t)
-
-miscfiles_read_localization(mencoder_t)
-
-userdom_use_user_terminals(mencoder_t)
-# Handle removable media, /tmp, and /home
-userdom_list_user_tmp(mencoder_t)
-userdom_read_user_tmp_files(mencoder_t)
-userdom_read_user_tmp_symlinks(mencoder_t)
-userdom_read_user_home_content_files(mencoder_t)
-userdom_read_user_home_content_symlinks(mencoder_t)
-
-# Read content to encode
-ifndef(`enable_mls',`
-	fs_search_removable(mencoder_t)
-	fs_read_removable_files(mencoder_t)
-	fs_read_removable_symlinks(mencoder_t)
-')
-
-tunable_policy(`allow_execmem',`
-	allow mencoder_t self:process execmem;
-')
-
-tunable_policy(`allow_execmod',`
-	dev_execmod_zero(mencoder_t)
-')
-
-tunable_policy(`allow_mplayer_execstack',`
-	allow mencoder_t self:process { execmem execstack };
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(mencoder_t)
-	fs_manage_nfs_files(mencoder_t)
-	fs_manage_nfs_symlinks(mencoder_t)
-
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(mencoder_t)
-	fs_manage_cifs_files(mencoder_t)
-	fs_manage_cifs_symlinks(mencoder_t)
-
-')
-
-# Read content to encode
-tunable_policy(`use_nfs_home_dirs',`
-	fs_list_auto_mountpoints(mencoder_t)
-	files_list_home(mencoder_t)
-	fs_read_nfs_files(mencoder_t)
-	fs_read_nfs_symlinks(mencoder_t)
-
-',`
-	files_dontaudit_list_home(mencoder_t)
-	fs_dontaudit_list_auto_mountpoints(mencoder_t)
-	fs_dontaudit_read_nfs_files(mencoder_t)
-	fs_dontaudit_list_nfs(mencoder_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_list_auto_mountpoints(mencoder_t)
-	files_list_home(mencoder_t)
-	fs_read_cifs_files(mencoder_t)
-	fs_read_cifs_symlinks(mencoder_t)
-',`
-	files_dontaudit_list_home(mencoder_t)
-	fs_dontaudit_list_auto_mountpoints(mencoder_t)
-	fs_dontaudit_read_cifs_files(mencoder_t)
-	fs_dontaudit_list_cifs(mencoder_t)
-')
-
-########################################
-#
-# mplayer local policy
-#
-
-allow mplayer_t self:process { signal_perms getsched };
-allow mplayer_t self:fifo_file rw_fifo_file_perms;
-allow mplayer_t self:sem create_sem_perms;
-allow mplayer_t self:netlink_route_socket create_netlink_socket_perms;
-allow mplayer_t self:tcp_socket create_socket_perms;
-allow mplayer_t self:unix_dgram_socket sendto;
-
-manage_dirs_pattern(mplayer_t, mplayer_home_t, mplayer_home_t)
-manage_files_pattern(mplayer_t, mplayer_home_t, mplayer_home_t)
-manage_lnk_files_pattern(mplayer_t, mplayer_home_t, mplayer_home_t)
-userdom_user_home_dir_filetrans(mplayer_t, mplayer_home_t, dir)
-userdom_search_user_home_dirs(mplayer_t)
-
-manage_files_pattern(mplayer_t, mplayer_tmpfs_t, mplayer_tmpfs_t)
-manage_lnk_files_pattern(mplayer_t, mplayer_tmpfs_t, mplayer_tmpfs_t)
-manage_fifo_files_pattern(mplayer_t, mplayer_tmpfs_t, mplayer_tmpfs_t)
-manage_sock_files_pattern(mplayer_t, mplayer_tmpfs_t, mplayer_tmpfs_t)
-fs_tmpfs_filetrans(mplayer_t, mplayer_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
-
-# Read global config
-allow mplayer_t mplayer_etc_t:dir list_dir_perms;
-read_files_pattern(mplayer_t, mplayer_etc_t, mplayer_etc_t)
-read_lnk_files_pattern(mplayer_t, mplayer_etc_t, mplayer_etc_t)
-
-kernel_dontaudit_list_unlabeled(mplayer_t)
-kernel_dontaudit_getattr_unlabeled_files(mplayer_t)
-kernel_dontaudit_read_unlabeled_files(mplayer_t)
-# Necessary for /proc/meminfo, /proc/cpuinfo, etc..
-kernel_read_system_state(mplayer_t)
-# Sysctl on kernel version 
-kernel_read_kernel_sysctls(mplayer_t)
-
-corenet_all_recvfrom_netlabel(mplayer_t)
-corenet_all_recvfrom_unlabeled(mplayer_t)
-corenet_tcp_sendrecv_generic_if(mplayer_t)
-corenet_tcp_sendrecv_generic_node(mplayer_t)
-corenet_tcp_bind_generic_node(mplayer_t)
-corenet_tcp_connect_pulseaudio_port(mplayer_t)
-corenet_sendrecv_pulseaudio_client_packets(mplayer_t)
-
-# Run bash/sed (??) 
-corecmd_exec_bin(mplayer_t)
-corecmd_exec_shell(mplayer_t)
-
-dev_read_rand(mplayer_t)
-dev_read_urand(mplayer_t)
-# Required for win32 binary loader 
-dev_rwx_zero(mplayer_t)
-# Access to DVD/CD/V4L
-dev_read_video_dev(mplayer_t)
-# Audio, alsa.conf
-dev_read_sound_mixer(mplayer_t)
-dev_write_sound_mixer(mplayer_t)
-# RTC clock 
-dev_read_realtime_clock(mplayer_t)
-
-# Access to DVD/CD/V4L
-storage_raw_read_removable_device(mplayer_t)
-
-files_read_etc_files(mplayer_t)
-files_dontaudit_list_non_security(mplayer_t)
-files_dontaudit_getattr_non_security_files(mplayer_t)
-files_read_non_security_files(mplayer_t)
-# Unfortunately the ancient file dialog starts in /
-files_list_home(mplayer_t)
-# Read /etc/mtab
-files_read_etc_runtime_files(mplayer_t)
-# Read data in /usr/share (fonts, icons..)
-files_read_usr_files(mplayer_t)
-files_read_usr_symlinks(mplayer_t)
-
-fs_dontaudit_getattr_all_fs(mplayer_t)
-fs_search_auto_mountpoints(mplayer_t)
-fs_list_inotifyfs(mplayer_t)
-
-logging_send_syslog_msg(mplayer_t)
-
-miscfiles_read_localization(mplayer_t)
-miscfiles_read_fonts(mplayer_t)
-
-userdom_use_user_terminals(mplayer_t)
-# Read media files
-userdom_list_user_tmp(mplayer_t)
-userdom_read_user_tmp_files(mplayer_t)
-userdom_read_user_tmp_symlinks(mplayer_t)
-userdom_read_user_home_content_files(mplayer_t)
-userdom_read_user_home_content_symlinks(mplayer_t)
-userdom_write_user_tmp_sockets(mplayer_t)
-
-xserver_user_x_domain_template(mplayer, mplayer_t, mplayer_tmpfs_t)
-
-# Read songs
-ifdef(`enable_mls',`',`
-	fs_search_removable(mplayer_t)
-	fs_read_removable_files(mplayer_t)
-	fs_read_removable_symlinks(mplayer_t)
-')
-
-tunable_policy(`allow_execmem',`
-	allow mplayer_t self:process execmem;
-')
-
-tunable_policy(`allow_execmod',`
-	dev_execmod_zero(mplayer_t)
-')
-
-tunable_policy(`allow_mplayer_execstack',`
-	allow mplayer_t self:process { execmem execstack };
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(mplayer_t)
-	fs_manage_nfs_files(mplayer_t)
-	fs_manage_nfs_symlinks(mplayer_t)
-')
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(mplayer_t)
-	fs_manage_cifs_files(mplayer_t)
-	fs_manage_cifs_symlinks(mplayer_t)
-')
-
-# Legacy domain issues
-tunable_policy(`allow_mplayer_execstack',`
-	allow mplayer_t mplayer_tmpfs_t:file execute;
-')
-
-# Read songs
-tunable_policy(`use_nfs_home_dirs',`
-	fs_list_auto_mountpoints(mplayer_t)
-	files_list_home(mplayer_t)
-	fs_read_nfs_files(mplayer_t)
-	fs_read_nfs_symlinks(mplayer_t)
-
-',`
-	files_dontaudit_list_home(mplayer_t)
-	fs_dontaudit_list_auto_mountpoints(mplayer_t)
-	fs_dontaudit_read_nfs_files(mplayer_t)
-	fs_dontaudit_list_nfs(mplayer_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_list_auto_mountpoints(mplayer_t)
-	files_list_home(mplayer_t)
-	fs_read_cifs_files(mplayer_t)
-	fs_read_cifs_symlinks(mplayer_t)
-',`
-	files_dontaudit_list_home(mplayer_t)
-	fs_dontaudit_list_auto_mountpoints(mplayer_t)
-	fs_dontaudit_read_cifs_files(mplayer_t)
-	fs_dontaudit_list_cifs(mplayer_t)
-')
-
-optional_policy(`
-	alsa_read_rw_config(mplayer_t)
-')
-
-optional_policy(`
-	gnome_setattr_config_dirs(mplayer_t)
-')
-
-optional_policy(`
-	nscd_socket_use(mplayer_t)
-')
-
-optional_policy(`
-	pulseaudio_exec(mplayer_t)
-	pulseaudio_stream_connect(mplayer_t)
-')
diff --git a/policy/modules/apps/nsplugin.fc b/policy/modules/apps/nsplugin.fc
deleted file mode 100644
index 717eb3f..0000000
--- a/policy/modules/apps/nsplugin.fc
+++ /dev/null
@@ -1,11 +0,0 @@
-HOME_DIR/\.adobe(/.*)?			gen_context(system_u:object_r:nsplugin_home_t,s0)
-HOME_DIR/\.macromedia(/.*)?		gen_context(system_u:object_r:nsplugin_home_t,s0)
-HOME_DIR/\.gnash(/.*)?			gen_context(system_u:object_r:nsplugin_home_t,s0)
-HOME_DIR/\.gcjwebplugin(/.*)?		gen_context(system_u:object_r:nsplugin_home_t,s0)
-HOME_DIR/\.icedteaplugin(/.*)?		gen_context(system_u:object_r:nsplugin_home_t,s0)
-
-/usr/bin/nspluginscan	--	gen_context(system_u:object_r:nsplugin_exec_t,s0)
-/usr/bin/nspluginviewer	--	gen_context(system_u:object_r:nsplugin_exec_t,s0)
-/usr/lib(64)?/nspluginwrapper/npviewer.bin	--	gen_context(system_u:object_r:nsplugin_exec_t,s0)
-/usr/lib(64)?/nspluginwrapper/plugin-config	--	gen_context(system_u:object_r:nsplugin_config_exec_t,s0)
-/usr/lib(64)?/mozilla/plugins-wrapped(/.*)?			gen_context(system_u:object_r:nsplugin_rw_t,s0)
diff --git a/policy/modules/apps/nsplugin.if b/policy/modules/apps/nsplugin.if
deleted file mode 100644
index 4dbb161..0000000
--- a/policy/modules/apps/nsplugin.if
+++ /dev/null
@@ -1,436 +0,0 @@
-
-## <summary>policy for nsplugin</summary>
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	nsplugin rw files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_manage_rw_files',`
-	gen_require(`
-		type nsplugin_rw_t;
-	')
-
-	allow $1 nsplugin_rw_t:file manage_file_perms;
-	allow $1 nsplugin_rw_t:dir rw_dir_perms;
-')
-
-########################################
-## <summary>
-##	Manage nsplugin rw files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_manage_rw',`
-	gen_require(`
-		type nsplugin_rw_t;
-	')
-
-         manage_dirs_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
-         manage_files_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
-         manage_lnk_files_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
-')
-
-#######################################
-## <summary>
-##	The per role template for the nsplugin module.
-## </summary>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_role_notrans',`
-	gen_require(`
-		type nsplugin_rw_t;
-		type nsplugin_home_t;
-		type nsplugin_exec_t;
-		type nsplugin_config_exec_t;
-		type nsplugin_t;
-		type nsplugin_config_t;
-		class x_drawable all_x_drawable_perms;
-		class x_resource all_x_resource_perms;
-		class dbus send_msg;
-	')
-
-	role $1 types nsplugin_t;
-	role $1 types nsplugin_config_t;
-
-	allow nsplugin_t $2:process signull;
-	allow nsplugin_t $2:dbus send_msg;
-	allow $2 nsplugin_t:dbus send_msg;
-
-	list_dirs_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
-	read_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
-	read_lnk_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
-	can_exec($2, nsplugin_rw_t)
-
-	#Leaked File Descriptors
-ifdef(`hide_broken_symptoms', `
-	dontaudit nsplugin_t $2:socket_class_set { read write };
-	dontaudit nsplugin_t $2:fifo_file rw_inherited_fifo_file_perms;
-	dontaudit nsplugin_config_t $2:socket_class_set { read write };
-	dontaudit nsplugin_config_t $2:fifo_file rw_inherited_fifo_file_perms;
-')
-	allow nsplugin_t $2:unix_stream_socket connectto;
-	dontaudit nsplugin_t $2:process ptrace;
-	allow nsplugin_t $2:sem rw_sem_perms;
-	allow nsplugin_t $2:shm rw_shm_perms;
-	dontaudit nsplugin_t $2:shm destroy;
-	allow $2 nsplugin_t:sem rw_sem_perms;
-
-	allow $2 nsplugin_t:process { getattr ptrace signal_perms };
-	allow $2 nsplugin_t:unix_stream_socket connectto;
-
-	# Connect to pulseaudit server
-	stream_connect_pattern(nsplugin_t, user_home_t, user_home_t, $2)
-	gnome_stream_connect(nsplugin_t, $2)
-
-	userdom_use_user_terminals(nsplugin_t)
-	userdom_use_user_terminals(nsplugin_config_t)
-	userdom_dontaudit_setattr_user_home_content_files(nsplugin_t)
-	userdom_manage_tmpfs_role($1, nsplugin_t)
-
-	optional_policy(`
-		pulseaudio_role($1, nsplugin_t)
-	')
-')
-
-#######################################
-## <summary>
-##	Role access for nsplugin
-## </summary>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_role',`
-	gen_require(`
-		type nsplugin_exec_t;
-		type nsplugin_config_exec_t;
-		type nsplugin_t;
-		type nsplugin_config_t;
-	')
-
-	nsplugin_role_notrans($1, $2)
-
-	domtrans_pattern($2, nsplugin_exec_t, nsplugin_t)
-	domtrans_pattern($2, nsplugin_config_exec_t, nsplugin_config_t)
-
-')
-
-#######################################
-## <summary>
-##	The per role template for the nsplugin module.
-## </summary>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_domtrans',`
-	gen_require(`
-		type nsplugin_exec_t;
-		type nsplugin_t;
-	')
-
-	domtrans_pattern($1, nsplugin_exec_t, nsplugin_t)
-	allow $1 nsplugin_t:unix_stream_socket connectto;
-	allow nsplugin_t $1:process signal;
-')
-
-#######################################
-## <summary>
-##	The per role template for the nsplugin module.
-## </summary>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_domtrans_config',`
-	gen_require(`
-		type nsplugin_config_exec_t;
-		type nsplugin_config_t;
-	')
-
-	domtrans_pattern($1, nsplugin_config_exec_t, nsplugin_config_t)
-')
-
-########################################
-## <summary>
-##	Search nsplugin rw directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_search_rw_dir',`
-	gen_require(`
-		type nsplugin_rw_t;
-	')
-
-	allow $1 nsplugin_rw_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read nsplugin rw files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_read_rw_files',`
-	gen_require(`
-		type nsplugin_rw_t;
-	')
-
-	list_dirs_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
-	read_files_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
-	read_lnk_files_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
-')
-
-########################################
-## <summary>
-##	Read nsplugin home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_read_home',`
-	gen_require(`
-		type nsplugin_home_t;
-	')
-
-	list_dirs_pattern($1, nsplugin_home_t, nsplugin_home_t)
-	read_files_pattern($1, nsplugin_home_t, nsplugin_home_t)
-	read_lnk_files_pattern($1, nsplugin_home_t, nsplugin_home_t)
-')
-
-########################################
-## <summary>
-##	Exec nsplugin rw files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_rw_exec',`
-	gen_require(`
-		type nsplugin_rw_t;
-	')
-
-	can_exec($1, nsplugin_rw_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	nsplugin home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_manage_home_files',`
-	gen_require(`
-		type nsplugin_home_t;
-	')
-
-	manage_files_pattern($1, nsplugin_home_t, nsplugin_home_t)
-')
-
-########################################
-## <summary>
-##	manage nnsplugin home dirs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_manage_home_dirs',`
-	gen_require(`
-		type nsplugin_home_t;
-	')
-
-	manage_dirs_pattern($1, nsplugin_home_t, nsplugin_home_t)
-')
-
-########################################
-## <summary>
-##	Allow attempts to read and write to
-##	nsplugin named pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_rw_pipes',`
-	gen_require(`
-		type nsplugin_home_t;
-	')
-
-	allow $1 nsplugin_home_t:fifo_file rw_fifo_file_perms; 
-')
-
-########################################
-## <summary>
-##	Read and write to nsplugin shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_rw_shm',`
-	gen_require(`
-		type nsplugin_t;
-	')
-
-	allow $1 nsplugin_t:shm rw_shm_perms;
-')
-
-#####################################
-## <summary>
-##      Allow read and write access to nsplugin semaphores.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`nsplugin_rw_semaphores',`
-        gen_require(`
-                type nsplugin_t;
-        ')
-
-        allow $1 nsplugin_t:sem rw_sem_perms;
-')
-
-########################################
-## <summary>
-##	Execute nsplugin_exec_t 
-##	in the specified domain.
-## </summary>
-## <desc>
-##	<p>
-##	Execute a nsplugin_exec_t
-##	in the specified domain.  
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the new process.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_exec_domtrans',`
-	gen_require(`
-		type nsplugin_exec_t;
-	')
-
-	allow $2 nsplugin_exec_t:file entrypoint;
-	domtrans_pattern($1, nsplugin_exec_t, $2)
-')
-
-########################################
-## <summary>
-##	Send generic signals to user nsplugin processes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_signal',`
-	gen_require(`
-		type nsplugin_t;
-	')
-
-	allow $1 nsplugin_t:process signal;
-')
-
-########################################
-## <summary>
-##	Create objects in a user home directory
-##	with an automatic type transition to
-##	the nsplugin home file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The class of the object to be created.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_user_home_dir_filetrans',`
-	gen_require(`
-		type nsplugin_home_t;
-	')
-
-	userdom_user_home_content_filetrans($1, nsplugin_home_t,  $2)
-')
diff --git a/policy/modules/apps/nsplugin.te b/policy/modules/apps/nsplugin.te
deleted file mode 100644
index 1ca0e76..0000000
--- a/policy/modules/apps/nsplugin.te
+++ /dev/null
@@ -1,313 +0,0 @@
-policy_module(nsplugin, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Allow nsplugin code to execmem/execstack
-## </p>
-## </desc>
-gen_tunable(allow_nsplugin_execmem, false)
-
-## <desc>
-## <p>
-## Allow nsplugin code to connect to unreserved ports
-## </p>
-## </desc>
-gen_tunable(nsplugin_can_network, true)
-
-type nsplugin_exec_t;
-application_executable_file(nsplugin_exec_t)
-
-type nsplugin_config_exec_t;
-application_executable_file(nsplugin_config_exec_t)
-
-type nsplugin_rw_t;
-files_poly_member(nsplugin_rw_t)
-files_type(nsplugin_rw_t)
-
-type nsplugin_tmp_t;
-files_tmp_file(nsplugin_tmp_t)
-
-type nsplugin_home_t;
-files_poly_member(nsplugin_home_t)
-userdom_user_home_content(nsplugin_home_t)
-typealias nsplugin_home_t alias user_nsplugin_home_t;
-
-type nsplugin_t;
-domain_type(nsplugin_t)
-domain_entry_file(nsplugin_t, nsplugin_exec_t)
-
-type nsplugin_config_t;
-domain_type(nsplugin_config_t)
-domain_entry_file(nsplugin_config_t, nsplugin_config_exec_t)
-
-application_executable_file(nsplugin_exec_t)
-application_executable_file(nsplugin_config_exec_t)
-
-
-########################################
-#
-# nsplugin local policy
-#
-dontaudit nsplugin_t self:capability { sys_nice sys_tty_config };
-allow nsplugin_t self:fifo_file rw_file_perms;
-allow nsplugin_t self:process { ptrace setpgid getsched setsched signal_perms };
-
-allow nsplugin_t self:sem create_sem_perms;
-allow nsplugin_t self:shm create_shm_perms;
-allow nsplugin_t self:msgq create_msgq_perms;
-allow nsplugin_t self:unix_stream_socket { connectto create_stream_socket_perms };
-allow nsplugin_t self:unix_dgram_socket { sendto create_socket_perms };
-allow nsplugin_t nsplugin_rw_t:dir list_dir_perms;
-read_lnk_files_pattern(nsplugin_t, nsplugin_rw_t, nsplugin_rw_t)
-read_files_pattern(nsplugin_t, nsplugin_rw_t, nsplugin_rw_t)
-
-tunable_policy(`allow_nsplugin_execmem',`
-	allow nsplugin_t self:process { execstack execmem };
-	allow nsplugin_config_t self:process { execstack execmem };
-')
-	
-tunable_policy(`nsplugin_can_network',`
-	corenet_tcp_connect_all_unreserved_ports(nsplugin_t)
-')
-
-manage_dirs_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-exec_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-manage_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-manage_fifo_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-manage_sock_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-manage_lnk_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-userdom_user_home_dir_filetrans(nsplugin_t, nsplugin_home_t, {file dir})
-userdom_user_home_content_filetrans(nsplugin_t, nsplugin_home_t, {file dir})
-userdom_dontaudit_getattr_user_home_content(nsplugin_t)
-userdom_dontaudit_search_user_bin_dirs(nsplugin_t)
-userdom_dontaudit_write_user_home_content_files(nsplugin_t)
-userdom_dontaudit_search_admin_dir(nsplugin_t)
-
-corecmd_exec_bin(nsplugin_t)
-corecmd_exec_shell(nsplugin_t)
-
-corenet_all_recvfrom_unlabeled(nsplugin_t)
-corenet_all_recvfrom_netlabel(nsplugin_t)
-corenet_tcp_connect_flash_port(nsplugin_t)
-corenet_tcp_connect_streaming_port(nsplugin_t)
-corenet_tcp_connect_pulseaudio_port(nsplugin_t)
-corenet_tcp_connect_http_port(nsplugin_t)
-corenet_tcp_connect_http_cache_port(nsplugin_t)
-corenet_tcp_connect_squid_port(nsplugin_t)
-corenet_tcp_sendrecv_generic_if(nsplugin_t)
-corenet_tcp_sendrecv_generic_node(nsplugin_t)
-corenet_tcp_connect_ipp_port(nsplugin_t)
-corenet_tcp_connect_speech_port(nsplugin_t)
-
-domain_dontaudit_read_all_domains_state(nsplugin_t)
-
-dev_read_rand(nsplugin_t)
-dev_read_sound(nsplugin_t)
-dev_write_sound(nsplugin_t)
-dev_read_video_dev(nsplugin_t)
-dev_write_video_dev(nsplugin_t)
-dev_getattr_dri_dev(nsplugin_t)
-dev_rwx_zero(nsplugin_t)
-dev_search_sysfs(nsplugin_t)
-
-kernel_read_kernel_sysctls(nsplugin_t)
-kernel_read_system_state(nsplugin_t)
-
-files_dontaudit_getattr_lost_found_dirs(nsplugin_t)
-files_dontaudit_list_home(nsplugin_t)
-files_read_etc_files(nsplugin_t)
-files_read_usr_files(nsplugin_t)
-files_read_config_files(nsplugin_t)
-
-fs_getattr_tmpfs(nsplugin_t)
-fs_getattr_xattr_fs(nsplugin_t)
-fs_search_auto_mountpoints(nsplugin_t)
-fs_rw_anon_inodefs_files(nsplugin_t)
-fs_list_inotifyfs(nsplugin_t)
-fs_dontaudit_list_fusefs(nsplugin_t)
-
-storage_dontaudit_getattr_fixed_disk_dev(nsplugin_t)
-storage_dontaudit_getattr_removable_dev(nsplugin_t)
-
-term_dontaudit_getattr_all_ptys(nsplugin_t)
-term_dontaudit_getattr_all_ttys(nsplugin_t)
-
-auth_use_nsswitch(nsplugin_t)
-
-libs_exec_ld_so(nsplugin_t)
-
-miscfiles_read_localization(nsplugin_t)
-miscfiles_read_fonts(nsplugin_t)
-miscfiles_dontaudit_write_fonts(nsplugin_t)
-miscfiles_setattr_fonts_cache_dirs(nsplugin_t)
-
-userdom_manage_user_tmp_dirs(nsplugin_t)
-userdom_manage_user_tmp_files(nsplugin_t)
-userdom_manage_user_tmp_sockets(nsplugin_t)
-userdom_tmp_filetrans_user_tmp(nsplugin_t, { file dir sock_file })
-userdom_rw_semaphores(nsplugin_t)
-userdom_dontaudit_rw_user_tmp_pipes(nsplugin_t)
-
-userdom_read_user_home_content_symlinks(nsplugin_t)
-userdom_read_user_home_content_files(nsplugin_t)
-userdom_read_user_tmp_files(nsplugin_t)
-userdom_write_user_tmp_sockets(nsplugin_t)
-userdom_dontaudit_append_user_home_content_files(nsplugin_t)
-
-optional_policy(`
-	alsa_read_rw_config(nsplugin_t)
-	alsa_read_home_files(nsplugin_t)
-')
-
-optional_policy(`
-	cups_stream_connect(nsplugin_t)
-')
-
-optional_policy(`
-	dbus_session_bus_client(nsplugin_t)
-	dbus_connect_session_bus(nsplugin_t)
-	dbus_system_bus_client(nsplugin_t)
-')
-
-optional_policy(`
-	gnome_exec_gconf(nsplugin_t)
-	gnome_manage_config(nsplugin_t)
-	gnome_read_gconf_home_files(nsplugin_t)
-')
-
-optional_policy(`
-	mozilla_execute_user_home_files(nsplugin_t)
-	mozilla_read_user_home_files(nsplugin_t)
-	mozilla_write_user_home_files(nsplugin_t)
-')
-
-optional_policy(`
-	mplayer_exec(nsplugin_t)
-	mplayer_read_user_home_files(nsplugin_t)
-')
-
-optional_policy(`
-	unconfined_execmem_signull(nsplugin_t)
-')
-
-optional_policy(`
-	sandbox_read_tmpfs_files(nsplugin_t)
-')
-
-optional_policy(`
-	gen_require(`
-		type user_tmpfs_t;
-	')
-	xserver_user_x_domain_template(nsplugin, nsplugin_t, user_tmpfs_t)
-	xserver_rw_shm(nsplugin_t)
-	xserver_read_xdm_pid(nsplugin_t)
-	xserver_read_xdm_tmp_files(nsplugin_t)
-	xserver_read_user_xauth(nsplugin_t)
-	xserver_read_user_iceauth(nsplugin_t)
-	xserver_use_user_fonts(nsplugin_t)
-	xserver_rw_inherited_user_fonts(nsplugin_t)
-')
-
-########################################
-#
-# nsplugin_config local policy
-#
-
-allow nsplugin_config_t self:capability { dac_override dac_read_search sys_nice setuid setgid };
-allow nsplugin_config_t self:process { setsched signal_perms getsched execmem };
-#execing pulseaudio
-dontaudit nsplugin_t self:process { getcap setcap };
-
-allow nsplugin_config_t self:fifo_file rw_file_perms;
-allow nsplugin_config_t self:unix_stream_socket create_stream_socket_perms;
-
-dev_dontaudit_read_rand(nsplugin_config_t)
-dev_dontaudit_rw_dri(nsplugin_config_t)
-
-fs_search_auto_mountpoints(nsplugin_config_t)
-fs_list_inotifyfs(nsplugin_config_t)
-
-can_exec(nsplugin_config_t, nsplugin_rw_t)
-manage_dirs_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
-manage_files_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
-manage_lnk_files_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
-
-manage_dirs_pattern(nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
-manage_files_pattern(nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
-manage_lnk_files_pattern(nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
-
-corecmd_exec_bin(nsplugin_config_t)
-corecmd_exec_shell(nsplugin_config_t)
-
-kernel_read_system_state(nsplugin_config_t)
-kernel_request_load_module(nsplugin_config_t)
-
-files_read_etc_files(nsplugin_config_t)
-files_read_usr_files(nsplugin_config_t)
-files_dontaudit_search_home(nsplugin_config_t)
-files_list_tmp(nsplugin_config_t)
-
-auth_use_nsswitch(nsplugin_config_t)
-
-miscfiles_read_localization(nsplugin_config_t)
-miscfiles_read_fonts(nsplugin_config_t)
-
-userdom_search_user_home_content(nsplugin_config_t)
-userdom_read_user_home_content_symlinks(nsplugin_config_t)
-userdom_read_user_home_content_files(nsplugin_config_t)
-userdom_dontaudit_search_admin_dir(nsplugin_config_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_getattr_nfs(nsplugin_t)
-	fs_manage_nfs_dirs(nsplugin_t)
-	fs_manage_nfs_files(nsplugin_t)
-	fs_read_nfs_symlinks(nsplugin_t)
-	fs_manage_nfs_named_pipes(nsplugin_t)
-	fs_manage_nfs_dirs(nsplugin_config_t)
-	fs_manage_nfs_files(nsplugin_config_t)
-	fs_manage_nfs_named_pipes(nsplugin_config_t)
-	fs_read_nfs_symlinks(nsplugin_config_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_getattr_cifs(nsplugin_t)
-	fs_manage_cifs_dirs(nsplugin_t)
-	fs_manage_cifs_files(nsplugin_t)
-	fs_read_cifs_symlinks(nsplugin_t)
-	fs_manage_cifs_named_pipes(nsplugin_t)
-	fs_manage_cifs_dirs(nsplugin_config_t)
-	fs_manage_cifs_files(nsplugin_config_t)
-	fs_manage_cifs_named_pipes(nsplugin_config_t)
-	fs_read_cifs_symlinks(nsplugin_config_t)
-')
-
-domtrans_pattern(nsplugin_config_t, nsplugin_exec_t, nsplugin_t)
-
-optional_policy(`
-	xserver_use_user_fonts(nsplugin_config_t)
-')
-
-optional_policy(`
-	mozilla_read_user_home_files(nsplugin_config_t)
-	mozilla_write_user_home_files(nsplugin_config_t)
-')
-
-application_signull(nsplugin_t)
-
-optional_policy(`
-	pulseaudio_exec(nsplugin_t)
-	pulseaudio_stream_connect(nsplugin_t)
-	pulseaudio_manage_home_files(nsplugin_t)
-	pulseaudio_setattr_home_dir(nsplugin_t)
-')
-
-optional_policy(`
-	unconfined_execmem_exec(nsplugin_t)
-')
-
-
diff --git a/policy/modules/apps/openoffice.fc b/policy/modules/apps/openoffice.fc
deleted file mode 100644
index 0c53a12..0000000
--- a/policy/modules/apps/openoffice.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
-/usr/lib64/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
-/opt/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
-
diff --git a/policy/modules/apps/openoffice.if b/policy/modules/apps/openoffice.if
deleted file mode 100644
index 6863365..0000000
--- a/policy/modules/apps/openoffice.if
+++ /dev/null
@@ -1,129 +0,0 @@
-## <summary>Openoffice</summary>
-
-#######################################
-## <summary>
-##	The per role template for the openoffice module.
-## </summary>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-interface(`openoffice_plugin_role',`
-	gen_require(`
-		type openoffice_exec_t;
-		type openoffice_t;
-	')
-	
-	########################################
-	#
-	# Local policy
-	#
-
-	domtrans_pattern($1, openoffice_exec_t, openoffice_t)
-	allow $1 openoffice_t:process { signal sigkill };
-')
-
-#######################################
-## <summary>
-##	role for openoffice
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a derived domains which are used
-##	for java applications.
-##	</p>
-## </desc>
-## <param name="role_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-interface(`openoffice_role_template',`
-	gen_require(`
-		type openoffice_exec_t;
-	')
-
-	role $2 types $1_openoffice_t;
-
-	type $1_openoffice_t;
-	domain_type($1_openoffice_t)
-	domain_entry_file($1_openoffice_t, openoffice_exec_t)
-	domain_interactive_fd($1_openoffice_t)
-
-	userdom_unpriv_usertype($1, $1_openoffice_t)
-	userdom_exec_user_home_content_files($1_openoffice_t)
-
-	allow $1_openoffice_t self:process { getsched sigkill execheap execmem execstack };
-
-	allow $3 $1_openoffice_t:process { getattr ptrace signal_perms noatsecure siginh rlimitinh };
-	allow $1_openoffice_t $3:tcp_socket { read write };
-
-	domtrans_pattern($3, openoffice_exec_t, $1_openoffice_t)
-
-	dev_read_urand($1_openoffice_t)
-	dev_read_rand($1_openoffice_t)
-
-	fs_dontaudit_rw_tmpfs_files($1_openoffice_t)
-
-	allow $3 $1_openoffice_t:process { signal sigkill };
-	allow $1_openoffice_t $3:unix_stream_socket connectto;
-
-	optional_policy(`
-		xserver_role($2, $1_openoffice_t)
-	')
-')
-
-########################################
-## <summary>
-##	Execute openoffice_exec_t 
-##	in the specified domain.
-## </summary>
-## <desc>
-##	<p>
-##	Execute a openoffice_exec_t
-##	in the specified domain.  
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the new process.
-##	</summary>
-## </param>
-#
-interface(`openoffice_exec_domtrans',`
-	gen_require(`
-		type openoffice_exec_t;
-	')
-
-	allow $2 openoffice_exec_t:file entrypoint;
-	domtrans_pattern($1, openoffice_exec_t, $2)
-')
diff --git a/policy/modules/apps/openoffice.te b/policy/modules/apps/openoffice.te
deleted file mode 100644
index a842371..0000000
--- a/policy/modules/apps/openoffice.te
+++ /dev/null
@@ -1,16 +0,0 @@
-policy_module(openoffice, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type openoffice_t;
-type openoffice_exec_t;
-application_domain(openoffice_t, openoffice_exec_t)
-
-########################################
-#
-# Unconfined java local policy
-#
-
diff --git a/policy/modules/apps/podsleuth.fc b/policy/modules/apps/podsleuth.fc
deleted file mode 100644
index 6fbc01c..0000000
--- a/policy/modules/apps/podsleuth.fc
+++ /dev/null
@@ -1,3 +0,0 @@
-/usr/bin/podsleuth	--	gen_context(system_u:object_r:podsleuth_exec_t,s0)
-/usr/libexec/hal-podsleuth --	gen_context(system_u:object_r:podsleuth_exec_t,s0)
-/var/cache/podsleuth(/.*)?	gen_context(system_u:object_r:podsleuth_cache_t,s0)
diff --git a/policy/modules/apps/podsleuth.if b/policy/modules/apps/podsleuth.if
deleted file mode 100644
index d6d80a0..0000000
--- a/policy/modules/apps/podsleuth.if
+++ /dev/null
@@ -1,45 +0,0 @@
-## <summary>Podsleuth is a tool to get information about an Apple (TM) iPod (TM)</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run podsleuth.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`podsleuth_domtrans',`
-	gen_require(`
-		type podsleuth_t, podsleuth_exec_t;
-	')
-
-	domtrans_pattern($1, podsleuth_exec_t, podsleuth_t)
-	allow $1 podsleuth_t:process signal;
-')
-
-########################################
-## <summary>
-##	Execute podsleuth in the podsleuth domain, and
-##	allow the specified role the podsleuth domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`podsleuth_run',`
-	gen_require(`
-		type podsleuth_t;
-	')
-
-	podsleuth_domtrans($1)
-	role $2 types podsleuth_t;
-')
diff --git a/policy/modules/apps/podsleuth.te b/policy/modules/apps/podsleuth.te
deleted file mode 100644
index 815d35d..0000000
--- a/policy/modules/apps/podsleuth.te
+++ /dev/null
@@ -1,89 +0,0 @@
-policy_module(podsleuth, 1.3.1)
-
-########################################
-#
-# Declarations
-#
-
-type podsleuth_t;
-type podsleuth_exec_t;
-application_domain(podsleuth_t, podsleuth_exec_t)
-role system_r types podsleuth_t;
-
-type podsleuth_cache_t;
-files_type(podsleuth_cache_t)
-ubac_constrained(podsleuth_cache_t)
-
-type podsleuth_tmp_t;
-files_tmp_file(podsleuth_tmp_t)
-ubac_constrained(podsleuth_tmp_t)
-
-type podsleuth_tmpfs_t;
-files_tmpfs_file(podsleuth_tmpfs_t)
-ubac_constrained(podsleuth_tmpfs_t)
-
-########################################
-#
-# podsleuth local policy
-#
-allow podsleuth_t self:capability { kill dac_override sys_admin sys_rawio };
-allow podsleuth_t self:process { ptrace signal signull getsched execheap execmem execstack };
-allow podsleuth_t self:fifo_file rw_file_perms;
-allow podsleuth_t self:unix_stream_socket create_stream_socket_perms;
-allow podsleuth_t self:sem create_sem_perms;
-allow podsleuth_t self:tcp_socket create_stream_socket_perms;
-allow podsleuth_t self:udp_socket create_socket_perms;
-
-manage_dirs_pattern(podsleuth_t, podsleuth_cache_t, podsleuth_cache_t)
-manage_files_pattern(podsleuth_t, podsleuth_cache_t, podsleuth_cache_t)
-files_var_filetrans(podsleuth_t, podsleuth_cache_t, { file dir })
-
-allow podsleuth_t podsleuth_tmp_t:dir mounton;
-manage_dirs_pattern(podsleuth_t, podsleuth_tmp_t, podsleuth_tmp_t)
-manage_files_pattern(podsleuth_t, podsleuth_tmp_t, podsleuth_tmp_t)
-files_tmp_filetrans(podsleuth_t, podsleuth_tmp_t, { file dir })
-
-manage_dirs_pattern(podsleuth_t, podsleuth_tmpfs_t, podsleuth_tmpfs_t)
-manage_files_pattern(podsleuth_t, podsleuth_tmpfs_t, podsleuth_tmpfs_t)
-manage_lnk_files_pattern(podsleuth_t, podsleuth_tmpfs_t, podsleuth_tmpfs_t)
-fs_tmpfs_filetrans(podsleuth_t, podsleuth_tmpfs_t, { dir file lnk_file })
-
-kernel_read_system_state(podsleuth_t)
-kernel_request_load_module(podsleuth_t)
-
-corecmd_exec_bin(podsleuth_t)
-
-corenet_tcp_connect_http_port(podsleuth_t)
-
-dev_read_urand(podsleuth_t)
-
-files_read_etc_files(podsleuth_t)
-
-fs_mount_dos_fs(podsleuth_t)
-fs_unmount_dos_fs(podsleuth_t)
-fs_getattr_dos_fs(podsleuth_t)
-fs_read_dos_files(podsleuth_t)
-fs_search_dos(podsleuth_t)
-fs_getattr_tmpfs(podsleuth_t)
-fs_list_tmpfs(podsleuth_t)
-fs_rw_removable_blk_files(podsleuth_t)
-
-miscfiles_read_localization(podsleuth_t)
-
-sysnet_dns_name_resolve(podsleuth_t)
-
-userdom_signal_unpriv_users(podsleuth_t)
-userdom_signull_unpriv_users(podsleuth_t)
-userdom_read_user_tmpfs_files(podsleuth_t)
-
-optional_policy(`
-	dbus_system_bus_client(podsleuth_t)
-
-	optional_policy(`
-		hal_dbus_chat(podsleuth_t)
-	')
-')
-
-optional_policy(`
-	mono_exec(podsleuth_t)
-')
diff --git a/policy/modules/apps/ptchown.fc b/policy/modules/apps/ptchown.fc
deleted file mode 100644
index 9fc398e..0000000
--- a/policy/modules/apps/ptchown.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/libexec/pt_chown	--	gen_context(system_u:object_r:ptchown_exec_t,s0)
diff --git a/policy/modules/apps/ptchown.if b/policy/modules/apps/ptchown.if
deleted file mode 100644
index 96cc023..0000000
--- a/policy/modules/apps/ptchown.if
+++ /dev/null
@@ -1,44 +0,0 @@
-## <summary>helper function for grantpt(3), changes ownship and permissions of pseudotty</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run ptchown.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`ptchown_domtrans',`
-	gen_require(`
-		type ptchown_t, ptchown_exec_t;
-	')
-
-	domtrans_pattern($1, ptchown_exec_t, ptchown_t)
-')
-
-########################################
-## <summary>
-##	Execute ptchown in the ptchown domain, and
-##	allow the specified role the ptchown domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`ptchown_run',`
-	gen_require(`
-		type ptchown_t;
-	')
-
-	ptchown_domtrans($1)
-	role $2 types ptchown_t;
-')
diff --git a/policy/modules/apps/ptchown.te b/policy/modules/apps/ptchown.te
deleted file mode 100644
index d90245a..0000000
--- a/policy/modules/apps/ptchown.te
+++ /dev/null
@@ -1,31 +0,0 @@
-policy_module(ptchown, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type ptchown_t;
-type ptchown_exec_t;
-application_domain(ptchown_t, ptchown_exec_t)
-role system_r types ptchown_t;
-
-########################################
-#
-# ptchown local policy
-#
-
-allow ptchown_t self:capability { chown fowner fsetid setuid };
-allow ptchown_t self:process { getcap setcap };
-
-files_read_etc_files(ptchown_t)
-
-fs_rw_anon_inodefs_files(ptchown_t)
-
-term_setattr_generic_ptys(ptchown_t)
-term_getattr_all_ptys(ptchown_t)
-term_setattr_all_ptys(ptchown_t)
-term_use_generic_ptys(ptchown_t)
-term_use_ptmx(ptchown_t)
-
-miscfiles_read_localization(ptchown_t)
diff --git a/policy/modules/apps/pulseaudio.fc b/policy/modules/apps/pulseaudio.fc
deleted file mode 100644
index 84f23dc..0000000
--- a/policy/modules/apps/pulseaudio.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-HOME_DIR/\.pulse-cookie		gen_context(system_u:object_r:pulseaudio_home_t,s0)
-HOME_DIR/\.pulse(/.*)?		gen_context(system_u:object_r:pulseaudio_home_t,s0)
-
-/usr/bin/pulseaudio	--	gen_context(system_u:object_r:pulseaudio_exec_t,s0)
-
-/var/lib/pulse(/.*)?		gen_context(system_u:object_r:pulseaudio_var_lib_t,s0)
-/var/run/pulse(/.*)?		gen_context(system_u:object_r:pulseaudio_var_run_t,s0)
diff --git a/policy/modules/apps/pulseaudio.if b/policy/modules/apps/pulseaudio.if
deleted file mode 100644
index 9f12b51..0000000
--- a/policy/modules/apps/pulseaudio.if
+++ /dev/null
@@ -1,264 +0,0 @@
-## <summary>Pulseaudio network sound server.</summary>
-
-########################################
-## <summary>
-##	Role access for pulseaudio
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`pulseaudio_role',`
-	gen_require(`
-		type pulseaudio_t, pulseaudio_exec_t;
-		class dbus { acquire_svc send_msg };
-	')
-
-	role $1 types pulseaudio_t;
-
-	# Transition from the user domain to the derived domain.
-	domtrans_pattern($2, pulseaudio_exec_t, pulseaudio_t)
-
-	ps_process_pattern($2, pulseaudio_t)
-
-	allow pulseaudio_t $2:process { signal signull };
-	allow $2 pulseaudio_t:process { signal signull sigkill };
-	ps_process_pattern(pulseaudio_t, $2)
-
-	allow pulseaudio_t $2:unix_stream_socket connectto;
-	allow $2 pulseaudio_t:unix_stream_socket connectto;
-
-	userdom_manage_home_role($1, pulseaudio_t)
-	userdom_manage_tmp_role($1, pulseaudio_t)
-	userdom_manage_tmpfs_role($1, pulseaudio_t)
-
-	allow $2 pulseaudio_t:dbus send_msg;
-	allow pulseaudio_t $2:dbus { acquire_svc send_msg };
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run pulseaudio.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`pulseaudio_domtrans',`
-	gen_require(`
-		type pulseaudio_t, pulseaudio_exec_t;
-	')
-
-	domtrans_pattern($1, pulseaudio_exec_t, pulseaudio_t)
-')
-
-########################################
-## <summary>
-##	Execute pulseaudio in the pulseaudio domain, and
-##	allow the specified role the pulseaudio domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`pulseaudio_run',`
-	gen_require(`
-		type pulseaudio_t;
-	')
-
-	pulseaudio_domtrans($1)
-	role $2 types pulseaudio_t;
-')
-
-########################################
-## <summary>
-##	Execute a pulseaudio in the current domain.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`pulseaudio_exec',`
-	gen_require(`
-		type pulseaudio_exec_t;
-	')
-
-	can_exec($1, pulseaudio_exec_t)
-')
-
-########################################
-## <summary>
-##	Do not audit to execute a pulseaudio.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain to not audit.
-## </summary>
-## </param>
-#
-interface(`pulseaudio_dontaudit_exec',`
-	gen_require(`
-		type pulseaudio_exec_t;
-	')
-
-	dontaudit $1 pulseaudio_exec_t:file exec_file_perms;
-')
-
-########################################
-## <summary>
-##	Send signull signal to pulseaudio
-##	processes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pulseaudio_signull',`
-	gen_require(`
-		type pulseaudio_t;
-	')
-
-	allow $1 pulseaudio_t:process signull;
-')
-
-#####################################
-## <summary>
-##	Connect to pulseaudio over a unix domain
-##	stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pulseaudio_stream_connect',`
-	gen_require(`
-		type pulseaudio_t, pulseaudio_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 pulseaudio_t:process signull;
-	allow pulseaudio_t $1:process signull;
-	stream_connect_pattern($1, pulseaudio_var_run_t, pulseaudio_var_run_t, pulseaudio_t)
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	pulseaudio over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pulseaudio_dbus_chat',`
-	gen_require(`
-		type pulseaudio_t;
-		class dbus send_msg;
-	')
-
-	allow $1 pulseaudio_t:dbus send_msg;
-	allow pulseaudio_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Set the attributes of the pulseaudio homedir.
-## </summary>
-## <param name="user_domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pulseaudio_setattr_home_dir',`
-	gen_require(`
-		type pulseaudio_home_t;
-	')
-
-	allow $1 pulseaudio_home_t:dir setattr;
-')
-
-########################################
-## <summary>
-##	Read pulseaudio homedir files.
-## </summary>
-## <param name="user_domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pulseaudio_read_home_files',`
-	gen_require(`
-		type pulseaudio_home_t;
-	')
-
-	userdom_search_user_home_dirs($1)
-	read_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
-	read_lnk_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
-')
-
-########################################
-## <summary>
-##	Read and write Pulse Audio files.
-## </summary>
-## <param name="user_domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pulseaudio_rw_home_files',`
-	gen_require(`
-		type pulseaudio_home_t;
-	')
-
-	rw_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
-	read_lnk_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
-	userdom_search_user_home_dirs($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete pulseaudio
-##	home directory files.
-## </summary>
-## <param name="user_domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pulseaudio_manage_home_files',`
-	gen_require(`
-		type pulseaudio_home_t;
-	')
-
-	userdom_search_user_home_dirs($1)
-	manage_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
-	read_lnk_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
-')
diff --git a/policy/modules/apps/pulseaudio.te b/policy/modules/apps/pulseaudio.te
deleted file mode 100644
index db96581..0000000
--- a/policy/modules/apps/pulseaudio.te
+++ /dev/null
@@ -1,158 +0,0 @@
-policy_module(pulseaudio, 1.2.3)
-
-########################################
-#
-# Declarations
-#
-
-type pulseaudio_t;
-type pulseaudio_exec_t;
-init_daemon_domain(pulseaudio_t, pulseaudio_exec_t)
-application_domain(pulseaudio_t, pulseaudio_exec_t)
-ubac_constrained(pulseaudio_t)
-role system_r types pulseaudio_t;
-
-type pulseaudio_home_t;
-userdom_user_home_content(pulseaudio_home_t)
-
-type pulseaudio_tmpfs_t;
-files_tmpfs_file(pulseaudio_tmpfs_t)
-ubac_constrained(pulseaudio_tmpfs_t)
-
-type pulseaudio_var_lib_t;
-files_type(pulseaudio_var_lib_t)
-ubac_constrained(pulseaudio_var_lib_t)
-
-type pulseaudio_var_run_t;
-files_pid_file(pulseaudio_var_run_t)
-ubac_constrained(pulseaudio_var_run_t)
-
-########################################
-#
-# pulseaudio local policy
-#
-
-allow pulseaudio_t self:capability { fowner fsetid chown setgid setuid sys_nice sys_resource sys_tty_config };
-allow pulseaudio_t self:process { getcap setcap setrlimit setsched getsched signal signull };
-allow pulseaudio_t self:fifo_file rw_file_perms;
-allow pulseaudio_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow pulseaudio_t self:unix_dgram_socket { sendto create_socket_perms };
-allow pulseaudio_t self:tcp_socket create_stream_socket_perms;
-allow pulseaudio_t self:udp_socket create_socket_perms;
-allow pulseaudio_t self:netlink_kobject_uevent_socket create_socket_perms;
-
-manage_dirs_pattern(pulseaudio_t, pulseaudio_home_t, pulseaudio_home_t)
-manage_files_pattern(pulseaudio_t, pulseaudio_home_t, pulseaudio_home_t)
-userdom_search_user_home_dirs(pulseaudio_t)
-userdom_search_admin_dir(pulseaudio_t)
-
-manage_dirs_pattern(pulseaudio_t, pulseaudio_var_lib_t, pulseaudio_var_lib_t)
-manage_files_pattern(pulseaudio_t, pulseaudio_var_lib_t, pulseaudio_var_lib_t)
-manage_lnk_files_pattern(pulseaudio_t, pulseaudio_var_lib_t, pulseaudio_var_lib_t)
-files_var_lib_filetrans(pulseaudio_t, pulseaudio_var_lib_t, { dir file })
-
-manage_dirs_pattern(pulseaudio_t, pulseaudio_var_run_t, pulseaudio_var_run_t)
-manage_files_pattern(pulseaudio_t, pulseaudio_var_run_t, pulseaudio_var_run_t)
-manage_sock_files_pattern(pulseaudio_t, pulseaudio_var_run_t, pulseaudio_var_run_t)
-files_pid_filetrans(pulseaudio_t, pulseaudio_var_run_t, { file dir })
-
-can_exec(pulseaudio_t, pulseaudio_exec_t)
-
-kernel_getattr_proc(pulseaudio_t)
-kernel_read_system_state(pulseaudio_t)
-kernel_read_kernel_sysctls(pulseaudio_t)
-
-corecmd_exec_bin(pulseaudio_t)
-
-corenet_all_recvfrom_unlabeled(pulseaudio_t)
-corenet_all_recvfrom_netlabel(pulseaudio_t)
-corenet_tcp_bind_pulseaudio_port(pulseaudio_t)
-corenet_tcp_bind_soundd_port(pulseaudio_t)
-corenet_tcp_sendrecv_generic_if(pulseaudio_t)
-corenet_tcp_sendrecv_generic_node(pulseaudio_t)
-corenet_udp_bind_sap_port(pulseaudio_t)
-corenet_udp_sendrecv_generic_if(pulseaudio_t)
-corenet_udp_sendrecv_generic_node(pulseaudio_t)
-
-dev_read_sound(pulseaudio_t)
-dev_write_sound(pulseaudio_t)
-dev_read_sysfs(pulseaudio_t)
-dev_read_urand(pulseaudio_t)
-
-files_read_etc_files(pulseaudio_t)
-files_read_usr_files(pulseaudio_t)
-
-fs_rw_anon_inodefs_files(pulseaudio_t)
-fs_getattr_tmpfs(pulseaudio_t)
-fs_list_inotifyfs(pulseaudio_t)
-
-term_use_all_ttys(pulseaudio_t)
-term_use_all_ptys(pulseaudio_t)
-
-auth_use_nsswitch(pulseaudio_t)
-
-logging_send_syslog_msg(pulseaudio_t)
-
-miscfiles_read_localization(pulseaudio_t)
-
-optional_policy(`
-	alsa_read_rw_config(pulseaudio_t)
-')
-
-optional_policy(`
-	bluetooth_stream_connect(pulseaudio_t)
-')
-
-optional_policy(`
-	dbus_system_domain(pulseaudio_t, pulseaudio_exec_t)
-	dbus_system_bus_client(pulseaudio_t)
-	dbus_session_bus_client(pulseaudio_t)
-	dbus_connect_session_bus(pulseaudio_t)
-
-	optional_policy(`
-		consolekit_dbus_chat(pulseaudio_t)
-	')
-
-	optional_policy(`
-		hal_dbus_chat(pulseaudio_t)
-	')
-
-	optional_policy(`
-		policykit_dbus_chat(pulseaudio_t)
-	')
-
-	optional_policy(`
-		rpm_dbus_chat(pulseaudio_t)
-	')
-')
-
-optional_policy(`
-	rtkit_scheduled(pulseaudio_t)
-')
-
-optional_policy(`
-	mpd_read_tmpfs_files(pulseaudio_t)
-')
-
-optional_policy(`
-	policykit_domtrans_auth(pulseaudio_t)
-	policykit_read_lib(pulseaudio_t)
-	policykit_read_reload(pulseaudio_t)
-')
-
-optional_policy(`
-	udev_read_state(pulseaudio_t)
-	udev_read_db(pulseaudio_t)
-')
-
-optional_policy(`
-	xserver_stream_connect(pulseaudio_t)
-	xserver_manage_xdm_tmp_files(pulseaudio_t)
-	xserver_read_xdm_lib_files(pulseaudio_t)
-	xserver_read_xdm_pid(pulseaudio_t)
-	xserver_user_x_domain_template(pulseaudio, pulseaudio_t, pulseaudio_tmpfs_t)
-')
-
-optional_policy(`
-	sandbox_manage_tmpfs_files(pulseaudio_t)
-')
diff --git a/policy/modules/apps/qemu.fc b/policy/modules/apps/qemu.fc
deleted file mode 100644
index 64d877e..0000000
--- a/policy/modules/apps/qemu.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-/usr/bin/qemu		--	gen_context(system_u:object_r:qemu_exec_t,s0)
-/usr/bin/qemu-system-.*	--	gen_context(system_u:object_r:qemu_exec_t,s0)
-/usr/bin/qemu-kvm	--	gen_context(system_u:object_r:qemu_exec_t,s0)
-/usr/libexec/qemu.*	--	gen_context(system_u:object_r:qemu_exec_t,s0)
diff --git a/policy/modules/apps/qemu.if b/policy/modules/apps/qemu.if
deleted file mode 100644
index f4e1572..0000000
--- a/policy/modules/apps/qemu.if
+++ /dev/null
@@ -1,410 +0,0 @@
-## <summary>QEMU machine emulator and virtualizer</summary>
-
-########################################
-## <summary>
-##	Creates types and rules for a basic
-##	qemu process domain.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Prefix for the domain.
-##	</summary>
-## </param>
-#
-template(`qemu_domain_template',`
-
-	##############################
-	#
-	# Local Policy
-	#
-
-	type $1_t;
-	domain_type($1_t)
-
-	type $1_tmp_t;
-	files_tmp_file($1_tmp_t)
-
-	##############################
-	#
-	# Local Policy
-	#
-
-	allow $1_t self:capability { dac_read_search dac_override };
-	allow $1_t self:process { execstack execmem signal getsched };
-	allow $1_t self:fifo_file rw_file_perms;
-	allow $1_t self:shm create_shm_perms;
-	allow $1_t self:unix_stream_socket create_stream_socket_perms;
-	allow $1_t self:tcp_socket create_stream_socket_perms;
-	allow $1_t self:tun_socket create;
-
-	manage_dirs_pattern($1_t, $1_tmp_t, $1_tmp_t)
-	manage_files_pattern($1_t, $1_tmp_t, $1_tmp_t)
-	files_tmp_filetrans($1_t, $1_tmp_t, { file dir })
-
-	kernel_read_system_state($1_t)
-
-	corenet_all_recvfrom_unlabeled($1_t)
-	corenet_all_recvfrom_netlabel($1_t)
-	corenet_tcp_sendrecv_generic_if($1_t)
-	corenet_tcp_sendrecv_generic_node($1_t)
-	corenet_tcp_sendrecv_all_ports($1_t)
-	corenet_tcp_bind_generic_node($1_t)
-	corenet_tcp_bind_vnc_port($1_t)
-	corenet_rw_tun_tap_dev($1_t)
-
-#	dev_rw_kvm($1_t)
-
-	domain_use_interactive_fds($1_t)
-
-	files_read_etc_files($1_t)
-	files_read_usr_files($1_t)
-	files_read_var_files($1_t)
-	files_search_all($1_t)
-
-	fs_list_inotifyfs($1_t)
-	fs_rw_anon_inodefs_files($1_t)
-	fs_rw_tmpfs_files($1_t)
-
-	storage_raw_write_removable_device($1_t)
-	storage_raw_read_removable_device($1_t)
-
-	term_use_ptmx($1_t)
-	term_getattr_pty_fs($1_t)
-	term_use_generic_ptys($1_t)
-
-	miscfiles_read_localization($1_t)
-
-	sysnet_read_config($1_t)
-
-	userdom_use_user_terminals($1_t)
-	userdom_attach_admin_tun_iface($1_t)
-
-	optional_policy(`
-		samba_domtrans_smbd($1_t)
-	')
-
-	optional_policy(`
-		virt_manage_images($1_t)
-		virt_read_config($1_t)
-		virt_read_lib_files($1_t)
-		virt_attach_tun_iface($1_t)
-	')
-
-	optional_policy(`
-		xserver_stream_connect($1_t)
-		xserver_read_xdm_tmp_files($1_t)
-		xserver_read_xdm_pid($1_t)
-#		xserver_xdm_rw_shm($1_t)
-	')
-')
-
-#######################################
-## <summary>
-##	The per role template for the qemu module.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a derived domains which are used
-##	for qemu web browser.
-##	</p>
-##	<p>
-##	This template is invoked automatically for each user, and
-##	generally does not need to be invoked directly
-##	by policy writers.
-##	</p>
-## </desc>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-template(`qemu_role',`
-	gen_require(`
-		type qemu_t, qemu_exec_t;
-		type qemu_config_t, qemu_config_exec_t;
-	')
-
-	role $1 types { qemu_t qemu_config_t };
-
-	domtrans_pattern($2, qemu_exec_t, qemu_t)
- 	domtrans_pattern($2, qemu_config_exec_t, qemu_config_t)
-	allow qemu_t $2:process signull;
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run qemu.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`qemu_domtrans',`
-	gen_require(`
-		type qemu_t, qemu_exec_t;
-	')
-
-	domtrans_pattern($1, qemu_exec_t, qemu_t)
-')
-
-########################################
-## <summary>
-##	Execute a qemu in the callers domain
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`qemu_exec',`
-	gen_require(`
-		type qemu_exec_t;
-	')
-
-	can_exec($1, qemu_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute qemu in the qemu domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the qemu domain.
-##	</summary>
-## </param>
-#
-interface(`qemu_run',`
-	gen_require(`
-		type qemu_t;
-	')
-
-	qemu_domtrans($1)
-	role $2 types qemu_t;
-
-	optional_policy(`
-		samba_run_smb(qemu_t, $2, $3)
-	')
-')
-
-########################################
-## <summary>
-##	Allow the domain to read state files in /proc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to allow access.
-##	</summary>
-## </param>
-#
-interface(`qemu_read_state',`
-	gen_require(`
-		type qemu_t;
-	')
-
-	read_files_pattern($1, qemu_t, qemu_t)
-')
-
-########################################
-## <summary>
-##	Set the schedule on qemu.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`qemu_setsched',`
-	gen_require(`
-		type qemu_t;
-	')
-
-	allow $1 qemu_t:process setsched;
-')
-
-########################################
-## <summary>
-##	Send a signal to qemu.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`qemu_signal',`
-	gen_require(`
-		type qemu_t;
-	')
-
-	allow $1 qemu_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send a sigill to qemu
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`qemu_kill',`
-	gen_require(`
-		type qemu_t;
-	')
-
-	allow $1 qemu_t:process sigkill;
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run qemu unconfined.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`qemu_domtrans_unconfined',`
-	gen_require(`
-		type unconfined_qemu_t, qemu_exec_t;
-	')
-
-	domtrans_pattern($1, qemu_exec_t, unconfined_qemu_t)
-')
-
-########################################
-## <summary>
-##	Execute qemu_exec_t 
-##	in the specified domain but do not
-##	do it automatically. This is an explicit
-##	transition, requiring the caller to use setexeccon().
-## </summary>
-## <desc>
-##	<p>
-##	Execute qemu_exec_t 
-##	in the specified domain.  This allows
-##	the specified domain to qemu programs
-##	on these filesystems in the specified
-##	domain.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the new process.
-##	</summary>
-## </param>
-#
-interface(`qemu_spec_domtrans',`
-	gen_require(`
-		type qemu_exec_t;
-	')
-  
-	read_lnk_files_pattern($1, qemu_exec_t, qemu_exec_t)
-	domain_transition_pattern($1, qemu_exec_t, $2)
-  	domain_entry_file($2,qemu_exec_t)
-	can_exec($1,qemu_exec_t)
-
-	allow $2 $1:fd use;
-	allow $2 $1:fifo_file rw_fifo_file_perms;
-	allow $2 $1:process sigchld;
-')
-
-########################################
-## <summary>
-##	Execute qemu unconfined programs in the role.
-## </summary>
-## <param name="role">
-##	<summary>
-##	The role to allow the qemu unconfined domain.
-##	</summary>
-## </param>
-#
-interface(`qemu_unconfined_role',`
-	gen_require(`
-		type unconfined_qemu_t;
-		type qemu_t;
-	')
-	role $1 types unconfined_qemu_t;
-	role $1 types qemu_t;
-')
-
-########################################
-## <summary>
-##	Manage qemu temporary dirs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`qemu_manage_tmp_dirs',`
-	gen_require(`
-		type qemu_tmp_t;
-	')
-
-	manage_dirs_pattern($1, qemu_tmp_t, qemu_tmp_t)
-')
-
-########################################
-## <summary>
-##	Manage qemu temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`qemu_manage_tmp_files',`
-	gen_require(`
-		type qemu_tmp_t;
-	')
-
-	manage_files_pattern($1, qemu_tmp_t, qemu_tmp_t)
-')
-
-########################################
-## <summary>
-##     Make qemu_exec_t an entrypoint for
-##     the specified domain.
-## </summary>
-## <param name="domain">
-##     <summary>
-##     The domain for which qemu_exec_t is an entrypoint.
-##     </summary>
-## </param>
-#
-interface(`qemu_entry_type',`
-	gen_require(`
-		type qemu_exec_t;
-	')
-
-	domain_entry_file($1, qemu_exec_t)
-')
-
-
diff --git a/policy/modules/apps/qemu.te b/policy/modules/apps/qemu.te
deleted file mode 100644
index 7551020..0000000
--- a/policy/modules/apps/qemu.te
+++ /dev/null
@@ -1,124 +0,0 @@
-policy_module(qemu, 1.4.1)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Allow qemu to connect fully to the network
-## </p>
-## </desc>
-gen_tunable(qemu_full_network, false)
-
-## <desc>
-## <p>
-## Allow qemu to use cifs/Samba file systems
-## </p>
-## </desc>
-gen_tunable(qemu_use_cifs, true)
-
-## <desc>
-## <p>
-## Allow qemu to user serial/parallel communication ports
-## </p>
-## </desc>
-gen_tunable(qemu_use_comm, false)
-
-## <desc>
-## <p>
-## Allow qemu to use nfs file systems
-## </p>
-## </desc>
-gen_tunable(qemu_use_nfs, true)
-
-## <desc>
-## <p>
-## Allow qemu to use usb devices
-## </p>
-## </desc>
-gen_tunable(qemu_use_usb, true)
-
-type qemu_exec_t;
-virt_domain_template(qemu)
-application_domain(qemu_t, qemu_exec_t)
-role system_r types qemu_t;
-
-########################################
-#
-# qemu local policy
-#
-
-storage_raw_write_removable_device(qemu_t)
-storage_raw_read_removable_device(qemu_t)
-
-userdom_search_user_home_content(qemu_t)
-userdom_read_user_tmpfs_files(qemu_t)
-
-tunable_policy(`qemu_full_network',`
-	allow qemu_t self:udp_socket create_socket_perms;
-
-	corenet_udp_sendrecv_all_if(qemu_t)
-	corenet_udp_sendrecv_all_nodes(qemu_t)
-	corenet_udp_sendrecv_all_ports(qemu_t)
-	corenet_udp_bind_all_nodes(qemu_t)
-	corenet_udp_bind_all_ports(qemu_t)
-	corenet_tcp_bind_all_ports(qemu_t)
-	corenet_tcp_connect_all_ports(qemu_t)
-')
-
-tunable_policy(`qemu_use_cifs',`
-	fs_manage_cifs_dirs(qemu_t)
-	fs_manage_cifs_files(qemu_t)
-')
-
-tunable_policy(`qemu_use_comm',`
-	term_use_unallocated_ttys(qemu_t)
-	dev_rw_printer(qemu_t)
-')
-
-tunable_policy(`qemu_use_nfs',`
-	fs_manage_nfs_dirs(qemu_t)
-	fs_manage_nfs_files(qemu_t)
-')
-
-tunable_policy(`qemu_use_usb',`
-	dev_rw_usbfs(qemu_t)
-	fs_manage_dos_dirs(qemu_t)
-	fs_manage_dos_files(qemu_t)
-')
-
-optional_policy(`
-	samba_domtrans_smbd(qemu_t)
-')
-
-optional_policy(`
-	virt_manage_images(qemu_t)
-	virt_append_log(qemu_t)
-')
-
-optional_policy(`
-	xen_rw_image_files(qemu_t)
-')
-
-optional_policy(`
-	xen_rw_image_files(qemu_t)
-')
-
-########################################
-#
-# Unconfined qemu local policy
-#
-
-optional_policy(`
-	type unconfined_qemu_t;
-	typealias unconfined_qemu_t alias qemu_unconfined_t;
-	application_type(unconfined_qemu_t)
-	unconfined_domain(unconfined_qemu_t)
-	userdom_manage_tmpfs_role(unconfined_r, unconfined_qemu_t)
-	userdom_unpriv_usertype(unconfined, unconfined_qemu_t)
-
-	allow unconfined_qemu_t self:process { execstack execmem };
-	allow unconfined_qemu_t qemu_exec_t:file execmod;
-')
diff --git a/policy/modules/apps/rssh.fc b/policy/modules/apps/rssh.fc
deleted file mode 100644
index 4c091ca..0000000
--- a/policy/modules/apps/rssh.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/bin/rssh	--	gen_context(system_u:object_r:rssh_exec_t,s0)
diff --git a/policy/modules/apps/rssh.if b/policy/modules/apps/rssh.if
deleted file mode 100644
index 7cdac1e..0000000
--- a/policy/modules/apps/rssh.if
+++ /dev/null
@@ -1,66 +0,0 @@
-## <summary>Restricted (scp/sftp) only shell</summary>
-
-########################################
-## <summary>
-##	Role access for rssh
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`rssh_role',`
-	gen_require(`
-		type rssh_t;
-	')
-
-	role $1 types rssh_t;
-
-	# allow ps to show irc
-	ps_process_pattern($2, rssh_t)
-	allow $2 rssh_t:process signal;
-')
-
-########################################
-## <summary>
-##	Transition to all user rssh domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`rssh_spec_domtrans',`
-	gen_require(`
-		type rssh_t, rssh_exec_t;
-	')
-
-	spec_domtrans_pattern($1, rssh_exec_t, rssh_t)
-')
-
-########################################
-## <summary>
-##	Read all users rssh read-only content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rssh_read_ro_content',`
-	gen_require(`
-		type rssh_ro_t;
-	')
-
-	allow $1 rssh_ro_t:dir list_dir_perms;
-	read_files_pattern($1, rssh_ro_t, rssh_ro_t)
-	read_lnk_files_pattern($1, rssh_ro_t, rssh_ro_t)
-')
diff --git a/policy/modules/apps/rssh.te b/policy/modules/apps/rssh.te
deleted file mode 100644
index c605046..0000000
--- a/policy/modules/apps/rssh.te
+++ /dev/null
@@ -1,80 +0,0 @@
-policy_module(rssh, 2.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type rssh_t;
-type rssh_exec_t;
-typealias rssh_t alias { user_rssh_t staff_rssh_t sysadm_rssh_t };
-typealias rssh_t alias { auditadm_rssh_t secadm_rssh_t };
-application_domain(rssh_t, rssh_exec_t)
-domain_user_exemption_target(rssh_t)
-domain_interactive_fd(rssh_t)
-ubac_constrained(rssh_t)
-role system_r types rssh_t;
-
-type rssh_devpts_t;
-typealias rssh_devpts_t alias { user_rssh_devpts_t staff_rssh_devpts_t sysadm_rssh_devpts_t };
-typealias rssh_devpts_t alias { auditadm_rssh_devpts_t secadm_rssh_devpts_t };
-term_user_pty(rssh_t, rssh_devpts_t)
-ubac_constrained(rssh_devpts_t)
-
-type rssh_ro_t;
-typealias rssh_ro_t alias { user_rssh_ro_t staff_rssh_ro_t sysadm_rssh_ro_t };
-typealias rssh_ro_t alias { auditadm_rssh_ro_t secadm_rssh_ro_t };
-userdom_user_home_content(rssh_ro_t)
-
-type rssh_rw_t;
-typealias rssh_rw_t alias { user_rssh_rw_t staff_rssh_rw_t sysadm_rssh_rw_t };
-typealias rssh_rw_t alias { auditadm_rssh_rw_t secadm_rssh_rw_t };
-userdom_user_home_content(rssh_rw_t)
-
-##############################
-#
-# Local policy
-#
-
-allow rssh_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow rssh_t self:fd use;
-allow rssh_t self:fifo_file rw_fifo_file_perms;
-allow rssh_t self:unix_dgram_socket create_socket_perms;
-allow rssh_t self:unix_stream_socket create_stream_socket_perms;
-allow rssh_t self:unix_dgram_socket sendto;
-allow rssh_t self:unix_stream_socket connectto;
-allow rssh_t self:shm create_shm_perms;
-allow rssh_t self:sem create_sem_perms;
-allow rssh_t self:msgq create_msgq_perms;
-allow rssh_t self:msg { send receive };
-
-allow rssh_t rssh_devpts_t:chr_file { rw_file_perms setattr };
-term_create_pty(rssh_t, rssh_devpts_t)
-
-allow rssh_t rssh_ro_t:dir list_dir_perms;
-read_files_pattern(rssh_t, rssh_ro_t, rssh_ro_t)
-
-manage_dirs_pattern(rssh_t, rssh_rw_t, rssh_rw_t)
-manage_files_pattern(rssh_t, rssh_rw_t, rssh_rw_t)
-
-kernel_read_system_state(rssh_t)
-kernel_read_kernel_sysctls(rssh_t)
-
-files_read_etc_files(rssh_t)
-files_read_etc_runtime_files(rssh_t)
-files_list_home(rssh_t)
-files_read_usr_files(rssh_t)
-files_list_var(rssh_t)
-
-fs_search_auto_mountpoints(rssh_t)
-
-logging_send_syslog_msg(rssh_t)
-
-miscfiles_read_localization(rssh_t)
-
-ssh_rw_tcp_sockets(rssh_t)
-ssh_rw_stream_sockets(rssh_t)
-
-optional_policy(`
-	nis_use_ypbind(rssh_t)
-')
diff --git a/policy/modules/apps/sambagui.fc b/policy/modules/apps/sambagui.fc
deleted file mode 100644
index c13d607..0000000
--- a/policy/modules/apps/sambagui.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/share/system-config-samba/system-config-samba-mechanism.py		--	gen_context(system_u:object_r:sambagui_exec_t,s0)
diff --git a/policy/modules/apps/sambagui.if b/policy/modules/apps/sambagui.if
deleted file mode 100644
index b31ed10..0000000
--- a/policy/modules/apps/sambagui.if
+++ /dev/null
@@ -1,2 +0,0 @@
-## <summary>system-config-samba dbus service policy</summary>
-
diff --git a/policy/modules/apps/sambagui.te b/policy/modules/apps/sambagui.te
deleted file mode 100644
index 26bb71c..0000000
--- a/policy/modules/apps/sambagui.te
+++ /dev/null
@@ -1,63 +0,0 @@
-policy_module(sambagui, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type sambagui_t;
-type sambagui_exec_t;
-dbus_system_domain(sambagui_t, sambagui_exec_t)
-
-########################################
-#
-# system-config-samba local policy
-#
-
-allow sambagui_t self:capability dac_override;
-allow sambagui_t self:fifo_file rw_fifo_file_perms;
-allow sambagui_t self:unix_dgram_socket create_socket_perms;
-
-# read meminfo
-kernel_read_system_state(sambagui_t)
-
-# execut apps of system-config-samba
-corecmd_exec_shell(sambagui_t)
-corecmd_exec_bin(sambagui_t)
-
-dev_dontaudit_read_urand(sambagui_t)
-
-files_read_etc_files(sambagui_t)
-files_search_var_lib(sambagui_t)
-files_read_usr_files(sambagui_t)
-
-auth_use_nsswitch(sambagui_t)
-
-logging_send_syslog_msg(sambagui_t)
-
-miscfiles_read_localization(sambagui_t)
-
-nscd_dontaudit_search_pid(sambagui_t)
-
-userdom_dontaudit_search_admin_dir(sambagui_t)
-
-# handling with samba conf files
-samba_append_log(sambagui_t)
-samba_manage_config(sambagui_t)
-samba_manage_var_files(sambagui_t)
-samba_read_secrets(sambagui_t)
-samba_initrc_domtrans(sambagui_t)
-samba_domtrans_smbd(sambagui_t)
-samba_domtrans_nmbd(sambagui_t)
-
-optional_policy(`
-	consoletype_exec(sambagui_t)
-')
-
-optional_policy(`
-	gnome_dontaudit_search_config(sambagui_t)
-') 
-
-optional_policy(`
-	policykit_dbus_chat(sambagui_t)
-')
diff --git a/policy/modules/apps/sandbox.fc b/policy/modules/apps/sandbox.fc
deleted file mode 100644
index 15778fd..0000000
--- a/policy/modules/apps/sandbox.fc
+++ /dev/null
@@ -1 +0,0 @@
-# No types are sandbox_exec_t
diff --git a/policy/modules/apps/sandbox.if b/policy/modules/apps/sandbox.if
deleted file mode 100644
index 587c440..0000000
--- a/policy/modules/apps/sandbox.if
+++ /dev/null
@@ -1,339 +0,0 @@
-
-## <summary>policy for sandbox</summary>
-
-########################################
-## <summary>
-##	Execute sandbox in the sandbox domain, and
-##	allow the specified role the sandbox domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed the sandbox domain.
-##	</summary>
-## </param>
-#
-interface(`sandbox_transition',`
-	gen_require(`
-		type sandbox_xserver_t;
-		attribute sandbox_domain;
-		attribute sandbox_x_domain;
-		attribute sandbox_file_type;
-		attribute sandbox_tmpfs_type;
-	')
-
-	allow $1 sandbox_domain:process transition;
-	dontaudit $1 sandbox_domain:process { noatsecure siginh rlimitinh };
-	role $2 types sandbox_domain;
-	allow sandbox_domain $1:process { sigchld signull };
-	allow sandbox_domain $1:fifo_file rw_inherited_fifo_file_perms;
-
-	allow $1 sandbox_x_domain:process { signal_perms transition };
-	dontaudit $1 sandbox_x_domain:process { noatsecure siginh rlimitinh };
-	allow sandbox_x_domain $1:process { sigchld signull };
-	dontaudit sandbox_domain $1:process signal;
-	role $2 types sandbox_x_domain;
-	role $2 types sandbox_xserver_t;
-	allow $1 sandbox_xserver_t:process signal_perms;
-	dontaudit sandbox_xserver_t $1:fifo_file rw_inherited_fifo_file_perms;
-	dontaudit sandbox_xserver_t $1:tcp_socket rw_socket_perms;
-	dontaudit sandbox_xserver_t $1:udp_socket rw_socket_perms;
-	allow sandbox_xserver_t $1:unix_stream_socket { connectto rw_socket_perms };
-	allow sandbox_x_domain sandbox_x_domain:process signal;
-	# Dontaudit leaked file descriptors
-	dontaudit sandbox_x_domain $1:fifo_file { read write };
-	dontaudit sandbox_x_domain $1:tcp_socket rw_socket_perms;
-	dontaudit sandbox_x_domain $1:udp_socket rw_socket_perms;
-	dontaudit sandbox_x_domain $1:unix_stream_socket { read write };
-	dontaudit sandbox_x_domain $1:process signal;
-	
-	allow $1 sandbox_tmpfs_type:file manage_file_perms;
-	dontaudit $1 sandbox_tmpfs_type:file manage_file_perms;
-
-	can_exec($1, sandbox_file_type)
-	manage_files_pattern($1, sandbox_file_type, sandbox_file_type);
-	manage_dirs_pattern($1, sandbox_file_type, sandbox_file_type);
-	manage_sock_files_pattern($1, sandbox_file_type, sandbox_file_type);
-	manage_fifo_files_pattern($1, sandbox_file_type, sandbox_file_type);
-	manage_lnk_files_pattern($1, sandbox_file_type, sandbox_file_type);
-	relabel_dirs_pattern($1, sandbox_file_type, sandbox_file_type)
-	relabel_files_pattern($1, sandbox_file_type, sandbox_file_type)
-	relabel_lnk_files_pattern($1, sandbox_file_type, sandbox_file_type)
-	relabel_fifo_files_pattern($1, sandbox_file_type, sandbox_file_type)
-	relabel_sock_files_pattern($1, sandbox_file_type, sandbox_file_type)
-')
-
-########################################
-## <summary>
-##	Creates types and rules for a basic
-##	qemu process domain.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Prefix for the domain.
-##	</summary>
-## </param>
-#
-template(`sandbox_domain_template',`
-
-	gen_require(`
-		attribute sandbox_domain;
-		attribute sandbox_file_type;
-		attribute sandbox_x_type;
-	')
-
-	type $1_t, sandbox_domain, sandbox_x_type;
-	application_type($1_t)
-
-	mls_rangetrans_target($1_t)
-	mcs_untrusted_proc($1_t)
-
-	type $1_file_t, sandbox_file_type;
-	files_type($1_file_t)
-
-	can_exec($1_t, $1_file_t)
-	manage_dirs_pattern($1_t, $1_file_t, $1_file_t)
-	manage_files_pattern($1_t, $1_file_t, $1_file_t)
-	manage_lnk_files_pattern($1_t, $1_file_t, $1_file_t)
-	manage_fifo_files_pattern($1_t, $1_file_t, $1_file_t)
-	manage_sock_files_pattern($1_t, $1_file_t, $1_file_t)
-')
-
-########################################
-## <summary>
-##	Creates types and rules for a basic
-##	qemu process domain.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Prefix for the domain.
-##	</summary>
-## </param>
-#
-template(`sandbox_x_domain_template',`
-	gen_require(`
-		type xserver_exec_t, sandbox_devpts_t;
-		type sandbox_xserver_t;
-		attribute sandbox_domain, sandbox_x_domain;
-		attribute sandbox_file_type, sandbox_tmpfs_type;
-	')
-
-	type $1_t, sandbox_x_domain;
-	application_type($1_t)
-	mcs_untrusted_proc($1_t)
-
-	type $1_file_t, sandbox_file_type;
-	files_type($1_file_t)
-
-	can_exec($1_t, $1_file_t)
-	manage_dirs_pattern($1_t, $1_file_t, $1_file_t)
-	manage_files_pattern($1_t, $1_file_t, $1_file_t)
-	manage_lnk_files_pattern($1_t, $1_file_t, $1_file_t)
-	manage_fifo_files_pattern($1_t, $1_file_t, $1_file_t)
-	manage_sock_files_pattern($1_t, $1_file_t, $1_file_t)
-
-	type $1_devpts_t;
-	term_pty($1_devpts_t)
-	term_create_pty($1_t, $1_devpts_t)
-	allow $1_t $1_devpts_t:chr_file { rw_chr_file_perms setattr };
-
-	# window manager
-	miscfiles_setattr_fonts_cache_dirs($1_t)
-	allow $1_t self:capability setuid;
-
-	type $1_client_t, sandbox_x_domain;
-	application_type($1_client_t)
-	mcs_untrusted_proc($1_t)
-
-	type $1_client_tmpfs_t, sandbox_tmpfs_type;
-	files_tmpfs_file($1_client_tmpfs_t)
-
-	term_search_ptys($1_t)
-	allow $1_client_t sandbox_devpts_t:chr_file { rw_term_perms setattr };
-	term_create_pty($1_client_t,sandbox_devpts_t)
-
-	manage_files_pattern($1_client_t, $1_client_tmpfs_t, $1_client_tmpfs_t)
-	fs_tmpfs_filetrans($1_client_t, $1_client_tmpfs_t, file )
-	# Pulseaudio tmpfs files with different MCS labels
-	dontaudit $1_client_t $1_client_tmpfs_t:file { read write };
-	allow sandbox_xserver_t $1_client_tmpfs_t:file { read write };
-
-	domtrans_pattern($1_t, xserver_exec_t, sandbox_xserver_t)
-	allow $1_t sandbox_xserver_t:process signal_perms;
-
-	domtrans_pattern($1_t, $1_file_t, $1_client_t)
-	domain_entry_file($1_client_t,  $1_file_t)
-
-	# Random tmpfs_t that gets created when you run X. 
-	fs_rw_tmpfs_files($1_t)
-
-	manage_dirs_pattern(sandbox_xserver_t, $1_file_t, $1_file_t)
-	manage_files_pattern(sandbox_xserver_t, $1_file_t, $1_file_t)
-	manage_sock_files_pattern(sandbox_xserver_t, $1_file_t, $1_file_t)
-	allow sandbox_xserver_t $1_file_t:sock_file create_sock_file_perms;
-	ps_process_pattern(sandbox_xserver_t, $1_client_t)
-	ps_process_pattern(sandbox_xserver_t, $1_t)
-	allow sandbox_xserver_t $1_client_t:shm rw_shm_perms;
-	allow sandbox_xserver_t $1_t:shm rw_shm_perms;
-	allow $1_client_t $1_t:unix_stream_socket connectto;
-	allow $1_t $1_client_t:unix_stream_socket connectto;
-
-	can_exec($1_client_t, $1_file_t)
-	manage_dirs_pattern($1_client_t, $1_file_t, $1_file_t)
-	manage_files_pattern($1_client_t, $1_file_t, $1_file_t)
-	manage_lnk_files_pattern($1_client_t, $1_file_t, $1_file_t)
-	manage_fifo_files_pattern($1_client_t, $1_file_t, $1_file_t)
-	manage_sock_files_pattern($1_client_t, $1_file_t, $1_file_t)
-')
-
-########################################
-## <summary>
-##	allow domain to read, 
-##	write sandbox_xserver tmp files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-#
-interface(`sandbox_rw_xserver_tmpfs_files',`
-	gen_require(`
-		type sandbox_xserver_tmpfs_t;
-	')
-
-	allow $1 sandbox_xserver_tmpfs_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	allow domain to read
-##	sandbox tmpfs files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-#
-interface(`sandbox_read_tmpfs_files',`
-	gen_require(`
-		attribute sandbox_tmpfs_type;
-	')
-
-	allow $1 sandbox_tmpfs_type:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	allow domain to manage
-##	sandbox tmpfs files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-#
-interface(`sandbox_manage_tmpfs_files',`
-	gen_require(`
-		attribute sandbox_tmpfs_type;
-	')
-
-	allow $1 sandbox_tmpfs_type:file manage_file_perms;
-')
-
-########################################
-## <summary>
-##	Delete sandbox files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-#
-interface(`sandbox_delete_files',`
-	gen_require(`
-		attribute sandbox_file_type;
-	')
-
-	delete_files_pattern($1, sandbox_file_type, sandbox_file_type)
-')
-
-########################################
-## <summary>
-##	Delete sandbox sock files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-#
-interface(`sandbox_delete_sock_files',`
-	gen_require(`
-		attribute sandbox_file_type;
-	')
-
-	delete_sock_files_pattern($1, sandbox_file_type, sandbox_file_type)
-')
-
-########################################
-## <summary>
-##	Allow domain to  set the attributes
-##	of the sandbox directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-#
-interface(`sandbox_setattr_dirs',`
-	gen_require(`
-		attribute sandbox_file_type;
-	')
-
-	allow $1 sandbox_file_type:dir setattr;
-')
-
-########################################
-## <summary>
-##	allow domain to delete sandbox files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-#
-interface(`sandbox_delete_dirs',`
-	gen_require(`
-		attribute sandbox_file_type;
-	')
-
-	delete_dirs_pattern($1, sandbox_file_type, sandbox_file_type)
-')
-
-########################################
-## <summary>
-##	allow domain to list sandbox dirs
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-#
-interface(`sandbox_list',`
-	gen_require(`
-		attribute sandbox_file_type;
-	')
-
-	allow $1 sandbox_file_type:dir list_dir_perms;
-')
diff --git a/policy/modules/apps/sandbox.te b/policy/modules/apps/sandbox.te
deleted file mode 100644
index 89fcce3..0000000
--- a/policy/modules/apps/sandbox.te
+++ /dev/null
@@ -1,408 +0,0 @@
-policy_module(sandbox,1.0.0)
-dbus_stub()
-attribute sandbox_domain;
-attribute sandbox_x_domain;
-attribute sandbox_file_type;
-attribute sandbox_web_type;
-attribute sandbox_tmpfs_type;
-attribute sandbox_x_type;
-
-########################################
-#
-# Declarations
-#
-
-sandbox_domain_template(sandbox)
-sandbox_x_domain_template(sandbox_min)
-sandbox_x_domain_template(sandbox_x)
-sandbox_x_domain_template(sandbox_web)
-sandbox_x_domain_template(sandbox_net)
-
-type sandbox_xserver_t;
-domain_type(sandbox_xserver_t)
-xserver_user_x_domain_template(sandbox_xserver, sandbox_xserver_t, sandbox_xserver_tmpfs_t)
-
-type sandbox_xserver_tmpfs_t;
-files_tmpfs_file(sandbox_xserver_tmpfs_t)
-
-type sandbox_devpts_t;
-term_pty(sandbox_devpts_t)
-files_type(sandbox_devpts_t)
-
-########################################
-#
-# sandbox xserver policy
-#
-allow sandbox_xserver_t self:process { execmem execstack };
-allow sandbox_xserver_t self:fifo_file manage_fifo_file_perms;
-allow sandbox_xserver_t self:shm create_shm_perms;
-allow sandbox_xserver_t self:tcp_socket create_stream_socket_perms;
-
-manage_dirs_pattern(sandbox_xserver_t, sandbox_xserver_tmpfs_t, sandbox_xserver_tmpfs_t)
-manage_files_pattern(sandbox_xserver_t, sandbox_xserver_tmpfs_t, sandbox_xserver_tmpfs_t)
-manage_lnk_files_pattern(sandbox_xserver_t, sandbox_xserver_tmpfs_t, sandbox_xserver_tmpfs_t)
-manage_fifo_files_pattern(sandbox_xserver_t, sandbox_xserver_tmpfs_t, sandbox_xserver_tmpfs_t)
-manage_sock_files_pattern(sandbox_xserver_t, sandbox_xserver_tmpfs_t, sandbox_xserver_tmpfs_t)
-fs_tmpfs_filetrans(sandbox_xserver_t, sandbox_xserver_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-kernel_dontaudit_request_load_module(sandbox_xserver_t)
-
-corecmd_exec_bin(sandbox_xserver_t)
-corecmd_exec_shell(sandbox_xserver_t)
-
-corenet_all_recvfrom_unlabeled(sandbox_xserver_t)
-corenet_all_recvfrom_netlabel(sandbox_xserver_t)
-corenet_tcp_sendrecv_all_if(sandbox_xserver_t)
-corenet_udp_sendrecv_all_if(sandbox_xserver_t)
-corenet_tcp_sendrecv_all_nodes(sandbox_xserver_t)
-corenet_udp_sendrecv_all_nodes(sandbox_xserver_t)
-corenet_tcp_sendrecv_all_ports(sandbox_xserver_t)
-corenet_udp_sendrecv_all_ports(sandbox_xserver_t)
-corenet_tcp_bind_all_nodes(sandbox_xserver_t)
-corenet_tcp_bind_xserver_port(sandbox_xserver_t)
-corenet_sendrecv_xserver_server_packets(sandbox_xserver_t)
-corenet_sendrecv_all_client_packets(sandbox_xserver_t)
-
-dev_rwx_zero(sandbox_xserver_t)
-
-files_read_config_files(sandbox_xserver_t)
-files_read_usr_files(sandbox_xserver_t)
-files_search_home(sandbox_xserver_t)
-fs_dontaudit_rw_tmpfs_files(sandbox_xserver_t)
-fs_list_inotifyfs(sandbox_xserver_t)
-
-miscfiles_read_fonts(sandbox_xserver_t)
-miscfiles_read_localization(sandbox_xserver_t)
-
-kernel_read_system_state(sandbox_xserver_t)
-
-selinux_validate_context(sandbox_xserver_t)
-selinux_compute_access_vector(sandbox_xserver_t)
-selinux_compute_create_context(sandbox_xserver_t)
-
-auth_use_nsswitch(sandbox_xserver_t)
-
-logging_send_syslog_msg(sandbox_xserver_t)
-logging_send_audit_msgs(sandbox_xserver_t)
-
-userdom_use_user_terminals(sandbox_xserver_t)
-userdom_dontaudit_search_user_home_content(sandbox_xserver_t)
-
-xserver_entry_type(sandbox_xserver_t)
-
-optional_policy(`
-	dbus_system_bus_client(sandbox_xserver_t)
-
-	optional_policy(`
-		hal_dbus_chat(sandbox_xserver_t)
-	')
-')
-
-########################################
-#
-# sandbox local policy
-#
-
-## internal communication is often done using fifo and unix sockets.
-allow sandbox_domain self:fifo_file manage_file_perms;
-allow sandbox_domain self:sem create_sem_perms;
-allow sandbox_domain self:shm create_shm_perms;
-allow sandbox_domain self:msgq create_msgq_perms;
-allow sandbox_domain self:unix_stream_socket create_stream_socket_perms;
-allow sandbox_domain self:unix_dgram_socket { sendto create_socket_perms };
-dontaudit sandbox_domain self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
-
-dev_rw_all_inherited_chr_files(sandbox_domain)
-dev_rw_all_inherited_blk_files(sandbox_domain)
-
-gen_require(`
-	type usr_t, lib_t, locale_t;
-	type var_t, var_run_t, rpm_log_t, locale_t;
-	attribute exec_type, configfile;
-')
-
-files_rw_all_inherited_files(sandbox_domain, -exec_type -configfile -usr_t -lib_t -locale_t -var_t -var_run_t -device_t -rpm_log_t )
-files_entrypoint_all_files(sandbox_domain)
-
-files_read_config_files(sandbox_domain)
-files_read_usr_files(sandbox_domain)
-files_read_var_files(sandbox_domain)
-files_dontaudit_search_all_dirs(sandbox_domain)
-
-miscfiles_read_localization(sandbox_domain)
-
-kernel_dontaudit_read_system_state(sandbox_domain)
-corecmd_exec_all_executables(sandbox_domain)
-
-userdom_dontaudit_use_user_terminals(sandbox_domain)
-
-mta_dontaudit_read_spool_symlinks(sandbox_domain)
-
-########################################
-#
-# sandbox_x_domain local policy
-#
-allow sandbox_x_domain self:fifo_file manage_file_perms;
-allow sandbox_x_domain self:sem create_sem_perms;
-allow sandbox_x_domain self:shm create_shm_perms;
-allow sandbox_x_domain self:msgq create_msgq_perms;
-allow sandbox_x_domain self:unix_stream_socket create_stream_socket_perms;
-allow sandbox_x_domain self:unix_dgram_socket { sendto create_socket_perms };
-
-allow sandbox_x_domain self:unix_stream_socket create_stream_socket_perms;
-
-allow sandbox_x_domain self:process { signal_perms getsched setpgid execstack execmem };
-dontaudit sandbox_x_domain self:process signal;
-
-allow sandbox_x_domain self:shm create_shm_perms;
-allow sandbox_x_domain self:unix_stream_socket { connectto create_stream_socket_perms };
-allow sandbox_x_domain self:unix_dgram_socket { sendto create_socket_perms };
-allow sandbox_x_domain sandbox_xserver_t:unix_stream_socket connectto;
-dontaudit sandbox_x_domain self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
-
-domain_dontaudit_read_all_domains_state(sandbox_x_domain)
-
-files_search_home(sandbox_x_domain)
-files_dontaudit_list_tmp(sandbox_x_domain)
-
-kernel_getattr_proc(sandbox_x_domain)
-kernel_read_network_state(sandbox_x_domain)
-kernel_read_system_state(sandbox_x_domain)
-
-corecmd_exec_all_executables(sandbox_x_domain)
-
-dev_read_urand(sandbox_x_domain)
-dev_dontaudit_read_rand(sandbox_x_domain)
-dev_read_sysfs(sandbox_x_domain)
-
-files_entrypoint_all_files(sandbox_x_domain)
-files_read_config_files(sandbox_x_domain)
-files_read_usr_files(sandbox_x_domain)
-files_read_usr_symlinks(sandbox_x_domain)
-
-fs_getattr_tmpfs(sandbox_x_domain)
-fs_getattr_xattr_fs(sandbox_x_domain)
-fs_list_inotifyfs(sandbox_x_domain)
-
-auth_dontaudit_read_login_records(sandbox_x_domain)
-auth_dontaudit_write_login_records(sandbox_x_domain)
-auth_use_nsswitch(sandbox_x_domain)
-auth_search_pam_console_data(sandbox_x_domain)
-
-init_read_utmp(sandbox_x_domain)
-init_dontaudit_write_utmp(sandbox_x_domain)
-
-miscfiles_read_localization(sandbox_x_domain)
-miscfiles_dontaudit_setattr_fonts_cache_dirs(sandbox_x_domain)
-
-term_getattr_pty_fs(sandbox_x_domain)
-term_use_ptmx(sandbox_x_domain)
-
-logging_send_syslog_msg(sandbox_x_domain)
-logging_dontaudit_search_logs(sandbox_x_domain)
-
-miscfiles_read_fonts(sandbox_x_domain)
-
-storage_dontaudit_rw_fuse(sandbox_x_domain)
-
-optional_policy(`
-	cups_stream_connect(sandbox_x_domain)
-	cups_read_rw_config(sandbox_x_domain)
-')
-
-optional_policy(`
-	dbus_system_bus_client(sandbox_x_domain)
-')
-
-optional_policy(`
-	gnome_read_gconf_config(sandbox_x_domain)
-')
-
-optional_policy(`
-	nscd_dontaudit_search_pid(sandbox_x_domain)
-')
-
-optional_policy(`
-	sssd_dontaudit_search_lib(sandbox_x_domain)
-')
-
-optional_policy(`
-	udev_read_db(sandbox_x_domain)
-')
-
-userdom_dontaudit_use_user_terminals(sandbox_x_domain)
-userdom_read_user_home_content_symlinks(sandbox_x_domain)
-userdom_search_user_home_content(sandbox_x_domain)
-
-files_search_home(sandbox_x_t)
-userdom_use_user_ptys(sandbox_x_t)
-
-########################################
-#
-# sandbox_x_client_t local policy
-#
-allow sandbox_x_client_t self:tcp_socket create_stream_socket_perms;
-allow sandbox_x_client_t self:udp_socket create_socket_perms;
-allow sandbox_x_client_t self:dbus { acquire_svc send_msg };
-allow sandbox_x_client_t self:netlink_selinux_socket create_socket_perms;
-
-dev_read_rand(sandbox_x_client_t)
-
-corenet_tcp_connect_ipp_port(sandbox_x_client_t)
-
-auth_use_nsswitch(sandbox_x_client_t)
-
-selinux_get_fs_mount(sandbox_x_client_t)
-selinux_validate_context(sandbox_x_client_t)
-selinux_compute_access_vector(sandbox_x_client_t)
-selinux_compute_create_context(sandbox_x_client_t)
-selinux_compute_relabel_context(sandbox_x_client_t)
-selinux_compute_user_contexts(sandbox_x_client_t)
-seutil_read_default_contexts(sandbox_x_client_t)
-
-optional_policy(`
-	hal_dbus_chat(sandbox_x_client_t)
-')
-
-
-allow sandbox_web_t self:process setsched;
-
-optional_policy(`
-	nsplugin_read_rw_files(sandbox_web_t)
-')
-
-########################################
-#
-# sandbox_web_client_t local policy
-#
-typeattribute sandbox_web_client_t sandbox_web_type;
-
-allow sandbox_web_type self:capability { setuid setgid };
-allow sandbox_web_type self:netlink_audit_socket nlmsg_relay;
-allow sandbox_web_type self:process setsched;
-dontaudit sandbox_web_type self:process setrlimit;
-
-allow sandbox_web_type self:tcp_socket create_stream_socket_perms;
-allow sandbox_web_type self:udp_socket create_socket_perms;
-allow sandbox_web_type self:dbus { acquire_svc send_msg };
-allow sandbox_web_type self:netlink_selinux_socket create_socket_perms;
-
-kernel_dontaudit_search_kernel_sysctl(sandbox_web_type)
-kernel_request_load_module(sandbox_web_type)
-
-dev_read_rand(sandbox_web_type)
-dev_write_sound(sandbox_web_type)
-dev_read_sound(sandbox_web_type)
-
-corenet_all_recvfrom_unlabeled(sandbox_web_type)
-corenet_all_recvfrom_netlabel(sandbox_web_type)
-corenet_tcp_sendrecv_all_if(sandbox_web_type)
-corenet_raw_sendrecv_all_if(sandbox_web_type)
-corenet_tcp_sendrecv_all_nodes(sandbox_web_type)
-corenet_raw_sendrecv_all_nodes(sandbox_web_type)
-corenet_tcp_sendrecv_http_port(sandbox_web_type)
-corenet_tcp_sendrecv_http_cache_port(sandbox_web_type)
-corenet_tcp_sendrecv_squid_port(sandbox_web_type)
-corenet_tcp_sendrecv_ftp_port(sandbox_web_type)
-corenet_tcp_sendrecv_ipp_port(sandbox_web_type)
-corenet_tcp_connect_http_port(sandbox_web_type)
-corenet_tcp_connect_http_cache_port(sandbox_web_type)
-corenet_tcp_connect_squid_port(sandbox_web_type)
-corenet_tcp_connect_flash_port(sandbox_web_type)
-corenet_tcp_connect_ftp_port(sandbox_web_type)
-corenet_tcp_connect_ipp_port(sandbox_web_type)
-corenet_tcp_connect_streaming_port(sandbox_web_type)
-corenet_tcp_connect_pulseaudio_port(sandbox_web_type)
-corenet_tcp_connect_speech_port(sandbox_web_type)
-corenet_tcp_connect_generic_port(sandbox_web_type)
-corenet_tcp_connect_soundd_port(sandbox_web_type)
-corenet_tcp_connect_speech_port(sandbox_web_type)
-corenet_sendrecv_http_client_packets(sandbox_web_type)
-corenet_sendrecv_http_cache_client_packets(sandbox_web_type)
-corenet_sendrecv_squid_client_packets(sandbox_web_type)
-corenet_sendrecv_ftp_client_packets(sandbox_web_type)
-corenet_sendrecv_ipp_client_packets(sandbox_web_type)
-corenet_sendrecv_generic_client_packets(sandbox_web_type)
-
-corenet_dontaudit_tcp_sendrecv_generic_port(sandbox_web_type)
-corenet_dontaudit_tcp_bind_generic_port(sandbox_web_type)
-
-files_dontaudit_getattr_all_dirs(sandbox_web_type)
-files_dontaudit_list_mnt(sandbox_web_type)
-
-fs_dontaudit_rw_anon_inodefs_files(sandbox_web_type)
-fs_dontaudit_getattr_all_fs(sandbox_web_type)
-
-storage_dontaudit_getattr_fixed_disk_dev(sandbox_web_type)
-
-auth_use_nsswitch(sandbox_web_type)
-
-dbus_system_bus_client(sandbox_web_type)
-dbus_read_config(sandbox_web_type)
-selinux_get_fs_mount(sandbox_web_type)
-selinux_validate_context(sandbox_web_type)
-selinux_compute_access_vector(sandbox_web_type)
-selinux_compute_create_context(sandbox_web_type)
-selinux_compute_relabel_context(sandbox_web_type)
-selinux_compute_user_contexts(sandbox_web_type)
-seutil_read_default_contexts(sandbox_web_type)
-
-userdom_rw_user_tmpfs_files(sandbox_web_type)
-userdom_delete_user_tmpfs_files(sandbox_web_type)
-
-optional_policy(`
-	bluetooth_dontaudit_dbus_chat(sandbox_web_type)
-')
-
-optional_policy(`
-	consolekit_dbus_chat(sandbox_web_type)
-')
-
-optional_policy(`
-	hal_dbus_chat(sandbox_web_type)
-')
-
-optional_policy(`
-	nsplugin_read_rw_files(sandbox_web_type)
-	nsplugin_rw_exec(sandbox_web_type)
-')
-
-optional_policy(`
-	pulseaudio_stream_connect(sandbox_web_type)
-	allow sandbox_web_type self:netlink_kobject_uevent_socket create_socket_perms;
-')
-
-optional_policy(`
-	rtkit_daemon_dontaudit_dbus_chat(sandbox_web_type)
-')
-
-optional_policy(`
-	networkmanager_dontaudit_dbus_chat(sandbox_web_type)
-')
-
-optional_policy(`
-	udev_read_state(sandbox_web_type)
-')
-
-########################################
-#
-# sandbox_net_client_t local policy
-#
-typeattribute sandbox_net_client_t sandbox_web_type;
-
-corenet_all_recvfrom_unlabeled(sandbox_net_client_t)
-corenet_all_recvfrom_netlabel(sandbox_net_client_t)
-corenet_tcp_sendrecv_all_if(sandbox_net_client_t)
-corenet_udp_sendrecv_all_if(sandbox_net_client_t)
-corenet_tcp_sendrecv_all_nodes(sandbox_net_client_t)
-corenet_udp_sendrecv_all_nodes(sandbox_net_client_t)
-corenet_tcp_sendrecv_all_ports(sandbox_net_client_t)
-corenet_udp_sendrecv_all_ports(sandbox_net_client_t)
-corenet_tcp_connect_all_ports(sandbox_net_client_t)
-corenet_sendrecv_all_client_packets(sandbox_net_client_t)
-
-optional_policy(`
-	mozilla_dontaudit_rw_user_home_files(sandbox_x_t)
-	mozilla_dontaudit_rw_user_home_files(sandbox_xserver_t)
-	mozilla_dontaudit_rw_user_home_files(sandbox_x_domain)
-')
diff --git a/policy/modules/apps/screen.fc b/policy/modules/apps/screen.fc
deleted file mode 100644
index 1f2cde4..0000000
--- a/policy/modules/apps/screen.fc
+++ /dev/null
@@ -1,14 +0,0 @@
-#
-# /home
-#
-HOME_DIR/\.screenrc		--	gen_context(system_u:object_r:screen_home_t,s0)
-
-#
-# /usr
-#
-/usr/bin/screen			--	gen_context(system_u:object_r:screen_exec_t,s0)
-
-#
-# /var
-#
-/var/run/screen(/.*)?			gen_context(system_u:object_r:screen_var_run_t,s0)
diff --git a/policy/modules/apps/screen.if b/policy/modules/apps/screen.if
deleted file mode 100644
index 320df26..0000000
--- a/policy/modules/apps/screen.if
+++ /dev/null
@@ -1,157 +0,0 @@
-## <summary>GNU terminal multiplexer</summary>
-
-#######################################
-## <summary>
-##	The role template for the screen module.
-## </summary>
-## <param name="role_prefix">
-##	<summary>
-##	The prefix of the user role (e.g., user
-##	is the prefix for user_r).
-##	</summary>
-## </param>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-template(`screen_role_template',`
-	gen_require(`
-		type screen_exec_t, screen_tmp_t;
-		type screen_home_t, screen_var_run_t;
-	')
-
-	########################################
-	#
-	# Declarations
-	#
-
-	type $1_screen_t;
-	application_domain($1_screen_t, screen_exec_t)
-	domain_interactive_fd($1_screen_t)
-	ubac_constrained($1_screen_t)
-	role $2 types $1_screen_t;
-
-	########################################
-	#
-	# Local policy
-	#
-
-	allow $1_screen_t self:capability { setuid setgid fsetid };
-	allow $1_screen_t self:process signal_perms;
-	allow $1_screen_t self:fifo_file rw_fifo_file_perms;
-	allow $1_screen_t self:tcp_socket create_stream_socket_perms;
-	allow $1_screen_t self:udp_socket create_socket_perms;
-	# Internal screen networking
-	allow $1_screen_t self:fd use;
-	allow $1_screen_t self:unix_stream_socket create_socket_perms;
-	allow $1_screen_t self:unix_dgram_socket create_socket_perms;
-
-	manage_dirs_pattern($1_screen_t, screen_tmp_t, screen_tmp_t)
-	manage_files_pattern($1_screen_t, screen_tmp_t, screen_tmp_t)
-	manage_fifo_files_pattern($1_screen_t, screen_tmp_t, screen_tmp_t)
-	files_tmp_filetrans($1_screen_t, screen_tmp_t, { file dir })
-
-	# Create fifo
-	manage_fifo_files_pattern($1_screen_t, screen_var_run_t, screen_var_run_t)
-	manage_dirs_pattern($1_screen_t, screen_var_run_t, screen_var_run_t)
-	files_pid_filetrans($1_screen_t, screen_var_run_t, dir)
-
-	allow $1_screen_t screen_home_t:dir list_dir_perms;
-	read_files_pattern($1_screen_t, screen_home_t, screen_home_t)
-	read_lnk_files_pattern($1_screen_t, screen_home_t, screen_home_t)
-
-	allow $1_screen_t $3:process signal;
-
-	domtrans_pattern($3, screen_exec_t, $1_screen_t)
-	allow $3 $1_screen_t:process { signal sigchld };
-	allow $1_screen_t $3:process signal;
-
-	manage_dirs_pattern($3, screen_home_t, screen_home_t)
-	manage_files_pattern($3, screen_home_t, screen_home_t)
-	manage_lnk_files_pattern($3, screen_home_t, screen_home_t)
-	relabel_dirs_pattern($3, screen_home_t, screen_home_t)
-	relabel_files_pattern($3, screen_home_t, screen_home_t)
-	relabel_lnk_files_pattern($3, screen_home_t, screen_home_t)
-
-	manage_dirs_pattern($3, screen_var_run_t, screen_var_run_t)
-	manage_files_pattern($3, screen_var_run_t, screen_var_run_t)
-	manage_lnk_files_pattern($3, screen_var_run_t, screen_var_run_t)
-	manage_fifo_files_pattern($3, screen_var_run_t, screen_var_run_t)
-
-	kernel_read_system_state($1_screen_t)
-	kernel_read_kernel_sysctls($1_screen_t)
-
-	corecmd_list_bin($1_screen_t)
-	corecmd_read_bin_files($1_screen_t)
-	corecmd_read_bin_symlinks($1_screen_t)
-	corecmd_read_bin_pipes($1_screen_t)
-	corecmd_read_bin_sockets($1_screen_t)
-	# Revert to the user domain when a shell is executed.
-	corecmd_shell_domtrans($1_screen_t, $3)
-	corecmd_bin_domtrans($1_screen_t, $3)
-
-	corenet_all_recvfrom_unlabeled($1_screen_t)
-	corenet_all_recvfrom_netlabel($1_screen_t)
-	corenet_tcp_sendrecv_generic_if($1_screen_t)
-	corenet_udp_sendrecv_generic_if($1_screen_t)
-	corenet_tcp_sendrecv_generic_node($1_screen_t)
-	corenet_udp_sendrecv_generic_node($1_screen_t)
-	corenet_tcp_sendrecv_all_ports($1_screen_t)
-	corenet_udp_sendrecv_all_ports($1_screen_t)
-	corenet_tcp_connect_all_ports($1_screen_t)
-
-	dev_dontaudit_getattr_all_chr_files($1_screen_t)
-	dev_dontaudit_getattr_all_blk_files($1_screen_t)
-	# for SSP
-	dev_read_urand($1_screen_t)
-
-	domain_use_interactive_fds($1_screen_t)
-
-	files_search_tmp($1_screen_t)
-	files_search_home($1_screen_t)
-	files_list_home($1_screen_t)
-	files_read_usr_files($1_screen_t)
-	files_read_etc_files($1_screen_t)
-
-	fs_search_auto_mountpoints($1_screen_t)
-	fs_getattr_xattr_fs($1_screen_t)
-
-	auth_domtrans_chk_passwd($1_screen_t)
-	auth_use_nsswitch($1_screen_t)
-	auth_dontaudit_read_shadow($1_screen_t)
-	auth_dontaudit_exec_utempter($1_screen_t)
-
-	# Write to utmp.
-	init_rw_utmp($1_screen_t)
-
-	logging_send_syslog_msg($1_screen_t)
-
-	miscfiles_read_localization($1_screen_t)
-
-	seutil_read_config($1_screen_t)
-
-	userdom_use_user_terminals($1_screen_t)
-	userdom_create_user_pty($1_screen_t)
-	userdom_user_home_domtrans($1_screen_t, $3)
-	userdom_setattr_user_ptys($1_screen_t)
-	userdom_setattr_user_ttys($1_screen_t)
-
-	tunable_policy(`use_samba_home_dirs',`
-		fs_cifs_domtrans($1_screen_t, $3)
-		fs_read_cifs_symlinks($1_screen_t)
-		fs_list_cifs($1_screen_t)
-	')
-
-	tunable_policy(`use_nfs_home_dirs',`
-		fs_nfs_domtrans($1_screen_t, $3)
-		fs_list_nfs($1_screen_t)
-		fs_read_nfs_symlinks($1_screen_t)
-	')
-')
diff --git a/policy/modules/apps/screen.te b/policy/modules/apps/screen.te
deleted file mode 100644
index 8c65cc6..0000000
--- a/policy/modules/apps/screen.te
+++ /dev/null
@@ -1,26 +0,0 @@
-policy_module(screen, 2.3.0)
-
-########################################
-#
-# Declarations
-#
-
-type screen_exec_t;
-application_executable_file(screen_exec_t)
-
-type screen_home_t;
-typealias screen_home_t alias { user_screen_home_t staff_screen_home_t sysadm_screen_home_t };
-typealias screen_home_t alias { auditadm_screen_home_t secadm_screen_home_t };
-userdom_user_home_content(screen_home_t)
-
-type screen_tmp_t;
-typealias screen_tmp_t alias { user_screen_tmp_t staff_screen_tmp_t sysadm_screen_tmp_t };
-typealias screen_tmp_t alias { auditadm_screen_tmp_t secadm_screen_tmp_t };
-files_tmp_file(screen_tmp_t)
-ubac_constrained(screen_tmp_t)
-
-type screen_var_run_t;
-typealias screen_var_run_t alias { user_screen_var_run_t staff_screen_var_run_t sysadm_screen_var_run_t };
-typealias screen_var_run_t alias { auditadm_screen_var_run_t secadm_screen_var_run_t screen_dir_t };
-files_pid_file(screen_var_run_t)
-ubac_constrained(screen_var_run_t)
diff --git a/policy/modules/apps/seunshare.fc b/policy/modules/apps/seunshare.fc
deleted file mode 100644
index 30a4b9f..0000000
--- a/policy/modules/apps/seunshare.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/sbin/seunshare	--	gen_context(system_u:object_r:seunshare_exec_t,s0)
diff --git a/policy/modules/apps/seunshare.if b/policy/modules/apps/seunshare.if
deleted file mode 100644
index 7455c19..0000000
--- a/policy/modules/apps/seunshare.if
+++ /dev/null
@@ -1,99 +0,0 @@
-## <summary>Filesystem namespacing/polyinstantiation application.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run seunshare.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`seunshare_domtrans',`
-	gen_require(`
-		type seunshare_t, seunshare_exec_t;
-	')
-
-	domtrans_pattern($1, seunshare_exec_t, seunshare_t)
-')
-
-########################################
-## <summary>
-##	Execute seunshare in the seunshare domain, and
-##	allow the specified role the seunshare domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`seunshare_run',`
-	gen_require(`
-		type seunshare_t;
-	')
-
-	seunshare_domtrans($1)
-	role $2 types seunshare_t;
-
-	allow $1 seunshare_t:process signal_perms;
-
-	ifdef(`hide_broken_symptoms', `
-		dontaudit seunshare_t $1:tcp_socket rw_socket_perms;
-		dontaudit seunshare_t $1:udp_socket rw_socket_perms;
-		dontaudit seunshare_t $1:unix_stream_socket rw_socket_perms;
-	')
-')
-
-########################################
-## <summary>
-##	The role template for the seunshare module.
-## </summary>
-## <param name="role_prefix">
-##	<summary>
-##	The prefix of the user role (e.g., user
-##	is the prefix for user_r).
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role.
-##	</summary>
-## </param>
-#
-interface(`seunshare_role_template',`
-	gen_require(`
-		attribute seunshare_domain;
-		type seunshare_exec_t;
-	')
-
-	type $1_seunshare_t, seunshare_domain;
-	application_domain($1_seunshare_t, seunshare_exec_t)
-	role $2 types $1_seunshare_t;
-
-	mls_process_set_level($1_seunshare_t)
-
-	domtrans_pattern($3, seunshare_exec_t, $1_seunshare_t)
-	sandbox_transition($1_seunshare_t, $2)
-
-	ps_process_pattern($3, $1_seunshare_t)
-	allow $3 $1_seunshare_t:process signal_perms;
-
-	allow $1_seunshare_t $3:process transition;
-	dontaudit $1_seunshare_t $3:process { noatsecure siginh rlimitinh };
-
-	ifdef(`hide_broken_symptoms', `
-		dontaudit $1_seunshare_t $3:socket_class_set { read write };
-	')
-')
diff --git a/policy/modules/apps/seunshare.te b/policy/modules/apps/seunshare.te
deleted file mode 100644
index e5ef7b3..0000000
--- a/policy/modules/apps/seunshare.te
+++ /dev/null
@@ -1,49 +0,0 @@
-policy_module(seunshare, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-attribute seunshare_domain;
-type seunshare_exec_t;
-
-########################################
-#
-# seunshare local policy
-#
-allow seunshare_domain self:capability { fowner setuid dac_override setpcap sys_admin sys_nice };
-allow seunshare_domain self:process { fork setexec signal getcap setcap setsched };
-
-allow seunshare_domain self:fifo_file rw_file_perms;
-allow seunshare_domain self:unix_stream_socket create_stream_socket_perms;
-
-kernel_read_system_state(seunshare_domain)
-
-corecmd_exec_shell(seunshare_domain)
-corecmd_exec_bin(seunshare_domain)
-
-files_search_all(seunshare_domain)
-files_read_etc_files(seunshare_domain)
-files_mounton_all_poly_members(seunshare_domain)
-
-fs_manage_cgroup_dirs(seunshare_domain)
-fs_manage_cgroup_files(seunshare_domain)
-
-auth_use_nsswitch(seunshare_domain)
-
-logging_send_syslog_msg(seunshare_domain)
-
-miscfiles_read_localization(seunshare_domain)
-
-userdom_use_user_terminals(seunshare_domain)
-
-ifdef(`hide_broken_symptoms', `
-	fs_dontaudit_rw_anon_inodefs_files(seunshare_domain)
- 	fs_dontaudit_list_inotifyfs(seunshare_domain)
-
-	optional_policy(`
-		mozilla_dontaudit_manage_user_home_files(seunshare_domain)
-	')
-')
-
diff --git a/policy/modules/apps/slocate.fc b/policy/modules/apps/slocate.fc
deleted file mode 100644
index 1951c4b..0000000
--- a/policy/modules/apps/slocate.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-/usr/bin/updatedb		--	gen_context(system_u:object_r:locate_exec_t, s0)
-/var/lib/[sm]locate(/.*)?		gen_context(system_u:object_r:locate_var_lib_t,s0)
diff --git a/policy/modules/apps/slocate.if b/policy/modules/apps/slocate.if
deleted file mode 100644
index b7505a0..0000000
--- a/policy/modules/apps/slocate.if
+++ /dev/null
@@ -1,41 +0,0 @@
-## <summary>Update database for mlocate</summary>
-
-########################################
-## <summary>
-##	Create the locate log with append mode.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`slocate_create_append_log',`
-	gen_require(`
-		type locate_log_t;
-	')
-
-	logging_search_logs($1)
-	create_files_pattern($1, locate_log_t, locate_log_t)
-	append_files_pattern($1, locate_log_t, locate_log_t)
-')
-
-########################################
-## <summary>
-##	Read locate lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`locate_read_lib_files',`
-	gen_require(`
-		type locate_var_lib_t;
-	')
-
-	read_files_pattern($1, locate_var_lib_t, locate_var_lib_t)
-	allow $1 locate_var_lib_t:dir list_dir_perms;
-	files_search_var_lib($1)
-')
diff --git a/policy/modules/apps/slocate.te b/policy/modules/apps/slocate.te
deleted file mode 100644
index 3d2ef30..0000000
--- a/policy/modules/apps/slocate.te
+++ /dev/null
@@ -1,70 +0,0 @@
-policy_module(slocate, 1.9.1)
-
-#################################
-#
-# Declarations
-#
-
-type locate_t;
-type locate_exec_t;
-init_system_domain(locate_t, locate_exec_t)
-
-type locate_log_t;
-logging_log_file(locate_log_t)
-
-type locate_var_lib_t;
-files_type(locate_var_lib_t)
-
-########################################
-#
-# Local policy
-#
-
-allow locate_t self:capability { chown dac_read_search dac_override fowner fsetid };
-allow locate_t self:process { execmem execheap execstack signal };
-allow locate_t self:fifo_file rw_fifo_file_perms;
-allow locate_t self:unix_stream_socket create_socket_perms;
-
-manage_dirs_pattern(locate_t, locate_var_lib_t, locate_var_lib_t)
-manage_files_pattern(locate_t, locate_var_lib_t, locate_var_lib_t)
-
-kernel_read_system_state(locate_t)
-kernel_dontaudit_search_network_state(locate_t)
-kernel_dontaudit_search_sysctl(locate_t)
-
-corecmd_exec_bin(locate_t)
-
-dev_getattr_all_blk_files(locate_t)
-dev_getattr_all_chr_files(locate_t)
-
-files_list_all(locate_t)
-files_dontaudit_read_all_symlinks(locate_t)
-files_getattr_all_files(locate_t)
-files_getattr_all_pipes(locate_t)
-files_getattr_all_sockets(locate_t)
-files_read_etc_runtime_files(locate_t)
-files_read_etc_files(locate_t)
-
-fs_getattr_all_fs(locate_t)
-fs_getattr_all_files(locate_t)
-fs_getattr_all_pipes(locate_t)
-fs_getattr_all_symlinks(locate_t)
-fs_getattr_all_blk_files(locate_t)
-fs_getattr_all_chr_files(locate_t)
-fs_list_all(locate_t)
-fs_list_inotifyfs(locate_t)
-fs_read_noxattr_fs_symlinks(locate_t)
-
-# getpwnam
-auth_use_nsswitch(locate_t)
-
-miscfiles_read_localization(locate_t)
-
-ifdef(`enable_mls',`
-	# On MLS machines will not be allowed to getattr Anything but SystemLow
-	files_dontaudit_getattr_all_dirs(locate_t)
-')
-
-optional_policy(`
-	cron_system_entry(locate_t, locate_exec_t)
-')
diff --git a/policy/modules/apps/telepathy.fc b/policy/modules/apps/telepathy.fc
deleted file mode 100644
index 809bb65..0000000
--- a/policy/modules/apps/telepathy.fc
+++ /dev/null
@@ -1,15 +0,0 @@
-HOME_DIR/\.mission-control(/.*)?				gen_context(system_u:object_r:telepathy_mission_control_home_t, s0)
-HOME_DIR/\.cache/\.mc_connections		--		gen_context(system_u:object_r:telepathy_mission_control_cache_home_t, s0)
-HOME_DIR/\.cache/telepathy/gabble(/.*)?				gen_context(system_u:object_r:telepathy_gabble_cache_home_t, s0)
-HOME_DIR/.telepathy-sunshine(/.*)?			gen_context(system_u:object_r:telepathy_sunshine_home_t, s0)
-
-/usr/libexec/mission-control-5			--		gen_context(system_u:object_r:telepathy_mission_control_exec_t, s0)
-
-/usr/libexec/telepathy-butterfly		--		gen_context(system_u:object_r:telepathy_msn_exec_t, s0)
-/usr/libexec/telepathy-gabble			--		gen_context(system_u:object_r:telepathy_gabble_exec_t, s0)
-/usr/libexec/telepathy-haze				--		gen_context(system_u:object_r:telepathy_msn_exec_t, s0)
-/usr/libexec/telepathy-idle				--		gen_context(system_u:object_r:telepathy_idle_exec_t, s0)
-/usr/libexec/telepathy-salut			--		gen_context(system_u:object_r:telepathy_salut_exec_t, s0)
-/usr/libexec/telepathy-sofiasip			--		gen_context(system_u:object_r:telepathy_sofiasip_exec_t, s0)
-/usr/libexec/telepathy-stream-engine	--		gen_context(system_u:object_r:telepathy_stream_engine_exec_t, s0)
-/usr/libexec/telepathy-sunshine			--		gen_context(system_u:object_r:telepathy_sunshine_exec_t, s0)
diff --git a/policy/modules/apps/telepathy.if b/policy/modules/apps/telepathy.if
deleted file mode 100644
index 3d12484..0000000
--- a/policy/modules/apps/telepathy.if
+++ /dev/null
@@ -1,188 +0,0 @@
-
-## <summary>Telepathy framework.</summary>
-
-#######################################
-## <summary>
-##  Creates basic types for telepathy
-##  domain
-## </summary>
-## <param name="prefix">
-##  <summary>
-##  Prefix for the domain.
-##  </summary>
-## </param>
-#
-#
-template(`telepathy_domain_template',`
-
-	gen_require(`
-		attribute telepathy_domain;
-		attribute telepathy_executable;
-	')
-
-	type telepathy_$1_t, telepathy_domain;
-	type telepathy_$1_exec_t, telepathy_executable;
-	application_domain(telepathy_$1_t, telepathy_$1_exec_t)
-	ubac_constrained(telepathy_$1_t)
-
-	type telepathy_$1_tmp_t;
-	files_tmp_file(telepathy_$1_tmp_t)
-	ubac_constrained(telepathy_$1_tmp_t)
-
-	dbus_session_domain(telepathy_$1_t, telepathy_$1_exec_t)
-')
-
-#######################################
-## <summary>
-##  	Role access for telepathy domains
-###     that executes via dbus-session
-## </summary>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-template(`telepathy_dbus_session_role', `
-	gen_require(`
-		attribute telepathy_domain;
-	')
-
-        role $1 types telepathy_domain;
-
-	allow $2 telepathy_domain:process { ptrace signal_perms };
-	ps_process_pattern($2, telepathy_domain)
-
-	optional_policy(`
-		telepathy_dbus_chat($2)
-	')
-
-	telepathy_gabble_stream_connect($2)
-	telepathy_msn_stream_connect($2)
-	telepathy_salut_stream_connect($2)	
-')
-
-########################################
-## <summary>
-##	Send DBus messages to and from
-##	all Telepathy domain.
-## </summary>
-## <param name="domain">
-## 	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`telepathy_dbus_chat', `
-	gen_require(`
-		attribute telepathy_domain;
-		class dbus send_msg;
-	')
-
-	allow $1 telepathy_domain:dbus send_msg;
-	allow telepathy_domain $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Send DBus messages to and from
-##	Telepathy Gabble.
-## </summary>
-## <param name="domain">
-## 	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`telepathy_gabble_dbus_chat', `
-	gen_require(`
-		type telepathy_gabble_t;
-		class dbus send_msg;
-	')
-
-	allow $1 telepathy_gabble_t:dbus send_msg;
-	allow telepathy_gabble_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Read and write Telepathy Butterfly
-##	temporary files.
-## </summary>
-## <param name="domain">
-## 	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`telepathy_butterfly_rw_tmp_files', `
-	gen_require(`
-		type telepathy_butterfly_tmp_t;
-	')
-
-	allow $1 telepathy_butterfly_tmp_t:file rw_file_perms;
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	Stream connect to Telepathy Gabble
-## </summary>
-## <param name="domain">
-## 	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`telepathy_gabble_stream_connect', `
-	gen_require(`
-		type telepathy_gabble_t, telepathy_gabble_tmp_t;
-	')
-
-	stream_connect_pattern($1, telepathy_gabble_tmp_t, telepathy_gabble_tmp_t, telepathy_gabble_t)
-	files_search_tmp($1)
-')
-
-#######################################
-## <summary>
-##      Stream connect to telepathy MSN managers
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`telepathy_msn_stream_connect', `
-        gen_require(`
-                type telepathy_msn_t, telepathy_msn_tmp_t;
-        ')
-
-        stream_connect_pattern($1, telepathy_msn_tmp_t, telepathy_msn_tmp_t, telepathy_msn_t)
-        files_search_tmp($1)
-')
-
-
-########################################
-## <summary>
-##	Stream connect to Telepathy Salut
-## </summary>
-## <param name="domain">
-## 	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`telepathy_salut_stream_connect', `
-	gen_require(`
-		type telepathy_salut_t, telepathy_salut_tmp_t;
-	')
-
-	stream_connect_pattern($1, telepathy_salut_tmp_t, telepathy_salut_tmp_t, telepathy_salut_t)
-	files_search_tmp($1)
-')
diff --git a/policy/modules/apps/telepathy.te b/policy/modules/apps/telepathy.te
deleted file mode 100644
index 0b28cf8..0000000
--- a/policy/modules/apps/telepathy.te
+++ /dev/null
@@ -1,329 +0,0 @@
-
-policy_module(telepathy, 1.0.0)
-
-########################################
-#
-# Declarations.
-#
-
-## <desc>
-## <p>
-##  Allow the Telepathy connection managers
-##  to connect to any generic TCP port.
-## </p>
-## </desc>
-gen_tunable(telepathy_tcp_connect_generic_network_ports, false)
-
-attribute telepathy_domain;
-attribute telepathy_executable;
-
-telepathy_domain_template(gabble)
-
-type telepathy_gabble_cache_home_t;
-userdom_user_home_content(telepathy_gabble_cache_home_t)
-
-telepathy_domain_template(idle)
-telepathy_domain_template(mission_control)
-
-type telepathy_mission_control_home_t;
-userdom_user_home_content(telepathy_mission_control_home_t)
-
-type telepathy_mission_control_cache_home_t;
-userdom_user_home_content(telepathy_mission_control_cache_home_t)
-
-type telepathy_sunshine_home_t;
-userdom_user_home_content(telepathy_sunshine_home_t)
-
-telepathy_domain_template(msn)
-telepathy_domain_template(salut)
-telepathy_domain_template(sofiasip)
-telepathy_domain_template(stream_engine)
-telepathy_domain_template(sunshine)
-
-#######################################
-#
-# Telepathy Butterfly and Haze local policy.
-#
-
-allow telepathy_msn_t self:process setsched;
-allow telepathy_msn_t self:netlink_route_socket create_netlink_socket_perms;
-allow telepathy_msn_t self:unix_dgram_socket { write create connect };
-
-manage_dirs_pattern(telepathy_msn_t, telepathy_msn_tmp_t, telepathy_msn_tmp_t)
-manage_files_pattern(telepathy_msn_t, telepathy_msn_tmp_t, telepathy_msn_tmp_t)
-manage_sock_files_pattern(telepathy_msn_t, telepathy_msn_tmp_t, telepathy_msn_tmp_t)
-exec_files_pattern(telepathy_msn_t, telepathy_msn_tmp_t, telepathy_msn_tmp_t)
-files_tmp_filetrans(telepathy_msn_t, telepathy_msn_tmp_t, { dir file sock_file })
-userdom_user_tmp_filetrans(telepathy_msn_t, telepathy_msn_tmp_t, { dir file sock_file })
-userdom_dontaudit_setattr_user_tmp(telepathy_msn_t)
-can_exec(telepathy_msn_t, telepathy_msn_tmp_t)
-
-corenet_sendrecv_http_client_packets(telepathy_msn_t)
-corenet_sendrecv_mmcc_client_packets(telepathy_msn_t)
-corenet_sendrecv_msnp_client_packets(telepathy_msn_t)
-corenet_tcp_connect_http_port(telepathy_msn_t)
-corenet_tcp_connect_mmcc_port(telepathy_msn_t)
-corenet_tcp_connect_msnp_port(telepathy_msn_t)
-corenet_tcp_connect_sametime_port(telepathy_msn_t)
-
-corecmd_exec_bin(telepathy_msn_t)
-corecmd_exec_shell(telepathy_msn_t)
-corecmd_read_bin_symlinks(telepathy_msn_t)
-
-dev_read_urand(telepathy_msn_t)
-
-files_read_etc_files(telepathy_msn_t)
-files_read_usr_files(telepathy_msn_t)
-
-auth_use_nsswitch(telepathy_msn_t)
-
-init_read_state(telepathy_msn_t)
-
-libs_exec_ldconfig(telepathy_msn_t)
-
-logging_send_syslog_msg(telepathy_msn_t)
-
-miscfiles_read_all_certs(telepathy_msn_t)
-
-sysnet_read_config(telepathy_msn_t)
-
-optional_policy(`
-        dbus_system_bus_client(telepathy_msn_t)
-	optional_policy(`
-		networkmanager_dbus_chat(telepathy_msn_t)
-	')
-')
-
-optional_policy(`
-        gnome_read_gconf_home_files(telepathy_msn_t)
-')
-
-#######################################
-#
-# Telepathy Gabble local policy.
-#
-
-allow telepathy_gabble_t self:netlink_route_socket create_netlink_socket_perms;
-allow telepathy_gabble_t self:tcp_socket { listen accept };
-allow telepathy_gabble_t self:unix_dgram_socket { write read create getattr sendto };
-
-manage_dirs_pattern(telepathy_gabble_t, telepathy_gabble_tmp_t, telepathy_gabble_tmp_t)
-manage_sock_files_pattern(telepathy_gabble_t, telepathy_gabble_tmp_t, telepathy_gabble_tmp_t)
-files_tmp_filetrans(telepathy_gabble_t, telepathy_gabble_tmp_t, { dir sock_file })
-
-# ~/.cache/gabble/caps-cache.db-journal
-optional_policy(`
-        manage_dirs_pattern(telepathy_gabble_t, telepathy_gabble_cache_home_t, telepathy_gabble_cache_home_t)
-        manage_files_pattern(telepathy_gabble_t, telepathy_gabble_cache_home_t, telepathy_gabble_cache_home_t)
-        gnome_cache_filetrans(telepathy_gabble_t, telepathy_gabble_cache_home_t, { dir file })
-')
-
-corenet_sendrecv_commplex_client_packets(telepathy_gabble_t)
-corenet_sendrecv_http_client_packets(telepathy_gabble_t)
-corenet_sendrecv_jabber_client_client_packets(telepathy_gabble_t)
-corenet_sendrecv_vnc_client_packets(telepathy_gabble_t)
-
-corenet_tcp_connect_commplex_port(telepathy_gabble_t)
-corenet_tcp_connect_http_port(telepathy_gabble_t)
-corenet_tcp_connect_jabber_client_port(telepathy_gabble_t)
-corenet_tcp_connect_vnc_port(telepathy_gabble_t)
-
-dev_read_rand(telepathy_gabble_t)
-dev_read_urand(telepathy_gabble_t)
-
-files_read_config_files(telepathy_gabble_t)
-files_read_usr_files(telepathy_gabble_t)
-
-miscfiles_read_all_certs(telepathy_gabble_t)
-
-sysnet_read_config(telepathy_gabble_t)
-
-optional_policy(`
-        dbus_system_bus_client(telepathy_gabble_t)
-')
-
-tunable_policy(`use_nfs_home_dirs', `
-        fs_manage_nfs_dirs(telepathy_gabble_t)
-        fs_manage_nfs_files(telepathy_gabble_t)
-')
-
-tunable_policy(`use_samba_home_dirs', `
-        fs_manage_cifs_dirs(telepathy_gabble_t)
-        fs_manage_cifs_files(telepathy_gabble_t)
-')
-
-#######################################
-#
-# Telepathy Idle local policy.
-#
-
-allow telepathy_idle_t self:netlink_route_socket create_netlink_socket_perms;
-
-corenet_sendrecv_ircd_client_packets(telepathy_idle_t)
-corenet_tcp_connect_ircd_port(telepathy_idle_t)
-
-files_read_etc_files(telepathy_idle_t)
-
-sysnet_read_config(telepathy_idle_t)
-
-#######################################
-#
-# Telepathy Mission-Control local policy.
-#
-
-manage_dirs_pattern(telepathy_mission_control_t, telepathy_mission_control_home_t, telepathy_mission_control_home_t)
-manage_files_pattern(telepathy_mission_control_t, telepathy_mission_control_home_t, telepathy_mission_control_home_t)
-userdom_user_home_dir_filetrans(telepathy_mission_control_t, telepathy_mission_control_home_t, { dir file })
-userdom_search_user_home_dirs(telepathy_mission_control_t)
-
-dev_read_rand(telepathy_mission_control_t)
-
-files_read_etc_files(telepathy_mission_control_t)
-files_read_usr_files(telepathy_mission_control_t)
-
-tunable_policy(`use_nfs_home_dirs', `
-        fs_manage_nfs_dirs(telepathy_mission_control_t)
-        fs_manage_nfs_files(telepathy_mission_control_t)
-')
-
-tunable_policy(`use_samba_home_dirs', `
-        fs_manage_cifs_dirs(telepathy_mission_control_t)
-        fs_manage_cifs_files(telepathy_mission_control_t)
-')
-
-auth_use_nsswitch(telepathy_mission_control_t)
-
-# ~/.cache/.mc_connections.
-optional_policy(`
-        manage_files_pattern(telepathy_mission_control_t, telepathy_mission_control_cache_home_t, telepathy_mission_control_cache_home_t)
-        gnome_cache_filetrans(telepathy_mission_control_t, telepathy_mission_control_cache_home_t, file)
-')
-
-optional_policy(`
-        gnome_read_gconf_home_files(telepathy_mission_control_t)
-        gnome_setattr_cache_home_dir(telepathy_mission_control_t)
-	gnome_read_generic_cache_files(telepathy_mission_control_t)
-')
-
-#######################################
-#
-# Telepathy Salut local policy.
-#
-
-allow telepathy_salut_t self:netlink_route_socket create_netlink_socket_perms;
-allow telepathy_salut_t self:tcp_socket { accept listen };
-
-manage_sock_files_pattern(telepathy_salut_t, telepathy_salut_tmp_t, telepathy_salut_tmp_t)
-files_tmp_filetrans(telepathy_salut_t, telepathy_salut_tmp_t, sock_file)
-
-corenet_sendrecv_presence_server_packets(telepathy_salut_t)
-corenet_tcp_bind_presence_port(telepathy_salut_t)
-corenet_tcp_connect_presence_port(telepathy_salut_t)
-
-dev_read_urand(telepathy_salut_t)
-
-files_read_etc_files(telepathy_salut_t)
-
-sysnet_read_config(telepathy_salut_t)
-
-optional_policy(`
-        dbus_system_bus_client(telepathy_salut_t)
-
-        optional_policy(`
-                avahi_dbus_chat(telepathy_salut_t)
-        ')
-')
-
-#######################################
-#
-# Telepathy Sofiasip local policy.
-#
-
-allow telepathy_sofiasip_t self:netlink_route_socket create_netlink_socket_perms;
-allow telepathy_sofiasip_t self:rawip_socket { create_socket_perms listen };
-allow telepathy_sofiasip_t self:tcp_socket { listen };
-
-corenet_sendrecv_sip_client_packets(telepathy_sofiasip_t)
-corenet_tcp_connect_sip_port(telepathy_sofiasip_t)
-
-dev_read_urand(telepathy_sofiasip_t)
-
-kernel_request_load_module(telepathy_sofiasip_t)
-
-sysnet_read_config(telepathy_sofiasip_t)
-
-#######################################
-#
-# Telepathy Sunshine local policy.
-#
-manage_dirs_pattern(telepathy_sunshine_t, telepathy_sunshine_home_t, telepathy_sunshine_home_t)
-manage_files_pattern(telepathy_sunshine_t, telepathy_sunshine_home_t, telepathy_sunshine_home_t)
-userdom_user_home_dir_filetrans(telepathy_sunshine_t, telepathy_sunshine_home_t, { dir file })
-userdom_search_user_home_dirs(telepathy_sunshine_t)
-
-manage_files_pattern(telepathy_sunshine_t, telepathy_sunshine_tmp_t, telepathy_sunshine_tmp_t)
-exec_files_pattern(telepathy_sunshine_t, telepathy_sunshine_tmp_t, telepathy_sunshine_tmp_t)
-files_tmp_filetrans(telepathy_sunshine_t, telepathy_sunshine_tmp_t, file)
-
-corecmd_exec_bin(telepathy_sunshine_t)
-
-dev_read_urand(telepathy_sunshine_t)
-
-files_read_etc_files(telepathy_sunshine_t)
-files_read_usr_files(telepathy_sunshine_t)
-
-optional_policy(`
-        xserver_read_xdm_pid(telepathy_sunshine_t)
-        xserver_stream_connect(telepathy_sunshine_t)
-')
-
-#######################################
-#
-# telepathy domains common policy
-#
-
-allow telepathy_domain self:process { getsched signal sigkill };
-allow telepathy_domain self:fifo_file rw_fifo_file_perms;
-allow telepathy_domain self:tcp_socket create_socket_perms;
-allow telepathy_domain self:udp_socket create_socket_perms;
-
-corenet_all_recvfrom_netlabel(telepathy_domain)
-corenet_all_recvfrom_unlabeled(telepathy_domain)
-corenet_raw_bind_generic_node(telepathy_domain)
-corenet_raw_sendrecv_generic_if(telepathy_domain)
-corenet_raw_sendrecv_generic_node(telepathy_domain)
-corenet_tcp_bind_generic_node(telepathy_domain)
-corenet_tcp_sendrecv_generic_if(telepathy_domain)
-corenet_tcp_sendrecv_generic_node(telepathy_domain)
-corenet_udp_bind_generic_node(telepathy_domain)
-
-kernel_read_system_state(telepathy_domain)
-
-fs_search_auto_mountpoints(telepathy_domain)
-
-miscfiles_read_localization(telepathy_domain)
-
-# This interface does not facilitate files_search_tmp which appears to be a bug.
-userdom_stream_connect(telepathy_domain)
-userdom_use_user_terminals(telepathy_domain)
-
-tunable_policy(`telepathy_tcp_connect_generic_network_ports', `
-        corenet_tcp_connect_generic_port(telepathy_domain)
-        corenet_sendrecv_generic_client_packets(telepathy_domain)
-')
-
-optional_policy(`
-        automount_dontaudit_getattr_tmp_dirs(telepathy_domain)
-')
-
-optional_policy(`
-        nis_use_ypbind(telepathy_domain)
-')
-
-optional_policy(`
-        telepathy_dbus_chat(telepathy_domain)
-')
-
-optional_policy(`
-        xserver_rw_xdm_pipes(telepathy_domain)
-')
diff --git a/policy/modules/apps/thunderbird.fc b/policy/modules/apps/thunderbird.fc
deleted file mode 100644
index fb43a7b..0000000
--- a/policy/modules/apps/thunderbird.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-#
-# /usr
-#
-/usr/bin/thunderbird.*			--	gen_context(system_u:object_r:thunderbird_exec_t,s0)
-
-HOME_DIR/\.thunderbird(/.*)?			gen_context(system_u:object_r:thunderbird_home_t,s0)
diff --git a/policy/modules/apps/thunderbird.if b/policy/modules/apps/thunderbird.if
deleted file mode 100644
index a76e9f9..0000000
--- a/policy/modules/apps/thunderbird.if
+++ /dev/null
@@ -1,63 +0,0 @@
-## <summary>Thunderbird email client</summary>
-
-########################################
-## <summary>
-##	Role access for thunderbird
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`thunderbird_role',`
-	gen_require(`
-		type thunderbird_t, thunderbird_exec_t;
-		type thunderbird_home_t, thunderbird_tmpfs_t;
-	')
-
-	role $1 types thunderbird_t;
-
-	domain_auto_trans($2, thunderbird_exec_t, thunderbird_t)
-	allow $2 thunderbird_t:fd use;
-	allow $2 thunderbird_t:shm { associate getattr };
-	allow $2 thunderbird_t:unix_stream_socket connectto;
-	allow thunderbird_t $2:fd use;
-	allow thunderbird_t $2:process sigchld;
-	allow thunderbird_t $2:unix_stream_socket connectto;
-
-	# allow ps to show thunderbird and allow the user to kill it 
-	ps_process_pattern($2, thunderbird_t)
-	allow $2 thunderbird_t:process signal;
-
-	# Access ~/.thunderbird
-	manage_dirs_pattern($2, thunderbird_home_t, thunderbird_home_t)
-	manage_files_pattern($2, thunderbird_home_t, thunderbird_home_t)
-	manage_lnk_files_pattern($2, thunderbird_home_t, thunderbird_home_t)
-	relabel_dirs_pattern($2, thunderbird_home_t, thunderbird_home_t)
-	relabel_files_pattern($2, thunderbird_home_t, thunderbird_home_t)
-	relabel_lnk_files_pattern($2, thunderbird_home_t, thunderbird_home_t)
-')
-
-########################################
-## <summary>
-##	Run thunderbird in the user thunderbird domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`thunderbird_domtrans',`
-	gen_require(`
-		type thunderbird_t, thunderbird_exec_t;
-	')
-
-	domtrans_pattern($1, thunderbird_exec_t, thunderbird_t)
-')
diff --git a/policy/modules/apps/thunderbird.te b/policy/modules/apps/thunderbird.te
deleted file mode 100644
index 794c0be..0000000
--- a/policy/modules/apps/thunderbird.te
+++ /dev/null
@@ -1,210 +0,0 @@
-policy_module(thunderbird, 2.1.1)
-
-########################################
-#
-# Declarations
-#
-
-type thunderbird_t;
-type thunderbird_exec_t;
-typealias thunderbird_t alias { user_thunderbird_t staff_thunderbird_t sysadm_thunderbird_t };
-typealias thunderbird_t alias { auditadm_thunderbird_t secadm_thunderbird_t };
-application_domain(thunderbird_t, thunderbird_exec_t)
-ubac_constrained(thunderbird_t)
-
-type thunderbird_home_t;
-typealias thunderbird_home_t alias { user_thunderbird_home_t staff_thunderbird_home_t sysadm_thunderbird_home_t };
-typealias thunderbird_home_t alias { auditadm_thunderbird_home_t secadm_thunderbird_home_t };
-userdom_user_home_content(thunderbird_home_t)
-
-type thunderbird_tmpfs_t;
-typealias thunderbird_tmpfs_t alias { user_thunderbird_tmpfs_t staff_thunderbird_tmpfs_t sysadm_thunderbird_tmpfs_t };
-typealias thunderbird_tmpfs_t alias { auditadm_thunderbird_tmpfs_t secadm_thunderbird_tmpfs_t };
-files_tmpfs_file(thunderbird_tmpfs_t)
-ubac_constrained(thunderbird_tmpfs_t)
-
-########################################
-#
-# Local policy
-#
-
-allow thunderbird_t self:capability sys_nice;
-allow thunderbird_t self:process { signal_perms setsched getsched execheap execmem execstack };
-allow thunderbird_t self:fifo_file { ioctl read write getattr };
-allow thunderbird_t self:unix_dgram_socket { create connect };
-allow thunderbird_t self:unix_stream_socket { create accept connect write getattr read listen bind };
-allow thunderbird_t self:tcp_socket create_socket_perms;
-allow thunderbird_t self:shm { read write create destroy unix_read unix_write };
-
-# Access ~/.thunderbird
-manage_dirs_pattern(thunderbird_t, thunderbird_home_t, thunderbird_home_t)
-manage_files_pattern(thunderbird_t, thunderbird_home_t, thunderbird_home_t)
-manage_lnk_files_pattern(thunderbird_t, thunderbird_home_t, thunderbird_home_t)
-userdom_search_user_home_dirs(thunderbird_t)
-
-manage_files_pattern(thunderbird_t, thunderbird_tmpfs_t, thunderbird_tmpfs_t)
-manage_lnk_files_pattern(thunderbird_t, thunderbird_tmpfs_t, thunderbird_tmpfs_t)
-manage_fifo_files_pattern(thunderbird_t, thunderbird_tmpfs_t, thunderbird_tmpfs_t)
-manage_sock_files_pattern(thunderbird_t, thunderbird_tmpfs_t, thunderbird_tmpfs_t)
-fs_tmpfs_filetrans(thunderbird_t, thunderbird_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
-
-# Allow netstat
-kernel_read_network_state(thunderbird_t)
-kernel_read_net_sysctls(thunderbird_t)
-kernel_read_system_state(thunderbird_t)
-
-# Startup shellscript
-corecmd_exec_shell(thunderbird_t)
-
-corenet_all_recvfrom_unlabeled(thunderbird_t)
-corenet_all_recvfrom_netlabel(thunderbird_t)
-corenet_tcp_sendrecv_generic_if(thunderbird_t)
-corenet_tcp_sendrecv_generic_node(thunderbird_t)
-corenet_tcp_sendrecv_ipp_port(thunderbird_t)
-corenet_tcp_sendrecv_ldap_port(thunderbird_t)
-corenet_tcp_sendrecv_innd_port(thunderbird_t)
-corenet_tcp_sendrecv_smtp_port(thunderbird_t)
-corenet_tcp_sendrecv_pop_port(thunderbird_t)
-corenet_tcp_sendrecv_http_port(thunderbird_t)
-corenet_tcp_connect_ipp_port(thunderbird_t)
-corenet_tcp_connect_ldap_port(thunderbird_t)
-corenet_tcp_connect_innd_port(thunderbird_t)
-corenet_tcp_connect_smtp_port(thunderbird_t)
-corenet_tcp_connect_pop_port(thunderbird_t)
-corenet_tcp_connect_http_port(thunderbird_t)
-corenet_sendrecv_ipp_client_packets(thunderbird_t)
-corenet_sendrecv_ldap_client_packets(thunderbird_t)
-corenet_sendrecv_innd_client_packets(thunderbird_t)
-corenet_sendrecv_smtp_client_packets(thunderbird_t)
-corenet_sendrecv_pop_client_packets(thunderbird_t)
-corenet_sendrecv_http_client_packets(thunderbird_t)
-
-dev_read_urand(thunderbird_t)
-dev_dontaudit_search_sysfs(thunderbird_t)
-
-files_list_tmp(thunderbird_t)
-files_read_usr_files(thunderbird_t)
-files_read_etc_files(thunderbird_t)
-files_read_etc_runtime_files(thunderbird_t)
-files_read_var_files(thunderbird_t)
-files_read_var_symlinks(thunderbird_t)
-files_dontaudit_getattr_all_tmp_files(thunderbird_t)
-files_dontaudit_getattr_boot_dirs(thunderbird_t)
-files_dontaudit_getattr_lost_found_dirs(thunderbird_t)
-files_dontaudit_search_mnt(thunderbird_t)
-
-fs_getattr_xattr_fs(thunderbird_t)
-fs_list_inotifyfs(thunderbird_t)
-# Access ~/.thunderbird
-fs_search_auto_mountpoints(thunderbird_t)
-
-auth_use_nsswitch(thunderbird_t)
-
-miscfiles_read_fonts(thunderbird_t)
-miscfiles_read_localization(thunderbird_t)
-
-userdom_manage_user_tmp_dirs(thunderbird_t)
-userdom_read_user_tmp_files(thunderbird_t)
-userdom_manage_user_tmp_sockets(thunderbird_t)
-# .kde/....gtkrc
-userdom_read_user_home_content_files(thunderbird_t)
-
-xserver_user_x_domain_template(thunderbird, thunderbird_t, thunderbird_tmpfs_t)
-xserver_read_xdm_tmp_files(thunderbird_t)
-xserver_dontaudit_getattr_xdm_tmp_sockets(thunderbird_t)
-
-# Access ~/.thunderbird
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(thunderbird_t)
-	fs_manage_nfs_files(thunderbird_t)
-	fs_manage_nfs_symlinks(thunderbird_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(thunderbird_t)
-	fs_manage_cifs_files(thunderbird_t)
-	fs_manage_cifs_symlinks(thunderbird_t)
-')
-
-tunable_policy(`mail_read_content && use_nfs_home_dirs',`
-	files_list_home(thunderbird_t)
-
-	fs_list_auto_mountpoints(thunderbird_t)
-	fs_read_nfs_files(thunderbird_t)
-	fs_read_nfs_symlinks(thunderbird_t)
-',`
-	files_dontaudit_list_home(thunderbird_t)
-
-	fs_dontaudit_list_auto_mountpoints(thunderbird_t)
-	fs_dontaudit_list_nfs(thunderbird_t)
-	fs_dontaudit_read_nfs_files(thunderbird_t)
-')
-
-tunable_policy(`mail_read_content && use_samba_home_dirs',`
-	files_list_home(thunderbird_t)
-
-	fs_list_auto_mountpoints(thunderbird_t)
-	fs_read_cifs_files(thunderbird_t)
-	fs_read_cifs_symlinks(thunderbird_t)
-',`
-	files_dontaudit_list_home(thunderbird_t)
-
-	fs_dontaudit_list_auto_mountpoints(thunderbird_t)
-	fs_dontaudit_read_cifs_files(thunderbird_t)
-	fs_dontaudit_list_cifs(thunderbird_t)
-')
-
-tunable_policy(`mail_read_content',`
-	userdom_list_user_tmp(thunderbird_t)
-	userdom_read_user_tmp_files(thunderbird_t)
-	userdom_read_user_tmp_symlinks(thunderbird_t)
-	userdom_search_user_home_dirs(thunderbird_t)
-	userdom_read_user_home_content_files(thunderbird_t)
-
-	ifndef(`enable_mls',`
-		fs_search_removable(thunderbird_t)
-		fs_read_removable_files(thunderbird_t)
-		fs_read_removable_symlinks(thunderbird_t)
-	')
-',`
-	files_dontaudit_list_tmp(thunderbird_t)
-	files_dontaudit_list_home(thunderbird_t)
-
-	fs_dontaudit_list_removable(thunderbird_t)
-	fs_dontaudit_read_removable_files(thunderbird_t)
-
-	userdom_dontaudit_list_user_tmp(thunderbird_t)
-	userdom_dontaudit_read_user_tmp_files(thunderbird_t)
-	userdom_dontaudit_list_user_home_dirs(thunderbird_t)
-	userdom_dontaudit_read_user_home_content_files(thunderbird_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(thunderbird_t)
-	dbus_session_bus_client(thunderbird_t)
-')
-
-optional_policy(`
-	cups_read_rw_config(thunderbird_t)
-	cups_dbus_chat(thunderbird_t)
-')
-
-optional_policy(`
-	gnome_stream_connect_gconf(thunderbird_t)
-	gnome_domtrans_gconfd(thunderbird_t)
-	gnome_manage_config(thunderbird_t)
-')
-
-optional_policy(`
-	gpg_domtrans(thunderbird_t)
-')
-
-optional_policy(`
-	lpd_domtrans_lpr(thunderbird_t)
-')
-
-optional_policy(`
-	mozilla_read_user_home_files(thunderbird_t)
-	mozilla_domtrans(thunderbird_t)
-	mozilla_dbus_chat(thunderbird_t)
-')
diff --git a/policy/modules/apps/tvtime.fc b/policy/modules/apps/tvtime.fc
deleted file mode 100644
index 8698a61..0000000
--- a/policy/modules/apps/tvtime.fc
+++ /dev/null
@@ -1,5 +0,0 @@
-#
-# /usr
-#
-/usr/bin/tvtime		--	gen_context(system_u:object_r:tvtime_exec_t,s0)
-
diff --git a/policy/modules/apps/tvtime.if b/policy/modules/apps/tvtime.if
deleted file mode 100644
index 8d89f21..0000000
--- a/policy/modules/apps/tvtime.if
+++ /dev/null
@@ -1,40 +0,0 @@
-## <summary> tvtime - a high quality television application </summary>
-
-########################################
-## <summary>
-##	Role access for tvtime
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`tvtime_role',`
-	gen_require(`
-		type tvtime_t, tvtime_exec_t;
-		type tvtime_home_t, tvtime_tmpfs_t;
-	')
-
-	role $1 types tvtime_t;
-
-	# Type transition
-	domtrans_pattern($2, tvtime_exec_t, tvtime_t)
-
-	# X access, Home files
-	manage_dirs_pattern($2, tvtime_home_t, tvtime_home_t)
-	manage_files_pattern($2, tvtime_home_t, tvtime_home_t)
-	manage_lnk_files_pattern($2, tvtime_home_t, tvtime_home_t)
-	relabel_dirs_pattern($2, tvtime_home_t, tvtime_home_t)
-	relabel_files_pattern($2, tvtime_home_t, tvtime_home_t)
-	relabel_lnk_files_pattern($2, tvtime_home_t, tvtime_home_t)
-
-	# Allow the user domain to signal/ps.
-	ps_process_pattern($2, tvtime_t)
-	allow $2 tvtime_t:process signal_perms;
-')
diff --git a/policy/modules/apps/tvtime.te b/policy/modules/apps/tvtime.te
deleted file mode 100644
index e926470..0000000
--- a/policy/modules/apps/tvtime.te
+++ /dev/null
@@ -1,93 +0,0 @@
-policy_module(tvtime, 2.0.1)
-
-########################################
-#
-# Declarations
-#
-
-type tvtime_t;
-type tvtime_exec_t;
-typealias tvtime_t alias { user_tvtime_t staff_tvtime_t sysadm_tvtime_t };
-typealias tvtime_t alias { auditadm_tvtime_t secadm_tvtime_t };
-application_domain(tvtime_t, tvtime_exec_t)
-ubac_constrained(tvtime_t)
-
-type tvtime_home_t alias tvtime_rw_t;
-typealias tvtime_home_t alias { user_tvtime_home_t staff_tvtime_home_t sysadm_tvtime_home_t };
-typealias tvtime_home_t alias { auditadm_tvtime_home_t secadm_tvtime_home_t };
-userdom_user_home_content(tvtime_home_t)
-
-type tvtime_tmp_t;
-typealias tvtime_tmp_t alias { user_tvtime_tmp_t staff_tvtime_tmp_t sysadm_tvtime_tmp_t };
-typealias tvtime_tmp_t alias { auditadm_tvtime_tmp_t secadm_tvtime_tmp_t };
-files_tmp_file(tvtime_tmp_t)
-ubac_constrained(tvtime_tmp_t)
-
-type tvtime_tmpfs_t;
-typealias tvtime_tmpfs_t alias { user_tvtime_tmpfs_t staff_tvtime_tmpfs_t sysadm_tvtime_tmpfs_t };
-typealias tvtime_tmpfs_t alias { auditadm_tvtime_tmpfs_t secadm_tvtime_tmpfs_t };
-files_tmpfs_file(tvtime_tmpfs_t)
-ubac_constrained(tvtime_tmpfs_t)
-
-########################################
-#
-# Local policy
-#
-
-allow tvtime_t self:capability { setuid sys_nice sys_resource };
-allow tvtime_t self:process setsched;
-allow tvtime_t self:unix_dgram_socket rw_socket_perms;
-allow tvtime_t self:unix_stream_socket rw_stream_socket_perms;
-
-# X access, Home files
-manage_dirs_pattern(tvtime_t, tvtime_home_t, tvtime_home_t)
-manage_files_pattern(tvtime_t, tvtime_home_t, tvtime_home_t)
-manage_lnk_files_pattern(tvtime_t, tvtime_home_t, tvtime_home_t)
-userdom_user_home_dir_filetrans(tvtime_t, tvtime_home_t, dir)
-
-manage_dirs_pattern(tvtime_t, tvtime_tmp_t, tvtime_tmp_t)
-manage_files_pattern(tvtime_t, tvtime_tmp_t, tvtime_tmp_t)
-files_tmp_filetrans(tvtime_t, tvtime_tmp_t,{ file dir })
-
-manage_files_pattern(tvtime_t, tvtime_tmpfs_t, tvtime_tmpfs_t)
-manage_lnk_files_pattern(tvtime_t, tvtime_tmpfs_t, tvtime_tmpfs_t)
-manage_fifo_files_pattern(tvtime_t, tvtime_tmpfs_t, tvtime_tmpfs_t)
-manage_sock_files_pattern(tvtime_t, tvtime_tmpfs_t, tvtime_tmpfs_t)
-fs_tmpfs_filetrans(tvtime_t, tvtime_tmpfs_t,{ file lnk_file sock_file fifo_file })
-
-kernel_read_all_sysctls(tvtime_t)
-kernel_get_sysvipc_info(tvtime_t)
-
-dev_read_urand(tvtime_t)
-dev_read_realtime_clock(tvtime_t)
-dev_read_sound(tvtime_t)
-
-files_read_usr_files(tvtime_t)
-files_search_pids(tvtime_t)
-# Read /etc/tvtime
-files_read_etc_files(tvtime_t)
-
-# X access, Home files
-fs_search_auto_mountpoints(tvtime_t)
-
-miscfiles_read_localization(tvtime_t)
-miscfiles_read_fonts(tvtime_t)
-
-userdom_use_user_terminals(tvtime_t)
-userdom_read_user_home_content_files(tvtime_t)
-
-# X access, Home files
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(tvtime_t)
-	fs_manage_nfs_files(tvtime_t)
-	fs_manage_nfs_symlinks(tvtime_t)
-')
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(tvtime_t)
-	fs_manage_cifs_files(tvtime_t)
-	fs_manage_cifs_symlinks(tvtime_t)
-')
-
-optional_policy(`
-	xserver_user_x_domain_template(tvtime, tvtime_t, tvtime_tmpfs_t)
-')
diff --git a/policy/modules/apps/uml.fc b/policy/modules/apps/uml.fc
deleted file mode 100644
index b8b9520..0000000
--- a/policy/modules/apps/uml.fc
+++ /dev/null
@@ -1,14 +0,0 @@
-#
-# HOME_DIR/
-#
-HOME_DIR/\.uml(/.*)?		gen_context(system_u:object_r:uml_rw_t,s0)
-
-#
-# /usr
-#
-/usr/bin/uml_switch	--	gen_context(system_u:object_r:uml_switch_exec_t,s0)
-
-#
-# /var
-#
-/var/run/uml-utilities(/.*)?	gen_context(system_u:object_r:uml_switch_var_run_t,s0)
diff --git a/policy/modules/apps/uml.if b/policy/modules/apps/uml.if
deleted file mode 100644
index d2ab7cb..0000000
--- a/policy/modules/apps/uml.if
+++ /dev/null
@@ -1,99 +0,0 @@
-## <summary>Policy for UML</summary>
-
-########################################
-## <summary>
-##	Role access for uml
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`uml_role',`
-	gen_require(`
-		type uml_t, uml_exec_t;
-		type uml_ro_t, uml_rw_t, uml_tmp_t;
-		type uml_devpts_t, uml_tmpfs_t;
-	')
-
-	role $1 types uml_t;
-
-	# Transition from the user domain to this domain.
-	domtrans_pattern($2, uml_exec_t, uml_t)
-
-	# for mconsole
-	allow $2 uml_t:unix_dgram_socket sendto;
-	allow uml_t $2:unix_dgram_socket sendto;
-
-	# allow ps, ptrace, signal
-	ps_process_pattern($2, uml_t)
-	allow $2 uml_t:process { ptrace signal_perms };
-
-	allow $2 uml_ro_t:dir list_dir_perms;
-	read_files_pattern($2, uml_ro_t, uml_ro_t)
-	read_lnk_files_pattern($2, uml_ro_t, uml_ro_t)
-
-	manage_dirs_pattern($2, { uml_ro_t uml_rw_t }, { uml_ro_t uml_rw_t })
-	manage_files_pattern($2, { uml_ro_t uml_rw_t }, { uml_ro_t uml_rw_t })
-	manage_lnk_files_pattern($2, { uml_ro_t uml_rw_t }, { uml_ro_t uml_rw_t })
-	manage_fifo_files_pattern($2, { uml_ro_t uml_rw_t }, { uml_ro_t uml_rw_t })
-	manage_sock_files_pattern($2, { uml_ro_t uml_rw_t }, { uml_ro_t uml_rw_t })
-	relabel_dirs_pattern($2, { uml_ro_t uml_rw_t }, { uml_ro_t uml_rw_t })
-	relabel_files_pattern($2, { uml_ro_t uml_rw_t }, { uml_ro_t uml_rw_t })
-	relabel_lnk_files_pattern($2, { uml_ro_t uml_rw_t }, { uml_ro_t uml_rw_t })
-	relabel_fifo_files_pattern($2, { uml_ro_t uml_rw_t }, { uml_ro_t uml_rw_t })
-	relabel_sock_files_pattern($2, { uml_ro_t uml_rw_t }, { uml_ro_t uml_rw_t })
-
-	manage_dirs_pattern($2, { uml_ro_t uml_rw_t uml_exec_t }, { uml_ro_t uml_rw_t uml_exec_t })
-	manage_files_pattern($2, { uml_ro_t uml_rw_t uml_exec_t }, { uml_ro_t uml_rw_t uml_exec_t })
-	relabel_dirs_pattern($2, { uml_ro_t uml_rw_t uml_exec_t }, { uml_ro_t uml_rw_t uml_exec_t })
-	relabel_files_pattern($2, { uml_ro_t uml_rw_t uml_exec_t }, { uml_ro_t uml_rw_t uml_exec_t })
-
-	manage_dirs_pattern($2, uml_tmp_t, uml_tmp_t)
-	manage_files_pattern($2, uml_tmp_t, uml_tmp_t)
-	manage_lnk_files_pattern($2, uml_tmp_t, uml_tmp_t)
-	manage_sock_files_pattern($2, uml_tmp_t, uml_tmp_t)
-')
-
-########################################
-## <summary>
-##	Set attributes on uml utility socket files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`uml_setattr_util_sockets',`
-	gen_require(`
-		type uml_switch_var_run_t;
-	')
-
-	allow $1 uml_switch_var_run_t:sock_file setattr;
-')
-
-########################################
-## <summary>
-##	Manage uml utility files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`uml_manage_util_files',`
-	gen_require(`
-		type uml_switch_var_run_t;
-	')
-
-	manage_files_pattern($1, uml_switch_var_run_t, uml_switch_var_run_t)
-	manage_lnk_files_pattern($1, uml_switch_var_run_t, uml_switch_var_run_t)
-')
diff --git a/policy/modules/apps/uml.te b/policy/modules/apps/uml.te
deleted file mode 100644
index 2df1343..0000000
--- a/policy/modules/apps/uml.te
+++ /dev/null
@@ -1,191 +0,0 @@
-policy_module(uml, 2.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type uml_t;
-type uml_exec_t;
-typealias uml_t alias { user_uml_t staff_uml_t sysadm_uml_t };
-typealias uml_t alias { auditadm_uml_t secadm_uml_t };
-application_domain(uml_t, uml_exec_t)
-ubac_constrained(uml_t)
-
-type uml_ro_t;
-typealias uml_ro_t alias { user_uml_ro_t staff_uml_ro_t sysadm_uml_ro_t };
-typealias uml_ro_t alias { auditadm_uml_ro_t secadm_uml_ro_t };
-userdom_user_home_content(uml_ro_t)
-
-type uml_rw_t;
-typealias uml_rw_t alias { user_uml_rw_t staff_uml_rw_t sysadm_uml_rw_t };
-typealias uml_rw_t alias { auditadm_uml_rw_t secadm_uml_rw_t };
-userdom_user_home_content(uml_rw_t)
-
-type uml_tmp_t;
-typealias uml_tmp_t alias { user_uml_tmp_t staff_uml_tmp_t sysadm_uml_tmp_t };
-typealias uml_tmp_t alias { auditadm_uml_tmp_t secadm_uml_tmp_t };
-files_tmp_file(uml_tmp_t)
-ubac_constrained(uml_tmp_t)
-
-type uml_tmpfs_t;
-typealias uml_tmpfs_t alias { user_uml_tmpfs_t staff_uml_tmpfs_t sysadm_uml_tmpfs_t };
-typealias uml_tmpfs_t alias { auditadm_uml_tmpfs_t secadm_uml_tmpfs_t };
-files_tmpfs_file(uml_tmpfs_t)
-ubac_constrained(uml_tmpfs_t)
-
-type uml_devpts_t;
-typealias uml_devpts_t alias { user_uml_devpts_t staff_uml_devpts_t sysadm_uml_devpts_t };
-typealias uml_devpts_t alias { auditadm_uml_devpts_t secadm_uml_devpts_t };
-term_pty(uml_devpts_t)
-ubac_constrained(uml_devpts_t)
-
-type uml_switch_t;
-type uml_switch_exec_t;
-init_daemon_domain(uml_switch_t, uml_switch_exec_t)
-
-type uml_switch_var_run_t;
-files_pid_file(uml_switch_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow uml_t self:fifo_file rw_fifo_file_perms;
-allow uml_t self:process { signal_perms ptrace };
-allow uml_t self:unix_stream_socket create_stream_socket_perms;
-allow uml_t self:unix_dgram_socket create_socket_perms;
-# Use the network.
-allow uml_t self:tcp_socket create_stream_socket_perms;
-allow uml_t self:udp_socket create_socket_perms;
-allow uml_t self:tun_socket create;
-# for mconsole
-allow uml_t self:unix_dgram_socket sendto;
-
-# allow the UML thing to happen
-allow uml_t uml_devpts_t:chr_file { rw_file_perms setattr };
-term_create_pty(uml_t, uml_devpts_t)
-
-manage_dirs_pattern(uml_t, uml_tmp_t, uml_tmp_t)
-manage_files_pattern(uml_t, uml_tmp_t, uml_tmp_t)
-files_tmp_filetrans(uml_t, uml_tmp_t, { file dir })
-can_exec(uml_t, uml_tmp_t)
-
-manage_files_pattern(uml_t, uml_tmpfs_t, uml_tmpfs_t)
-manage_lnk_files_pattern(uml_t, uml_tmpfs_t, uml_tmpfs_t)
-manage_fifo_files_pattern(uml_t, uml_tmpfs_t, uml_tmpfs_t)
-manage_sock_files_pattern(uml_t, uml_tmpfs_t, uml_tmpfs_t)
-fs_tmpfs_filetrans(uml_t, uml_tmpfs_t, { file lnk_file sock_file fifo_file })
-can_exec(uml_t, uml_tmpfs_t)
-
-# access config files
-allow uml_t { uml_ro_t uml_ro_t }:dir list_dir_perms;
-read_files_pattern(uml_t, { uml_ro_t uml_ro_t }, { uml_ro_t uml_ro_t })
-read_lnk_files_pattern(uml_t, { uml_ro_t uml_ro_t }, { uml_ro_t uml_ro_t })
-
-manage_dirs_pattern(uml_t, uml_rw_t, uml_rw_t)
-manage_files_pattern(uml_t, uml_rw_t, uml_rw_t)
-manage_lnk_files_pattern(uml_t, uml_rw_t, uml_rw_t)
-manage_fifo_files_pattern(uml_t, uml_rw_t, uml_rw_t)
-manage_sock_files_pattern(uml_t, uml_rw_t, uml_rw_t)
-userdom_user_home_dir_filetrans(uml_t, uml_rw_t, { file lnk_file sock_file fifo_file })
-
-can_exec(uml_t, { uml_exec_t uml_exec_t })
-
-kernel_read_system_state(uml_t)
-# for SKAS - need something better
-kernel_write_proc_files(uml_t)
-
-# for xterm
-corecmd_exec_bin(uml_t)
-
-corenet_all_recvfrom_unlabeled(uml_t)
-corenet_all_recvfrom_netlabel(uml_t)
-corenet_tcp_sendrecv_generic_if(uml_t)
-corenet_udp_sendrecv_generic_if(uml_t)
-corenet_tcp_sendrecv_generic_node(uml_t)
-corenet_udp_sendrecv_generic_node(uml_t)
-corenet_tcp_sendrecv_all_ports(uml_t)
-corenet_udp_sendrecv_all_ports(uml_t)
-corenet_tcp_connect_all_ports(uml_t)
-corenet_sendrecv_all_client_packets(uml_t)
-corenet_rw_tun_tap_dev(uml_t)
-
-domain_use_interactive_fds(uml_t)
-
-# for xterm
-files_read_etc_files(uml_t)
-files_dontaudit_read_etc_runtime_files(uml_t)
-# putting uml data under /var is usual...
-files_search_var(uml_t)
-
-fs_getattr_xattr_fs(uml_t)
-
-init_read_utmp(uml_t)
-init_dontaudit_write_utmp(uml_t)
-
-# for xterm
-libs_exec_lib_files(uml_t)
-
-# Inherit and use descriptors from newrole.
-seutil_use_newrole_fds(uml_t)
-
-# Use the network.
-sysnet_read_config(uml_t)
-
-userdom_use_user_terminals(uml_t)
-userdom_attach_admin_tun_iface(uml_t)
-
-optional_policy(`
-	nis_use_ypbind(uml_t)
-')
-
-optional_policy(`
-	virt_attach_tun_iface(uml_t)
-')
-
-########################################
-#
-# Local policy
-#
-
-dontaudit uml_switch_t self:capability sys_tty_config;
-allow uml_switch_t self:process signal_perms;
-allow uml_switch_t self:unix_dgram_socket create_socket_perms;
-allow uml_switch_t self:unix_stream_socket create_stream_socket_perms;
-
-manage_files_pattern(uml_switch_t, uml_switch_var_run_t, uml_switch_var_run_t)
-manage_sock_files_pattern(uml_switch_t, uml_switch_var_run_t, uml_switch_var_run_t)
-files_pid_filetrans(uml_switch_t, uml_switch_var_run_t, file)
-
-kernel_read_kernel_sysctls(uml_switch_t)
-kernel_list_proc(uml_switch_t)
-kernel_read_proc_symlinks(uml_switch_t)
-
-dev_read_sysfs(uml_switch_t)
-
-domain_use_interactive_fds(uml_switch_t)
-
-fs_getattr_all_fs(uml_switch_t)
-fs_search_auto_mountpoints(uml_switch_t)
-
-term_dontaudit_use_console(uml_switch_t)
-
-init_use_fds(uml_switch_t)
-init_use_script_ptys(uml_switch_t)
-
-logging_send_syslog_msg(uml_switch_t)
-
-miscfiles_read_localization(uml_switch_t)
-
-userdom_dontaudit_use_unpriv_user_fds(uml_switch_t)
-userdom_dontaudit_search_user_home_dirs(uml_switch_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(uml_switch_t)
-')
-
-optional_policy(`
-	udev_read_db(uml_switch_t)
-')
diff --git a/policy/modules/apps/userhelper.fc b/policy/modules/apps/userhelper.fc
deleted file mode 100644
index cd83b89..0000000
--- a/policy/modules/apps/userhelper.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-#
-# /etc
-#
-/etc/security/console\.apps(/.*)?		gen_context(system_u:object_r:userhelper_conf_t,s0)
-
-#
-# /usr
-#
-/usr/sbin/userhelper		--	gen_context(system_u:object_r:userhelper_exec_t,s0)
-/usr/bin/consolehelper		--	gen_context(system_u:object_r:consolehelper_exec_t,s0)
diff --git a/policy/modules/apps/userhelper.if b/policy/modules/apps/userhelper.if
deleted file mode 100644
index 2e50976..0000000
--- a/policy/modules/apps/userhelper.if
+++ /dev/null
@@ -1,317 +0,0 @@
-## <summary>SELinux utility to run a shell with a new role</summary>
-
-#######################################
-## <summary>
-##	The role template for the userhelper module.
-## </summary>
-## <param name="userrole_prefix">
-##	<summary>
-##	The prefix of the user role (e.g., user
-##	is the prefix for user_r).
-##	</summary>
-## </param>
-## <param name="user_role">
-##	<summary>
-##	The user role.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The user domain associated with the role.
-##	</summary>
-## </param>
-#
-template(`userhelper_role_template',`
-	gen_require(`
-		attribute userhelper_type;
-		type userhelper_exec_t, userhelper_conf_t;
-		class dbus send_msg;
-	')
-
-	########################################
-	#
-	# Declarations
-	#
-
-	type $1_userhelper_t, userhelper_type;
-	application_domain($1_userhelper_t, userhelper_exec_t)
-	domain_role_change_exemption($1_userhelper_t)
-	domain_obj_id_change_exemption($1_userhelper_t)
-	domain_interactive_fd($1_userhelper_t)
-	domain_subj_id_change_exemption($1_userhelper_t)
-	ubac_constrained($1_userhelper_t)
-	role $2 types $1_userhelper_t;
-
-	########################################
-	#
-	# Local policy
-	#
-	allow $1_userhelper_t self:capability { setuid setgid net_bind_service dac_override chown sys_tty_config };
-	allow $1_userhelper_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-	allow $1_userhelper_t self:process setexec;
-	allow $1_userhelper_t self:fd use;
-	allow $1_userhelper_t self:fifo_file rw_fifo_file_perms;
-	allow $1_userhelper_t self:shm create_shm_perms;
-	allow $1_userhelper_t self:sem create_sem_perms;
-	allow $1_userhelper_t self:msgq create_msgq_perms;
-	allow $1_userhelper_t self:msg { send receive };
-	allow $1_userhelper_t self:unix_dgram_socket create_socket_perms;
-	allow $1_userhelper_t self:unix_stream_socket create_stream_socket_perms;
-	allow $1_userhelper_t self:unix_dgram_socket sendto;
-	allow $1_userhelper_t self:unix_stream_socket connectto;
-	allow $1_userhelper_t self:sock_file read_sock_file_perms;
-
-	#Transition to the derived domain.
-	domtrans_pattern($3, userhelper_exec_t, $1_userhelper_t)
-
-	allow $1_userhelper_t userhelper_conf_t:dir rw_dir_perms;
-	rw_files_pattern($1_userhelper_t, userhelper_conf_t, userhelper_conf_t)
-
-	can_exec($1_userhelper_t, userhelper_exec_t)
-
-	dontaudit $3 $1_userhelper_t:process signal;
-
-	kernel_read_all_sysctls($1_userhelper_t)
-	kernel_getattr_debugfs($1_userhelper_t)
-	kernel_read_system_state($1_userhelper_t)
-
-	# Execute shells
-	corecmd_exec_shell($1_userhelper_t)
-	# By default, revert to the calling domain when a program is executed
-	corecmd_bin_domtrans($1_userhelper_t, $3)
-
-	# Inherit descriptors from the current session.
-	domain_use_interactive_fds($1_userhelper_t)
-	# for when the user types "exec userhelper" at the command line
-	domain_sigchld_interactive_fds($1_userhelper_t)
-
-	dev_read_urand($1_userhelper_t)
-	# Read /dev directories and any symbolic links.
-	dev_list_all_dev_nodes($1_userhelper_t)
-
-	files_list_var_lib($1_userhelper_t)
-	# Read the /etc/security/default_type file
-	files_read_etc_files($1_userhelper_t)
-	# Read /var.
-	files_read_var_files($1_userhelper_t)
-	files_read_var_symlinks($1_userhelper_t)
-	# for some PAM modules and for cwd
-	files_search_home($1_userhelper_t)
-
-	fs_search_auto_mountpoints($1_userhelper_t)
-	fs_read_nfs_files($1_userhelper_t)
-	fs_read_nfs_symlinks($1_userhelper_t)
-
-	# Allow $1_userhelper to obtain contexts to relabel TTYs
-	selinux_get_fs_mount($1_userhelper_t)
-	selinux_validate_context($1_userhelper_t)
-	selinux_compute_access_vector($1_userhelper_t)
-	selinux_compute_create_context($1_userhelper_t)
-	selinux_compute_relabel_context($1_userhelper_t)
-	selinux_compute_user_contexts($1_userhelper_t)
-
-	# Read the devpts root directory.
-	term_list_ptys($1_userhelper_t)
-	# Relabel terminals.
-	term_relabel_all_ttys($1_userhelper_t)
-	term_relabel_all_ptys($1_userhelper_t)
-	# Access terminals.
-	term_use_all_ttys($1_userhelper_t)
-	term_use_all_ptys($1_userhelper_t)
-
-	auth_domtrans_chk_passwd($1_userhelper_t)
-	auth_manage_pam_pid($1_userhelper_t)
-	auth_manage_var_auth($1_userhelper_t)
-	auth_search_pam_console_data($1_userhelper_t)
-
-	# Inherit descriptors from the current session.
-	init_use_fds($1_userhelper_t)
-	# Write to utmp.
-	init_manage_utmp($1_userhelper_t)
-	init_pid_filetrans_utmp($1_userhelper_t)
-
-	miscfiles_read_localization($1_userhelper_t)
-
-	seutil_read_config($1_userhelper_t)
-	seutil_read_default_contexts($1_userhelper_t)
-
-	# Allow $1_userhelper_t to transition to user domains.
-	userdom_bin_spec_domtrans_unpriv_users($1_userhelper_t)
-	userdom_entry_spec_domtrans_unpriv_users($1_userhelper_t)
-
-	ifdef(`distro_redhat',`
-		optional_policy(`
-			# Allow transitioning to rpm_t, for up2date
-			rpm_domtrans($1_userhelper_t)
-		')
-	')
-
-	optional_policy(`
-		logging_send_syslog_msg($1_userhelper_t)
-	')
-
-	optional_policy(`
-		nis_use_ypbind($1_userhelper_t)
-	')
-
-	optional_policy(`
-		nscd_socket_use($1_userhelper_t)
-	')
-
-	optional_policy(`
-		tunable_policy(`! secure_mode',`
-			#if we are not in secure mode then we can transition to sysadm_t
-			sysadm_bin_spec_domtrans($1_userhelper_t)
-			sysadm_entry_spec_domtrans($1_userhelper_t)
-		')
-	')
-')
-
-########################################
-## <summary>
-##	Search the userhelper configuration directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userhelper_search_config',`
-	gen_require(`
-		type userhelper_conf_t;
-	')
-
-	allow $1 userhelper_conf_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search
-##	the userhelper configuration directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userhelper_dontaudit_search_config',`
-	gen_require(`
-		type userhelper_conf_t;
-	')
-
-	dontaudit $1 userhelper_conf_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Allow domain to use userhelper file descriptor.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userhelper_use_fd',`
-	gen_require(`
-		attribute userhelper_type;
-	')
-
-	allow $1 userhelper_type:fd use;
-')
-
-########################################
-## <summary>
-##	Allow domain to send sigchld to userhelper.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userhelper_sigchld',`
-	gen_require(`
-		attribute userhelper_type;
-	')
-
-	allow $1 userhelper_type:process sigchld;
-')
-
-########################################
-## <summary>
-##	Execute the userhelper program in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userhelper_exec',`
-	gen_require(`
-		type userhelper_exec_t;
-	')
-
-	can_exec($1, userhelper_exec_t)
-')
-
-#######################################
-## <summary>
-##	The role template for the consolehelper module.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a derived domains which are used
-##	for consolehelper applications.
-##	</p>
-## </desc>
-## <param name="role_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-template(`userhelper_console_role_template',`
-	gen_require(`
-		type consolehelper_exec_t;
-		attribute consolehelper_domain;
-		class dbus send_msg;
-	')
-	type $1_consolehelper_t, consolehelper_domain;
-	domain_type($1_consolehelper_t)
-	domain_entry_file($1_consolehelper_t, consolehelper_exec_t)
-	role $2 types $1_consolehelper_t;
-
-	domtrans_pattern($3, consolehelper_exec_t, $1_consolehelper_t)
-
-	allow $3 $1_consolehelper_t:dbus send_msg;
-	allow $1_consolehelper_t $3:dbus send_msg;
-
-	auth_use_pam($1_consolehelper_t)
-
-	userdom_manage_tmpfs_role($2, $1_consolehelper_t)
-
-	optional_policy(`
-		shutdown_run($1_consolehelper_t, $2)
-		shutdown_send_sigchld($3)
-	')
-
-	optional_policy(`
-		xserver_run_xauth($1_consolehelper_t, $2)
-		xserver_read_xdm_pid($1_consolehelper_t)
-	')
-')
diff --git a/policy/modules/apps/userhelper.te b/policy/modules/apps/userhelper.te
deleted file mode 100644
index b46a20e..0000000
--- a/policy/modules/apps/userhelper.te
+++ /dev/null
@@ -1,66 +0,0 @@
-policy_module(userhelper, 1.5.1)
-
-########################################
-#
-# Declarations
-#
-
-attribute userhelper_type;
-attribute consolehelper_domain;
-
-type userhelper_conf_t;
-files_type(userhelper_conf_t)
-
-type userhelper_exec_t;
-application_executable_file(userhelper_exec_t)
-
-type consolehelper_exec_t;
-application_executable_file(consolehelper_exec_t)
-
-########################################
-#
-# consolehelper local policy
-#
-
-allow consolehelper_domain self:shm create_shm_perms;
-allow consolehelper_domain self:capability { setgid setuid }; 
-
-dontaudit consolehelper_domain  userhelper_conf_t:file write;
-read_files_pattern(consolehelper_domain, userhelper_conf_t, userhelper_conf_t)
-
-# Init script handling
-domain_use_interactive_fds(consolehelper_domain)
-
-# internal communication is often done using fifo and unix sockets.
-allow consolehelper_domain self:fifo_file rw_fifo_file_perms;
-allow consolehelper_domain self:unix_stream_socket create_stream_socket_perms;
-
-kernel_read_kernel_sysctls(consolehelper_domain)
-
-corecmd_exec_bin(consolehelper_domain)
-
-files_read_config_files(consolehelper_domain)
-files_read_usr_files(consolehelper_domain)
-
-auth_search_pam_console_data(consolehelper_domain)
-auth_read_pam_pid(consolehelper_domain)
-
-init_read_utmp(consolehelper_domain)
-
-miscfiles_read_localization(consolehelper_domain)
-miscfiles_read_fonts(consolehelper_domain)
-
-userhelper_exec(consolehelper_domain)
-
-userdom_use_user_ptys(consolehelper_domain)
-userdom_use_user_ttys(consolehelper_domain)
-userdom_read_user_home_content_files(consolehelper_domain)
-
-optional_policy(`
-	gnome_read_gconf_home_files(consolehelper_domain)
-')
-
-optional_policy(`
-	xserver_read_home_fonts(consolehelper_domain)
-	xserver_stream_connect(consolehelper_domain)
-')
diff --git a/policy/modules/apps/usernetctl.fc b/policy/modules/apps/usernetctl.fc
deleted file mode 100644
index aa07e1e..0000000
--- a/policy/modules/apps/usernetctl.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-
-/usr/sbin/usernetctl	--	gen_context(system_u:object_r:usernetctl_exec_t,s0)
diff --git a/policy/modules/apps/usernetctl.if b/policy/modules/apps/usernetctl.if
deleted file mode 100644
index ba9b9d6..0000000
--- a/policy/modules/apps/usernetctl.if
+++ /dev/null
@@ -1,64 +0,0 @@
-## <summary>User network interface configuration helper</summary>
-
-########################################
-## <summary>
-##	Execute usernetctl in the usernetctl domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`usernetctl_domtrans',`
-	gen_require(`
-		type usernetctl_t, usernetctl_exec_t;
-	')
-
-	domtrans_pattern($1, usernetctl_exec_t, usernetctl_t)
-')
-
-########################################
-## <summary>
-##	Execute usernetctl in the usernetctl domain, and
-##	allow the specified role the usernetctl domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`usernetctl_run',`
-	gen_require(`
-		type usernetctl_t;
-	')
-
-	usernetctl_domtrans($1)
-	role $2 types usernetctl_t;
-
-	sysnet_run_ifconfig(usernetctl_t, $2)
-	sysnet_run_dhcpc(usernetctl_t, $2)
-
-	optional_policy(`
-		consoletype_run(usernetctl_t, $2)
-	')
-
-	optional_policy(`
-		iptables_run(usernetctl_t, $2)
-	')
-
-	optional_policy(`
-		modutils_run_insmod(usernetctl_t, $2)
-	')
-
-	optional_policy(`
-		ppp_run(usernetctl_t, $2)
-	')
-')
diff --git a/policy/modules/apps/usernetctl.te b/policy/modules/apps/usernetctl.te
deleted file mode 100644
index 9586818..0000000
--- a/policy/modules/apps/usernetctl.te
+++ /dev/null
@@ -1,69 +0,0 @@
-policy_module(usernetctl, 1.5.0)
-
-########################################
-#
-# Declarations
-#
-
-type usernetctl_t;
-type usernetctl_exec_t;
-application_domain(usernetctl_t, usernetctl_exec_t)
-domain_interactive_fd(usernetctl_t)
-
-########################################
-#
-# Local policy
-#
-
-allow usernetctl_t self:capability { setuid setgid dac_override };
-allow usernetctl_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow usernetctl_t self:fd use;
-allow usernetctl_t self:fifo_file rw_fifo_file_perms;
-allow usernetctl_t self:shm create_shm_perms;
-allow usernetctl_t self:sem create_sem_perms;
-allow usernetctl_t self:msgq create_msgq_perms;
-allow usernetctl_t self:msg { send receive };
-allow usernetctl_t self:unix_dgram_socket create_socket_perms;
-allow usernetctl_t self:unix_stream_socket create_stream_socket_perms;
-allow usernetctl_t self:unix_dgram_socket sendto;
-allow usernetctl_t self:unix_stream_socket connectto;
-
-can_exec(usernetctl_t, usernetctl_exec_t)
-
-kernel_read_system_state(usernetctl_t)
-kernel_read_kernel_sysctls(usernetctl_t)
-
-corecmd_list_bin(usernetctl_t)
-corecmd_exec_bin(usernetctl_t)
-corecmd_exec_shell(usernetctl_t)
-
-domain_dontaudit_read_all_domains_state(usernetctl_t)
-
-files_read_etc_files(usernetctl_t)
-files_exec_etc_files(usernetctl_t)
-files_read_etc_runtime_files(usernetctl_t)
-files_list_pids(usernetctl_t)
-files_list_home(usernetctl_t)
-files_read_usr_files(usernetctl_t)
-
-fs_search_auto_mountpoints(usernetctl_t)
-
-auth_use_nsswitch(usernetctl_t)
-
-logging_send_syslog_msg(usernetctl_t)
-
-miscfiles_read_localization(usernetctl_t)
-
-seutil_read_config(usernetctl_t)
-
-sysnet_read_config(usernetctl_t)
-
-userdom_use_user_terminals(usernetctl_t)
-
-optional_policy(`
-	hostname_exec(usernetctl_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(usernetctl_t)
-')
diff --git a/policy/modules/apps/vmware.fc b/policy/modules/apps/vmware.fc
deleted file mode 100644
index 028c994..0000000
--- a/policy/modules/apps/vmware.fc
+++ /dev/null
@@ -1,71 +0,0 @@
-#
-# HOME_DIR/
-#
-HOME_DIR/\.vmware(/.*)?			gen_context(system_u:object_r:vmware_file_t,s0)
-HOME_DIR/\.vmware[^/]*/.*\.cfg	--	gen_context(system_u:object_r:vmware_conf_t,s0)
-HOME_DIR/vmware(/.*)?			gen_context(system_u:object_r:vmware_file_t,s0)
-
-#
-# /etc
-#
-/etc/vmware.*(/.*)?			gen_context(system_u:object_r:vmware_sys_conf_t,s0)
-
-#
-# /usr
-#
-/usr/bin/vmnet-bridge		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/usr/bin/vmnet-dhcpd		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/usr/bin/vmnet-natd		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/usr/bin/vmnet-netifup		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/usr/bin/vmnet-sniffer		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/usr/bin/vmware-network		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/usr/bin/vmware-nmbd		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/usr/bin/vmware-ping		--	gen_context(system_u:object_r:vmware_exec_t,s0)
-/usr/bin/vmware-smbd		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/usr/bin/vmware-smbpasswd	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/usr/bin/vmware-smbpasswd\.bin	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/usr/bin/vmware-vmx		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/usr/bin/vmware-wizard		--	gen_context(system_u:object_r:vmware_exec_t,s0)
-/usr/bin/vmware			--	gen_context(system_u:object_r:vmware_exec_t,s0)
-
-/usr/lib/vmware/config		--	gen_context(system_u:object_r:vmware_sys_conf_t,s0)
-/usr/lib/vmware/bin/vmplayer	--	gen_context(system_u:object_r:vmware_exec_t,s0)
-/usr/lib/vmware/bin/vmware-mks	--	gen_context(system_u:object_r:vmware_exec_t,s0)
-/usr/lib/vmware/bin/vmware-ui	--	gen_context(system_u:object_r:vmware_exec_t,s0)
-/usr/lib/vmware/bin/vmware-vmx	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-
-ifdef(`distro_redhat',`
-/usr/lib/vmware-tools/sbin32/vmware.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/usr/lib/vmware-tools/sbin64/vmware.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
-')
-
-/usr/lib64/vmware/config	--	gen_context(system_u:object_r:vmware_sys_conf_t,s0)
-/usr/lib64/vmware/bin/vmware-mks --	gen_context(system_u:object_r:vmware_exec_t,s0)
-/usr/lib64/vmware/bin/vmware-ui --	gen_context(system_u:object_r:vmware_exec_t,s0)
-/usr/lib64/vmware/bin/vmplayer	--	gen_context(system_u:object_r:vmware_exec_t,s0)
-/usr/lib64/vmware/bin/vmware-vmx --	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-
-/usr/sbin/vmware-guest.*	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/usr/sbin/vmware-serverd	--	gen_context(system_u:object_r:vmware_exec_t,s0)
-
-ifdef(`distro_gentoo',`
-/opt/vmware/(workstation|player)/bin/vmnet-bridge --	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/opt/vmware/(workstation|player)/bin/vmnet-dhcpd --	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/opt/vmware/(workstation|player)/bin/vmnet-natd	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/opt/vmware/(workstation|player)/bin/vmnet-netifup --	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/opt/vmware/(workstation|player)/bin/vmnet-sniffer --	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/opt/vmware/(workstation|player)/bin/vmware-nmbd --	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/opt/vmware/(workstation|player)/bin/vmware-ping --	gen_context(system_u:object_r:vmware_exec_t,s0)
-/opt/vmware/(workstation|player)/bin/vmware-smbd --	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/opt/vmware/(workstation|player)/bin/vmware-smbpasswd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/opt/vmware/(workstation|player)/bin/vmware-smbpasswd\.bin -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/opt/vmware/(workstation|player)/bin/vmware-wizard --	gen_context(system_u:object_r:vmware_exec_t,s0)
-/opt/vmware/(workstation|player)/bin/vmware --	gen_context(system_u:object_r:vmware_exec_t,s0)
-')
-
-/var/log/vmware.* 		--	gen_context(system_u:object_r:vmware_log_t,s0)
-/var/log/vnetlib.*		--	gen_context(system_u:object_r:vmware_log_t,s0)
-
-/var/run/vmnet.*			gen_context(system_u:object_r:vmware_var_run_t,s0)
-/var/run/vmnat.* 		-s	gen_context(system_u:object_r:vmware_var_run_t,s0)
-/var/run/vmware.* 			gen_context(system_u:object_r:vmware_var_run_t,s0)
diff --git a/policy/modules/apps/vmware.if b/policy/modules/apps/vmware.if
deleted file mode 100644
index 853f575..0000000
--- a/policy/modules/apps/vmware.if
+++ /dev/null
@@ -1,104 +0,0 @@
-## <summary>VMWare Workstation virtual machines</summary>
-
-########################################
-## <summary>
-##	Role access for vmware
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`vmware_role',`
-	gen_require(`
-		type vmware_t, vmware_exec_t;
-	')
-
-	role $1 types vmware_t;
-
-	# Transition from the user domain to the derived domain.
-	domtrans_pattern($2, vmware_exec_t, vmware_t)
-
-	# allow ps to show vmware and allow the user to kill it 
-	ps_process_pattern($2, vmware_t)
-	allow $2 vmware_t:process signal;
-')
-
-########################################
-## <summary>
-##	Execute vmware host executables
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vmware_exec_host',`
-	gen_require(`
-		type vmware_host_exec_t;
-	')
-
-	can_exec($1, vmware_host_exec_t)
-')
-
-########################################
-## <summary>
-##	Read VMWare system configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vmware_read_system_config',`
-	gen_require(`
-		type vmware_sys_conf_t;
-	')
-
-	allow $1 vmware_sys_conf_t:file { getattr read };
-')
-
-########################################
-## <summary>
-##	Append to VMWare system configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vmware_append_system_config',`
-	gen_require(`
-		type vmware_sys_conf_t;
-	')
-
-	allow $1 vmware_sys_conf_t:file append;
-')
-
-########################################
-## <summary>
-##	Append to VMWare log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vmware_append_log',`
-	gen_require(`
-		type vmware_log_t;
-	')
-
-	logging_search_logs($1)
-	append_files_pattern($1, vmware_log_t, vmware_log_t)
-')
diff --git a/policy/modules/apps/vmware.te b/policy/modules/apps/vmware.te
deleted file mode 100644
index 4bdcbe3..0000000
--- a/policy/modules/apps/vmware.te
+++ /dev/null
@@ -1,295 +0,0 @@
-policy_module(vmware, 2.2.1)
-
-########################################
-#
-# Declarations
-#
-
-# VMWare user program
-type vmware_t;
-type vmware_exec_t;
-typealias vmware_t alias { user_vmware_t staff_vmware_t sysadm_vmware_t };
-typealias vmware_t alias { auditadm_vmware_t secadm_vmware_t };
-application_domain(vmware_t, vmware_exec_t)
-ubac_constrained(vmware_t)
-
-type vmware_conf_t;
-typealias vmware_conf_t alias { user_vmware_conf_t staff_vmware_conf_t sysadm_vmware_conf_t };
-typealias vmware_conf_t alias { auditadm_vmware_conf_t secadm_vmware_conf_t };
-userdom_user_home_content(vmware_conf_t)
-
-type vmware_file_t;
-typealias vmware_file_t alias { user_vmware_file_t staff_vmware_file_t sysadm_vmware_file_t };
-typealias vmware_file_t alias { auditadm_vmware_file_t secadm_vmware_file_t };
-userdom_user_home_content(vmware_file_t)
-
-# VMWare host programs
-type vmware_host_t;
-type vmware_host_exec_t;
-init_daemon_domain(vmware_host_t, vmware_host_exec_t)
-
-type vmware_host_pid_t alias vmware_var_run_t;
-files_pid_file(vmware_host_pid_t)
-
-type vmware_host_tmp_t;
-files_tmp_file(vmware_host_tmp_t)
-ubac_constrained(vmware_host_tmp_t)
-
-type vmware_log_t;
-typealias vmware_log_t alias { user_vmware_log_t staff_vmware_log_t sysadm_vmware_log_t };
-typealias vmware_log_t alias { auditadm_vmware_log_t secadm_vmware_log_t };
-logging_log_file(vmware_log_t)
-ubac_constrained(vmware_log_t)
-
-type vmware_pid_t;
-typealias vmware_pid_t alias { user_vmware_pid_t staff_vmware_pid_t sysadm_vmware_pid_t };
-typealias vmware_pid_t alias { auditadm_vmware_pid_t secadm_vmware_pid_t };
-files_pid_file(vmware_pid_t)
-ubac_constrained(vmware_pid_t)
-
-# Systemwide configuration files
-type vmware_sys_conf_t;
-files_type(vmware_sys_conf_t)
-
-type vmware_tmp_t;
-typealias vmware_tmp_t alias { user_vmware_tmp_t staff_vmware_tmp_t sysadm_vmware_tmp_t };
-typealias vmware_tmp_t alias { auditadm_vmware_tmp_t secadm_vmware_tmp_t };
-files_tmp_file(vmware_tmp_t)
-ubac_constrained(vmware_tmp_t)
-
-type vmware_tmpfs_t;
-typealias vmware_tmpfs_t alias { user_vmware_tmpfs_t staff_vmware_tmpfs_t sysadm_vmware_tmpfs_t };
-typealias vmware_tmpfs_t alias { auditadm_vmware_tmpfs_t secadm_vmware_tmpfs_t };
-files_tmpfs_file(vmware_tmpfs_t)
-ubac_constrained(vmware_tmpfs_t)
-
-ifdef(`enable_mcs',`
-	init_ranged_daemon_domain(vmware_host_t, vmware_host_exec_t, s0 - mcs_systemhigh)
-')
-
-########################################
-#
-# VMWare host local policy
-#
-
-allow vmware_host_t self:capability { setgid setuid net_raw sys_nice sys_time sys_ptrace kill dac_override };
-dontaudit vmware_host_t self:capability sys_tty_config;
-allow vmware_host_t self:process { execstack execmem signal_perms };
-allow vmware_host_t self:fifo_file rw_fifo_file_perms;
-allow vmware_host_t self:unix_stream_socket create_stream_socket_perms;
-allow vmware_host_t self:rawip_socket create_socket_perms;
-allow vmware_host_t self:tcp_socket create_socket_perms;
-
-can_exec(vmware_host_t, vmware_host_exec_t)
-
-# cjp: the ro and rw files should be split up
-manage_files_pattern(vmware_host_t, vmware_sys_conf_t, vmware_sys_conf_t)
-manage_lnk_files_pattern(vmware_host_t, vmware_sys_conf_t, vmware_sys_conf_t)
-
-manage_dirs_pattern(vmware_host_t, vmware_host_tmp_t, vmware_host_tmp_t)
-manage_files_pattern(vmware_host_t, vmware_host_tmp_t, vmware_host_tmp_t)
-manage_sock_files_pattern(vmware_host_t, vmware_host_tmp_t, vmware_host_tmp_t)
-files_tmp_filetrans(vmware_host_t, vmware_host_tmp_t, { file dir })
-
-manage_files_pattern(vmware_host_t, vmware_var_run_t, vmware_var_run_t)
-manage_sock_files_pattern(vmware_host_t, vmware_var_run_t, vmware_var_run_t)
-files_pid_filetrans(vmware_host_t, vmware_var_run_t, { file sock_file })
-
-manage_files_pattern(vmware_host_t, vmware_log_t, vmware_log_t)	
-logging_log_filetrans(vmware_host_t, vmware_log_t, { file dir })
-
-kernel_read_kernel_sysctls(vmware_host_t)
-kernel_read_system_state(vmware_host_t)
-kernel_read_network_state(vmware_host_t)
-
-corenet_all_recvfrom_unlabeled(vmware_host_t)
-corenet_all_recvfrom_netlabel(vmware_host_t)
-corenet_tcp_sendrecv_generic_if(vmware_host_t)
-corenet_udp_sendrecv_generic_if(vmware_host_t)
-corenet_raw_sendrecv_generic_if(vmware_host_t)
-corenet_tcp_sendrecv_generic_node(vmware_host_t)
-corenet_udp_sendrecv_generic_node(vmware_host_t)
-corenet_raw_sendrecv_generic_node(vmware_host_t)
-corenet_tcp_sendrecv_all_ports(vmware_host_t)
-corenet_udp_sendrecv_all_ports(vmware_host_t)
-corenet_raw_bind_generic_node(vmware_host_t)
-corenet_tcp_bind_generic_node(vmware_host_t)
-corenet_udp_bind_generic_node(vmware_host_t)
-corenet_tcp_connect_all_ports(vmware_host_t)
-corenet_sendrecv_all_client_packets(vmware_host_t)
-corenet_sendrecv_all_server_packets(vmware_host_t)
-
-corecmd_exec_bin(vmware_host_t)
-corecmd_exec_shell(vmware_host_t)
-
-dev_getattr_all_blk_files(vmware_host_t)
-dev_read_sysfs(vmware_host_t)
-dev_read_urand(vmware_host_t)
-dev_rw_vmware(vmware_host_t)
-dev_rw_generic_chr_files(vmware_host_t)
-
-domain_use_interactive_fds(vmware_host_t)
-domain_dontaudit_read_all_domains_state(vmware_host_t)
-
-files_list_tmp(vmware_host_t)
-files_read_etc_files(vmware_host_t)
-files_read_etc_runtime_files(vmware_host_t)
-files_read_usr_files(vmware_host_t) 
-
-fs_getattr_all_fs(vmware_host_t)
-fs_search_auto_mountpoints(vmware_host_t)
-
-storage_getattr_fixed_disk_dev(vmware_host_t)
-
-term_dontaudit_use_console(vmware_host_t)
-
-init_use_fds(vmware_host_t)
-init_use_script_ptys(vmware_host_t)
-
-libs_exec_ld_so(vmware_host_t)
-
-logging_send_syslog_msg(vmware_host_t)
-
-miscfiles_read_localization(vmware_host_t)
-
-sysnet_dns_name_resolve(vmware_host_t)
-sysnet_domtrans_ifconfig(vmware_host_t) 
-
-userdom_dontaudit_use_unpriv_user_fds(vmware_host_t)
-userdom_dontaudit_search_user_home_dirs(vmware_host_t)
-
-netutils_domtrans_ping(vmware_host_t)
-
-optional_policy(`
-        hostname_exec(vmware_host_t)
-') 
-
-optional_policy(`
-        modutils_domtrans_insmod(vmware_host_t)
-') 
-
-optional_policy(`
-	seutil_sigchld_newrole(vmware_host_t)
-')
-
-optional_policy(`
-	shutdown_domtrans(vmware_host_t)
-')
-
-optional_policy(`
-	udev_read_db(vmware_host_t)
-')
-
-optional_policy(`
-	xserver_read_tmp_files(vmware_host_t)
-	xserver_read_xdm_pid(vmware_host_t)
-')
-
-ifdef(`TODO',`
-# VMWare need access to pcmcia devices for network
-optional_policy(`
-allow kernel_t cardmgr_var_lib_t:dir { getattr search };
-allow kernel_t cardmgr_var_lib_t:file { getattr ioctl read };
-')
-# Vmware create network devices
-allow kernel_t self:capability net_admin;
-allow kernel_t self:netlink_route_socket { bind create getattr nlmsg_read nlmsg_write read write };
-allow kernel_t self:socket create;
-')
-
-##############################
-#
-# VMWare guest local policy
-#
-
-allow vmware_t self:capability { dac_override setgid sys_nice sys_resource setuid sys_admin sys_rawio chown };
-dontaudit vmware_t self:capability sys_tty_config;
-allow vmware_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow vmware_t self:process { execmem execstack };
-allow vmware_t self:fd use;
-allow vmware_t self:fifo_file rw_fifo_file_perms;
-allow vmware_t self:unix_dgram_socket { create_socket_perms sendto };
-allow vmware_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow vmware_t self:shm create_shm_perms;
-allow vmware_t self:sem create_sem_perms;
-allow vmware_t self:msgq create_msgq_perms;
-allow vmware_t self:msg { send receive };
-
-can_exec(vmware_t, vmware_exec_t)
-
-# User configuration files
-allow vmware_t vmware_conf_t:file manage_file_perms;
-
-# VMWare disks
-manage_files_pattern(vmware_t, vmware_file_t, vmware_file_t)
-manage_lnk_files_pattern(vmware_t, vmware_file_t, vmware_file_t)
-
-allow vmware_t vmware_tmp_t:file execute;
-manage_dirs_pattern(vmware_t, vmware_tmp_t, vmware_tmp_t)
-manage_files_pattern(vmware_t, vmware_tmp_t, vmware_tmp_t)
-manage_sock_files_pattern(vmware_t, vmware_tmp_t, vmware_tmp_t)
-files_tmp_filetrans(vmware_t, vmware_tmp_t, { file dir })
-
-manage_files_pattern(vmware_t, vmware_tmpfs_t, vmware_tmpfs_t)
-manage_lnk_files_pattern(vmware_t, vmware_tmpfs_t, vmware_tmpfs_t)
-manage_fifo_files_pattern(vmware_t, vmware_tmpfs_t, vmware_tmpfs_t)
-manage_sock_files_pattern(vmware_t, vmware_tmpfs_t, vmware_tmpfs_t)
-fs_tmpfs_filetrans(vmware_t, vmware_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-# Read clobal configuration files
-allow vmware_t vmware_sys_conf_t:dir list_dir_perms;
-read_files_pattern(vmware_t, vmware_sys_conf_t, vmware_sys_conf_t)
-read_lnk_files_pattern(vmware_t, vmware_sys_conf_t, vmware_sys_conf_t)
-
-manage_dirs_pattern(vmware_t, vmware_pid_t, vmware_pid_t)
-manage_files_pattern(vmware_t, vmware_pid_t, vmware_pid_t)
-manage_lnk_files_pattern(vmware_t, vmware_pid_t, vmware_pid_t)
-manage_sock_files_pattern(vmware_t, vmware_pid_t, vmware_pid_t)
-files_pid_filetrans(vmware_t, vmware_pid_t, { dir file lnk_file })
-
-kernel_read_system_state(vmware_t)
-kernel_read_network_state(vmware_t)
-kernel_read_kernel_sysctls(vmware_t)
-
-# startup scripts
-corecmd_exec_bin(vmware_t)
-corecmd_exec_shell(vmware_t)
-
-dev_read_raw_memory(vmware_t)
-dev_write_raw_memory(vmware_t)
-dev_read_mouse(vmware_t)
-dev_write_sound(vmware_t)
-dev_read_realtime_clock(vmware_t)
-dev_rwx_vmware(vmware_t)
-dev_rw_usbfs(vmware_t)
-dev_search_sysfs(vmware_t)
-
-domain_use_interactive_fds(vmware_t)
-
-files_read_etc_files(vmware_t)
-files_read_etc_runtime_files(vmware_t)
-files_read_usr_files(vmware_t)
-files_list_home(vmware_t)
-
-fs_getattr_all_fs(vmware_t)
-fs_search_auto_mountpoints(vmware_t)
-
-storage_raw_read_removable_device(vmware_t)
-storage_raw_write_removable_device(vmware_t)
-
-# startup scripts run ldd
-libs_exec_ld_so(vmware_t)
-# Access X11 config files
-libs_read_lib_files(vmware_t)
-
-miscfiles_read_localization(vmware_t)
-
-userdom_use_user_terminals(vmware_t)
-userdom_list_user_home_dirs(vmware_t)
-# cjp: why?
-userdom_read_user_home_content_files(vmware_t)
-
-sysnet_dns_name_resolve(vmware_t)
-sysnet_read_config(vmware_t)
-
-xserver_user_x_domain_template(vmware, vmware_t, vmware_tmpfs_t)
diff --git a/policy/modules/apps/webalizer.fc b/policy/modules/apps/webalizer.fc
deleted file mode 100644
index e4f7d30..0000000
--- a/policy/modules/apps/webalizer.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-
-#
-# /usr
-#
-/usr/bin/webalizer	--	gen_context(system_u:object_r:webalizer_exec_t,s0)
-
-#
-# /var
-#
-/var/lib/webalizer(/.*)?	gen_context(system_u:object_r:webalizer_var_lib_t,s0)
diff --git a/policy/modules/apps/webalizer.if b/policy/modules/apps/webalizer.if
deleted file mode 100644
index 3c78e7c..0000000
--- a/policy/modules/apps/webalizer.if
+++ /dev/null
@@ -1,45 +0,0 @@
-## <summary>Web server log analysis</summary>
-
-########################################
-## <summary>
-##	Execute webalizer in the webalizer domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`webalizer_domtrans',`
-	gen_require(`
-		type webalizer_t, webalizer_exec_t;
-	')
-
-	domtrans_pattern($1, webalizer_exec_t, webalizer_t)
-')
-
-########################################
-## <summary>
-##	Execute webalizer in the webalizer domain, and
-##	allow the specified role the webalizer domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`webalizer_run',`
-	gen_require(`
-		type webalizer_t;
-	')
-
-	webalizer_domtrans($1)
-	role $2 types webalizer_t;
-')
diff --git a/policy/modules/apps/webalizer.te b/policy/modules/apps/webalizer.te
deleted file mode 100644
index f79314b..0000000
--- a/policy/modules/apps/webalizer.te
+++ /dev/null
@@ -1,105 +0,0 @@
-policy_module(webalizer, 1.10.0)
-
-########################################
-#
-# Declarations
-#
-
-type webalizer_t;
-type webalizer_exec_t;
-application_domain(webalizer_t, webalizer_exec_t)
-role system_r types webalizer_t;
-
-type webalizer_etc_t;
-files_config_file(webalizer_etc_t)
-
-type webalizer_usage_t;
-files_type(webalizer_usage_t)
-
-type webalizer_tmp_t;
-files_tmp_file(webalizer_tmp_t)
-
-type webalizer_var_lib_t;
-files_type(webalizer_var_lib_t)
-
-type webalizer_write_t;
-files_type(webalizer_write_t)
-
-########################################
-#
-# Local policy
-#
-
-allow webalizer_t self:capability dac_override;
-allow webalizer_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow webalizer_t self:fd use;
-allow webalizer_t self:fifo_file rw_fifo_file_perms;
-allow webalizer_t self:sock_file read_sock_file_perms;
-allow webalizer_t self:shm create_shm_perms;
-allow webalizer_t self:sem create_sem_perms;
-allow webalizer_t self:msgq create_msgq_perms;
-allow webalizer_t self:msg { send receive };
-allow webalizer_t self:unix_dgram_socket create_socket_perms;
-allow webalizer_t self:unix_stream_socket create_stream_socket_perms;
-allow webalizer_t self:unix_dgram_socket sendto;
-allow webalizer_t self:unix_stream_socket connectto;
-allow webalizer_t self:tcp_socket connected_stream_socket_perms;
-allow webalizer_t self:udp_socket { connect connected_socket_perms };
-allow webalizer_t self:netlink_route_socket r_netlink_socket_perms;
-
-allow webalizer_t webalizer_etc_t:file read_file_perms;
-
-manage_dirs_pattern(webalizer_t, webalizer_tmp_t, webalizer_tmp_t)
-manage_files_pattern(webalizer_t, webalizer_tmp_t, webalizer_tmp_t)
-files_tmp_filetrans(webalizer_t, webalizer_tmp_t, { file dir })
-
-manage_files_pattern(webalizer_t, webalizer_var_lib_t, webalizer_var_lib_t)
-files_var_lib_filetrans(webalizer_t, webalizer_var_lib_t, file)
-
-kernel_read_kernel_sysctls(webalizer_t)
-kernel_read_system_state(webalizer_t)
-
-corenet_all_recvfrom_unlabeled(webalizer_t)
-corenet_all_recvfrom_netlabel(webalizer_t)
-corenet_tcp_sendrecv_generic_if(webalizer_t)
-corenet_tcp_sendrecv_generic_node(webalizer_t)
-corenet_tcp_sendrecv_all_ports(webalizer_t)
-
-fs_search_auto_mountpoints(webalizer_t)
-fs_getattr_xattr_fs(webalizer_t)
-fs_rw_anon_inodefs_files(webalizer_t)
-
-files_read_etc_files(webalizer_t)
-files_read_etc_runtime_files(webalizer_t)
-
-logging_list_logs(webalizer_t)
-logging_send_syslog_msg(webalizer_t)
-
-miscfiles_read_localization(webalizer_t)
-miscfiles_read_public_files(webalizer_t)
-
-sysnet_dns_name_resolve(webalizer_t)
-sysnet_read_config(webalizer_t)
-
-userdom_use_user_terminals(webalizer_t)
-userdom_use_unpriv_users_fds(webalizer_t)
-userdom_dontaudit_search_user_home_content(webalizer_t)
-
-apache_read_log(webalizer_t)
-apache_manage_sys_content(webalizer_t)
-
-optional_policy(`
-	cron_system_entry(webalizer_t, webalizer_exec_t)
-')
-
-optional_policy(`
-	ftp_read_log(webalizer_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(webalizer_t)
-')
-
-optional_policy(`
-	nscd_socket_use(webalizer_t)
-')
diff --git a/policy/modules/apps/wine.fc b/policy/modules/apps/wine.fc
deleted file mode 100644
index 9782698..0000000
--- a/policy/modules/apps/wine.fc
+++ /dev/null
@@ -1,22 +0,0 @@
-HOME_DIR/cxoffice/bin/wine.+	--	gen_context(system_u:object_r:wine_exec_t,s0)
-
-/opt/cxoffice/bin/wine.*	--	gen_context(system_u:object_r:wine_exec_t,s0)
-
-/opt/google/picasa(/.*)?/Picasa3/.*exe --	gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/msiexec --	gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/notepad --	gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/progman --	gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/regsvr32 -- gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/regedit --	gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/uninstaller -- gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/wdi --	gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/wine.* --	gen_context(system_u:object_r:wine_exec_t,s0)
-
-/opt/picasa/wine/bin/wine.*	--	gen_context(system_u:object_r:wine_exec_t,s0)
-
-/usr/bin/msiexec		--	gen_context(system_u:object_r:wine_exec_t,s0)
-/usr/bin/notepad		--	gen_context(system_u:object_r:wine_exec_t,s0)
-/usr/bin/regsvr32		--	gen_context(system_u:object_r:wine_exec_t,s0)
-/usr/bin/regedit		--	gen_context(system_u:object_r:wine_exec_t,s0)
-/usr/bin/uninstaller		--	gen_context(system_u:object_r:wine_exec_t,s0)
-/usr/bin/wine.*			--	gen_context(system_u:object_r:wine_exec_t,s0)
diff --git a/policy/modules/apps/wine.if b/policy/modules/apps/wine.if
deleted file mode 100644
index e10101a..0000000
--- a/policy/modules/apps/wine.if
+++ /dev/null
@@ -1,186 +0,0 @@
-## <summary>Wine Is Not an Emulator.  Run Windows programs in Linux.</summary>
-
-#######################################
-## <summary>
-##	The per role template for the wine module.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a derived domains which are used
-##	for wine applications.
-##	</p>
-## </desc>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-#
-template(`wine_role',`
-	gen_require(`
-		type wine_t;
-		type wine_home_t;
-		type wine_exec_t;
-	')
-
-	role $1 types wine_t;
-
-	domain_auto_trans($2, wine_exec_t, wine_t)
-	# Unrestricted inheritance from the caller.
-	allow $2 wine_t:process { noatsecure siginh rlimitinh };
-	allow wine_t $2:fd use;
-	allow wine_t $2:process { sigchld signull };
-	allow wine_t $2:unix_stream_socket connectto;
-
-	# Allow the user domain to signal/ps.
-	ps_process_pattern($2, wine_t)
-	allow $2 wine_t:process signal_perms;
-
-	allow $2 wine_t:fd use;
-	allow $2 wine_t:shm { associate getattr  unix_read unix_write };
-	allow $2 wine_t:unix_stream_socket connectto;
-
-	# X access, Home files
-	manage_dirs_pattern($2, wine_home_t, wine_home_t)
-	manage_files_pattern($2, wine_home_t, wine_home_t)
-	manage_lnk_files_pattern($2, wine_home_t, wine_home_t)
-	relabel_dirs_pattern($2, wine_home_t, wine_home_t)
-	relabel_files_pattern($2, wine_home_t, wine_home_t)
-	relabel_lnk_files_pattern($2, wine_home_t, wine_home_t)
-')
-
-#######################################
-## <summary>
-##	The role template for the wine module.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a derived domains which are used
-##	for wine applications.
-##	</p>
-## </desc>
-## <param name="role_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-template(`wine_role_template',`
-	gen_require(`
-		type wine_t;
-		type wine_exec_t;
-	')
-
-	type $1_wine_t;
-	domain_type($1_wine_t)
-	domain_entry_file($1_wine_t, wine_exec_t)
-	ubac_constrained($1_wine_t)
-	role $2 types $1_wine_t;
-
-	allow $1_wine_t self:process { execmem execstack };
-	allow $3 $1_wine_t:process { getattr ptrace noatsecure signal_perms };
-	domtrans_pattern($3, wine_exec_t, $1_wine_t)
-	corecmd_bin_domtrans($1_wine_t, $1_t)
-
-	userdom_unpriv_usertype($1, $1_wine_t)
-	userdom_manage_tmpfs_role($2, $1_wine_t)
-
-	domain_mmap_low($1_wine_t)
-
-	tunable_policy(`wine_mmap_zero_ignore',`
-		dontaudit $1_wine_t self:memprotect mmap_zero;
-	')
-
-	tunable_policy(`wine_mmap_zero_ignore',`
-		dontaudit $1_wine_t self:memprotect mmap_zero;
-	')
-
-	optional_policy(`
-		xserver_role($1_r, $1_wine_t)
-	')
-')
-
-########################################
-## <summary>
-##	Execute the wine program in the wine domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`wine_domtrans',`
-	gen_require(`
-		type wine_t, wine_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, wine_exec_t, wine_t)
-')
-
-########################################
-## <summary>
-##	Execute wine in the wine domain, and
-##	allow the specified role the wine domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`wine_run',`
-	gen_require(`
-		type wine_t;
-	')
-
-	wine_domtrans($1)
-	role $2 types wine_t;
-')
-
-########################################
-## <summary>
-##	Read and write wine Shared
-##	memory segments.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`wine_rw_shm',`
-	gen_require(`
-		type wine_t;
-	')
-
-	allow $1 wine_t:shm rw_shm_perms;
-')
diff --git a/policy/modules/apps/wine.te b/policy/modules/apps/wine.te
deleted file mode 100644
index 277543a..0000000
--- a/policy/modules/apps/wine.te
+++ /dev/null
@@ -1,64 +0,0 @@
-policy_module(wine, 1.7.2)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-##	Ignore wine mmap_zero errors.
-## </p>
-## </desc>
-gen_tunable(wine_mmap_zero_ignore, false)
-
-type wine_t;
-type wine_exec_t;
-application_domain(wine_t, wine_exec_t)
-ubac_constrained(wine_t)
-role system_r types wine_t;
-
-type wine_tmp_t;
-files_tmp_file(wine_tmp_t)
-ubac_constrained(wine_tmp_t)
-
-########################################
-#
-# Local policy
-#
-
-allow wine_t self:process { execstack execmem execheap };
-allow wine_t self:fifo_file manage_fifo_file_perms;
-
-can_exec(wine_t, wine_exec_t)
-
-manage_dirs_pattern(wine_t, wine_tmp_t, wine_tmp_t)
-manage_files_pattern(wine_t, wine_tmp_t, wine_tmp_t)
-files_tmp_filetrans(wine_t, wine_tmp_t, { file dir })
-
-domain_mmap_low(wine_t)
-
-files_execmod_all_files(wine_t)
-
-userdom_use_user_terminals(wine_t)
-
-tunable_policy(`wine_mmap_zero_ignore',`
-	dontaudit wine_t self:memprotect mmap_zero;
-')
-
-optional_policy(`
-	hal_dbus_chat(wine_t)
-')
-
-optional_policy(`
-	policykit_dbus_chat(wine_t)
-')
-
-optional_policy(`
-	unconfined_domain(wine_t)
-')
-
-optional_policy(`
-	xserver_read_xdm_pid(wine_t)
-	xserver_rw_shm(wine_t)
-')
diff --git a/policy/modules/apps/wireshark.fc b/policy/modules/apps/wireshark.fc
deleted file mode 100644
index 96844ae..0000000
--- a/policy/modules/apps/wireshark.fc
+++ /dev/null
@@ -1,3 +0,0 @@
-HOME_DIR/\.wireshark(/.*)? 		gen_context(system_u:object_r:wireshark_home_t,s0)
-
-/usr/bin/wireshark		--	gen_context(system_u:object_r:wireshark_exec_t,s0)
diff --git a/policy/modules/apps/wireshark.if b/policy/modules/apps/wireshark.if
deleted file mode 100644
index ea6ffe6..0000000
--- a/policy/modules/apps/wireshark.if
+++ /dev/null
@@ -1,55 +0,0 @@
-## <summary>Wireshark packet capture tool.</summary>
-
-############################################################
-## <summary>
-##	Role access for wireshark
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`wireshark_role',`
-	gen_require(`
-		type wireshark_t, wireshark_exec_t;
-		type wireshark_home_t, wireshark_tmp_t;
-		type wireshark_tmpfs_t;
-	')
-
-	role $1 types wireshark_t;
-
-	domain_auto_trans($2, wireshark_exec_t, wireshark_t)
-	allow wireshark_t $2:fd use;
-	allow wireshark_t $2:process sigchld;
-
-	manage_dirs_pattern($2, wireshark_home_t, wireshark_home_t)
-	manage_files_pattern($2, wireshark_home_t, wireshark_home_t)
-	manage_lnk_files_pattern($2, wireshark_home_t, wireshark_home_t)
-	relabel_dirs_pattern($2, wireshark_home_t, wireshark_home_t)
-	relabel_files_pattern($2, wireshark_home_t, wireshark_home_t)
-	relabel_lnk_files_pattern($2, wireshark_home_t, wireshark_home_t)
-')
-
-########################################
-## <summary>
-##	Run wireshark in wireshark domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`wireshark_domtrans',`
-	gen_require(`
-		type wireshark_t, wireshark_exec_t;
-	')
-
-	domtrans_pattern($1, wireshark_exec_t, wireshark_t)
-')
diff --git a/policy/modules/apps/wireshark.te b/policy/modules/apps/wireshark.te
deleted file mode 100644
index 7c05189..0000000
--- a/policy/modules/apps/wireshark.te
+++ /dev/null
@@ -1,123 +0,0 @@
-policy_module(wireshark, 2.1.1)
-
-########################################
-#
-# Declarations
-#
-
-type wireshark_t;
-type wireshark_exec_t;
-typealias wireshark_t alias { user_wireshark_t staff_wireshark_t sysadm_wireshark_t };
-typealias wireshark_t alias { auditadm_wireshark_t secadm_wireshark_t };
-application_domain(wireshark_t, wireshark_exec_t)
-ubac_constrained(wireshark_t)
-
-type wireshark_home_t;
-typealias wireshark_home_t alias { user_wireshark_home_t staff_wireshark_home_t sysadm_wireshark_home_t };
-typealias wireshark_home_t alias { auditadm_wireshark_home_t secadm_wireshark_home_t };
-files_poly_member(wireshark_home_t)
-userdom_user_home_content(wireshark_home_t)
-
-type wireshark_tmp_t;
-typealias wireshark_tmp_t alias { user_wireshark_tmp_t staff_wireshark_tmp_t sysadm_wireshark_tmp_t };
-typealias wireshark_tmp_t alias { auditadm_wireshark_tmp_t secadm_wireshark_tmp_t };
-files_tmp_file(wireshark_tmp_t)
-ubac_constrained(wireshark_tmp_t)
-
-type wireshark_tmpfs_t;
-typealias wireshark_tmpfs_t alias { user_wireshark_tmpfs_t staff_wireshark_tmpfs_t sysadm_wireshark_tmpfs_t };
-typealias wireshark_tmpfs_t alias { auditadm_wireshark_tmpfs_t secadm_wireshark_tmpfs_t };
-files_tmpfs_file(wireshark_tmpfs_t)
-ubac_constrained(wireshark_tmpfs_t)
-
-##############################
-#
-# Local Policy
-#
-
-allow wireshark_t self:capability { net_admin net_raw setgid };
-allow wireshark_t self:process { signal getsched };
-allow wireshark_t self:fifo_file { getattr read write };
-allow wireshark_t self:shm destroy;
-allow wireshark_t self:shm create_shm_perms;
-allow wireshark_t self:netlink_route_socket { nlmsg_read create_socket_perms };
-allow wireshark_t self:packet_socket { setopt bind ioctl getopt create read };
-allow wireshark_t self:tcp_socket create_socket_perms;
-allow wireshark_t self:udp_socket create_socket_perms;
-
-# Re-execute itself (why?)
-can_exec(wireshark_t, wireshark_exec_t)
-corecmd_search_bin(wireshark_t)
-
-# /home/.wireshark
-manage_dirs_pattern(wireshark_t, wireshark_home_t, wireshark_home_t)
-manage_files_pattern(wireshark_t, wireshark_home_t, wireshark_home_t)
-manage_lnk_files_pattern(wireshark_t, wireshark_home_t, wireshark_home_t)
-userdom_user_home_dir_filetrans(wireshark_t, wireshark_home_t, dir)
-
-# Store temporary files
-manage_dirs_pattern(wireshark_t, wireshark_tmp_t, wireshark_tmp_t)
-manage_files_pattern(wireshark_t, wireshark_tmp_t, wireshark_tmp_t)
-files_tmp_filetrans(wireshark_t, wireshark_tmp_t, { dir file })
-
-manage_dirs_pattern(wireshark_t, wireshark_tmpfs_t, wireshark_tmpfs_t)
-manage_files_pattern(wireshark_t, wireshark_tmpfs_t, wireshark_tmpfs_t)
-manage_lnk_files_pattern(wireshark_t, wireshark_tmpfs_t, wireshark_tmpfs_t)
-manage_sock_files_pattern(wireshark_t, wireshark_tmpfs_t, wireshark_tmpfs_t)
-manage_fifo_files_pattern(wireshark_t, wireshark_tmpfs_t, wireshark_tmpfs_t)
-fs_tmpfs_filetrans(wireshark_t, wireshark_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
-
-kernel_read_kernel_sysctls(wireshark_t)
-kernel_read_system_state(wireshark_t)
-kernel_read_sysctl(wireshark_t)
-
-corecmd_search_bin(wireshark_t)
-
-corenet_tcp_connect_generic_port(wireshark_t)
-corenet_tcp_sendrecv_generic_if(wireshark_t)
-
-dev_read_urand(wireshark_t)
-
-files_read_etc_files(wireshark_t)
-files_read_usr_files(wireshark_t)
-
-fs_list_inotifyfs(wireshark_t)
-fs_search_auto_mountpoints(wireshark_t)
-
-libs_read_lib_files(wireshark_t)
-
-miscfiles_read_fonts(wireshark_t)
-miscfiles_read_localization(wireshark_t)
-
-seutil_use_newrole_fds(wireshark_t)
-
-sysnet_read_config(wireshark_t)
-
-userdom_manage_user_home_content_files(wireshark_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(wireshark_t)
-	fs_manage_nfs_files(wireshark_t)
-	fs_manage_nfs_symlinks(wireshark_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(wireshark_t)
-	fs_manage_cifs_files(wireshark_t)
-	fs_manage_cifs_symlinks(wireshark_t)
-')
-
-optional_policy(`
-	nscd_socket_use(wireshark_t)
-')
-
-# Manual transition from userhelper 
-optional_policy(`
-	userhelper_use_fd(wireshark_t)
-	userhelper_sigchld(wireshark_t)
-')
-
-optional_policy(`
-	xserver_user_x_domain_template(wireshark, wireshark_t, wireshark_tmpfs_t)
-	xserver_create_xdm_tmp_sockets(wireshark_t)
-')
diff --git a/policy/modules/apps/wm.fc b/policy/modules/apps/wm.fc
deleted file mode 100644
index be30d55..0000000
--- a/policy/modules/apps/wm.fc
+++ /dev/null
@@ -1,3 +0,0 @@
-/usr/bin/twm		--	gen_context(system_u:object_r:wm_exec_t,s0)
-/usr/bin/openbox	--	gen_context(system_u:object_r:wm_exec_t,s0)
-/usr/bin/metacity	--	gen_context(system_u:object_r:wm_exec_t,s0)
diff --git a/policy/modules/apps/wm.if b/policy/modules/apps/wm.if
deleted file mode 100644
index 369c3b5..0000000
--- a/policy/modules/apps/wm.if
+++ /dev/null
@@ -1,113 +0,0 @@
-## <summary>X Window Managers</summary>
-
-#######################################
-## <summary>
-##	The role template for the wm module.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a derived domains which are used
-##	for window manager applications.
-##	</p>
-## </desc>
-## <param name="role_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-template(`wm_role_template',`
-	gen_require(`
-		type wm_exec_t;
-		class dbus send_msg;
-	')
-
-	type $1_wm_t;
-	domain_type($1_wm_t)
-	domain_entry_file($1_wm_t, wm_exec_t)
-	role $2 types $1_wm_t;
-
-	allow $1_wm_t self:fifo_file rw_fifo_file_perms;
-	allow $1_wm_t self:process getsched;
-	allow $1_wm_t self:shm create_shm_perms;
-
-	allow $1_wm_t $3:unix_stream_socket connectto;
-	allow $3 $1_wm_t:unix_stream_socket connectto;
-	allow $3 $1_wm_t:process { signal sigchld };
-	allow $1_wm_t $3:process { signull sigkill };
-
-	allow $1_wm_t $3:dbus send_msg;
-	allow $3 $1_wm_t:dbus send_msg;
-
-	domtrans_pattern($3, wm_exec_t, $1_wm_t)
-
-	kernel_read_system_state($1_wm_t)
-
-	corecmd_bin_domtrans($1_wm_t, $3)
-	corecmd_shell_domtrans($1_wm_t, $3)
-
-	dev_read_urand($1_wm_t)
-
-	files_read_etc_files($1_wm_t)
-	files_read_usr_files($1_wm_t)
-
-	fs_getattr_tmpfs($1_wm_t)
-
-	mls_file_read_all_levels($1_wm_t)
-	mls_file_write_all_levels($1_wm_t)
-	mls_xwin_read_all_levels($1_wm_t)
-	mls_xwin_write_all_levels($1_wm_t)
-	mls_fd_use_all_levels($1_wm_t)
-
-	auth_use_nsswitch($1_wm_t)
-
-	miscfiles_read_fonts($1_wm_t)
-	miscfiles_read_localization($1_wm_t)
-
-	userdom_manage_home_role($2, $1_wm_t)
-	userdom_manage_tmpfs_role($2, $1_wm_t)
-	userdom_manage_tmp_role($2, $1_wm_t)
-
-	optional_policy(`
-		dbus_system_bus_client($1_wm_t)
-		dbus_session_bus_client($1_wm_t)
-	')
-
-	optional_policy(`
-		pulseaudio_stream_connect($1_wm_t)
-	')
-
-	optional_policy(`
-		xserver_role($2, $1_wm_t)
-		xserver_manage_core_devices($1_wm_t)
-	')
-')
-
-########################################
-## <summary>
-##	Execute the wm program in the wm domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`wm_exec',`
-	gen_require(`
-		type wm_exec_t;
-	')
-
-	can_exec($1, wm_exec_t)
-')
diff --git a/policy/modules/apps/wm.te b/policy/modules/apps/wm.te
deleted file mode 100644
index aeea34d..0000000
--- a/policy/modules/apps/wm.te
+++ /dev/null
@@ -1,9 +0,0 @@
-policy_module(wm, 1.0.2)
-
-########################################
-#
-# Declarations
-#
-
-type wm_exec_t;
-corecmd_executable_file(wm_exec_t)
diff --git a/policy/modules/apps/xscreensaver.fc b/policy/modules/apps/xscreensaver.fc
deleted file mode 100644
index 29396da..0000000
--- a/policy/modules/apps/xscreensaver.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/bin/xscreensaver	--	gen_context(system_u:object_r:xscreensaver_exec_t,s0)
diff --git a/policy/modules/apps/xscreensaver.if b/policy/modules/apps/xscreensaver.if
deleted file mode 100644
index 1067bd1..0000000
--- a/policy/modules/apps/xscreensaver.if
+++ /dev/null
@@ -1,30 +0,0 @@
-## <summary>X Screensaver</summary>
-
-########################################
-## <summary>
-##	Role access for xscreensaver
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`xscreensaver_role',`
-	gen_require(`
-		type xscreensaver_t, xscreensaver_exec_t;
-	')
-
-	role $1 types xscreensaver_t;
-
-	domtrans_pattern($2, xscreensaver_exec_t, xscreensaver_t)
-
-	# Allow the user domain to signal/ps.
-	ps_process_pattern($2, xscreensaver_t)
-	allow $2 xscreensaver_t:process signal_perms;
-')
diff --git a/policy/modules/apps/xscreensaver.te b/policy/modules/apps/xscreensaver.te
deleted file mode 100644
index 1bdeb16..0000000
--- a/policy/modules/apps/xscreensaver.te
+++ /dev/null
@@ -1,44 +0,0 @@
-policy_module(xscreensaver, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type xscreensaver_t;
-type xscreensaver_exec_t;
-application_domain(xscreensaver_t, xscreensaver_exec_t)
-ubac_constrained(xscreensaver_t)
-
-type xscreensaver_tmpfs_t;
-files_tmpfs_file(xscreensaver_tmpfs_t)
-ubac_constrained(xscreensaver_tmpfs_t)
-
-########################################
-#
-# Local policy
-#
-
-allow xscreensaver_t self:fifo_file rw_fifo_file_perms;
-allow xscreensaver_t self:process signal;
-
-kernel_read_system_state(xscreensaver_t)
-
-files_read_usr_files(xscreensaver_t)
-
-auth_use_nsswitch(xscreensaver_t)
-auth_domtrans_chk_passwd(xscreensaver_t)
-
-#/var/run/utmp
-init_read_utmp(xscreensaver_t)
-
-logging_send_audit_msgs(xscreensaver_t)
-logging_send_syslog_msg(xscreensaver_t)
-
-miscfiles_read_localization(xscreensaver_t)
-
-userdom_use_user_ptys(xscreensaver_t)
-#access to .icons and ~/.xscreensaver
-userdom_read_user_home_content_files(xscreensaver_t)
-
-xserver_user_x_domain_template(xscreensaver, xscreensaver_t, xscreensaver_tmpfs_t)
diff --git a/policy/modules/apps/yam.fc b/policy/modules/apps/yam.fc
deleted file mode 100644
index 4ec6ede..0000000
--- a/policy/modules/apps/yam.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-/etc/yam\.conf		--	gen_context(system_u:object_r:yam_etc_t,s0)
-
-/usr/bin/yam		--	gen_context(system_u:object_r:yam_exec_t,s0)
-
-/var/yam(/.*)?			gen_context(system_u:object_r:yam_content_t,s0)
-/var/www/yam(/.*)?		gen_context(system_u:object_r:yam_content_t,s0)
diff --git a/policy/modules/apps/yam.if b/policy/modules/apps/yam.if
deleted file mode 100644
index 07015a2..0000000
--- a/policy/modules/apps/yam.if
+++ /dev/null
@@ -1,66 +0,0 @@
-## <summary>Yum/Apt Mirroring</summary>
-
-########################################
-## <summary>
-##	Execute yam in the yam domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`yam_domtrans',`
-	gen_require(`
-		type yam_t, yam_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, yam_exec_t, yam_t)
-')
-
-########################################
-## <summary>
-##	Execute yam in the yam domain, and
-##	allow the specified role the yam domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`yam_run',`
-	gen_require(`
-		type yam_t;
-	')
-
-	yam_domtrans($1)
-	role $2 types yam_t;
-')
-
-########################################
-## <summary>
-##	Read yam content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`yam_read_content',`
-	gen_require(`
-		type yam_content_t;
-	')
-
-	allow $1 yam_content_t:dir list_dir_perms;
-	read_files_pattern($1, yam_content_t, yam_content_t)
-	read_lnk_files_pattern($1, yam_content_t, yam_content_t)
-')
diff --git a/policy/modules/apps/yam.te b/policy/modules/apps/yam.te
deleted file mode 100644
index 223ad43..0000000
--- a/policy/modules/apps/yam.te
+++ /dev/null
@@ -1,124 +0,0 @@
-policy_module(yam, 1.4.0)
-
-########################################
-#
-# Declarations
-#
-
-type yam_t alias yam_crond_t;
-type yam_exec_t;
-application_domain(yam_t, yam_exec_t)
-
-type yam_content_t;
-files_mountpoint(yam_content_t)
-
-type yam_etc_t;
-files_config_file(yam_etc_t)
-
-type yam_tmp_t;
-files_tmp_file(yam_tmp_t)
-
-########################################
-#
-# Local policy
-#
-
-allow yam_t self:capability { chown fowner fsetid dac_override };
-allow yam_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow yam_t self:process execmem;
-allow yam_t self:fd use;
-allow yam_t self:fifo_file rw_fifo_file_perms;
-allow yam_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow yam_t self:unix_dgram_socket { create_socket_perms sendto };
-allow yam_t self:shm create_shm_perms;
-allow yam_t self:sem create_sem_perms;
-allow yam_t self:msgq create_msgq_perms;
-allow yam_t self:msg { send receive };
-allow yam_t self:tcp_socket create_socket_perms;
-
-# Update the content being managed by yam.
-manage_dirs_pattern(yam_t, yam_content_t, yam_content_t)
-manage_files_pattern(yam_t, yam_content_t, yam_content_t)
-manage_lnk_files_pattern(yam_t, yam_content_t, yam_content_t)
-
-allow yam_t yam_etc_t:file read_file_perms;
-files_search_etc(yam_t)
-
-manage_files_pattern(yam_t, yam_tmp_t, yam_tmp_t)
-manage_dirs_pattern(yam_t, yam_tmp_t, yam_tmp_t)
-files_tmp_filetrans(yam_t, yam_tmp_t, { file dir })
-
-kernel_read_kernel_sysctls(yam_t)
-kernel_read_proc_symlinks(yam_t)
-# Python works fine without reading /proc/meminfo
-kernel_dontaudit_read_system_state(yam_t)
-
-corecmd_exec_shell(yam_t)
-corecmd_exec_bin(yam_t)
-
-# Rsync and lftp need to network.  They also set files attributes to
-# match whats on the remote server.
-corenet_all_recvfrom_unlabeled(yam_t)
-corenet_all_recvfrom_netlabel(yam_t)
-corenet_tcp_sendrecv_generic_if(yam_t)
-corenet_tcp_sendrecv_generic_node(yam_t)
-corenet_tcp_sendrecv_all_ports(yam_t)
-corenet_tcp_connect_http_port(yam_t)
-corenet_tcp_connect_rsync_port(yam_t)
-corenet_sendrecv_http_client_packets(yam_t)
-corenet_sendrecv_rsync_client_packets(yam_t)
-
-# mktemp
-dev_read_urand(yam_t)
-
-files_read_etc_files(yam_t)
-files_read_etc_runtime_files(yam_t)
-# /usr/share/createrepo/genpkgmetadata.py:
-files_exec_usr_files(yam_t)
-# Programs invoked to build package lists need various permissions.
-# genpkglist creates tmp files in /var/cache/apt/genpkglist
-files_rw_var_files(yam_t)
-
-fs_search_auto_mountpoints(yam_t)
-# Content can also be on ISO image files.
-fs_read_iso9660_files(yam_t)
-
-logging_send_syslog_msg(yam_t)
-
-miscfiles_read_localization(yam_t)
-
-seutil_read_config(yam_t)
-
-sysnet_dns_name_resolve(yam_t)
-sysnet_read_config(yam_t)
-
-userdom_use_user_terminals(yam_t)
-userdom_use_unpriv_users_fds(yam_t)
-# Reading dotfiles...
-# cjp: ?
-userdom_search_user_home_dirs(yam_t)
-
-# The whole point of this program is to make updates available on a
-# local web server.  Need to go through /var to get to /var/yam
-# Go through /var/www to get to /var/www/yam
-apache_search_sys_content(yam_t)
-
-optional_policy(`
-	cron_system_entry(yam_t, yam_exec_t)
-')
-
-optional_policy(`
-	mount_domtrans(yam_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(yam_t)
-')
-
-optional_policy(`
-	nscd_socket_use(yam_t)
-')
-
-optional_policy(`
-	rsync_exec(yam_t)
-')
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
deleted file mode 100644
index 46af2a4..0000000
--- a/policy/modules/kernel/corecommands.fc
+++ /dev/null
@@ -1,392 +0,0 @@
-
-#
-# /bin
-#
-/bin				-d	gen_context(system_u:object_r:bin_t,s0)
-/bin/.*					gen_context(system_u:object_r:bin_t,s0)
-/bin/d?ash			--	gen_context(system_u:object_r:shell_exec_t,s0)
-/bin/bash			--	gen_context(system_u:object_r:shell_exec_t,s0)
-/bin/bash2			--	gen_context(system_u:object_r:shell_exec_t,s0)
-/bin/fish			--	gen_context(system_u:object_r:shell_exec_t,s0)
-/bin/ksh.*			--	gen_context(system_u:object_r:shell_exec_t,s0)
-/bin/mksh			--	gen_context(system_u:object_r:shell_exec_t,s0)
-/bin/mountpoint			--	gen_context(system_u:object_r:bin_t,s0)
-/bin/sash			--	gen_context(system_u:object_r:shell_exec_t,s0)
-/bin/tcsh			--	gen_context(system_u:object_r:shell_exec_t,s0)
-/bin/yash			--  gen_context(system_u:object_r:shell_exec_t,s0)
-/bin/zsh.*			--	gen_context(system_u:object_r:shell_exec_t,s0)
-
-#
-# /dev
-#
-/dev/MAKEDEV			--	gen_context(system_u:object_r:bin_t,s0)
-
-#
-# /emul
-#
-ifdef(`distro_redhat',`
-/emul/ia32-linux/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/emul/ia32-linux/sbin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/emul/ia32-linux/usr(/.*)?/bin(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-/emul/ia32-linux/usr(/.*)?/Bin(/.*)? 	gen_context(system_u:object_r:bin_t,s0)
-/emul/ia32-linux/usr(/.*)?/sbin(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-/emul/ia32-linux/usr/libexec(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-')
-
-#
-# /etc
-#
-/etc/acpi/actions(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-
-/etc/apcupsd/apccontrol		--	gen_context(system_u:object_r:bin_t,s0)
-/etc/apcupsd/changeme		--	gen_context(system_u:object_r:bin_t,s0)
-/etc/apcupsd/commfailure	--	gen_context(system_u:object_r:bin_t,s0)
-/etc/apcupsd/commok		--	gen_context(system_u:object_r:bin_t,s0)
-/etc/apcupsd/masterconnect	--	gen_context(system_u:object_r:bin_t,s0)
-/etc/apcupsd/mastertimeout	--	gen_context(system_u:object_r:bin_t,s0)
-/etc/apcupsd/offbattery		--	gen_context(system_u:object_r:bin_t,s0)
-/etc/apcupsd/onbattery		--	gen_context(system_u:object_r:bin_t,s0)
-
-/etc/avahi/.*\.action 		--	gen_context(system_u:object_r:bin_t,s0)
-
-/etc/cipe/ip-up.*		--	gen_context(system_u:object_r:bin_t,s0)
-/etc/cipe/ip-down.*		--	gen_context(system_u:object_r:bin_t,s0)
-
-/etc/ConsoleKit/run-seat\.d(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-/etc/ConsoleKit/run-session\.d(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-
-/etc/cron.daily(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-/etc/cron.hourly(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-/etc/cron.weekly(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-/etc/cron.monthly(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-
-/etc/dhcp/dhclient\.d(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-
-/etc/hotplug/.*agent		--	gen_context(system_u:object_r:bin_t,s0)
-/etc/hotplug/.*rc		-- 	gen_context(system_u:object_r:bin_t,s0)
-/etc/hotplug/hotplug\.functions --	gen_context(system_u:object_r:bin_t,s0)
-/etc/hotplug\.d/default/default.*	gen_context(system_u:object_r:bin_t,s0)
-
-/etc/init\.d/functions		--	gen_context(system_u:object_r:bin_t,s0)
-
-/etc/mail/make			--	gen_context(system_u:object_r:bin_t,s0)
-/etc/mgetty\+sendfax/new_fax	--	gen_context(system_u:object_r:bin_t,s0)
-
-/etc/netplug\.d(/.*)? 	 		gen_context(system_u:object_r:bin_t,s0)
-
-/etc/PackageKit/events(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-
-/etc/pm/power\.d(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-/etc/pm/sleep\.d(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-
-/etc/ppp/ip-down\..*		--	gen_context(system_u:object_r:bin_t,s0)
-/etc/ppp/ip-up\..*		--	gen_context(system_u:object_r:bin_t,s0)
-/etc/ppp/ipv6-up\..*		--	gen_context(system_u:object_r:bin_t,s0)
-/etc/ppp/ipv6-down\..*		--	gen_context(system_u:object_r:bin_t,s0)
-
-/etc/racoon/scripts(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-
-/etc/rc\.d/init\.d/functions	--	gen_context(system_u:object_r:bin_t,s0)
-
-/etc/security/namespace.init	--	gen_context(system_u:object_r:bin_t,s0)
-
-/etc/sysconfig/crond		-- gen_context(system_u:object_r:bin_t,s0)
-/etc/sysconfig/init		-- gen_context(system_u:object_r:bin_t,s0)
-/etc/sysconfig/libvirtd		-- gen_context(system_u:object_r:bin_t,s0)
-/etc/sysconfig/netconsole	-- gen_context(system_u:object_r:bin_t,s0)
-/etc/sysconfig/readonly-root 	-- gen_context(system_u:object_r:bin_t,s0)
-
-/etc/sysconfig/network-scripts/ifup.*	gen_context(system_u:object_r:bin_t,s0)
-/etc/sysconfig/network-scripts/ifdown.* gen_context(system_u:object_r:bin_t,s0)
-/etc/sysconfig/network-scripts/net.* gen_context(system_u:object_r:bin_t,s0)
-/etc/sysconfig/network-scripts/init.* gen_context(system_u:object_r:bin_t,s0)
-
-/etc/X11/xdm/GiveConsole	--	gen_context(system_u:object_r:bin_t,s0)
-/etc/X11/xdm/TakeConsole	--	gen_context(system_u:object_r:bin_t,s0)
-/etc/X11/xdm/Xsetup_0		--	gen_context(system_u:object_r:bin_t,s0)
-/etc/X11/xinit(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-
-/etc/pki/tls/certs/make-dummy-cert -- 	gen_context(system_u:object_r:bin_t,s0)
-/etc/pki/tls/misc(/.*)?		-- 	gen_context(system_u:object_r:bin_t,s0)
-
-/etc/profile.d(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-/etc/xen/qemu-ifup		--	gen_context(system_u:object_r:bin_t,s0)
-/etc/xen/scripts(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-
-ifdef(`distro_debian',`
-/etc/mysql/debian-start		--	gen_context(system_u:object_r:bin_t,s0)
-')
-
-/etc/vmware-tools(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-
-#
-# /lib
-#
-
-/lib/udev/[^/]*			--	gen_context(system_u:object_r:bin_t,s0)
-/lib/udev/scsi_id		--	gen_context(system_u:object_r:bin_t,s0)
-/lib64/udev/[^/]*		--	gen_context(system_u:object_r:bin_t,s0)
-
-ifdef(`distro_gentoo',`
-/lib/dhcpcd/dhcpcd-run-hooks	--	gen_context(system_u:object_r:bin_t,s0)
-/lib64/dhcpcd/dhcpcd-run-hooks	--	gen_context(system_u:object_r:bin_t,s0)
-
-/lib/rcscripts/addons(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/lib/rcscripts/sh(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-/lib/rcscripts/net\.modules\.d/helpers\.d/dhclient-.* -- gen_context(system_u:object_r:bin_t,s0)
-/lib/rcscripts/net\.modules\.d/helpers\.d/udhcpc-.* -- gen_context(system_u:object_r:bin_t,s0)
-')
-/lib/readahead(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-/lib/upstart(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-
-#
-# /sbin
-#
-/sbin				-d	gen_context(system_u:object_r:bin_t,s0)
-/sbin/.*				gen_context(system_u:object_r:bin_t,s0)
-/sbin/insmod_ksymoops_clean	--	gen_context(system_u:object_r:bin_t,s0)
-/sbin/mkfs\.cramfs		--	gen_context(system_u:object_r:bin_t,s0)
-/sbin/nologin			--	gen_context(system_u:object_r:shell_exec_t,s0)
-
-#
-# /opt
-#
-/opt/(.*/)?bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-
-/opt/(.*/)?libexec(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-
-/opt/(.*/)?sbin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-
-/opt/google/talkplugin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-
-/opt/gutenprint/cups/lib/filter(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-
-/opt/OpenPrinting-Gutenprint/cups/lib/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
-
-ifdef(`distro_gentoo',`
-/opt/RealPlayer/realplay(\.bin)?	gen_context(system_u:object_r:bin_t,s0)
-/opt/RealPlayer/postint(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
-')
-
-#
-# /usr
-#
-/usr/(.*/)?Bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-/usr/(.*/)?bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-/usr/bin/git-shell		--	gen_context(system_u:object_r:shell_exec_t,s0)
-/usr/bin/fish			--	gen_context(system_u:object_r:shell_exec_t,s0)
-/usr/bin/scponly		--	gen_context(system_u:object_r:shell_exec_t,s0)
-
-/usr/lib(.*/)?bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-
-/usr/(.*/)?sbin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(.*/)?sbin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-
-/usr/lib/ccache/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/lib/fence(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-/usr/lib/pgsql/test/regress/.*\.sh --	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib/qt.*/bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/mediawiki/math/texvc.*	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/apt/methods.+	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/ConsoleKit/scripts(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/ConsoleKit/run-session.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/courier(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/cups(/.*)? 		gen_context(system_u:object_r:bin_t,s0)
-
-/usr/lib(64)?/cyrus-imapd/.*	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/dpkg/.+		--	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/emacsen-common/.*		gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/ipsec/.*		--	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/mailman/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/mailman/mail(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/misc/sftp-server	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/nagios/plugins(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/netsaint/plugins(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/news/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/portage/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/sftp-server	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/vte/gnome-pty-helper --	gen_context(system_u:object_r:bin_t,s0)
-
-/usr/lib(64)?/debug/bin(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/debug/sbin(/.*)? --	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/debug/usr/bin(/.*)? --	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/debug/usr/sbin(/.*)? --	gen_context(system_u:object_r:bin_t,s0)
-
-/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird -- gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird-bin -- gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/[^/]*thunderbird[^/]*/open-browser\.sh -- gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/[^/]*/run-mozilla\.sh --	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/[^/]*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/thunderbird.*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
-
-/usr/lib(64)?/xen/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-
-/usr/libexec(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-/usr/libexec/git-core/git-shell	--	gen_context(system_u:object_r:shell_exec_t,s0)
-/usr/libexec/sesh		--	gen_context(system_u:object_r:shell_exec_t,s0)
-
-/usr/libexec/openssh/sftp-server --	gen_context(system_u:object_r:bin_t,s0)
-
-/usr/local/lib(64)?/ipsec/.*	-- 	gen_context(system_u:object_r:bin_t,s0)
-/usr/local/Brother(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/local/Printer(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/local/linuxprinter/filters(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-
-/usr/sbin/scponlyc		--	gen_context(system_u:object_r:shell_exec_t,s0)
-/usr/sbin/sesh			--	gen_context(system_u:object_r:shell_exec_t,s0)
-/usr/sbin/smrsh			--	gen_context(system_u:object_r:shell_exec_t,s0)
-
-/usr/share/ajaxterm/qweb.py.* --	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/ajaxterm/ajaxterm.py.* --	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/apr-0/build/[^/]+\.sh --	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/apr-0/build/libtool --	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/dayplanner/dayplanner --	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/debconf/.+		--	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/denyhosts/scripts(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/denyhosts/plugins(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/cluster/.*\.sh		gen_context(system_u:object_r:bin_t,s0)
-/usr/share/cluster/ocf-shellfuncs  --   gen_context(system_u:object_r:bin_t,s0)
-/usr/share/cluster/svclib_nfslock --	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/e16/misc(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/share/gedit-2/plugins/externaltools/tools(/.*)? gen_context(system_u:object_r:bin_t,s0)
-/usr/share/gitolite/hooks/common/update         --      gen_context(system_u:object_r:bin_t,s0)
-/usr/share/gitolite/hooks/gitolite-admin/post-update -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/hal/scripts(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/share/mc/extfs/.*		--	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/Modules/init(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/share/printconf/util/print\.py --	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/PackageKit/pk-upgrade-distro\.sh -- 	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/PackageKit/helpers(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/sandbox/sandboxX.sh	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/sectool/.*\.py	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/smolt/client(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/share/shorewall/compiler\.pl --	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/shorewall/configpath	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/shorewall-perl(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/share/shorewall-shell(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/shorewall-lite(/.*)? 	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/shorewall6-lite(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/spamassassin/sa-update\.cron gen_context(system_u:object_r:bin_t,s0)
-/usr/share/turboprint/lib(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/vhostmd/scripts(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-
-/usr/X11R6/lib(64)?/X11/xkb/xkbcomp --	gen_context(system_u:object_r:bin_t,s0)
-
-ifdef(`distro_gentoo', `
-/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-/usr/.*-.*-linux-gnu/binutils-bin(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-')
-
-ifdef(`distro_redhat', `
-/etc/gdm/XKeepsCrashing[^/]*	--	gen_context(system_u:object_r:bin_t,s0)
-/etc/gdm/[^/]+			-d	gen_context(system_u:object_r:bin_t,s0)
-/etc/gdm/[^/]+/.*			gen_context(system_u:object_r:bin_t,s0)
-
-/usr/lib/.*/program(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/lib64/.*/program(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/lib/bluetooth(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib64/bluetooth(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib/vmware-tools/(s)?bin32(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib/vmware-tools/(s)?bin64(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/authconfig/authconfig\.py --	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/cvs/contrib/rcs2log	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/clamav/clamd-gen	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/clamav/freshclam-sleep --	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/createrepo(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/share/fedora-usermgmt/wrapper --	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/hplip/[^/]*		--	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/hwbrowser/hwbrowser --	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/pwlib/make/ptlib-config --	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/pydict/pydict\.py	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/rhn/rhn_applet/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/rhn/rhn_applet/needed-packages\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/ssl/misc(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/share/switchdesk/switchdesk-gui\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-date/system-config-date\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-selinux/polgen\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-selinux/system-config-selinux\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-display/system-config-display -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-httpd/system-config-httpd -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-keyboard/system-config-keyboard -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-language/system-config-language -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-lvm/system-config-lvm\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-mouse/system-config-mouse -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-netboot/system-config-netboot\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-netboot/pxeos\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-netboot/pxeboot\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-network(/netconfig)?/[^/]+\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-network/neat-control\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-nfs/nfs-export\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-nfs/system-config-nfs\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-printer/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-rootpassword/system-config-rootpassword -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-samba/system-config-samba\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-securitylevel/system-config-securitylevel\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-services/gui\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-services/serviceconf\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-services/system-config-services -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-soundcard/system-config-soundcard -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-users/system-config-users -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-logviewer/system-logviewer\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/texmf/web2c/mktexdir	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/texmf/web2c/mktexnam	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/texmf/web2c/mktexupd	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/texmf/texconfig/tcfmgr	--	gen_context(system_u:object_r:bin_t,s0)
-')
-
-ifdef(`distro_suse', `
-/usr/lib/cron/run-crons		--	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib/samba/classic/.*	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/ssh/.*		--	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/apache2/[^/]*	--	gen_context(system_u:object_r:bin_t,s0)
-')
-
-#
-# /var
-#
-/var/mailman/bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-
-/var/ftp/bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-
-/usr/lib/yp/.+			--	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib64/yp/.+		--	gen_context(system_u:object_r:bin_t,s0)
-
-/var/qmail/bin			-d	gen_context(system_u:object_r:bin_t,s0)
-/var/qmail/bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-/var/qmail/rc			--	gen_context(system_u:object_r:bin_t,s0)
-
-ifdef(`distro_suse',`
-/var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
-')
-/var/lib/asterisk/agi-bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-
-/lib/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
-/lib64/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
-
-/lib/systemd/systemd.* -- gen_context(system_u:object_r:bin_t,s0)
-
-/usr/lib/oracle/xe/apps(/.*)?  gen_context(system_u:object_r:bin_t,s0)
-
-/usr/lib(64)?/pm-utils(/.*)?  gen_context(system_u:object_r:bin_t,s0)
-
-/usr/lib/wicd/monitor.py 	-- 	gen_context(system_u:object_r:bin_t, s0)
-
-/usr/lib(64)?/nspluginwrapper/np.*	gen_context(system_u:object_r:bin_t,s0)
-
-/usr/lib(64)?/rpm/rpmd		-- 	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/rpm/rpmq		-- 	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/rpm/rpmk		-- 	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/rpm/rpmv		-- 	gen_context(system_u:object_r:bin_t,s0)
-
-/usr/lib(64)?/gimp/.*/plug-ins(/.*)?  gen_context(system_u:object_r:bin_t,s0)
-
-/etc/kde/env(/.*)?  gen_context(system_u:object_r:bin_t,s0)
-/etc/kde/shutdown(/.*)?  gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
deleted file mode 100644
index ae853de..0000000
--- a/policy/modules/kernel/corecommands.if
+++ /dev/null
@@ -1,1094 +0,0 @@
-## <summary>
-## Core policy for shells, and generic programs
-## in /bin, /sbin, /usr/bin, and /usr/sbin.
-## </summary>
-## <required val="true">
-##	Contains the base bin and sbin directory types
-##	which need to be searched for the kernel to
-##	run init.
-## </required>
-
-########################################
-## <summary>
-##	Make the specified type usable for files
-##	that are exectuables, such as binary programs.
-##	This does not include shared libraries.
-## </summary>
-## <param name="type">
-##	<summary>
-##	Type to be used for files.
-##	</summary>
-## </param>
-#
-interface(`corecmd_executable_file',`
-	gen_require(`
-		attribute exec_type;
-	')
-
-	typeattribute $1 exec_type;
-
-	files_type($1)
-')
-
-########################################
-## <summary>
-##	Create a aliased type to generic bin files.  (Deprecated)
-## </summary>
-## <desc>
-##	<p>
-##	Create a aliased type to generic bin files.  (Deprecated)
-##	</p>
-##	<p>
-##	This is added to support targeted policy.  Its
-##	use should be limited.  It has no effect
-##	on the strict policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Alias type for bin_t.
-##	</summary>
-## </param>
-#
-interface(`corecmd_bin_alias',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Make general progams in bin an entrypoint for
-##	the specified domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The domain for which bin_t is an entrypoint.
-##	</summary>
-## </param>
-#
-interface(`corecmd_bin_entry_type',`
-	gen_require(`
-		type bin_t;
-	')
-
-	domain_entry_file($1, bin_t)
-')
-
-########################################
-## <summary>
-##	Make general progams in sbin an entrypoint for
-##	the specified domain.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The domain for which sbin programs are an entrypoint.
-##	</summary>
-## </param>
-#
-interface(`corecmd_sbin_entry_type',`
-	corecmd_bin_entry_type($1)
-	refpolicywarn(`$0() has been deprecated, please use corecmd_bin_entry_type() instead.')
-')
-
-########################################
-## <summary>
-##	Make the shell an entrypoint for the specified domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The domain for which the shell is an entrypoint.
-##	</summary>
-## </param>
-#
-interface(`corecmd_shell_entry_type',`
-	gen_require(`
-		type shell_exec_t;
-	')
-
-	domain_entry_file($1, shell_exec_t)
-')
-
-########################################
-## <summary>
-##	Search the contents of bin directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_search_bin',`
-	gen_require(`
-		type bin_t;
-	')
-
-	search_dirs_pattern($1, bin_t, bin_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search the contents of bin directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corecmd_dontaudit_search_bin',`
-	gen_require(`
-		type bin_t;
-	')
-
-	dontaudit $1 bin_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List the contents of bin directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_list_bin',`
-	gen_require(`
-		type bin_t;
-	')
-
-	list_dirs_pattern($1, bin_t, bin_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write bin directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corecmd_dontaudit_write_bin_dirs',`
-	gen_require(`
-		type bin_t;
-	')
-
-	dontaudit $1 bin_t:dir write;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write bin files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corecmd_dontaudit_write_bin_files',`
-	gen_require(`
-		type bin_t;
-	')
-
-	dontaudit $1 bin_t:file write;
-')
-
-########################################
-## <summary>
-##	Get the attributes of files in bin directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_getattr_bin_files',`
-	gen_require(`
-		type bin_t;
-	')
-
-	getattr_files_pattern($1, bin_t, bin_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of files in bin directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_dontaudit_getattr_bin_files',`
-	gen_require(`
-		type bin_t;
-	')
-
-	dontaudit $1 bin_t:dir search_dir_perms;
-	dontaudit $1 bin_t:file getattr_file_perms;
-')
-
-########################################
-## <summary>
-##	Read files in bin directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_read_bin_files',`
-	gen_require(`
-		type bin_t;
-	')
-
-	read_files_pattern($1, bin_t, bin_t)
-')
-
-########################################
-## <summary>
-##	Read symbolic links in bin directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_read_bin_symlinks',`
-	gen_require(`
-		type bin_t;
-	')
-
-	read_lnk_files_pattern($1, bin_t, bin_t)
-')
-
-########################################
-## <summary>
-##	Read pipes in bin directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_read_bin_pipes',`
-	gen_require(`
-		type bin_t;
-	')
-
-	read_fifo_files_pattern($1, bin_t, bin_t)
-')
-
-########################################
-## <summary>
-##	Read named sockets in bin directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_read_bin_sockets',`
-	gen_require(`
-		type bin_t;
-	')
-
-	read_sock_files_pattern($1, bin_t, bin_t)
-')
-
-########################################
-## <summary>
-##	Execute generic programs in bin directories,
-##	in the caller domain.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to execute generic programs
-##	in system bin directories (/bin, /sbin, /usr/bin,
-##	/usr/sbin) a without domain transition.
-##	</p>
-##	<p>
-##	Typically, this interface should be used when the domain
-##	executes general system progams within the privileges
-##	of the source domain.  Some examples of these programs
-##	are ls, cp, sed, python, and tar. This does not include
-##	shells, such as bash.
-##	</p>
-##	<p>
-##	Related interface:
-##	</p>
-##	<ul>
-##		<li>corecmd_exec_shell()</li>
-##	</ul>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_exec_bin',`
-	gen_require(`
-		type bin_t;
-	')
-
-	read_lnk_files_pattern($1, bin_t, bin_t)
-	list_dirs_pattern($1, bin_t, bin_t)
-	can_exec($1, bin_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete bin files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_manage_bin_files',`
-	gen_require(`
-		type bin_t;
-	')
-
-	manage_files_pattern($1, bin_t, bin_t)
-')
-
-########################################
-## <summary>
-##	Relabel to and from the bin type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_relabel_bin_files',`
-	gen_require(`
-		type bin_t;
-	')
-
-	relabel_files_pattern($1, bin_t, bin_t)
-')
-
-########################################
-## <summary>
-##	Mmap a bin file as executable.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_mmap_bin_files',`
-	gen_require(`
-		type bin_t;
-	')
-
-	mmap_files_pattern($1, bin_t, bin_t)
-')
-
-########################################
-## <summary>
-##	Execute a file in a bin directory
-##	in the specified domain but do not
-##	do it automatically. This is an explicit
-##	transition, requiring the caller to use setexeccon().
-## </summary>
-## <desc>
-##	<p>
-##	Execute a file in a bin directory
-##	in the specified domain.  This allows
-##	the specified domain to execute any file
-##	on these filesystems in the specified
-##	domain.  This is not suggested.
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-##	<p>
-##	This interface was added to handle
-##	the userhelper policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the new process.
-##	</summary>
-## </param>
-#
-interface(`corecmd_bin_spec_domtrans',`
-	gen_require(`
-		type bin_t;
-	')
-
-	read_lnk_files_pattern($1, bin_t, bin_t)
-	domain_transition_pattern($1, bin_t, $2)
-')
-
-########################################
-## <summary>
-##	Execute a file in a bin directory
-##	in the specified domain.
-## </summary>
-## <desc>
-##	<p>
-##	Execute a file in a bin directory
-##	in the specified domain.  This allows
-##	the specified domain to execute any file
-##	on these filesystems in the specified
-##	domain.  This is not suggested.
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-##	<p>
-##	This interface was added to handle
-##	the ssh-agent policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the new process.
-##	</summary>
-## </param>
-#
-interface(`corecmd_bin_domtrans',`
-	gen_require(`
-		type bin_t;
-	')
-
-	corecmd_bin_spec_domtrans($1, $2)
-	type_transition $1 bin_t:process $2;
-')
-
-########################################
-## <summary>
-##	Search the contents of sbin directories.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_search_sbin',`
-	corecmd_search_bin($1)
-	refpolicywarn(`$0() has been deprecated, please use corecmd_search_bin() instead.')
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search
-##	sbin directories.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corecmd_dontaudit_search_sbin',`
-	corecmd_dontaudit_search_bin($1)
-	refpolicywarn(`$0() has been deprecated, please use corecmd_dontaudit_search_bin() instead.')
-')
-
-########################################
-## <summary>
-##	List the contents of sbin directories.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_list_sbin',`
-	corecmd_list_bin($1)
-	refpolicywarn(`$0() has been deprecated, please use corecmd_list_bin() instead.')
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write
-##	sbin directories.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corecmd_dontaudit_write_sbin_dirs',`
-	corecmd_dontaudit_write_bin_dirs($1)
-	refpolicywarn(`$0() has been deprecated, please use corecmd_dontaudit_write_bin_dirs() instead.')
-')
-
-########################################
-## <summary>
-##	Get the attributes of sbin files.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_getattr_sbin_files',`
-	corecmd_getattr_bin_files($1)
-	refpolicywarn(`$0() has been deprecated, please use corecmd_getattr_bin_files() instead.')
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attibutes
-##	of sbin files.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corecmd_dontaudit_getattr_sbin_files',`
-	corecmd_dontaudit_getattr_bin_files($1)
-	refpolicywarn(`$0() has been deprecated, please use corecmd_dontaudit_getattr_bin_files() instead.')
-')
-
-########################################
-## <summary>
-##	Read files in sbin directories.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_read_sbin_files',`
-	corecmd_read_bin_files($1)
-	refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_files() instead.')
-')
-
-########################################
-## <summary>
-##	Read symbolic links in sbin directories.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_read_sbin_symlinks',`
-	corecmd_read_bin_symlinks($1)
-	refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_symlinks() instead.')
-')
-
-########################################
-## <summary>
-##	Read named pipes in sbin directories.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_read_sbin_pipes',`
-	corecmd_read_bin_pipes($1)
-	refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_pipes() instead.')
-')
-
-########################################
-## <summary>
-##	Read named sockets in sbin directories.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_read_sbin_sockets',`
-	corecmd_read_bin_sockets($1)
-	refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_sockets() instead.')
-')
-
-########################################
-## <summary>
-##	Execute generic programs in sbin directories,
-##	in the caller domain.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_exec_sbin',`
-	corecmd_exec_bin($1)
-	refpolicywarn(`$0() has been deprecated, please use corecmd_exec_bin() instead.')
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete sbin files.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for prelink
-interface(`corecmd_manage_sbin_files',`
-	corecmd_manage_bin_files($1)
-	refpolicywarn(`$0() has been deprecated, please use corecmd_manage_bin_files() instead.')
-')
-
-########################################
-## <summary>
-##	Relabel to and from the sbin type.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for prelink
-interface(`corecmd_relabel_sbin_files',`
-	corecmd_relabel_bin_files($1)
-	refpolicywarn(`$0() has been deprecated, please use corecmd_relabel_bin_files() instead.')
-')
-
-########################################
-## <summary>
-##	Mmap a sbin file as executable.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for prelink
-interface(`corecmd_mmap_sbin_files',`
-	corecmd_mmap_bin_files($1)
-	refpolicywarn(`$0() has been deprecated, please use corecmd_mmap_bin_files() instead.')
-')
-
-########################################
-## <summary>
-##	Execute a file in a sbin directory
-##	in the specified domain.  (Deprecated)
-## </summary>
-## <desc>
-##	<p>
-##	Execute a file in a sbin directory
-##	in the specified domain.  This allows
-##	the specified domain to execute any file
-##	on these filesystems in the specified
-##	domain.  This is not suggested.  (Deprecated)
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-##	<p>
-##	This interface was added to handle
-##	the ssh-agent policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the new process.
-##	</summary>
-## </param>
-#
-interface(`corecmd_sbin_domtrans',`
-	corecmd_bin_domtrans($1, $2)
-	refpolicywarn(`$0() has been deprecated, please use corecmd_bin_domtrans() instead.')
-')
-
-########################################
-## <summary>
-##	Execute a file in a sbin directory
-##	in the specified domain but do not
-##	do it automatically. This is an explicit
-##	transition, requiring the caller to use setexeccon().  (Deprecated)
-## </summary>
-## <desc>
-##	<p>
-##	Execute a file in a sbin directory
-##	in the specified domain.  This allows
-##	the specified domain to execute any file
-##	on these filesystems in the specified
-##	domain.  This is not suggested.  (Deprecated)
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-##	<p>
-##	This interface was added to handle
-##	the userhelper policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the new process.
-##	</summary>
-## </param>
-#
-interface(`corecmd_sbin_spec_domtrans',`
-	corecmd_bin_spec_domtrans($1, $2)
-	refpolicywarn(`$0() has been deprecated, please use corecmd_bin_spec_domtrans() instead.')
-')
-
-########################################
-## <summary>
-##	Check if a shell is executable (DAC-wise).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_check_exec_shell',`
-	gen_require(`
-		type bin_t, shell_exec_t;
-	')
-
-	list_dirs_pattern($1, bin_t, bin_t)
-	read_lnk_files_pattern($1, bin_t, bin_t)
-	allow $1 shell_exec_t:file execute;
-')
-
-########################################
-## <summary>
-##	Execute shells in the caller domain.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to execute shells without
-##	a domain transition.
-##	</p>
-##	<p>
-##	Typically, this interface should be used when the domain
-##	executes shells within the privileges
-##	of the source domain.  Some examples of these programs
-##	are bash, tcsh, and zsh.
-##	</p>
-##	<p>
-##	Related interface:
-##	</p>
-##	<ul>
-##		<li>corecmd_exec_bin()</li>
-##	</ul>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_exec_shell',`
-	gen_require(`
-		type bin_t, shell_exec_t;
-	')
-
-	list_dirs_pattern($1, bin_t, bin_t)
-	read_lnk_files_pattern($1, bin_t, bin_t)
-	can_exec($1, shell_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute ls in the caller domain.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_exec_ls',`
-	corecmd_exec_bin($1)
-	refpolicywarn(`$0() has been deprecated, please use corecmd_exec_bin() instead.')
-')
-
-########################################
-## <summary>
-##	Execute a shell in the target domain.  This
-##	is an explicit transition, requiring the
-##	caller to use setexeccon().
-## </summary>
-## <desc>
-##	<p>
-##	Execute a shell in the target domain.  This
-##	is an explicit transition, requiring the
-##	caller to use setexeccon().
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the shell process.
-##	</summary>
-## </param>
-#
-interface(`corecmd_shell_spec_domtrans',`
-	gen_require(`
-		type bin_t, shell_exec_t;
-	')
-
-	list_dirs_pattern($1, bin_t, bin_t)
-	read_lnk_files_pattern($1, bin_t, bin_t)
-	domain_transition_pattern($1, shell_exec_t, $2)
-')
-
-########################################
-## <summary>
-##	Execute a shell in the specified domain.
-## </summary>
-## <desc>
-##	<p>
-##	Execute a shell in the specified domain.
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the shell process.
-##	</summary>
-## </param>
-#
-interface(`corecmd_shell_domtrans',`
-	gen_require(`
-		type shell_exec_t;
-	')
-
-	corecmd_shell_spec_domtrans($1, $2)
-	type_transition $1 shell_exec_t:process $2;
-')
-
-########################################
-## <summary>
-##	Execute chroot in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_exec_chroot',`
-	gen_require(`
-		type chroot_exec_t;
-	')
-
-	read_lnk_files_pattern($1, bin_t, bin_t)
-	can_exec($1, chroot_exec_t)
-	allow $1 self:capability sys_chroot;
-')
-
-########################################
-## <summary>
-##	Get the attributes of all executable files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`corecmd_getattr_all_executables',`
-	gen_require(`
-		attribute exec_type;
-		type bin_t;
-	')
-
-	allow $1 bin_t:dir list_dir_perms;
-	getattr_files_pattern($1, bin_t, exec_type)
-')
-
-########################################
-## <summary>
-##	Read all executable files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`corecmd_read_all_executables',`
-	gen_require(`
-		attribute exec_type;
-	')
-
-	read_files_pattern($1, exec_type, exec_type)
-')
-
-########################################
-## <summary>
-##	Execute all executable files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`corecmd_exec_all_executables',`
-	gen_require(`
-		attribute exec_type;
-		type bin_t;
-	')
-
-	can_exec($1, exec_type)
-	list_dirs_pattern($1, bin_t, bin_t)
-	read_lnk_files_pattern($1, bin_t, exec_type)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to execute all executables.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corecmd_dontaudit_exec_all_executables',`
-	gen_require(`
-		attribute exec_type;
-	')
-
-	dontaudit $1 exec_type:file { execute execute_no_trans };
-')
-
-########################################
-## <summary>
-##	Create, read, write, and all executable files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`corecmd_manage_all_executables',`
-	gen_require(`
-		attribute exec_type;
-		type bin_t;
-	')
-
-	manage_dirs_pattern($1, bin_t, exec_type)
-	manage_files_pattern($1, bin_t, exec_type)
-	manage_lnk_files_pattern($1, bin_t, bin_t)
-')
-
-########################################
-## <summary>
-##	Relabel to and from the bin type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`corecmd_relabel_all_executables',`
-	gen_require(`
-		attribute exec_type;
-		type bin_t;
-	')
-
-	relabel_files_pattern($1, bin_t, exec_type)
-')
-
-########################################
-## <summary>
-##	Mmap all executables as executable.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corecmd_mmap_all_executables',`
-	gen_require(`
-		attribute exec_type;
-		type bin_t;
-	')
-
-	mmap_files_pattern($1, bin_t, exec_type)
-')
diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te
deleted file mode 100644
index e1963dd..0000000
--- a/policy/modules/kernel/corecommands.te
+++ /dev/null
@@ -1,27 +0,0 @@
-policy_module(corecommands, 1.13.2)
-
-########################################
-#
-# Declarations
-#
-
-#
-# Types with the exec_type attribute are executable files.
-#
-attribute exec_type;
-
-#
-# bin_t is the type of files in the system bin/sbin directories.
-#
-type bin_t alias { ls_exec_t sbin_t };
-corecmd_executable_file(bin_t)
-dev_associate(bin_t)	#For /dev/MAKEDEV
-
-#
-# shell_exec_t is the type of user shells such as /bin/bash.
-#
-type shell_exec_t;
-corecmd_executable_file(shell_exec_t)
-
-type chroot_exec_t;
-corecmd_executable_file(chroot_exec_t)
diff --git a/policy/modules/kernel/corenetwork.fc b/policy/modules/kernel/corenetwork.fc
deleted file mode 100644
index 953e0e8..0000000
--- a/policy/modules/kernel/corenetwork.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-
-/dev/ippp.*	-c	gen_context(system_u:object_r:ppp_device_t,s0)
-/dev/ppp	-c	gen_context(system_u:object_r:ppp_device_t,s0)
-/dev/pppox.*	-c	gen_context(system_u:object_r:ppp_device_t,s0)
-/dev/tap.*	-c	gen_context(system_u:object_r:tun_tap_device_t,s0)
-
-/dev/net/.*	-c	gen_context(system_u:object_r:tun_tap_device_t,s0)
-
-/lib/udev/devices/ppp	-c	gen_context(system_u:object_r:ppp_device_t,s0)
-/lib/udev/devices/net/.* -c	gen_context(system_u:object_r:tun_tap_device_t,s0)
diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in
deleted file mode 100644
index b06df19..0000000
--- a/policy/modules/kernel/corenetwork.if.in
+++ /dev/null
@@ -1,3044 +0,0 @@
-## <summary>Policy controlling access to network objects</summary>
-## <required val="true">
-##	Contains the initial SIDs for network objects.
-## </required>
-
-########################################
-## <summary>
-##	Define type to be a network port type
-## </summary>
-## <desc>
-##	<p>
-##	Define type to be a network port type
-##	</p>
-##	<p>
-##	This is for supporting third party modules and its
-##	use is not allowed in upstream reference policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Type to be used for network ports.
-##	</summary>
-## </param>
-#
-interface(`corenet_port',`
-	gen_require(`
-		attribute port_type;
-	')
-
-	typeattribute $1 port_type;
-')
-
-########################################
-## <summary>
-##	Define network type to be a reserved port (lt 1024)
-## </summary>
-## <desc>
-##	<p>
-##	Define network type to be a reserved port (lt 1024)
-##	</p>
-##	<p>
-##	This is for supporting third party modules and its
-##	use is not allowed in upstream reference policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Type to be used for network ports.
-##	</summary>
-## </param>
-#
-interface(`corenet_reserved_port',`
-	gen_require(`
-		attribute reserved_port_type;
-	')
-
-	typeattribute $1 reserved_port_type;
-')
-
-########################################
-## <summary>
-##	Define network type to be a rpc port ( 512 lt PORT lt 1024)
-## </summary>
-## <desc>
-##	<p>
-##	Define network type to be a rpc port ( 512 lt PORT lt 1024)
-##	</p>
-##	<p>
-##	This is for supporting third party modules and its
-##	use is not allowed in upstream reference policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Type to be used for network ports.
-##	</summary>
-## </param>
-#
-interface(`corenet_rpc_port',`
-	gen_require(`
-		attribute rpc_port_type;
-	')
-
-	typeattribute $1 rpc_port_type;
-')
-
-########################################
-## <summary>
-##	Define type to be a network client packet type
-## </summary>
-## <desc>
-##	<p>
-##	Define type to be a network client packet type
-##	</p>
-##	<p>
-##	This is for supporting third party modules and its
-##	use is not allowed in upstream reference policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Type to be used for a network client packet.
-##	</summary>
-## </param>
-#
-interface(`corenet_client_packet',`
-	gen_require(`
-		attribute packet_type, client_packet_type;
-	')
-
-	typeattribute $1 client_packet_type, packet_type;
-')
-
-########################################
-## <summary>
-##	Define type to be a network server packet type
-## </summary>
-## <desc>
-##	<p>
-##	Define type to be a network server packet type
-##	</p>
-##	<p>
-##	This is for supporting third party modules and its
-##	use is not allowed in upstream reference policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Type to be used for a network server packet.
-##	</summary>
-## </param>
-#
-interface(`corenet_server_packet',`
-	gen_require(`
-		attribute packet_type, server_packet_type;
-	')
-
-	typeattribute $1 server_packet_type, packet_type;
-')
-
-########################################
-## <summary>
-##	Send and receive TCP network traffic on generic interfaces.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to send and receive TCP network
-##	traffic on generic network interfaces.
-##	</p>
-##	<p>
-##	Related interface:
-##	</p>
-##	<ul>
-##		<li>corenet_all_recvfrom_unlabeled()</li>
-##		<li>corenet_tcp_sendrecv_generic_node()</li>
-##		<li>corenet_tcp_sendrecv_all_ports()</li>
-##		<li>corenet_tcp_connect_all_ports()</li>
-##	</ul>
-##	<p>
-##	Example client being able to connect to all ports over
-##	generic nodes, without labeled networking:
-##	</p>
-##	<p>
-##	allow myclient_t self:tcp_socket create_stream_socket_perms;
-##	corenet_tcp_sendrecv_generic_if(myclient_t)
-##	corenet_tcp_sendrecv_generic_node(myclient_t)
-##	corenet_tcp_sendrecv_all_ports(myclient_t)
-##	corenet_tcp_connect_all_ports(myclient_t)
-##	corenet_all_recvfrom_unlabeled(myclient_t)
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_tcp_sendrecv_generic_if',`
-	gen_require(`
-		type netif_t;
-	')
-
-	allow $1 netif_t:netif { tcp_send tcp_recv egress ingress };
-')
-
-########################################
-## <summary>
-##	Send UDP network traffic on generic interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_send_generic_if',`
-	gen_require(`
-		type netif_t;
-	')
-
-	allow $1 netif_t:netif { udp_send egress };
-')
-
-########################################
-## <summary>
-##	Dontaudit attempts to send UDP network traffic
-##	on generic interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_udp_send_generic_if',`
-	gen_require(`
-		type netif_t;
-	')
-
-	dontaudit $1 netif_t:netif { udp_send egress };
-')
-
-########################################
-## <summary>
-##	Receive UDP network traffic on generic interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_receive_generic_if',`
-	gen_require(`
-		type netif_t;
-	')
-
-	allow $1 netif_t:netif { udp_recv ingress };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive UDP network
-##	traffic on generic interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_udp_receive_generic_if',`
-	gen_require(`
-		type netif_t;
-	')
-
-	dontaudit $1 netif_t:netif { udp_recv ingress };
-')
-
-########################################
-## <summary>
-##	Send and receive UDP network traffic on generic interfaces.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to send and receive UDP network
-##	traffic on generic network interfaces.
-##	</p>
-##	<p>
-##	Related interface:
-##	</p>
-##	<ul>
-##		<li>corenet_all_recvfrom_unlabeled()</li>
-##		<li>corenet_udp_sendrecv_generic_node()</li>
-##		<li>corenet_udp_sendrecv_all_ports()</li>
-##	</ul>
-##	<p>
-##	Example client being able to send to all ports over
-##	generic nodes, without labeled networking:
-##	</p>
-##	<p>
-##	allow myclient_t self:udp_socket create_socket_perms;
-##	corenet_udp_sendrecv_generic_if(myclient_t)
-##	corenet_udp_sendrecv_generic_node(myclient_t)
-##	corenet_udp_sendrecv_all_ports(myclient_t)
-##	corenet_all_recvfrom_unlabeled(myclient_t)
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_udp_sendrecv_generic_if',`
-	corenet_udp_send_generic_if($1)
-	corenet_udp_receive_generic_if($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to send and receive UDP network
-##	traffic on generic interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_udp_sendrecv_generic_if',`
-	corenet_dontaudit_udp_send_generic_if($1)
-	corenet_dontaudit_udp_receive_generic_if($1)
-')
-
-########################################
-## <summary>
-##	Send raw IP packets on generic interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_raw_send_generic_if',`
-	gen_require(`
-		type netif_t;
-	')
-
-	allow $1 netif_t:netif { rawip_send egress };
-')
-
-########################################
-## <summary>
-##	Receive raw IP packets on generic interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_raw_receive_generic_if',`
-	gen_require(`
-		type netif_t;
-	')
-
-	allow $1 netif_t:netif { rawip_recv ingress };
-')
-
-########################################
-## <summary>
-##	Send and receive raw IP packets on generic interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_raw_sendrecv_generic_if',`
-	corenet_raw_send_generic_if($1)
-	corenet_raw_receive_generic_if($1)
-')
-
-########################################
-## <summary>
-##	Allow outgoing network traffic on the generic interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The peer label of the outgoing network traffic.
-##	</summary>
-## </param>
-## <infoflow type="write" weight="10"/>
-#
-interface(`corenet_out_generic_if',`
-	gen_require(`
-		type netif_t;
-	')
-
-	allow $1 netif_t:netif egress;
-')
-
-########################################
-## <summary>
-##	Allow incoming traffic on the generic interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The peer label of the incoming network traffic.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`corenet_in_generic_if',`
-	gen_require(`
-		type netif_t;
-	')
-
-	allow $1 netif_t:netif ingress;
-')
-
-########################################
-## <summary>
-##	Allow incoming and outgoing network traffic on the generic interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The peer label of the network traffic.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_inout_generic_if',`
-	corenet_in_generic_if($1)
-	corenet_out_generic_if($1)
-')
-
-########################################
-## <summary>
-##	Send and receive TCP network traffic on all interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_sendrecv_all_if',`
-	gen_require(`
-		attribute netif_type;
-	')
-
-	allow $1 netif_type:netif { tcp_send tcp_recv egress ingress };
-')
-
-########################################
-## <summary>
-##	Send UDP network traffic on all interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_send_all_if',`
-	gen_require(`
-		attribute netif_type;
-	')
-
-	allow $1 netif_type:netif { udp_send egress };
-')
-
-########################################
-## <summary>
-##	Receive UDP network traffic on all interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_receive_all_if',`
-	gen_require(`
-		attribute netif_type;
-	')
-
-	allow $1 netif_type:netif { udp_recv ingress };
-')
-
-########################################
-## <summary>
-##	Send and receive UDP network traffic on all interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_sendrecv_all_if',`
-	corenet_udp_send_all_if($1)
-	corenet_udp_receive_all_if($1)
-')
-
-########################################
-## <summary>
-##	Send raw IP packets on all interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_raw_send_all_if',`
-	gen_require(`
-		attribute netif_type;
-	')
-
-	allow $1 netif_type:netif { rawip_send egress };
-')
-
-########################################
-## <summary>
-##	Receive raw IP packets on all interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_raw_receive_all_if',`
-	gen_require(`
-		attribute netif_type;
-	')
-
-	allow $1 netif_type:netif { rawip_recv ingress };
-')
-
-########################################
-## <summary>
-##	Send and receive raw IP packets on all interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_raw_sendrecv_all_if',`
-	corenet_raw_send_all_if($1)
-	corenet_raw_receive_all_if($1)
-')
-
-########################################
-## <summary>
-##	Send and receive TCP network traffic on generic nodes.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to send and receive TCP network
-##	traffic to/from generic network nodes (hostnames/networks).
-##	</p>
-##	<p>
-##	Related interface:
-##	</p>
-##	<ul>
-##		<li>corenet_all_recvfrom_unlabeled()</li>
-##		<li>corenet_tcp_sendrecv_generic_if()</li>
-##		<li>corenet_tcp_sendrecv_all_ports()</li>
-##		<li>corenet_tcp_connect_all_ports()</li>
-##	</ul>
-##	<p>
-##	Example client being able to connect to all ports over
-##	generic nodes, without labeled networking:
-##	</p>
-##	<p>
-##	allow myclient_t self:tcp_socket create_stream_socket_perms;
-##	corenet_tcp_sendrecv_generic_if(myclient_t)
-##	corenet_tcp_sendrecv_generic_node(myclient_t)
-##	corenet_tcp_sendrecv_all_ports(myclient_t)
-##	corenet_tcp_connect_all_ports(myclient_t)
-##	corenet_all_recvfrom_unlabeled(myclient_t)
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_tcp_sendrecv_generic_node',`
-	gen_require(`
-		type node_t;
-	')
-
-	allow $1 node_t:node { tcp_send tcp_recv sendto recvfrom };
-')
-
-########################################
-## <summary>
-##	Send UDP network traffic on generic nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_send_generic_node',`
-	gen_require(`
-		type node_t;
-	')
-
-	allow $1 node_t:node { udp_send sendto };
-')
-
-########################################
-## <summary>
-##	Receive UDP network traffic on generic nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_receive_generic_node',`
-	gen_require(`
-		type node_t;
-	')
-
-	allow $1 node_t:node { udp_recv recvfrom };
-')
-
-########################################
-## <summary>
-##	Send and receive UDP network traffic on generic nodes.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to send and receive UDP network
-##	traffic to/from generic network nodes (hostnames/networks).
-##	</p>
-##	<p>
-##	Related interface:
-##	</p>
-##	<ul>
-##		<li>corenet_all_recvfrom_unlabeled()</li>
-##		<li>corenet_udp_sendrecv_generic_if()</li>
-##		<li>corenet_udp_sendrecv_all_ports()</li>
-##	</ul>
-##	<p>
-##	Example client being able to send to all ports over
-##	generic nodes, without labeled networking:
-##	</p>
-##	<p>
-##	allow myclient_t self:udp_socket create_socket_perms;
-##	corenet_udp_sendrecv_generic_if(myclient_t)
-##	corenet_udp_sendrecv_generic_node(myclient_t)
-##	corenet_udp_sendrecv_all_ports(myclient_t)
-##	corenet_all_recvfrom_unlabeled(myclient_t)
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_udp_sendrecv_generic_node',`
-	corenet_udp_send_generic_node($1)
-	corenet_udp_receive_generic_node($1)
-')
-
-########################################
-## <summary>
-##	Send raw IP packets on generic nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_raw_send_generic_node',`
-	gen_require(`
-		type node_t;
-	')
-
-	allow $1 node_t:node { rawip_send sendto };
-')
-
-########################################
-## <summary>
-##	Receive raw IP packets on generic nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_raw_receive_generic_node',`
-	gen_require(`
-		type node_t;
-	')
-
-	allow $1 node_t:node { rawip_recv recvfrom };
-')
-
-########################################
-## <summary>
-##	Send and receive raw IP packets on generic nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_raw_sendrecv_generic_node',`
-	corenet_raw_send_generic_node($1)
-	corenet_raw_receive_generic_node($1)
-')
-
-########################################
-## <summary>
-##	Bind TCP sockets to generic nodes.
-## </summary>
-## <desc>
-##	<p>
-##	Bind TCP sockets to generic nodes.  This is
-##	necessary for binding a socket so it
-##	can be used for servers to listen
-##	for incoming connections.
-##	</p>
-##	<p>
-##	Related interface:
-##	</p>
-##	<ul>
-##		<li>corenet_udp_bind_generic_node()</li>
-##	</ul>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="1"/>
-#
-interface(`corenet_tcp_bind_generic_node',`
-	gen_require(`
-		type node_t;
-	')
-
-	allow $1 node_t:tcp_socket node_bind;
-')
-
-########################################
-## <summary>
-##	Bind UDP sockets to generic nodes.
-## </summary>
-## <desc>
-##	<p>
-##	Bind UDP sockets to generic nodes.  This is
-##	necessary for binding a socket so it
-##	can be used for servers to listen
-##	for incoming connections.
-##	</p>
-##	<p>
-##	Related interface:
-##	</p>
-##	<ul>
-##		<li>corenet_tcp_bind_generic_node()</li>
-##	</ul>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="1"/>
-#
-interface(`corenet_udp_bind_generic_node',`
-	gen_require(`
-		type node_t;
-	')
-
-	allow $1 node_t:udp_socket node_bind;
-')
-
-########################################
-## <summary>
-##	Bind raw sockets to genric nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-# rawip_socket node_bind does not make much sense.
-# cjp: vmware hits this too
-interface(`corenet_raw_bind_generic_node',`
-	gen_require(`
-		type node_t;
-	')
-
-	allow $1 node_t:rawip_socket node_bind;
-')
-
-########################################
-## <summary>
-##	Allow outgoing network traffic to generic nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The peer label of the outgoing network traffic.
-##	</summary>
-## </param>
-## <infoflow type="write" weight="10"/>
-#
-interface(`corenet_out_generic_node',`
-	gen_require(`
-		type node_t;
-	')
-
-	allow $1 node_t:node sendto;
-')
-
-########################################
-## <summary>
-##	Allow incoming network traffic from generic nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The peer label of the incoming network traffic.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`corenet_in_generic_node',`
-	gen_require(`
-		type node_t;
-	')
-
-	allow $1 node_t:node recvfrom;
-')
-
-########################################
-## <summary>
-##	Allow incoming and outgoing network traffic with generic nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The peer label of the network traffic.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_inout_generic_node',`
-	corenet_in_generic_node($1)
-	corenet_out_generic_node($1)
-')
-
-########################################
-## <summary>
-##	Send and receive TCP network traffic on all nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_sendrecv_all_nodes',`
-	gen_require(`
-		attribute node_type;
-	')
-
-	allow $1 node_type:node { tcp_send tcp_recv sendto recvfrom };
-')
-
-########################################
-## <summary>
-##	Send UDP network traffic on all nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_send_all_nodes',`
-	gen_require(`
-		attribute node_type;
-	')
-
-	allow $1 node_type:node { udp_send sendto };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to send UDP network
-##	traffic on any nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_udp_send_all_nodes',`
-	gen_require(`
-		attribute node_type;
-	')
-
-	dontaudit $1 node_type:node { udp_send sendto };
-')
-
-########################################
-## <summary>
-##	Receive UDP network traffic on all nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_receive_all_nodes',`
-	gen_require(`
-		attribute node_type;
-	')
-
-	allow $1 node_type:node { udp_recv recvfrom };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive UDP
-##	network traffic on all nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_udp_receive_all_nodes',`
-	gen_require(`
-		attribute node_type;
-	')
-
-	dontaudit $1 node_type:node { udp_recv recvfrom };
-')
-
-########################################
-## <summary>
-##	Send and receive UDP network traffic on all nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_sendrecv_all_nodes',`
-	corenet_udp_send_all_nodes($1)
-	corenet_udp_receive_all_nodes($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to send and receive UDP
-##	network traffic on any nodes nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_udp_sendrecv_all_nodes',`
-	corenet_dontaudit_udp_send_all_nodes($1)
-	corenet_dontaudit_udp_receive_all_nodes($1)
-')
-
-########################################
-## <summary>
-##	Send raw IP packets on all nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_raw_send_all_nodes',`
-	gen_require(`
-		attribute node_type;
-	')
-
-	allow $1 node_type:node { rawip_send sendto };
-')
-
-########################################
-## <summary>
-##	Receive raw IP packets on all nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_raw_receive_all_nodes',`
-	gen_require(`
-		attribute node_type;
-	')
-
-	allow $1 node_type:node { rawip_recv recvfrom };
-')
-
-########################################
-## <summary>
-##	Send and receive raw IP packets on all nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_raw_sendrecv_all_nodes',`
-	corenet_raw_send_all_nodes($1)
-	corenet_raw_receive_all_nodes($1)
-')
-
-########################################
-## <summary>
-##	Bind TCP sockets to all nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_bind_all_nodes',`
-	gen_require(`
-		attribute node_type;
-	')
-
-	allow $1 node_type:tcp_socket node_bind;
-')
-
-########################################
-## <summary>
-##	Bind UDP sockets to all nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_bind_all_nodes',`
-	gen_require(`
-		attribute node_type;
-	')
-
-	allow $1 node_type:udp_socket node_bind;
-')
-
-########################################
-## <summary>
-##	Bind raw sockets to all nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-# rawip_socket node_bind does not make much sense.
-# cjp: vmware hits this too
-interface(`corenet_raw_bind_all_nodes',`
-	gen_require(`
-		attribute node_type;
-	')
-
-	allow $1 node_type:rawip_socket node_bind;
-')
-
-########################################
-## <summary>
-##	Send and receive TCP network traffic on generic ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_sendrecv_generic_port',`
-	gen_require(`
-		type port_t;
-	')
-
-	allow $1 port_t:tcp_socket { send_msg recv_msg };
-')
-
-########################################
-## <summary>
-##	Do not audit send and receive TCP network traffic on generic ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_tcp_sendrecv_generic_port',`
-	gen_require(`
-		type port_t;
-	')
-
-	dontaudit $1 port_t:tcp_socket { send_msg recv_msg };
-')
-
-########################################
-## <summary>
-##	Send UDP network traffic on generic ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_send_generic_port',`
-	gen_require(`
-		type port_t;
-	')
-
-	allow $1 port_t:udp_socket send_msg;
-')
-
-########################################
-## <summary>
-##	Receive UDP network traffic on generic ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_receive_generic_port',`
-	gen_require(`
-		type port_t;
-	')
-
-	allow $1 port_t:udp_socket recv_msg;
-')
-
-########################################
-## <summary>
-##	Send and receive UDP network traffic on generic ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_sendrecv_generic_port',`
-	corenet_udp_send_generic_port($1)
-	corenet_udp_receive_generic_port($1)
-')
-
-########################################
-## <summary>
-##	Bind TCP sockets to generic ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_bind_generic_port',`
-	gen_require(`
-		type port_t;
-		attribute port_type;
-	')
-
-	allow $1 port_t:tcp_socket name_bind;
-	dontaudit $1 { port_type -port_t }:tcp_socket name_bind;
-')
-
-########################################
-## <summary>
-##	Do not audit bind TCP sockets to generic ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_tcp_bind_generic_port',`
-	gen_require(`
-		type port_t;
-	')
-
-	dontaudit $1 port_t:tcp_socket name_bind;
-')
-
-########################################
-## <summary>
-##	Bind UDP sockets to generic ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_bind_generic_port',`
-	gen_require(`
-		type port_t;
-		attribute port_type;
-	')
-
-	allow $1 port_t:udp_socket name_bind;
-	dontaudit $1 { port_type -port_t }:udp_socket name_bind;
-')
-
-########################################
-## <summary>
-##	Connect TCP sockets to generic ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_connect_generic_port',`
-	gen_require(`
-		type port_t;
-	')
-
-	allow $1 port_t:tcp_socket name_connect;
-')
-
-########################################
-## <summary>
-##	Send and receive TCP network traffic on all ports.
-## </summary>
-## <desc>
-##	<p>
-##	Send and receive TCP network traffic on all ports.
-##	Related interfaces:
-##	</p>
-##	<ul>
-##		<li>corenet_all_recvfrom_unlabeled()</li>
-##		<li>corenet_tcp_sendrecv_generic_if()</li>
-##		<li>corenet_tcp_sendrecv_generic_node()</li>
-##		<li>corenet_tcp_connect_all_ports()</li>
-##		<li>corenet_tcp_bind_all_ports()</li>
-##	</ul>
-##	<p>
-##	Example client being able to connect to all ports over
-##	generic nodes, without labeled networking:
-##	</p>
-##	<p>
-##	allow myclient_t self:tcp_socket create_stream_socket_perms;
-##	corenet_tcp_sendrecv_generic_if(myclient_t)
-##	corenet_tcp_sendrecv_generic_node(myclient_t)
-##	corenet_tcp_sendrecv_all_ports(myclient_t)
-##	corenet_tcp_connect_all_ports(myclient_t)
-##	corenet_all_recvfrom_unlabeled(myclient_t)
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_tcp_sendrecv_all_ports',`
-	gen_require(`
-		attribute port_type;
-	')
-
-	allow $1 port_type:tcp_socket { send_msg recv_msg };
-')
-
-########################################
-## <summary>
-##	Send UDP network traffic on all ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_send_all_ports',`
-	gen_require(`
-		attribute port_type;
-	')
-
-	allow $1 port_type:udp_socket send_msg;
-')
-
-########################################
-## <summary>
-##	Receive UDP network traffic on all ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_receive_all_ports',`
-	gen_require(`
-		attribute port_type;
-	')
-
-	allow $1 port_type:udp_socket recv_msg;
-')
-
-########################################
-## <summary>
-##	Send and receive UDP network traffic on all ports.
-## </summary>
-## <desc>
-##	<p>
-##	Send and receive UDP network traffic on all ports.
-##	Related interfaces:
-##	</p>
-##	<ul>
-##		<li>corenet_all_recvfrom_unlabeled()</li>
-##		<li>corenet_udp_sendrecv_generic_if()</li>
-##		<li>corenet_udp_sendrecv_generic_node()</li>
-##		<li>corenet_udp_bind_all_ports()</li>
-##	</ul>
-##	<p>
-##	Example client being able to send to all ports over
-##	generic nodes, without labeled networking:
-##	</p>
-##	<p>
-##	allow myclient_t self:udp_socket create_socket_perms;
-##	corenet_udp_sendrecv_generic_if(myclient_t)
-##	corenet_udp_sendrecv_generic_node(myclient_t)
-##	corenet_udp_sendrecv_all_ports(myclient_t)
-##	corenet_all_recvfrom_unlabeled(myclient_t)
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_udp_sendrecv_all_ports',`
-	corenet_udp_send_all_ports($1)
-	corenet_udp_receive_all_ports($1)
-')
-
-########################################
-## <summary>
-##	Bind TCP sockets to all ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_bind_all_ports',`
-	gen_require(`
-		attribute port_type;
-	')
-
-	allow $1 port_type:tcp_socket name_bind;
-	allow $1 self:capability net_bind_service;
-')
-
-########################################
-## <summary>
-##	Do not audit attepts to bind TCP sockets to any ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_tcp_bind_all_ports',`
-	gen_require(`
-		attribute port_type;
-	')
-
-	dontaudit $1 port_type:tcp_socket name_bind;
-')
-
-########################################
-## <summary>
-##	Bind UDP sockets to all ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_bind_all_ports',`
-	gen_require(`
-		attribute port_type;
-	')
-
-	allow $1 port_type:udp_socket name_bind;
-	allow $1 self:capability net_bind_service;
-')
-
-########################################
-## <summary>
-##	Do not audit attepts to bind UDP sockets to any ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_udp_bind_all_ports',`
-	gen_require(`
-		attribute port_type;
-	')
-
-	dontaudit $1 port_type:udp_socket name_bind;
-')
-
-########################################
-## <summary>
-##	Connect TCP sockets to all ports.
-## </summary>
-## <desc>
-##	<p>
-##	Connect TCP sockets to all ports
-##	</p>
-##	<p>
-##	Related interfaces:
-##	</p>
-##	<ul>
-##		<li>corenet_all_recvfrom_unlabeled()</li>
-##		<li>corenet_tcp_sendrecv_generic_if()</li>
-##		<li>corenet_tcp_sendrecv_generic_node()</li>
-##		<li>corenet_tcp_sendrecv_all_ports()</li>
-##		<li>corenet_tcp_bind_all_ports()</li>
-##	</ul>
-##	<p>
-##	Example client being able to connect to all ports over
-##	generic nodes, without labeled networking:
-##	</p>
-##	<p>
-##	allow myclient_t self:tcp_socket create_stream_socket_perms;
-##	corenet_tcp_sendrecv_generic_if(myclient_t)
-##	corenet_tcp_sendrecv_generic_node(myclient_t)
-##	corenet_tcp_sendrecv_all_ports(myclient_t)
-##	corenet_tcp_connect_all_ports(myclient_t)
-##	corenet_all_recvfrom_unlabeled(myclient_t)
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="write" weight="1"/>
-#
-interface(`corenet_tcp_connect_all_ports',`
-	gen_require(`
-		attribute port_type;
-	')
-
-	allow $1 port_type:tcp_socket name_connect;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to connect TCP sockets
-##	to all ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_tcp_connect_all_ports',`
-	gen_require(`
-		attribute port_type;
-	')
-
-	dontaudit $1 port_type:tcp_socket name_connect;
-')
-
-########################################
-## <summary>
-##	Send and receive TCP network traffic on generic reserved ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_sendrecv_reserved_port',`
-	gen_require(`
-		type reserved_port_t;
-	')
-
-	allow $1 reserved_port_t:tcp_socket { send_msg recv_msg };
-')
-
-########################################
-## <summary>
-##	Send UDP network traffic on generic reserved ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_send_reserved_port',`
-	gen_require(`
-		type reserved_port_t;
-	')
-
-	allow $1 reserved_port_t:udp_socket send_msg;
-')
-
-########################################
-## <summary>
-##	Receive UDP network traffic on generic reserved ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_receive_reserved_port',`
-	gen_require(`
-		type reserved_port_t;
-	')
-
-	allow $1 reserved_port_t:udp_socket recv_msg;
-')
-
-########################################
-## <summary>
-##	Send and receive UDP network traffic on generic reserved ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_sendrecv_reserved_port',`
-	corenet_udp_send_reserved_port($1)
-	corenet_udp_receive_reserved_port($1)
-')
-
-########################################
-## <summary>
-##	Bind TCP sockets to generic reserved ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_bind_reserved_port',`
-	gen_require(`
-		type reserved_port_t;
-	')
-
-	allow $1 reserved_port_t:tcp_socket name_bind;
-	allow $1 self:capability net_bind_service;
-')
-
-########################################
-## <summary>
-##	Bind UDP sockets to generic reserved ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_bind_reserved_port',`
-	gen_require(`
-		type reserved_port_t;
-	')
-
-	allow $1 reserved_port_t:udp_socket name_bind;
-	allow $1 self:capability net_bind_service;
-')
-
-########################################
-## <summary>
-##	Connect TCP sockets to generic reserved ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_connect_reserved_port',`
-	gen_require(`
-		type reserved_port_t;
-	')
-
-	allow $1 reserved_port_t:tcp_socket name_connect;
-')
-
-########################################
-## <summary>
-##	Send and receive TCP network traffic on all reserved ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_sendrecv_all_reserved_ports',`
-	gen_require(`
-		attribute reserved_port_type;
-	')
-
-	allow $1 reserved_port_type:tcp_socket { send_msg recv_msg };
-')
-
-########################################
-## <summary>
-##	Send UDP network traffic on all reserved ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_send_all_reserved_ports',`
-	gen_require(`
-		attribute reserved_port_type;
-	')
-
-	allow $1 reserved_port_type:udp_socket send_msg;
-')
-
-########################################
-## <summary>
-##	Receive UDP network traffic on all reserved ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_receive_all_reserved_ports',`
-	gen_require(`
-		attribute reserved_port_type;
-	')
-
-	allow $1 reserved_port_type:udp_socket recv_msg;
-')
-
-########################################
-## <summary>
-##	Send and receive UDP network traffic on all reserved ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_sendrecv_all_reserved_ports',`
-	corenet_udp_send_all_reserved_ports($1)
-	corenet_udp_receive_all_reserved_ports($1)
-')
-
-########################################
-## <summary>
-##	Bind TCP sockets to all reserved ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_bind_all_reserved_ports',`
-	gen_require(`
-		attribute reserved_port_type;
-	')
-
-	allow $1 reserved_port_type:tcp_socket name_bind;
-	allow $1 self:capability net_bind_service;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to bind TCP sockets to all reserved ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_tcp_bind_all_reserved_ports',`
-	gen_require(`
-		attribute reserved_port_type;
-	')
-
-	dontaudit $1 reserved_port_type:tcp_socket name_bind;
-')
-
-########################################
-## <summary>
-##	Bind UDP sockets to all reserved ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_bind_all_reserved_ports',`
-	gen_require(`
-		attribute reserved_port_type;
-	')
-
-	allow $1 reserved_port_type:udp_socket name_bind;
-	allow $1 self:capability net_bind_service;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to bind UDP sockets to all reserved ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_udp_bind_all_reserved_ports',`
-	gen_require(`
-		attribute reserved_port_type;
-	')
-
-	dontaudit $1 reserved_port_type:udp_socket name_bind;
-')
-
-########################################
-## <summary>
-##	Bind TCP sockets to all ports > 1024.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_bind_all_unreserved_ports',`
-	gen_require(`
-		attribute port_type, reserved_port_type;
-	')
-
-	allow $1 { port_type -reserved_port_type }:tcp_socket name_bind;
-')
-
-########################################
-## <summary>
-##	Bind UDP sockets to all ports > 1024.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_bind_all_unreserved_ports',`
-	gen_require(`
-		attribute port_type, reserved_port_type;
-	')
-
-	allow $1 { port_type -reserved_port_type }:udp_socket name_bind;
-')
-
-########################################
-## <summary>
-##	Connect TCP sockets to reserved ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_connect_all_reserved_ports',`
-	gen_require(`
-		attribute reserved_port_type;
-	')
-
-	allow $1 reserved_port_type:tcp_socket name_connect;
-')
-
-########################################
-## <summary>
-##	Connect TCP sockets to all ports > 1024.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_connect_all_unreserved_ports',`
-	gen_require(`
-		attribute port_type, reserved_port_type;
-	')
-
-	allow $1 { port_type -reserved_port_type }:tcp_socket name_connect;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to connect TCP sockets
-##	all reserved ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_tcp_connect_all_reserved_ports',`
-	gen_require(`
-		attribute reserved_port_type;
-	')
-
-	dontaudit $1 reserved_port_type:tcp_socket name_connect;
-')
-
-########################################
-## <summary>
-##	Connect TCP sockets to rpc ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_connect_all_rpc_ports',`
-	gen_require(`
-		attribute rpc_port_type;
-	')
-
-	allow $1 rpc_port_type:tcp_socket name_connect;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to connect TCP sockets
-##	all rpc ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_tcp_connect_all_rpc_ports',`
-	gen_require(`
-		attribute rpc_port_type;
-	')
-
-	dontaudit $1 rpc_port_type:tcp_socket name_connect;
-')
-
-########################################
-## <summary>
-##	Read and write the TUN/TAP virtual network device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_rw_tun_tap_dev',`
-	gen_require(`
-		type tun_tap_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 tun_tap_device_t:chr_file rw_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write the TUN/TAP
-##	virtual network device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_rw_tun_tap_dev',`
-	gen_require(`
-		type tun_tap_device_t;
-	')
-
-	dontaudit $1 tun_tap_device_t:chr_file { read write };
-')
-
-########################################
-## <summary>
-##	Getattr the point-to-point device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_getattr_ppp_dev',`
-	gen_require(`
-		type ppp_device_t;
-	')
-
-	allow $1 ppp_device_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Read and write the point-to-point device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_rw_ppp_dev',`
-	gen_require(`
-		type ppp_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 ppp_device_t:chr_file rw_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Bind TCP sockets to all RPC ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_bind_all_rpc_ports',`
-	gen_require(`
-		attribute rpc_port_type;
-	')
-
-	allow $1 rpc_port_type:tcp_socket name_bind;
-	allow $1 self:capability net_bind_service;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to bind TCP sockets to all RPC ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_tcp_bind_all_rpc_ports',`
-	gen_require(`
-		attribute rpc_port_type;
-	')
-
-	dontaudit $1 rpc_port_type:tcp_socket name_bind;
-')
-
-########################################
-## <summary>
-##	Bind UDP sockets to all RPC ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_bind_all_rpc_ports',`
-	gen_require(`
-		attribute rpc_port_type;
-	')
-
-	allow $1 rpc_port_type:udp_socket name_bind;
-	allow $1 self:capability net_bind_service;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to bind UDP sockets to all RPC ports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_udp_bind_all_rpc_ports',`
-	gen_require(`
-		attribute rpc_port_type;
-	')
-
-	dontaudit $1 rpc_port_type:udp_socket name_bind;
-')
-
-########################################
-## <summary>
-##	Send and receive messages on a
-##	non-encrypted (no IPSEC) network
-##	session.
-## </summary>
-## <desc>
-##	<p>
-##	Send and receive messages on a
-##	non-encrypted (no IPSEC) network
-##	session.  (Deprecated)
-##	</p>
-##	<p>
-##	The corenet_all_recvfrom_unlabeled() interface should be used instead
-##	of this one.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_non_ipsec_sendrecv',`
-	refpolicywarn(`$0($*) has been deprecated, use corenet_all_recvfrom_unlabeled() instead.')
-	corenet_all_recvfrom_unlabeled($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to send and receive
-##	messages on a non-encrypted (no IPSEC) network
-##	session.
-## </summary>
-## <desc>
-##	<p>
-##	Do not audit attempts to send and receive
-##	messages on a non-encrypted (no IPSEC) network
-##	session.
-##	</p>
-##	<p>
-##	The corenet_dontaudit_all_recvfrom_unlabeled() interface should be
-##	used instead of this one.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_non_ipsec_sendrecv',`
-	refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_all_recvfrom_unlabeled() instead.')
-	corenet_dontaudit_all_recvfrom_unlabeled($1)
-')
-
-########################################
-## <summary>
-##	Receive TCP packets from a NetLabel connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_recv_netlabel',`
-	refpolicywarn(`$0($*) has been deprecated, use corenet_tcp_recvfrom_netlabel() instead.')
-	corenet_tcp_recvfrom_netlabel($1)
-')
-
-########################################
-## <summary>
-##	Receive TCP packets from a NetLabel connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_recvfrom_netlabel',`
-	gen_require(`
-		type netlabel_peer_t;
-	')
-
-	allow $1 netlabel_peer_t:peer recv;
-	allow $1 netlabel_peer_t:tcp_socket recvfrom;
-')
-
-########################################
-## <summary>
-##	Receive TCP packets from an unlabled connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_recvfrom_unlabeled',`
-	kernel_tcp_recvfrom_unlabeled($1)
-	kernel_recvfrom_unlabeled_peer($1)
-
-	# XXX - at some point the oubound/send access check will be removed
-	# but for right now we need to keep this in place so as not to break
-	# older systems
-	kernel_sendrecv_unlabeled_association($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive TCP packets from a NetLabel
-##	connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_tcp_recv_netlabel',`
-	refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_tcp_recvfrom_netlabel() instead.')
-	corenet_dontaudit_tcp_recvfrom_netlabel($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive TCP packets from a NetLabel
-##	connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_tcp_recvfrom_netlabel',`
-	gen_require(`
-		type netlabel_peer_t;
-	')
-
-	dontaudit $1 netlabel_peer_t:peer recv;
-	dontaudit $1 netlabel_peer_t:tcp_socket recvfrom;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive TCP packets from an unlabeled
-##	connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_tcp_recvfrom_unlabeled',`
-	kernel_dontaudit_tcp_recvfrom_unlabeled($1)
-	kernel_dontaudit_recvfrom_unlabeled_peer($1)
-
-	# XXX - at some point the oubound/send access check will be removed
-	# but for right now we need to keep this in place so as not to break
-	# older systems
-	kernel_dontaudit_sendrecv_unlabeled_association($1)
-')
-
-########################################
-## <summary>
-##	Receive UDP packets from a NetLabel connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_recv_netlabel',`
-	refpolicywarn(`$0($*) has been deprecated, use corenet_udp_recvfrom_netlabel() instead.')
-	corenet_udp_recvfrom_netlabel($1)
-')
-
-########################################
-## <summary>
-##	Receive UDP packets from a NetLabel connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_recvfrom_netlabel',`
-	gen_require(`
-		type netlabel_peer_t;
-	')
-
-	allow $1 netlabel_peer_t:peer recv;
-	allow $1 netlabel_peer_t:udp_socket recvfrom;
-')
-
-########################################
-## <summary>
-##	Receive UDP packets from an unlabeled connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_recvfrom_unlabeled',`
-	kernel_udp_recvfrom_unlabeled($1)
-	kernel_recvfrom_unlabeled_peer($1)
-
-	# XXX - at some point the oubound/send access check will be removed
-	# but for right now we need to keep this in place so as not to break
-	# older systems
-	kernel_sendrecv_unlabeled_association($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive UDP packets from a NetLabel
-##	connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_udp_recv_netlabel',`
-	refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_udp_recvfrom_netlabel($1) instead.')
-	corenet_dontaudit_udp_recvfrom_netlabel($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive UDP packets from a NetLabel
-##	connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_udp_recvfrom_netlabel',`
-	gen_require(`
-		type netlabel_peer_t;
-	')
-
-	dontaudit $1 netlabel_peer_t:peer recv;
-	dontaudit $1 netlabel_peer_t:udp_socket recvfrom;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive UDP packets from an unlabeled
-##	connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_udp_recvfrom_unlabeled',`
-	kernel_dontaudit_udp_recvfrom_unlabeled($1)
-	kernel_dontaudit_recvfrom_unlabeled_peer($1)
-
-	# XXX - at some point the oubound/send access check will be removed
-	# but for right now we need to keep this in place so as not to break
-	# older systems
-	kernel_dontaudit_sendrecv_unlabeled_association($1)
-')
-
-########################################
-## <summary>
-##	Receive Raw IP packets from a NetLabel connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_raw_recv_netlabel',`
-	refpolicywarn(`$0($*) has been deprecated, use corenet_raw_recvfrom_netlabel() instead.')
-	corenet_raw_recvfrom_netlabel($1)
-')
-
-########################################
-## <summary>
-##	Receive Raw IP packets from a NetLabel connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_raw_recvfrom_netlabel',`
-	gen_require(`
-		type netlabel_peer_t;
-	')
-
-	allow $1 netlabel_peer_t:peer recv;
-	allow $1 netlabel_peer_t:rawip_socket recvfrom;
-')
-
-########################################
-## <summary>
-##	Receive Raw IP packets from an unlabeled connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_raw_recvfrom_unlabeled',`
-	kernel_raw_recvfrom_unlabeled($1)
-	kernel_recvfrom_unlabeled_peer($1)
-
-	# XXX - at some point the oubound/send access check will be removed
-	# but for right now we need to keep this in place so as not to break
-	# older systems
-	kernel_sendrecv_unlabeled_association($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive Raw IP packets from a NetLabel
-##	connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_raw_recv_netlabel',`
-	refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_raw_recvfrom_netlabel() instead.')
-	corenet_dontaudit_raw_recvfrom_netlabel($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive Raw IP packets from a NetLabel
-##	connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_raw_recvfrom_netlabel',`
-	gen_require(`
-		type netlabel_peer_t;
-	')
-
-	dontaudit $1 netlabel_peer_t:peer recv;
-	dontaudit $1 netlabel_peer_t:rawip_socket recvfrom;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive Raw IP packets from an unlabeled
-##	connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_raw_recvfrom_unlabeled',`
-	kernel_dontaudit_raw_recvfrom_unlabeled($1)
-	kernel_dontaudit_recvfrom_unlabeled_peer($1)
-
-	# XXX - at some point the oubound/send access check will be removed
-	# but for right now we need to keep this in place so as not to break
-	# older systems
-	kernel_dontaudit_sendrecv_unlabeled_association($1)
-')
-
-########################################
-## <summary>
-##	Receive packets from an unlabeled connection.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to receive packets from an
-##	unlabeled connection.  On machines that do not utilize
-##	labeled networking, this will be required on all
-##	networking domains.  On machines tha do utilize
-##	labeled networking, this will be required for any
-##	networking domain that is allowed to receive
-##	network traffic that does not have a label.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`corenet_all_recvfrom_unlabeled',`
-	kernel_tcp_recvfrom_unlabeled($1)
-	kernel_udp_recvfrom_unlabeled($1)
-	kernel_raw_recvfrom_unlabeled($1)
-	kernel_recvfrom_unlabeled_peer($1)
-
-	# XXX - at some point the oubound/send access check will be removed
-	# but for right now we need to keep this in place so as not to break
-	# older systems
-	kernel_sendrecv_unlabeled_association($1)
-')
-
-########################################
-## <summary>
-##	Receive packets from a NetLabel connection.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to receive NetLabel
-##	network traffic, which utilizes the Commercial IP
-##	Security Option (CIPSO) to set the MLS level
-##	of the network packets.  This is required for
-##	all networking domains that receive NetLabel
-##	network traffic.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`corenet_all_recvfrom_netlabel',`
-	gen_require(`
-		type netlabel_peer_t;
-	')
-
-	allow $1 netlabel_peer_t:peer recv;
-	allow $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive packets from an unlabeled connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_all_recvfrom_unlabeled',`
-	kernel_dontaudit_tcp_recvfrom_unlabeled($1)
-	kernel_dontaudit_udp_recvfrom_unlabeled($1)
-	kernel_dontaudit_raw_recvfrom_unlabeled($1)
-	kernel_dontaudit_recvfrom_unlabeled_peer($1)
-
-	# XXX - at some point the oubound/send access check will be removed
-	# but for right now we need to keep this in place so as not to break
-	# older systems
-	kernel_dontaudit_sendrecv_unlabeled_association($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive packets from a NetLabel
-##	connection.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`corenet_dontaudit_all_recvfrom_netlabel',`
-	gen_require(`
-		type netlabel_peer_t;
-	')
-
-	dontaudit $1 netlabel_peer_t:peer recv;
-	dontaudit $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
-')
-
-########################################
-## <summary>
-##	Rules for receiving labeled TCP packets.
-## </summary>
-## <desc>
-##	<p>
-##	Rules for receiving labeled TCP packets.
-##	</p>
-##	<p>
-##	Due to the nature of TCP, this is bidirectional.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="peer_domain">
-##	<summary>
-##	Peer domain.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_recvfrom_labeled',`
-	allow { $1 $2 } self:association sendto;
-	allow $1 $2:{ association tcp_socket } recvfrom;
-	allow $2 $1:{ association tcp_socket } recvfrom;
-
-	allow $1 $2:peer recv;
-	allow $2 $1:peer recv;
-
-	# allow receiving packets from MLS-only peers using NetLabel
-	corenet_tcp_recvfrom_netlabel($1)
-	corenet_tcp_recvfrom_netlabel($2)
-')
-
-########################################
-## <summary>
-##	Rules for receiving labeled UDP packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="peer_domain">
-##	<summary>
-##	Peer domain.
-##	</summary>
-## </param>
-#
-interface(`corenet_udp_recvfrom_labeled',`
-	allow $2 self:association sendto;
-	allow $1 $2:{ association udp_socket } recvfrom;
-
-	allow $1 $2:peer recv;
-
-	# allow receiving packets from MLS-only peers using NetLabel
-	corenet_udp_recvfrom_netlabel($1)
-')
-
-########################################
-## <summary>
-##	Rules for receiving labeled raw IP packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="peer_domain">
-##	<summary>
-##	Peer domain.
-##	</summary>
-## </param>
-#
-interface(`corenet_raw_recvfrom_labeled',`
-	allow $2 self:association sendto;
-	allow $1 $2:{ association rawip_socket } recvfrom;
-
-	allow $1 $2:peer recv;
-
-	# allow receiving packets from MLS-only peers using NetLabel
-	corenet_raw_recvfrom_netlabel($1)
-')
-
-########################################
-## <summary>
-##	Rules for receiving labeled packets via TCP, UDP and raw IP.
-## </summary>
-## <desc>
-##	<p>
-##	Rules for receiving labeled packets via TCP, UDP and raw IP.
-##	</p>
-##	<p>
-##	Due to the nature of TCP, the rules (for TCP
-##	networking only) are bidirectional.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="peer_domain">
-##	<summary>
-##	Peer domain.
-##	</summary>
-## </param>
-#
-interface(`corenet_all_recvfrom_labeled',`
-	corenet_tcp_recvfrom_labeled($1,$2)
-	corenet_udp_recvfrom_labeled($1,$2)
-	corenet_raw_recvfrom_labeled($1,$2)
-')
-
-########################################
-## <summary>
-##	Send generic client packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_send_generic_client_packets',`
-	gen_require(`
-		type client_packet_t;
-	')
-
-	allow $1 client_packet_t:packet send;
-')
-
-########################################
-## <summary>
-##	Receive generic client packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_receive_generic_client_packets',`
-	gen_require(`
-		type client_packet_t;
-	')
-
-	allow $1 client_packet_t:packet recv;
-')
-
-########################################
-## <summary>
-##	Send and receive generic client packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_sendrecv_generic_client_packets',`
-	corenet_send_generic_client_packets($1)
-	corenet_receive_generic_client_packets($1)
-')
-
-########################################
-## <summary>
-##	Relabel packets to the generic client packet type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_relabelto_generic_client_packets',`
-	gen_require(`
-		type client_packet_t;
-	')
-
-	allow $1 client_packet_t:packet relabelto;
-')
-
-########################################
-## <summary>
-##	Send generic server packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_send_generic_server_packets',`
-	gen_require(`
-		type server_packet_t;
-	')
-
-	allow $1 server_packet_t:packet send;
-')
-
-########################################
-## <summary>
-##	Receive generic server packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_receive_generic_server_packets',`
-	gen_require(`
-		type server_packet_t;
-	')
-
-	allow $1 server_packet_t:packet recv;
-')
-
-########################################
-## <summary>
-##	Send and receive generic server packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_sendrecv_generic_server_packets',`
-	corenet_send_generic_server_packets($1)
-	corenet_receive_generic_server_packets($1)
-')
-
-########################################
-## <summary>
-##	Relabel packets to the generic server packet type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_relabelto_generic_server_packets',`
-	gen_require(`
-		type server_packet_t;
-	')
-
-	allow $1 server_packet_t:packet relabelto;
-')
-
-########################################
-## <summary>
-##	Send and receive unlabeled packets.
-## </summary>
-## <desc>
-##	<p>
-##	Send and receive unlabeled packets.
-##	These packets do not match any netfilter
-##	SECMARK rules.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_sendrecv_unlabeled_packets',`
-	kernel_sendrecv_unlabeled_packets($1)
-')
-
-########################################
-## <summary>
-##	Send all client packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_send_all_client_packets',`
-	gen_require(`
-		attribute client_packet_type;
-	')
-
-	allow $1 client_packet_type:packet send;
-')
-
-########################################
-## <summary>
-##	Receive all client packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_receive_all_client_packets',`
-	gen_require(`
-		attribute client_packet_type;
-	')
-
-	allow $1 client_packet_type:packet recv;
-')
-
-########################################
-## <summary>
-##	Send and receive all client packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_sendrecv_all_client_packets',`
-	corenet_send_all_client_packets($1)
-	corenet_receive_all_client_packets($1)
-')
-
-########################################
-## <summary>
-##	Relabel packets to any client packet type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_relabelto_all_client_packets',`
-	gen_require(`
-		attribute client_packet_type;
-	')
-
-	allow $1 client_packet_type:packet relabelto;
-')
-
-########################################
-## <summary>
-##	Send all server packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_send_all_server_packets',`
-	gen_require(`
-		attribute server_packet_type;
-	')
-
-	allow $1 server_packet_type:packet send;
-')
-
-########################################
-## <summary>
-##	Receive all server packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_receive_all_server_packets',`
-	gen_require(`
-		attribute server_packet_type;
-	')
-
-	allow $1 server_packet_type:packet recv;
-')
-
-########################################
-## <summary>
-##	Send and receive all server packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_sendrecv_all_server_packets',`
-	corenet_send_all_server_packets($1)
-	corenet_receive_all_server_packets($1)
-')
-
-########################################
-## <summary>
-##	Relabel packets to any server packet type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_relabelto_all_server_packets',`
-	gen_require(`
-		attribute server_packet_type;
-	')
-
-	allow $1 server_packet_type:packet relabelto;
-')
-
-########################################
-## <summary>
-##	Send all packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_send_all_packets',`
-	gen_require(`
-		attribute packet_type;
-	')
-
-	allow $1 packet_type:packet send;
-')
-
-########################################
-## <summary>
-##	Receive all packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_receive_all_packets',`
-	gen_require(`
-		attribute packet_type;
-	')
-
-	allow $1 packet_type:packet recv;
-')
-
-########################################
-## <summary>
-##	Send and receive all packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_sendrecv_all_packets',`
-	corenet_send_all_packets($1)
-	corenet_receive_all_packets($1)
-')
-
-########################################
-## <summary>
-##	Relabel packets to any packet type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_relabelto_all_packets',`
-	gen_require(`
-		attribute packet_type;
-	')
-
-	allow $1 packet_type:packet relabelto;
-')
-
-########################################
-## <summary>
-##	Unconfined access to network objects.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_unconfined',`
-	gen_require(`
-		attribute corenet_unconfined_type;
-	')
-
-	typeattribute $1 corenet_unconfined_type;
-')
diff --git a/policy/modules/kernel/corenetwork.if.m4 b/policy/modules/kernel/corenetwork.if.m4
deleted file mode 100644
index 8e0f9cd..0000000
--- a/policy/modules/kernel/corenetwork.if.m4
+++ /dev/null
@@ -1,853 +0,0 @@
-#
-# shiftn(num,list...)
-#
-# shift the list num times
-#
-define(`shiftn',`ifelse($1,0,`shift($*)',`shiftn(decr($1),shift(shift($*)))')')
-
-########################################
-#
-# Network Interface generated macros 
-#
-########################################
-
-define(`create_netif_interfaces',``
-########################################
-## <summary>
-##	Send and receive TCP network traffic on the $1 interface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_tcp_sendrecv_$1_if',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	allow dollarsone $1_$2:netif { tcp_send tcp_recv egress ingress };
-')
-
-########################################
-## <summary>
-##	Send UDP network traffic on the $1 interface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="write" weight="10"/>
-#
-interface(`corenet_udp_send_$1_if',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	allow dollarsone $1_$2:netif { udp_send egress };
-')
-
-########################################
-## <summary>
-##	Receive UDP network traffic on the $1 interface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`corenet_udp_receive_$1_if',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	allow dollarsone $1_$2:netif { udp_recv ingress };
-')
-
-########################################
-## <summary>
-##	Send and receive UDP network traffic on the $1 interface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_udp_sendrecv_$1_if',`
-	corenet_udp_send_$1_if(dollarsone)
-	corenet_udp_receive_$1_if(dollarsone)
-')
-
-########################################
-## <summary>
-##	Send raw IP packets on the $1 interface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="write" weight="10"/>
-#
-interface(`corenet_raw_send_$1_if',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	allow dollarsone $1_$2:netif { rawip_send egress };
-')
-
-########################################
-## <summary>
-##	Receive raw IP packets on the $1 interface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`corenet_raw_receive_$1_if',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	allow dollarsone $1_$2:netif { rawip_recv ingress };
-')
-
-########################################
-## <summary>
-##	Send and receive raw IP packets on the $1 interface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_raw_sendrecv_$1_if',`
-	corenet_raw_send_$1_if(dollarsone)
-	corenet_raw_receive_$1_if(dollarsone)
-')
-'') dnl end create_netif_interfaces
-
-# create confined network interfaces controlled by the network_enabled boolean
-# do not call this macro for loop back
-define(`create_netif_interfaces_controlled',``
-########################################
-## <summary>
-##	Send and receive TCP network traffic on the $1 interface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_tcp_sendrecv_$1_if',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	if (network_enabled) {
-		allow dollarsone $1_$2:netif { tcp_send tcp_recv egress ingress };
-	}
-')
-
-########################################
-## <summary>
-##	Send UDP network traffic on the $1 interface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="write" weight="10"/>
-#
-interface(`corenet_udp_send_$1_if',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	if (network_enabled) {
-		allow dollarsone $1_$2:netif { udp_send egress };
-	}
-')
-
-########################################
-## <summary>
-##	Receive UDP network traffic on the $1 interface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`corenet_udp_receive_$1_if',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	if (network_enabled) {
-		allow dollarsone $1_$2:netif { udp_recv ingress };
-	}
-')
-
-########################################
-## <summary>
-##	Send and receive UDP network traffic on the $1 interface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_udp_sendrecv_$1_if',`
-	corenet_udp_send_$1_if(dollarsone)
-	corenet_udp_receive_$1_if(dollarsone)
-')
-
-########################################
-## <summary>
-##	Send raw IP packets on the $1 interface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="write" weight="10"/>
-#
-interface(`corenet_raw_send_$1_if',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	if (network_enabled) {
-		allow dollarsone $1_$2:netif { rawip_send egress };
-	}
-')
-
-########################################
-## <summary>
-##	Receive raw IP packets on the $1 interface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`corenet_raw_receive_$1_if',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	if (network_enabled) {
-		allow dollarsone $1_$2:netif { rawip_recv ingress };
-	}
-')
-
-########################################
-## <summary>
-##	Send and receive raw IP packets on the $1 interface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_raw_sendrecv_$1_if',`
-	corenet_raw_send_$1_if(dollarsone)
-	corenet_raw_receive_$1_if(dollarsone)
-')
-'') dnl end create_netif_interfaces_controlled
-
-########################################
-#
-# Network node generated macros 
-#
-########################################
-
-define(`create_node_interfaces',``
-########################################
-## <summary>
-##	Send and receive TCP traffic on the $1 node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_tcp_sendrecv_$1_node',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	allow dollarsone $1_$2:node { tcp_send tcp_recv sendto recvfrom };
-')
-
-########################################
-## <summary>
-##	Send UDP traffic on the $1 node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="write" weight="10"/>
-#
-interface(`corenet_udp_send_$1_node',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	allow dollarsone $1_$2:node { udp_send sendto };
-')
-
-########################################
-## <summary>
-##	Receive UDP traffic on the $1 node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`corenet_udp_receive_$1_node',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	allow dollarsone $1_$2:node { udp_recv recvfrom };
-')
-
-########################################
-## <summary>
-##	Send and receive UDP traffic on the $1 node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_udp_sendrecv_$1_node',`
-	corenet_udp_send_$1_node(dollarsone)
-	corenet_udp_receive_$1_node(dollarsone)
-')
-
-########################################
-## <summary>
-##	Send raw IP packets on the $1 node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="write" weight="10"/>
-#
-interface(`corenet_raw_send_$1_node',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	allow dollarsone $1_$2:node { rawip_send sendto };
-')
-
-########################################
-## <summary>
-##	Receive raw IP packets on the $1 node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="write" weight="10"/>
-#
-interface(`corenet_raw_receive_$1_node',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	allow dollarsone $1_$2:node { rawip_recv recvfrom };
-')
-
-########################################
-## <summary>
-##	Send and receive raw IP packets on the $1 node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_raw_sendrecv_$1_node',`
-	corenet_raw_send_$1_node(dollarsone)
-	corenet_raw_receive_$1_node(dollarsone)
-')
-
-########################################
-## <summary>
-##	Bind TCP sockets to node $1.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`corenet_tcp_bind_$1_node',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	allow dollarsone $1_$2:tcp_socket node_bind;
-')
-
-########################################
-## <summary>
-##	Bind UDP sockets to the $1 node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`corenet_udp_bind_$1_node',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	allow dollarsone $1_$2:udp_socket node_bind;
-')
-'') dnl end create_node_interfaces
-
-########################################
-#
-# Network port generated macros 
-#
-########################################
-
-define(`create_port_interfaces',``
-########################################
-## <summary>
-##	Send and receive TCP traffic on the $1 port.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_tcp_sendrecv_$1_port',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	allow dollarsone $1_$2:tcp_socket { send_msg recv_msg };
-')
-
-########################################
-## <summary>
-##	Send UDP traffic on the $1 port.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="write" weight="10"/>
-#
-interface(`corenet_udp_send_$1_port',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	allow dollarsone $1_$2:udp_socket send_msg;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to send UDP traffic on the $1 port.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`corenet_dontaudit_udp_send_$1_port',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	dontaudit dollarsone $1_$2:udp_socket send_msg;
-')
-
-########################################
-## <summary>
-##	Receive UDP traffic on the $1 port.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`corenet_udp_receive_$1_port',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	allow dollarsone $1_$2:udp_socket recv_msg;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive UDP traffic on the $1 port.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`corenet_dontaudit_udp_receive_$1_port',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	dontaudit dollarsone $1_$2:udp_socket recv_msg;
-')
-
-########################################
-## <summary>
-##	Send and receive UDP traffic on the $1 port.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_udp_sendrecv_$1_port',`
-	corenet_udp_send_$1_port(dollarsone)
-	corenet_udp_receive_$1_port(dollarsone)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to send and receive
-##	UDP traffic on the $1 port.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`corenet_dontaudit_udp_sendrecv_$1_port',`
-	corenet_dontaudit_udp_send_$1_port(dollarsone)
-	corenet_dontaudit_udp_receive_$1_port(dollarsone)
-')
-
-########################################
-## <summary>
-##	Bind TCP sockets to the $1 port.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`corenet_tcp_bind_$1_port',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	allow dollarsone $1_$2:tcp_socket name_bind;
-	$4
-')
-
-########################################
-## <summary>
-##	Bind UDP sockets to the $1 port.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`corenet_udp_bind_$1_port',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	allow dollarsone $1_$2:udp_socket name_bind;
-	$4
-')
-
-########################################
-## <summary>
-##	Make a TCP connection to the $1 port.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_tcp_connect_$1_port',`
-	gen_require(`
-		$3 $1_$2;
-	')
-
-	allow dollarsone $1_$2:tcp_socket name_connect;
-')
-'') dnl end create_port_interfaces
-
-define(`create_packet_interfaces',``
-########################################
-## <summary>
-##	Send $1 packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="write" weight="10"/>
-#
-interface(`corenet_send_$1_packets',`
-	gen_require(`
-		type $1_packet_t;
-	')
-
-	allow dollarsone $1_packet_t:packet send;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to send $1 packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`corenet_dontaudit_send_$1_packets',`
-	gen_require(`
-		type $1_packet_t;
-	')
-
-	dontaudit dollarsone $1_packet_t:packet send;
-')
-
-########################################
-## <summary>
-##	Receive $1 packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`corenet_receive_$1_packets',`
-	gen_require(`
-		type $1_packet_t;
-	')
-
-	allow dollarsone $1_packet_t:packet recv;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive $1 packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`corenet_dontaudit_receive_$1_packets',`
-	gen_require(`
-		type $1_packet_t;
-	')
-
-	dontaudit dollarsone $1_packet_t:packet recv;
-')
-
-########################################
-## <summary>
-##	Send and receive $1 packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`corenet_sendrecv_$1_packets',`
-	corenet_send_$1_packets(dollarsone)
-	corenet_receive_$1_packets(dollarsone)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to send and receive $1 packets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`corenet_dontaudit_sendrecv_$1_packets',`
-	corenet_dontaudit_send_$1_packets(dollarsone)
-	corenet_dontaudit_receive_$1_packets(dollarsone)
-')
-
-########################################
-## <summary>
-##	Relabel packets to $1 the packet type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corenet_relabelto_$1_packets',`
-	gen_require(`
-		type $1_packet_t;
-	')
-
-	allow dollarsone $1_packet_t:packet relabelto;
-')
-'') dnl end create_port_interfaces
-
-#
-# create_netif_*_interfaces(linux_interfacename)
-#
-define(`create_netif_type_interfaces',`
-create_netif_interfaces($1,netif_t,type)
-')
-define(`create_netif_type_interfaces_controlled',`
-create_netif_interfaces_controlled($1,netif_t,type)
-')
-define(`create_netif_attrib_interfaces',`
-create_netif_interfaces($1,netif,attribute)
-')
-define(`create_netif_attrib_interfaces_controlled',`
-create_netif_interfaces_controlled($1,netif,attribute)
-')
-
-#
-# network_interface(linux_interfacename,mls_sensitivity)
-#
-define(`network_interface',`
-create_netif_type_interfaces($1)
-')
-
-define(`network_interface_controlled',`
-create_netif_type_interfaces_controlled($1)
-')
-
-#
-# create_node_*_interfaces(node_name)
-#
-define(`create_node_type_interfaces',`
-create_node_interfaces($1,node_t,type)
-')
-define(`create_node_attrib_interfaces',`
-create_node_interfaces($1,node,attribute)
-')
-
-#
-# network_node(node_name,mls_sensitivity,address,netmask)
-#
-define(`network_node',`
-create_node_type_interfaces($1)
-')
-
-# These next three macros have formatting, and should not me indented
-define(`determine_reserved_capability',`dnl
-ifelse($2,`',`',`dnl
-ifelse(eval($2 < 1024),1,``allow' dollarsone self:capability net_bind_service;',`dnl
-determine_reserved_capability(shiftn(3,$*))dnl
-')dnl end inner ifelse
-')dnl end outer ifelse
-') dnl end determine reserved capability
-
-#
-# create_port_*_interfaces(port_name, protocol,portnum,mls_sensitivity [,protocol portnum mls_sensitivity[,...]])
-# (these wrap create_port_interfaces to handle attributes and types)
-define(`create_port_type_interfaces',`create_port_interfaces($1,port_t,type,determine_reserved_capability(shift($*)))')
-define(`create_port_attrib_interfaces',`create_port_interfaces($1,port,attribute,determine_reserved_capability(shift($*)))')
-
-#
-# network_port(port_name,protocol portnum mls_sensitivity [,protocol,portnum,mls_sensitivity[,...]])
-#
-define(`network_port',`
-create_port_type_interfaces($*)
-create_packet_interfaces($1_client)
-create_packet_interfaces($1_server)
-')
-
-#
-# network_packet(packet_name)
-#
-define(`network_packet',`
-create_packet_interfaces($1_client)
-create_packet_interfaces($1_server)
-')
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
deleted file mode 100644
index f15e5ba..0000000
--- a/policy/modules/kernel/corenetwork.te.in
+++ /dev/null
@@ -1,299 +0,0 @@
-policy_module(corenetwork, 1.14.1)
-
-########################################
-#
-# Declarations
-#
-
-attribute client_packet_type;
-attribute netif_type;
-attribute node_type;
-attribute packet_type;
-attribute port_type;
-attribute reserved_port_type;
-attribute rpc_port_type;
-attribute server_packet_type;
-
-attribute corenet_unconfined_type;
-
-type ppp_device_t;
-dev_node(ppp_device_t)
-
-#
-# tun_tap_device_t is the type of /dev/net/tun/* and /dev/net/tap/*
-#
-type tun_tap_device_t;
-dev_node(tun_tap_device_t)
-mls_trusted_object(tun_tap_device_t)
-
-########################################
-#
-# Ports and packets
-#
-
-#
-# client_packet_t is the default type of IPv4 and IPv6 client packets.
-#
-type client_packet_t, packet_type, client_packet_type;
-
-#
-# The netlabel_peer_t is used by the kernel's NetLabel subsystem for network
-# connections using NetLabel which do not carry full SELinux contexts.
-#
-type netlabel_peer_t;
-sid netmsg gen_context(system_u:object_r:netlabel_peer_t,mls_systemhigh)
-
-#
-# port_t is the default type of INET port numbers.
-#
-type port_t, port_type;
-sid port gen_context(system_u:object_r:port_t,s0)
-
-#
-# reserved_port_t is the type of INET port numbers below 1024.
-#
-type reserved_port_t, port_type, reserved_port_type;
-
-#
-# hi_reserved_port_t is the type of INET port numbers between 512-1023.
-#
-type hi_reserved_port_t, port_type, reserved_port_type, rpc_port_type;
-
-#
-# server_packet_t is the default type of IPv4 and IPv6 server packets.
-#
-type server_packet_t, packet_type, server_packet_type;
-
-network_port(afs_bos, udp,7007,s0)
-network_port(afs_client, udp,7001,s0)
-network_port(afs_fs, tcp,2040,s0, udp,7000,s0, udp,7005,s0)
-network_port(afs_ka, udp,7004,s0)
-network_port(afs_pt, udp,7002,s0)
-network_port(afs_vl, udp,7003,s0)
-network_port(agentx, udp,705,s0, tcp,705,s0)
-network_port(ajaxterm, tcp,8022,s0)
-network_port(amanda, udp,10080-10082,s0, tcp,10080-10083,s0)
-network_port(amavisd_recv, tcp,10024,s0)
-network_port(amavisd_send, tcp,10025,s0)
-network_port(amqp, udp,5671-5672,s0, tcp,5671-5672,s0)
-network_port(aol, udp,5190-5193,s0, tcp,5190-5193,s0) 
-network_port(apcupsd, tcp,3551,s0, udp,3551,s0)
-network_port(apertus_ldp, tcp,539,s0, udp,539,s0)
-network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0)
-network_port(audit, tcp,60,s0)
-network_port(auth, tcp,113,s0)
-network_port(bgp, tcp,179,s0, udp,179,s0, tcp,2605,s0, udp,2605,s0)
-network_port(boinc, tcp,31416,s0)
-type biff_port_t, port_type, reserved_port_type; dnl network_port(biff) # no defined portcon in current strict
-network_port(certmaster, tcp,51235,s0)
-network_port(chronyd, udp,323,s0)
-network_port(clamd, tcp,3310,s0)
-network_port(clockspeed, udp,4041,s0)
-network_port(cluster, tcp,5149,s0, udp,5149,s0, tcp,40040,s0, tcp,50006-50008,s0, udp,50006-50008,s0)
-network_port(cobbler, tcp,25151,s0)
-network_port(commplex, tcp,5000,s0, udp,5000,s0, tcp,5001,s0, udp,5001,s0)
-network_port(comsat, udp,512,s0)
-network_port(cvs, tcp,2401,s0, udp,2401,s0)
-network_port(cyphesis, tcp,6767,s0, tcp,6769,s0, tcp,6780-6799,s0, udp,32771,s0)
-network_port(dbskkd, tcp,1178,s0)
-network_port(dcc, udp,6276,s0, udp,6277,s0)
-network_port(dccm, tcp,5679,s0, udp,5679,s0)
-network_port(dhcpc, udp,68,s0, tcp,68,s0, udp,546,s0, tcp, 546,s0)
-network_port(dhcpd, udp,67,s0, udp,547,s0, tcp, 547,s0, udp,548,s0, tcp, 548,s0, tcp,647,s0, udp,647,s0, tcp,847,s0, udp,847,s0, tcp,7911,s0)
-network_port(dict, tcp,2628,s0)
-network_port(distccd, tcp,3632,s0)
-network_port(dns, udp,53,s0, tcp,53,s0)
-network_port(epmap, tcp,135,s0, udp,135,s0)
-network_port(festival, tcp,1314,s0)
-network_port(fingerd, tcp,79,s0)
-network_port(flash, tcp,843,s0, tcp,1935,s0, udp,1935,s0)
-network_port(ftp, tcp,21,s0, tcp,990,s0, udp,990,s0)
-network_port(ftp_data, tcp,20,s0)
-network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
-network_port(giftd, tcp,1213,s0)
-network_port(git, tcp,9418,s0, udp,9418,s0)
-network_port(gopher, tcp,70,s0, udp,70,s0)
-network_port(gpsd, tcp,2947,s0)
-network_port(hddtemp, tcp,7634,s0)
-network_port(howl, tcp,5335,s0, udp,5353,s0)
-network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
-network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
-network_port(http_cache, udp,3130,s0, tcp,8080,s0, tcp,8118,s0, tcp,10001-10010,s0) # 8118 is for privoxy
-network_port(i18n_input, tcp,9010,s0)
-network_port(imaze, tcp,5323,s0, udp,5323,s0)
-network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
-network_port(innd, tcp,119,s0)
-network_port(ipmi, udp,623,s0, udp,664,s0)
-network_port(ipp, tcp,631,s0, udp,631,s0, tcp,8610-8614,s0, udp,8610-8614,s0)
-network_port(ipsecnat, tcp,4500,s0, udp,4500,s0)
-network_port(ircd, tcp,6667,s0)
-network_port(isakmp, udp,500,s0)
-network_port(iscsi, tcp,3260,s0)
-network_port(isns, tcp,3205,s0, udp,3205,s0)
-network_port(jabber_client, tcp,5222,s0, tcp,5223,s0)
-network_port(jabber_interserver, tcp,5269,s0)
-network_port(jabber_router, tcp,5347,s0)
-network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0)
-network_port(kerberos_admin, tcp,749,s0)
-network_port(kerberos_master, tcp,4444,s0, udp,4444,s0)
-network_port(kerberos_password, tcp,464,s0, udp,464,s0)
-network_port(kismet, tcp,2501,s0)
-network_port(kprop, tcp,754,s0)
-network_port(ktalkd, udp,517,s0, udp,518,s0)
-network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
-network_port(lirc, tcp,8765,s0)
-network_port(luci, tcp,8084,s0)
-network_port(lmtp, tcp,24,s0, udp,24,s0)
-type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
-network_port(mail, tcp,2000,s0, tcp,3905,s0)
-network_port(memcache, tcp,11211,s0, udp,11211,s0)
-network_port(mmcc, tcp,5050,s0, udp,5050,s0)
-network_port(monopd, tcp,1234,s0)
-network_port(mpd, tcp,6600,s0)
-network_port(msnp, tcp,1863,s0, udp,1863,s0)
-network_port(mssql, tcp,1433-1434,s0, udp,1433-1434,s0)
-network_port(munin, tcp,4949,s0, udp,4949,s0)
-network_port(mysqld, tcp,1186,s0, tcp,3306,s0, tcp,63132-63164,s0)
-network_port(mysqlmanagerd, tcp,2273,s0)
-network_port(nessus, tcp,1241,s0)
-network_port(netport, tcp,3129,s0, udp,3129,s0)
-network_port(netsupport, tcp,5404,s0, udp,5404,s0, tcp,5405,s0, udp,5405,s0)
-network_port(nmbd, udp,137,s0, udp,138,s0)
-network_port(ntop, tcp,3000-3001,s0, udp,3000-3001,s0)
-network_port(ntp, udp,123,s0)
-network_port(ocsp, tcp,9080,s0)
-network_port(openvpn, tcp,1194,s0, udp,1194,s0)
-network_port(pegasus_http, tcp,5988,s0)
-network_port(pegasus_https, tcp,5989,s0)
-network_port(pgpkeyserver, udp, 11371,s0, tcp,11371,s0)
-network_port(pingd, tcp,9125,s0)
-network_port(piranha, tcp,3636,s0)
-network_port(pki_ca, tcp, 9180, s0, tcp, 9701, s0, tcp, 9443, s0, tcp, 9444, s0, tcp, 9445, s0)
-network_port(pki_kra, tcp, 10180, s0, tcp, 10701, s0, tcp, 10443, s0, tcp, 10444, s0, tcp, 10445, s0)
-network_port(pki_ocsp, tcp, 11180, s0, tcp, 11701, s0, tcp, 11443, s0, tcp, 11444, s0, tcp, 11445, s0)
-network_port(pki_tks, tcp, 13180, s0, tcp, 13701, s0, tcp, 13443, s0, tcp, 13444, s0, tcp, 13445, s0)
-network_port(pki_ra, tcp,12888-12889,s0)
-network_port(pki_tps, tcp,7888-7889,s0)
-network_port(pop, tcp,106,s0, tcp,109,s0, tcp,110,s0, tcp,143,s0, tcp,220,s0, tcp,993,s0, tcp,995,s0, tcp,1109,s0)
-network_port(portmap, udp,111,s0, tcp,111,s0)
-network_port(postfix_policyd, tcp,10031,s0)
-network_port(postgresql, tcp,5432,s0)
-network_port(postgrey, tcp,60000,s0)
-network_port(prelude, tcp,4690,s0, udp,4690,s0)
-network_port(presence, tcp,5298-5299,s0, udp,5298-5299,s0)
-network_port(printer, tcp,515,s0)
-network_port(ptal, tcp,5703,s0)
-network_port(pulseaudio, tcp,4713,s0)
-network_port(puppet, tcp, 8140, s0)
-network_port(pxe, udp,4011,s0)
-network_port(pyzor, udp,24441,s0)
-network_port(radacct, udp,1646,s0, udp,1813,s0)
-network_port(radius, udp,1645,s0, udp,1812,s0)
-network_port(radsec, tcp,2083,s0)
-network_port(razor, tcp,2703,s0)
-network_port(ricci, tcp,11111,s0, udp,11111,s0)
-network_port(ricci_modcluster, tcp,16851,s0, udp,16851,s0)
-network_port(rlogind, tcp,513,s0)
-network_port(rndc, tcp,953,s0)
-network_port(router, udp,520-521,s0, tcp,521,s0)
-network_port(rsh, tcp,514,s0)
-network_port(rsync, tcp,873,s0, udp,873,s0)
-network_port(rwho, udp,513,s0)
-network_port(sap, tcp,9875,s0, udp,9875,s0)
-network_port(sametime, tcp,1533,s0, udp,1533,s0)
-network_port(sieve, tcp,4190,s0)
-network_port(sip, tcp,5060-5061,s0, udp,5060-5061,s0)
-network_port(sixxsconfig, tcp,3874,s0, udp,3874,s0)
-network_port(smbd, tcp,137-139,s0, tcp,445,s0)
-network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
-network_port(snmp, tcp,161-162,s0, udp,161-162,s0, tcp,199,s0, tcp, 1161, s0)
-type socks_port_t, port_type; dnl network_port(socks) # no defined portcon
-network_port(soundd, tcp,8000,s0, tcp,9433,s0, tcp, 16001, s0)
-network_port(spamd, tcp,783,s0)
-network_port(speech, tcp,8036,s0)
-network_port(squid, tcp,3128,s0, udp,3401,s0, tcp,3401,s0, udp,4827,s0, tcp,4827,s0) # snmp and htcp
-network_port(ssh, tcp,22,s0)
-network_port(streaming, tcp, 1755, s0, udp, 1755, s0)
-type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict
-network_port(swat, tcp,901,s0)
-network_port(sype, tcp,9911,s0, udp,9911,s0)
-network_port(syslogd, udp,514,s0)
-network_port(telnetd, tcp,23,s0)
-network_port(tftp, udp,69,s0)
-network_port(tor, tcp, 6969, s0, tcp,9001,s0, tcp,9030,s0, tcp,9050,s0, tcp,9051,s0)
-network_port(traceroute, udp,64000-64010,s0)
-network_port(transproxy, tcp,8081,s0)
-network_port(ups, tcp,3493,s0)
-type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon
-network_port(uucpd, tcp,540,s0)
-network_port(varnishd, tcp,6081-6082,s0)
-network_port(virt, tcp,16509,s0, udp,16509,s0, tcp,16514,s0, udp,16514,s0)
-network_port(virt_migration, tcp,49152-49216,s0)
-network_port(vnc, tcp,5900-5999,s0)
-network_port(wccp, udp,2048,s0)
-network_port(whois, tcp,43,s0, udp,43,s0, tcp, 4321, s0 , udp, 4321, s0 )
-network_port(xdmcp, udp,177,s0, tcp,177,s0)
-network_port(xen, tcp,8002,s0)
-network_port(xfs, tcp,7100,s0)
-network_port(xserver, tcp,6000-6150,s0)
-network_port(zarafa, tcp,236,s0)
-network_port(zebra, tcp,2600-2604,s0, tcp,2606,s0, udp,2600-2604,s0, udp,2606,s0)
-network_port(zope, tcp,8021,s0)
-
-# Defaults for reserved ports.  Earlier portcon entries take precedence;
-# these entries just cover any remaining reserved ports not otherwise declared.
-
-portcon tcp 512-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0)
-portcon udp 512-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0)
-portcon tcp 1-511 gen_context(system_u:object_r:reserved_port_t, s0)
-portcon udp 1-511 gen_context(system_u:object_r:reserved_port_t, s0)
-
-########################################
-#
-# Network nodes
-#
-
-#
-# node_t is the default type of network nodes.
-# The node_*_t types are used for specific network
-# nodes in net_contexts or net_contexts.mls.
-#
-type node_t, node_type;
-typealias node_t alias { compat_ipv4_node_t lo_node_t link_local_node_t inaddr_any_node_t unspec_node_t };
-sid node gen_context(system_u:object_r:node_t,s0 - mls_systemhigh)
-
-# network_node examples:
-#network_node(lo, s0 - mls_systemhigh, 127.0.0.1, 255.255.255.255)
-#network_node(multicast, s0 - mls_systemhigh, ff00::, ff00::)
-
-########################################
-#
-# Network Interfaces
-#
-
-#
-# netif_t is the default type of network interfaces.
-#
-type netif_t, netif_type;
-sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh)
-
-build_option(`enable_mls',`
-network_interface(lo, lo, s0 - mls_systemhigh)
-',`
-typealias netif_t alias { lo_netif_t netif_lo_t };
-')
-
-########################################
-#
-# Unconfined access to this module
-#
-
-allow corenet_unconfined_type node_type:node *;
-allow corenet_unconfined_type netif_type:netif *;
-allow corenet_unconfined_type packet_type:packet *;
-allow corenet_unconfined_type port_type:tcp_socket { send_msg recv_msg name_connect };
-allow corenet_unconfined_type port_type:udp_socket { send_msg recv_msg };
-
-# Bind to any network address.
-allow corenet_unconfined_type port_type:{ tcp_socket udp_socket } name_bind;
-allow corenet_unconfined_type node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
diff --git a/policy/modules/kernel/corenetwork.te.m4 b/policy/modules/kernel/corenetwork.te.m4
deleted file mode 100644
index 35fed4f..0000000
--- a/policy/modules/kernel/corenetwork.te.m4
+++ /dev/null
@@ -1,105 +0,0 @@
-#
-# shiftn(num,list...)
-#
-# shift the list num times
-#
-define(`shiftn',`ifelse($1,0,`shift($*)',`shiftn(decr($1),shift(shift($*)))')')
-
-#
-# range_start(num)
-#
-# return the low port in a range.
-#
-# range_start(600) returns "600"
-# range_start(1200-1600) returns "1200"
-#
-define(`range_start',`ifelse(-1,index(`$1', `-'),$1,substr($1,0,index(`$1', `-')))')
-
-#
-# build_option(option_name,true,[false])
-#
-# makes an ifdef.  hacky quoting changes because with
-# regular quoting, the macros in $2 and $3 will not be expanded
-#
-define(`build_option',`dnl
-changequote([,])dnl
-[ifdef(`$1',`]
-changequote(`,')dnl
-$2
-changequote([,])dnl
-[',`]
-changequote(`,')dnl
-$3
-changequote([,])dnl
-[')]
-changequote(`,')dnl
-')
-
-define(`declare_netifs',`dnl
-netifcon $2 gen_context(system_u:object_r:$1,$3) gen_context(system_u:object_r:unlabeled_t,$3)
-ifelse(`$4',`',`',`declare_netifs($1,shiftn(3,$*))')dnl
-')
-
-#
-# network_interface(if_name,linux_interface,mls_sensitivity)
-#
-define(`network_interface',`
-gen_require(``type unlabeled_t;'')
-type $1_netif_t alias netif_$1_t, netif_type;
-declare_netifs($1_netif_t,shift($*))
-')
-
-define(`network_interface_controlled',`
-ifdef(`__network_enabled_declared__',`',`
-## <desc>
-## <p>
-## Enable network traffic on all controlled interfaces.
-## </p>
-## </desc>
-gen_bool(network_enabled, true)
-define(`__network_enabled_declared__')
-')
-gen_require(``type unlabeled_t;'')
-type $1_netif_t alias netif_$1_t, netif_type;
-declare_netifs($1_netif_t,shift($*))
-')
-
-define(`declare_nodes',`dnl
-nodecon $3 $4 gen_context(system_u:object_r:$1,$2)
-ifelse(`$5',`',`',`declare_nodes($1,shiftn(4,$*))')dnl
-')
-
-#
-# network_node(node_name,mls_sensitivity,address,netmask[, mls_sensitivity,address,netmask, [...]])
-#
-define(`network_node',`
-type $1_node_t alias node_$1_t, node_type;
-declare_nodes($1_node_t,shift($*))
-')
-
-# bindresvport in glibc starts searching for reserved ports at 512
-define(`declare_ports',`dnl
-ifelse(eval(range_start($3) < 1024),1,`typeattribute $1 reserved_port_type;
-ifelse(eval(range_start($3) >= 512),1,`typeattribute $1 rpc_port_type;',`dnl')
-',`dnl')
-portcon $2 $3 gen_context(system_u:object_r:$1,$4)
-ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl
-')
-
-#
-# network_port(port_name,protocol portnum mls_sensitivity [,protocol portnum mls_sensitivity[,...]])
-#
-define(`network_port',`
-type $1_port_t, port_type;
-type $1_client_packet_t, packet_type, client_packet_type;
-type $1_server_packet_t, packet_type, server_packet_type;
-declare_ports($1_port_t,shift($*))dnl
-')
-
-#
-# network_packet(packet_name)
-#
-define(`network_packet',`
-type $1_client_packet_t, packet_type, client_packet_type;
-type $1_server_packet_t, packet_type, server_packet_type;
-')
diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
deleted file mode 100644
index 7c29e17..0000000
--- a/policy/modules/kernel/devices.fc
+++ /dev/null
@@ -1,198 +0,0 @@
-
-/dev			-d	gen_context(system_u:object_r:device_t,s0)
-/dev/.*				gen_context(system_u:object_r:device_t,s0)
-
-/dev/.*mouse.*		-c	gen_context(system_u:object_r:mouse_device_t,s0)
-/dev/[0-9].*		-c	gen_context(system_u:object_r:usb_device_t,s0)
-/dev/3dfx		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
-/dev/admmidi.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/adsp.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/(misc/)?agpgart	-c	gen_context(system_u:object_r:agp_device_t,s0)
-/dev/aload.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/amidi.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/amixer.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/apm_bios		-c	gen_context(system_u:object_r:apm_bios_t,s0)
-/dev/atibm		-c	gen_context(system_u:object_r:mouse_device_t,s0)
-/dev/audio.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/autofs.*		-c	gen_context(system_u:object_r:autofs_device_t,s0)
-/dev/beep		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/btrfs-control	-c	gen_context(system_u:object_r:lvm_control_t,s0)
-/dev/controlD64		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
-/dev/dahdi/.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/dmfm		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/dmmidi.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/dsp.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/efirtc		-c	gen_context(system_u:object_r:clock_device_t,s0)
-/dev/elographics/e2201	-c	gen_context(system_u:object_r:mouse_device_t,s0)
-/dev/em8300.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
-/dev/etherd/.+		-c	gen_context(system_u:object_r:lvm_control_t,s0)
-/dev/event.*		-c	gen_context(system_u:object_r:event_device_t,s0)
-/dev/evtchn		-c	gen_context(system_u:object_r:xen_device_t,s0)
-/dev/fb[0-9]*		-c	gen_context(system_u:object_r:framebuf_device_t,s0)
-/dev/full		-c	gen_context(system_u:object_r:null_device_t,s0)
-/dev/fw.*		-c	gen_context(system_u:object_r:usb_device_t,s0)
-/dev/gfx		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
-/dev/graphics		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
-/dev/gtrsc.*		-c	gen_context(system_u:object_r:clock_device_t,s0)
-/dev/hfmodem		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/hiddev.*		-c	gen_context(system_u:object_r:usb_device_t,s0)
-/dev/hidraw.*		-c	gen_context(system_u:object_r:usb_device_t,s0)
-/dev/hpet		-c	gen_context(system_u:object_r:clock_device_t,s0)
-/dev/hw_random		-c	gen_context(system_u:object_r:random_device_t,s0)
-/dev/hwrng		-c	gen_context(system_u:object_r:random_device_t,s0)
-/dev/i915		-c	gen_context(system_u:object_r:dri_device_t,s0)
-/dev/inportbm		-c	gen_context(system_u:object_r:mouse_device_t,s0)
-/dev/ipmi[0-9]+		-c	gen_context(system_u:object_r:ipmi_device_t,s0)
-/dev/ipmi/[0-9]+	-c	gen_context(system_u:object_r:ipmi_device_t,s0)
-/dev/irlpt[0-9]+	-c	gen_context(system_u:object_r:printer_device_t,s0)
-/dev/jbm		-c	gen_context(system_u:object_r:mouse_device_t,s0)
-/dev/js.*		-c	gen_context(system_u:object_r:mouse_device_t,s0)
-/dev/kmem		-c	gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
-/dev/kmsg		-c	gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
-/dev/kqemu		-c	gen_context(system_u:object_r:qemu_device_t,s0)
-/dev/ksm		-c	gen_context(system_u:object_r:ksm_device_t,s0)
-/dev/kvm		-c	gen_context(system_u:object_r:kvm_device_t,s0)
-/dev/lik.*		-c	gen_context(system_u:object_r:event_device_t,s0)
-/dev/lirc[0-9]+		-c	gen_context(system_u:object_r:lirc_device_t,s0)
-/dev/lircm		-c	gen_context(system_u:object_r:mouse_device_t,s0)
-/dev/logibm		-c	gen_context(system_u:object_r:mouse_device_t,s0)
-/dev/lp.*		-c	gen_context(system_u:object_r:printer_device_t,s0)
-/dev/mcelog		-c	gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
-/dev/mem		-c	gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
-/dev/mergemem		-c	gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
-/dev/mga_vid.*		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
-/dev/mice		-c	gen_context(system_u:object_r:mouse_device_t,s0)
-/dev/microcode		-c	gen_context(system_u:object_r:cpu_device_t,s0)
-/dev/midi.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/misc/dlm.*		-c	gen_context(system_u:object_r:dlm_control_device_t,s0)
-/dev/mixer.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/mmetfgrab		-c	gen_context(system_u:object_r:scanner_device_t,s0)
-/dev/modem		-c	gen_context(system_u:object_r:modem_device_t,s0)
-/dev/mpu401.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/msr.*		-c	gen_context(system_u:object_r:cpu_device_t,s0)
-/dev/net/vhost		-c	gen_context(system_u:object_r:vhost_device_t,s0)
-/dev/network_latency	-c	gen_context(system_u:object_r:netcontrol_device_t,s0)
-/dev/network_throughput	-c	gen_context(system_u:object_r:netcontrol_device_t,s0)
-/dev/noz.* 		-c	gen_context(system_u:object_r:modem_device_t,s0)
-/dev/null		-c	gen_context(system_u:object_r:null_device_t,s0)
-/dev/nvidia.*		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
-/dev/nvram		-c	gen_context(system_u:object_r:nvram_device_t,mls_systemhigh)
-/dev/oldmem		-c	gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
-/dev/opengl		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
-/dev/par.*		-c	gen_context(system_u:object_r:printer_device_t,s0)
-/dev/patmgr[01]		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/pc110pad		-c	gen_context(system_u:object_r:mouse_device_t,s0)
-/dev/pcfclock.*		-c	gen_context(system_u:object_r:clock_device_t,s0)
-/dev/pmu		-c	gen_context(system_u:object_r:power_device_t,s0)
-/dev/port		-c	gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
-/dev/pps.*		-c	gen_context(system_u:object_r:clock_device_t,s0)
-/dev/(misc/)?psaux	-c	gen_context(system_u:object_r:mouse_device_t,s0)
-/dev/rmidi.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/radeon		-c	gen_context(system_u:object_r:dri_device_t,s0)
-/dev/radio.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
-/dev/random		-c	gen_context(system_u:object_r:random_device_t,s0)
-/dev/raw1394.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
-/dev/rfkill		-c	gen_context(system_u:object_r:wireless_device_t,s0)
-/dev/(misc/)?rtc[0-9]*	-c	gen_context(system_u:object_r:clock_device_t,s0)
-/dev/sequencer		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/sequencer2		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/smpte.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/smu		-c	gen_context(system_u:object_r:power_device_t,s0)
-/dev/srnd[0-7]		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/snapshot		-c	gen_context(system_u:object_r:apm_bios_t,s0)
-/dev/sndstat		-c	gen_context(system_u:object_r:sound_device_t,s0)
-/dev/sonypi		-c	gen_context(system_u:object_r:v4l_device_t,s0)
-/dev/tlk[0-3]		-c	gen_context(system_u:object_r:v4l_device_t,s0)
-/dev/tpm[0-9]*		-c	gen_context(system_u:object_r:tpm_device_t,s0)
-/dev/uinput		-c	gen_context(system_u:object_r:event_device_t,s0)
-/dev/uio[0-9]+		-c	gen_context(system_u:object_r:userio_device_t,s0)
-/dev/urandom		-c	gen_context(system_u:object_r:urandom_device_t,s0)
-/dev/ub[a-c]		-c	gen_context(system_u:object_r:usb_device_t,s0)
-/dev/usb.+		-c	gen_context(system_u:object_r:usb_device_t,s0)
-/dev/usblp.*		-c	gen_context(system_u:object_r:printer_device_t,s0)
-/dev/usbmon.+		-c	gen_context(system_u:object_r:usbmon_device_t,s0)
-ifdef(`distro_suse', `
-/dev/usbscanner		-c	gen_context(system_u:object_r:scanner_device_t,s0)
-')
-/dev/vhost-net		-c	gen_context(system_u:object_r:vhost_device_t,s0)
-/dev/vbi.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
-/dev/vbox.*		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
-/dev/vga_arbiter	-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
-/dev/vmmon		-c	gen_context(system_u:object_r:vmware_device_t,s0)
-/dev/vmnet.*		-c	gen_context(system_u:object_r:vmware_device_t,s0)
-/dev/video.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
-/dev/vrtpanel		-c	gen_context(system_u:object_r:mouse_device_t,s0)
-/dev/vttuner		-c	gen_context(system_u:object_r:v4l_device_t,s0)
-/dev/vtx.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
-/dev/watchdog		-c	gen_context(system_u:object_r:watchdog_device_t,s0)
-/dev/winradio.		-c	gen_context(system_u:object_r:v4l_device_t,s0)
-/dev/z90crypt		-c	gen_context(system_u:object_r:crypt_device_t,s0)
-/dev/zero		-c	gen_context(system_u:object_r:zero_device_t,s0)
-
-/dev/bus/usb/.*/[0-9]+	-c	gen_context(system_u:object_r:usb_device_t,s0)
-
-/dev/card.*		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
-/dev/cmx.*		-c	gen_context(system_u:object_r:smartcard_device_t,s0)
-
-/dev/cpu_dma_latency	-c	gen_context(system_u:object_r:netcontrol_device_t,s0)
-/dev/cpu.*		-c	gen_context(system_u:object_r:cpu_device_t,s0)
-/dev/cpu/mtrr		-c	gen_context(system_u:object_r:mtrr_device_t,s0)
-
-/dev/biometric/sensor.*	-c	gen_context(system_u:object_r:event_device_t,s0)
-
-/dev/dri/.+		-c	gen_context(system_u:object_r:dri_device_t,s0)
-
-/dev/dvb/.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
-
-/dev/input/.*		-c	gen_context(system_u:object_r:event_device_t,s0)
-/dev/input/m.*		-c	gen_context(system_u:object_r:mouse_device_t,s0)
-/dev/input/.*mouse.*	-c	gen_context(system_u:object_r:mouse_device_t,s0)
-/dev/input/keyboard.*	-c	gen_context(system_u:object_r:event_device_t,s0)
-/dev/input/event.*	-c	gen_context(system_u:object_r:event_device_t,s0)
-/dev/input/mice		-c	gen_context(system_u:object_r:mouse_device_t,s0)
-/dev/input/js.*		-c	gen_context(system_u:object_r:mouse_device_t,s0)
-/dev/input/uinput	-c	gen_context(system_u:object_r:event_device_t,s0)
-
-/dev/mapper/control	-c	gen_context(system_u:object_r:lvm_control_t,s0)
-
-/dev/mfpports/.*	-c	gen_context(system_u:object_r:printer_device_t,s0)
-
-/dev/mvideo/.*		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
-
-/dev/mqueue(/.*)?		<<none>>
-/dev/pts(/.*)?			<<none>>
-
-/dev/s(ou)?nd/.*	-c	gen_context(system_u:object_r:sound_device_t,s0)
-
-/dev/touchscreen/ucb1x00 -c	gen_context(system_u:object_r:mouse_device_t,s0)
-/dev/touchscreen/mk712	-c	gen_context(system_u:object_r:mouse_device_t,s0)
-
-/dev/usb/dc2xx.*	-c	gen_context(system_u:object_r:scanner_device_t,s0)
-/dev/usb/lp.*		-c	gen_context(system_u:object_r:printer_device_t,s0)
-/dev/usb/mdc800.*	-c	gen_context(system_u:object_r:scanner_device_t,s0)
-/dev/usb/scanner.*	-c	gen_context(system_u:object_r:scanner_device_t,s0)
-
-/dev/xen/blktap.*	-c	gen_context(system_u:object_r:xen_device_t,s0)
-/dev/xen/evtchn		-c	gen_context(system_u:object_r:xen_device_t,s0)
-
-/etc/udev/devices	-d	gen_context(system_u:object_r:device_t,s0)
-
-/lib/udev/devices(/.*)		gen_context(system_u:object_r:device_t,s0)
-
-# used by init scripts to initally populate udev /dev
-/lib/udev/devices/lp.*		-c	gen_context(system_u:object_r:printer_device_t,s0)
-/lib/udev/devices/null	-c	gen_context(system_u:object_r:null_device_t,s0)
-/lib/udev/devices/zero	-c	gen_context(system_u:object_r:zero_device_t,s0)
-
-ifdef(`distro_redhat',`
-# originally from named.fc
-/var/named/chroot/dev	-d	gen_context(system_u:object_r:device_t,s0)
-/var/named/chroot/dev/null -c	gen_context(system_u:object_r:null_device_t,s0)
-/var/named/chroot/dev/random -c	gen_context(system_u:object_r:random_device_t,s0)
-/var/named/chroot/dev/zero -c	gen_context(system_u:object_r:zero_device_t,s0)
-')
-
-#
-# /sys
-#
-/sys(/.*)?			gen_context(system_u:object_r:sysfs_t,s0)
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
deleted file mode 100644
index b92327e..0000000
--- a/policy/modules/kernel/devices.if
+++ /dev/null
@@ -1,5402 +0,0 @@
-## <summary>
-## Device nodes and interfaces for many basic system devices.
-## </summary>
-## <desc>
-## <p>
-## This module creates the device node concept and provides
-## the policy for many of the device files. Notable exceptions are
-## the mass storage and terminal devices that are covered by other
-## modules.
-## </p>
-## <p>
-## This module creates the concept of a device node. That is a
-## char or block device file, usually in /dev. All types that
-## are used to label device nodes should use the dev_node macro.
-## </p>
-## <p>
-## Additionally, this module controls access to three things:
-##	<ul>
-##		<li>the device directories containing device nodes</li>
-##		<li>device nodes as a group</li>
-##		<li>individual access to specific device nodes covered by
-##		this module.</li>
-##	</ul>
-## </p>
-## </desc>
-## <required val="true">
-##	Depended on by other required modules.
-## </required>
-
-########################################
-## <summary>
-##	Make the specified type usable for device
-##	nodes in a filesystem.
-## </summary>
-## <desc>
-##	<p>
-##	Make the specified type usable for device nodes
-##	in a filesystem.  Types used for device nodes that
-##	do not use this interface, or an interface that
-##	calls this one, will have unexpected behaviors
-##	while the system is running.
-##	</p>
-##	<p>
-##	Example:
-##	</p>
-##	<p>
-##	type mydev_t;
-##	dev_node(mydev_t)
-##	allow mydomain_t mydev_t:chr_file read_chr_file_perms;
-##	</p>
-##	<p>
-##	Related interfaces:
-##	</p>
-##	<ul>
-##		<li>term_tty()</li>
-##		<li>term_pty()</li>
-##	</ul>
-## </desc>
-## <param name="type">
-##	<summary>
-##	Type to be used for device nodes.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`dev_node',`
-	gen_require(`
-		attribute device_node;
-	')
-
-	typeattribute $1 device_node;
-')
-
-########################################
-## <summary>
-##	Associate the specified file type with device filesystem.
-## </summary>
-## <param name="file_type">
-##	<summary>
-##	The type of the file to be associated.
-##	</summary>
-## </param>
-#
-interface(`dev_associate',`
-	gen_require(`
-		type device_t;
-	')
-
-	allow $1 device_t:filesystem associate;
-	fs_associate_tmpfs($1)	#For backwards compatibility
-')
-
-########################################
-## <summary>
-##	Mount a filesystem on /dev
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allow access.
-##	</summary>
-## </param>
-#
-interface(`dev_mounton',`
-	gen_require(`
-		type device_t;
-	')
-
-	allow $1 device_t:dir mounton;
-')
-
-########################################
-## <summary>
-##	Allow full relabeling (to and from) of all device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`dev_relabel_all_dev_nodes',`
-	gen_require(`
-		attribute device_node;
-		type device_t;
-	')
-
-	relabelfrom_dirs_pattern($1, device_t, device_node)
-	relabelfrom_files_pattern($1, device_t, device_node)
-	relabelfrom_lnk_files_pattern($1, device_t, { device_t device_node })
-	relabelfrom_fifo_files_pattern($1, device_t, device_node)
-	relabelfrom_sock_files_pattern($1, device_t, device_node)
-	relabel_blk_files_pattern($1, device_t, { device_t device_node })
-	relabel_chr_files_pattern($1, device_t, { device_t device_node })
-')
-
-########################################
-## <summary>
-##	List all of the device nodes in a device directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_list_all_dev_nodes',`
-	gen_require(`
-		type device_t;
-	')
-
-	list_dirs_pattern($1, device_t, device_t)
-	read_lnk_files_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes of /dev directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_generic_dirs',`
-	gen_require(`
-		type device_t;
-	')
-
-	setattr_dirs_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Dontaudit attempts to list all device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_list_all_dev_nodes',`
-	gen_require(`
-		type device_t;
-	')
-
-	dontaudit $1 device_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Add entries to directories in /dev.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_add_entry_generic_dirs',`
-	gen_require(`
-		type device_t;
-	')
-
-	allow $1 device_t:dir add_entry_dir_perms;
-')
-
-########################################
-## <summary>
-##	Add entries to directories in /dev.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_remove_entry_generic_dirs',`
-	gen_require(`
-		type device_t;
-	')
-
-	allow $1 device_t:dir del_entry_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create a directory in the device directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_create_generic_dirs',`
-	gen_require(`
-		type device_t;
-	')
-
-	allow $1 device_t:dir list_dir_perms;
-	create_dirs_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Delete a directory in the device directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_delete_generic_dirs',`
-	gen_require(`
-		type device_t;
-	')
-
-	delete_dirs_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Manage of directories in /dev.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_manage_generic_dirs',`
-	gen_require(`
-		type device_t;
-	')
-
-	manage_dirs_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Allow full relabeling (to and from) of directories in /dev.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_relabel_generic_dev_dirs',`
-	gen_require(`
-		type device_t;
-	')
-
-	relabel_dirs_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	dontaudit getattr generic files in /dev.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_getattr_generic_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	dontaudit $1 device_t:file getattr;
-')
-
-########################################
-## <summary>
-##	read generic files in /dev.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_read_generic_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	read_files_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Read and write generic files in /dev.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_generic_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	rw_files_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Delete generic files in /dev.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_delete_generic_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	delete_files_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Create a file in the device directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_manage_generic_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	manage_files_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Dontaudit getattr on generic pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_getattr_generic_pipes',`
-	gen_require(`
-		type device_t;
-	')
-
-	dontaudit $1 device_t:fifo_file getattr;
-')
-
-########################################
-## <summary>
-##	Allow getattr on generic block devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_generic_blk_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	getattr_blk_files_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Dontaudit getattr on generic block devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_getattr_generic_blk_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	dontaudit $1 device_t:blk_file getattr;
-')
-
-########################################
-## <summary>
-##	Dontaudit setattr on generic block devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_setattr_generic_blk_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	dontaudit $1 device_t:blk_file setattr;
-')
-
-########################################
-## <summary>
-##	Create generic block device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_create_generic_blk_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	create_blk_files_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Delete generic block device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_delete_generic_blk_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	delete_blk_files_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Allow getattr for generic character device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_generic_chr_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Allow relablefrom for generic character device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_relabelfrom_generic_chr_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	allow $1 device_t:chr_file relabelfrom;
-')
-
-########################################
-## <summary>
-##	Dontaudit getattr for generic character device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_getattr_generic_chr_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	dontaudit $1 device_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Dontaudit setattr for generic character device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_setattr_generic_chr_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	dontaudit $1 device_t:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Read generic character device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_generic_chr_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	allow $1 device_t:chr_file read_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write generic character device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_generic_chr_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	allow $1 device_t:chr_file rw_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write generic block device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_generic_blk_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	allow $1 device_t:blk_file rw_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Dontaudit attempts to read/write generic character device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to dontaudit access.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_rw_generic_chr_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	dontaudit $1 device_t:chr_file rw_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Create generic character device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_create_generic_chr_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	create_chr_files_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Delete generic character device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_delete_generic_chr_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	delete_chr_files_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to set the attributes
-##	of symbolic links in device directories (/dev).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_setattr_generic_symlinks',`
-	gen_require(`
-		type device_t;
-	')
-
-	dontaudit $1 device_t:lnk_file setattr;
-')
-
-########################################
-## <summary>
-##	Create symbolic links in device directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_create_generic_symlinks',`
-	gen_require(`
-		type device_t;
-	')
-
-	create_lnk_files_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Delete symbolic links in device directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_delete_generic_symlinks',`
-	gen_require(`
-		type device_t;
-	')
-
-	delete_lnk_files_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Read symbolic links in device directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_generic_symlinks',`
-	gen_require(`
-		type device_t;
-	')
-
-	allow $1 device_t:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, delete, read, and write symbolic links in device directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_manage_generic_symlinks',`
-	gen_require(`
-		type device_t;
-	')
-
-	manage_lnk_files_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Relabel symbolic links in device directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_relabel_generic_symlinks',`
-	gen_require(`
-		type device_t;
-	')
-
-	relabel_lnk_files_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Create, delete, read, and write device nodes in device directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_manage_all_dev_nodes',`
-	gen_require(`
-		attribute device_node, memory_raw_read, memory_raw_write;
-		type device_t;
-	')
-
-	manage_dirs_pattern($1, device_t, device_t)
-	manage_sock_files_pattern($1, device_t, device_t)
-	manage_lnk_files_pattern($1, device_t, device_t)
-	manage_chr_files_pattern($1, device_t, { device_t device_node })
-	manage_blk_files_pattern($1, device_t, { device_t device_node })
-	relabel_dirs_pattern($1, device_t, device_t)
-	relabel_chr_files_pattern($1, device_t, { device_t device_node })
-	relabel_blk_files_pattern($1, device_t, { device_t device_node })
-
-	# these next rules are to satisfy assertions broken by the above lines.
-	# the permissions hopefully can be cut back a lot
-	storage_raw_read_fixed_disk($1)
-	storage_raw_write_fixed_disk($1)
-	storage_read_scsi_generic($1)
-	storage_write_scsi_generic($1)
-
-	typeattribute $1 memory_raw_read;
-	typeattribute $1 memory_raw_write;
-')
-
-########################################
-## <summary>
-##	Dontaudit getattr for generic device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_rw_generic_dev_nodes',`
-	gen_require(`
-		type device_t;
-	')
-
-	dontaudit $1 device_t:{ chr_file blk_file } { getattr read write ioctl };
-')
-
-########################################
-## <summary>
-##	Create, delete, read, and write block device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_manage_generic_blk_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	manage_blk_files_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Create, delete, read, and write character device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_manage_generic_chr_files',`
-	gen_require(`
-		type device_t;
-	')
-
-	manage_chr_files_pattern($1, device_t, device_t)
-')
-
-########################################
-## <summary>
-##	Create, read, and write device nodes. The node
-##	will be transitioned to the type provided.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="file">
-##	<summary>
-##	Type to which the created node will be transitioned.
-##	</summary>
-## </param>
-## <param name="objectclass(es)">
-##	<summary>
-##	Object class(es) (single or set including {}) for which this
-##	the transition will occur.
-##	</summary>
-## </param>
-#
-interface(`dev_filetrans',`
-	gen_require(`
-		type device_t;
-	')
-
-	filetrans_pattern($1, device_t, $2, $3)
-
-	dev_associate($2)
-	files_associate_tmp($2)
-')
-
-########################################
-## <summary>
-##	Create, read, and write device nodes. The node
-##	will be transitioned to the type provided.  This is
-##	a temporary interface until devtmpfs functionality
-##	fixed.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="objectclass(es)">
-##	<summary>
-##	Object class(es) (single or set including {}) for which this
-##	the transition will occur.
-##	</summary>
-## </param>
-#
-interface(`dev_tmpfs_filetrans_dev',`
-	gen_require(`
-		type device_t;
-	')
-
-	fs_tmpfs_filetrans($1, device_t, $2)
-')
-
-########################################
-## <summary>
-##	Getattr on all block file device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`dev_getattr_all_blk_files',`
-	gen_require(`
-		attribute device_node;
-		type device_t;
-	')
-
-	getattr_blk_files_pattern($1, device_t, device_node)
-')
-
-########################################
-## <summary>
-##	Dontaudit getattr on all block file device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_getattr_all_blk_files',`
-	gen_require(`
-		attribute device_node;
-		type device_t;
-	')
-
-	dontaudit $1 { device_t device_node }:blk_file getattr;
-')
-
-########################################
-## <summary>
-##	Getattr on all character file device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`dev_getattr_all_chr_files',`
-	gen_require(`
-		attribute device_node;
-	')
-
-	getattr_chr_files_pattern($1, device_t, device_node)
-')
-
-########################################
-## <summary>
-##	Dontaudit getattr on all character file device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_getattr_all_chr_files',`
-	gen_require(`
-		attribute device_node;
-		type device_t;
-	')
-
-	dontaudit $1 { device_t device_node }:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Setattr on all block file device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`dev_setattr_all_blk_files',`
-	gen_require(`
-		attribute device_node;
-	')
-
-	setattr_blk_files_pattern($1, device_t, device_node)
-')
-
-########################################
-## <summary>
-##	Setattr on all character file device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`dev_setattr_all_chr_files',`
-	gen_require(`
-		attribute device_node;
-	')
-
-	setattr_chr_files_pattern($1, device_t, device_node)
-')
-
-########################################
-## <summary>
-##	Dontaudit read on all block file device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_read_all_blk_files',`
-	gen_require(`
-		attribute device_node;
-	')
-
-	dontaudit $1 device_node:blk_file { getattr read };
-')
-
-########################################
-## <summary>
-##	Dontaudit write on all block file device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_write_all_blk_files',`
-	gen_require(`
-		attribute device_node;
-	')
-
-	dontaudit $1 device_node:blk_file write;
-')
-
-########################################
-## <summary>
-##	Dontaudit read on all character file device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_read_all_chr_files',`
-	gen_require(`
-		attribute device_node;
-	')
-
-	dontaudit $1 device_node:chr_file { getattr read };
-')
-
-########################################
-## <summary>
-##	Dontaudit write on all character file device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_write_all_chr_files',`
-	gen_require(`
-		attribute device_node;
-	')
-
-	dontaudit $1 device_node:chr_file write;
-')
-
-########################################
-## <summary>
-##	Create all block device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_create_all_blk_files',`
-	gen_require(`
-		attribute device_node;
-	')
-
-	create_blk_files_pattern($1, device_t, device_node)
-')
-
-########################################
-## <summary>
-##	Create all character device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_create_all_chr_files',`
-	gen_require(`
-		attribute device_node;
-	')
-
-	create_chr_files_pattern($1, device_t, device_node)
-')
-
-########################################
-## <summary>
-##	rw all inherited character device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_all_inherited_chr_files',`
-	gen_require(`
-		attribute device_node;
-	')
-
-	allow $1 device_node:chr_file rw_inherited_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	rw all inherited blk device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_all_inherited_blk_files',`
-	gen_require(`
-		attribute device_node;
-	')
-
-	allow $1 device_node:blk_file rw_inherited_blk_file_perms;
-')
-
-########################################
-## <summary>
-##	Delete all block device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_delete_all_blk_files',`
-	gen_require(`
-		attribute device_node;
-	')
-
-	delete_blk_files_pattern($1, device_t, device_node)
-')
-
-########################################
-## <summary>
-##	Delete all character device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_delete_all_chr_files',`
-	gen_require(`
-		attribute device_node;
-	')
-
-	delete_chr_files_pattern($1, device_t, device_node)
-')
-
-########################################
-## <summary>
-##	Rename all block device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rename_all_blk_files',`
-	gen_require(`
-		attribute device_node;
-	')
-
-	rename_blk_files_pattern($1, device_t, device_node)
-')
-
-########################################
-## <summary>
-##	Rename all character device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rename_all_chr_files',`
-	gen_require(`
-		attribute device_node;
-	')
-
-	rename_chr_files_pattern($1, device_t, device_node)
-')
-
-########################################
-## <summary>
-##	Read, write, create, and delete all block device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_manage_all_blk_files',`
-	gen_require(`
-		attribute device_node;
-	')
-
-	manage_blk_files_pattern($1, device_t, device_node)
-
-	# these next rules are to satisfy assertions broken by the above lines.
-	storage_raw_read_fixed_disk($1)
-	storage_raw_write_fixed_disk($1)
-	storage_read_scsi_generic($1)
-	storage_write_scsi_generic($1)
-')
-
-########################################
-## <summary>
-##	Read, write, create, and delete all character device files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_manage_all_chr_files',`
-	gen_require(`
-		attribute device_node, memory_raw_read, memory_raw_write;
-	')
-
-	manage_chr_files_pattern($1, device_t, device_node)
-
-	typeattribute $1 memory_raw_read, memory_raw_write;
-')
-
-########################################
-## <summary>
-##	Getattr the agp devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_agp_dev',`
-	gen_require(`
-		type device_t, agp_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, agp_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write the agp devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_agp',`
-	gen_require(`
-		type device_t, agp_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, agp_device_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the apm bios device node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_apm_bios_dev',`
-	gen_require(`
-		type device_t, apm_bios_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, apm_bios_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes of
-##	the apm bios device node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_getattr_apm_bios_dev',`
-	gen_require(`
-		type apm_bios_t;
-	')
-
-	dontaudit $1 apm_bios_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Set the attributes of the apm bios device node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_apm_bios_dev',`
-	gen_require(`
-		type device_t, apm_bios_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, apm_bios_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to set the attributes of
-##	the apm bios device node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_setattr_apm_bios_dev',`
-	gen_require(`
-		type apm_bios_t;
-	')
-
-	dontaudit $1 apm_bios_t:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Read and write the apm bios.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_apm_bios',`
-	gen_require(`
-		type device_t, apm_bios_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, apm_bios_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the autofs device node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_autofs_dev',`
-	gen_require(`
-		type device_t, autofs_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, autofs_device_t)
-')
-
-########################################
-## <summary>
-##	Relable the autofs device node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_relabel_autofs_dev',`
-	gen_require(`
-		type autofs_device_t;
-	')
-
-	allow $1 autofs_device_t:chr_file relabel_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes of
-##	the autofs device node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_getattr_autofs_dev',`
-	gen_require(`
-		type autofs_device_t;
-	')
-
-	dontaudit $1 autofs_device_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Set the attributes of the autofs device node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_autofs_dev',`
-	gen_require(`
-		type device_t, autofs_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, autofs_device_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to set the attributes of
-##	the autofs device node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_setattr_autofs_dev',`
-	gen_require(`
-		type autofs_device_t;
-	')
-
-	dontaudit $1 autofs_device_t:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Read and write the autofs device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_autofs',`
-	gen_require(`
-		type device_t, autofs_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, autofs_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write the PCMCIA card manager device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_cardmgr',`
-	gen_require(`
-		type cardmgr_dev_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, cardmgr_dev_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and
-##	write the PCMCIA card manager device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_rw_cardmgr',`
-	gen_require(`
-		type cardmgr_dev_t;
-	')
-
-	dontaudit $1 cardmgr_dev_t:chr_file { read write };
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	the PCMCIA card manager device
-##	with the correct type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_create_cardmgr_dev',`
-	gen_require(`
-		type device_t, cardmgr_dev_t;
-	')
-
-	create_chr_files_pattern($1, device_t, cardmgr_dev_t)
-	create_blk_files_pattern($1, device_t, cardmgr_dev_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	the PCMCIA card manager device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_manage_cardmgr_dev',`
-	gen_require(`
-		type device_t, cardmgr_dev_t;
-	')
-
-	manage_chr_files_pattern($1, device_t, cardmgr_dev_t)
-	manage_blk_files_pattern($1, device_t, cardmgr_dev_t)
-')
-
-########################################
-## <summary>
-##	Automatic type transition to the type
-##	for PCMCIA card manager device nodes when
-##	created in /dev.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_filetrans_cardmgr',`
-	gen_require(`
-		type device_t, cardmgr_dev_t;
-	')
-
-	filetrans_pattern($1, device_t, cardmgr_dev_t, { chr_file blk_file })
-')
-
-########################################
-## <summary>
-##	Get the attributes of the CPU
-##	microcode and id interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_cpu_dev',`
-	gen_require(`
-		type device_t, cpu_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, cpu_device_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes of the CPU
-##	microcode and id interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_cpu_dev',`
-	gen_require(`
-		type device_t, cpu_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, cpu_device_t)
-')
-
-########################################
-## <summary>
-##	Read the CPU identity.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_cpuid',`
-	gen_require(`
-		type device_t, cpu_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, cpu_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write the the CPU microcode device. This
-##	is required to load CPU microcode.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_cpu_microcode',`
-	gen_require(`
-		type device_t, cpu_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, cpu_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write the the hardware SSL accelerator.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_crypto',`
-	gen_require(`
-		type device_t, crypt_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, crypt_device_t)
-')
-
-#######################################
-## <summary>
-##	Set the attributes of the dlm control devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_dlm_control',`
-	gen_require(`
-	type device_t, kvm_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, dlm_control_device_t)
-')
-
-#######################################
-## <summary>
-##	Read and write the the dlm control device
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_dlm_control',`
-	gen_require(`
-		type device_t, dlm_control_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, dlm_control_device_t)
-')
-
-########################################
-## <summary>
-##	getattr the dri devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_dri_dev',`
-	gen_require(`
-		type device_t, dri_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, dri_device_t)
-')
-
-########################################
-## <summary>
-##	Setattr the dri devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_dri_dev',`
-	gen_require(`
-		type device_t, dri_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, dri_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write the dri devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_dri',`
-	gen_require(`
-		type device_t, dri_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, dri_device_t)
-')
-
-########################################
-## <summary>
-##	Dontaudit read and write on the dri devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_rw_dri',`
-	gen_require(`
-		type dri_device_t;
-	')
-
-	dontaudit $1 dri_device_t:chr_file rw_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete the dri devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_manage_dri_dev',`
-	gen_require(`
-		type device_t, dri_device_t;
-	')
-
-	manage_chr_files_pattern($1, device_t, dri_device_t)
-')
-
-########################################
-## <summary>
-##	Automatic type transition to the type
-##	for DRI device nodes when created in /dev.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_filetrans_dri',`
-	gen_require(`
-		type device_t, dri_device_t;
-	')
-
-	filetrans_pattern($1, device_t, dri_device_t, chr_file)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the event devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_input_dev',`
-	gen_require(`
-		type device_t, event_device_t;
-	')
-
-	allow $1 device_t:dir list_dir_perms;
-	allow $1 event_device_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Set the attributes of the event devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_input_dev',`
-	gen_require(`
-		type device_t, event_device_t;
-	')
-
-	allow $1 device_t:dir list_dir_perms;
-	allow $1 event_device_t:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Read input event devices (/dev/input).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_input',`
-	gen_require(`
-		type device_t, event_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, event_device_t)
-')
-
-########################################
-## <summary>
-##	Read input event devices (/dev/input).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_input_dev',`
-	gen_require(`
-		type device_t, event_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, event_device_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the framebuffer device node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_framebuffer_dev',`
-	gen_require(`
-		type device_t, framebuf_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, framebuf_device_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes of the framebuffer device node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_framebuffer_dev',`
-	gen_require(`
-		type device_t, framebuf_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, framebuf_device_t)
-')
-
-########################################
-## <summary>
-##	Dot not audit attempts to set the attributes
-##	of the framebuffer device node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_setattr_framebuffer_dev',`
-	gen_require(`
-		type framebuf_device_t;
-	')
-
-	dontaudit $1 framebuf_device_t:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Read the framebuffer.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_framebuffer',`
-	gen_require(`
-		type framebuf_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, framebuf_device_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read the framebuffer.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_read_framebuffer',`
-	gen_require(`
-		type framebuf_device_t;
-	')
-
-	dontaudit $1 framebuf_device_t:chr_file { getattr read };
-')
-
-########################################
-## <summary>
-##	Write the framebuffer.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_write_framebuffer',`
-	gen_require(`
-		type device_t, framebuf_device_t;
-	')
-
-	write_chr_files_pattern($1, device_t, framebuf_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write the framebuffer.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_framebuffer',`
-	gen_require(`
-		type device_t, framebuf_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, framebuf_device_t)
-')
-
-########################################
-## <summary>
-##	Read the kernel messages
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_kmsg',`
-	gen_require(`
-		type device_t, kmsg_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, kmsg_device_t)
-')
-
-########################################
-## <summary>
-##	Write to the kernel messages device
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_write_kmsg',`
-	gen_require(`
-		type device_t, kmsg_device_t;
-	')
-
-	write_chr_files_pattern($1, device_t, kmsg_device_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the ksm devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_ksm_dev',`
-	gen_require(`
-		type device_t, ksm_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, ksm_device_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes of the ksm devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_ksm_dev',`
-	gen_require(`
-		type device_t, ksm_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, ksm_device_t)
-')
-
-########################################
-## <summary>
-##	Read the ksm devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_ksm',`
-	gen_require(`
-		type device_t, ksm_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, ksm_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write to ksm devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_ksm',`
-	gen_require(`
-		type device_t, ksm_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, ksm_device_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the kvm devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_kvm_dev',`
-	gen_require(`
-		type device_t, kvm_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, kvm_device_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes of the kvm devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_kvm_dev',`
-	gen_require(`
-		type device_t, kvm_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, kvm_device_t)
-')
-
-########################################
-## <summary>
-##	Read the kvm devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_kvm',`
-	gen_require(`
-		type device_t, kvm_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, kvm_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write to kvm devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_kvm',`
-	gen_require(`
-		type device_t, kvm_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, kvm_device_t)
-')
-
-######################################
-## <summary>
-##	Read the lirc device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_lirc',`
-	gen_require(`
-		type device_t, lirc_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, lirc_device_t)
-')
-
-######################################
-## <summary>
-##	Read and write the lirc device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_lirc',`
-	gen_require(`
-		type device_t, lirc_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, lirc_device_t)
-')
-
-######################################
-## <summary>
-##	Automatic type transition to the type
-##	for lirc device nodes when created in /dev.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_filetrans_lirc',`
-	gen_require(`
-		type device_t, lirc_device_t;
-	')
-
-	filetrans_pattern($1, device_t, lirc_device_t, chr_file)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the lvm comtrol device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_lvm_control',`
-	gen_require(`
-		type device_t, lvm_control_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, lvm_control_t)
-')
-
-########################################
-## <summary>
-##	Read the lvm comtrol device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_lvm_control',`
-	gen_require(`
-		type device_t, lvm_control_t;
-	')
-
-	read_chr_files_pattern($1, device_t, lvm_control_t)
-')
-
-########################################
-## <summary>
-##	Read and write the lvm control device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_lvm_control',`
-	gen_require(`
-		type device_t, lvm_control_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, lvm_control_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write lvm control device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_rw_lvm_control',`
-	gen_require(`
-		type lvm_control_t;
-	')
-
-	dontaudit $1 lvm_control_t:chr_file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Delete the lvm control device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_delete_lvm_control_dev',`
-	gen_require(`
-		type device_t, lvm_control_t;
-	')
-
-	delete_chr_files_pattern($1, device_t, lvm_control_t)
-')
-
-########################################
-## <summary>
-##	dontaudit getattr raw memory devices (e.g. /dev/mem).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_getattr_memory_dev',`
-	gen_require(`
-		type memory_device_t;
-	')
-
-	dontaudit $1 memory_device_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Read raw memory devices (e.g. /dev/mem).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_raw_memory',`
-	gen_require(`
-		type device_t, memory_device_t;
-		attribute memory_raw_read;
-	')
-
-	read_chr_files_pattern($1, device_t, memory_device_t)
-
-	allow $1 self:capability sys_rawio;
-	typeattribute $1 memory_raw_read;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read raw memory devices
-##	(e.g. /dev/mem).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_read_raw_memory',`
-	gen_require(`
-		type memory_device_t;
-	')
-
-	dontaudit $1 memory_device_t:chr_file read_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Write raw memory devices (e.g. /dev/mem).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_write_raw_memory',`
-	gen_require(`
-		type device_t, memory_device_t;
-		attribute memory_raw_write;
-	')
-
-	write_chr_files_pattern($1, device_t, memory_device_t)
-
-	allow $1 self:capability sys_rawio;
-	typeattribute $1 memory_raw_write;
-')
-
-########################################
-## <summary>
-##	Read and execute raw memory devices (e.g. /dev/mem).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rx_raw_memory',`
-	gen_require(`
-		type device_t, memory_device_t;
-	')
-
-	dev_read_raw_memory($1)
-	allow $1 memory_device_t:chr_file execute;
-')
-
-########################################
-## <summary>
-##	Write and execute raw memory devices (e.g. /dev/mem).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_wx_raw_memory',`
-	gen_require(`
-		type device_t, memory_device_t;
-	')
-
-	dev_write_raw_memory($1)
-	allow $1 memory_device_t:chr_file execute;
-')
-
-########################################
-## <summary>
-##	Get the attributes of miscellaneous devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_misc_dev',`
-	gen_require(`
-		type device_t, misc_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, misc_device_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of miscellaneous devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_getattr_misc_dev',`
-	gen_require(`
-		type misc_device_t;
-	')
-
-	dontaudit $1 misc_device_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Set the attributes of miscellaneous devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_misc_dev',`
-	gen_require(`
-		type device_t, misc_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, misc_device_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to set the attributes
-##	of miscellaneous devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_setattr_misc_dev',`
-	gen_require(`
-		type misc_device_t;
-	')
-
-	dontaudit $1 misc_device_t:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Read miscellaneous devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_misc',`
-	gen_require(`
-		type device_t, misc_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, misc_device_t)
-')
-
-########################################
-## <summary>
-##	Write miscellaneous devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_write_misc',`
-	gen_require(`
-		type device_t, misc_device_t;
-	')
-
-	write_chr_files_pattern($1, device_t, misc_device_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write miscellaneous devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_rw_misc',`
-	gen_require(`
-		type misc_device_t;
-	')
-
-	dontaudit $1 misc_device_t:chr_file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Get the attributes of the modem devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_modem_dev',`
-	gen_require(`
-		type device_t, modem_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, modem_device_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes of the modem devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_modem_dev',`
-	gen_require(`
-		type device_t, modem_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, modem_device_t)
-')
-
-########################################
-## <summary>
-##	Read the modem devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_modem',`
-	gen_require(`
-		type device_t, modem_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, modem_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write to modem devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_modem',`
-	gen_require(`
-		type device_t, modem_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, modem_device_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the mouse devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_mouse_dev',`
-	gen_require(`
-		type device_t, mouse_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, mouse_device_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes of the mouse devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_mouse_dev',`
-	gen_require(`
-		type device_t, mouse_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, mouse_device_t)
-')
-
-########################################
-## <summary>
-##	Read the mouse devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_mouse',`
-	gen_require(`
-		type device_t, mouse_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, mouse_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write to mouse devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_mouse',`
-	gen_require(`
-		type device_t, mouse_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, mouse_device_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the memory type range
-##	registers (MTRR) device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_mtrr_dev',`
-	gen_require(`
-		type device_t, mtrr_device_t;
-	')
-
-	getattr_files_pattern($1, device_t, mtrr_device_t)
-	getattr_chr_files_pattern($1, device_t, mtrr_device_t)
-')
-
-########################################
-## <summary>
-##	Read the memory type range
-##	registers (MTRR).  (Deprecated)
-## </summary>
-## <desc>
-##	<p>
-##	Read the memory type range
-##	registers (MTRR).  This interface has
-##	been deprecated, dev_rw_mtrr() should be
-##	used instead.
-##	</p>
-##	<p>
-##	The MTRR device ioctls can be used for
-##	reading and writing; thus, read access to the
-##	device cannot be separated from write access.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_mtrr',`
-	refpolicywarn(`$0($*) has been replaced with dev_rw_mtrr().')
-	dev_rw_mtrr($1)
-')
-
-########################################
-## <summary>
-##	Write the memory type range
-##	registers (MTRR).  (Deprecated)
-## </summary>
-## <desc>
-##	<p>
-##	Write the memory type range
-##	registers (MTRR).  This interface has
-##	been deprecated, dev_rw_mtrr() should be
-##	used instead.
-##	</p>
-##	<p>
-##	The MTRR device ioctls can be used for
-##	reading and writing; thus, write access to the
-##	device cannot be separated from read access.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_write_mtrr',`
-	refpolicywarn(`$0($*) has been replaced with dev_rw_mtrr().')
-	dev_rw_mtrr($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write the memory type
-##	range registers (MTRR).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_write_mtrr',`
-	gen_require(`
-		type mtrr_device_t;
-	')
-
-	dontaudit $1 mtrr_device_t:file write;
-	dontaudit $1 mtrr_device_t:chr_file write;
-')
-
-########################################
-## <summary>
-##	Read and write the memory type range registers (MTRR).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_mtrr',`
-	gen_require(`
-		type device_t, mtrr_device_t;
-	')
-
-	rw_files_pattern($1, device_t, mtrr_device_t)
-	rw_chr_files_pattern($1, device_t, mtrr_device_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the network control device
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_netcontrol_dev',`
-	gen_require(`
-		type device_t, netcontrol_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, netcontrol_device_t)
-')
-
-########################################
-## <summary>
-##	Read the network control identity.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_netcontrol',`
-	gen_require(`
-		type device_t, netcontrol_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, netcontrol_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write the the network control device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_netcontrol',`
-	gen_require(`
-		type device_t, netcontrol_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, netcontrol_device_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the null device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_null_dev',`
-	gen_require(`
-		type device_t, null_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, null_device_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes of the null device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_null_dev',`
-	gen_require(`
-		type device_t, null_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, null_device_t)
-')
-
-########################################
-## <summary>
-##	Delete the null device (/dev/null).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_delete_null',`
-	gen_require(`
-		type device_t, null_device_t;
-	')
-
-	delete_chr_files_pattern($1, device_t, null_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write to the null device (/dev/null).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_null',`
-	gen_require(`
-		type device_t, null_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, null_device_t)
-')
-
-########################################
-## <summary>
-##	Create the null device (/dev/null).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_create_null_dev',`
-	gen_require(`
-		type device_t, null_device_t;
-	')
-
-	create_chr_files_pattern($1, device_t, null_device_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of the BIOS non-volatile RAM device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_getattr_nvram_dev',`
-	gen_require(`
-		type nvram_device_t;
-	')
-
-	dontaudit $1 nvram_device_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Read and write BIOS non-volatile RAM.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_nvram',`
-	gen_require(`
-		type nvram_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, nvram_device_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the printer device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_printer_dev',`
-	gen_require(`
-		type device_t, printer_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, printer_device_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes of the printer device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_printer_dev',`
-	gen_require(`
-		type device_t, printer_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, printer_device_t)
-')
-
-########################################
-## <summary>
-##	Append the printer device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for lpd/checkpc_t
-interface(`dev_append_printer',`
-	gen_require(`
-		type device_t, printer_device_t;
-	')
-
-	append_chr_files_pattern($1, device_t, printer_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write the printer device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_printer',`
-	gen_require(`
-		type device_t, printer_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, printer_device_t)
-')
-
-########################################
-## <summary>
-##	Read printk devices (e.g., /dev/kmsg /dev/mcelog)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_printk',`
-	gen_require(`
-		type device_t, printk_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, printk_device_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the QEMU
-##	microcode and id interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_qemu_dev',`
-	gen_require(`
-		type device_t, qemu_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, qemu_device_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes of the QEMU
-##	microcode and id interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_qemu_dev',`
-	gen_require(`
-		type device_t, qemu_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, qemu_device_t)
-')
-
-########################################
-## <summary>
-##	Read the QEMU device
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_qemu',`
-	gen_require(`
-		type device_t, qemu_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, qemu_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write the the QEMU device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_qemu',`
-	gen_require(`
-		type device_t, qemu_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, qemu_device_t)
-')
-
-########################################
-## <summary>
-##	Read from random number generator
-##	devices (e.g., /dev/random).
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to read from random number
-##	generator devices (e.g., /dev/random).  Typically this is
-##	used in situations when a cryptographically secure random
-##	number is needed.
-##	</p>
-##	<p>
-##	Related interface:
-##	</p>
-##	<ul>
-##		<li>dev_read_urand()</li>
-##	</ul>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`dev_read_rand',`
-	gen_require(`
-		type device_t, random_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, random_device_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read from random
-##	number generator devices (e.g., /dev/random)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_read_rand',`
-	gen_require(`
-		type random_device_t;
-	')
-
-	dontaudit $1 random_device_t:chr_file { getattr read };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to append to random
-##	number generator devices (e.g., /dev/random)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_append_rand',`
-	gen_require(`
-		type random_device_t;
-	')
-
-	dontaudit $1 random_device_t:chr_file append_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Write to the random device (e.g., /dev/random). This adds
-##	entropy used to generate the random data read from the
-##	random device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_write_rand',`
-	gen_require(`
-		type device_t, random_device_t;
-	')
-
-	write_chr_files_pattern($1, device_t, random_device_t)
-')
-
-########################################
-## <summary>
-##	Read the realtime clock (/dev/rtc).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_realtime_clock',`
-	gen_require(`
-		type device_t, clock_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, clock_device_t)
-')
-
-########################################
-## <summary>
-##	Set the realtime clock (/dev/rtc).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_write_realtime_clock',`
-	gen_require(`
-		type device_t, clock_device_t;
-	')
-
-	write_chr_files_pattern($1, device_t, clock_device_t)
-
-	allow $1 clock_device_t:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Read and set the realtime clock (/dev/rtc).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_realtime_clock',`
-	dev_read_realtime_clock($1)
-	dev_write_realtime_clock($1)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the scanner device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_scanner_dev',`
-	gen_require(`
-		type device_t, scanner_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, scanner_device_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes of
-##	the scanner device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_getattr_scanner_dev',`
-	gen_require(`
-		type scanner_device_t;
-	')
-
-	dontaudit $1 scanner_device_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Set the attributes of the scanner device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_scanner_dev',`
-	gen_require(`
-		type device_t, scanner_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, scanner_device_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to set the attributes of
-##	the scanner device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_setattr_scanner_dev',`
-	gen_require(`
-		type scanner_device_t;
-	')
-
-	dontaudit $1 scanner_device_t:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Read and write the scanner device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_scanner',`
-	gen_require(`
-		type device_t, scanner_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, scanner_device_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the sound devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_sound_dev',`
-	gen_require(`
-		type device_t, sound_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, sound_device_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes of the sound devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_sound_dev',`
-	gen_require(`
-		type device_t, sound_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, sound_device_t)
-')
-
-########################################
-## <summary>
-##	Read the sound devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_sound',`
-	gen_require(`
-		type device_t, sound_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, sound_device_t)
-')
-
-########################################
-## <summary>
-##	Write the sound devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_write_sound',`
-	gen_require(`
-		type device_t, sound_device_t;
-	')
-
-	write_chr_files_pattern($1, device_t, sound_device_t)
-')
-
-########################################
-## <summary>
-##	Read the sound mixer devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_sound_mixer',`
-	gen_require(`
-		type device_t, sound_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, sound_device_t)
-')
-
-########################################
-## <summary>
-##	Write the sound mixer devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_write_sound_mixer',`
-	gen_require(`
-		type device_t, sound_device_t;
-	')
-
-	write_chr_files_pattern($1, device_t, sound_device_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the the power management device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_power_mgmt_dev',`
-	gen_require(`
-		type device_t, power_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, power_device_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes of the the power management device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_power_mgmt_dev',`
-	gen_require(`
-		type device_t, power_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, power_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write the the power management device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_power_management',`
-	gen_require(`
-		type device_t, power_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, power_device_t)
-')
-
-########################################
-## <summary>
-##	Getattr on smartcard devices
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_smartcard_dev',`
-	gen_require(`
-		type smartcard_device_t;
-	')
-
-	allow $1 smartcard_device_t:chr_file getattr;
-
-')
-
-########################################
-## <summary>
-##	dontaudit getattr on smartcard devices
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_getattr_smartcard_dev',`
-	gen_require(`
-		type smartcard_device_t;
-	')
-
-	dontaudit $1 smartcard_device_t:chr_file getattr;
-
-')
-
-########################################
-## <summary>
-##	Read and write smartcard devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_smartcard',`
-	gen_require(`
-		type device_t, smartcard_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, smartcard_device_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete smartcard devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_manage_smartcard',`
-	gen_require(`
-		type device_t, smartcard_device_t;
-	')
-
-	manage_chr_files_pattern($1, device_t, smartcard_device_t)
-')
-
-########################################
-## <summary>
-##	Associate a file to a sysfs filesystem.
-## </summary>
-## <param name="file_type">
-##	<summary>
-##	The type of the file to be associated to sysfs.
-##	</summary>
-## </param>
-#
-interface(`dev_associate_sysfs',`
-	gen_require(`
-		type sysfs_t;
-	')
-
-	allow $1 sysfs_t:filesystem associate;
-')
-
-########################################
-## <summary>
-##	Get the attributes of sysfs directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_sysfs_dirs',`
-	gen_require(`
-		type sysfs_t;
-	')
-
-	allow $1 sysfs_t:dir getattr_dir_perms;
-')
-
-########################################
-## <summary>
-##	Search the sysfs directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_search_sysfs',`
-	gen_require(`
-		type sysfs_t;
-	')
-
-	search_dirs_pattern($1, sysfs_t, sysfs_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search sysfs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_search_sysfs',`
-	gen_require(`
-		type sysfs_t;
-	')
-
-	dontaudit $1 sysfs_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List the contents of the sysfs directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_list_sysfs',`
-	gen_require(`
-		type sysfs_t;
-	')
-
-	list_dirs_pattern($1, sysfs_t, sysfs_t)
-')
-
-########################################
-## <summary>
-##	Write in a sysfs directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for cpuspeed
-interface(`dev_write_sysfs_dirs',`
-	gen_require(`
-		type sysfs_t;
-	')
-
-	allow $1 sysfs_t:dir write;
-')
-
-########################################
-## <summary>
-##	Read hardware state information.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to read the contents of
-##	the sysfs filesystem.  This filesystem contains
-##	information, parameters, and other settings on the
-##	hardware installed on the system.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`dev_read_sysfs',`
-	gen_require(`
-		type sysfs_t;
-	')
-
-	read_files_pattern($1, sysfs_t, sysfs_t)
-	read_lnk_files_pattern($1, sysfs_t, sysfs_t)
-
-	list_dirs_pattern($1, sysfs_t, sysfs_t)
-')
-
-########################################
-## <summary>
-##	Allow caller to modify hardware state information.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_sysfs',`
-	gen_require(`
-		type sysfs_t;
-	')
-
-	rw_files_pattern($1, sysfs_t, sysfs_t)
-	read_lnk_files_pattern($1, sysfs_t, sysfs_t)
-
-	list_dirs_pattern($1, sysfs_t, sysfs_t)
-')
-
-########################################
-## <summary>
-##	Allow caller to modify hardware state information.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_manage_sysfs_dirs',`
-	gen_require(`
-		type sysfs_t;
-	')
-
-	manage_dirs_pattern($1, sysfs_t, sysfs_t)
-')
-
-########################################
-## <summary>
-##	Read from pseudo random number generator devices (e.g., /dev/urandom).
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to read from pseudo random number
-##	generator devices (e.g., /dev/urandom).  Typically this is
-##	used in situations when a cryptographically secure random
-##	number is not necessarily needed.  One example is the Stack
-##	Smashing Protector (SSP, formerly known as ProPolice) support
-##	that may be compiled into programs.
-##	</p>
-##	<p>
-##	Related interface:
-##	</p>
-##	<ul>
-##		<li>dev_read_rand()</li>
-##	</ul>
-##	<p>
-##	Related tunable:
-##	</p>
-##	<ul>
-##		<li>global_ssp</li>
-##	</ul>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`dev_read_urand',`
-	gen_require(`
-		type device_t, urandom_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, urandom_device_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read from pseudo
-##	random devices (e.g., /dev/urandom)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_read_urand',`
-	gen_require(`
-		type urandom_device_t;
-	')
-
-	dontaudit $1 urandom_device_t:chr_file { getattr read };
-')
-
-########################################
-## <summary>
-##	Write to the pseudo random device (e.g., /dev/urandom). This
-##	sets the random number generator seed.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_write_urand',`
-	gen_require(`
-		type device_t, urandom_device_t;
-	')
-
-	write_chr_files_pattern($1, device_t, urandom_device_t)
-')
-
-########################################
-## <summary>
-##	Getattr generic the USB devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_generic_usb_dev',`
-	gen_require(`
-		type usb_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, usb_device_t)
-')
-
-########################################
-## <summary>
-##	Setattr generic the USB devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_generic_usb_dev',`
-	gen_require(`
-		type usb_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, usb_device_t)
-')
-
-########################################
-## <summary>
-##	Read generic the USB devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_generic_usb_dev',`
-	gen_require(`
-		type usb_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, usb_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write generic the USB devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_generic_usb_dev',`
-	gen_require(`
-		type device_t, usb_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, usb_device_t)
-')
-
-########################################
-## <summary>
-##	Read USB monitor devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_usbmon_dev',`
-	gen_require(`
-		type device_t, usbmon_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, usbmon_device_t)
-')
-
-########################################
-## <summary>
-##	Write USB monitor devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_write_usbmon_dev',`
-	gen_require(`
-		type device_t, usbmon_device_t;
-	')
-
-	write_chr_files_pattern($1, device_t, usbmon_device_t)
-')
-
-########################################
-## <summary>
-##	Mount a usbfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_mount_usbfs',`
-	gen_require(`
-		type usbfs_t;
-	')
-
-	allow $1 usbfs_t:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Associate a file to a usbfs filesystem.
-## </summary>
-## <param name="file_type">
-##	<summary>
-##	The type of the file to be associated to usbfs.
-##	</summary>
-## </param>
-#
-interface(`dev_associate_usbfs',`
-	gen_require(`
-		type usbfs_t;
-	')
-
-	allow $1 usbfs_t:filesystem associate;
-')
-
-########################################
-## <summary>
-##	Get the attributes of a directory in the usb filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_usbfs_dirs',`
-	gen_require(`
-		type usbfs_t;
-	')
-
-	allow $1 usbfs_t:dir getattr_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of a directory in the usb filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_getattr_usbfs_dirs',`
-	gen_require(`
-		type usbfs_t;
-	')
-
-	dontaudit $1 usbfs_t:dir getattr_dir_perms;
-')
-
-########################################
-## <summary>
-##	Search the directory containing USB hardware information.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_search_usbfs',`
-	gen_require(`
-		type usbfs_t;
-	')
-
-	search_dirs_pattern($1, usbfs_t, usbfs_t)
-')
-
-########################################
-## <summary>
-##	Allow caller to get a list of usb hardware.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_list_usbfs',`
-	gen_require(`
-		type usbfs_t;
-	')
-
-	read_lnk_files_pattern($1, usbfs_t, usbfs_t)
-	getattr_files_pattern($1, usbfs_t, usbfs_t)
-
-	list_dirs_pattern($1, usbfs_t, usbfs_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes of usbfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_usbfs_files',`
-	gen_require(`
-		type usbfs_t;
-	')
-
-	setattr_files_pattern($1, usbfs_t, usbfs_t)
-	list_dirs_pattern($1, usbfs_t, usbfs_t)
-')
-
-########################################
-## <summary>
-##	Read USB hardware information using
-##	the usbfs filesystem interface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_usbfs',`
-	gen_require(`
-		type usbfs_t;
-	')
-
-	read_files_pattern($1, usbfs_t, usbfs_t)
-	read_lnk_files_pattern($1, usbfs_t, usbfs_t)
-	list_dirs_pattern($1, usbfs_t, usbfs_t)
-')
-
-########################################
-## <summary>
-##	Allow caller to modify usb hardware configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_usbfs',`
-	gen_require(`
-		type usbfs_t;
-	')
-
-	list_dirs_pattern($1, usbfs_t, usbfs_t)
-	rw_files_pattern($1, usbfs_t, usbfs_t)
-	read_lnk_files_pattern($1, usbfs_t, usbfs_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of video4linux devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_video_dev',`
-	gen_require(`
-		type device_t, v4l_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, v4l_device_t)
-')
-
-######################################
-## <summary>
-##	Read and write userio device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_userio_dev',`
-	gen_require(`
-		type device_t, userio_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, userio_device_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of video4linux device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_getattr_video_dev',`
-	gen_require(`
-		type v4l_device_t;
-	')
-
-	dontaudit $1 v4l_device_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Set the attributes of video4linux device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_video_dev',`
-	gen_require(`
-		type device_t, v4l_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, v4l_device_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to set the attributes
-##	of video4linux device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dev_dontaudit_setattr_video_dev',`
-	gen_require(`
-		type v4l_device_t;
-	')
-
-	dontaudit $1 v4l_device_t:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Read the video4linux devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_read_video_dev',`
-	gen_require(`
-		type device_t, v4l_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, v4l_device_t)
-')
-
-########################################
-## <summary>
-##	Write the video4linux devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_write_video_dev',`
-	gen_require(`
-		type device_t, v4l_device_t;
-	')
-
-	write_chr_files_pattern($1, device_t, v4l_device_t)
-')
-
-########################################
-## <summary>
-##	Allow read/write the vhost net device
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_vhost',`
-	gen_require(`
-		type device_t, vhost_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, vhost_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write VMWare devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_vmware',`
-	gen_require(`
-		type device_t, vmware_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, vmware_device_t)
-')
-
-########################################
-## <summary>
-##	Read, write, and mmap VMWare devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rwx_vmware',`
-	gen_require(`
-		type device_t, vmware_device_t;
-	')
-
-	dev_rw_vmware($1)
-	allow $1 vmware_device_t:chr_file execute;
-')
-
-########################################
-## <summary>
-##	Write to watchdog devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_write_watchdog',`
-	gen_require(`
-		type device_t, watchdog_device_t;
-	')
-
-	write_chr_files_pattern($1, device_t, watchdog_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write the the wireless device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_wireless',`
-	gen_require(`
-		type device_t, wireless_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, wireless_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write Xen devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_xen',`
-	gen_require(`
-		type device_t, xen_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, xen_device_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete Xen devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_manage_xen',`
-	gen_require(`
-		type device_t, xen_device_t;
-	')
-
-	manage_chr_files_pattern($1, device_t, xen_device_t)
-')
-
-########################################
-## <summary>
-##	Automatic type transition to the type
-##	for xen device nodes when created in /dev.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_filetrans_xen',`
-	gen_require(`
-		type device_t, xen_device_t;
-	')
-
-	filetrans_pattern($1, device_t, xen_device_t, chr_file)
-')
-
-########################################
-## <summary>
-##	Get the attributes of X server miscellaneous devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_getattr_xserver_misc_dev',`
-	gen_require(`
-		type device_t, xserver_misc_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, xserver_misc_device_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes of X server miscellaneous devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_setattr_xserver_misc_dev',`
-	gen_require(`
-		type device_t, xserver_misc_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, xserver_misc_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write X server miscellaneous devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_xserver_misc',`
-	gen_require(`
-		type device_t, xserver_misc_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, xserver_misc_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write to the zero device (/dev/zero).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rw_zero',`
-	gen_require(`
-		type device_t, zero_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, zero_device_t)
-')
-
-########################################
-## <summary>
-##	Read, write, and execute the zero device (/dev/zero).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_rwx_zero',`
-	gen_require(`
-		type zero_device_t;
-	')
-
-	dev_rw_zero($1)
-	allow $1 zero_device_t:chr_file execute;
-')
-
-########################################
-## <summary>
-##	Execmod the zero device (/dev/zero).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_execmod_zero',`
-	gen_require(`
-		type zero_device_t;
-	')
-
-	dev_rw_zero($1)
-	allow $1 zero_device_t:chr_file execmod;
-')
-
-########################################
-## <summary>
-##	Create the zero device (/dev/zero).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_create_zero_dev',`
-	gen_require(`
-		type device_t, zero_device_t;
-	')
-
-	create_chr_files_pattern($1, device_t, zero_device_t)
-')
-
-########################################
-## <summary>
-##	Unconfined access to devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_unconfined',`
-	gen_require(`
-		attribute devices_unconfined_type;
-	')
-
-	typeattribute $1 devices_unconfined_type;
-')
-
-########################################
-## <summary>
-##	Automatic type transition to the type
-##	for xen device nodes when created in /dev.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dev_filetrans_named_dev',`
-
-gen_require(`
-	type device_t;
-	type usb_device_t;
-	type xserver_misc_device_t;
-	type sound_device_t;
-	type apm_bios_t;
-	type mouse_device_t;
-	type autofs_device_t;
-	type lvm_control_t;
-	type clock_device_t;
-	type v4l_device_t;
-	type event_device_t;
-	type xen_device_t;
-	type framebuf_device_t;
-	type null_device_t;
-	type random_device_t;
-	type dri_device_t;
-	type ipmi_device_t;
-	type printer_device_t;
-	type memory_device_t;
-	type kmsg_device_t;
-	type qemu_device_t;
-	type ksm_device_t;
-	type kvm_device_t;
-	type lirc_device_t;
-	type cpu_device_t;
-	type dlm_control_device_t;
-	type scanner_device_t;
-	type modem_device_t;
-	type vhost_device_t;
-	type netcontrol_device_t;
-	type nvram_device_t;
-	type power_device_t;
-	type wireless_device_t;
-	type tpm_device_t;
-	type userio_device_t;
-	type urandom_device_t;
-	type usbmon_device_t;
-	type vmware_device_t;
-	type watchdog_device_t;
-	type crypt_device_t;
-	type zero_device_t;
-	type smartcard_device_t;
-	type mtrr_device_t;
-')
-
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, 0)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, 1)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, 2)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, 3)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, 4)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, 5)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, 6)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, 7)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, 8)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, 9)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, 3dfx)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi0)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi1)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi2)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi3)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi4)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi5)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi6)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi7)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi8)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi9)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp0)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp1)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp2)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp3)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp4)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp5)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp6)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp7)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp8)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp9)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload0)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload1)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload2)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload3)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload4)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload5)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload6)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload7)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload8)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload9)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi0)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi1)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi2)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi3)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi4)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi5)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi6)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi7)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi8)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi9)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer0)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer1)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer2)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer3)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer4)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer5)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer6)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer7)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer8)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer9)
-	filetrans_pattern($1, device_t, apm_bios_t, chr_file, apm_bios)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, atibm)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio0)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio1)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio2)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio3)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio4)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio5)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio6)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio7)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio8)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio9)
-	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs0)
-	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs1)
-	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs2)
-	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs3)
-	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs4)
-	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs5)
-	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs6)
-	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs7)
-	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs8)
-	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs9)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, beep)
-	filetrans_pattern($1, device_t, lvm_control_t, chr_file, btrfs-control)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, controlD64)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmfm)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi0)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi1)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi2)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi3)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi4)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi5)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi6)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi7)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi8)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi9)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp0)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp1)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp2)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp3)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp4)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp5)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp6)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp7)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp8)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp9)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, efirtc)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, e2201)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83000)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83001)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83002)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83003)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83004)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83005)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83006)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83007)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83008)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83009)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, event0)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, event1)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, event2)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, event3)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, event4)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, event5)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, event6)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, event7)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, event8)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, event9)
-	filetrans_pattern($1, device_t, xen_device_t, chr_file, evtchn)
-	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb0)
-	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb1)
-	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb2)
-	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb3)
-	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb4)
-	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb5)
-	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb6)
-	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb7)
-	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb8)
-	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb9)
-	filetrans_pattern($1, device_t, null_device_t, chr_file, full)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw0)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw1)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw2)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw3)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw4)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw5)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw6)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw7)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw8)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw9)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, gfx)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, graphics)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc0)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc1)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc2)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc3)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc4)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc5)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc6)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc7)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc8)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc9)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, hfmodem)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev0)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev1)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev2)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev3)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev4)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev5)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev6)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev7)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev8)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev9)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw0)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw1)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw2)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw3)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw4)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw5)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw6)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw7)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw8)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw9)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, hpet)
-	filetrans_pattern($1, device_t, random_device_t, chr_file, hw_random)
-	filetrans_pattern($1, device_t, random_device_t, chr_file, hwrng)
-	filetrans_pattern($1, device_t, dri_device_t, chr_file, i915)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, inportbm)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi0)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi1)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi2)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi3)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi4)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi5)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi6)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi7)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi8)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi9)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 0)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 1)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 2)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 3)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 4)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 5)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 6)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 7)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 8)
-	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 9)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt0)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt1)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt2)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt3)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt4)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt5)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt6)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt7)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt8)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt9)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, jbm)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js0)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js1)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js2)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js3)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js4)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js5)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js6)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js7)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js8)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js9)
-	filetrans_pattern($1, device_t, memory_device_t, chr_file, kmem)
-	filetrans_pattern($1, device_t, kmsg_device_t, chr_file, kmsg)
-	filetrans_pattern($1, device_t, qemu_device_t, chr_file, kqemu)
-	filetrans_pattern($1, device_t, ksm_device_t, chr_file, ksm)
-	filetrans_pattern($1, device_t, kvm_device_t, chr_file, kvm)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, lik0)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, lik1)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, lik2)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, lik3)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, lik4)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, lik5)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, lik6)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, lik7)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, lik8)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, lik9)
-	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc0)
-	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc1)
-	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc2)
-	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc3)
-	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc4)
-	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc5)
-	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc6)
-	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc7)
-	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc8)
-	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc9)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, lircm)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, logibm)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp0)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp1)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp2)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp3)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp4)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp5)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp6)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp7)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp8)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp9)
-	filetrans_pattern($1, device_t, kmsg_device_t, chr_file, mcelog)
-	filetrans_pattern($1, device_t, memory_device_t, chr_file, mem)
-	filetrans_pattern($1, device_t, memory_device_t, chr_file, mergemem)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid0)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid1)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid2)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid3)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid4)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid5)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid6)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid7)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid8)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid9)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, mice)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, microcode)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi0)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi1)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi2)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi3)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi4)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi5)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi6)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi7)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi8)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi9)
-	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm0)
-	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm1)
-	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm2)
-	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm3)
-	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm4)
-	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm5)
-	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm6)
-	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm7)
-	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm8)
-	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm9)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer0)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer1)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer2)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer3)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer4)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer5)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer6)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer7)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer8)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer9)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mmetfgrab)
-	filetrans_pattern($1, device_t, modem_device_t, chr_file, modem)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4010)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4011)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4012)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4013)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4014)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4015)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4016)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4017)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4018)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4019)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr0)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr1)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr2)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr3)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr4)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr5)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr6)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr7)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr8)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr9)
-	filetrans_pattern($1, device_t, vhost_device_t, chr_file, vhost)
-	filetrans_pattern($1, device_t, netcontrol_device_t, chr_file, network_latency)
-	filetrans_pattern($1, device_t, netcontrol_device_t, chr_file, network_throughput)
-	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz0)
-	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz1)
-	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz2)
-	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz3)
-	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz4)
-	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz5)
-	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz6)
-	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz7)
-	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz8)
-	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz9)
-	filetrans_pattern($1, device_t, null_device_t, chr_file, null)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia0)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia1)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia2)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia3)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia4)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia5)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia6)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia7)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia8)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia9)
-	filetrans_pattern($1, device_t, nvram_device_t, chr_file, nvram)
-	filetrans_pattern($1, device_t, memory_device_t, chr_file, oldmem)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, opengl)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, par0)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, par1)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, par2)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, par3)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, par4)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, par5)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, par6)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, par7)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, par8)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, par9)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, patmgr[01])
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, pc110pad)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock0)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock1)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock2)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock3)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock4)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock5)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock6)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock7)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock8)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock9)
-	filetrans_pattern($1, device_t, power_device_t, chr_file, pmu)
-	filetrans_pattern($1, device_t, memory_device_t, chr_file, port)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps0)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps1)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps2)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps3)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps4)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps5)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps6)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps7)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps8)
-	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps9)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi0)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi1)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi2)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi3)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi4)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi5)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi6)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi7)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi8)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi9)
-	filetrans_pattern($1, device_t, dri_device_t, chr_file, radeon)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio0)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio1)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio2)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio3)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio4)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio5)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio6)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio7)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio8)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio9)
-	filetrans_pattern($1, device_t, random_device_t, chr_file, random)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13940)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13941)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13942)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13943)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13944)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13945)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13946)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13947)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13948)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13949)
-	filetrans_pattern($1, device_t, wireless_device_t, chr_file, rfkill)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, sequencer)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, sequencer2)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte0)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte1)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte2)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte3)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte4)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte5)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte6)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte7)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte8)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte9)
-	filetrans_pattern($1, device_t, power_device_t, chr_file, smu)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, srnd[0-7])
-	filetrans_pattern($1, device_t, apm_bios_t, chr_file, snapshot)
-	filetrans_pattern($1, device_t, sound_device_t, chr_file, sndstat)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, sonypi)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, tlk[0-3])
-	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm0)
-	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm1)
-	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm2)
-	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm3)
-	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm4)
-	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm5)
-	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm6)
-	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm7)
-	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm8)
-	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm9)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, uinput)
-	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio0)
-	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio1)
-	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio2)
-	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio3)
-	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio4)
-	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio5)
-	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio6)
-	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio7)
-	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio8)
-	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio9)
-	filetrans_pattern($1, device_t, urandom_device_t, chr_file, urandom)
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, ub[a-c])
-	filetrans_pattern($1, device_t, usb_device_t, chr_file, usb.+)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp0)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp1)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp2)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp3)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp4)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp5)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp6)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp7)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp8)
-	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp9)
-	filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon.+)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, usbscanner)
-	filetrans_pattern($1, device_t, vhost_device_t, chr_file, vhost-net)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi0)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi1)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi2)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi3)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi4)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi5)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi6)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi7)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi8)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi9)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox0)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox1)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox2)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox3)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox4)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox5)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox6)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox7)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox8)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox9)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vga_arbiter)
-	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmmon)
-	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet0)
-	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet1)
-	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet2)
-	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet3)
-	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet4)
-	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet5)
-	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet6)
-	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet7)
-	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet8)
-	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet9)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video0)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video1)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video2)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video3)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video4)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video5)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video6)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video7)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video8)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video9)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, vrtpanel)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vttuner)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx0)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx1)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx2)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx3)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx4)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx5)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx6)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx7)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx8)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx9)
-	filetrans_pattern($1, device_t, watchdog_device_t, chr_file, watchdog)
-	filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio.)
-	filetrans_pattern($1, device_t, crypt_device_t, chr_file, z90crypt)
-	filetrans_pattern($1, device_t, zero_device_t, chr_file, zero)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card0)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card1)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card2)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card3)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card4)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card5)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card6)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card7)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card8)
-	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card9)
-	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx0)
-	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx1)
-	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx2)
-	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx3)
-	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx4)
-	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx5)
-	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx6)
-	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx7)
-	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx8)
-	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx9)
-	filetrans_pattern($1, device_t, netcontrol_device_t, chr_file, cpu_dma_latency)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu0)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu1)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu2)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu3)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu4)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu5)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu6)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu7)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu8)
-	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu9)
-	filetrans_pattern($1, device_t, mtrr_device_t, chr_file, mtrr)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor0)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor1)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor2)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor3)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor4)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor5)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor6)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor7)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor8)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor9)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m0)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m1)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m2)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m3)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m4)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m5)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m6)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m7)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m8)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m9)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard0)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard1)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard2)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard3)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard4)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard5)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard6)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard7)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard8)
-	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard9)
-	filetrans_pattern($1, device_t, lvm_control_t, chr_file, control)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, ucb1x00)
-	filetrans_pattern($1, device_t, mouse_device_t, chr_file, mk712)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx0)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx1)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx2)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx3)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx4)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx5)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx6)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx7)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx8)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx9)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8000)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8001)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8002)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8003)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8004)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8005)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8006)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8007)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8008)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8009)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner0)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner1)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner2)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner3)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner4)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner5)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner6)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner7)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner8)
-	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner9)
-	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap0)
-	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap1)
-	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap2)
-	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap3)
-	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap4)
-	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap5)
-	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap6)
-	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap7)
-	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap8)
-	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap9)
-')
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
deleted file mode 100644
index 20c2d34..0000000
--- a/policy/modules/kernel/devices.te
+++ /dev/null
@@ -1,309 +0,0 @@
-policy_module(devices, 1.10.2)
-
-########################################
-#
-# Declarations
-#
-
-attribute device_node;
-attribute memory_raw_read;
-attribute memory_raw_write;
-attribute devices_unconfined_type;
-
-#
-# device_t is the type of /dev.
-#
-type device_t;
-fs_associate_tmpfs(device_t)
-files_type(device_t)
-files_mountpoint(device_t)
-files_associate_tmp(device_t)
-fs_type(device_t)
-fs_use_trans devtmpfs gen_context(system_u:object_r:device_t,s0);
-
-#
-# Type for /dev/agpgart
-#
-type agp_device_t;
-dev_node(agp_device_t)
-
-#
-# Type for /dev/apm_bios
-#
-type apm_bios_t;
-dev_node(apm_bios_t)
-
-#
-# Type for /dev/autofs
-#
-type autofs_device_t;
-dev_node(autofs_device_t)
-
-type cardmgr_dev_t;
-dev_node(cardmgr_dev_t)
-files_tmp_file(cardmgr_dev_t)
-
-#
-# clock_device_t is the type of
-# /dev/rtc.
-#
-type clock_device_t;
-dev_node(clock_device_t)
-
-#
-# cpu control devices /dev/cpu/0/*
-#
-type cpu_device_t;
-dev_node(cpu_device_t)
-
-# for the IBM zSeries z90crypt hardware ssl accelorator
-type crypt_device_t;
-dev_node(crypt_device_t)
-
-#
-# dlm_misc_device_t is the type of /dev/misc/dlm.*
-#
-type dlm_control_device_t;
-dev_node(dlm_control_device_t)
-
-type dri_device_t;
-dev_node(dri_device_t)
-
-type event_device_t;
-dev_node(event_device_t)
-
-#
-# Type for framebuffer /dev/fb/*
-#
-type framebuf_device_t;
-dev_node(framebuf_device_t)
-
-#
-# Type for /dev/ipmi/0
-#
-type ipmi_device_t;
-dev_node(ipmi_device_t)
-
-#
-# Type for /dev/kmsg
-#
-type kmsg_device_t;
-dev_node(kmsg_device_t)
-
-#
-# ksm_device_t is the type of /dev/ksm
-#
-type ksm_device_t;
-dev_node(ksm_device_t)
-
-#
-# kvm_device_t is the type of
-# /dev/kvm
-#
-type kvm_device_t;
-dev_node(kvm_device_t)
-mls_trusted_object(kvm_device_t)
-
-#
-# Type for /dev/lirc
-#
-type lirc_device_t;
-dev_node(lirc_device_t)
-
-#
-# Type for /dev/mapper/control
-#
-type lvm_control_t;
-dev_node(lvm_control_t)
-
-#
-# memory_device_t is the type of /dev/kmem,
-# /dev/mem and /dev/port.
-#
-type memory_device_t;
-dev_node(memory_device_t)
-
-neverallow ~{ memory_raw_read devices_unconfined_type } memory_device_t:{ chr_file blk_file } read;
-neverallow ~{ memory_raw_write devices_unconfined_type } memory_device_t:{ chr_file blk_file } { append write };
-
-type misc_device_t;
-dev_node(misc_device_t)
-
-#
-# A general type for modem devices.
-#
-type modem_device_t;
-dev_node(modem_device_t)
-
-#
-# A more general type for mouse devices.
-#
-type mouse_device_t;
-dev_node(mouse_device_t)
-
-#
-# Type for /dev/cpu/mtrr and /proc/mtrr
-#
-type mtrr_device_t;
-dev_node(mtrr_device_t)
-genfscon proc /mtrr gen_context(system_u:object_r:mtrr_device_t,s0)
-
-#
-# network control devices
-#
-type netcontrol_device_t;
-dev_node(netcontrol_device_t)
-
-#
-# null_device_t is the type of /dev/null.
-#
-type null_device_t;
-dev_node(null_device_t)
-mls_trusted_object(null_device_t)
-sid devnull gen_context(system_u:object_r:null_device_t,s0)
-
-#
-# Type for /dev/nvram
-#
-type nvram_device_t;
-dev_node(nvram_device_t)
-
-#
-# Type for /dev/pmu
-#
-type power_device_t;
-dev_node(power_device_t)
-
-type printer_device_t;
-dev_node(printer_device_t)
-mls_file_write_within_range(printer_device_t)
-
-#
-# qemu control devices
-#
-type qemu_device_t;
-dev_node(qemu_device_t)
-
-#
-# random_device_t is the type of /dev/random
-#
-type random_device_t;
-dev_node(random_device_t)
-
-type scanner_device_t;
-dev_node(scanner_device_t)
-
-#
-# Type for smartcards
-#
-type smartcard_device_t;
-dev_node(smartcard_device_t)
-
-#
-# Type for sound devices and mixers
-#
-type sound_device_t;
-dev_node(sound_device_t)
-
-#
-# sysfs_t is the type for the /sys pseudofs
-#
-type sysfs_t;
-files_mountpoint(sysfs_t)
-fs_type(sysfs_t)
-genfscon sysfs / gen_context(system_u:object_r:sysfs_t,s0)
-
-#
-# Type for /dev/tpm
-#
-type tpm_device_t;
-dev_node(tpm_device_t)
-
-#
-# urandom_device_t is the type of /dev/urandom
-#
-type urandom_device_t;
-dev_node(urandom_device_t)
-
-#
-# usbfs_t is the type for the /proc/bus/usb pseudofs
-#
-type usbfs_t alias usbdevfs_t;
-files_mountpoint(usbfs_t)
-fs_noxattr_type(usbfs_t)
-genfscon usbfs / gen_context(system_u:object_r:usbfs_t,s0)
-genfscon usbdevfs / gen_context(system_u:object_r:usbfs_t,s0)
-
-#
-# usb_device_t is the type for /dev/bus/usb/[0-9]+/[0-9]+
-#
-type usb_device_t;
-dev_node(usb_device_t)
-
-#
-# usb_device_t is the type for /dev/usbmon
-#
-type usbmon_device_t;
-dev_node(usbmon_device_t)
-
-#
-# userio_device_t is the type for /dev/uio[0-9]+
-#
-type userio_device_t;
-dev_node(userio_device_t)
-
-type v4l_device_t;
-dev_node(v4l_device_t)
-
-#
-# vhost_device_t is the type for /dev/vhost-net
-#
-type vhost_device_t;
-dev_node(vhost_device_t)
-
-# Type for vmware devices.
-type vmware_device_t;
-dev_node(vmware_device_t)
-
-type watchdog_device_t;
-dev_node(watchdog_device_t)
-
-#
-# wireless control devices
-#
-type wireless_device_t;
-dev_node(wireless_device_t)
-
-type xen_device_t;
-dev_node(xen_device_t)
-
-type xserver_misc_device_t;
-dev_node(xserver_misc_device_t)
-
-#
-# zero_device_t is the type of /dev/zero.
-#
-type zero_device_t;
-dev_node(zero_device_t)
-mls_trusted_object(zero_device_t)
-
-########################################
-#
-# Rules for all device nodes
-#
-
-allow device_node device_t:filesystem associate;
-
-fs_associate(device_node)
-fs_associate_tmpfs(device_node)
-
-files_associate_tmp(device_node)
-
-########################################
-#
-# Unconfined access to this module
-#
-
-allow devices_unconfined_type self:capability sys_rawio;
-allow devices_unconfined_type device_node:{ blk_file chr_file lnk_file } *;
-allow devices_unconfined_type mtrr_device_t:file *;
diff --git a/policy/modules/kernel/domain.fc b/policy/modules/kernel/domain.fc
deleted file mode 100644
index 7be4ddf..0000000
--- a/policy/modules/kernel/domain.fc
+++ /dev/null
@@ -1 +0,0 @@
-# This module currently does not have any file contexts.
diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
deleted file mode 100644
index 0d8458a..0000000
--- a/policy/modules/kernel/domain.if
+++ /dev/null
@@ -1,1513 +0,0 @@
-## <summary>Core policy for domains.</summary>
-## <required val="true">
-##	Contains the concept of a domain.
-## </required>
-
-########################################
-## <summary>
-##	Make the specified type usable as a basic domain.
-## </summary>
-## <desc>
-##	<p>
-##	Make the specified type usable as a basic domain.
-##	</p>
-##	<p>
-##	This is primarily used for kernel threads;
-##	generally the domain_type() interface is
-##	more appropriate for userland processes.
-##	</p>
-## </desc>
-## <param name="type">
-##	<summary>
-##	Type to be used as a basic domain type.
-##	</summary>
-## </param>
-#
-interface(`domain_base_type',`
-	gen_require(`
-		attribute domain;
-	')
-
-	typeattribute $1 domain;
-')
-
-########################################
-## <summary>
-##	Make the specified type usable as a domain.
-## </summary>
-## <desc>
-##	<p>
-##	Make the specified type usable as a domain.  This,
-##	or an interface that calls this interface, must be
-##	used on all types that are used as domains.
-##	</p>
-##	<p>
-##	Related interfaces:
-##	</p>
-##	<ul>
-##		<li>application_domain()</li>
-##		<li>init_daemon_domain()</li>
-##		<li>init_domaion()</li>
-##		<li>init_ranged_daemon_domain()</li>
-##		<li>init_ranged_domain()</li>
-##		<li>init_ranged_system_domain()</li>
-##		<li>init_script_domain()</li>
-##		<li>init_system_domain()</li>
-##	</ul>
-##	<p>
-##	Example:
-##	</p>
-##	<p>
-##	type mydomain_t;
-##	domain_type(mydomain_t)
-##	type myfile_t;
-##	files_type(myfile_t)
-##	allow mydomain_t myfile_t:file read_file_perms;
-##	</p>
-## </desc>
-## <param name="type">
-##	<summary>
-##	Type to be used as a domain type.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`domain_type',`
-	# start with basic domain
-	domain_base_type($1)
-
-	ifdef(`distro_redhat',`
-		optional_policy(`
-			unconfined_use_fds($1)
-		')
-	')
-
-	# send init a sigchld and signull
-	optional_policy(`
-		init_sigchld($1)
-		init_signull($1)
-	')
-
-	# these seem questionable:
-
-	optional_policy(`
-		rpm_use_fds($1)
-		rpm_read_pipes($1)
-	')
-
-	optional_policy(`
-		selinux_dontaudit_getattr_fs($1)
-		selinux_dontaudit_read_fs($1)
-	')
-
-	optional_policy(`
-		seutil_dontaudit_read_config($1)
-	')
-')
-
-########################################
-## <summary>
-##	Make the specified type usable as
-##	an entry point for the domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to be entered.
-##	</summary>
-## </param>
-## <param name="type">
-##	<summary>
-##	Type of program used for entering
-##	the domain.
-##	</summary>
-## </param>
-#
-interface(`domain_entry_file',`
-	gen_require(`
-		attribute entry_type;
-	')
-
-	allow $1 $2:file entrypoint;
-	allow $1 $2:file { mmap_file_perms ioctl lock };
-
-	typeattribute $2 entry_type;
-
-	corecmd_executable_file($2)
-')
-
-########################################
-## <summary>
-##	Make the file descriptors of the specified
-##	domain for interactive use (widely inheritable)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`domain_interactive_fd',`
-	gen_require(`
-		attribute privfd;
-	')
-
-	typeattribute $1 privfd;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to perform
-##	dynamic transitions.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to perform
-##	dynamic transitions.
-##	</p>
-##	<p>
-##	This violates process tranquility, and it
-##	is strongly suggested that this not be used.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`domain_dyntrans_type',`
-	gen_require(`
-		attribute set_curr_context;
-	')
-
-	typeattribute $1 set_curr_context;
-')
-
-########################################
-## <summary>
-##	Makes caller and execption to the constraint
-##	preventing changing to the system user
-##	identity and system role.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`domain_system_change_exemption',`
-	gen_require(`
-		attribute can_system_change;
-	')
-
-	typeattribute $1 can_system_change;
-')
-
-########################################
-## <summary>
-##	Makes caller an exception to the constraint preventing
-##	changing of user identity.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The process type to make an exception to the constraint.
-##	</summary>
-## </param>
-#
-interface(`domain_subj_id_change_exemption',`
-	gen_require(`
-		attribute can_change_process_identity;
-	')
-
-	typeattribute $1 can_change_process_identity;
-')
-
-########################################
-## <summary>
-##	Makes caller an exception to the constraint preventing
-##	changing of role.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The process type to make an exception to the constraint.
-##	</summary>
-## </param>
-#
-interface(`domain_role_change_exemption',`
-	gen_require(`
-		attribute can_change_process_role;
-	')
-
-	typeattribute $1 can_change_process_role;
-')
-
-########################################
-## <summary>
-##	Makes caller an exception to the constraint preventing
-##	changing the user identity in object contexts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The process type to make an exception to the constraint.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`domain_obj_id_change_exemption',`
-	gen_require(`
-		attribute can_change_object_identity;
-	')
-
-	typeattribute $1 can_change_object_identity;
-')
-
-########################################
-## <summary>
-##	Make the specified domain the target of
-##	the user domain exception of the
-##	SELinux role and identity change
-##	constraints.
-## </summary>
-## <desc>
-##	<p>
-##	Make the specified domain the target of
-##	the user domain exception of the
-##	SELinux role and identity change
-##	constraints.
-##	</p>
-##	<p>
-##	This interface is needed to decouple
-##	the user domains from the base module.
-##	It should not be used other than on
-##	user domains.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain target for user exemption.
-##	</summary>
-## </param>
-#
-interface(`domain_user_exemption_target',`
-	gen_require(`
-		attribute process_user_target;
-	')
-
-	typeattribute $1 process_user_target;
-')
-
-########################################
-## <summary>
-##	Make the specified domain the source of
-##	the cron domain exception of the
-##	SELinux role and identity change
-##	constraints.
-## </summary>
-## <desc>
-##	<p>
-##	Make the specified domain the source of
-##	the cron domain exception of the
-##	SELinux role and identity change
-##	constraints.
-##	</p>
-##	<p>
-##	This interface is needed to decouple
-##	the cron domains from the base module.
-##	It should not be used other than on
-##	cron domains.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain target for user exemption.
-##	</summary>
-## </param>
-#
-interface(`domain_cron_exemption_source',`
-	gen_require(`
-		attribute cron_source_domain;
-	')
-
-	typeattribute $1 cron_source_domain;
-')
-
-########################################
-## <summary>
-##	Make the specified domain the target of
-##	the cron domain exception of the
-##	SELinux role and identity change
-##	constraints.
-## </summary>
-## <desc>
-##	<p>
-##	Make the specified domain the target of
-##	the cron domain exception of the
-##	SELinux role and identity change
-##	constraints.
-##	</p>
-##	<p>
-##	This interface is needed to decouple
-##	the cron domains from the base module.
-##	It should not be used other than on
-##	user cron jobs.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain target for user exemption.
-##	</summary>
-## </param>
-#
-interface(`domain_cron_exemption_target',`
-	gen_require(`
-		attribute cron_job_domain;
-	')
-
-	typeattribute $1 cron_job_domain;
-')
-
-########################################
-## <summary>
-##	Inherit and use file descriptors from
-##	domains with interactive programs.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to inherit and use file
-##	descriptors from domains with interactive programs. 
-##	This does not allow access to the objects being referenced
-##	by the file descriptors.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="1"/>
-#
-interface(`domain_use_interactive_fds',`
-	gen_require(`
-		attribute privfd;
-	')
-
-	allow $1 privfd:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to inherit file
-##	descriptors from domains with interactive
-##	programs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_use_interactive_fds',`
-	gen_require(`
-		attribute privfd;
-	')
-
-	dontaudit $1 privfd:fd use;
-')
-
-########################################
-## <summary>
-##	Send a SIGCHLD signal to domains whose file
-##	discriptors are widely inheritable.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: this was added because of newrole
-interface(`domain_sigchld_interactive_fds',`
-	gen_require(`
-		attribute privfd;
-	')
-
-	allow $1 privfd:process sigchld;
-')
-
-########################################
-## <summary>
-##	Set the nice level of all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`domain_setpriority_all_domains',`
-	gen_require(`
-		attribute domain;
-	')
-
-	allow $1 domain:process setsched;
-')
-
-########################################
-## <summary>
-##	Send general signals to all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`domain_signal_all_domains',`
-	gen_require(`
-		attribute domain;
-	')
-
-	allow $1 domain:process signal;
-')
-
-########################################
-## <summary>
-##	Dontaudit sending general signals to all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`domain_dontaudit_signal_all_domains',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:process signal;
-')
-
-########################################
-## <summary>
-##	Send a null signal to all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`domain_signull_all_domains',`
-	gen_require(`
-		attribute domain;
-	')
-
-	allow $1 domain:process signull;
-')
-
-########################################
-## <summary>
-##	Send a stop signal to all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`domain_sigstop_all_domains',`
-	gen_require(`
-		attribute domain;
-	')
-
-	allow $1 domain:process sigstop;
-')
-
-########################################
-## <summary>
-##	Send a child terminated signal to all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`domain_sigchld_all_domains',`
-	gen_require(`
-		attribute domain;
-	')
-
-	allow $1 domain:process sigchld;
-')
-
-########################################
-## <summary>
-##	Send a kill signal to all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`domain_kill_all_domains',`
-	gen_require(`
-		attribute domain;
-	')
-
-	allow $1 domain:process sigkill;
-	allow $1 self:capability kill;
-')
-
-########################################
-## <summary>
-##	Search the process state directory (/proc/pid) of all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`domain_search_all_domains_state',`
-	gen_require(`
-		attribute domain;
-	')
-
-	kernel_search_proc($1)
-	allow $1 domain:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search the process
-##	state directory (/proc/pid) of all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_search_all_domains_state',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read the process state (/proc/pid) of all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`domain_read_all_domains_state',`
-	gen_require(`
-		attribute domain;
-	')
-
-	kernel_search_proc($1)
-	allow $1 domain:dir list_dir_perms;
-	read_files_pattern($1, domain, domain)
-	read_lnk_files_pattern($1, domain, domain)
-')
-
-########################################
-## <summary>
-##	Get the attributes of all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`domain_getattr_all_domains',`
-	gen_require(`
-		attribute domain;
-	')
-
-	allow $1 domain:process getattr;
-')
-
-########################################
-## <summary>
-##	Dontaudit geting the attributes of all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_getattr_all_domains',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:process getattr;
-')
-
-########################################
-## <summary>
-##	Read the process state (/proc/pid) of all confined domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`domain_read_confined_domains_state',`
-	gen_require(`
-		attribute domain, unconfined_domain_type;
-	')
-
-	kernel_search_proc($1)
-	allow $1 { domain -unconfined_domain_type }:dir list_dir_perms;
-	read_files_pattern($1, { domain -unconfined_domain_type }, { domain -unconfined_domain_type })
-	read_lnk_files_pattern($1, { domain -unconfined_domain_type }, { domain -unconfined_domain_type })
-
-	dontaudit $1 unconfined_domain_type:dir search_dir_perms;
-	dontaudit $1 unconfined_domain_type:file read_file_perms;
-	dontaudit $1 unconfined_domain_type:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Get the attributes of all confined domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`domain_getattr_confined_domains',`
-	gen_require(`
-		attribute domain, unconfined_domain_type;
-	')
-
-	allow $1 { domain -unconfined_domain_type }:process getattr;
-')
-
-########################################
-## <summary>
-##	Ptrace all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`domain_ptrace_all_domains',`
-	gen_require(`
-		attribute domain;
-	')
-
-	allow $1 domain:process ptrace;
-	allow domain $1:process sigchld;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to ptrace all domains.
-## </summary>
-## <desc>
-##	<p>
-##	Do not audit attempts to ptrace all domains.
-##	</p>
-##	<p>
-##	Generally this needs to be suppressed because procps tries to access
-##	/proc/pid/environ and this now triggers a ptrace check in recent kernels
-##	(2.4 and 2.6).
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_ptrace_all_domains',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:process ptrace;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to ptrace confined domains.
-## </summary>
-## <desc>
-##	<p>
-##	Do not audit attempts to ptrace confined domains.
-##	</p>
-##	<p>
-##	Generally this needs to be suppressed because procps tries to access
-##	/proc/pid/environ and this now triggers a ptrace check in recent kernels
-##	(2.4 and 2.6).
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_ptrace_confined_domains',`
-	gen_require(`
-		attribute domain, unconfined_domain_type;
-	')
-
-	dontaudit $1 { domain -unconfined_domain_type }:process ptrace;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read the process
-##	state (/proc/pid) of all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_read_all_domains_state',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:dir list_dir_perms;
-	dontaudit $1 domain:lnk_file read_lnk_file_perms;
-	dontaudit $1 domain:file read_file_perms;
-
-	# cjp: these should be removed:
-	dontaudit $1 domain:sock_file read_sock_file_perms;
-	dontaudit $1 domain:fifo_file read_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read the process state
-##	directories of all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_list_all_domains_state',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Get the session ID of all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`domain_getsession_all_domains',`
-	gen_require(`
-		attribute domain;
-	')
-
-	allow $1 domain:process getsession;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the
-##	session ID of all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_getsession_all_domains',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:process getsession;
-')
-
-########################################
-## <summary>
-##	Get the process group ID of all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`domain_getpgid_all_domains',`
-	gen_require(`
-		attribute domain;
-	')
-
-	allow $1 domain:process getpgid;
-')
-
-########################################
-## <summary>
-##	Get the scheduler information of all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`domain_getsched_all_domains',`
-	gen_require(`
-		attribute domain;
-	')
-
-	allow $1 domain:process getsched;
-')
-
-########################################
-## <summary>
-##	Get the attributes of all domains
-##	sockets, for all socket types.
-## </summary>
-## <desc>
-##	<p>
-##	Get the attributes of all domains
-##	sockets, for all socket types.
-##	</p>
-##	<p>
-##	This is commonly used for domains
-##	that can use lsof on all domains.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`domain_getattr_all_sockets',`
-	gen_require(`
-		attribute domain;
-	')
-
-	allow $1 domain:socket_class_set getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of all domains sockets, for all socket types.
-## </summary>
-## <desc>
-##	<p>
-##	Do not audit attempts to get the attributes
-##	of all domains sockets, for all socket types.
-##	</p>
-##	<p>
-##	This interface was added for PCMCIA cardmgr
-##	and is probably excessive.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_getattr_all_sockets',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:socket_class_set getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of all domains TCP sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_getattr_all_tcp_sockets',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:tcp_socket getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of all domains UDP sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_getattr_all_udp_sockets',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:udp_socket getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write
-##	all domains UDP sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_rw_all_udp_sockets',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:udp_socket { read write };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get attribues of
-##	all domains IPSEC key management sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_getattr_all_key_sockets',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:key_socket getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get attribues of
-##	all domains packet sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_getattr_all_packet_sockets',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:packet_socket getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get attribues of
-##	all domains raw sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_getattr_all_raw_sockets',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:rawip_socket getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write
-##	all domains key sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_rw_all_key_sockets',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:key_socket { read write };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of all domains unix datagram sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_getattr_all_dgram_sockets',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:unix_dgram_socket getattr;
-')
-
-########################################
-## <summary>
-##	Get the attributes
-##	of all domains unix datagram sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`domain_getattr_all_stream_sockets',`
-	gen_require(`
-		attribute domain;
-	')
-
-	allow $1 domain:unix_stream_socket getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of all domains unix datagram sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_getattr_all_stream_sockets',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:unix_stream_socket getattr;
-')
-
-########################################
-## <summary>
-##	Get the attributes of all domains
-##	unnamed pipes.
-## </summary>
-## <desc>
-##	<p>
-##	Get the attributes of all domains
-##	unnamed pipes.
-##	</p>
-##	<p>
-##	This is commonly used for domains
-##	that can use lsof on all domains.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`domain_getattr_all_pipes',`
-	gen_require(`
-		attribute domain;
-	')
-
-	allow $1 domain:fifo_file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of all domains unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_getattr_all_pipes',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:fifo_file getattr;
-')
-
-########################################
-## <summary>
-##	Allow specified type to set context of all
-##	domains IPSEC associations.
-## </summary>
-## <param name="type">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`domain_ipsec_setcontext_all_domains',`
-	gen_require(`
-		attribute domain;
-	')
-
-	allow $1 domain:association setcontext;
-')
-
-########################################
-## <summary>
-##	Get the attributes of entry point
-##	files for all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`domain_getattr_all_entry_files',`
-	gen_require(`
-		attribute entry_type;
-	')
-
-	allow $1 entry_type:lnk_file read_lnk_file_perms;
-	allow $1 entry_type:file getattr;
-')
-
-########################################
-## <summary>
-##	Read the entry point files for all domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`domain_read_all_entry_files',`
-	gen_require(`
-		attribute entry_type;
-	')
-
-	allow $1 entry_type:lnk_file read_lnk_file_perms;
-	allow $1 entry_type:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute the entry point files for all
-##	domains in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`domain_exec_all_entry_files',`
-	gen_require(`
-		attribute entry_type;
-	')
-
-	can_exec($1, entry_type)
-')
-
-########################################
-## <summary>
-##	dontaudit checking for execute on all entry point files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_exec_all_entry_files',`
-	gen_require(`
-		attribute entry_type;
-	')
-
-	dontaudit $1 entry_type:file exec_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete all
-##	entrypoint files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for prelink
-interface(`domain_manage_all_entry_files',`
-	gen_require(`
-		attribute entry_type;
-	')
-
-	allow $1 entry_type:file manage_file_perms;
-')
-
-########################################
-## <summary>
-##	Relabel to and from all entry point
-##	file types.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for prelink
-interface(`domain_relabel_all_entry_files',`
-	gen_require(`
-		attribute entry_type;
-	')
-
-	allow $1 entry_type:file relabel_file_perms;
-')
-
-########################################
-## <summary>
-##	Mmap all entry point files as executable.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for prelink
-interface(`domain_mmap_all_entry_files',`
-	gen_require(`
-		attribute entry_type;
-	')
-
-	allow $1 entry_type:file mmap_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute an entry_type in the specified domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the new process.
-##	</summary>
-## </param>
-#
-# cjp: added for userhelper
-interface(`domain_entry_file_spec_domtrans',`
-	gen_require(`
-		attribute entry_type;
-	')
-
-	domain_transition_pattern($1, entry_type, $2)
-')
-
-########################################
-## <summary>
-##	Ability to mmap a low area of the address
-##	space conditionally, as configured by
-##	/proc/sys/kernel/mmap_min_addr.
-##	Preventing such mappings helps protect against
-##	exploiting null deref bugs in the kernel.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`domain_mmap_low',`
-	gen_require(`
-		attribute mmap_low_domain_type;
-		bool mmap_low_allowed;
-	')
-
-	typeattribute $1 mmap_low_domain_type;
-
-	if ( mmap_low_allowed ) {
-		allow $1 self:memprotect mmap_zero;
-	}
-')
-
-########################################
-## <summary>
-##	Ability to mmap a low area of the address
-##	space unconditionally, as configured
-##	by /proc/sys/kernel/mmap_min_addr.
-##	Preventing such mappings helps protect against
-##	exploiting null deref bugs in the kernel.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`domain_mmap_low_uncond',`
-	gen_require(`
-		attribute mmap_low_domain_type;
-	')
-
-	typeattribute $1 mmap_low_domain_type;
-
-	allow $1 self:memprotect mmap_zero;
-')
-
-########################################
-## <summary>
-##	Allow specified type to receive labeled
-##	networking packets from all domains, over
-##	all protocols (TCP, UDP, etc)
-## </summary>
-## <param name="type">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`domain_all_recvfrom_all_domains',`
-	gen_require(`
-		attribute domain;
- 	')
-
-	corenet_all_recvfrom_labeled($1, domain)
-')
-
-########################################
-## <summary>
-##	Send generic signals to the unconfined domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`domain_unconfined_signal',`
-	gen_require(`
-		attribute unconfined_domain_type;
-	')
-
-	allow $1 unconfined_domain_type:process signal;
-')
-
-########################################
-## <summary>
-##	Unconfined access to domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`domain_unconfined',`
-	gen_require(`
-		attribute set_curr_context;
-		attribute can_change_object_identity;
-		attribute unconfined_domain_type;
-		attribute process_uncond_exempt;
-	')
-
-	typeattribute $1 unconfined_domain_type;
-
-	# pass constraints
-	typeattribute $1 can_change_object_identity;
-	typeattribute $1 set_curr_context;
-	typeattribute $1 process_uncond_exempt;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write
-##	all leaked sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`domain_dontaudit_leaks',`
-	gen_require(`
-		attribute domain;
-	')
-
-	dontaudit $1 domain:socket_class_set { read write };
-')
diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
deleted file mode 100644
index 5843cad..0000000
--- a/policy/modules/kernel/domain.te
+++ /dev/null
@@ -1,277 +0,0 @@
-policy_module(domain, 1.8.1)
-
-########################################
-#
-# Declarations
-#
-## <desc>
-## <p>
-## Allow all domains to use other domains file descriptors
-## </p>
-## </desc>
-#
-gen_tunable(allow_domain_fd_use, true)
-
-## <desc>
-## <p>
-## Allow all domains to have the kernel load modules
-## </p>
-## </desc>
-#
-gen_tunable(domain_kernel_load_modules, false)
-
-## <desc>
-## <p>
-##	Control the ability to mmap a low area of the address space,
-##	as configured by /proc/sys/kernel/mmap_min_addr.
-## </p>
-## </desc>
-gen_tunable(mmap_low_allowed, false)
-
-# Mark process types as domains
-attribute domain;
-
-# Transitions only allowed from domains to other domains
-neverallow domain ~domain:process { transition dyntransition };
-
-# Domains that are unconfined
-attribute unconfined_domain_type;
-
-# Domains that can mmap low memory.
-attribute mmap_low_domain_type;
-neverallow { domain -mmap_low_domain_type } self:memprotect mmap_zero;
-
-# Domains that can set their current context
-# (perform dynamic transitions)
-attribute set_curr_context;
-
-# enabling setcurrent breaks process tranquility.  If you do not
-# know what this means or do not understand the implications of a
-# dynamic transition, you should not be using it!!!
-neverallow { domain -set_curr_context } self:process setcurrent;
-
-# entrypoint executables
-attribute entry_type;
-
-# widely-inheritable file descriptors
-attribute privfd;
-
-#
-# constraint related attributes
-#
-
-# [1] types that can change SELinux identity on transition
-attribute can_change_process_identity;
-
-# [2] types that can change SELinux role on transition
-attribute can_change_process_role;
-
-# [3] types that can change the SELinux identity on a filesystem
-# object or a socket object on a create or relabel
-attribute can_change_object_identity;
-
-# [3] types that can change to system_u:system_r
-attribute can_system_change;
-
-# [4] types that have attribute 1 can change the SELinux
-# identity only if the target domain has this attribute.
-# Types that have attribute 2 can change the SELinux role
-# only if the target domain has this attribute.
-attribute process_user_target;
-
-# For cron jobs
-# [5] types used for cron daemons
-attribute cron_source_domain;
-# [6] types used for cron jobs
-attribute cron_job_domain;
-
-# [7] types that are unconditionally exempt from
-# SELinux identity and role change constraints
-attribute process_uncond_exempt;	# add userhelperdomain to this one
-
-neverallow { domain unlabeled_t } ~{ domain unlabeled_t }:process *;
-neverallow ~{ domain unlabeled_t } *:process *;
-
-########################################
-#
-# Rules applied to all domains
-#
-
-# read /proc/(pid|self) entries
-allow domain self:dir list_dir_perms;
-allow domain self:lnk_file { read_lnk_file_perms lock ioctl };
-allow domain self:file rw_file_perms;
-kernel_read_proc_symlinks(domain)
-kernel_read_crypto_sysctls(domain)
-
-# Every domain gets the key ring, so we should default
-# to no one allowed to look at it; afs kernel support creates
-# a keyring
-kernel_dontaudit_search_key(domain)
-kernel_dontaudit_link_key(domain)
-kernel_dontaudit_search_debugfs(domain)
-
-# create child processes in the domain
-allow domain self:process { fork getsched sigchld };
-
-# Use trusted objects in /dev
-dev_rw_null(domain)
-dev_rw_zero(domain)
-term_use_controlling_term(domain)
-
-# list the root directory
-files_list_root(domain)
-# allow all domains to search through default_t directory, since users sometimes
-# place labels within these directories.  (samba_share_t) for example.
-files_search_default(domain)
-
-# All executables should be able to search the directory they are in
-corecmd_search_bin(domain)
-
-tunable_policy(`domain_kernel_load_modules',`
-	kernel_request_load_module(domain)
-')
-
-tunable_policy(`global_ssp',`
-	# enable reading of urandom for all domains:
-	# this should be enabled when all programs
-	# are compiled with ProPolice/SSP
-	# stack smashing protection.
-	dev_read_urand(domain)
-')
-
-optional_policy(`
-	afs_rw_cache(domain)
-')
-
-optional_policy(`
-	libs_use_ld_so(domain)
-	libs_use_shared_libs(domain)
-	libs_read_lib_files(domain)
-')
-
-optional_policy(`
-	setrans_translate_context(domain)
-')
-
-# xdm passes an open file descriptor to xsession-errors.log which is then audited by all confined domains.
-optional_policy(`
-	xserver_dontaudit_use_xdm_fds(domain)
-	xserver_dontaudit_rw_xdm_pipes(domain)
-	xserver_dontaudit_append_xdm_home_files(domain)
-	xserver_dontaudit_write_log(domain)
-')
-
-########################################
-#
-# Unconfined access to this module
-#
-
-# unconfined access also allows constraints, but this
-# is handled in the interface as typeattribute cannot
-# be used on an attribute.
-
-# Use/sendto/connectto sockets created by any domain.
-allow unconfined_domain_type domain:{ socket_class_set socket key_socket } *;
-
-# Use descriptors and pipes created by any domain.
-allow unconfined_domain_type domain:fd use;
-allow unconfined_domain_type domain:fifo_file rw_file_perms;
-
-allow unconfined_domain_type unconfined_domain_type:dbus send_msg;
-
-# Act upon any other process.
-allow unconfined_domain_type domain:process ~{ transition dyntransition execmem execstack execheap };
-
-# Create/access any System V IPC objects.
-allow unconfined_domain_type domain:{ sem msgq shm } *;
-allow unconfined_domain_type domain:msg { send receive };
-
-# For /proc/pid
-allow unconfined_domain_type domain:dir list_dir_perms;
-allow unconfined_domain_type domain:file rw_file_perms;
-allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock };
-
-# act on all domains keys
-allow unconfined_domain_type domain:key *;
-
-# receive from all domains over labeled networking
-domain_all_recvfrom_all_domains(unconfined_domain_type)
-
-selinux_getattr_fs(domain)
-selinux_search_fs(domain)
-selinux_dontaudit_read_fs(domain)
-
-seutil_dontaudit_read_config(domain)
-
-init_sigchld(domain)
-init_signull(domain)
-
-ifdef(`distro_redhat',`
-	files_search_mnt(domain)
-	optional_policy(`
-		unconfined_use_fds(domain)
-	')
-')
-
-# these seem questionable:
-
-optional_policy(`
-	abrt_domtrans_helper(domain)
-	abrt_read_pid_files(domain)
-	abrt_read_state(domain)
-	abrt_signull(domain)
-	abrt_stream_connect(domain)
-')
-
-optional_policy(`
-	rpm_use_fds(domain)
-	rpm_read_pipes(domain)
-	rpm_search_log(domain)
-	rpm_append_tmp_files(domain)
-	rpm_dontaudit_leaks(domain)
-	rpm_read_script_tmp_files(domain)
-	rpm_inherited_fifo(domain)
-')
-
-optional_policy(`
-	sosreport_append_tmp_files(domain)
-')
-
-tunable_policy(`allow_domain_fd_use',`
-	# Allow all domains to use fds past to them
-	allow domain domain:fd use;
-')
-
-optional_policy(`
-	cron_dontaudit_write_system_job_tmp_files(domain)
-	cron_rw_pipes(domain)
-	cron_rw_system_job_pipes(domain)
-')
-
-ifdef(`hide_broken_symptoms',`
-	dontaudit domain self:udp_socket listen;
-	allow domain domain:key { link search };
-')
-
-optional_policy(`
-	hal_dontaudit_read_pid_files(domain)
-')
-
-optional_policy(`
-	ifdef(`hide_broken_symptoms',`
-		afs_rw_udp_sockets(domain)
-	')
-')
-
-optional_policy(`
-	ssh_rw_pipes(domain)
-')
-
-optional_policy(`
-	unconfined_dontaudit_rw_pipes(domain)
-	unconfined_sigchld(domain)
-')
-
-# broken kernel
-dontaudit can_change_object_identity can_change_object_identity:key link;
diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
deleted file mode 100644
index bd4c23d..0000000
--- a/policy/modules/kernel/files.fc
+++ /dev/null
@@ -1,272 +0,0 @@
-
-#
-# /
-#
-/.*				gen_context(system_u:object_r:default_t,s0)
-/			-d	gen_context(system_u:object_r:root_t,s0)
-/\.journal			<<none>>
-/afs			-d	gen_context(system_u:object_r:mnt_t,s0)
-/initrd\.img.*		-l	gen_context(system_u:object_r:boot_t,s0)
-/vmlinuz.*		-l	gen_context(system_u:object_r:boot_t,s0)
-
-ifdef(`distro_redhat',`
-/\.autofsck		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/\.autorelabel		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/\.suspended		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/fastboot 		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/forcefsck 		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/fsckoptions 		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/halt			--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/poweroff		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/[^/]+			--	gen_context(system_u:object_r:etc_runtime_t,s0)
-')
-
-ifdef(`distro_suse',`
-/success		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-')
-
-#
-# /boot
-#
-/boot			-d	gen_context(system_u:object_r:boot_t,s0)
-/boot/.*			gen_context(system_u:object_r:boot_t,s0)
-/boot/\.journal			<<none>>
-/boot/efi(/.*)?/System\.map(-.*)? -- gen_context(system_u:object_r:system_map_t,s0)
-/boot/lost\+found	-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
-/boot/lost\+found/.*		<<none>>
-/boot/System\.map(-.*)?	--	gen_context(system_u:object_r:system_map_t,s0)
-
-#
-# /emul
-#
-/emul			-d	gen_context(system_u:object_r:usr_t,s0)
-/emul/.*			gen_context(system_u:object_r:usr_t,s0)
-
-#
-# /etc
-#
-/etc			-d	gen_context(system_u:object_r:etc_t,s0)
-/etc/.*				gen_context(system_u:object_r:etc_t,s0)
-/etc/\.fstab\.hal\..+	--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/blkid(/.*)?		gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/cmtab		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/fstab\.REVOKE	--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/HOSTNAME		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/ioctl\.save	--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/issue		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/issue\.net		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/killpower		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/localtime		-l	gen_context(system_u:object_r:etc_t,s0)
-/etc/mtab		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/mtab\.fuselock	--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/motd		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/nohotplug		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/nologin.*		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/reader\.conf	-- 	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/smartd\.conf.*	--	gen_context(system_u:object_r:etc_runtime_t,s0)
-
-/etc/sysctl\.conf(\.old)?               --      gen_context(system_u:object_r:system_conf_t,s0)
-/etc/sysconfig/ebtables.*				--      gen_context(system_u:object_r:system_conf_t,s0)
-/etc/sysconfig/ip6?tables.*             --      gen_context(system_u:object_r:system_conf_t,s0)
-/etc/sysconfig/ipvsadm.*                --      gen_context(system_u:object_r:system_conf_t,s0)
-/etc/sysconfig/system-config-firewall.* --      gen_context(system_u:object_r:system_conf_t,s0)
-
-
-/etc/cups/client\.conf	--	gen_context(system_u:object_r:etc_t,s0)
-
-/etc/ipsec\.d/examples(/.*)?	gen_context(system_u:object_r:etc_t,s0)
-
-/etc/network/ifstate	--	gen_context(system_u:object_r:etc_runtime_t,s0)
-
-/etc/ptal/ptal-printd-like -- 	gen_context(system_u:object_r:etc_runtime_t,s0)
-
-/etc/sysconfig/hwconf	--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/sysconfig/iptables\.save -- gen_context(system_u:object_r:etc_runtime_t,s0)
-
-/etc/xorg\.conf\.d/00-system-setup-keyboard\.conf --	gen_context(system_u:object_r:etc_runtime_t,s0)
-
-ifdef(`distro_gentoo', `
-/etc/profile\.env	--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/csh\.env		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/env\.d/.*		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-')
-
-ifdef(`distro_redhat',`
-/etc/rhgb(/.*)?		-d	gen_context(system_u:object_r:mnt_t,s0)
-')
-
-ifdef(`distro_suse',`
-/etc/defkeymap\.map	--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/init\.d/\.depend.*	--	gen_context(system_u:object_r:etc_runtime_t,s0)
-')
-
-#
-# HOME_ROOT
-# expanded by genhomedircon
-#
-HOME_ROOT			gen_context(system_u:object_r:home_root_t,s0-mls_systemhigh)
-HOME_ROOT/\.journal		<<none>>
-HOME_ROOT/lost\+found	-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
-HOME_ROOT/lost\+found/.*		<<none>>
-
-#
-# /initrd
-#
-# initrd mount point, only used during boot
-/initrd			-d	gen_context(system_u:object_r:root_t,s0)
-
-#
-# /lib(64)?
-#
-/lib/modules(/.*)?		gen_context(system_u:object_r:modules_object_t,s0)
-/lib64/modules(/.*)?		gen_context(system_u:object_r:modules_object_t,s0)
-
-#
-# /lost+found
-#
-/lost\+found		-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
-/lost\+found/.*			<<none>>
-
-#
-# /media
-#
-# Mount points; do not relabel subdirectories, since
-# we don't want to change any removable media by default.
-/media(/[^/]*)		-l	gen_context(system_u:object_r:mnt_t,s0)
-/media(/[^/]*)?		-d	gen_context(system_u:object_r:mnt_t,s0)
-/media/[^/]*/.*			<<none>>
-/media/\.hal-.*		--	gen_context(system_u:object_r:mnt_t,s0)
-
-#
-# /misc
-#
-/misc			-d	gen_context(system_u:object_r:mnt_t,s0)
-
-#
-# /mnt
-#
-/mnt(/[^/]*)		-l	gen_context(system_u:object_r:mnt_t,s0)
-/mnt(/[^/]*)?		-d	gen_context(system_u:object_r:mnt_t,s0)
-/mnt/[^/]*/.*			<<none>>
-
-#
-# /net
-#
-/net			-d	gen_context(system_u:object_r:mnt_t,s0)
-
-#
-# /opt
-#
-/opt			-d	gen_context(system_u:object_r:usr_t,s0)
-/opt/.*				gen_context(system_u:object_r:usr_t,s0)
-
-/opt/(.*/)?var/lib(64)?(/.*)?	gen_context(system_u:object_r:var_lib_t,s0)
-
-#
-# /proc
-#
-/proc			-d	<<none>>
-/proc/.*			<<none>>
-
-ifdef(`distro_redhat',`
-/rhev			-d	gen_context(system_u:object_r:mnt_t,s0)
-/rhev(/[^/]*)?		-d	gen_context(system_u:object_r:mnt_t,s0)
-/rhev/[^/]*/.*			<<none>>
-')
-
-#
-# /selinux
-#
-/selinux		-d	<<none>>
-/selinux/.*			<<none>>
-
-#
-# /srv
-#
-/srv			-d	gen_context(system_u:object_r:var_t,s0)
-/srv/.*				gen_context(system_u:object_r:var_t,s0)
-
-#
-# /tmp
-#
-/tmp			-d	gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
-/tmp/.*				<<none>>
-/tmp/\.journal			<<none>>
-
-/tmp/lost\+found	-d		gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
-/tmp/lost\+found/.*		<<none>>
-
-#
-# /usr
-#
-/usr			-d	gen_context(system_u:object_r:usr_t,s0)
-/usr/.*				gen_context(system_u:object_r:usr_t,s0)
-/usr/\.journal			<<none>>
-
-/usr/doc(/.*)?/lib(/.*)?		gen_context(system_u:object_r:usr_t,s0)
-
-/usr/etc(/.*)?			gen_context(system_u:object_r:etc_t,s0)
-
-/usr/inclu.e(/.*)?		gen_context(system_u:object_r:usr_t,s0)
-
-/usr/local/\.journal		<<none>>
-
-/usr/local/etc(/.*)?		gen_context(system_u:object_r:etc_t,s0)
-
-/usr/local/lost\+found	-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
-/usr/local/lost\+found/.*	<<none>>
-
-/usr/lost\+found		-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
-/usr/lost\+found/.*		<<none>>
-
-/usr/share/doc(/.*)?/README.*	gen_context(system_u:object_r:usr_t,s0)
-
-/usr/tmp			-d	gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
-/usr/tmp/.*			<<none>>
-
-ifndef(`distro_redhat',`
-/usr/local/src(/.*)?		gen_context(system_u:object_r:src_t,s0)
-/usr/src(/.*)?			gen_context(system_u:object_r:src_t,s0)
-/usr/src/kernels/.+/lib(/.*)?	gen_context(system_u:object_r:usr_t,s0)
-')
-
-#
-# /var
-#
-/var			-d	gen_context(system_u:object_r:var_t,s0)
-/var/.*				gen_context(system_u:object_r:var_t,s0)
-/var/\.journal			<<none>>
-
-/var/db/.*\.db		--	gen_context(system_u:object_r:etc_t,s0)
-
-/var/ftp/etc(/.*)?		gen_context(system_u:object_r:etc_t,s0)
-
-/var/named/chroot/etc(/.*)? 	gen_context(system_u:object_r:etc_t,s0)
-
-/var/lib(/.*)?			gen_context(system_u:object_r:var_lib_t,s0)
-
-/var/lib/nfs/rpc_pipefs(/.*)?	<<none>>
-
-/var/lock(/.*)?			gen_context(system_u:object_r:var_lock_t,s0)
-
-/var/lost\+found		-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
-/var/lost\+found/.*		<<none>>
-
-/var/run			-d	gen_context(system_u:object_r:var_run_t,s0-mls_systemhigh)
-/var/run/.*			gen_context(system_u:object_r:var_run_t,s0)
-/var/run/.*\.*pid		<<none>>
-
-/var/spool(/.*)?			gen_context(system_u:object_r:var_spool_t,s0)
-/var/spool/postfix/etc(/.*)?	gen_context(system_u:object_r:etc_t,s0)
-
-/var/tmp			gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
-/var/tmp/.*			<<none>>
-/var/tmp/lost\+found	-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
-/var/tmp/lost\+found/.*		<<none>>
-/var/tmp/vi\.recover	-d	gen_context(system_u:object_r:tmp_t,s0)
-
-ifdef(`distro_debian',`
-/var/run/motd		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-')
-/nsr(/.*)?						gen_context(system_u:object_r:var_t,s0)
-/nsr/logs(/.*)?						gen_context(system_u:object_r:var_log_t,s0)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
deleted file mode 100644
index a738502..0000000
--- a/policy/modules/kernel/files.if
+++ /dev/null
@@ -1,6383 +0,0 @@
-## <summary>
-## Basic filesystem types and interfaces.
-## </summary>
-## <desc>
-## <p>
-## This module contains basic filesystem types and interfaces. This
-## includes:
-## <ul>
-##	<li>The concept of different file types including basic
-##	files, mount points, tmp files, etc.</li>
-##	<li>Access to groups of files and all files.</li>
-##	<li>Types and interfaces for the basic filesystem layout
-##	(/, /etc, /tmp, /usr, etc.).</li>
-## </ul>
-## </p>
-## </desc>
-## <required val="true">
-##	Contains the concept of a file.
-##	Comains the file initial SID.
-## </required>
-
-########################################
-## <summary>
-##	Make the specified type usable for files
-##	in a filesystem.
-## </summary>
-## <desc>
-##	<p>
-##	Make the specified type usable for files
-##	in a filesystem.  Types used for files that
-##	do not use this interface, or an interface that
-##	calls this one, will have unexpected behaviors
-##	while the system is running. If the type is used
-##	for device nodes (character or block files), then
-##	the dev_node() interface is more appropriate.
-##	</p>
-##	<p>
-##	Related interfaces:
-##	</p>
-##	<ul>
-##		<li>application_domain()</li>
-##		<li>application_executable_file()</li>
-##		<li>corecmd_executable_file()</li>
-##		<li>init_daemon_domain()</li>
-##		<li>init_domaion()</li>
-##		<li>init_ranged_daemon_domain()</li>
-##		<li>init_ranged_domain()</li>
-##		<li>init_ranged_system_domain()</li>
-##		<li>init_script_file()</li>
-##		<li>init_script_domain()</li>
-##		<li>init_system_domain()</li>
-##		<li>files_config_files()</li>
-##		<li>files_lock_file()</li>
-##		<li>files_mountpoint()</li>
-##		<li>files_pid_file()</li>
-##		<li>files_security_file()</li>
-##		<li>files_security_mountpoint()</li>
-##		<li>files_tmp_file()</li>
-##		<li>files_tmpfs_file()</li>
-##		<li>logging_log_file()</li>
-##		<li>userdom_user_home_content()</li>
-##	</ul>
-##	<p>
-##	Example:
-##	</p>
-##	<p>
-##	type myfile_t;
-##	files_type(myfile_t)
-##	allow mydomain_t myfile_t:file read_file_perms;
-##	</p>
-## </desc>
-## <param name="type">
-##	<summary>
-##	Type to be used for files.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`files_type',`
-	gen_require(`
-		attribute file_type, non_security_file_type;
-	')
-
-	typeattribute $1 file_type, non_security_file_type;
-')
-
-########################################
-## <summary>
-##	Make the specified type a file that
-##	should not be dontaudited from
-##	browsing from user domains.
-## </summary>
-## <param name="file_type">
-##	<summary>
-##	Type of the file to be used as a
-##	member directory.
-##	</summary>
-## </param>
-#
-interface(`files_security_file',`
-	gen_require(`
-		attribute file_type, security_file_type;
-	')
-
-	typeattribute $1 file_type, security_file_type;
-')
-
-########################################
-## <summary>
-##	Make the specified type usable for
-##	lock files.
-## </summary>
-## <param name="type">
-##	<summary>
-##	Type to be used for lock files.
-##	</summary>
-## </param>
-#
-interface(`files_lock_file',`
-	gen_require(`
-		attribute lockfile;
-	')
-
-	files_type($1)
-	typeattribute $1 lockfile;
-')
-
-########################################
-## <summary>
-##	Make the specified type usable for
-##	filesystem mount points.
-## </summary>
-## <param name="type">
-##	<summary>
-##	Type to be used for mount points.
-##	</summary>
-## </param>
-#
-interface(`files_mountpoint',`
-	gen_require(`
-		attribute mountpoint;
-	')
-
-	files_type($1)
-	typeattribute $1 mountpoint;
-')
-
-########################################
-## <summary>
-##	Make the specified type usable for
-##	security file filesystem mount points.
-## </summary>
-## <param name="type">
-##	<summary>
-##	Type to be used for mount points.
-##	</summary>
-## </param>
-#
-interface(`files_security_mountpoint',`
-	gen_require(`
-		attribute mountpoint;
-	')
-
-	files_security_file($1)
-	typeattribute $1 mountpoint;
-')
-
-########################################
-## <summary>
-##	Make the specified type usable for
-##	runtime process ID files.
-## </summary>
-## <desc>
-##	<p>
-##	Make the specified type usable for runtime process ID files,
-##	typically found in /var/run.
-##	This will also make the type usable for files, making
-##	calls to files_type() redundant.  Failure to use this interface
-##	for a PID file type may result in problems with starting
-##	or stopping services.
-##	</p>
-##	<p>
-##	Related interfaces:
-##	</p>
-##	<ul>
-##		<li>files_pid_filetrans()</li>
-##	</ul>
-##	<p>
-##	Example usage with a domain that can create and
-##	write its PID file with a private PID file type in the
-##	/var/run directory:
-##	</p>
-##	<p>
-##	type mypidfile_t;
-##	files_pid_file(mypidfile_t)
-##	allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms };
-##	files_pid_filetrans(mydomain_t, mypidfile_t, file)
-##	</p>
-## </desc>
-## <param name="type">
-##	<summary>
-##	Type to be used for PID files.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`files_pid_file',`
-	gen_require(`
-		attribute pidfile;
-	')
-
-	files_type($1)
-	typeattribute $1 pidfile;
-')
-
-########################################
-## <summary>
-##	Make the specified type a
-##	configuration file.
-## </summary>
-## <desc>
-##	<p>
-##	Make the specified type usable for configuration files.
-##	This will also make the type usable for files, making
-##	calls to files_type() redundant.  Failure to use this interface
-##	for a temporary file may result in problems with
-##	configuration management tools.
-##	</p>
-##	<p>
-##	Example usage with a domain that can read
-##	its configuration file /etc:
-##	</p>
-##	<p>
-##	type myconffile_t;
-##	files_config_file(myconffile_t)
-##	allow mydomain_t myconffile_t:file read_file_perms;
-##	files_search_etc(mydomain_t)
-##	</p>
-## </desc>
-## <param name="file_type">
-##	<summary>
-##	Type to be used as a configuration file.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`files_config_file',`
-	gen_require(`
-		attribute configfile;
-	')
-	files_type($1)
-	typeattribute $1 configfile;
-')
-
-########################################
-## <summary>
-##	Make the specified type a
-##	polyinstantiated directory.
-## </summary>
-## <param name="file_type">
-##	<summary>
-##	Type of the file to be used as a
-##	polyinstantiated directory.
-##	</summary>
-## </param>
-#
-interface(`files_poly',`
-	gen_require(`
-		attribute polydir;
-	')
-
-	files_type($1)
-	typeattribute $1 polydir;
-')
-
-########################################
-## <summary>
-##	Make the specified type a parent
-##	of a polyinstantiated directory.
-## </summary>
-## <param name="file_type">
-##	<summary>
-##	Type of the file to be used as a
-##	parent directory.
-##	</summary>
-## </param>
-#
-interface(`files_poly_parent',`
-	gen_require(`
-		attribute polyparent;
-	')
-
-	files_type($1)
-	typeattribute $1 polyparent;
-')
-
-########################################
-## <summary>
-##	Make the specified type a
-##	polyinstantiation member directory.
-## </summary>
-## <param name="file_type">
-##	<summary>
-##	Type of the file to be used as a
-##	member directory.
-##	</summary>
-## </param>
-#
-interface(`files_poly_member',`
-	gen_require(`
-		attribute polymember;
-	')
-
-	files_type($1)
-	typeattribute $1 polymember;
-')
-
-########################################
-## <summary>
-##	Make the domain use the specified
-##	type of polyinstantiated directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain using the polyinstantiated
-##	directory.
-##	</summary>
-## </param>
-## <param name="file_type">
-##	<summary>
-##	Type of the file to be used as a
-##	member directory.
-##	</summary>
-## </param>
-#
-interface(`files_poly_member_tmp',`
-	gen_require(`
-		type tmp_t;
-	')
-
-	type_member $1 tmp_t:dir $2;
-')
-
-########################################
-## <summary>
-##	Make the specified type a file
-##	used for temporary files.
-## </summary>
-## <desc>
-##	<p>
-##	Make the specified type usable for temporary files.
-##	This will also make the type usable for files, making
-##	calls to files_type() redundant.  Failure to use this interface
-##	for a temporary file may result in problems with
-##	purging temporary files.
-##	</p>
-##	<p>
-##	Related interfaces:
-##	</p>
-##	<ul>
-##		<li>files_tmp_filetrans()</li>
-##	</ul>
-##	<p>
-##	Example usage with a domain that can create and
-##	write its temporary file in the system temporary file
-##	directories (/tmp or /var/tmp):
-##	</p>
-##	<p>
-##	type mytmpfile_t;
-##	files_tmp_file(mytmpfile_t)
-##	allow mydomain_t mytmpfile_t:file { create_file_perms write_file_perms };
-##	files_tmp_filetrans(mydomain_t, mytmpfile_t, file)
-##	</p>
-## </desc>
-## <param name="file_type">
-##	<summary>
-##	Type of the file to be used as a
-##	temporary file.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`files_tmp_file',`
-	gen_require(`
-		attribute tmpfile;
-		type tmp_t;
-	')
-
-	files_type($1)
-	files_poly_member($1)
-	typeattribute $1 tmpfile;
-')
-
-########################################
-## <summary>
-##	Transform the type into a file, for use on a
-##	virtual memory filesystem (tmpfs).
-## </summary>
-## <param name="type">
-##	<summary>
-##	The type to be transformed.
-##	</summary>
-## </param>
-#
-interface(`files_tmpfs_file',`
-	gen_require(`
-		attribute tmpfsfile;
-	')
-
-	files_type($1)
-	typeattribute $1 tmpfsfile;
-')
-
-########################################
-## <summary>
-##	Get the attributes of all directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_getattr_all_dirs',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	getattr_dirs_pattern($1, file_type, file_type)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of all directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_all_dirs',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	dontaudit $1 file_type:dir getattr;
-')
-
-########################################
-## <summary>
-##	List all non-security directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_list_non_security',`
-	gen_require(`
-		attribute non_security_file_type;
-	')
-
-	list_dirs_pattern($1, non_security_file_type, non_security_file_type)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to list all
-##	non-security directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_list_non_security',`
-	gen_require(`
-		attribute non_security_file_type;
-	')
-
-	dontaudit $1 non_security_file_type:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Mount a filesystem on all non-security
-##	directories and files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_mounton_non_security',`
-	gen_require(`
-		attribute non_security_file_type;
-	')
-
-	allow $1 non_security_file_type:dir mounton;
-	allow $1 non_security_file_type:file mounton;
-')
-
-########################################
-## <summary>
-##	Allow attempts to modify any directory
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_write_non_security_dirs',`
-	gen_require(`
-		attribute non_security_file_type;
-	')
-
-	allow $1 non_security_file_type:dir write;
-')
-
-########################################
-## <summary>
-##	Allow attempts to manage non-security directories
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_non_security_dirs',`
-	gen_require(`
-		attribute non_security_file_type;
-	')
-
-	allow $1 non_security_file_type:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Get the attributes of all files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_getattr_all_files',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	getattr_files_pattern($1, file_type, file_type)
-	getattr_lnk_files_pattern($1, file_type, file_type)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of all files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_all_files',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	dontaudit $1 file_type:file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of non security files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_non_security_files',`
-	gen_require(`
-		attribute non_security_file_type;
-	')
-
-	dontaudit $1 non_security_file_type:file getattr;
-')
-
-########################################
-## <summary>
-##	Read all files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_all_files',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	allow $1 file_type:dir list_dir_perms;
-	read_files_pattern($1, file_type, file_type)
-
-	optional_policy(`
-		auth_read_shadow($1)
-	')
-')
-
-########################################
-## <summary>
-##	Allow shared library text relocations in all files.
-## </summary>
-## <desc>
-##	<p>
-##	Allow shared library text relocations in all files.
-##	</p>
-##	<p>
-##	This is added to support WINE policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_execmod_all_files',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	allow $1 file_type:file execmod;
-')
-
-########################################
-## <summary>
-##	Read all non-security files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_read_non_security_files',`
-	gen_require(`
-		attribute non_security_file_type;
-	')
-
-	read_files_pattern($1, non_security_file_type, non_security_file_type)
-	read_lnk_files_pattern($1, non_security_file_type, non_security_file_type)
-')
-
-########################################
-## <summary>
-##	Read all directories on the filesystem, except
-##	the listed exceptions.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="exception_types" optional="true">
-##	<summary>
-##	The types to be excluded.  Each type or attribute
-##	must be negated by the caller.
-##	</summary>
-## </param>
-#
-interface(`files_read_all_dirs_except',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	allow $1 { file_type $2 }:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read all files on the filesystem, except
-##	the listed exceptions.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="exception_types" optional="true">
-##	<summary>
-##	The types to be excluded.  Each type or attribute
-##	must be negated by the caller.
-##	</summary>
-## </param>
-#
-interface(`files_read_all_files_except',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	read_files_pattern($1, { file_type $2 }, { file_type $2 })
-')
-
-########################################
-## <summary>
-##	Read all symbolic links on the filesystem, except
-##	the listed exceptions.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="exception_types" optional="true">
-##	<summary>
-##	The types to be excluded.  Each type or attribute
-##	must be negated by the caller.
-##	</summary>
-## </param>
-#
-interface(`files_read_all_symlinks_except',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	read_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
-')
-
-########################################
-## <summary>
-##	Get the attributes of all symbolic links.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_getattr_all_symlinks',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	getattr_lnk_files_pattern($1, file_type, file_type)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of all symbolic links.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_all_symlinks',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	dontaudit $1 file_type:lnk_file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read all symbolic links.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_read_all_symlinks',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	dontaudit $1 file_type:lnk_file read;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of non security symbolic links.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_non_security_symlinks',`
-	gen_require(`
-		attribute non_security_file_type;
-	')
-
-	dontaudit $1 non_security_file_type:lnk_file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of non security block devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_non_security_blk_files',`
-	gen_require(`
-		attribute non_security_file_type;
-	')
-
-	dontaudit $1 non_security_file_type:blk_file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of non security character devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_non_security_chr_files',`
-	gen_require(`
-		attribute non_security_file_type;
-	')
-
-	dontaudit $1 non_security_file_type:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Read all symbolic links.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_read_all_symlinks',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	allow $1 file_type:dir list_dir_perms;
-	read_lnk_files_pattern($1, file_type, file_type)
-')
-
-########################################
-## <summary>
-##	Get the attributes of all named pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_getattr_all_pipes',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	allow $1 file_type:dir list_dir_perms;
-	getattr_fifo_files_pattern($1, file_type, file_type)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of all named pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_all_pipes',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	dontaudit $1 file_type:fifo_file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of non security named pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_non_security_pipes',`
-	gen_require(`
-		attribute non_security_file_type;
-	')
-
-	dontaudit $1 non_security_file_type:fifo_file getattr;
-')
-
-########################################
-## <summary>
-##	Get the attributes of all named sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_getattr_all_sockets',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	allow $1 file_type:dir list_dir_perms;
-	getattr_sock_files_pattern($1, file_type, file_type)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of all named sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_all_sockets',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	dontaudit $1 file_type:sock_file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of non security named sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_non_security_sockets',`
-	gen_require(`
-		attribute non_security_file_type;
-	')
-
-	dontaudit $1 non_security_file_type:sock_file getattr;
-')
-
-########################################
-## <summary>
-##	Read all block nodes with file types.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_all_blk_files',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	read_blk_files_pattern($1, file_type, file_type)
-')
-
-########################################
-## <summary>
-##	Read all character nodes with file types.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_all_chr_files',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	read_chr_files_pattern($1, file_type, file_type)
-')
-
-########################################
-## <summary>
-##	Relabel all files on the filesystem, except
-##	the listed exceptions.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="exception_types" optional="true">
-##	<summary>
-##	The types to be excluded.  Each type or attribute
-##	must be negated by the caller.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_relabel_all_files',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	allow $1 { file_type $2 }:dir list_dir_perms;
-	relabel_dirs_pattern($1, { file_type $2 }, { file_type $2 })
-	relabel_files_pattern($1, { file_type $2 }, { file_type $2 })
-	relabel_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
-	relabel_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
-	relabel_sock_files_pattern($1, { file_type $2 }, { file_type $2 })
-	relabel_blk_files_pattern($1, { file_type $2 }, { file_type $2 })
-	relabel_chr_files_pattern($1, { file_type $2 }, { file_type $2 })
-
-	# satisfy the assertions:
-	seutil_relabelto_bin_policy($1)
-')
-
-########################################
-## <summary>
-##	rw all files on the filesystem, except
-##	the listed exceptions.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="exception_types" optional="true">
-##	<summary>
-##	The types to be excluded.  Each type or attribute
-##	must be negated by the caller.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_rw_all_files',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	rw_files_pattern($1, { file_type $2 }, { file_type $2 })
-')
-
-########################################
-## <summary>
-##	Manage all files on the filesystem, except
-##	the listed exceptions.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="exception_types" optional="true">
-##	<summary>
-##	The types to be excluded.  Each type or attribute
-##	must be negated by the caller.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_manage_all_files',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	manage_dirs_pattern($1, { file_type $2 }, { file_type $2 })
-	manage_files_pattern($1, { file_type $2 }, { file_type $2 })
-	manage_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
-	manage_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
-	manage_sock_files_pattern($1, { file_type $2 }, { file_type $2 })
-
-	# satisfy the assertions:
-	seutil_create_bin_policy($1)
-	files_manage_kernel_modules($1)
-')
-
-########################################
-## <summary>
-##	Search the contents of all directories on
-##	extended attribute filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_search_all',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	allow $1 file_type:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List the contents of all directories on
-##	extended attribute filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_list_all',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	allow $1 file_type:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search the
-##	contents of any directories on extended
-##	attribute filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_search_all_dirs',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	dontaudit $1 file_type:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Get the attributes of all filesystems
-##	with the type of a file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# dwalsh: This interface is to allow quotacheck to work on a
-# a filesystem mounted with the --context switch
-# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212957
-#
-interface(`files_getattr_all_file_type_fs',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	allow $1 file_type:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Relabel a filesystem to the type of a file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_relabelto_all_file_type_fs',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	allow $1 file_type:filesystem relabelto;
-')
-
-########################################
-## <summary>
-##	Relabel a filesystem to the type of a file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_relabel_all_file_type_fs',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	allow $1 file_type:filesystem { relabelfrom relabelto };
-')
-
-########################################
-## <summary>
-##	Mount all filesystems with the type of a file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_mount_all_file_type_fs',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	allow $1 file_type:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Unmount all filesystems with the type of a file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_unmount_all_file_type_fs',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	allow $1 file_type:filesystem unmount;
-')
-
-#############################################
-## <summary>
-##	Manage all configuration directories on filesystem
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-##
-#
-interface(`files_manage_config_dirs',`
-	gen_require(`
-		attribute configfile;
-	')
-
-	manage_dirs_pattern($1, configfile, configfile)
-')
-
-#########################################
-## <summary>
-##	Relabel configuration directories
-## </summary>
-## <param name="domain">
-## 	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-##
-#
-interface(`files_relabel_config_dirs',`
-	gen_require(`
-		attribute configfile;
-	')
-
-	relabel_dirs_pattern($1, configfile, configfile)
-')
-
-########################################
-## <summary>
-##	Read config files in /etc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_config_files',`
-	gen_require(`
-		attribute configfile;
-	')
-
-	allow $1 configfile:dir list_dir_perms;
-	read_files_pattern($1, configfile, configfile)
-	read_lnk_files_pattern($1, configfile, configfile)
-')
-
-###########################################
-## <summary>
-## 	Manage all configuration files on filesystem
-## </summary>
-## <param name="domain">
-## 	<summary>
-##	Domain allowed access.
-## 	</summary>
-## </param>
-##
-#
-interface(`files_manage_config_files',`
-	gen_require(`
-		attribute configfile;
-	')
-
-	manage_files_pattern($1, configfile, configfile)
-')
-
-#######################################
-## <summary>
-##	Relabel configuration files
-## </summary>
-## <param name="domain">
-## 	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-##
-#
-interface(`files_relabel_config_files',`
-	gen_require(`
-		attribute configfile;
-	')
-
-	relabel_files_pattern($1, configfile, configfile)
-')
-
-########################################
-## <summary>
-##	Mount a filesystem on all mount points.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_mounton_all_mountpoints',`
-	gen_require(`
-		attribute mountpoint;
-	')
-
-	allow $1 mountpoint:dir { search_dir_perms mounton };
-	allow $1 mountpoint:file { getattr mounton };
-')
-
-########################################
-## <summary>
-##	Get the attributes of all mount points.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_getattr_all_mountpoints',`
-	gen_require(`
-		attribute mountpoint;
-	')
-
-	allow $1 mountpoint:dir getattr;
-')
-
-########################################
-## <summary>
-##	Search all mount points.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_search_all_mountpoints',`
-	gen_require(`
-		attribute mountpoint;
-	')
-
-	allow $1 mountpoint:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit searching of all mount points.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_search_all_mountpoints',`
-	gen_require(`
-		attribute mountpoint;
-	')
-
-	dontaudit $1 mountpoint:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit listing of all mount points.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_list_all_mountpoints',`
-	gen_require(`
-		attribute mountpoint;
-	')
-
-	dontaudit $1 mountpoint:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Write all mount points.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_write_all_mountpoints',`
-	gen_require(`
-		attribute mountpoint;
-	')
-
-	allow $1 mountpoint:dir write;
-')
-
-########################################
-## <summary>
-##	List the contents of the root directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_list_root',`
-	gen_require(`
-		type root_t;
-	')
-
-	allow $1 root_t:dir list_dir_perms;
-	allow $1 root_t:lnk_file { read_lnk_file_perms ioctl lock };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write
-##	files in the root directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_rw_root_dir',`
-	gen_require(`
-		type root_t;
-	')
-
-	dontaudit $1 root_t:dir rw_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create an object in the root directory, with a private
-##	type using a type transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private type">
-##	<summary>
-##	The type of the object to be created.
-##	</summary>
-## </param>
-## <param name="object">
-##	<summary>
-##	The object class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`files_root_filetrans',`
-	gen_require(`
-		type root_t;
-	')
-
-	filetrans_pattern($1, root_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read files in
-##	the root directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_read_root_files',`
-	gen_require(`
-		type root_t;
-	')
-
-	dontaudit $1 root_t:file { getattr read };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write
-##	files in the root directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_rw_root_files',`
-	gen_require(`
-		type root_t;
-	')
-
-	dontaudit $1 root_t:file { read write };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write
-##	character device nodes in the root directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_rw_root_chr_files',`
-	gen_require(`
-		type root_t;
-	')
-
-	dontaudit $1 root_t:chr_file { read write };
-')
-
-########################################
-## <summary>
-##	Delete files in the root directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_delete_root_files',`
-	gen_require(`
-		type root_t;
-	')
-
-	allow $1 root_t:file unlink;
-')
-
-########################################
-## <summary>
-##	Remove entries from the root directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_delete_root_dir_entry',`
-	gen_require(`
-		type root_t;
-	')
-
-	allow $1 root_t:dir rw_dir_perms;
-')
-
-########################################
-## <summary>
-##	Unmount a rootfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_unmount_rootfs',`
-	gen_require(`
-		type root_t;
-	')
-
-	allow $1 root_t:filesystem unmount;
-')
-
-########################################
-## <summary>
-##	Get attributes of the /boot directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_getattr_boot_dirs',`
-	gen_require(`
-		type boot_t;
-	')
-
-	allow $1 boot_t:dir getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get attributes
-##	of the /boot directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_boot_dirs',`
-	gen_require(`
-		type boot_t;
-	')
-
-	dontaudit $1 boot_t:dir getattr;
-')
-
-########################################
-## <summary>
-##	Search the /boot directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_search_boot',`
-	gen_require(`
-		type boot_t;
-	')
-
-	allow $1 boot_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search the /boot directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_search_boot',`
-	gen_require(`
-		type boot_t;
-	')
-
-	dontaudit $1 boot_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List the /boot directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_list_boot',`
-	gen_require(`
-		type boot_t;
-	')
-
-	allow $1 boot_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create directories in /boot
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_create_boot_dirs',`
-	gen_require(`
-		type boot_t;
-	')
-
-	allow $1 boot_t:dir { create rw_dir_perms };
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	directories in /boot.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_boot_dirs',`
-	gen_require(`
-		type boot_t;
-	')
-
-	allow $1 boot_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create a private type object in boot
-##	with an automatic type transition
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private_type">
-##	<summary>
-##	The type of the object to be created.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The object class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`files_boot_filetrans',`
-	gen_require(`
-		type boot_t;
-	')
-
-	filetrans_pattern($1, boot_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	read files in the /boot directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_read_boot_files',`
-	gen_require(`
-		type boot_t;
-	')
-
-	read_files_pattern($1, boot_t, boot_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete files
-##	in the /boot directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_manage_boot_files',`
-	gen_require(`
-		type boot_t;
-	')
-
-	manage_files_pattern($1, boot_t, boot_t)
-')
-
-########################################
-## <summary>
-##	Relabel from files in the /boot directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_relabelfrom_boot_files',`
-	gen_require(`
-		type boot_t;
-	')
-
-	relabelfrom_files_pattern($1, boot_t, boot_t)
-')
-
-########################################
-## <summary>
-##	Read and write symbolic links
-##	in the /boot directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_rw_boot_symlinks',`
-	gen_require(`
-		type boot_t;
-	')
-
-	allow $1 boot_t:dir list_dir_perms;
-	rw_lnk_files_pattern($1, boot_t, boot_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete symbolic links
-##	in the /boot directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_boot_symlinks',`
-	gen_require(`
-		type boot_t;
-	')
-
-	manage_lnk_files_pattern($1, boot_t, boot_t)
-')
-
-########################################
-## <summary>
-##	Read kernel files in the /boot directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_kernel_img',`
-	gen_require(`
-		type boot_t;
-	')
-
-	allow $1 boot_t:dir list_dir_perms;
-	read_files_pattern($1, boot_t, boot_t)
-	read_lnk_files_pattern($1, boot_t, boot_t)
-')
-
-########################################
-## <summary>
-##	Install a kernel into the /boot directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_create_kernel_img',`
-	gen_require(`
-		type boot_t;
-	')
-
-	allow $1 boot_t:file { create_file_perms rw_file_perms };
-	manage_lnk_files_pattern($1, boot_t, boot_t)
-')
-
-########################################
-## <summary>
-##	Delete a kernel from /boot.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_delete_kernel',`
-	gen_require(`
-		type boot_t;
-	')
-
-	delete_files_pattern($1, boot_t, boot_t)
-')
-
-########################################
-## <summary>
-##	Getattr of directories with the default file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_getattr_default_dirs',`
-	gen_require(`
-		type default_t;
-	')
-
-	allow $1 default_t:dir getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes of
-##	directories with the default file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_default_dirs',`
-	gen_require(`
-		type default_t;
-	')
-
-	dontaudit $1 default_t:dir getattr;
-')
-
-########################################
-## <summary>
-##	Search the contents of directories with the default file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_search_default',`
-	gen_require(`
-		type default_t;
-	')
-
-	allow $1 default_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List contents of directories with the default file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_list_default',`
-	gen_require(`
-		type default_t;
-	')
-
-	allow $1 default_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to list contents of
-##	directories with the default file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_list_default',`
-	gen_require(`
-		type default_t;
-	')
-
-	dontaudit $1 default_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete directories with
-##	the default file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_default_dirs',`
-	gen_require(`
-		type default_t;
-	')
-
-	manage_dirs_pattern($1, default_t, default_t)
-')
-
-########################################
-## <summary>
-##	Mount a filesystem on a directory with the default file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_mounton_default',`
-	gen_require(`
-		type default_t;
-	')
-
-	allow $1 default_t:dir { search_dir_perms mounton };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes of
-##	files with the default file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_default_files',`
-	gen_require(`
-		type default_t;
-	')
-
-	dontaudit $1 default_t:file getattr;
-')
-
-########################################
-## <summary>
-##	Read files with the default file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_default_files',`
-	gen_require(`
-		type default_t;
-	')
-
-	allow $1 default_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read files
-##	with the default file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_read_default_files',`
-	gen_require(`
-		type default_t;
-	')
-
-	dontaudit $1 default_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete files with
-##	the default file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_default_files',`
-	gen_require(`
-		type default_t;
-	')
-
-	manage_files_pattern($1, default_t, default_t)
-')
-
-########################################
-## <summary>
-##	Read symbolic links with the default file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_default_symlinks',`
-	gen_require(`
-		type default_t;
-	')
-
-	allow $1 default_t:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Read sockets with the default file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_default_sockets',`
-	gen_require(`
-		type default_t;
-	')
-
-	allow $1 default_t:sock_file read_sock_file_perms;
-')
-
-########################################
-## <summary>
-##	Read named pipes with the default file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_default_pipes',`
-	gen_require(`
-		type default_t;
-	')
-
-	allow $1 default_t:fifo_file read_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Search the contents of /etc directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_search_etc',`
-	gen_require(`
-		type etc_t;
-	')
-
-	allow $1 etc_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Set the attributes of the /etc directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_setattr_etc_dirs',`
-	gen_require(`
-		type etc_t;
-	')
-
-	allow $1 etc_t:dir setattr;
-')
-
-########################################
-## <summary>
-##	List the contents of /etc directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_list_etc',`
-	gen_require(`
-		type etc_t;
-	')
-
-	allow $1 etc_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write to /etc dirs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_write_etc_dirs',`
-	gen_require(`
-		type etc_t;
-	')
-
-	dontaudit $1 etc_t:dir write;
-')
-
-########################################
-## <summary>
-##	Add and remove entries from /etc directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_rw_etc_dirs',`
-	gen_require(`
-		type etc_t;
-	')
-
-	allow $1 etc_t:dir rw_dir_perms;
-')
-
-##########################################
-## <summary>
-## 	Manage generic directories in /etc
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-##
-#
-interface(`files_manage_etc_dirs',`
-	gen_require(`
-		type etc_t;
-	')
-
-	manage_dirs_pattern($1, etc_t, etc_t)
-')
-
-########################################
-## <summary>
-##	Read generic files in /etc.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to read generic
-##	files in /etc. These files are typically
-##	general system configuration files that do
-##	not have more specific SELinux types.  Some
-##	examples of these files are:
-##	</p>
-##	<ul>
-##		<li>/etc/fstab</li>
-##		<li>/etc/passwd</li>
-##		<li>/etc/services</li>
-##		<li>/etc/shells</li>
-##	</ul>
-##	<p>
-##	This interface does not include access to /etc/shadow.
-##	</p>
-##	<p>
-##	Generally, it is safe for many domains to have
-##	this access.  However, since this interface provides
-##	access to the /etc/passwd file, caution must be
-##	exercised, as user account names can be leaked
-##	through this access.
-##	</p>
-##	<p>
-##	Related interfaces:
-##	</p>
-##	<ul>
-##		<li>auth_read_shadow()</li>
-##		<li>files_read_etc_runtime_files()</li>
-##		<li>seutil_read_config()</li>
-##	</ul>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`files_read_etc_files',`
-	gen_require(`
-		type etc_t;
-	')
-
-	allow $1 etc_t:dir list_dir_perms;
-	read_files_pattern($1, etc_t, etc_t)
-	read_lnk_files_pattern($1, etc_t, etc_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write generic files in /etc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_write_etc_files',`
-	gen_require(`
-		type etc_t;
-	')
-
-	dontaudit $1 etc_t:file write;
-')
-
-########################################
-## <summary>
-##	Read and write generic files in /etc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_rw_etc_files',`
-	gen_require(`
-		type etc_t;
-	')
-
-	allow $1 etc_t:dir list_dir_perms;
-	rw_files_pattern($1, etc_t, etc_t)
-	read_lnk_files_pattern($1, etc_t, etc_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete generic
-##	files in /etc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_manage_etc_files',`
-	gen_require(`
-		type etc_t;
-	')
-
-	manage_files_pattern($1, etc_t, etc_t)
-	read_lnk_files_pattern($1, etc_t, etc_t)
-')
-
-########################################
-## <summary>
-##	Delete system configuration files in /etc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_delete_etc_files',`
-	gen_require(`
-		type etc_t;
-	')
-
-	delete_files_pattern($1, etc_t, etc_t)
-')
-
-########################################
-## <summary>
-##	Remove entries from the etc directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_delete_etc_dir_entry',`
-	gen_require(`
-		type etc_t;
-	')
-
-	allow $1 etc_t:dir del_entry_dir_perms;
-')
-
-########################################
-## <summary>
-##	Execute generic files in /etc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_exec_etc_files',`
-	gen_require(`
-		type etc_t;
-	')
-
-	allow $1 etc_t:dir list_dir_perms;
-	read_lnk_files_pattern($1, etc_t, etc_t)
-	exec_files_pattern($1, etc_t, etc_t)
-')
-
-#######################################
-## <summary>
-##	Relabel from and to generic files in /etc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_relabel_etc_files',`
-	gen_require(`
-		type etc_t;
-	')
-
-	allow $1 etc_t:dir list_dir_perms;
-	relabel_files_pattern($1, etc_t, etc_t)
-')
-
-########################################
-## <summary>
-##	Read symbolic links in /etc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_etc_symlinks',`
-	gen_require(`
-		type etc_t;
-	')
-
-	read_lnk_files_pattern($1, etc_t, etc_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete symbolic links in /etc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_etc_symlinks',`
-	gen_require(`
-		type etc_t;
-	')
-
-	manage_lnk_files_pattern($1, etc_t, etc_t)
-')
-
-########################################
-## <summary>
-##	Create objects in /etc with a private
-##	type using a type_transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="file_type">
-##	<summary>
-##	Private file type.
-##	</summary>
-## </param>
-## <param name="class">
-##	<summary>
-##	Object classes to be created.
-##	</summary>
-## </param>
-#
-interface(`files_etc_filetrans',`
-	gen_require(`
-		type etc_t;
-	')
-
-	filetrans_pattern($1, etc_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Create a boot flag.
-## </summary>
-## <desc>
-##	<p>
-##	Create a boot flag, such as
-##	/.autorelabel and /.autofsck.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_create_boot_flag',`
-	gen_require(`
-		type root_t, etc_runtime_t;
-	')
-
-	allow $1 etc_runtime_t:file manage_file_perms;
-	filetrans_pattern($1, root_t, etc_runtime_t, file)
-')
-
-########################################
-## <summary>
-##	Read files in /etc that are dynamically
-##	created on boot, such as mtab.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to read dynamically created
-##	configuration files in /etc. These files are typically
-##	general system configuration files that do
-##	not have more specific SELinux types.  Some
-##	examples of these files are:
-##	</p>
-##	<ul>
-##		<li>/etc/motd</li>
-##		<li>/etc/mtab</li>
-##		<li>/etc/nologin</li>
-##	</ul>
-##	<p>
-##	This interface does not include access to /etc/shadow.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10" />
-## <rolecap/>
-#
-interface(`files_read_etc_runtime_files',`
-	gen_require(`
-		type etc_t, etc_runtime_t;
-	')
-
-	allow $1 etc_t:dir list_dir_perms;
-	read_files_pattern($1, etc_t, etc_runtime_t)
-	read_lnk_files_pattern($1, etc_t, etc_runtime_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read files
-##	in /etc that are dynamically
-##	created on boot, such as mtab.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_read_etc_runtime_files',`
-	gen_require(`
-		type etc_runtime_t;
-	')
-
-	dontaudit $1 etc_runtime_t:file { getattr read };
-')
-
-########################################
-## <summary>
-##	Read and write files in /etc that are dynamically
-##	created on boot, such as mtab.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_rw_etc_runtime_files',`
-	gen_require(`
-		type etc_t, etc_runtime_t;
-	')
-
-	allow $1 etc_t:dir list_dir_perms;
-	rw_files_pattern($1, etc_t, etc_runtime_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete files in
-##	/etc that are dynamically created on boot,
-##	such as mtab.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_manage_etc_runtime_files',`
-	gen_require(`
-		type etc_t, etc_runtime_t;
-	')
-
-	manage_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
-')
-
-########################################
-## <summary>
-##	Create, etc runtime objects with an automatic
-##	type transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="object">
-##	<summary>
-##	The class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`files_etc_filetrans_etc_runtime',`
-	gen_require(`
-		type etc_t, etc_runtime_t;
-	')
-
-	filetrans_pattern($1, etc_t, etc_runtime_t, $2)
-')
-
-########################################
-## <summary>
-##	Getattr of directories on new filesystems
-##	that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_getattr_isid_type_dirs',`
-	gen_require(`
-		type file_t;
-	')
-
-	allow $1 file_t:dir getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search directories on new filesystems
-##	that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_search_isid_type_dirs',`
-	gen_require(`
-		type file_t;
-	')
-
-	dontaudit $1 file_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List the contents of directories on new filesystems
-##	that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_list_isid_type_dirs',`
-	gen_require(`
-		type file_t;
-	')
-
-	allow $1 file_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read and write directories on new filesystems
-##	that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_rw_isid_type_dirs',`
-	gen_require(`
-		type file_t;
-	')
-
-	allow $1 file_t:dir rw_dir_perms;
-')
-
-########################################
-## <summary>
-##	Delete directories on new filesystems
-##	that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_delete_isid_type_dirs',`
-	gen_require(`
-		type file_t;
-	')
-
-	delete_dirs_pattern($1, file_t, file_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete directories
-##	on new filesystems that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_isid_type_dirs',`
-	gen_require(`
-		type file_t;
-	')
-
-	allow $1 file_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Mount a filesystem on a directory on new filesystems
-##	that has not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_mounton_isid_type_dirs',`
-	gen_require(`
-		type file_t;
-	')
-
-	allow $1 file_t:dir { search_dir_perms mounton };
-')
-
-########################################
-## <summary>
-##	Read files on new filesystems
-##	that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_isid_type_files',`
-	gen_require(`
-		type file_t;
-	')
-
-	allow $1 file_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Delete files on new filesystems
-##	that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_delete_isid_type_files',`
-	gen_require(`
-		type file_t;
-	')
-
-	delete_files_pattern($1, file_t, file_t)
-')
-
-########################################
-## <summary>
-##	Delete symbolic links on new filesystems
-##	that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_delete_isid_type_symlinks',`
-	gen_require(`
-		type file_t;
-	')
-
-	delete_lnk_files_pattern($1, file_t, file_t)
-')
-
-########################################
-## <summary>
-##	Delete named pipes on new filesystems
-##	that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_delete_isid_type_fifo_files',`
-	gen_require(`
-		type file_t;
-	')
-
-	delete_fifo_files_pattern($1, file_t, file_t)
-')
-
-########################################
-## <summary>
-##	Delete named sockets on new filesystems
-##	that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_delete_isid_type_sock_files',`
-	gen_require(`
-		type file_t;
-	')
-
-	delete_sock_files_pattern($1, file_t, file_t)
-')
-
-########################################
-## <summary>
-##	Delete block files on new filesystems
-##	that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_delete_isid_type_blk_files',`
-	gen_require(`
-		type file_t;
-	')
-
-	delete_blk_files_pattern($1, file_t, file_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write to character
-##	files that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_write_isid_chr_files',`
-	gen_require(`
-		type file_t;
-	')
-
-	dontaudit $1 file_t:chr_file write;
-')
-
-########################################
-## <summary>
-##	Delete chr files on new filesystems
-##	that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_delete_isid_type_chr_files',`
-	gen_require(`
-		type file_t;
-	')
-
-	delete_chr_files_pattern($1, file_t, file_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete files
-##	on new filesystems that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_isid_type_files',`
-	gen_require(`
-		type file_t;
-	')
-
-	allow $1 file_t:file manage_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete symbolic links
-##	on new filesystems that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_isid_type_symlinks',`
-	gen_require(`
-		type file_t;
-	')
-
-	allow $1 file_t:lnk_file manage_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write block device nodes on new filesystems
-##	that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_rw_isid_type_blk_files',`
-	gen_require(`
-		type file_t;
-	')
-
-	allow $1 file_t:blk_file rw_blk_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete block device nodes
-##	on new filesystems that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_isid_type_blk_files',`
-	gen_require(`
-		type file_t;
-	')
-
-	allow $1 file_t:blk_file manage_blk_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete character device nodes
-##	on new filesystems that have not yet been labeled.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_isid_type_chr_files',`
-	gen_require(`
-		type file_t;
-	')
-
-	allow $1 file_t:chr_file manage_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Get the attributes of the home directories root
-##	(/home).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_getattr_home_dir',`
-	gen_require(`
-		type home_root_t;
-	')
-
-	allow $1 home_root_t:dir getattr;
-	allow $1 home_root_t:lnk_file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the
-##	attributes of the home directories root
-##	(/home).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_home_dir',`
-	gen_require(`
-		type home_root_t;
-	')
-
-	dontaudit $1 home_root_t:dir getattr;
-	dontaudit $1 home_root_t:lnk_file getattr;
-')
-
-########################################
-## <summary>
-##	Search home directories root (/home).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_search_home',`
-	gen_require(`
-		type home_root_t;
-	')
-
-	allow $1 home_root_t:dir search_dir_perms;
-	allow $1 home_root_t:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search
-##	home directories root (/home).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_search_home',`
-	gen_require(`
-		type home_root_t;
-	')
-
-	dontaudit $1 home_root_t:dir search_dir_perms;
-	dontaudit $1 home_root_t:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to list
-##	home directories root (/home).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_list_home',`
-	gen_require(`
-		type home_root_t;
-	')
-
-	dontaudit $1 home_root_t:dir list_dir_perms;
-	dontaudit $1 home_root_t:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Get listing of home directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_list_home',`
-	gen_require(`
-		type home_root_t;
-	')
-
-	allow $1 home_root_t:dir list_dir_perms;
-	allow $1 home_root_t:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Relabel to user home root (/home).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_relabelto_home',`
-	gen_require(`
-		type home_root_t;
-	')
-
-	allow $1 home_root_t:dir relabelto;
-')
-
-########################################
-## <summary>
-##	Create objects in /home.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="home_type">
-##	<summary>
-##	The private type.
-##	</summary>
-## </param>
-## <param name="object">
-##	<summary>
-##	The class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`files_home_filetrans',`
-	gen_require(`
-		type home_root_t;
-	')
-
-	filetrans_pattern($1, home_root_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Get the attributes of lost+found directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_getattr_lost_found_dirs',`
-	gen_require(`
-		type lost_found_t;
-	')
-
-	allow $1 lost_found_t:dir getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes of
-##	lost+found directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_lost_found_dirs',`
-	gen_require(`
-		type lost_found_t;
-	')
-
-	dontaudit $1 lost_found_t:dir getattr;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete objects in
-##	lost+found directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_manage_lost_found',`
-	gen_require(`
-		type lost_found_t;
-	')
-
-	manage_dirs_pattern($1, lost_found_t, lost_found_t)
-	manage_files_pattern($1, lost_found_t, lost_found_t)
-	manage_lnk_files_pattern($1, lost_found_t, lost_found_t)
-	manage_fifo_files_pattern($1, lost_found_t, lost_found_t)
-	manage_sock_files_pattern($1, lost_found_t, lost_found_t)
-')
-
-########################################
-## <summary>
-##	Search the contents of /mnt.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_search_mnt',`
-	gen_require(`
-		type mnt_t;
-	')
-
-	allow $1 mnt_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search /mnt.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_search_mnt',`
-	gen_require(`
-		type mnt_t;
-	')
-
-	dontaudit $1 mnt_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List the contents of /mnt.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_list_mnt',`
-	gen_require(`
-		type mnt_t;
-	')
-
-	allow $1 mnt_t:dir list_dir_perms;
-')
-
-######################################
-## <summary>
-##  dontaudit List the contents of /mnt.
-## </summary>
-## <param name="domain">
-##  <summary>
-##  Domain allowed access.
-##  </summary>
-## </param>
-#
-interface(`files_dontaudit_list_mnt',`
-    gen_require(`
-        type mnt_t;
-    ')
-
-    dontaudit $1 mnt_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Mount a filesystem on /mnt.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_mounton_mnt',`
-	gen_require(`
-		type mnt_t;
-	')
-
-	allow $1 mnt_t:dir { search_dir_perms mounton };
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete directories in /mnt.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_manage_mnt_dirs',`
-	gen_require(`
-		type mnt_t;
-	')
-
-	allow $1 mnt_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete files in /mnt.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_mnt_files',`
-	gen_require(`
-		type mnt_t;
-	')
-
-	manage_files_pattern($1, mnt_t, mnt_t)
-')
-
-########################################
-## <summary>
-##	read files in /mnt.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_mnt_files',`
-	gen_require(`
-		type mnt_t;
-	')
-
-	read_files_pattern($1, mnt_t, mnt_t)
-')
-
-######################################
-## <summary>
-##  Read symbolic links in /mnt.
-## </summary>
-## <param name="domain">
-##  <summary>
-##  Domain allowed access.
-##  </summary>
-## </param>
-#
-interface(`files_read_mnt_symlinks',`
-    gen_require(`
-        type mnt_t;
-    ')
-
-    read_lnk_files_pattern($1, mnt_t, mnt_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete symbolic links in /mnt.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_mnt_symlinks',`
-	gen_require(`
-		type mnt_t;
-	')
-
-	manage_lnk_files_pattern($1, mnt_t, mnt_t)
-')
-
-########################################
-## <summary>
-##	Search the contents of the kernel module directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_search_kernel_modules',`
-	gen_require(`
-		type modules_object_t;
-	')
-
-	allow $1 modules_object_t:dir search_dir_perms;
-	read_lnk_files_pattern($1, modules_object_t, modules_object_t)
-')
-
-########################################
-## <summary>
-##	List the contents of the kernel module directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_list_kernel_modules',`
-	gen_require(`
-		type modules_object_t;
-	')
-
-	allow $1 modules_object_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Get the attributes of kernel module files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_getattr_kernel_modules',`
-	gen_require(`
-		type modules_object_t;
-	')
-
-	getattr_files_pattern($1, modules_object_t, modules_object_t)
-')
-
-########################################
-## <summary>
-##	Read kernel module files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_kernel_modules',`
-	gen_require(`
-		type modules_object_t;
-	')
-
-	allow $1 modules_object_t:dir list_dir_perms;
-	read_files_pattern($1, modules_object_t, modules_object_t)
-	read_lnk_files_pattern($1, modules_object_t, modules_object_t)
-')
-
-########################################
-## <summary>
-##	Write kernel module files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_write_kernel_modules',`
-	gen_require(`
-		type modules_object_t;
-	')
-
-	allow $1 modules_object_t:dir list_dir_perms;
-	write_files_pattern($1, modules_object_t, modules_object_t)
-')
-
-########################################
-## <summary>
-##	Delete kernel module files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_delete_kernel_modules',`
-	gen_require(`
-		type modules_object_t;
-	')
-
-	delete_files_pattern($1, modules_object_t, modules_object_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	kernel module files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_manage_kernel_modules',`
-	gen_require(`
-		type modules_object_t;
-	')
-
-	manage_files_pattern($1, modules_object_t, modules_object_t)
-')
-
-########################################
-## <summary>
-##	Relabel from and to kernel module files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_relabel_kernel_modules',`
-	gen_require(`
-		type modules_object_t;
-	')
-
-	relabel_files_pattern($1, modules_object_t, modules_object_t)
-	allow $1 modules_object_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create objects in the kernel module directories
-##	with a private type via an automatic type transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private_type">
-##	<summary>
-##	The type of the object to be created.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The object class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`files_kernel_modules_filetrans',`
-	gen_require(`
-		type modules_object_t;
-	')
-
-	filetrans_pattern($1, modules_object_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	List world-readable directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_list_world_readable',`
-	gen_require(`
-		type readable_t;
-	')
-
-	allow $1 readable_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read world-readable files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_read_world_readable_files',`
-	gen_require(`
-		type readable_t;
-	')
-
-	allow $1 readable_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Read world-readable symbolic links.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_read_world_readable_symlinks',`
-	gen_require(`
-		type readable_t;
-	')
-
-	allow $1 readable_t:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Read world-readable named pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_world_readable_pipes',`
-	gen_require(`
-		type readable_t;
-	')
-
-	allow $1 readable_t:fifo_file read_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Read world-readable sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_world_readable_sockets',`
-	gen_require(`
-		type readable_t;
-	')
-
-	allow $1 readable_t:sock_file read_sock_file_perms;
-')
-
-#######################################
-## <summary>
-##  Read manageable system configuration files in /etc
-## </summary>
-## <param name="domain">
-##  <summary>
-##  Domain allowed access.
-##  </summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_read_system_conf_files',`
-    gen_require(`
-        type etc_t, system_conf_t;
-    ')
-
-    allow $1 etc_t:dir list_dir_perms;
-    read_files_pattern($1, etc_t, system_conf_t)
-    read_lnk_files_pattern($1, etc_t, system_conf_t)
-')
-
-######################################
-## <summary>
-##  Manage manageable system configuration files in /etc.
-## </summary>
-## <param name="domain">
-##  <summary>
-##  Domain allowed access.
-##  </summary>
-## </param>
-#
-interface(`files_manage_system_conf_files',`
-    gen_require(`
-        type etc_t, system_conf_t;
-    ')
-
-    manage_files_pattern($1, { etc_t system_conf_t }, system_conf_t)
-')
-
-######################################
-## <summary>
-##  Relabel manageable system configuration files in /etc.
-## </summary>
-## <param name="domain">
-##  <summary>
-##  Domain allowed access.
-##  </summary>
-## </param>
-#
-interface(`files_relabelto_system_conf_files',`
-    gen_require(`
-        type usr_t;
-    ')
-
-    relabelto_files_pattern($1, system_conf_t, system_conf_t)
-')
-
-######################################
-## <summary>
-##  Relabel manageable system configuration files in /etc.
-## </summary>
-## <param name="domain">
-##  <summary>
-##  Domain allowed access.
-##  </summary>
-## </param>
-#
-interface(`files_relabelfrom_system_conf_files',`
-    gen_require(`
-        type usr_t;
-    ')
-
-    relabelfrom_files_pattern($1, system_conf_t, system_conf_t)
-')
-
-###################################
-## <summary>
-##  Create files in /etc with the type used for
-##  the manageable system config files.
-## </summary>
-## <param name="domain">
-##  <summary>
-##  The type of the process performing this action.
-##  </summary>
-## </param>
-#
-interface(`files_etc_filetrans_system_conf',`
-    gen_require(`
-        type etc_t, system_conf_t;
-    ')
-
-    filetrans_pattern($1, etc_t, system_conf_t, file)
-')
-
-########################################
-## <summary>
-##	Allow the specified type to associate
-##	to a filesystem with the type of the
-##	temporary directory (/tmp).
-## </summary>
-## <param name="file_type">
-##	<summary>
-##	Type of the file to associate.
-##	</summary>
-## </param>
-#
-interface(`files_associate_tmp',`
-	gen_require(`
-		type tmp_t;
-	')
-
-	allow $1 tmp_t:filesystem associate;
-')
-
-########################################
-## <summary>
-##	Get the	attributes of the tmp directory (/tmp).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_getattr_tmp_dirs',`
-	gen_require(`
-		type tmp_t;
-	')
-
-	allow $1 tmp_t:dir getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the
-##	attributes of the tmp directory (/tmp).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_tmp_dirs',`
-	gen_require(`
-		type tmp_t;
-	')
-
-	dontaudit $1 tmp_t:dir getattr;
-')
-
-########################################
-## <summary>
-##	Search the tmp directory (/tmp).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_search_tmp',`
-	gen_require(`
-		type tmp_t;
-	')
-
-	allow $1 tmp_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search the tmp directory (/tmp).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_search_tmp',`
-	gen_require(`
-		type tmp_t;
-	')
-
-	dontaudit $1 tmp_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read the tmp directory (/tmp).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_list_tmp',`
-	gen_require(`
-		type tmp_t;
-	')
-
-	allow $1 tmp_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit listing of the tmp directory (/tmp).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain not to audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_list_tmp',`
-	gen_require(`
-		type tmp_t;
-	')
-
-	dontaudit $1 tmp_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Remove entries from the tmp directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_delete_tmp_dir_entry',`
-	gen_require(`
-		type tmp_t;
-	')
-
-	allow $1 tmp_t:dir del_entry_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read files in the tmp directory (/tmp).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_generic_tmp_files',`
-	gen_require(`
-		type tmp_t;
-	')
-
-	read_files_pattern($1, tmp_t, tmp_t)
-')
-
-########################################
-## <summary>
-##	Manage temporary directories in /tmp.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_generic_tmp_dirs',`
-	gen_require(`
-		type tmp_t;
-	')
-
-	manage_dirs_pattern($1, tmp_t, tmp_t)
-')
-
-########################################
-## <summary>
-##	Allow shared library text relocations in tmp files.
-## </summary>
-## <desc>
-##	<p>
-##	Allow shared library text relocations in tmp files.
-##	</p>
-##	<p>
-##	This is added to support java policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_execmod_tmp',`
-	gen_require(`
-		attribute tmpfile;
-	')
-
-	allow $1 tmpfile:file execmod;
-')
-
-########################################
-## <summary>
-##	Manage temporary files and directories in /tmp.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_generic_tmp_files',`
-	gen_require(`
-		type tmp_t;
-	')
-
-	manage_files_pattern($1, tmp_t, tmp_t)
-')
-
-########################################
-## <summary>
-##	Read symbolic links in the tmp directory (/tmp).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_generic_tmp_symlinks',`
-	gen_require(`
-		type tmp_t;
-	')
-
-	read_lnk_files_pattern($1, tmp_t, tmp_t)
-')
-
-########################################
-## <summary>
-##	Read and write generic named sockets in the tmp directory (/tmp).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_rw_generic_tmp_sockets',`
-	gen_require(`
-		type tmp_t;
-	')
-
-	rw_sock_files_pattern($1, tmp_t, tmp_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes of all tmp directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_setattr_all_tmp_dirs',`
-	gen_require(`
-		attribute tmpfile;
-	')
-
-	allow $1 tmpfile:dir { search_dir_perms setattr };
-')
-
-########################################
-## <summary>
-##	List all tmp directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_list_all_tmp',`
-	gen_require(`
-		attribute tmpfile;
-	')
-
-	allow $1 tmpfile:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of all tmp files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain not to audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_all_tmp_files',`
-	gen_require(`
-		attribute tmpfile;
-	')
-
-	dontaudit $1 tmpfile:file getattr;
-')
-
-########################################
-## <summary>
-##	Allow attempts to get the attributes
-##	of all tmp files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_getattr_all_tmp_files',`
-	gen_require(`
-		attribute tmpfile;
-	')
-
-	allow $1 tmpfile:file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of all tmp sock_file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain not to audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_all_tmp_sockets',`
-	gen_require(`
-		attribute tmpfile;
-	')
-
-	dontaudit $1 tmpfile:sock_file getattr;
-')
-
-########################################
-## <summary>
-##	Read all tmp files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_all_tmp_files',`
-	gen_require(`
-		attribute tmpfile;
-	')
-
-	read_files_pattern($1, tmpfile, tmpfile)
-')
-
-########################################
-## <summary>
-##	Create an object in the tmp directories, with a private
-##	type using a type transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private type">
-##	<summary>
-##	The type of the object to be created.
-##	</summary>
-## </param>
-## <param name="object">
-##	<summary>
-##	The object class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`files_tmp_filetrans',`
-	gen_require(`
-		type tmp_t;
-	')
-
-	filetrans_pattern($1, tmp_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Delete the contents of /tmp.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_purge_tmp',`
-	gen_require(`
-		attribute tmpfile;
-	')
-
-	allow $1 tmpfile:dir list_dir_perms;
-	delete_dirs_pattern($1, tmpfile, tmpfile)
-	delete_files_pattern($1, tmpfile, tmpfile)
-	delete_lnk_files_pattern($1, tmpfile, tmpfile)
-	delete_fifo_files_pattern($1, tmpfile, tmpfile)
-	delete_sock_files_pattern($1, tmpfile, tmpfile)
-	files_delete_isid_type_dirs($1)
-	files_delete_isid_type_files($1)
-	files_delete_isid_type_symlinks($1)
-	files_delete_isid_type_fifo_files($1)
-	files_delete_isid_type_sock_files($1)
-	files_delete_isid_type_blk_files($1)
-	files_delete_isid_type_chr_files($1)
-')
-
-########################################
-## <summary>
-##	Set the attributes of the /usr directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_setattr_usr_dirs',`
-	gen_require(`
-		type usr_t;
-	')
-
-	allow $1 usr_t:dir setattr;
-')
-
-########################################
-## <summary>
-##	Search the content of /etc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_search_usr',`
-	gen_require(`
-		type usr_t;
-	')
-
-	allow $1 usr_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List the contents of generic
-##	directories in /usr.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_list_usr',`
-	gen_require(`
-		type usr_t;
-	')
-
-	allow $1 usr_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit write of /usr dirs
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_write_usr_dirs',`
-	gen_require(`
-		type usr_t;
-	')
-
-	dontaudit $1 usr_t:dir write;
-')
-
-########################################
-## <summary>
-##	Add and remove entries from /usr directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_rw_usr_dirs',`
-	gen_require(`
-		type usr_t;
-	')
-
-	allow $1 usr_t:dir rw_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to add and remove
-##	entries from /usr directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_rw_usr_dirs',`
-	gen_require(`
-		type usr_t;
-	')
-
-	dontaudit $1 usr_t:dir rw_dir_perms;
-')
-
-########################################
-## <summary>
-##	Delete generic directories in /usr in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_delete_usr_dirs',`
-	gen_require(`
-		type usr_t;
-	')
-
-	delete_dirs_pattern($1, usr_t, usr_t)
-')
-
-########################################
-## <summary>
-##	Delete generic files in /usr in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_delete_usr_files',`
-	gen_require(`
-		type usr_t;
-	')
-
-	delete_files_pattern($1, usr_t, usr_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of files in /usr.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_getattr_usr_files',`
-	gen_require(`
-		type usr_t;
-	')
-
-	getattr_files_pattern($1, usr_t, usr_t)
-')
-
-########################################
-## <summary>
-##	Read generic files in /usr.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to read generic
-##	files in /usr. These files are various program
-##	files that do not have more specific SELinux types.
-##	Some examples of these files are:
-##	</p>
-##	<ul>
-##		<li>/usr/include/*</li>
-##		<li>/usr/share/doc/*</li>
-##		<li>/usr/share/info/*</li>
-##	</ul>
-##	<p>
-##	Generally, it is safe for many domains to have
-##	this access.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`files_read_usr_files',`
-	gen_require(`
-		type usr_t;
-	')
-
-	allow $1 usr_t:dir list_dir_perms;
-	read_files_pattern($1, usr_t, usr_t)
-	read_lnk_files_pattern($1, usr_t, usr_t)
-')
-
-########################################
-## <summary>
-##	Execute generic programs in /usr in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_exec_usr_files',`
-	gen_require(`
-		type usr_t;
-	')
-
-	allow $1 usr_t:dir list_dir_perms;
-	exec_files_pattern($1, usr_t, usr_t)
-	read_lnk_files_pattern($1, usr_t, usr_t)
-')
-
-########################################
-## <summary>
-##	dontaudit write of /usr files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_write_usr_files',`
-	gen_require(`
-		type usr_t;
-	')
-
-	dontaudit $1 usr_t:file write;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete files in the /usr directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_usr_files',`
-	gen_require(`
-		type usr_t;
-	')
-
-	manage_files_pattern($1, usr_t, usr_t)
-')
-
-########################################
-## <summary>
-##	Relabel a file to the type used in /usr.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_relabelto_usr_files',`
-	gen_require(`
-		type usr_t;
-	')
-
-	relabelto_files_pattern($1, usr_t, usr_t)
-')
-
-########################################
-## <summary>
-##	Relabel a file from the type used in /usr.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_relabelfrom_usr_files',`
-	gen_require(`
-		type usr_t;
-	')
-
-	relabelfrom_files_pattern($1, usr_t, usr_t)
-')
-
-########################################
-## <summary>
-##	Read symbolic links in /usr.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_usr_symlinks',`
-	gen_require(`
-		type usr_t;
-	')
-
-	read_lnk_files_pattern($1, usr_t, usr_t)
-')
-
-########################################
-## <summary>
-##	Create objects in the /usr directory
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="file_type">
-##	<summary>
-##	The type of the object to be created
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The object class.
-##	</summary>
-## </param>
-#
-interface(`files_usr_filetrans',`
-	gen_require(`
-		type usr_t;
-	')
-
-	filetrans_pattern($1, usr_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search /usr/src.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_search_src',`
-	gen_require(`
-		type src_t;
-	')
-
-	dontaudit $1 src_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Get the attributes of files in /usr/src.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_getattr_usr_src_files',`
-	gen_require(`
-		type usr_t, src_t;
-	')
-
-	getattr_files_pattern($1, src_t, src_t)
-
-	# /usr/src/linux symlink:
-	read_lnk_files_pattern($1, usr_t, src_t)
-')
-
-########################################
-## <summary>
-##	Read files in /usr/src.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_usr_src_files',`
-	gen_require(`
-		type usr_t, src_t;
-	')
-
-	allow $1 usr_t:dir search_dir_perms;
-	read_files_pattern($1, { usr_t src_t }, src_t)
-	read_lnk_files_pattern($1, { usr_t src_t }, src_t)
-	allow $1 src_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Execute programs in /usr/src in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_exec_usr_src_files',`
-	gen_require(`
-		type usr_t, src_t;
-	')
-
-	list_dirs_pattern($1, usr_t, src_t)
-	exec_files_pattern($1, src_t, src_t)
-	read_lnk_files_pattern($1, src_t, src_t)
-')
-
-########################################
-## <summary>
-##	Install a system.map into the /boot directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_create_kernel_symbol_table',`
-	gen_require(`
-		type boot_t, system_map_t;
-	')
-
-	allow $1 boot_t:dir { list_dir_perms add_entry_dir_perms };
-	allow $1 system_map_t:file { create_file_perms rw_file_perms };
-')
-
-########################################
-## <summary>
-##	Read system.map in the /boot directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_kernel_symbol_table',`
-	gen_require(`
-		type boot_t, system_map_t;
-	')
-
-	allow $1 boot_t:dir list_dir_perms;
-	read_files_pattern($1, boot_t, system_map_t)
-')
-
-########################################
-## <summary>
-##	Delete a system.map in the /boot directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_delete_kernel_symbol_table',`
-	gen_require(`
-		type boot_t, system_map_t;
-	')
-
-	allow $1 boot_t:dir list_dir_perms;
-	delete_files_pattern($1, boot_t, system_map_t)
-')
-
-########################################
-## <summary>
-##	Search the contents of /var.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_search_var',`
-	gen_require(`
-		type var_t;
-	')
-
-	allow $1 var_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write to /var.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_write_var_dirs',`
-	gen_require(`
-		type var_t;
-	')
-
-	dontaudit $1 var_t:dir write;
-')
-
-########################################
-## <summary>
-##	Allow attempts to write to /var.dirs
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_write_var_dirs',`
-	gen_require(`
-		type var_t;
-	')
-
-	allow $1 var_t:dir write;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search
-##	the contents of /var.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_search_var',`
-	gen_require(`
-		type var_t;
-	')
-
-	dontaudit $1 var_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List the contents of /var.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_list_var',`
-	gen_require(`
-		type var_t;
-	')
-
-	allow $1 var_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete directories
-##	in the /var directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_var_dirs',`
-	gen_require(`
-		type var_t;
-	')
-
-	allow $1 var_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read files in the /var directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_var_files',`
-	gen_require(`
-		type var_t;
-	')
-
-	read_files_pattern($1, var_t, var_t)
-')
-
-########################################
-## <summary>
-##	Append files in the /var directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_append_var_files',`
-	gen_require(`
-		type var_t;
-	')
-
-	append_files_pattern($1, var_t, var_t)
-')
-
-########################################
-## <summary>
-##	Read and write files in the /var directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_rw_var_files',`
-	gen_require(`
-		type var_t;
-	')
-
-	rw_files_pattern($1, var_t, var_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write
-##	files in the /var directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_rw_var_files',`
-	gen_require(`
-		type var_t;
-	')
-
-	dontaudit $1 var_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete files in the /var directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_var_files',`
-	gen_require(`
-		type var_t;
-	')
-
-	manage_files_pattern($1, var_t, var_t)
-')
-
-########################################
-## <summary>
-##	Read symbolic links in the /var directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_var_symlinks',`
-	gen_require(`
-		type var_t;
-	')
-
-	read_lnk_files_pattern($1, var_t, var_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete symbolic
-##	links in the /var directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_var_symlinks',`
-	gen_require(`
-		type var_t;
-	')
-
-	manage_lnk_files_pattern($1, var_t, var_t)
-')
-
-########################################
-## <summary>
-##	Create objects in the /var directory
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="file_type">
-##	<summary>
-##	The type of the object to be created
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The object class.
-##	</summary>
-## </param>
-#
-interface(`files_var_filetrans',`
-	gen_require(`
-		type var_t;
-	')
-
-	filetrans_pattern($1, var_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the /var/lib directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_getattr_var_lib_dirs',`
-	gen_require(`
-		type var_t, var_lib_t;
-	')
-
-	getattr_dirs_pattern($1, var_t, var_lib_t)
-')
-
-########################################
-## <summary>
-##	Search the /var/lib directory.
-## </summary>
-## <desc>
-##	<p>
-##	Search the /var/lib directory.  This is
-##	necessary to access files or directories under
-##	/var/lib that have a private type.  For example, a
-##	domain accessing a private library file in the
-##	/var/lib directory:
-##	</p>
-##	<p>
-##	allow mydomain_t mylibfile_t:file read_file_perms;
-##	files_search_var_lib(mydomain_t)
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="5"/>
-#
-interface(`files_search_var_lib',`
-	gen_require(`
-		type var_t, var_lib_t;
-	')
-
-	search_dirs_pattern($1, var_t, var_lib_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search the
-##	contents of /var/lib.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="5"/>
-#
-interface(`files_dontaudit_search_var_lib',`
-	gen_require(`
-		type var_lib_t;
-	')
-
-	dontaudit $1 var_lib_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List the contents of the /var/lib directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_list_var_lib',`
-	gen_require(`
-		type var_t, var_lib_t;
-	')
-
-	list_dirs_pattern($1, var_t, var_lib_t)
-')
-
-###########################################
-## <summary>
-##	Read-write /var/lib directories
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_rw_var_lib_dirs',`
-	gen_require(`
-		type var_lib_t;
-	')
-
-	rw_dirs_pattern($1, var_lib_t, var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create objects in the /var/lib directory
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="file_type">
-##	<summary>
-##	The type of the object to be created
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The object class.
-##	</summary>
-## </param>
-#
-interface(`files_var_lib_filetrans',`
-	gen_require(`
-		type var_t, var_lib_t;
-	')
-
-	allow $1 var_t:dir search_dir_perms;
-	filetrans_pattern($1, var_lib_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Read generic files in /var/lib.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_var_lib_files',`
-	gen_require(`
-		type var_t, var_lib_t;
-	')
-
-	allow $1 var_lib_t:dir list_dir_perms;
-	read_files_pattern($1, { var_t var_lib_t }, var_lib_t)
-')
-
-########################################
-## <summary>
-##	Read generic symbolic links in /var/lib
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_var_lib_symlinks',`
-	gen_require(`
-		type var_t, var_lib_t;
-	')
-
-	read_lnk_files_pattern($1, { var_t var_lib_t }, var_lib_t)
-')
-
-# cjp: the next two interfaces really need to be fixed
-# in some way.  They really neeed their own types.
-
-########################################
-## <summary>
-##	Create, read, write, and delete the
-##	pseudorandom number generator seed.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_urandom_seed',`
-	gen_require(`
-		type var_t, var_lib_t;
-	')
-
-	allow $1 var_t:dir search_dir_perms;
-	manage_files_pattern($1, var_lib_t, var_lib_t)
-')
-
-########################################
-## <summary>
-##	Allow domain to manage mount tables
-##	necessary for rpcd, nfsd, etc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_mounttab',`
-	gen_require(`
-		type var_t, var_lib_t;
-	')
-
-	allow $1 var_t:dir search_dir_perms;
-	manage_files_pattern($1, var_lib_t, var_lib_t)
-')
-
-########################################
-## <summary>
-##	List generic lock directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_list_locks',`
-	gen_require(`
-		type var_t, var_lock_t;
-	')
-
-	list_dirs_pattern($1, var_t, var_lock_t)
-')
-
-########################################
-## <summary>
-##	Search the locks directory (/var/lock).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_search_locks',`
-	gen_require(`
-		type var_t, var_lock_t;
-	')
-
-	search_dirs_pattern($1, var_t, var_lock_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search the
-##	locks directory (/var/lock).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_search_locks',`
-	gen_require(`
-		type var_lock_t;
-	')
-
-	dontaudit $1 var_lock_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Add and remove entries in the /var/lock
-##	directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_rw_lock_dirs',`
-	gen_require(`
-		type var_t, var_lock_t;
-	')
-
-	rw_dirs_pattern($1, var_t, var_lock_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of generic lock files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_getattr_generic_locks',`
-	gen_require(`
-		type var_t, var_lock_t;
-	')
-
-	allow $1 var_t:dir search_dir_perms;
-	allow $1 var_lock_t:dir list_dir_perms;
-	getattr_files_pattern($1, var_lock_t, var_lock_t)
-')
-
-########################################
-## <summary>
-##	Delete generic lock files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_delete_generic_locks',`
-       gen_require(`
-               type var_t, var_lock_t;
-       ')
-
-       allow $1 var_t:dir search_dir_perms;
-       delete_files_pattern($1, var_lock_t, var_lock_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete generic
-##	lock files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_generic_locks',`
-	gen_require(`
-		type var_t, var_lock_t;
-	')
-
-	allow $1 var_t:dir search_dir_perms;
-	manage_files_pattern($1, var_lock_t, var_lock_t)
-')
-
-########################################
-## <summary>
-##	Delete all lock files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_delete_all_locks',`
-	gen_require(`
-		attribute lockfile;
-		type var_t;
-	')
-
-	allow $1 var_t:dir search_dir_perms;
-	delete_files_pattern($1, lockfile, lockfile)
-')
-
-########################################
-## <summary>
-##	Read all lock files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_all_locks',`
-	gen_require(`
-		attribute lockfile;
-		type var_t, var_lock_t;
-	')
-
-	allow $1 { var_t var_lock_t }:dir search_dir_perms;
-	allow $1 lockfile:dir list_dir_perms;
-	read_files_pattern($1, lockfile, lockfile)
-	read_lnk_files_pattern($1, lockfile, lockfile)
-')
-
-########################################
-## <summary>
-##	manage all lock files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_all_locks',`
-	gen_require(`
-		attribute lockfile;
-		type var_t, var_lock_t;
-	')
-
-	allow $1 { var_t var_lock_t }:dir search_dir_perms;
-	manage_dirs_pattern($1, lockfile, lockfile)
-	manage_files_pattern($1, lockfile, lockfile)
-	manage_lnk_files_pattern($1, lockfile, lockfile)
-')
-
-########################################
-## <summary>
-##	Create an object in the locks directory, with a private
-##	type using a type transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private type">
-##	<summary>
-##	The type of the object to be created.
-##	</summary>
-## </param>
-## <param name="object">
-##	<summary>
-##	The object class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`files_lock_filetrans',`
-	gen_require(`
-		type var_t, var_lock_t;
-	')
-
-	allow $1 var_t:dir search_dir_perms;
-	filetrans_pattern($1, var_lock_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of the /var/run directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_pid_dirs',`
-	gen_require(`
-		type var_run_t;
-	')
-
-	dontaudit $1 var_run_t:dir getattr;
-')
-
-########################################
-## <summary>
-##	Set the attributes of the /var/run directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_setattr_pid_dirs',`
-	gen_require(`
-		type var_run_t;
-	')
-
-	allow $1 var_run_t:dir setattr;
-')
-
-########################################
-## <summary>
-##	Search the contents of runtime process
-##	ID directories (/var/run).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_search_pids',`
-	gen_require(`
-		type var_t, var_run_t;
-	')
-
-	search_dirs_pattern($1, var_t, var_run_t)
-')
-
-######################################
-## <summary>
-## Add and remove entries from pid directories.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`files_rw_pid_dirs',`
-    gen_require(`
-        type var_run_t;
-    ')
-
-    allow $1 var_run_t:dir rw_dir_perms;
-')
-
-#######################################
-## <summary>
-##      Create generic pid directory.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`files_create_var_run_dirs',`
-        gen_require(`
-                type var_t, var_run_t;
-        ')
-
-        allow $1 var_t:dir search_dir_perms;
-        allow $1 var_run_t:dir create_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search
-##	the /var/run directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_search_pids',`
-	gen_require(`
-		type var_run_t;
-	')
-
-	dontaudit $1 var_run_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List the contents of the runtime process
-##	ID directories (/var/run).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_list_pids',`
-	gen_require(`
-		type var_t, var_run_t;
-	')
-
-	list_dirs_pattern($1, var_t, var_run_t)
-')
-
-########################################
-## <summary>
-##	Read generic process ID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_generic_pids',`
-	gen_require(`
-		type var_t, var_run_t;
-	')
-
-	list_dirs_pattern($1, var_t, var_run_t)
-	read_files_pattern($1, var_run_t, var_run_t)
-')
-
-########################################
-## <summary>
-##	Write named generic process ID pipes
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_write_generic_pid_pipes',`
-	gen_require(`
-		type var_run_t;
-	')
-
-	allow $1 var_run_t:fifo_file write;
-')
-
-########################################
-## <summary>
-##	Create an object in the process ID directory, with a private type.
-## </summary>
-## <desc>
-##	<p>
-##	Create an object in the process ID directory (e.g., /var/run)
-##	with a private type.  Typically this is used for creating
-##	private PID files in /var/run with the private type instead
-##	of the general PID file type. To accomplish this goal,
-##	either the program must be SELinux-aware, or use this interface.
-##	</p>
-##	<p>
-##	Related interfaces:
-##	</p>
-##	<ul>
-##		<li>files_pid_file()</li>
-##	</ul>
-##	<p>
-##	Example usage with a domain that can create and
-##	write its PID file with a private PID file type in the
-##	/var/run directory:
-##	</p>
-##	<p>
-##	type mypidfile_t;
-##	files_pid_file(mypidfile_t)
-##	allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms };
-##	files_pid_filetrans(mydomain_t, mypidfile_t, file)
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private type">
-##	<summary>
-##	The type of the object to be created.
-##	</summary>
-## </param>
-## <param name="object">
-##	<summary>
-##	The object class of the object being created.
-##	</summary>
-## </param>
-## <infoflow type="write" weight="10"/>
-#
-interface(`files_pid_filetrans',`
-	gen_require(`
-		type var_t, var_run_t;
-	')
-
-	allow $1 var_t:dir search_dir_perms;
-	filetrans_pattern($1, var_run_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Read and write generic process ID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_rw_generic_pids',`
-	gen_require(`
-		type var_t, var_run_t;
-	')
-
-	list_dirs_pattern($1, var_t, var_run_t)
-	rw_files_pattern($1, var_run_t, var_run_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes of
-##	daemon runtime data files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_all_pids',`
-	gen_require(`
-		attribute pidfile;
-	')
-
-	dontaudit $1 pidfile:file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write to daemon runtime data files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_write_all_pids',`
-	gen_require(`
-		attribute pidfile;
-	')
-
-	dontaudit $1 pidfile:file write;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to ioctl daemon runtime data files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_ioctl_all_pids',`
-	gen_require(`
-		attribute pidfile;
-	')
-
-	dontaudit $1 pidfile:file ioctl;
-')
-
-########################################
-## <summary>
-##	manage all pidfile directories
-##	in the /var/run directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_all_pids_dirs',`
-	gen_require(`
-		attribute pidfile;
-	')
-
-	manage_dirs_pattern($1,pidfile,pidfile)
-')
-
-
-########################################
-## <summary>
-##	Read all process ID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_read_all_pids',`
-	gen_require(`
-		attribute pidfile;
-		type var_t;
-	')
-
-	list_dirs_pattern($1, var_t, pidfile)
-	read_files_pattern($1, pidfile, pidfile)
-	read_lnk_files_pattern($1, pidfile, pidfile)
-')
-
-########################################
-## <summary>
-##	Mount filesystems on all polyinstantiation
-##	member directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_mounton_all_poly_members',`
-	gen_require(`
-		attribute polymember;
-	')
-
-	allow $1 polymember:dir mounton;
-')
-
-########################################
-## <summary>
-##	Delete all process IDs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_delete_all_pids',`
-	gen_require(`
-		attribute pidfile;
-		type var_t, var_run_t;
-	')
-
-	allow $1 var_t:dir search_dir_perms;
-	allow $1 var_run_t:dir rmdir;
-	allow $1 var_run_t:lnk_file delete_lnk_file_perms;
-	delete_files_pattern($1, pidfile, pidfile)
-	delete_fifo_files_pattern($1, pidfile, pidfile)
-	delete_sock_files_pattern($1, pidfile, { pidfile var_run_t })
-')
-
-########################################
-## <summary>
-##	Delete all process ID directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_delete_all_pid_dirs',`
-	gen_require(`
-		attribute pidfile;
-		type var_t;
-	')
-
-	allow $1 var_t:dir search_dir_perms;
-	delete_dirs_pattern($1, pidfile, pidfile)
-')
-
-########################################
-## <summary>
-##	Search the contents of generic spool
-##	directories (/var/spool).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_search_spool',`
-	gen_require(`
-		type var_t, var_spool_t;
-	')
-
-	search_dirs_pattern($1, var_t, var_spool_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search generic
-##	spool directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_search_spool',`
-	gen_require(`
-		type var_spool_t;
-	')
-
-	dontaudit $1 var_spool_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List the contents of generic spool
-##	(/var/spool) directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_list_spool',`
-	gen_require(`
-		type var_t, var_spool_t;
-	')
-
-	list_dirs_pattern($1, var_t, var_spool_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete generic
-##	spool directories (/var/spool).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_generic_spool_dirs',`
-	gen_require(`
-		type var_t, var_spool_t;
-	')
-
-	allow $1 var_t:dir search_dir_perms;
-	manage_dirs_pattern($1, var_spool_t, var_spool_t)
-')
-
-########################################
-## <summary>
-##	Read generic spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_read_generic_spool',`
-	gen_require(`
-		type var_t, var_spool_t;
-	')
-
-	list_dirs_pattern($1, var_t, var_spool_t)
-	read_files_pattern($1, var_spool_t, var_spool_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete generic
-##	spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_generic_spool',`
-	gen_require(`
-		type var_t, var_spool_t;
-	')
-
-	allow $1 var_t:dir search_dir_perms;
-	manage_files_pattern($1, var_spool_t, var_spool_t)
-')
-
-########################################
-## <summary>
-##	Create objects in the spool directory
-##	with a private type with a type transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="file">
-##	<summary>
-##	Type to which the created node will be transitioned.
-##	</summary>
-## </param>
-## <param name="class">
-##	<summary>
-##	Object class(es) (single or set including {}) for which this
-##	the transition will occur.
-##	</summary>
-## </param>
-#
-interface(`files_spool_filetrans',`
-	gen_require(`
-		type var_t, var_spool_t;
-	')
-
-	allow $1 var_t:dir search_dir_perms;
-	filetrans_pattern($1, var_spool_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Allow access to manage all polyinstantiated
-##	directories on the system.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_polyinstantiate_all',`
-	gen_require(`
-		attribute polydir, polymember, polyparent;
-		type poly_t;
-	')
-
-	# Need to give access to /selinux/member
-	selinux_compute_member($1)
-
-	# Need sys_admin capability for mounting
-	allow $1 self:capability { chown fsetid sys_admin fowner };
-
-	# Need to give access to the directories to be polyinstantiated
-	allow $1 polydir:dir { create open getattr search write add_name setattr mounton rmdir };
-
-	# Need to give access to the polyinstantiated subdirectories
-	allow $1 polymember:dir search_dir_perms;
-
-	# Need to give access to parent directories where original
-	# is remounted for polyinstantiation aware programs (like gdm)
-	allow $1 polyparent:dir { getattr mounton };
-
-	# Need to give permission to create directories where applicable
-	allow $1 self:process setfscreate;
-	allow $1 polymember: dir { create setattr relabelto };
-	allow $1 polydir: dir { write add_name open };
-	allow $1 polyparent:dir { open read write remove_name add_name relabelfrom relabelto };
-
-	# Default type for mountpoints
-	allow $1 poly_t:dir { create mounton };
-	fs_unmount_xattr_fs($1)
-
-	fs_mount_tmpfs($1)
-	fs_unmount_tmpfs($1)
-
-	ifdef(`distro_redhat',`
-		# namespace.init
-		files_search_tmp($1)
-		files_search_home($1)
-		corecmd_exec_bin($1)
-		seutil_domtrans_setfiles($1)
-	')
-')
-
-########################################
-## <summary>
-##	Unconfined access to files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_unconfined',`
-	gen_require(`
-		attribute files_unconfined_type;
-	')
-
-	typeattribute $1 files_unconfined_type;
-')
-
-########################################
-## <summary>
-##	Create a core files in /
-## </summary>
-## <desc>
-##	<p>
-##	Create a core file in /,
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_manage_root_files',`
-	gen_require(`
-		type root_t;
-	')
-
-	manage_files_pattern($1, root_t, root_t)
-')
-
-########################################
-## <summary>
-##     Create a default directory
-## </summary>
-## <desc>
-##     <p>
-##     Create a default_t direcrory
-##     </p>
-## </desc>
-## <param name="domain">
-##     <summary>
-##     Domain allowed access.
-##     </summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_create_default_dir',`
-       gen_require(`
-               type default_t;
-       ')
-
-       allow $1 default_t:dir create;
-')
-
-########################################
-## <summary>
-##	Create, default_t objects with an automatic
-##	type transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="object">
-##	<summary>
-##	The class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`files_root_filetrans_default',`
-       gen_require(`
-               type root_t, default_t;
-       ')
-
-       filetrans_pattern($1, root_t, default_t, $2)
-')
-
-########################################
-## <summary>
-##	manage generic symbolic links
-##	in the /var/run directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_manage_generic_pids_symlinks',`
-	gen_require(`
-		type var_run_t;
-	')
-
-	manage_lnk_files_pattern($1,var_run_t,var_run_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to getattr
-##	all tmpfs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_getattr_tmpfs_files',`
-	gen_require(`
-		attribute tmpfsfile;
-	')
-
-	allow $1 tmpfsfile:file getattr;
-')
-
-########################################
-## <summary>
-##	Allow read write all tmpfs files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_rw_tmpfs_files',`
-	gen_require(`
-		attribute tmpfsfile;
-	')
-
-	allow $1 tmpfsfile:file { read write };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read security files 
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_read_security_files',`
-	gen_require(`
-		attribute security_file_type;
-	')
-
-	dontaudit $1 security_file_type:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	rw any files inherited from another process
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_rw_all_inherited_files',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	allow $1 { file_type $2 }:file rw_inherited_file_perms;
-	allow $1 { file_type $2 }:fifo_file rw_inherited_fifo_file_perms;
-	allow $1 { file_type $2 }:sock_file rw_inherited_sock_file_perms;
-	allow $1 { file_type $2 }:chr_file rw_inherited_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow any file point to be the entrypoint of this domain
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`files_entrypoint_all_files',`
-	gen_require(`
-		attribute file_type;
-	')
-	allow $1 file_type:file entrypoint;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to rw inherited file perms
-##	of non security files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_all_non_security_leaks',`
-	gen_require(`
-		attribute non_security_file_type;
-	')
-
-	dontaudit $1 non_security_file_type:file_class_set rw_inherited_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write
-##	all leaked files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_dontaudit_leaks',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	dontaudit $1 file_type:file rw_inherited_file_perms;
-	dontaudit $1 file_type:lnk_file { read };
-')
-
-########################################
-## <summary>
-##	Allow domain to create_file_ass all types
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_create_as_is_all_files',`
-	gen_require(`
-		attribute file_type;
-		class kernel_service create_files_as;
-	')
-
-	allow $1 file_type:kernel_service create_files_as;
-')
diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
deleted file mode 100644
index 12e9ecf..0000000
--- a/policy/modules/kernel/files.te
+++ /dev/null
@@ -1,238 +0,0 @@
-policy_module(files, 1.13.1)
-
-########################################
-#
-# Declarations
-#
-
-attribute file_type;
-attribute files_unconfined_type;
-attribute lockfile;
-attribute mountpoint;
-attribute pidfile;
-attribute configfile;
-attribute etcfile;
-
-# For labeling types that are to be polyinstantiated
-attribute polydir;
-
-# And for labeling the parent directories of those polyinstantiated directories
-# This is necessary for remounting the original in the parent to give
-# security aware apps access
-attribute polyparent;
-
-# And labeling for the member directories
-attribute polymember;
-
-# sensitive security files whose accesses should
-# not be dontaudited for uses
-attribute security_file_type;
-# and its opposite
-attribute non_security_file_type;
-
-attribute tmpfile;
-attribute tmpfsfile;
-
-# this attribute is not currently used and will be removed in the future.
-# unfortunately, this attribute can not be removed yet because it may cause
-# some policies to fail to link if it is still required.
-attribute usercanread;
-
-#
-# boot_t is the type for files in /boot
-#
-type boot_t;
-files_mountpoint(boot_t)
-
-# default_t is the default type for files that do not
-# match any specification in the file_contexts configuration
-# other than the generic /.* specification.
-type default_t;
-files_mountpoint(default_t)
-
-#
-# etc_t is the type of the system etc directories.
-#
-type etc_t, configfile;
-files_type(etc_t)
-# compatibility aliases for removed types:
-typealias etc_t alias automount_etc_t;
-typealias etc_t alias snmpd_etc_t;
-
-# system_conf_t is a new type of various
-# files in /etc/ that can be managed and
-# created by several domains.
-# 
-type system_conf_t, configfile;
-files_type(system_conf_t)
-# compatibility aliases for removed type:
-typealias system_conf_t alias iptables_conf_t;
-
-#
-# etc_runtime_t is the type of various
-# files in /etc that are automatically
-# generated during initialization.
-#
-type etc_runtime_t, configfile;
-files_type(etc_runtime_t)
-#Temporarily in policy until FC5 dissappears
-typealias etc_runtime_t alias firstboot_rw_t;
-
-#
-# file_t is the default type of a file that has not yet been
-# assigned an extended attribute (EA) value (when using a filesystem
-# that supports EAs).
-#
-type file_t;
-files_mountpoint(file_t)
-kernel_rootfs_mountpoint(file_t)
-sid file gen_context(system_u:object_r:file_t,s0)
-
-#
-# home_root_t is the type for the directory where user home directories
-# are created
-#
-type home_root_t;
-files_mountpoint(home_root_t)
-files_poly_parent(home_root_t)
-
-#
-# lost_found_t is the type for the lost+found directories.
-#
-type lost_found_t;
-files_type(lost_found_t)
-
-#
-# mnt_t is the type for mount points such as /mnt/cdrom
-#
-type mnt_t;
-files_mountpoint(mnt_t)
-
-#
-# modules_object_t is the type for kernel modules
-#
-type modules_object_t;
-files_type(modules_object_t)
-
-type no_access_t;
-files_type(no_access_t)
-
-type poly_t;
-files_type(poly_t)
-
-type readable_t;
-files_type(readable_t)
-
-#
-# root_t is the type for rootfs and the root directory.
-#
-type root_t;
-files_mountpoint(root_t)
-files_poly_parent(root_t)
-kernel_rootfs_mountpoint(root_t)
-genfscon rootfs / gen_context(system_u:object_r:root_t,s0)
-
-#
-# src_t is the type of files in the system src directories.
-#
-type src_t;
-files_mountpoint(src_t)
-
-#
-# system_map_t is for the system.map files in /boot
-#
-type system_map_t;
-files_type(system_map_t)
-genfscon proc /kallsyms gen_context(system_u:object_r:system_map_t,s0)
-
-#
-# tmp_t is the type of the temporary directories
-#
-type tmp_t;
-files_tmp_file(tmp_t)
-files_mountpoint(tmp_t)
-files_poly(tmp_t)
-files_poly_parent(tmp_t)
-
-#
-# usr_t is the type for /usr.
-#
-type usr_t;
-files_mountpoint(usr_t)
-
-#
-# var_t is the type of /var
-#
-type var_t;
-files_mountpoint(var_t)
-
-#
-# var_lib_t is the type of /var/lib
-#
-type var_lib_t;
-files_mountpoint(var_lib_t)
-
-#
-# var_lock_t is tye type of /var/lock
-#
-type var_lock_t;
-files_lock_file(var_lock_t)
-
-#
-# var_run_t is the type of /var/run, usually
-# used for pid and other runtime files.
-#
-type var_run_t;
-files_pid_file(var_run_t)
-files_mountpoint(var_run_t)
-
-#
-# var_spool_t is the type of /var/spool
-#
-type var_spool_t;
-files_tmp_file(var_spool_t)
-
-########################################
-#
-# Rules for all file types
-#
-
-allow file_type self:filesystem associate;
-
-fs_associate(file_type)
-fs_associate_noxattr(file_type)
-fs_associate_tmpfs(file_type)
-fs_associate_ramfs(file_type)
-fs_associate_hugetlbfs(file_type)
-
-########################################
-#
-# Rules for all tmp file types
-#
-
-allow file_type tmp_t:filesystem associate;
-
-fs_associate_tmpfs(tmpfile)
-
-########################################
-#
-# Rules for all tmpfs file types
-#
-
-fs_associate_tmpfs(tmpfsfile)
-
-########################################
-#
-# Unconfined access to this module
-#
-
-# Create/access any file in a labeled filesystem;
-allow files_unconfined_type file_type:{ file chr_file } ~execmod;
-allow files_unconfined_type file_type:{ dir lnk_file sock_file fifo_file blk_file } *;
-
-# Mount/unmount any filesystem with the context= option.
-allow files_unconfined_type file_type:filesystem *;
-
-tunable_policy(`allow_execmod',`
-	allow files_unconfined_type file_type:file execmod;
-')
diff --git a/policy/modules/kernel/filesystem.fc b/policy/modules/kernel/filesystem.fc
deleted file mode 100644
index 16f0f9e..0000000
--- a/policy/modules/kernel/filesystem.fc
+++ /dev/null
@@ -1,11 +0,0 @@
-/dev/shm	-d	gen_context(system_u:object_r:tmpfs_t,s0)
-/dev/shm/.*		<<none>>
-
-/cgroup		-d	gen_context(system_u:object_r:cgroup_t,s0)
-/cgroup/.*		<<none>>
-
-/sys/fs/cgroup	-d	gen_context(system_u:object_r:cgroup_t,s0)
-/sys/fs/cgroup(/.*)?	<<none>>
-
-/dev/hugepages	-d	gen_context(system_u:object_r:hugetlbfs_t,s0)
-/dev/hugepages(/.*)?		<<none>>
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
deleted file mode 100644
index 51d47a0..0000000
--- a/policy/modules/kernel/filesystem.if
+++ /dev/null
@@ -1,4858 +0,0 @@
-## <summary>Policy for filesystems.</summary>
-## <required val="true">
-##	Contains the initial SID for the filesystems.
-## </required>
-
-########################################
-## <summary>
-##	Transform specified type into a filesystem type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_type',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	typeattribute $1 filesystem_type;
-')
-
-########################################
-## <summary>
-##	Transform specified type into a filesystem
-##	type which does not have extended attribute
-##	support.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_noxattr_type',`
-	gen_require(`
-		attribute noxattrfs;
-	')
-
-	fs_type($1)
-
-	typeattribute $1 noxattrfs;
-')
-
-########################################
-## <summary>
-##	Associate the specified file type to persistent
-##	filesystems with extended attributes.  This
-##	allows a file of this type to be created on
-##	a filesystem such as ext3, JFS, and XFS.
-## </summary>
-## <param name="file_type">
-##	<summary>
-##	The type of the to be associated.
-##	</summary>
-## </param>
-#
-interface(`fs_associate',`
-	gen_require(`
-		type fs_t;
-	')
-
-	allow $1 fs_t:filesystem associate;
-')
-
-########################################
-## <summary>
-##	Associate the specified file type to
-##	filesystems which lack extended attributes
-##	support.  This allows a file of this type
-##	to be created on a filesystem such as
-##	FAT32, and NFS.
-## </summary>
-## <param name="file_type">
-##	<summary>
-##	The type of the to be associated.
-##	</summary>
-## </param>
-#
-interface(`fs_associate_noxattr',`
-	gen_require(`
-		attribute noxattrfs;
-	')
-
-	allow $1 noxattrfs:filesystem associate;
-')
-
-########################################
-## <summary>
-##	Execute files on a filesystem that does
-##	not support extended attributes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_exec_noxattr',`
-	gen_require(`
-		attribute noxattrfs;
-	')
-
-	can_exec($1, noxattrfs)
-')
-
-########################################
-## <summary>
-##	Mount a persistent filesystem which
-##	has extended attributes, such as
-##	ext3, JFS, or XFS.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mount_xattr_fs',`
-	gen_require(`
-		type fs_t;
-	')
-
-	allow $1 fs_t:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Remount a persistent filesystem which
-##	has extended attributes, such as
-##	ext3, JFS, or XFS.  This allows
-##	some mount options to be changed.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_remount_xattr_fs',`
-	gen_require(`
-		type fs_t;
-	')
-
-	allow $1 fs_t:filesystem remount;
-')
-
-########################################
-## <summary>
-##	Unmount a persistent filesystem which
-##	has extended attributes, such as
-##	ext3, JFS, or XFS.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_unmount_xattr_fs',`
-	gen_require(`
-		type fs_t;
-	')
-
-	allow $1 fs_t:filesystem unmount;
-')
-
-########################################
-## <summary>
-##	Get the attributes of persistent
-##	filesystems which have extended
-##	attributes, such as ext3, JFS, or XFS.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to
-##	get the attributes of a persistent
-##	filesystems which have extended
-##	attributes, such as ext3, JFS, or XFS.
-##	Example attributes:
-##	</p>
-##	<ul>
-##		<li>Type of the file system (e.g., ext3)</li>
-##		<li>Size of the file system</li>
-##		<li>Available space on the file system</li>
-##	</ul>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="5"/>
-## <rolecap/>
-#
-interface(`fs_getattr_xattr_fs',`
-	gen_require(`
-		type fs_t;
-	')
-
-	allow $1 fs_t:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to
-##	get the attributes of a persistent
-##	filesystem which has extended
-##	attributes, such as ext3, JFS, or XFS.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_getattr_xattr_fs',`
-	gen_require(`
-		type fs_t;
-	')
-
-	dontaudit $1 fs_t:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Allow changing of the label of a
-##	filesystem with extended attributes
-##	using the context= mount option.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_relabelfrom_xattr_fs',`
-	gen_require(`
-		type fs_t;
-	')
-
-	allow $1 fs_t:filesystem relabelfrom;
-')
-
-########################################
-## <summary>
-##	Get the filesystem quotas of a filesystem
-##	with extended attributes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_get_xattr_fs_quotas',`
-	gen_require(`
-		type fs_t;
-	')
-
-	allow $1 fs_t:filesystem quotaget;
-')
-
-########################################
-## <summary>
-##	Set the filesystem quotas of a filesystem
-##	with extended attributes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_set_xattr_fs_quotas',`
-	gen_require(`
-		type fs_t;
-	')
-
-	allow $1 fs_t:filesystem quotamod;
-')
-
-########################################
-## <summary>
-##	Read files on anon_inodefs file systems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_anon_inodefs_files',`
-	gen_require(`
-		type anon_inodefs_t;
-
-	')
-
-	read_files_pattern($1, anon_inodefs_t, anon_inodefs_t)
-')
-
-########################################
-## <summary>
-##	Read and write files on anon_inodefs
-##	file systems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_rw_anon_inodefs_files',`
-	gen_require(`
-		type anon_inodefs_t;
-
-	')
-
-	rw_files_pattern($1, anon_inodefs_t, anon_inodefs_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write files on
-##	anon_inodefs file systems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_rw_anon_inodefs_files',`
-	gen_require(`
-		type anon_inodefs_t;
-
-	')
-
-	dontaudit $1 anon_inodefs_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Mount an automount pseudo filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mount_autofs',`
-	gen_require(`
-		type autofs_t;
-	')
-
-	allow $1 autofs_t:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Remount an automount pseudo filesystem
-##	This allows some mount options to be changed.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_remount_autofs',`
-	gen_require(`
-		type autofs_t;
-	')
-
-	allow $1 autofs_t:filesystem remount;
-')
-
-########################################
-## <summary>
-##	Unmount an automount pseudo filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_unmount_autofs',`
-	gen_require(`
-		type autofs_t;
-	')
-
-	allow $1 autofs_t:filesystem unmount;
-')
-
-########################################
-## <summary>
-##	Get the attributes of an automount
-##	pseudo filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_autofs',`
-	gen_require(`
-		type autofs_t;
-	')
-
-	allow $1 autofs_t:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Search automount filesystem to use automatically
-##	mounted filesystems.
-## </summary>
-## <desc>
-##	Allow the specified domain to search mount points
-##	that have filesystems that are mounted by
-##	the automount service.  Generally this will
-##	be required for any domain that accesses objects
-##	on these filesystems.
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="5"/>
-#
-interface(`fs_search_auto_mountpoints',`
-	gen_require(`
-		type autofs_t;
-	')
-
-	allow $1 autofs_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read directories of automatically
-##	mounted filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_list_auto_mountpoints',`
-	gen_require(`
-		type autofs_t;
-	')
-
-	allow $1 autofs_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to list directories of automatically
-##	mounted filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_list_auto_mountpoints',`
-	gen_require(`
-		type autofs_t;
-	')
-
-	dontaudit $1 autofs_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete symbolic links
-##	on an autofs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_autofs_symlinks',`
-	gen_require(`
-		type autofs_t;
-	')
-
-	manage_lnk_files_pattern($1, autofs_t, autofs_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of directories on
-##	binfmt_misc filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_binfmt_misc_dirs',`
-	gen_require(`
-		type binfmt_misc_fs_t;
-	')
-
-	allow $1 binfmt_misc_fs_t:dir getattr;
-
-')
-
-########################################
-## <summary>
-##	Register an interpreter for new binary
-##	file types, using the kernel binfmt_misc
-##	support.
-## </summary>
-## <desc>
-##	<p>
-##	Register an interpreter for new binary
-##	file types, using the kernel binfmt_misc
-##	support.
-##	</p>
-##	<p>
-##	A common use for this is to
-##	register a JVM as an interpreter for
-##	Java byte code.  Registered binaries
-##	can be directly executed on a command line
-##	without specifying the interpreter.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_register_binary_executable_type',`
-	gen_require(`
-		type binfmt_misc_fs_t;
-	')
-
-	rw_files_pattern($1, binfmt_misc_fs_t, binfmt_misc_fs_t)
-')
-
-########################################
-## <summary>
-##	Mount cgroup filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mount_cgroup', `
-	gen_require(`
-		type cgroup_t;
-	')
-
-	allow $1 cgroup_t:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Remount cgroup filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_remount_cgroup', `
-	gen_require(`
-		type cgroup_t;
-	')
-
-	allow $1 cgroup_t:filesystem remount;
-')
-
-########################################
-## <summary>
-##	Unmount cgroup filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_unmount_cgroup', `
-	gen_require(`
-		type cgroup_t;
-	')
-
-	allow $1 cgroup_t:filesystem unmount;
-')
-
-########################################
-## <summary>
-##	Get attributes of cgroup filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_cgroup',`
-	gen_require(`
-		type cgroup_t;
-	')
-
-	allow $1 cgroup_t:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Search cgroup directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_search_cgroup_dirs',`
-	gen_require(`
-		type cgroup_t;
-
-	')
-
-	search_dirs_pattern($1, cgroup_t, cgroup_t)
-	fs_search_tmpfs($1)
-	dev_search_sysfs($1)
-')
-
-########################################
-## <summary>
-##	list cgroup directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_list_cgroup_dirs', `
-	gen_require(`
-		type cgroup_t;
-	')
-
-	list_dirs_pattern($1, cgroup_t, cgroup_t)
-	fs_search_tmpfs($1)
-	dev_search_sysfs($1)
-')
-
-########################################
-## <summary>
-##	Delete cgroup directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_delete_cgroup_dirs', `
-	gen_require(`
-		type cgroup_t;
-	')
-
-	delete_dirs_pattern($1, cgroup_t, cgroup_t)
-	fs_search_tmpfs($1)
-	dev_search_sysfs($1)
-')
-
-########################################
-## <summary>
-##	Manage cgroup directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_cgroup_dirs',`
-	gen_require(`
-		type cgroup_t;
-
-	')
-
-	manage_dirs_pattern($1, cgroup_t, cgroup_t)
-	fs_search_tmpfs($1)
-	dev_search_sysfs($1)
-')
-
-########################################
-## <summary>
-##	Read cgroup files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_cgroup_files',`
-	gen_require(`
-		type cgroup_t;
-
-	')
-
-	read_files_pattern($1, cgroup_t, cgroup_t)
-	fs_search_tmpfs($1)
-	dev_search_sysfs($1)
-')
-
-########################################
-## <summary>
-##	Write cgroup files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_write_cgroup_files', `
-	gen_require(`
-		type cgroup_t;
-	')
-
-	write_files_pattern($1, cgroup_t, cgroup_t)
-	fs_search_tmpfs($1)
-	dev_search_sysfs($1)
-')
-
-########################################
-## <summary>
-##	Read and write cgroup files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_rw_cgroup_files',`
-	gen_require(`
-		type cgroup_t;
-
-	')
-
-	rw_files_pattern($1, cgroup_t, cgroup_t)
-	fs_search_tmpfs($1)
-	dev_search_sysfs($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to open,
-##	get attributes, read and write
-##	cgroup files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_rw_cgroup_files',`
-	gen_require(`
-		type cgroup_t;
-	')
-
-	dontaudit $1 cgroup_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Manage cgroup files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_cgroup_files',`
-	gen_require(`
-		type cgroup_t;
-
-	')
-
-	manage_files_pattern($1, cgroup_t, cgroup_t)
-	fs_search_tmpfs($1)
-	dev_search_sysfs($1)
-')
-
-########################################
-## <summary>
-##	Mount on cgroup directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mounton_cgroup', `
-	gen_require(`
-		type cgroup_t;
-	')
-
-	allow $1 cgroup_t:dir mounton;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read
-##	dirs on a CIFS or SMB filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_list_cifs_dirs',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	dontaudit $1 cifs_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Mount a CIFS or SMB network filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mount_cifs',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	allow $1 cifs_t:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Remount a CIFS or SMB network filesystem.
-##	This allows some mount options to be changed.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_remount_cifs',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	allow $1 cifs_t:filesystem remount;
-')
-
-########################################
-## <summary>
-##	Unmount a CIFS or SMB network filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_unmount_cifs',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	allow $1 cifs_t:filesystem unmount;
-')
-
-########################################
-## <summary>
-##	Get the attributes of a CIFS or
-##	SMB network filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_getattr_cifs',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	allow $1 cifs_t:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Search directories on a CIFS or SMB filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_search_cifs',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	allow $1 cifs_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List the contents of directories on a
-##	CIFS or SMB filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_list_cifs',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	allow $1 cifs_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to list the contents
-##	of directories on a CIFS or SMB filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_list_cifs',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	dontaudit $1 cifs_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Mounton a CIFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mounton_cifs',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	allow $1 cifs_t:dir mounton;
-')
-
-########################################
-## <summary>
-##	Read files on a CIFS or SMB filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_read_cifs_files',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	allow $1 cifs_t:dir list_dir_perms;
-	read_files_pattern($1, cifs_t, cifs_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of filesystems that
-##	do not have extended attribute support.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_getattr_noxattr_fs',`
-	gen_require(`
-		attribute noxattrfs;
-	')
-
-	allow $1 noxattrfs:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Read all noxattrfs directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_list_noxattr_fs',`
-	gen_require(`
-		attribute noxattrfs;
-	')
-
-	allow $1 noxattrfs:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete all noxattrfs directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_noxattr_fs_dirs',`
-	gen_require(`
-		attribute noxattrfs;
-	')
-
-	allow $1 noxattrfs:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read all noxattrfs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_noxattr_fs_files',`
-	gen_require(`
-		attribute noxattrfs;
-	')
-
-	read_files_pattern($1, noxattrfs, noxattrfs)
-')
-
-########################################
-## <summary>
-##	Dont audit attempts to write to noxattrfs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_write_noxattr_fs_files',`
-	gen_require(`
-		attribute noxattrfs;
-	')
-
-	dontaudit $1 noxattrfs:file write;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete all noxattrfs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_noxattr_fs_files',`
-	gen_require(`
-		attribute noxattrfs;
-	')
-
-	manage_files_pattern($1, noxattrfs, noxattrfs)
-')
-
-########################################
-## <summary>
-##	Read all noxattrfs symbolic links.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_noxattr_fs_symlinks',`
-	gen_require(`
-		attribute noxattrfs;
-	')
-
-	read_lnk_files_pattern($1, noxattrfs, noxattrfs)
-')
-
-########################################
-## <summary>
-##	Relabel all objets from filesystems that
-##	do not support extended attributes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_relabelfrom_noxattr_fs',`
-	gen_require(`
-		attribute noxattrfs;
-	')
-
-	allow $1 noxattrfs:dir list_dir_perms;
-	relabelfrom_dirs_pattern($1, noxattrfs, noxattrfs)
-	relabelfrom_files_pattern($1, noxattrfs, noxattrfs)
-	relabelfrom_lnk_files_pattern($1, noxattrfs, noxattrfs)
-	relabelfrom_fifo_files_pattern($1, noxattrfs, noxattrfs)
-	relabelfrom_sock_files_pattern($1, noxattrfs, noxattrfs)
-	relabelfrom_blk_files_pattern($1, noxattrfs, noxattrfs)
-	relabelfrom_chr_files_pattern($1, noxattrfs, noxattrfs)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read
-##	files on a CIFS or SMB filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_read_cifs_files',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	dontaudit $1 cifs_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Append files
-##	on a CIFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_append_cifs_files',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	append_files_pattern($1, cifs_t, cifs_t)
-')
-
-########################################
-## <summary>
-##	dontaudit Append files
-##	on a CIFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_dontaudit_append_cifs_files',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	dontaudit $1 cifs_t:file append_file_perms;
-')
-
-########################################
-## <summary>
-##	Read inherited files on a CIFS or SMB filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_read_inherited_cifs_files',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	allow $1 cifs_t:file read_inherited_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or
-##	write files on a CIFS or SMB filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_rw_cifs_files',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	dontaudit $1 cifs_t:file rw_inherited_file_perms;
-')
-
-########################################
-## <summary>
-##	Read symbolic links on a CIFS or SMB filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_cifs_symlinks',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	allow $1 cifs_t:dir list_dir_perms;
-	read_lnk_files_pattern($1, cifs_t, cifs_t)
-')
-
-########################################
-## <summary>
-##	Read named pipes
-##	on a CIFS or SMB network filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_cifs_named_pipes',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	read_fifo_files_pattern($1, cifs_t, cifs_t)
-')
-
-########################################
-## <summary>
-##	Read named pipes
-##	on a CIFS or SMB network filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_cifs_named_sockets',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	read_sock_files_pattern($1, cifs_t, cifs_t)
-')
-
-########################################
-## <summary>
-##	Execute files on a CIFS or SMB
-##	network filesystem, in the caller
-##	domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_exec_cifs_files',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	allow $1 cifs_t:dir list_dir_perms;
-	exec_files_pattern($1, cifs_t, cifs_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete directories
-##	on a CIFS or SMB network filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_manage_cifs_dirs',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	allow $1 cifs_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to create, read,
-##	write, and delete directories
-##	on a CIFS or SMB network filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_manage_cifs_dirs',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	dontaudit $1 cifs_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete files
-##	on a CIFS or SMB network filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_manage_cifs_files',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	manage_files_pattern($1, cifs_t, cifs_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to create, read,
-##	write, and delete files
-##	on a CIFS or SMB network filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_manage_cifs_files',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	dontaudit $1 cifs_t:file manage_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete symbolic links
-##	on a CIFS or SMB network filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_cifs_symlinks',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	manage_lnk_files_pattern($1, cifs_t, cifs_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete named pipes
-##	on a CIFS or SMB network filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_cifs_named_pipes',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	manage_fifo_files_pattern($1, cifs_t, cifs_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete named sockets
-##	on a CIFS or SMB network filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_cifs_named_sockets',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	manage_sock_files_pattern($1, cifs_t, cifs_t)
-')
-
-########################################
-## <summary>
-##	Execute a file on a CIFS or SMB filesystem
-##	in the specified domain.
-## </summary>
-## <desc>
-##	<p>
-##	Execute a file on a CIFS or SMB filesystem
-##	in the specified domain.  This allows
-##	the specified domain to execute any file
-##	on these filesystems in the specified
-##	domain.  This is not suggested.
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-##	<p>
-##	This interface was added to handle
-##	home directories on CIFS/SMB filesystems,
-##	in particular used by the ssh-agent policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the new process.
-##	</summary>
-## </param>
-#
-interface(`fs_cifs_domtrans',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	allow $1 cifs_t:dir search_dir_perms;
-	domain_auto_transition_pattern($1, cifs_t, $2)
-')
-
-########################################
-## <summary>
-##	Make general progams in cifs an entrypoint for
-##	the specified domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The domain for which cifs_t is an entrypoint.
-##	</summary>
-## </param>
-#
-interface(`fs_cifs_entry_type',`
-	gen_require(`
-		type cifs_t;
-	')
-
-	domain_entry_file($1, cifs_t)
-')
-
-#######################################
-## <summary>
-##	Create, read, write, and delete dirs
-##	on a configfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_configfs_dirs',`
-	gen_require(`
-		type configfs_t;
-	')
-
-	manage_dirs_pattern($1, configfs_t, configfs_t)
-')
-
-#######################################
-## <summary>
-##	Create, read, write, and delete files
-##	on a configfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_configfs_files',`
-	gen_require(`
-		type configfs_t;
-	')
-
-	manage_files_pattern($1, configfs_t, configfs_t)
-')
-
-########################################
-## <summary>
-##	Mount a DOS filesystem, such as
-##	FAT32 or NTFS.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mount_dos_fs',`
-	gen_require(`
-		type dosfs_t;
-	')
-
-	allow $1 dosfs_t:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Remount a DOS filesystem, such as
-##	FAT32 or NTFS.  This allows
-##	some mount options to be changed.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_remount_dos_fs',`
-	gen_require(`
-		type dosfs_t;
-	')
-
-	allow $1 dosfs_t:filesystem remount;
-')
-
-########################################
-## <summary>
-##	Unmount a DOS filesystem, such as
-##	FAT32 or NTFS.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_unmount_dos_fs',`
-	gen_require(`
-		type dosfs_t;
-	')
-
-	allow $1 dosfs_t:filesystem unmount;
-')
-
-########################################
-## <summary>
-##	Get the attributes of a DOS
-##	filesystem, such as FAT32 or NTFS.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_getattr_dos_fs',`
-	gen_require(`
-		type dosfs_t;
-	')
-
-	allow $1 dosfs_t:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Allow changing of the label of a
-##	DOS filesystem using the context= mount option.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_relabelfrom_dos_fs',`
-	gen_require(`
-		type dosfs_t;
-	')
-
-	allow $1 dosfs_t:filesystem relabelfrom;
-')
-
-########################################
-## <summary>
-##	Search dosfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_search_dos',`
-	gen_require(`
-		type dosfs_t;
-	')
-
-	allow $1 dosfs_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete dirs
-##	on a DOS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_dos_dirs',`
-	gen_require(`
-		type dosfs_t;
-	')
-
-	manage_dirs_pattern($1, dosfs_t, dosfs_t)
-')
-
-########################################
-## <summary>
-##	Read files on a DOS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_dos_files',`
-	gen_require(`
-		type dosfs_t;
-	')
-
-	read_files_pattern($1, dosfs_t, dosfs_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete files
-##	on a DOS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_dos_files',`
-	gen_require(`
-		type dosfs_t;
-	')
-
-	manage_files_pattern($1, dosfs_t, dosfs_t)
-')
-
-########################################
-## <summary>
-##	Read eventpollfs files.
-## </summary>
-## <desc>
-##	<p>
-##	Read eventpollfs files
-##	</p>
-##	<p>
-##	This interface has been deprecated, and will
-##	be removed in the future.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_eventpollfs',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Mount a FUSE filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mount_fusefs',`
-	gen_require(`
-		type fusefs_t;
-	')
-
-	allow $1 fusefs_t:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Unmount a FUSE filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_unmount_fusefs',`
-	gen_require(`
-		type fusefs_t;
-	')
-
-	allow $1 fusefs_t:filesystem unmount;
-')
-
-########################################
-## <summary>
-##	Search directories
-##	on a FUSEFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_search_fusefs',`
-	gen_require(`
-		type fusefs_t;
-	')
-
-	allow $1 fusefs_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to list the contents
-##	of directories on a FUSEFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_list_fusefs',`
-	gen_require(`
-		type fusefs_t;
-	')
-
-	dontaudit $1 fusefs_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete directories
-##	on a FUSEFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_manage_fusefs_dirs',`
-	gen_require(`
-		type fusefs_t;
-	')
-
-	allow $1 fusefs_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to create, read,
-##	write, and delete directories
-##	on a FUSEFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_manage_fusefs_dirs',`
-	gen_require(`
-		type fusefs_t;
-	')
-
-	dontaudit $1 fusefs_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read, a FUSEFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_read_fusefs_files',`
-	gen_require(`
-		type fusefs_t;
-	')
-
-	read_files_pattern($1, fusefs_t, fusefs_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete files
-##	on a FUSEFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_manage_fusefs_files',`
-	gen_require(`
-		type fusefs_t;
-	')
-
-	manage_files_pattern($1, fusefs_t, fusefs_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to create,
-##	read, write, and delete files
-##	on a FUSEFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_manage_fusefs_files',`
-	gen_require(`
-		type fusefs_t;
-	')
-
-	dontaudit $1 fusefs_t:file manage_file_perms;
-')
-
-########################################
-## <summary>
-##	Read symbolic links on a FUSEFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_fusefs_symlinks',`
-	gen_require(`
-		type fusefs_t;
-	')
-
-	allow $1 fusefs_t:dir list_dir_perms;
-	read_lnk_files_pattern($1, fusefs_t, fusefs_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of an hugetlbfs 
-##	filesystem;
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_hugetlbfs',`
-	gen_require(`
-		type hugetlbfs_t;
-	')
-
-	allow $1 hugetlbfs_t:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	R/W hugetlbfs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_rw_hugetlbfs_files',`
-	gen_require(`
-		type hugetlbfs_t;
-	')
-
-	rw_files_pattern($1, hugetlbfs_t, hugetlbfs_t)
-')
-########################################
-## <summary>
-##	Manage hugetlbfs dirs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_hugetlbfs_dirs',`
-	gen_require(`
-		type hugetlbfs_t;
-	')
-
-	manage_dirs_pattern($1, hugetlbfs_t, hugetlbfs_t)
-')
-
-########################################
-## <summary>
-##	List hugetlbfs dirs
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_list_hugetlbfs',`
-	gen_require(`
-		type hugetlbfs_t;
-	')
-
-	allow $1 hugetlbfs_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Allow the type to associate to hugetlbfs filesystems.
-## </summary>
-## <param name="type">
-##	<summary>
-##	The type of the object to be associated.
-##	</summary>
-## </param>
-#
-interface(`fs_associate_hugetlbfs',`
-	gen_require(`
-		type hugetlbfs_t;
-	')
-
-	allow $1 hugetlbfs_t:filesystem associate;
-')
-
-########################################
-## <summary>
-##	Search inotifyfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_search_inotifyfs',`
-	gen_require(`
-		type inotifyfs_t;
-	')
-
-	allow $1 inotifyfs_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List inotifyfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_list_inotifyfs',`
-	gen_require(`
-		type inotifyfs_t;
-	')
-
-	allow $1 inotifyfs_t:dir list_dir_perms;
-	fs_read_anon_inodefs_files($1)
-')
-
-########################################
-## <summary>
-##	Dontaudit List inotifyfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_list_inotifyfs',`
-	gen_require(`
-		type inotifyfs_t;
-	')
-
-	dontaudit $1 inotifyfs_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create an object in a hugetlbfs filesystem, with a private
-##	type using a type transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private type">
-##	<summary>
-##	The type of the object to be created.
-##	</summary>
-## </param>
-## <param name="object">
-##	<summary>
-##	The object class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`fs_hugetlbfs_filetrans',`
-	gen_require(`
-		type hugetlbfs_t;
-	')
-
-	allow $2 hugetlbfs_t:filesystem associate;
-	filetrans_pattern($1, hugetlbfs_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Mount an iso9660 filesystem, which
-##	is usually used on CDs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mount_iso9660_fs',`
-	gen_require(`
-		type iso9660_t;
-	')
-
-	allow $1 iso9660_t:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Remount an iso9660 filesystem, which
-##	is usually used on CDs.  This allows
-##	some mount options to be changed.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_remount_iso9660_fs',`
-	gen_require(`
-		type iso9660_t;
-	')
-
-	allow $1 iso9660_t:filesystem remount;
-')
-
-########################################
-## <summary>
-##	Unmount an iso9660 filesystem, which
-##	is usually used on CDs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_unmount_iso9660_fs',`
-	gen_require(`
-		type iso9660_t;
-	')
-
-	allow $1 iso9660_t:filesystem unmount;
-')
-
-########################################
-## <summary>
-##	Get the attributes of an iso9660
-##	filesystem, which is usually used on CDs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_getattr_iso9660_fs',`
-	gen_require(`
-		type iso9660_t;
-	')
-
-	allow $1 iso9660_t:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Read files on an iso9660 filesystem, which
-##	is usually used on CDs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_iso9660_files',`
-	gen_require(`
-		type iso9660_t;
-	')
-
-	allow $1 iso9660_t:dir list_dir_perms;
-	allow $1 iso9660_t:file getattr;
-')
-
-########################################
-## <summary>
-##	Read files on an iso9660 filesystem, which
-##	is usually used on CDs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_iso9660_files',`
-	gen_require(`
-		type iso9660_t;
-	')
-
-	allow $1 iso9660_t:dir list_dir_perms;
-	read_files_pattern($1, iso9660_t, iso9660_t)
-	read_lnk_files_pattern($1, iso9660_t, iso9660_t)
-')
-
-########################################
-## <summary>
-##	Mount a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mount_nfs',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	allow $1 nfs_t:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Remount a NFS filesystem.  This allows
-##	some mount options to be changed.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_remount_nfs',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	allow $1 nfs_t:filesystem remount;
-')
-
-########################################
-## <summary>
-##	Unmount a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_unmount_nfs',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	allow $1 nfs_t:filesystem unmount;
-')
-
-########################################
-## <summary>
-##	Get the attributes of a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_getattr_nfs',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	allow $1 nfs_t:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Search directories on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_search_nfs',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	allow $1 nfs_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_list_nfs',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	allow $1 nfs_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to list the contents
-##	of directories on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_list_nfs',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	dontaudit $1 nfs_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Mounton a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mounton_nfs',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	allow $1 nfs_t:dir mounton;
-')
-
-########################################
-## <summary>
-##	Read files on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_read_nfs_files',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	allow $1 nfs_t:dir list_dir_perms;
-	read_files_pattern($1, nfs_t, nfs_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read
-##	files on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_read_nfs_files',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	dontaudit $1 nfs_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Read files on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_write_nfs_files',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	allow $1 nfs_t:dir list_dir_perms;
-	write_files_pattern($1, nfs_t, nfs_t)
-')
-
-########################################
-## <summary>
-##	Execute files on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_exec_nfs_files',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	allow $1 nfs_t:dir list_dir_perms;
-	exec_files_pattern($1, nfs_t, nfs_t)
-')
-
-########################################
-## <summary>
-##	Make general progams in nfs an entrypoint for
-##	the specified domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The domain for which nfs_t is an entrypoint.
-##	</summary>
-## </param>
-#
-interface(`fs_nfs_entry_type',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	domain_entry_file($1, nfs_t)
-')
-
-########################################
-## <summary>
-##	Append files
-##	on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_append_nfs_files',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	append_files_pattern($1, nfs_t, nfs_t)
-')
-
-########################################
-## <summary>
-##	dontaudit Append files
-##	on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_dontaudit_append_nfs_files',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	dontaudit $1 nfs_t:file append_file_perms;
-')
-
-########################################
-## <summary>
-##	Read inherited files on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_read_inherited_nfs_files',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	allow $1 nfs_t:file read_inherited_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or
-##	write files on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_rw_nfs_files',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	dontaudit $1 nfs_t:file rw_inherited_file_perms;
-')
-
-########################################
-## <summary>
-##	Read symbolic links on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_nfs_symlinks',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	allow $1 nfs_t:dir list_dir_perms;
-	read_lnk_files_pattern($1, nfs_t, nfs_t)
-')
-
-########################################
-## <summary>
-##	Dontaudit read symbolic links on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_read_nfs_symlinks',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	dontaudit $1 nfs_t:lnk_file read_lnk_file_perms;
-')
-
-#########################################
-## <summary>
-##	Read named sockets on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_nfs_named_sockets',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	read_sock_files_pattern($1, nfs_t, nfs_t)
-')
-
-#########################################
-## <summary>
-##	Read named pipes on a NFS network filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_read_nfs_named_pipes',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	read_fifo_files_pattern($1, nfs_t, nfs_t)
-')
-
-########################################
-## <summary>
-##	Read directories of RPC file system pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_rpc_dirs',`
-	gen_require(`
-		type rpc_pipefs_t;
-	')
-
-	allow $1 rpc_pipefs_t:dir getattr;
-
-')
-
-########################################
-## <summary>
-##	Search directories of RPC file system pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_search_rpc',`
-	gen_require(`
-		type rpc_pipefs_t;
-	')
-
-	allow $1 rpc_pipefs_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Search removable storage directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_search_removable',`
-	gen_require(`
-		type removable_t;
-	')
-
-	allow $1 removable_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to list removable storage directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain not to audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_list_removable',`
-	gen_require(`
-		type removable_t;
-	')
-
-	dontaudit $1 removable_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read removable storage files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_removable_files',`
-	gen_require(`
-		type removable_t;
-	')
-
-	read_files_pattern($1, removable_t, removable_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read removable storage files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain not to audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_read_removable_files',`
-	gen_require(`
-		type removable_t;
-	')
-
-	dontaudit $1 removable_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write removable storage files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain not to audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_write_removable_files',`
-	gen_require(`
-		type removable_t;
-	')
-
-	dontaudit $1 removable_t:file write_file_perms;
-')
-
-########################################
-## <summary>
-##	Read removable storage symbolic links.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_removable_symlinks',`
-	gen_require(`
-		type removable_t;
-	')
-
-	read_lnk_files_pattern($1, removable_t, removable_t)
-')
-
-########################################
-## <summary>
-##	Read and write block nodes on removable filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_rw_removable_blk_files',`
-	gen_require(`
-		type removable_t;
-	')
-
-	allow $1 removable_t:dir list_dir_perms;
-	rw_blk_files_pattern($1, removable_t, removable_t)
-')
-
-########################################
-## <summary>
-##	Read directories of RPC file system pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_list_rpc',`
-	gen_require(`
-		type rpc_pipefs_t;
-	')
-
-	allow $1 rpc_pipefs_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read files of RPC file system pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_rpc_files',`
-	gen_require(`
-		type rpc_pipefs_t;
-	')
-
-	read_files_pattern($1, rpc_pipefs_t, rpc_pipefs_t)
-')
-
-########################################
-## <summary>
-##	Read symbolic links of RPC file system pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_rpc_symlinks',`
-	gen_require(`
-		type rpc_pipefs_t;
-	')
-
-	read_lnk_files_pattern($1, rpc_pipefs_t, rpc_pipefs_t)
-')
-
-########################################
-## <summary>
-##	Read sockets of RPC file system pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_rpc_sockets',`
-	gen_require(`
-		type rpc_pipefs_t;
-	')
-
-	allow $1 rpc_pipefs_t:sock_file read;
-')
-
-########################################
-## <summary>
-##	Read and write sockets of RPC file system pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_rw_rpc_sockets',`
-	gen_require(`
-		type rpc_pipefs_t;
-	')
-
-	allow $1 rpc_pipefs_t:sock_file { read write };
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete directories
-##	on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_manage_nfs_dirs',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	allow $1 nfs_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to create, read,
-##	write, and delete directories
-##	on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_manage_nfs_dirs',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	dontaudit $1 nfs_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete files
-##	on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_manage_nfs_files',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	manage_files_pattern($1, nfs_t, nfs_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to create,
-##	read, write, and delete files
-##	on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_manage_nfs_files',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	dontaudit $1 nfs_t:file manage_file_perms;
-')
-
-#########################################
-## <summary>
-##	Create, read, write, and delete symbolic links
-##	on a NFS network filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_manage_nfs_symlinks',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	manage_lnk_files_pattern($1, nfs_t, nfs_t)
-')
-
-#########################################
-## <summary>
-##	Create, read, write, and delete named pipes
-##	on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_nfs_named_pipes',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	manage_fifo_files_pattern($1, nfs_t, nfs_t)
-')
-
-#########################################
-## <summary>
-##	Create, read, write, and delete named sockets
-##	on a NFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_nfs_named_sockets',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	manage_sock_files_pattern($1, nfs_t, nfs_t)
-')
-
-########################################
-## <summary>
-##	Execute a file on a NFS filesystem
-##	in the specified domain.
-## </summary>
-## <desc>
-##	<p>
-##	Execute a file on a NFS filesystem
-##	in the specified domain.  This allows
-##	the specified domain to execute any file
-##	on a NFS filesystem in the specified
-##	domain.  This is not suggested.
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-##	<p>
-##	This interface was added to handle
-##	home directories on NFS filesystems,
-##	in particular used by the ssh-agent policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the new process.
-##	</summary>
-## </param>
-#
-interface(`fs_nfs_domtrans',`
-	gen_require(`
-		type nfs_t;
-	')
-
-	allow $1 nfs_t:dir search_dir_perms;
-	domain_auto_transition_pattern($1, nfs_t, $2)
-')
-
-########################################
-## <summary>
-##	Mount a NFS server pseudo filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mount_nfsd_fs',`
-	gen_require(`
-		type nfsd_fs_t;
-	')
-
-	allow $1 nfsd_fs_t:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Mount a NFS server pseudo filesystem.
-##	This allows some mount options to be changed.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_remount_nfsd_fs',`
-	gen_require(`
-		type nfsd_fs_t;
-	')
-
-	allow $1 nfsd_fs_t:filesystem remount;
-')
-
-########################################
-## <summary>
-##	Unmount a NFS server pseudo filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_unmount_nfsd_fs',`
-	gen_require(`
-		type nfsd_fs_t;
-	')
-
-	allow $1 nfsd_fs_t:filesystem unmount;
-')
-
-########################################
-## <summary>
-##	Get the attributes of a NFS server
-##	pseudo filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_nfsd_fs',`
-	gen_require(`
-		type nfsd_fs_t;
-	')
-
-	allow $1 nfsd_fs_t:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Search NFS server directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_search_nfsd_fs',`
-	gen_require(`
-		type nfsd_fs_t;
-	')
-
-	allow $1 nfsd_fs_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List NFS server directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_list_nfsd_fs',`
-	gen_require(`
-		type nfsd_fs_t;
-	')
-
-	allow $1 nfsd_fs_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Getattr files on an nfsd filesystem
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_nfsd_files',`
-	gen_require(`
-		type nfsd_fs_t;
-	')
-
-	getattr_files_pattern($1, nfsd_fs_t, nfsd_fs_t)
-')
-
-########################################
-## <summary>
-##	Read and write NFS server files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_rw_nfsd_fs',`
-	gen_require(`
-		type nfsd_fs_t;
-	')
-
-	rw_files_pattern($1, nfsd_fs_t, nfsd_fs_t)
-')
-
-########################################
-## <summary>
-##	Allow the type to associate to ramfs filesystems.
-## </summary>
-## <param name="type">
-##	<summary>
-##	The type of the object to be associated.
-##	</summary>
-## </param>
-#
-interface(`fs_associate_ramfs',`
-	gen_require(`
-		type ramfs_t;
-	')
-
-	allow $1 ramfs_t:filesystem associate;
-')
-
-########################################
-## <summary>
-##	Mount a RAM filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mount_ramfs',`
-	gen_require(`
-		type ramfs_t;
-	')
-
-	allow $1 ramfs_t:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Remount a RAM filesystem.  This allows
-##	some mount options to be changed.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_remount_ramfs',`
-	gen_require(`
-		type ramfs_t;
-	')
-
-	allow $1 ramfs_t:filesystem remount;
-')
-
-########################################
-## <summary>
-##	Unmount a RAM filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_unmount_ramfs',`
-	gen_require(`
-		type ramfs_t;
-	')
-
-	allow $1 ramfs_t:filesystem unmount;
-')
-
-########################################
-## <summary>
-##	Get the attributes of a RAM filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_ramfs',`
-	gen_require(`
-		type ramfs_t;
-	')
-
-	allow $1 ramfs_t:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Search directories on a ramfs
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_search_ramfs',`
-	gen_require(`
-		type ramfs_t;
-	')
-
-	allow $1 ramfs_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Dontaudit Search directories on a ramfs
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_search_ramfs',`
-	gen_require(`
-		type ramfs_t;
-	')
-
-	dontaudit $1 ramfs_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	directories on a ramfs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_ramfs_dirs',`
-	gen_require(`
-		type ramfs_t;
-	')
-
-	allow $1 ramfs_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Dontaudit read on a ramfs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_read_ramfs_files',`
-	gen_require(`
-		type ramfs_t;
-	')
-
-	dontaudit $1 ramfs_t:file read;
-')
-
-########################################
-## <summary>
-##	Dontaudit read on a ramfs fifo_files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_read_ramfs_pipes',`
-	gen_require(`
-		type ramfs_t;
-	')
-
-	dontaudit $1 ramfs_t:fifo_file read;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	files on a ramfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_ramfs_files',`
-	gen_require(`
-		type ramfs_t;
-	')
-
-	manage_files_pattern($1, ramfs_t, ramfs_t)
-')
-
-########################################
-## <summary>
-##	Write to named pipe on a ramfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_write_ramfs_pipes',`
-	gen_require(`
-		type ramfs_t;
-	')
-
-	write_fifo_files_pattern($1, ramfs_t, ramfs_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write to named
-##	pipes on a ramfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_write_ramfs_pipes',`
-	gen_require(`
-		type ramfs_t;
-	')
-
-	dontaudit $1 ramfs_t:fifo_file write;
-')
-
-########################################
-## <summary>
-##	Read and write a named pipe on a ramfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_rw_ramfs_pipes',`
-	gen_require(`
-		type ramfs_t;
-	')
-
-	rw_fifo_files_pattern($1, ramfs_t, ramfs_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	named pipes on a ramfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_ramfs_pipes',`
-	gen_require(`
-		type ramfs_t;
-	')
-
-	manage_fifo_files_pattern($1, ramfs_t, ramfs_t)
-')
-
-########################################
-## <summary>
-##	Write to named socket on a ramfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_write_ramfs_sockets',`
-	gen_require(`
-		type ramfs_t;
-	')
-
-	write_sock_files_pattern($1, ramfs_t, ramfs_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	named sockets on a ramfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_ramfs_sockets',`
-	gen_require(`
-		type ramfs_t;
-	')
-
-	manage_sock_files_pattern($1, ramfs_t, ramfs_t)
-')
-
-########################################
-## <summary>
-##	Mount a ROM filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mount_romfs',`
-	gen_require(`
-		type romfs_t;
-	')
-
-	allow $1 romfs_t:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Remount a ROM filesystem.  This allows
-##	some mount options to be changed.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_remount_romfs',`
-	gen_require(`
-		type romfs_t;
-	')
-
-	allow $1 romfs_t:filesystem remount;
-')
-
-########################################
-## <summary>
-##	Unmount a ROM filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_unmount_romfs',`
-	gen_require(`
-		type romfs_t;
-	')
-
-	allow $1 romfs_t:filesystem unmount;
-')
-
-########################################
-## <summary>
-##	Get the attributes of a ROM
-##	filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_romfs',`
-	gen_require(`
-		type romfs_t;
-	')
-
-	allow $1 romfs_t:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Mount a RPC pipe filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mount_rpc_pipefs',`
-	gen_require(`
-		type rpc_pipefs_t;
-	')
-
-	allow $1 rpc_pipefs_t:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Remount a RPC pipe filesystem.  This
-##	allows some mount option to be changed.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_remount_rpc_pipefs',`
-	gen_require(`
-		type rpc_pipefs_t;
-	')
-
-	allow $1 rpc_pipefs_t:filesystem remount;
-')
-
-########################################
-## <summary>
-##	Unmount a RPC pipe filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_unmount_rpc_pipefs',`
-	gen_require(`
-		type rpc_pipefs_t;
-	')
-
-	allow $1 rpc_pipefs_t:filesystem unmount;
-')
-
-########################################
-## <summary>
-##	Get the attributes of a RPC pipe
-##	filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_rpc_pipefs',`
-	gen_require(`
-		type rpc_pipefs_t;
-	')
-
-	allow $1 rpc_pipefs_t:filesystem getattr;
-')
-
-#########################################
-## <summary>
-##	Read and write RPC pipe filesystem named pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_rw_rpc_named_pipes',`
-	gen_require(`
-		type rpc_pipefs_t;
-	')
-
-	allow $1 rpc_pipefs_t:fifo_file rw_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Mount a tmpfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mount_tmpfs',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	allow $1 tmpfs_t:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Remount a tmpfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_remount_tmpfs',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	allow $1 tmpfs_t:filesystem remount;
-')
-
-########################################
-## <summary>
-##	Unmount a tmpfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_unmount_tmpfs',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	allow $1 tmpfs_t:filesystem unmount;
-')
-
-########################################
-## <summary>
-##	Get the attributes of a tmpfs
-##	filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_getattr_tmpfs',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	allow $1 tmpfs_t:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Allow the type to associate to tmpfs filesystems.
-## </summary>
-## <param name="type">
-##	<summary>
-##	The type of the object to be associated.
-##	</summary>
-## </param>
-#
-interface(`fs_associate_tmpfs',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	allow $1 tmpfs_t:filesystem associate;
-')
-
-########################################
-## <summary>
-##	Get the attributes of tmpfs directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_tmpfs_dirs',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	allow $1 tmpfs_t:dir getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of tmpfs directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_getattr_tmpfs_dirs',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	dontaudit $1 tmpfs_t:dir getattr;
-')
-
-########################################
-## <summary>
-##	Set the attributes of tmpfs directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_setattr_tmpfs_dirs',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	allow $1 tmpfs_t:dir setattr;
-')
-
-########################################
-## <summary>
-##	Search tmpfs directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_search_tmpfs',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	allow $1 tmpfs_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List the contents of generic tmpfs directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_list_tmpfs',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	allow $1 tmpfs_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to list the
-##	contents of generic tmpfs directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_list_tmpfs',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	dontaudit $1 tmpfs_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	tmpfs directories
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_tmpfs_dirs',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	allow $1 tmpfs_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create an object in a tmpfs filesystem, with a private
-##	type using a type transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private type">
-##	<summary>
-##	The type of the object to be created.
-##	</summary>
-## </param>
-## <param name="object">
-##	<summary>
-##	The object class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`fs_tmpfs_filetrans',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	allow $2 tmpfs_t:filesystem associate;
-	filetrans_pattern($1, tmpfs_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to getattr
-##	generic tmpfs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_getattr_tmpfs_files',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	dontaudit $1 tmpfs_t:file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write
-##	generic tmpfs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_rw_tmpfs_files',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	dontaudit $1 tmpfs_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	auto moutpoints.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_auto_mountpoints',`
-	gen_require(`
-		type autofs_t;
-	')
-
-	allow $1 autofs_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read generic tmpfs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_tmpfs_files',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	read_files_pattern($1, tmpfs_t, tmpfs_t)
-')
-
-########################################
-## <summary>
-##	Read and write generic tmpfs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_rw_tmpfs_files',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	rw_files_pattern($1, tmpfs_t, tmpfs_t)
-')
-
-########################################
-## <summary>
-##	Read tmpfs link files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_read_tmpfs_symlinks',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	read_lnk_files_pattern($1, tmpfs_t, tmpfs_t)
-')
-
-########################################
-## <summary>
-##	Read and write character nodes on tmpfs filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_rw_tmpfs_chr_files',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	allow $1 tmpfs_t:dir list_dir_perms;
-	rw_chr_files_pattern($1, tmpfs_t, tmpfs_t)
-')
-
-########################################
-## <summary>
-##	dontaudit Read and write character nodes on tmpfs filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_use_tmpfs_chr_dev',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	dontaudit $1 tmpfs_t:dir list_dir_perms;
-	dontaudit $1 tmpfs_t:chr_file rw_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	dontaudit Read and write block nodes on tmpfs filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_read_tmpfs_blk_dev',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	dontaudit $1 tmpfs_t:blk_file read_blk_file_perms;
-')
-
-########################################
-## <summary>
-##	Relabel character nodes on tmpfs filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_relabel_tmpfs_chr_file',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	allow $1 tmpfs_t:dir list_dir_perms;
-	relabel_chr_files_pattern($1, tmpfs_t, tmpfs_t)
-')
-
-########################################
-## <summary>
-##	Read and write block nodes on tmpfs filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_rw_tmpfs_blk_files',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	allow $1 tmpfs_t:dir list_dir_perms;
-	rw_blk_files_pattern($1, tmpfs_t, tmpfs_t)
-')
-
-########################################
-## <summary>
-##	Relabel block nodes on tmpfs filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_relabel_tmpfs_blk_file',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	allow $1 tmpfs_t:dir list_dir_perms;
-	relabel_blk_files_pattern($1, tmpfs_t, tmpfs_t)
-')
-
-########################################
-## <summary>
-##	Read and write, create and delete generic
-##	files on tmpfs filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_tmpfs_files',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	manage_files_pattern($1, tmpfs_t, tmpfs_t)
-')
-
-########################################
-## <summary>
-##	Read and write, create and delete symbolic
-##	links on tmpfs filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_tmpfs_symlinks',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	manage_lnk_files_pattern($1, tmpfs_t, tmpfs_t)
-')
-
-########################################
-## <summary>
-##	Read and write, create and delete socket
-##	files on tmpfs filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_tmpfs_sockets',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	manage_sock_files_pattern($1, tmpfs_t, tmpfs_t)
-')
-
-########################################
-## <summary>
-##	Read and write, create and delete character
-##	nodes on tmpfs filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_tmpfs_chr_files',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	manage_chr_files_pattern($1, tmpfs_t, tmpfs_t)
-')
-
-########################################
-## <summary>
-##	Read and write, create and delete block nodes
-##	on tmpfs filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_tmpfs_blk_files',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	manage_blk_files_pattern($1, tmpfs_t, tmpfs_t)
-')
-
-########################################
-## <summary>
-##	Mount a XENFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mount_xenfs',`
-	gen_require(`
-		type xenfs_t;
-	')
-
-	allow $1 xenfs_t:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Search the XENFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_search_xenfs',`
-	gen_require(`
-		type xenfs_t;
-	')
-
-	allow $1 xenfs_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete directories
-##	on a XENFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_manage_xenfs_dirs',`
-	gen_require(`
-		type xenfs_t;
-	')
-
-	allow $1 xenfs_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to create, read,
-##	write, and delete directories
-##	on a XENFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_manage_xenfs_dirs',`
-	gen_require(`
-		type xenfs_t;
-	')
-
-	dontaudit $1 xenfs_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete files
-##	on a XENFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_manage_xenfs_files',`
-	gen_require(`
-		type xenfs_t;
-	')
-
-	manage_files_pattern($1, xenfs_t, xenfs_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to create,
-##	read, write, and delete files
-##	on a XENFS filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_manage_xenfs_files',`
-	gen_require(`
-		type xenfs_t;
-	')
-
-	dontaudit $1 xenfs_t:file manage_file_perms;
-')
-
-########################################
-## <summary>
-##	Mount all filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mount_all_fs',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	allow $1 filesystem_type:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Remount all filesystems.  This
-##	allows some mount options to be changed.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_remount_all_fs',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	allow $1 filesystem_type:filesystem remount;
-')
-
-########################################
-## <summary>
-##	Unmount all filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_unmount_all_fs',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	allow $1 filesystem_type:filesystem unmount;
-')
-
-########################################
-## <summary>
-##	Get the attributes of all filesystems.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to
-##	et the attributes of all filesystems.
-##	Example attributes:
-##	</p>
-##	<ul>
-##		<li>Type of the file system (e.g., ext3)</li>
-##		<li>Size of the file system</li>
-##		<li>Available space on the file system</li>
-##	</ul>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="5"/>
-## <rolecap/>
-#
-interface(`fs_getattr_all_fs',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	allow $1 filesystem_type:filesystem getattr;
-	files_getattr_all_file_type_fs($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	all filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_getattr_all_fs',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	dontaudit $1 filesystem_type:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Get the quotas of all filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_get_all_fs_quotas',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	allow $1 filesystem_type:filesystem quotaget;
-')
-
-########################################
-## <summary>
-##	Set the quotas of all filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_set_all_quotas',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	allow $1 filesystem_type:filesystem quotamod;
-')
-
-########################################
-## <summary>
-##	Relabelfrom all filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_relabelfrom_all_fs',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	allow $1 filesystem_type:filesystem relabelfrom;
-')
-
-########################################
-## <summary>
-##	Get the attributes of all directories
-##	with a filesystem type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_all_dirs',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	allow $1 filesystem_type:dir getattr;
-')
-
-########################################
-## <summary>
-##	Search all directories with a filesystem type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_search_all',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	allow $1 filesystem_type:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List all directories with a filesystem type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_list_all',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	allow $1 filesystem_type:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Get the attributes of all files with
-##	a filesystem type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_all_files',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	getattr_files_pattern($1, filesystem_type, filesystem_type)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of all files with a filesystem type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_getattr_all_files',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	dontaudit $1 filesystem_type:file getattr;
-')
-
-########################################
-## <summary>
-##	Get the attributes of all symbolic links with
-##	a filesystem type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_all_symlinks',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	getattr_lnk_files_pattern($1, filesystem_type, filesystem_type)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of all symbolic links with a filesystem type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_getattr_all_symlinks',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	dontaudit $1 filesystem_type:lnk_file getattr;
-')
-
-########################################
-## <summary>
-##	Get the attributes of all named pipes with
-##	a filesystem type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_all_pipes',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	getattr_fifo_files_pattern($1, filesystem_type, filesystem_type)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of all named pipes with a filesystem type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_getattr_all_pipes',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	dontaudit $1 filesystem_type:fifo_file getattr;
-')
-
-########################################
-## <summary>
-##	Get the attributes of all named sockets with
-##	a filesystem type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_all_sockets',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	getattr_sock_files_pattern($1, filesystem_type, filesystem_type)
-')
-
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of all named sockets with a filesystem type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_getattr_all_sockets',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	dontaudit $1 filesystem_type:sock_file getattr;
-')
-
-########################################
-## <summary>
-##	Get the attributes of all block device nodes with
-##	a filesystem type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_all_blk_files',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	getattr_blk_files_pattern($1, filesystem_type, filesystem_type)
-')
-
-########################################
-## <summary>
-##	Get the attributes of all character device nodes with
-##	a filesystem type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_all_chr_files',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	getattr_chr_files_pattern($1, filesystem_type, filesystem_type)
-')
-
-########################################
-## <summary>
-##	Unconfined access to filesystems
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_unconfined',`
-	gen_require(`
-		attribute filesystem_unconfined_type;
-	')
-
-	typeattribute $1 filesystem_unconfined_type;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write
-##	all leaked filesystems files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_dontaudit_leaks',`
-	gen_require(`
-		attribute filesystem_type;
-	')
-
-	dontaudit $1 filesystem_type:file rw_inherited_file_perms;
-	dontaudit $1 filesystem_type:lnk_file { read };
-')
-
diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
deleted file mode 100644
index a09ab47..0000000
--- a/policy/modules/kernel/filesystem.te
+++ /dev/null
@@ -1,315 +0,0 @@
-policy_module(filesystem, 1.13.3)
-
-########################################
-#
-# Declarations
-#
-
-attribute filesystem_type;
-attribute filesystem_unconfined_type;
-attribute noxattrfs;
-
-##############################
-#
-# fs_t is the default type for persistent
-# filesystems with extended attributes
-#
-type fs_t;
-fs_type(fs_t)
-sid fs gen_context(system_u:object_r:fs_t,s0)
-
-# Use xattrs for the following filesystem types.
-# Requires that a security xattr handler exist for the filesystem.
-fs_use_xattr btrfs gen_context(system_u:object_r:fs_t,s0);
-fs_use_xattr encfs gen_context(system_u:object_r:fs_t,s0);
-fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0);
-fs_use_xattr ext3 gen_context(system_u:object_r:fs_t,s0);
-fs_use_xattr ext4 gen_context(system_u:object_r:fs_t,s0);
-fs_use_xattr ext4dev gen_context(system_u:object_r:fs_t,s0);
-fs_use_xattr gfs gen_context(system_u:object_r:fs_t,s0);
-fs_use_xattr gfs2 gen_context(system_u:object_r:fs_t,s0);
-fs_use_xattr gpfs gen_context(system_u:object_r:fs_t,s0);
-fs_use_xattr jffs2 gen_context(system_u:object_r:fs_t,s0);
-fs_use_xattr jfs gen_context(system_u:object_r:fs_t,s0);
-fs_use_xattr lustre gen_context(system_u:object_r:fs_t,s0);
-fs_use_xattr xfs gen_context(system_u:object_r:fs_t,s0);
-
-# Use the allocating task SID to label inodes in the following filesystem
-# types, and label the filesystem itself with the specified context.
-# This is appropriate for pseudo filesystems that represent objects
-# like pipes and sockets, so that these objects are labeled with the same
-# type as the creating task.
-fs_use_task eventpollfs gen_context(system_u:object_r:fs_t,s0);
-fs_use_task pipefs gen_context(system_u:object_r:fs_t,s0);
-fs_use_task sockfs gen_context(system_u:object_r:fs_t,s0);
-
-##############################
-#
-# Non-persistent/pseudo filesystems
-#
-
-type anon_inodefs_t;
-fs_type(anon_inodefs_t)
-files_mountpoint(anon_inodefs_t)
-genfscon anon_inodefs / gen_context(system_u:object_r:anon_inodefs_t,s0)
-mls_trusted_object(anon_inodefs_t)
-
-type bdev_t;
-fs_type(bdev_t)
-genfscon bdev / gen_context(system_u:object_r:bdev_t,s0)
-
-type binfmt_misc_fs_t;
-fs_type(binfmt_misc_fs_t)
-files_mountpoint(binfmt_misc_fs_t)
-genfscon binfmt_misc / gen_context(system_u:object_r:binfmt_misc_fs_t,s0)
-
-type capifs_t;
-fs_type(capifs_t)
-files_mountpoint(capifs_t)
-genfscon capifs / gen_context(system_u:object_r:capifs_t,s0)
-
-type cgroup_t alias cgroupfs_t;
-fs_type(cgroup_t)
-files_type(cgroup_t)
-files_mountpoint(cgroup_t)
-dev_associate_sysfs(cgroup_t)
-genfscon cgroup / gen_context(system_u:object_r:cgroup_t,s0)
-
-type configfs_t;
-fs_type(configfs_t)
-genfscon configfs / gen_context(system_u:object_r:configfs_t,s0)
-
-type cpusetfs_t;
-fs_type(cpusetfs_t)
-allow cpusetfs_t self:filesystem associate;
-genfscon cpuset / gen_context(system_u:object_r:cpusetfs_t,s0)
-
-type ecryptfs_t;
-fs_noxattr_type(ecryptfs_t)
-files_mountpoint(ecryptfs_t)
-genfscon ecryptfs / gen_context(system_u:object_r:ecryptfs_t,s0)
-
-type eventpollfs_t;
-fs_type(eventpollfs_t)
-# change to task SID 20060628
-#genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0)
-
-type futexfs_t;
-fs_type(futexfs_t)
-genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0)
-
-type hugetlbfs_t;
-fs_type(hugetlbfs_t)
-files_mountpoint(hugetlbfs_t)
-fs_use_trans hugetlbfs gen_context(system_u:object_r:hugetlbfs_t,s0);
-dev_associate(hugetlbfs_t)
-
-type ibmasmfs_t;
-fs_type(ibmasmfs_t)
-allow ibmasmfs_t self:filesystem associate;
-genfscon ibmasmfs / gen_context(system_u:object_r:ibmasmfs_t,s0)
-
-#
-# infinibandeventfs fs
-#
-
-type infinibandeventfs_t;
-fs_type(infinibandeventfs_t)
-allow infinibandeventfs_t self:filesystem associate;
-genfscon infinibandeventfs / gen_context(system_u:object_r:infinibandeventfs_t,s0)
-
-type inotifyfs_t;
-fs_type(inotifyfs_t)
-genfscon inotifyfs / gen_context(system_u:object_r:inotifyfs_t,s0)
-
-type mvfs_t;
-fs_noxattr_type(mvfs_t)
-allow mvfs_t self:filesystem associate;
-genfscon mvfs / gen_context(system_u:object_r:mvfs_t,s0)
-
-type nfsd_fs_t;
-fs_type(nfsd_fs_t)
-genfscon nfsd / gen_context(system_u:object_r:nfsd_fs_t,s0)
-
-type oprofilefs_t;
-fs_type(oprofilefs_t)
-genfscon oprofilefs / gen_context(system_u:object_r:oprofilefs_t,s0)
-
-type ramfs_t;
-fs_type(ramfs_t)
-files_mountpoint(ramfs_t)
-genfscon ramfs / gen_context(system_u:object_r:ramfs_t,s0)
-
-type romfs_t;
-fs_type(romfs_t)
-genfscon romfs / gen_context(system_u:object_r:romfs_t,s0)
-genfscon cramfs / gen_context(system_u:object_r:romfs_t,s0)
-
-type rpc_pipefs_t;
-fs_type(rpc_pipefs_t)
-genfscon rpc_pipefs / gen_context(system_u:object_r:rpc_pipefs_t,s0)
-files_mountpoint(rpc_pipefs_t)
-
-type spufs_t;
-fs_type(spufs_t)
-genfscon spufs / gen_context(system_u:object_r:spufs_t,s0)
-files_mountpoint(spufs_t)
-
-type squash_t;
-fs_type(squash_t)
-genfscon squash / gen_context(system_u:object_r:squash_t,s0)
-files_mountpoint(squash_t)
-
-type sysv_t;
-fs_noxattr_type(sysv_t)
-files_mountpoint(sysv_t)
-genfscon sysv / gen_context(system_u:object_r:sysv_t,s0)
-genfscon v7 / gen_context(system_u:object_r:sysv_t,s0)
-
-type vmblock_t;
-fs_noxattr_type(vmblock_t)
-files_mountpoint(vmblock_t)
-genfscon vmblock / gen_context(system_u:object_r:vmblock_t,s0)
-genfscon vboxsf / gen_context(system_u:object_r:vmblock_t,s0)
-genfscon vmhgfs / gen_context(system_u:object_r:vmblock_t,s0)
-
-type vxfs_t;
-fs_noxattr_type(vxfs_t)
-files_mountpoint(vxfs_t)
-genfscon vxfs / gen_context(system_u:object_r:vxfs_t,s0)
-
-#
-# tmpfs_t is the type for tmpfs filesystems
-#
-type tmpfs_t;
-fs_type(tmpfs_t)
-files_type(tmpfs_t)
-files_mountpoint(tmpfs_t)
-files_poly_parent(tmpfs_t)
-dev_associate(tmpfs_t)
-
-# Use a transition SID based on the allocating task SID and the
-# filesystem SID to label inodes in the following filesystem types,
-# and label the filesystem itself with the specified context.
-# This is appropriate for pseudo filesystems like devpts and tmpfs
-# where we want to label objects with a derived type.
-fs_use_trans mqueue gen_context(system_u:object_r:tmpfs_t,s0);
-fs_use_trans shm gen_context(system_u:object_r:tmpfs_t,s0);
-fs_use_trans tmpfs gen_context(system_u:object_r:tmpfs_t,s0);
-
-allow tmpfs_t noxattrfs:filesystem associate;
-
-type xenfs_t;
-fs_noxattr_type(xenfs_t)
-files_mountpoint(xenfs_t)
-genfscon xenfs / gen_context(system_u:object_r:xenfs_t,s0)
-
-##############################
-#
-# Filesystems without extended attribute support
-#
-
-type autofs_t;
-fs_noxattr_type(autofs_t)
-files_mountpoint(autofs_t)
-genfscon autofs / gen_context(system_u:object_r:autofs_t,s0)
-genfscon automount / gen_context(system_u:object_r:autofs_t,s0)
-
-#
-# cifs_t is the type for filesystems and their
-# files shared from Windows servers
-#
-type cifs_t alias sambafs_t;
-fs_noxattr_type(cifs_t)
-files_mountpoint(cifs_t)
-genfscon cifs / gen_context(system_u:object_r:cifs_t,s0)
-genfscon smbfs / gen_context(system_u:object_r:cifs_t,s0)
-
-#
-# dosfs_t is the type for fat and vfat
-# filesystems and their files.
-#
-type dosfs_t;
-fs_noxattr_type(dosfs_t)
-files_mountpoint(dosfs_t)
-allow dosfs_t fs_t:filesystem associate;
-genfscon fat / gen_context(system_u:object_r:dosfs_t,s0)
-genfscon hfs / gen_context(system_u:object_r:dosfs_t,s0)
-genfscon hfsplus / gen_context(system_u:object_r:dosfs_t,s0)
-genfscon msdos / gen_context(system_u:object_r:dosfs_t,s0)
-genfscon ntfs-3g / gen_context(system_u:object_r:dosfs_t,s0)
-genfscon ntfs / gen_context(system_u:object_r:dosfs_t,s0)
-genfscon vfat / gen_context(system_u:object_r:dosfs_t,s0)
-
-type fusefs_t;
-fs_noxattr_type(fusefs_t)
-files_mountpoint(fusefs_t)
-allow fusefs_t self:filesystem associate;
-allow fusefs_t fs_t:filesystem associate;
-genfscon fuse / gen_context(system_u:object_r:fusefs_t,s0)
-genfscon fuseblk / gen_context(system_u:object_r:fusefs_t,s0)
-genfscon fusectl / gen_context(system_u:object_r:fusefs_t,s0)
-
-#
-# iso9660_t is the type for CD filesystems
-# and their files.
-#
-type iso9660_t;
-fs_noxattr_type(iso9660_t)
-files_mountpoint(iso9660_t)
-genfscon iso9660 / gen_context(system_u:object_r:iso9660_t,s0)
-genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
-
-#
-# removable_t is the default type of all removable media
-#
-type removable_t;
-allow removable_t noxattrfs:filesystem associate;
-fs_noxattr_type(removable_t)
-files_type(removable_t)
-files_mountpoint(removable_t)
-
-#
-# nfs_t is the default type for NFS file systems
-# and their files.
-#
-type nfs_t;
-fs_noxattr_type(nfs_t)
-files_mountpoint(nfs_t)
-genfscon nfs / gen_context(system_u:object_r:nfs_t,s0)
-genfscon nfs4 / gen_context(system_u:object_r:nfs_t,s0)
-genfscon afs / gen_context(system_u:object_r:nfs_t,s0)
-genfscon dazukofs / gen_context(system_u:object_r:nfs_t,s0)
-genfscon coda / gen_context(system_u:object_r:nfs_t,s0)
-genfscon lustre / gen_context(system_u:object_r:nfs_t,s0)
-genfscon ncpfs / gen_context(system_u:object_r:nfs_t,s0)
-genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0)
-genfscon panfs / gen_context(system_u:object_r:nfs_t,s0)
-genfscon gadgetfs / gen_context(system_u:object_r:nfs_t,s0)
-
-########################################
-#
-# Rules for all filesystem types
-#
-
-allow filesystem_type self:filesystem associate;
-
-########################################
-#
-# Rules for filesystems without xattr support
-#
-
-# Allow me to mv from one noxattrfs to another nfs_t to dosfs_t for example
-fs_associate_noxattr(noxattrfs)
-
-########################################
-#
-# Unconfined access to this module
-#
-
-allow filesystem_unconfined_type filesystem_type:filesystem *;
-
-# Create/access other files. fs_type is to pick up various
-# pseudo filesystem types that are applied to both the filesystem
-# and its files.
-allow filesystem_unconfined_type filesystem_type:{ dir file lnk_file sock_file fifo_file chr_file blk_file } *;
diff --git a/policy/modules/kernel/kernel.fc b/policy/modules/kernel/kernel.fc
deleted file mode 100644
index 7be4ddf..0000000
--- a/policy/modules/kernel/kernel.fc
+++ /dev/null
@@ -1 +0,0 @@
-# This module currently does not have any file contexts.
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
deleted file mode 100644
index 10c14fe..0000000
--- a/policy/modules/kernel/kernel.if
+++ /dev/null
@@ -1,2958 +0,0 @@
-## <summary>
-##	Policy for kernel threads, proc filesystem,
-##	and unlabeled processes and objects.
-## </summary>
-## <required val="true">
-##	This module has initial SIDs.
-## </required>
-
-########################################
-## <summary>
-##	Allows to start userland processes
-##	by transitioning to the specified domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The process type entered by kernel.
-##	</summary>
-## </param>
-## <param name="entrypoint">
-##	<summary>
-##	The executable type for the entrypoint.
-##	</summary>
-## </param>
-#
-interface(`kernel_domtrans_to',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	domtrans_pattern(kernel_t, $2, $1)
-')
-
-########################################
-## <summary>
-##	Allows to start userland processes
-##	by transitioning to the specified domain,
-##	with a range transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The process type entered by kernel.
-##	</summary>
-## </param>
-## <param name="entrypoint">
-##	<summary>
-##	The executable type for the entrypoint.
-##	</summary>
-## </param>
-## <param name="range">
-##	<summary>
-##	Range for the domain.
-##	</summary>
-## </param>
-#
-interface(`kernel_ranged_domtrans_to',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	kernel_domtrans_to($1, $2)
-
-	ifdef(`enable_mcs',`
-		range_transition kernel_t $2:process $3;
-	')
-
-	ifdef(`enable_mls',`
-		range_transition kernel_t $2:process $3;
-		mls_rangetrans_target($1)
-	')
-')
-
-########################################
-## <summary>
-##	Allows the kernel to mount filesystems on
-##	the specified directory type.
-## </summary>
-## <param name="directory_type">
-##	<summary>
-##	The type of the directory to use as a mountpoint.
-##	</summary>
-## </param>
-#
-interface(`kernel_rootfs_mountpoint',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow kernel_t $1:dir mounton;
-')
-
-########################################
-## <summary>
-##	Set the process group of kernel threads.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_setpgid',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow $1 kernel_t:process setpgid;
-')
-
-########################################
-## <summary>
-##	Set the priority of kernel threads.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_setsched',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow $1 kernel_t:process setsched;
-')
-
-########################################
-## <summary>
-##	Send a SIGCHLD signal to kernel threads.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_sigchld',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow $1 kernel_t:process sigchld;
-')
-
-########################################
-## <summary>
-##	Send a kill signal to kernel threads.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_kill',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow $1 kernel_t:process sigkill;
-')
-
-########################################
-## <summary>
-##	Send a generic signal to kernel threads.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_signal',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow $1 kernel_t:process signal;
-')
-
-########################################
-## <summary>
-##	Allows the kernel to share state information with
-##	the caller.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The type of the process with which to share state information.
-##	</summary>
-## </param>
-#
-interface(`kernel_share_state',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow kernel_t $1:process share;
-')
-
-########################################
-## <summary>
-##	Permits caller to use kernel file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_use_fds',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow $1 kernel_t:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to use
-##	kernel file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_use_fds',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	dontaudit $1 kernel_t:fd use;
-')
-
-########################################
-## <summary>
-##	Read and write kernel unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_rw_pipes',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow $1 kernel_t:fifo_file { read write };
-')
-
-########################################
-## <summary>
-##	Read and write kernel unix datagram sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_rw_unix_dgram_sockets',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow $1 kernel_t:unix_dgram_socket { read write ioctl };
-')
-
-########################################
-## <summary>
-##	Send messages to kernel unix datagram sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_dgram_send',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow $1 kernel_t:unix_dgram_socket sendto;
-')
-
-########################################
-## <summary>
-##	Receive messages from kernel TCP sockets.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_tcp_recvfrom',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Send UDP network traffic to the kernel.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_udp_send',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Receive messages from kernel UDP sockets.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_udp_recvfrom',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Allows caller to load kernel modules
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_load_module',`
-	gen_require(`
-		attribute can_load_kernmodule;
-	')
-
-	allow $1 self:capability sys_module;
-	typeattribute $1 can_load_kernmodule;
-
-	# load_module() calls stop_machine() which
-	# calls sched_setscheduler()
-	allow $1 self:capability sys_nice;
-	kernel_setsched($1)
-')
-
-########################################
-## <summary>
-##	Allow search the kernel key ring.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_search_key',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow $1 kernel_t:key search;
-')
-
-########################################
-## <summary>
-##	dontaudit search the kernel key ring.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_search_key',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	dontaudit $1 kernel_t:key search;
-')
-
-########################################
-## <summary>
-##	Allow link to the kernel key ring.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_link_key',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow $1 kernel_t:key link;
-')
-
-########################################
-## <summary>
-##	dontaudit link to the kernel key ring.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_link_key',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	dontaudit $1 kernel_t:key link;
-')
-
-########################################
-## <summary>
-##	Allows caller to read the ring buffer.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_read_ring_buffer',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow $1 kernel_t:system syslog_read;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read the ring buffer.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_read_ring_buffer',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	dontaudit $1 kernel_t:system syslog_read;
-')
-
-########################################
-## <summary>
-##	Change the level of kernel messages logged to the console.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_change_ring_buffer_level',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow $1 kernel_t:system syslog_console;
-')
-
-########################################
-## <summary>
-##	Allows the caller to clear the ring buffer.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_clear_ring_buffer',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow $1 kernel_t:system syslog_mod;
-')
-
-########################################
-## <summary>
-##	Allows caller to request the kernel to load a module
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to request that the kernel
-##	load a kernel module.  An example of this is the
-##	auto-loading of network drivers when doing an
-##	ioctl() on a network interface.
-##	</p>
-##	<p>
-##	In the specific case of a module loading request
-##	on a network interface, the domain will also
-##	need the net_admin capability.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_request_load_module',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow $1 kernel_t:system module_request;
-')
-
-########################################
-## <summary>
-##	Do not audit requests to the kernel to load a module.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_request_load_module',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	dontaudit $1 kernel_t:system module_request;
-')
-
-########################################
-## <summary>
-##	Get information on all System V IPC objects.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_get_sysvipc_info',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow $1 kernel_t:system ipc_info;
-')
-
-########################################
-## <summary>
-##	Get the attributes of a kernel debugging filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_getattr_debugfs',`
-	gen_require(`
-		type debugfs_t;
-	')
-
-	allow $1 debugfs_t:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Mount a kernel debugging filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_mount_debugfs',`
-	gen_require(`
-		type debugfs_t;
-	')
-
-	allow $1 debugfs_t:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Unmount a kernel debugging filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_unmount_debugfs',`
-	gen_require(`
-		type debugfs_t;
-	')
-
-	allow $1 debugfs_t:filesystem unmount;
-')
-
-########################################
-## <summary>
-##	Remount a kernel debugging filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_remount_debugfs',`
-	gen_require(`
-		type debugfs_t;
-	')
-
-	allow $1 debugfs_t:filesystem remount;
-')
-
-########################################
-## <summary>
-##	Search the contents of a kernel debugging filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_search_debugfs',`
-	gen_require(`
-		type debugfs_t;
-	')
-
-	search_dirs_pattern($1, debugfs_t, debugfs_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search the kernel debugging filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_search_debugfs',`
-	gen_require(`
-		type debugfs_t;
-	')
-
-	dontaudit $1 debugfs_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read information from the debugging filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_read_debugfs',`
-	gen_require(`
-		type debugfs_t;
-	')
-
-	read_files_pattern($1, debugfs_t, debugfs_t)
-	read_lnk_files_pattern($1, debugfs_t, debugfs_t)
-	list_dirs_pattern($1, debugfs_t, debugfs_t)
-')
-
-########################################
-## <summary>
-##	Read/Write information from the debugging filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_rw_debugfs',`
-	gen_require(`
-		type debugfs_t;
-	')
-
-	rw_files_pattern($1, debugfs_t, debugfs_t)
-	read_lnk_files_pattern($1, debugfs_t, debugfs_t)
-	list_dirs_pattern($1, debugfs_t, debugfs_t)
-')
-
-########################################
-## <summary>
-##	Manage information from the debugging filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_manage_debugfs',`
-	gen_require(`
-		type debugfs_t;
-	')
-
-	manage_files_pattern($1, debugfs_t, debugfs_t)
-	read_lnk_files_pattern($1, debugfs_t, debugfs_t)
-	list_dirs_pattern($1, debugfs_t, debugfs_t)
-')
-
-########################################
-## <summary>
-##	Mount a kernel VM filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_mount_kvmfs',`
-	gen_require(`
-		type kvmfs_t;
-	')
-
-	allow $1 kvmfs_t:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Unmount the proc filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_unmount_proc',`
-	gen_require(`
-		type proc_t;
-	')
-
-	allow $1 proc_t:filesystem unmount;
-')
-
-########################################
-## <summary>
-##	Get the attributes of the proc filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_getattr_proc',`
-	gen_require(`
-		type proc_t;
-	')
-
-	allow $1 proc_t:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Search directories in /proc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_search_proc',`
-	gen_require(`
-		type proc_t;
-	')
-
-	search_dirs_pattern($1, proc_t, proc_t)
-')
-
-########################################
-## <summary>
-##	List the contents of directories in /proc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_list_proc',`
-	gen_require(`
-		type proc_t;
-	')
-
-	list_dirs_pattern($1, proc_t, proc_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to list the
-##	contents of directories in /proc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_list_proc',`
-	gen_require(`
-		type proc_t;
-	')
-
-	dontaudit $1 proc_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Get the attributes of files in /proc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_getattr_proc_files',`
-	gen_require(`
-		type proc_t;
-	')
-
-	getattr_files_pattern($1, proc_t, proc_t)
-')
-
-########################################
-## <summary>
-##	Read generic symbolic links in /proc.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to read (follow) generic
-##	symbolic links (symlinks) in the proc filesystem (/proc).
-##	This interface does not include access to the targets of
-##	these links.  An example symlink is /proc/self.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`kernel_read_proc_symlinks',`
-	gen_require(`
-		type proc_t;
-	')
-
-	read_lnk_files_pattern($1, proc_t, proc_t)
-')
-
-########################################
-## <summary>
-##	Allows caller to read system state information in /proc.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to read general system
-##	state information from the proc filesystem (/proc).
-##	</p>
-##	<p>
-##	Generally it should be safe to allow this access.  Some
-##	example files that can be read based on this interface:
-##	</p>
-##	<ul>
-##		<li>/proc/cpuinfo</li>
-##		<li>/proc/meminfo</li>
-##		<li>/proc/uptime</li>
-##	</ul>
-##	<p>
-##	This does not allow access to sysctl entries (/proc/sys/*)
-##	nor process state information (/proc/pid).
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-## <rolecap/>
-#
-interface(`kernel_read_system_state',`
-	gen_require(`
-		type proc_t;
-	')
-
-	read_files_pattern($1, proc_t, proc_t)
-	read_lnk_files_pattern($1, proc_t, proc_t)
-
-	list_dirs_pattern($1, proc_t, proc_t)
-')
-
-########################################
-## <summary>
-##	Write to generic proc entries.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-# cjp: this should probably go away.  any
-# file thats writable in proc should really
-# have its own label.
-#
-interface(`kernel_write_proc_files',`
-	gen_require(`
-		type proc_t;
-	')
-
-	write_files_pattern($1, proc_t, proc_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts by caller to
-##	read system state information in proc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_read_system_state',`
-	gen_require(`
-		type proc_t;
-	')
-
-	dontaudit $1 proc_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts by caller to
-##	read system state information in proc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_read_proc_symlinks',`
-	gen_require(`
-		type proc_t;
-	')
-
-	dontaudit $1 proc_t:lnk_file read;
-')
-
-#######################################
-## <summary>
-##	Allow caller to read and write state information for AFS.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_rw_afs_state',`
-	gen_require(`
-		type proc_t, proc_afs_t;
-	')
-
-	list_dirs_pattern($1, proc_t, proc_t)
-	rw_files_pattern($1, proc_afs_t, proc_afs_t)
-')
-
-#######################################
-## <summary>
-##	Allow caller to read the state information for software raid.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_read_software_raid_state',`
-	gen_require(`
-		type proc_t, proc_mdstat_t;
-	')
-
-	read_files_pattern($1, proc_t, proc_mdstat_t)
-
-	list_dirs_pattern($1, proc_t, proc_t)
-')
-
-#######################################
-## <summary>
-##	Allow caller to read and set the state information for software raid.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_rw_software_raid_state',`
-	gen_require(`
-		type proc_t, proc_mdstat_t;
-	')
-
-	rw_files_pattern($1, proc_t, proc_mdstat_t)
-
-	list_dirs_pattern($1, proc_t, proc_t)
-')
-
-########################################
-## <summary>
-##	Allows caller to get attribues of core kernel interface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_getattr_core_if',`
-	gen_require(`
-		type proc_t, proc_kcore_t;
-	')
-
-	getattr_files_pattern($1, proc_t, proc_kcore_t)
-
-	list_dirs_pattern($1, proc_t, proc_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes of
-##	core kernel interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_getattr_core_if',`
-	gen_require(`
-		type proc_kcore_t;
-	')
-
-	dontaudit $1 proc_kcore_t:file getattr;
-')
-
-########################################
-## <summary>
-##	Allows caller to read the core kernel interface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_read_core_if',`
-	gen_require(`
-		type proc_t, proc_kcore_t;
-		attribute can_dump_kernel;
-	')
-
-	allow $1 self:capability sys_rawio;
-	read_files_pattern($1, proc_t, proc_kcore_t)
-	list_dirs_pattern($1, proc_t, proc_t)
-
-	typeattribute $1 can_dump_kernel;
-')
-
-########################################
-## <summary>
-##	Allow caller to read kernel messages
-##	using the /proc/kmsg interface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_read_messages',`
-	gen_require(`
-		attribute can_receive_kernel_messages;
-		type proc_kmsg_t, proc_t;
-	')
-
-	read_files_pattern($1, proc_t, proc_kmsg_t)
-
-	typeattribute $1 can_receive_kernel_messages;
-')
-
-########################################
-## <summary>
-##	Allow caller to get the attributes of kernel message
-##	interface (/proc/kmsg).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_getattr_message_if',`
-	gen_require(`
-		type proc_kmsg_t, proc_t;
-	')
-
-	getattr_files_pattern($1, proc_t, proc_kmsg_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts by caller to get the attributes of kernel
-##	message interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_getattr_message_if',`
-	gen_require(`
-		type proc_kmsg_t, proc_t;
-	')
-
-	dontaudit $1 proc_kmsg_t:file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search the network
-##	state directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-##
-#
-interface(`kernel_dontaudit_search_network_state',`
-	gen_require(`
-		type proc_net_t;
-	')
-
-	dontaudit $1 proc_net_t:dir search;
-')
-
-########################################
-## <summary>
-##	Allow searching of network state directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-##
-#
-interface(`kernel_search_network_state',`
-	gen_require(`
-		type proc_net_t;
-	')
-
-	search_dirs_pattern($1, proc_t, proc_net_t)
-')
-
-########################################
-## <summary>
-##	Read the network state information.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to read the networking
-##	state information. This includes several pieces
-##	of networking information, such as network interface
-##	names, netfilter (iptables) statistics, protocol
-##	information, routes, and remote procedure call (RPC)
-##	information.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-## <rolecap/>
-#
-interface(`kernel_read_network_state',`
-	gen_require(`
-		type proc_t, proc_net_t;
-	')
-
-	read_files_pattern($1, { proc_t proc_net_t }, proc_net_t)
-	read_lnk_files_pattern($1, { proc_t proc_net_t }, proc_net_t)
-
-	list_dirs_pattern($1, proc_t, proc_net_t)
-')
-
-########################################
-## <summary>
-##	Allow caller to read the network state symbolic links.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_read_network_state_symlinks',`
-	gen_require(`
-		type proc_t, proc_net_t;
-	')
-
-	read_lnk_files_pattern($1, { proc_t proc_net_t }, proc_net_t)
-
-	list_dirs_pattern($1, proc_t, proc_net_t)
-')
-
-########################################
-## <summary>
-##	Allow searching of xen state directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-##
-#
-interface(`kernel_search_xen_state',`
-	gen_require(`
-		type proc_t, proc_xen_t;
-	')
-
-	search_dirs_pattern($1, proc_t, proc_xen_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search the xen
-##	state directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-##
-#
-interface(`kernel_dontaudit_search_xen_state',`
-	gen_require(`
-		type proc_xen_t;
-	')
-
-	dontaudit $1 proc_xen_t:dir search;
-')
-
-########################################
-## <summary>
-##	Allow caller to read the xen state information.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-##
-#
-interface(`kernel_read_xen_state',`
-	gen_require(`
-		type proc_t, proc_xen_t;
-	')
-
-	read_files_pattern($1, { proc_t proc_xen_t }, proc_xen_t)
-	read_lnk_files_pattern($1, { proc_t proc_xen_t }, proc_xen_t)
-
-	list_dirs_pattern($1, proc_t, proc_xen_t)
-')
-
-########################################
-## <summary>
-##	Allow caller to read the xen state symbolic links.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-##
-#
-interface(`kernel_read_xen_state_symlinks',`
-	gen_require(`
-		type proc_t, proc_xen_t;
-	')
-
-	read_lnk_files_pattern($1, { proc_t proc_xen_t }, proc_xen_t)
-
-	list_dirs_pattern($1, proc_t, proc_xen_t)
-')
-
-########################################
-## <summary>
-##	Allow caller to write xen state information.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-##
-#
-interface(`kernel_write_xen_state',`
-	gen_require(`
-		type proc_t, proc_xen_t;
-	')
-
-	write_files_pattern($1, { proc_t proc_xen_t }, proc_xen_t)
-')
-
-########################################
-## <summary>
-##	Allow attempts to list all proc directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_list_all_proc',`
-	gen_require(`
-		attribute proc_type;
-	')
-
-	allow $1 proc_type:dir list_dir_perms;
-	allow $1 proc_type:file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to list all proc directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_list_all_proc',`
-	gen_require(`
-		attribute proc_type;
-	')
-
-	dontaudit $1 proc_type:dir list_dir_perms;
-	dontaudit $1 proc_type:file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts by caller to search
-##	the base directory of sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-##
-#
-interface(`kernel_dontaudit_search_sysctl',`
-	gen_require(`
-		type sysctl_t;
-	')
-
-	dontaudit $1 sysctl_t:dir search;
-')
-
-########################################
-## <summary>
-##	Allow access to read sysctl directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-##
-#
-interface(`kernel_read_sysctl',`
-	gen_require(`
-		type sysctl_t, proc_t;
-	')
-
-	list_dirs_pattern($1, proc_t, sysctl_t)
-	read_files_pattern($1, sysctl_t, sysctl_t)
-')
-
-########################################
-## <summary>
-##	Allow caller to read the device sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_read_device_sysctls',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_dev_t;
-	')
-
-	read_files_pattern($1, { proc_t sysctl_t sysctl_dev_t }, sysctl_dev_t)
-
-	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_dev_t)
-')
-
-########################################
-## <summary>
-##	Read and write device sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_rw_device_sysctls',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_dev_t;
-	')
-
-	rw_files_pattern($1, { proc_t sysctl_t sysctl_dev_t }, sysctl_dev_t)
-
-	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_dev_t)
-')
-
-########################################
-## <summary>
-##	Allow caller to search virtual memory sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_search_vm_sysctl',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_vm_t;
-	')
-
-	search_dirs_pattern($1, { proc_t sysctl_t }, sysctl_vm_t)
-')
-
-########################################
-## <summary>
-##	Allow caller to read virtual memory sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_read_vm_sysctls',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_vm_t;
-	')
-
-	read_files_pattern($1, { proc_t sysctl_t sysctl_vm_t }, sysctl_vm_t)
-
-	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_vm_t)
-')
-
-########################################
-## <summary>
-##	Read and write virtual memory sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_rw_vm_sysctls',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_vm_t;
-	')
-
-	rw_files_pattern($1 ,{ proc_t sysctl_t sysctl_vm_t }, sysctl_vm_t)
-	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_vm_t)
-
-	# hal needs this
-	allow $1 sysctl_vm_t:dir write;
-')
-
-########################################
-## <summary>
-##	Search network sysctl directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_search_network_sysctl',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_net_t;
-	')
-
-	search_dirs_pattern($1, { proc_t sysctl_t }, sysctl_net_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts by caller to search network sysctl directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_search_network_sysctl',`
-	gen_require(`
-		type sysctl_net_t;
-	')
-
-	dontaudit $1 sysctl_net_t:dir search;
-')
-
-########################################
-## <summary>
-##	Allow caller to read network sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_read_net_sysctls',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_net_t;
-	')
-
-	read_files_pattern($1, { proc_t sysctl_t sysctl_net_t }, sysctl_net_t)
-
-	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_net_t)
-')
-
-########################################
-## <summary>
-##	Allow caller to modiry contents of sysctl network files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_rw_net_sysctls',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_net_t;
-	')
-
-	rw_files_pattern($1, { proc_t sysctl_t sysctl_net_t }, sysctl_net_t)
-
-	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_net_t)
-')
-
-########################################
-## <summary>
-##	Allow caller to read unix domain
-##	socket sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_read_unix_sysctls',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_net_t, sysctl_net_unix_t;
-	')
-
-	read_files_pattern($1, { proc_t sysctl_t sysctl_net_t }, sysctl_net_unix_t)
-
-	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_net_t)
-')
-
-########################################
-## <summary>
-##	Read and write unix domain
-##	socket sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_rw_unix_sysctls',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_net_t, sysctl_net_unix_t;
-	')
-
-	rw_files_pattern($1, { proc_t sysctl_t sysctl_net_t }, sysctl_net_unix_t)
-
-	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_net_t)
-')
-
-########################################
-## <summary>
-##	Read the hotplug sysctl.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_read_hotplug_sysctls',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_kernel_t, sysctl_hotplug_t;
-	')
-
-	read_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_hotplug_t)
-
-	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
-')
-
-########################################
-## <summary>
-##	Read and write the hotplug sysctl.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_rw_hotplug_sysctls',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_kernel_t, sysctl_hotplug_t;
-	')
-
-	rw_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_hotplug_t)
-
-	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
-')
-
-########################################
-## <summary>
-##	Read the modprobe sysctl.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_read_modprobe_sysctls',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_kernel_t, sysctl_modprobe_t;
-	')
-
-	read_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_modprobe_t)
-
-	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
-')
-
-########################################
-## <summary>
-##	Read and write the modprobe sysctl.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_rw_modprobe_sysctls',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_kernel_t, sysctl_modprobe_t;
-	')
-
-	rw_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_modprobe_t)
-
-	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search generic kernel sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_search_kernel_sysctl',`
-	gen_require(`
-		type sysctl_kernel_t;
-	')
-
-	dontaudit $1 sysctl_kernel_t:dir search;
-')
-
-########################################
-## <summary>
-##	Read generic crypto sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_read_crypto_sysctls',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_crypto_t;
-	')
-
-	read_files_pattern($1, { proc_t sysctl_t sysctl_crypto_t }, sysctl_crypto_t)
-	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_crypto_t)
-')
-
-########################################
-## <summary>
-##	Read general kernel sysctls.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to read general
-##	kernel sysctl settings. These settings are typically
-##	read using the sysctl program.  The settings
-##	that are included by this interface are prefixed
-##	with "kernel.", for example, kernel.sysrq.
-##	</p>
-##	<p>
-##	This does not include access to the hotplug
-##	handler setting (kernel.hotplug)
-##	nor the module installer handler setting
-##	(kernel.modprobe).
-##	</p>
-##	<p>
-##	Related interfaces:
-##	</p>
-##	<ul>
-##		<li>kernel_rw_kernel_sysctl()</li>
-##	</ul>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`kernel_read_kernel_sysctls',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_kernel_t;
-	')
-
-	read_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_kernel_t)
-
-	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write generic kernel sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_write_kernel_sysctl',`
-	gen_require(`
-		type sysctl_kernel_t;
-	')
-
-	dontaudit $1 sysctl_kernel_t:file write;
-')
-
-########################################
-## <summary>
-##	Read and write generic kernel sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_rw_kernel_sysctl',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_kernel_t;
-	')
-
-	rw_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_kernel_t)
-
-	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
-')
-
-########################################
-## <summary>
-##	Read filesystem sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_read_fs_sysctls',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_fs_t;
-	')
-
-	read_files_pattern($1, { proc_t sysctl_t sysctl_fs_t }, sysctl_fs_t)
-
-	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_fs_t)
-')
-
-########################################
-## <summary>
-##	Read and write fileystem sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_rw_fs_sysctls',`
-	gen_require(`
-		type proc_t, sysctl_t, sysctl_fs_t;
-	')
-
-	rw_files_pattern($1, { proc_t sysctl_t sysctl_fs_t }, sysctl_fs_t)
-
-	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_fs_t)
-')
-
-########################################
-## <summary>
-##	Read IRQ sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_read_irq_sysctls',`
-	gen_require(`
-		type proc_t, sysctl_irq_t;
-	')
-
-	read_files_pattern($1, { proc_t sysctl_irq_t }, sysctl_irq_t)
-
-	list_dirs_pattern($1, proc_t, sysctl_irq_t)
-')
-
-########################################
-## <summary>
-##	Read and write IRQ sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_rw_irq_sysctls',`
-	gen_require(`
-		type proc_t, sysctl_irq_t;
-	')
-
-	rw_files_pattern($1, { proc_t sysctl_irq_t }, sysctl_irq_t)
-
-	list_dirs_pattern($1, proc_t, sysctl_irq_t)
-')
-
-########################################
-## <summary>
-##	Read RPC sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_read_rpc_sysctls',`
-	gen_require(`
-		type proc_t, proc_net_t, sysctl_rpc_t;
-	')
-
-	read_files_pattern($1, { proc_t proc_net_t sysctl_rpc_t }, sysctl_rpc_t)
-
-	list_dirs_pattern($1, { proc_t proc_net_t }, sysctl_rpc_t)
-')
-
-########################################
-## <summary>
-##	Read and write RPC sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_rw_rpc_sysctls',`
-	gen_require(`
-		type proc_t, proc_net_t, sysctl_rpc_t;
-	')
-
-	rw_files_pattern($1, { proc_t proc_net_t sysctl_rpc_t }, sysctl_rpc_t)
-
-	list_dirs_pattern($1, { proc_t proc_net_t }, sysctl_rpc_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to list all sysctl directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_list_all_sysctls',`
-	gen_require(`
-		attribute sysctl_type;
-	')
-
-	dontaudit $1 sysctl_type:dir list_dir_perms;
-	dontaudit $1 sysctl_type:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow caller to read all sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_read_all_sysctls',`
-	gen_require(`
-		attribute sysctl_type;
-		type proc_t, proc_net_t;
-	')
-
-	# proc_net_t for /proc/net/rpc sysctls
-	read_files_pattern($1, { proc_t proc_net_t sysctl_type }, sysctl_type)
-
-	list_dirs_pattern($1, { proc_t proc_net_t }, sysctl_type)
-')
-
-########################################
-## <summary>
-##	Read and write all sysctls.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kernel_rw_all_sysctls',`
-	gen_require(`
-		attribute sysctl_type;
-		type proc_t, proc_net_t;
-	')
-
-	# proc_net_t for /proc/net/rpc sysctls
-	rw_files_pattern($1, { proc_t proc_net_t sysctl_type }, sysctl_type)
-
-	allow $1 sysctl_type:dir list_dir_perms;
-	# why is setattr needed?
-	allow $1 sysctl_type:file setattr;
-')
-
-########################################
-## <summary>
-##	Send a kill signal to unlabeled processes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_kill_unlabeled',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:process sigkill;
-')
-
-########################################
-## <summary>
-##	Mount a kernel unlabeled filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_mount_unlabeled',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:filesystem mount;
-')
-
-########################################
-## <summary>
-##	Unmount a kernel unlabeled filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_unmount_unlabeled',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:filesystem unmount;
-')
-
-########################################
-## <summary>
-##	Send general signals to unlabeled processes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_signal_unlabeled',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send a null signal to unlabeled processes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_signull_unlabeled',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:process signull;
-')
-
-########################################
-## <summary>
-##	Send a stop signal to unlabeled processes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_sigstop_unlabeled',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:process sigstop;
-')
-
-########################################
-## <summary>
-##	Send a child terminated signal to unlabeled processes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_sigchld_unlabeled',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:process sigchld;
-')
-
-########################################
-## <summary>
-##	List unlabeled directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_list_unlabeled',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read the process state (/proc/pid) of all unlabeled_t.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_read_unlabeled_state',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:dir list_dir_perms;
-	read_files_pattern($1, unlabeled_t, unlabeled_t)
-	read_lnk_files_pattern($1, unlabeled_t, unlabeled_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to list unlabeled directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_list_unlabeled',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	dontaudit $1 unlabeled_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read and write unlabeled directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_rw_unlabeled_dirs',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:dir rw_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read and write unlabeled files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_rw_unlabeled_files',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts by caller to get the
-##	attributes of an unlabeled file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_getattr_unlabeled_files',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	dontaudit $1 unlabeled_t:file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts by caller to
-##	read an unlabeled file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_read_unlabeled_files',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	dontaudit $1 unlabeled_t:file { getattr read };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts by caller to get the
-##	attributes of unlabeled symbolic links.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_getattr_unlabeled_symlinks',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	dontaudit $1 unlabeled_t:lnk_file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts by caller to get the
-##	attributes of unlabeled named pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_getattr_unlabeled_pipes',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	dontaudit $1 unlabeled_t:fifo_file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts by caller to get the
-##	attributes of unlabeled named sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_getattr_unlabeled_sockets',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	dontaudit $1 unlabeled_t:sock_file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts by caller to get attributes for
-##	unlabeled block devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_getattr_unlabeled_blk_files',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	dontaudit $1 unlabeled_t:blk_file getattr;
-')
-
-########################################
-## <summary>
-##	Read and write unlabeled block device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_rw_unlabeled_blk_files',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:blk_file getattr;
-')
-
-########################################
-## <summary>
-##	Read and write unlabeled sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_rw_unlabeled_socket',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:socket rw_socket_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts by caller to get attributes for
-##	unlabeled character devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_getattr_unlabeled_chr_files',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	dontaudit $1 unlabeled_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Allow caller to relabel unlabeled directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_relabelfrom_unlabeled_dirs',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:dir { list_dir_perms relabelfrom };
-')
-
-########################################
-## <summary>
-##	Allow caller to relabel unlabeled files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_relabelfrom_unlabeled_files',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	kernel_list_unlabeled($1)
-	allow $1 unlabeled_t:file { getattr relabelfrom };
-')
-
-########################################
-## <summary>
-##	Allow caller to relabel unlabeled symbolic links.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_relabelfrom_unlabeled_symlinks',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	kernel_list_unlabeled($1)
-	allow $1 unlabeled_t:lnk_file { getattr relabelfrom };
-')
-
-########################################
-## <summary>
-##	Allow caller to relabel unlabeled named pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_relabelfrom_unlabeled_pipes',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	kernel_list_unlabeled($1)
-	allow $1 unlabeled_t:fifo_file { getattr relabelfrom };
-')
-
-########################################
-## <summary>
-##	Allow caller to relabel unlabeled named sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_relabelfrom_unlabeled_sockets',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	kernel_list_unlabeled($1)
-	allow $1 unlabeled_t:sock_file { getattr relabelfrom };
-')
-
-########################################
-## <summary>
-##	Send and receive messages from an
-##	unlabeled IPSEC association.
-## </summary>
-## <desc>
-##	<p>
-##	Send and receive messages from an
-##	unlabeled IPSEC association.  Network
-##	connections that are not protected
-##	by IPSEC have use an unlabeled
-##	assocation.
-##	</p>
-##	<p>
-##	The corenetwork interface
-##	corenet_non_ipsec_sendrecv() should
-##	be used instead of this one.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_sendrecv_unlabeled_association',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:association { sendto recvfrom };
-
-	# temporary hack until labeling on packets is supported
-	allow $1 unlabeled_t:packet { send recv };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to send and receive messages
-##	from an	unlabeled IPSEC association.
-## </summary>
-## <desc>
-##	<p>
-##	Do not audit attempts to send and receive messages
-##	from an	unlabeled IPSEC association.  Network
-##	connections that are not protected
-##	by IPSEC have use an unlabeled
-##	assocation.
-##	</p>
-##	<p>
-##	The corenetwork interface
-##	corenet_dontaudit_non_ipsec_sendrecv() should
-##	be used instead of this one.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_sendrecv_unlabeled_association',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	dontaudit $1 unlabeled_t:association { sendto recvfrom };
-')
-
-########################################
-## <summary>
-##	Receive TCP packets from an unlabeled connection.
-## </summary>
-## <desc>
-##	<p>
-##	Receive TCP packets from an unlabeled connection.
-##	</p>
-##	<p>
-##	The corenetwork interface corenet_tcp_recv_unlabeled() should
-##	be used instead of this one.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_tcp_recvfrom_unlabeled',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:tcp_socket recvfrom;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive TCP packets from an unlabeled
-##	connection.
-## </summary>
-## <desc>
-##	<p>
-##	Do not audit attempts to receive TCP packets from an unlabeled
-##	connection.
-##	</p>
-##	<p>
-##	The corenetwork interface corenet_dontaudit_tcp_recv_unlabeled()
-##	should be used instead of this one.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_tcp_recvfrom_unlabeled',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	dontaudit $1 unlabeled_t:tcp_socket recvfrom;
-')
-
-########################################
-## <summary>
-##	Receive UDP packets from an unlabeled connection.
-## </summary>
-## <desc>
-##	<p>
-##	Receive UDP packets from an unlabeled connection.
-##	</p>
-##	<p>
-##	The corenetwork interface corenet_udp_recv_unlabeled() should
-##	be used instead of this one.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_udp_recvfrom_unlabeled',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:udp_socket recvfrom;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive UDP packets from an unlabeled
-##	connection.
-## </summary>
-## <desc>
-##	<p>
-##	Do not audit attempts to receive UDP packets from an unlabeled
-##	connection.
-##	</p>
-##	<p>
-##	The corenetwork interface corenet_dontaudit_udp_recv_unlabeled()
-##	should be used instead of this one.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_udp_recvfrom_unlabeled',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	dontaudit $1 unlabeled_t:udp_socket recvfrom;
-')
-
-########################################
-## <summary>
-##	Receive Raw IP packets from an unlabeled connection.
-## </summary>
-## <desc>
-##	<p>
-##	Receive Raw IP packets from an unlabeled connection.
-##	</p>
-##	<p>
-##	The corenetwork interface corenet_raw_recv_unlabeled() should
-##	be used instead of this one.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_raw_recvfrom_unlabeled',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:rawip_socket recvfrom;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive Raw IP packets from an unlabeled
-##	connection.
-## </summary>
-## <desc>
-##	<p>
-##	Do not audit attempts to receive Raw IP packets from an unlabeled
-##	connection.
-##	</p>
-##	<p>
-##	The corenetwork interface corenet_dontaudit_raw_recv_unlabeled()
-##	should be used instead of this one.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_raw_recvfrom_unlabeled',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	dontaudit $1 unlabeled_t:rawip_socket recvfrom;
-')
-
-########################################
-## <summary>
-##	Send and receive unlabeled packets.
-## </summary>
-## <desc>
-##	<p>
-##	Send and receive unlabeled packets.
-##	These packets do not match any netfilter
-##	SECMARK rules.
-##	</p>
-##	<p>
-##	The corenetwork interface
-##	corenet_sendrecv_unlabeled_packets() should
-##	be used instead of this one.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_sendrecv_unlabeled_packets',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:packet { send recv };
-')
-
-########################################
-## <summary>
-##	Receive packets from an unlabeled peer.
-## </summary>
-## <desc>
-##	<p>
-##	Receive packets from an unlabeled peer, these packets do not have any
-##	peer labeling information present.
-##	</p>
-##	<p>
-##	The corenetwork interface corenet_recvfrom_unlabeled_peer() should
-##	be used instead of this one.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_recvfrom_unlabeled_peer',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:peer recv;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to receive packets from an unlabeled peer.
-## </summary>
-## <desc>
-##	<p>
-##	Do not audit attempts to receive packets from an unlabeled peer,
-##	these packets do not have any peer labeling information present.
-##	</p>
-##	<p>
-##	The corenetwork interface corenet_dontaudit_*_recvfrom_unlabeled()
-##	should be used instead of this one.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_recvfrom_unlabeled_peer',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	dontaudit $1 unlabeled_t:peer recv;
-')
-
-########################################
-## <summary>
-##	Relabel from unlabeled database objects.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_relabelfrom_unlabeled_database',`
-	gen_require(`
-		type unlabeled_t;
-		class db_database { setattr relabelfrom };
-		class db_table { setattr relabelfrom };
-		class db_procedure { setattr relabelfrom };
-		class db_column { setattr relabelfrom };
-		class db_tuple { update relabelfrom };
-		class db_blob { setattr relabelfrom };
-	')
-
-	allow $1 unlabeled_t:db_database { setattr relabelfrom };
-	allow $1 unlabeled_t:db_table { setattr relabelfrom };
-	allow $1 unlabeled_t:db_procedure { setattr relabelfrom };
-	allow $1 unlabeled_t:db_column { setattr relabelfrom };
-	allow $1 unlabeled_t:db_tuple { update relabelfrom };
-	allow $1 unlabeled_t:db_blob { setattr relabelfrom };
-')
-
-########################################
-## <summary>
-##      Relabel to unlabeled context .
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`kernel_relabelto_unlabeled',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	allow $1 unlabeled_t:dir_file_class_set relabelto;
-')
-
-########################################
-## <summary>
-##	Unconfined access to kernel module resources.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_unconfined',`
-	gen_require(`
-		attribute kern_unconfined;
-	')
-
-	typeattribute $1 kern_unconfined;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to connect to
-##	the kernel with a unix socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kernel_stream_connect',`
-	gen_require(`
-		type kernel_t;
-	')
-
-	allow $1 kernel_t:unix_stream_socket connectto;
-')
-
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
deleted file mode 100644
index 17eb1ca..0000000
--- a/policy/modules/kernel/kernel.te
+++ /dev/null
@@ -1,405 +0,0 @@
-policy_module(kernel, 1.12.2)
-
-########################################
-#
-# Declarations
-#
-
-# assertion related attributes
-attribute can_load_kernmodule;
-attribute can_receive_kernel_messages;
-attribute can_dump_kernel;
-
-neverallow ~{ can_load_kernmodule kern_unconfined } self:capability sys_module;
-
-# domains with unconfined access to kernel resources
-attribute kern_unconfined;
-
-# regular entries in proc
-attribute proc_type;
-
-# sysctls
-attribute sysctl_type;
-
-role system_r;
-role sysadm_r;
-role staff_r;
-role user_r;
-
-# here until order dependence is fixed:
-role unconfined_r;
-
-ifdef(`enable_mls',`
-	role secadm_r;
-	role auditadm_r;
-')
-
-#
-# kernel_t is the domain of kernel threads.
-# It is also the target type when checking permissions in the system class.
-#
-type kernel_t, can_load_kernmodule;
-domain_base_type(kernel_t)
-mls_rangetrans_source(kernel_t)
-role system_r types kernel_t;
-sid kernel gen_context(system_u:system_r:kernel_t,mls_systemhigh)
-
-#
-# DebugFS
-#
-
-type debugfs_t;
-fs_type(debugfs_t)
-allow debugfs_t self:filesystem associate;
-genfscon debugfs / gen_context(system_u:object_r:debugfs_t,s0)
-
-#
-# kvmFS
-#
-
-type kvmfs_t;
-fs_type(kvmfs_t)
-genfscon kvmfs / gen_context(system_u:object_r:kvmfs_t,s0)
-
-#
-# Procfs types
-#
-
-type proc_t, proc_type;
-files_mountpoint(proc_t)
-fs_type(proc_t)
-genfscon proc / gen_context(system_u:object_r:proc_t,s0)
-genfscon proc /sysvipc gen_context(system_u:object_r:proc_t,s0)
-
-type proc_afs_t, proc_type;
-genfscon proc /fs/openafs gen_context(system_u:object_r:proc_afs_t,s0)
-
-# kernel message interface
-type proc_kmsg_t, proc_type;
-genfscon proc /kmsg gen_context(system_u:object_r:proc_kmsg_t,mls_systemhigh)
-neverallow ~{ can_receive_kernel_messages kern_unconfined } proc_kmsg_t:file ~getattr;
-
-# /proc kcore: inaccessible
-type proc_kcore_t, proc_type;
-neverallow ~{ can_dump_kernel kern_unconfined } proc_kcore_t:file ~getattr;
-genfscon proc /kcore gen_context(system_u:object_r:proc_kcore_t,mls_systemhigh)
-
-type proc_mdstat_t, proc_type;
-genfscon proc /mdstat gen_context(system_u:object_r:proc_mdstat_t,s0)
-
-type proc_net_t, proc_type;
-genfscon proc /net gen_context(system_u:object_r:proc_net_t,s0)
-
-type proc_xen_t, proc_type;
-files_mountpoint(proc_xen_t)
-genfscon proc /xen gen_context(system_u:object_r:proc_xen_t,s0)
-
-#
-# Sysctl types
-#
-
-# /proc/sys directory, base directory of sysctls
-type sysctl_t, sysctl_type;
-files_mountpoint(sysctl_t)
-sid sysctl gen_context(system_u:object_r:sysctl_t,s0)
-genfscon proc /sys gen_context(system_u:object_r:sysctl_t,s0)
-
-# /proc/irq directory and files
-type sysctl_irq_t, sysctl_type;
-genfscon proc /irq gen_context(system_u:object_r:sysctl_irq_t,s0)
-
-# /proc/net/rpc directory and files
-type sysctl_rpc_t, sysctl_type;
-genfscon proc /net/rpc gen_context(system_u:object_r:sysctl_rpc_t,s0)
-
-# /proc/sys/crypto directory and files
-type sysctl_crypto_t, sysctl_type;
-genfscon proc /sys/crypto gen_context(system_u:object_r:sysctl_crypto_t,s0)
-
-# /proc/sys/fs directory and files
-type sysctl_fs_t, sysctl_type;
-files_mountpoint(sysctl_fs_t)
-genfscon proc /sys/fs gen_context(system_u:object_r:sysctl_fs_t,s0)
-
-# /proc/sys/kernel directory and files
-type sysctl_kernel_t, sysctl_type;
-genfscon proc /sys/kernel gen_context(system_u:object_r:sysctl_kernel_t,s0)
-
-# /proc/sys/kernel/modprobe file
-type sysctl_modprobe_t, sysctl_type;
-genfscon proc /sys/kernel/modprobe gen_context(system_u:object_r:sysctl_modprobe_t,s0)
-
-# /proc/sys/kernel/hotplug file
-type sysctl_hotplug_t, sysctl_type;
-genfscon proc /sys/kernel/hotplug gen_context(system_u:object_r:sysctl_hotplug_t,s0)
-
-# /proc/sys/net directory and files
-type sysctl_net_t, sysctl_type;
-genfscon proc /sys/net gen_context(system_u:object_r:sysctl_net_t,s0)
-
-# /proc/sys/net/unix directory and files
-type sysctl_net_unix_t, sysctl_type;
-genfscon proc /sys/net/unix gen_context(system_u:object_r:sysctl_net_unix_t,s0)
-
-# /proc/sys/vm directory and files
-type sysctl_vm_t, sysctl_type;
-genfscon proc /sys/vm gen_context(system_u:object_r:sysctl_vm_t,s0)
-
-# /proc/sys/dev directory and files
-type sysctl_dev_t, sysctl_type;
-genfscon proc /sys/dev gen_context(system_u:object_r:sysctl_dev_t,s0)
-
-#
-# unlabeled_t is the type of unlabeled objects.
-# Objects that have no known labeling information or that
-# have labels that are no longer valid are treated as having this type.
-#
-type unlabeled_t;
-sid unlabeled gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
-fs_associate(unlabeled_t)
-
-# These initial sids are no longer used, and can be removed:
-sid any_socket		gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
-sid file_labels		gen_context(system_u:object_r:unlabeled_t,s0)
-sid icmp_socket		gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
-sid igmp_packet		gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
-sid init		gen_context(system_u:object_r:unlabeled_t,s0)
-sid kmod		gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
-sid policy		gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
-sid scmp_packet		gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
-sid sysctl_modprobe 	gen_context(system_u:object_r:unlabeled_t,s0)
-sid sysctl_fs		gen_context(system_u:object_r:unlabeled_t,s0)
-sid sysctl_kernel	gen_context(system_u:object_r:unlabeled_t,s0)
-sid sysctl_net		gen_context(system_u:object_r:unlabeled_t,s0)
-sid sysctl_net_unix	gen_context(system_u:object_r:unlabeled_t,s0)
-sid sysctl_vm		gen_context(system_u:object_r:unlabeled_t,s0)
-sid sysctl_dev		gen_context(system_u:object_r:unlabeled_t,s0)
-sid tcp_socket		gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
-
-########################################
-#
-# kernel local policy
-#
-
-allow kernel_t self:capability *;
-allow kernel_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow kernel_t self:shm create_shm_perms;
-allow kernel_t self:sem create_sem_perms;
-allow kernel_t self:msg { send receive };
-allow kernel_t self:msgq create_msgq_perms;
-allow kernel_t self:unix_dgram_socket create_socket_perms;
-allow kernel_t self:unix_stream_socket create_stream_socket_perms;
-allow kernel_t self:unix_dgram_socket sendto;
-allow kernel_t self:unix_stream_socket connectto;
-allow kernel_t self:fifo_file rw_fifo_file_perms;
-allow kernel_t self:sock_file read_sock_file_perms;
-allow kernel_t self:fd use;
-
-allow kernel_t debugfs_t:dir search_dir_perms;
-
-allow kernel_t proc_t:dir list_dir_perms;
-allow kernel_t proc_t:file read_file_perms;
-allow kernel_t proc_t:lnk_file read_lnk_file_perms;
-
-allow kernel_t proc_net_t:dir list_dir_perms;
-allow kernel_t proc_net_t:file read_file_perms;
-
-allow kernel_t proc_mdstat_t:file read_file_perms;
-
-allow kernel_t proc_kcore_t:file getattr;
-
-allow kernel_t proc_kmsg_t:file getattr;
-
-allow kernel_t sysctl_kernel_t:dir list_dir_perms;
-allow kernel_t sysctl_kernel_t:file read_file_perms;
-allow kernel_t sysctl_t:dir list_dir_perms;
-
-# Other possible mount points for the root fs are in files
-allow kernel_t unlabeled_t:dir mounton;
-# Kernel-generated traffic e.g., TCP resets on
-# connections with invalidated labels:
-allow kernel_t unlabeled_t:packet send;
-
-# Allow unlabeled network traffic
-allow unlabeled_t unlabeled_t:packet { forward_in forward_out };
-corenet_in_generic_if(unlabeled_t)
-corenet_in_generic_node(unlabeled_t)
-
-corenet_all_recvfrom_unlabeled(kernel_t)
-corenet_all_recvfrom_netlabel(kernel_t)
-# Kernel-generated traffic e.g., ICMP replies:
-corenet_raw_sendrecv_all_if(kernel_t)
-corenet_raw_sendrecv_all_nodes(kernel_t)
-corenet_raw_send_generic_if(kernel_t)
-# Kernel-generated traffic e.g., TCP resets:
-corenet_tcp_sendrecv_all_if(kernel_t)
-corenet_tcp_sendrecv_all_nodes(kernel_t)
-corenet_raw_send_generic_node(kernel_t)
-corenet_send_all_packets(kernel_t)
-
-dev_read_sysfs(kernel_t)
-dev_search_usbfs(kernel_t)
-# devtmpfs handling:
-dev_create_generic_dirs(kernel_t)
-dev_delete_generic_dirs(kernel_t)
-dev_create_generic_blk_files(kernel_t)
-dev_delete_generic_blk_files(kernel_t)
-dev_create_generic_chr_files(kernel_t)
-dev_delete_generic_chr_files(kernel_t)
-dev_mounton(kernel_t)
-dev_filetrans_named_dev(kernel_t)
-
-# Mount root file system. Used when loading a policy
-# from initrd, then mounting the root filesystem
-fs_mount_all_fs(kernel_t)
-fs_unmount_all_fs(kernel_t)
-
-selinux_load_policy(kernel_t)
-
-term_use_all_terms(kernel_t)
-term_use_ptmx(kernel_t)
-
-corecmd_exec_shell(kernel_t)
-corecmd_list_bin(kernel_t)
-# /proc/sys/kernel/modprobe is set to /bin/true if not using modules.
-corecmd_exec_bin(kernel_t)
-
-domain_signal_all_domains(kernel_t)
-domain_search_all_domains_state(kernel_t)
-
-files_list_root(kernel_t)
-files_list_etc(kernel_t)
-files_list_home(kernel_t)
-files_read_usr_files(kernel_t)
-files_manage_mounttab(kernel_t)
-files_manage_generic_spool_dirs(kernel_t)
-
-mcs_process_set_categories(kernel_t)
-mcs_file_read_all(kernel_t)
-mcs_file_write_all(kernel_t)
-
-mls_process_read_up(kernel_t)
-mls_process_write_down(kernel_t)
-mls_file_write_all_levels(kernel_t)
-mls_file_read_all_levels(kernel_t)
-mls_socket_write_all_levels(kernel_t) 
-mls_fd_share_all_levels(kernel_t) 
-
-logging_manage_generic_logs(kernel_t)
-
-ifdef(`distro_redhat',`
-	# Bugzilla 222337
-	fs_rw_tmpfs_chr_files(kernel_t)
-')
-
-userdom_user_home_dir_filetrans_user_home_content(kernel_t, { file dir })
-
-optional_policy(`
-	hotplug_search_config(kernel_t)
-')
-
-optional_policy(`
-	init_sigchld(kernel_t)
-')
-
-optional_policy(`
-	libs_use_ld_so(kernel_t)
-	libs_use_shared_libs(kernel_t)
-')
-
-optional_policy(`
-	logging_send_syslog_msg(kernel_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(kernel_t)
-')
-
-optional_policy(`
-	# nfs kernel server needs kernel UDP access. It is less risky and painful
-	# to just give it everything.
-	allow kernel_t self:tcp_socket create_stream_socket_perms;
-	allow kernel_t self:udp_socket create_socket_perms;
-
-	# nfs kernel server needs kernel UDP access. It is less risky and painful
-	# to just give it everything.
-	corenet_udp_sendrecv_generic_if(kernel_t)
-	corenet_udp_sendrecv_generic_node(kernel_t)
-	corenet_udp_sendrecv_all_ports(kernel_t)
-	corenet_udp_bind_generic_node(kernel_t)
-	corenet_sendrecv_portmap_client_packets(kernel_t)
-	corenet_sendrecv_generic_server_packets(kernel_t)
-
-	fs_getattr_xattr_fs(kernel_t)
-
-	auth_dontaudit_getattr_shadow(kernel_t)
-
-	sysnet_read_config(kernel_t)
-
-	rpc_manage_nfs_ro_content(kernel_t)
-	rpc_manage_nfs_rw_content(kernel_t)
-	rpc_udp_rw_nfs_sockets(kernel_t)
-
-	tunable_policy(`nfs_export_all_ro',`
-		fs_getattr_noxattr_fs(kernel_t)
-		fs_list_noxattr_fs(kernel_t)
-		fs_read_noxattr_fs_files(kernel_t)
-		fs_read_noxattr_fs_symlinks(kernel_t)
-
-		auth_read_all_dirs_except_shadow(kernel_t)
-		auth_read_all_files_except_shadow(kernel_t)
-		auth_read_all_symlinks_except_shadow(kernel_t)
-	')
-
-	tunable_policy(`nfs_export_all_rw',`
-		fs_getattr_noxattr_fs(kernel_t)
-		fs_list_noxattr_fs(kernel_t)
-		fs_read_noxattr_fs_files(kernel_t)
-		fs_read_noxattr_fs_symlinks(kernel_t)
-
-		auth_manage_all_files_except_shadow(kernel_t)
-	')
-')
-
-optional_policy(`
-	seutil_read_config(kernel_t)
-	seutil_read_bin_policy(kernel_t)
-')
-
-optional_policy(`
-	unconfined_domain_noaudit(kernel_t)
-')
-
-optional_policy(`
-	xserver_xdm_manage_spool(kernel_t)
-')
-
-########################################
-#
-# Unlabeled process local policy
-#
-
-optional_policy(`
-	# If you load a new policy that removes active domains, processes can
-	# get stuck if you do not allow unlabeled processes to signal init.
-	# If you load an incompatible policy, you should probably reboot,
-	# since you may have compromised system security.
-	init_sigchld(unlabeled_t)
-')
-
-########################################
-#
-# Rules for unconfined acccess to this module
-#
-
-allow kern_unconfined proc_type:{ dir file lnk_file } *;
-
-allow kern_unconfined sysctl_type:{ dir file } *;
-
-allow kern_unconfined kernel_t:system *;
-
-allow kern_unconfined unlabeled_t:dir_file_class_set *;
-allow kern_unconfined unlabeled_t:filesystem *;
-allow kern_unconfined unlabeled_t:association *;
-allow kern_unconfined unlabeled_t:packet *;
-allow kern_unconfined unlabeled_t:process ~{ transition dyntransition execmem execstack execheap };
diff --git a/policy/modules/kernel/mcs.fc b/policy/modules/kernel/mcs.fc
deleted file mode 100644
index fa8a4b1..0000000
--- a/policy/modules/kernel/mcs.fc
+++ /dev/null
@@ -1 +0,0 @@
-# no MCS file contexts
diff --git a/policy/modules/kernel/mcs.if b/policy/modules/kernel/mcs.if
deleted file mode 100644
index 3d62385..0000000
--- a/policy/modules/kernel/mcs.if
+++ /dev/null
@@ -1,131 +0,0 @@
-## <summary>Multicategory security policy</summary>
-## <required val="true">
-##	Contains attributes used in MCS policy.
-## </required>
-
-########################################
-## <summary>
-##	This domain is allowed to read files and directories
-##	regardless of their MCS category set.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain target for user exemption.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mcs_file_read_all',`
-	gen_require(`
-		attribute mcsreadall;
-	')
-
-	typeattribute $1 mcsreadall;
-')
-
-########################################
-## <summary>
-##	This domain is allowed to write files and directories
-##	regardless of their MCS category set.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain target for user exemption.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mcs_file_write_all',`
-	gen_require(`
-		attribute mcswriteall;
-	')
-
-	typeattribute $1 mcswriteall;
-')
-
-########################################
-## <summary>
-##	This domain is allowed to sigkill and sigstop 
-##	all domains regardless of their MCS category set.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain target for user exemption.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mcs_killall',`
-	gen_require(`
-		attribute mcskillall;
-	')
-
-	typeattribute $1 mcskillall;
-')
-
-########################################
-## <summary>
-##	This domain is allowed to ptrace
-##	all domains regardless of their MCS
-##	category set.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain target for user exemption.
-##	</summary>
-## </param>
-#
-interface(`mcs_ptrace_all',`
-	gen_require(`
-		attribute mcsptraceall;
-	')
-
-	typeattribute $1 mcsptraceall;
-')
-
-########################################
-## <summary>
-##	Make specified domain MCS trusted
-##	for setting any category set for
-##	the processes it executes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain target for user exemption.
-##	</summary>
-## </param>
-#
-interface(`mcs_process_set_categories',`
-	gen_require(`
-		attribute mcssetcats;
-	')
-
-	typeattribute $1 mcssetcats;
-')
-
-########################################
-## <summary>
-##	Make specified process type MCS untrusted.
-## </summary>
-## <desc>
-##	<p>
-##	Make specified process type MCS untrusted.  This
-##	prevents this process from sending signals to other processes 
-##      with different mcs labels
-##	object.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	The type of the process.
-##	</summary>
-## </param>
-#
-interface(`mcs_untrusted_proc',`
-	gen_require(`
-		attribute mcsuntrustedproc;
-	')
-
-	typeattribute $1 mcsuntrustedproc;
-')
-
diff --git a/policy/modules/kernel/mcs.te b/policy/modules/kernel/mcs.te
deleted file mode 100644
index dbf577f..0000000
--- a/policy/modules/kernel/mcs.te
+++ /dev/null
@@ -1,14 +0,0 @@
-policy_module(mcs, 1.2.0)
-
-########################################
-#
-# Declarations
-#
-
-attribute mcskillall;
-attribute mcsptraceall;
-attribute mcssetcats;
-attribute mcswriteall;
-attribute mcsreadall;
-attribute mcsuntrustedproc;
-
diff --git a/policy/modules/kernel/metadata.xml b/policy/modules/kernel/metadata.xml
deleted file mode 100644
index d1da3a2..0000000
--- a/policy/modules/kernel/metadata.xml
+++ /dev/null
@@ -1 +0,0 @@
-<summary>Policy modules for kernel resources.</summary>
diff --git a/policy/modules/kernel/mls.fc b/policy/modules/kernel/mls.fc
deleted file mode 100644
index 13df19e..0000000
--- a/policy/modules/kernel/mls.fc
+++ /dev/null
@@ -1 +0,0 @@
-# No MLS file contexts.
diff --git a/policy/modules/kernel/mls.if b/policy/modules/kernel/mls.if
deleted file mode 100644
index d178478..0000000
--- a/policy/modules/kernel/mls.if
+++ /dev/null
@@ -1,984 +0,0 @@
-## <summary>Multilevel security policy</summary>
-## <desc>
-##	<p>
-##	This module contains interfaces for handling multilevel
-##	security.  The interfaces allow the specified subjects
-##	and objects to be allowed certain privileges in the
-##	MLS rules.
-##	</p>
-## </desc>
-## <required val="true">
-##	Contains attributes used in MLS policy.
-## </required>
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for reading from files up to its clearance.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_file_read_to_clearance',`
-	gen_require(`
-		attribute mlsfilereadtoclr;
-	')
-
-	typeattribute $1 mlsfilereadtoclr;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for reading from files at all levels.  (Deprecated)
-## </summary>
-## <desc>
-##	<p>
-##	Make specified domain MLS trusted
-##	for reading from files at all levels.
-##	</p>
-##	<p>
-##	This interface has been deprecated, please use
-##	mls_file_read_all_levels() instead.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mls_file_read_up',`
-	refpolicywarn(`$0($*) has been deprecated, please use mls_file_read_all_levels() instead.')
-	mls_file_read_all_levels($1)
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for reading from files at all levels.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_file_read_all_levels',`
-	gen_require(`
-		attribute mlsfileread;
-	')
-
-	typeattribute $1 mlsfileread;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for write to files up to its clearance.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_file_write_to_clearance',`
-	gen_require(`
-		attribute mlsfilewritetoclr;
-	')
-
-	typeattribute $1 mlsfilewritetoclr;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for writing to files at all levels.  (Deprecated)
-## </summary>
-## <desc>
-##	<p>
-##	Make specified domain MLS trusted
-##	for writing to files at all levels.
-##	</p>
-##	<p>
-##	This interface has been deprecated, please use
-##	mls_file_write_all_levels() instead.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mls_file_write_down',`
-	refpolicywarn(`$0($*) has been deprecated, please use mls_file_write_all_levels() instead.')
-	mls_file_write_all_levels($1)
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for writing to files at all levels.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_file_write_all_levels',`
-	gen_require(`
-		attribute mlsfilewrite;
-	')
-
-	typeattribute $1 mlsfilewrite;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for raising the level of files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_file_upgrade',`
-	gen_require(`
-		attribute mlsfileupgrade;
-	')
-
-	typeattribute $1 mlsfileupgrade;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for lowering the level of files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_file_downgrade',`
-	gen_require(`
-		attribute mlsfiledowngrade;
-	')
-
-	typeattribute $1 mlsfiledowngrade;
-')
-
-########################################
-## <summary>
-##	Make specified domain trusted to
-##	be written to within its MLS range.
-##	The subject's MLS range must be a
-##	proper subset of the object's MLS range.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_file_write_within_range',`
-	gen_require(`
-		attribute mlsfilewriteinrange;
-	')
-
-	typeattribute $1 mlsfilewriteinrange;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for reading from sockets at any level.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_socket_read_all_levels',`
-	gen_require(`
-		attribute mlsnetread;
-	')
-
-	typeattribute $1 mlsnetread;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for reading from sockets at any level
-##	that is dominated by the process clearance.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_socket_read_to_clearance',`
-	gen_require(`
-		attribute mlsnetreadtoclr;
-	')
-
-	typeattribute $1 mlsnetreadtoclr;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for writing to sockets up to
-##	its clearance.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_socket_write_to_clearance',`
-	gen_require(`
-		attribute mlsnetwritetoclr;
-	')
-
-	typeattribute $1 mlsnetwritetoclr;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for writing to sockets at any level.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_socket_write_all_levels',`
-	gen_require(`
-		attribute mlsnetwrite;
-	')
-
-	typeattribute $1 mlsnetwrite;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for receiving network data from 
-##	network interfaces or hosts at any level.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_net_receive_all_levels',`
-	gen_require(`
-		attribute mlsnetrecvall;
-	')
-
-	typeattribute $1 mlsnetrecvall;
-')
-
-########################################
-## <summary>
-##	Make specified domain trusted to
-##	write to network objects within its MLS range.
-##	The subject's MLS range must be a
-##	proper subset of the object's MLS range.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_net_write_within_range',`
-	gen_require(`
-		attribute mlsnetwriteranged;
-	')
-
-	typeattribute $1 mlsnetwriteranged;
-')
-
-########################################
-## <summary>
-##	Make specified domain trusted to
-##	write inbound packets regardless of the
-##	network's or node's MLS range.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_net_inbound_all_levels',`
-	gen_require(`
-		attribute mlsnetinbound;
-	')
-
-	typeattribute $1 mlsnetinbound;
-')
-
-########################################
-## <summary>
-##	Make specified domain trusted to
-##	write outbound packets regardless of the
-##	network's or node's MLS range.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_net_outbound_all_levels',`
-	gen_require(`
-		attribute mlsnetoutbound;
-	')
-
-	typeattribute $1 mlsnetoutbound;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for reading from System V IPC objects
-##	up to its clearance.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_sysvipc_read_to_clearance',`
-	gen_require(`
-		attribute mlsipcreadtoclr;
-	')
-
-	typeattribute $1 mlsipcreadtoclr;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for reading from System V IPC objects
-##	at any level.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_sysvipc_read_all_levels',`
-	gen_require(`
-		attribute mlsipcread;
-	')
-
-	typeattribute $1 mlsipcread;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for writing to System V IPC objects
-##	up to its clearance.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_sysvipc_write_to_clearance',`
-	gen_require(`
-		attribute mlsipcwritetoclr;
-	')
-
-	typeattribute $1 mlsipcwritetoclr;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for writing to System V IPC objects
-##	at any level.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_sysvipc_write_all_levels',`
-	gen_require(`
-		attribute mlsipcwrite;
-	')
-
-	typeattribute $1 mlsipcwrite;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to do a MLS
-##	range transition that changes
-##	the current level.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mls_rangetrans_source',`
-	gen_require(`
-		attribute privrangetrans;
-	')
-
-	typeattribute $1 privrangetrans;
-')
-
-########################################
-## <summary>
-##	Make specified domain a target domain
-##	for MLS range transitions that change
-##	the current level.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mls_rangetrans_target',`
-	gen_require(`
-		attribute mlsrangetrans;
-	')
-
-	typeattribute $1 mlsrangetrans;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for reading from processes up to
-##	its clearance.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_process_read_to_clearance',`
-	gen_require(`
-		attribute mlsprocreadtoclr;
-	')
-
-	typeattribute $1 mlsprocreadtoclr;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for reading from processes at all levels.  (Deprecated)
-## </summary>
-## <desc>
-##	<p>
-##	Make specified domain MLS trusted
-##	for reading from processes at all levels.
-##	</p>
-##	<p>
-##	This interface has been deprecated, please use
-##	mls_process_read_all_levels() instead.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mls_process_read_up',`
-#	refpolicywarn(`$0($*) has been deprecated, please use mls_process_read_all_levels() instead.')
-	mls_process_read_all_levels($1)
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for reading from processes at all levels.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_process_read_all_levels',`
-	gen_require(`
-		attribute mlsprocread;
-	')
-
-	typeattribute $1 mlsprocread;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for writing to processes up to
-##	its clearance.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_process_write_to_clearance',`
-	gen_require(`
-		attribute mlsprocwritetoclr;
-	')
-
-	typeattribute $1 mlsprocwritetoclr;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for writing to processes at all levels.  (Deprecated)
-## </summary>
-## <desc>
-##	<p>
-##	Make specified domain MLS trusted
-##	for writing to processes at all levels.
-##	</p>
-##	<p>
-##	This interface has been deprecated, please use
-##	mls_process_write_all_levels() instead.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mls_process_write_down',`
-#	refpolicywarn(`$0($*) has been deprecated, please use mls_process_write_all_levels() instead.')
-	mls_process_write_all_levels($1)
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for writing to processes at all levels.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_process_write_all_levels',`
-	gen_require(`
-		attribute mlsprocwrite;
-	')
-
-	typeattribute $1 mlsprocwrite;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for setting the level of processes
-##	it executes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_process_set_level',`
-	gen_require(`
-		attribute mlsprocsetsl;
-	')
-
-	typeattribute $1 mlsprocsetsl;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for reading from X objects up to its clearance.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_xwin_read_to_clearance',`
-	gen_require(`
-		attribute mlsxwinreadtoclr;
-	')
-
-	typeattribute $1 mlsxwinreadtoclr;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for reading from X objects at any level.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_xwin_read_all_levels',`
-	gen_require(`
-		attribute mlsxwinread;
-	')
-
-	typeattribute $1 mlsxwinread;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for write to X objects up to its clearance.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_xwin_write_to_clearance',`
-	gen_require(`
-		attribute mlsxwinwritetoclr;
-	')
-
-	typeattribute $1 mlsxwinwritetoclr;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for writing to X objects at any level.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_xwin_write_all_levels',`
-	gen_require(`
-		attribute mlsxwinwrite;
-	')
-
-	typeattribute $1 mlsxwinwrite;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for reading from X colormaps at any level.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_colormap_read_all_levels',`
-	gen_require(`
-		attribute mlsxwinreadcolormap;
-	')
-
-	typeattribute $1 mlsxwinreadcolormap;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for writing to X colormaps at any level.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_colormap_write_all_levels',`
-	gen_require(`
-		attribute mlsxwinwritecolormap;
-	')
-
-	typeattribute $1 mlsxwinwritecolormap;
-')
-
-########################################
-## <summary>
-##	Make specified object MLS trusted.
-## </summary>
-## <desc>
-##	<p>
-##	Make specified object MLS trusted.  This
-##	allows all levels to read and write the
-##	object.
-##	</p>
-##	<p>
-##	This currently only applies to filesystem
-##	objects, for example, files and directories.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	The type of the object.
-##	</summary>
-## </param>
-#
-interface(`mls_trusted_object',`
-	gen_require(`
-		attribute mlstrustedobject;
-	')
-
-	typeattribute $1 mlstrustedobject;
-')
-
-########################################
-## <summary>
-##	Make the specified domain trusted
-##	to inherit and use file descriptors
-##	from all levels.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_fd_use_all_levels',`
-	gen_require(`
-		attribute mlsfduse;
-	')
-
-	typeattribute $1 mlsfduse;
-')
-
-########################################
-## <summary>
-##	Make the file descriptors from the
-##	specifed domain inheritable by
-##	all levels.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_fd_share_all_levels',`
-	gen_require(`
-		attribute mlsfdshare;
-	')
-
-	typeattribute $1 mlsfdshare;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for translating contexts at all levels.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_context_translate_all_levels',`
-	gen_require(`
-		attribute mlstranslate;
-	')
-
-	typeattribute $1 mlstranslate;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for reading from databases at any level.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_db_read_all_levels',`
-	gen_require(`
-		attribute mlsdbread;
-	')
-
-	typeattribute $1 mlsdbread;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for writing to databases at any level.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_db_write_all_levels',`
-	gen_require(`
-		attribute mlsdbwrite;
-	')
-
-	typeattribute $1 mlsdbwrite;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for raising the level of databases.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_db_upgrade',`
-	gen_require(`
-		attribute mlsdbupgrade;
-	')
-
-	typeattribute $1 mlsdbupgrade;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for lowering the level of databases.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_db_downgrade',`
-	gen_require(`
-		attribute mlsdbdowngrade;
-	')
-
-	typeattribute $1 mlsdbdowngrade;
-')
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for sending dbus messages to 
-##	all levels.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_dbus_send_all_levels',`
-	gen_require(`
-		attribute mlsdbussend;
-	')
-
-	typeattribute $1 mlsdbussend;
-')
-
-########################################
-## <summary>
-##	Make specified domain MLS trusted
-##	for receiving dbus messages from 
-##	all levels.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mls_dbus_recv_all_levels',`
-	gen_require(`
-		attribute mlsdbusrecv;
-	')
-
-	typeattribute $1 mlsdbusrecv;
-')
diff --git a/policy/modules/kernel/mls.te b/policy/modules/kernel/mls.te
deleted file mode 100644
index 8c7bd90..0000000
--- a/policy/modules/kernel/mls.te
+++ /dev/null
@@ -1,69 +0,0 @@
-policy_module(mls, 1.8.0)
-
-########################################
-#
-# Declarations
-#
-
-attribute mlsfileread;
-attribute mlsfilereadtoclr;
-attribute mlsfilewrite;
-attribute mlsfilewritetoclr;
-attribute mlsfilewriteinrange;
-attribute mlsfileupgrade;
-attribute mlsfiledowngrade;
-
-attribute mlsnetread;
-attribute mlsnetreadtoclr;
-attribute mlsnetwrite;
-attribute mlsnetwritetoclr;
-attribute mlsnetwriteranged;
-attribute mlsnetupgrade;
-attribute mlsnetdowngrade;
-attribute mlsnetrecvall;
-attribute mlsnetinbound;
-attribute mlsnetoutbound;
-
-attribute mlsipcread;
-attribute mlsipcreadtoclr;
-attribute mlsipcwrite;
-attribute mlsipcwritetoclr;
-
-attribute mlsprocread;
-attribute mlsprocreadtoclr;
-attribute mlsprocwrite;
-attribute mlsprocwritetoclr;
-attribute mlsprocsetsl;
-
-attribute mlsxwinread;
-attribute mlsxwinreadtoclr;
-attribute mlsxwinwrite;
-attribute mlsxwinwritetoclr;
-attribute mlsxwinreadproperty;
-attribute mlsxwinwriteproperty;
-attribute mlsxwinreadselection;
-attribute mlsxwinwriteselection;
-attribute mlsxwinreadcolormap;
-attribute mlsxwinwritecolormap;
-attribute mlsxwinwritexinput;
-
-attribute mlsdbread;
-attribute mlsdbreadtoclr;
-attribute mlsdbwrite;
-attribute mlsdbwritetoclr;
-attribute mlsdbwriteinrange;
-attribute mlsdbupgrade;
-attribute mlsdbdowngrade;
-
-attribute mlstrustedobject;
-
-attribute privrangetrans;
-attribute mlsrangetrans;
-
-attribute mlsfduse; 
-attribute mlsfdshare;
-
-attribute mlstranslate;
-
-attribute mlsdbusrecv;
-attribute mlsdbussend;
diff --git a/policy/modules/kernel/selinux.fc b/policy/modules/kernel/selinux.fc
deleted file mode 100644
index 7be4ddf..0000000
--- a/policy/modules/kernel/selinux.fc
+++ /dev/null
@@ -1 +0,0 @@
-# This module currently does not have any file contexts.
diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
deleted file mode 100644
index bc1ed0f..0000000
--- a/policy/modules/kernel/selinux.if
+++ /dev/null
@@ -1,686 +0,0 @@
-## <summary>
-##	Policy for kernel security interface, in particular, selinuxfs.
-## </summary>
-## <required val="true">
-##	Contains the policy for the kernel SELinux security interface.
-## </required>
-
-########################################
-## <summary>
-##	Make the specified type used for labeling SELinux Booleans.
-##	This interface is only usable in the base module.
-## </summary>
-## <desc>
-##	<p>
-##	Make the specified type used for labeling SELinux Booleans.
-##	</p>
-##	<p>
-##	This makes use of genfscon statements, which are only
-##	available in the base module.  Thus any module which calls this
-##	interface must be included in the base module.
-##	</p>
-## </desc>
-## <param name="type">
-##	<summary>
-##	Type used for labeling a Boolean.
-##	</summary>
-## </param>
-## <param name="boolean">
-##	<summary>
-##	Name of the Boolean.
-##	</summary>
-## </param>
-#
-interface(`selinux_labeled_boolean',`
-	gen_require(`
-		attribute boolean_type;
-	')
-
-	typeattribute $1 boolean_type;
-
-	# because of this statement, any module which
-	# calls this interface must be in the base module:
-#	genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
-')
-
-########################################
-## <summary>
-##	Get the mountpoint of the selinuxfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`selinux_get_fs_mount',`
-	gen_require(`
-		type security_t;
-	')
-
-	# starting in libselinux 2.0.5, init_selinuxmnt() will
-	# attempt to short circuit by checking if SELINUXMNT
-	# (/selinux) is already a selinuxfs
-	allow $1 security_t:filesystem getattr;
-
-	# read /proc/filesystems to see if selinuxfs is supported
-	# then read /proc/self/mount to see where selinuxfs is mounted
-	kernel_read_system_state($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the mountpoint
-##	of the selinuxfs filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`selinux_dontaudit_get_fs_mount',`
-	gen_require(`
-		type security_t;
-	')
-
-	# starting in libselinux 2.0.5, init_selinuxmnt() will
-	# attempt to short circuit by checking if SELINUXMNT
-	# (/selinux) is already a selinuxfs
-	dontaudit $1 security_t:filesystem getattr;
-
-	# read /proc/filesystems to see if selinuxfs is supported
-	# then read /proc/self/mount to see where selinuxfs is mounted
-	kernel_dontaudit_read_system_state($1)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the selinuxfs filesystem
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`selinux_getattr_fs',`
-	gen_require(`
-		type security_t;
-	')
-
-	allow $1 security_t:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the
-##	attributes of the selinuxfs filesystem
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`selinux_dontaudit_getattr_fs',`
-	gen_require(`
-		type security_t;
-	')
-
-	dontaudit $1 security_t:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the
-##	attributes of the selinuxfs directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`selinux_dontaudit_getattr_dir',`
-	gen_require(`
-		type security_t;
-	')
-
-	dontaudit $1 security_t:dir getattr;
-')
-
-########################################
-## <summary>
-##	Search selinuxfs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`selinux_search_fs',`
-	gen_require(`
-		type security_t;
-	')
-
-	allow $1 security_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search selinuxfs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`selinux_dontaudit_search_fs',`
-	gen_require(`
-		type security_t;
-	')
-
-	dontaudit $1 security_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read
-##	generic selinuxfs entries
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`selinux_dontaudit_read_fs',`
-	gen_require(`
-		type security_t;
-	')
-
-	selinux_dontaudit_getattr_fs($1)
-	dontaudit $1 security_t:dir search_dir_perms;
-	dontaudit $1 security_t:file read_file_perms;
-')
-
-
-########################################
-## <summary>
-##	Do not audit attempts to write
-##	generic selinuxfs entries
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`selinux_dontaudit_write_fs',`
-	gen_require(`
-		type security_t;
-	')
-
-	dontaudit $1 security_t:dir write;
-')
-
-########################################
-## <summary>
-##	Allows the caller to get the mode of policy enforcement
-##	(enforcing or permissive mode).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`selinux_get_enforce_mode',`
-	gen_require(`
-		type security_t;
-	')
-
-	selinux_get_fs_mount($1)
-	allow $1 security_t:dir list_dir_perms;
-	allow $1 security_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow caller to set the mode of policy enforcement
-##	(enforcing or permissive mode).
-## </summary>
-## <desc>
-##	<p>
-##	Allow caller to set the mode of policy enforcement
-##	(enforcing or permissive mode).
-##	</p>
-##	<p>
-##	Since this is a security event, this action is
-##	always audited.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`selinux_set_enforce_mode',`
-	gen_require(`
-		type security_t;
-		attribute can_setenforce;
-		bool secure_mode_policyload;
-	')
-
-	allow $1 security_t:dir list_dir_perms;
-	allow $1 security_t:file rw_file_perms;
-	typeattribute $1 can_setenforce;
-
-	if(!secure_mode_policyload) {
-		allow $1 security_t:security setenforce;
-
-		ifdef(`distro_rhel4',`
-			# needed for systems without audit support
-			auditallow $1 security_t:security setenforce;
-		')
-	}
-')
-
-########################################
-## <summary>
-##	Allow caller to load the policy into the kernel.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`selinux_load_policy',`
-	gen_require(`
-		type security_t;
-		attribute can_load_policy;
-		bool secure_mode_policyload;
-	')
-
-	allow $1 security_t:dir list_dir_perms;
-	allow $1 security_t:file rw_file_perms;
-	typeattribute $1 can_load_policy;
-
-	if(!secure_mode_policyload) {
-		allow $1 security_t:security load_policy;
-
-		ifdef(`distro_rhel4',`
-			# needed for systems without audit support
-			auditallow $1 security_t:security load_policy;
-		')
-	}
-')
-
-########################################
-## <summary>
-##	Allow caller to set the state of Booleans to
-##	enable or disable conditional portions of the policy.  (Deprecated)
-## </summary>
-## <desc>
-##	<p>
-##	Allow caller to set the state of Booleans to
-##	enable or disable conditional portions of the policy.
-##	</p>
-##	<p>
-##	Since this is a security event, this action is
-##	always audited.
-##	</p>
-##	<p>
-##	This interface has been deprecated.  Please use
-##	selinux_set_generic_booleans() or selinux_set_all_booleans()
-##	instead.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`selinux_set_boolean',`
-	refpolicywarn(`$0($*) has been deprecated, use selinux_set_generic_booleans() instead.')
-	selinux_set_generic_booleans($1)
-')
-
-########################################
-## <summary>
-##	Allow caller to set the state of generic Booleans to
-##	enable or disable conditional portions of the policy.
-## </summary>
-## <desc>
-##	<p>
-##	Allow caller to set the state of generic Booleans to
-##	enable or disable conditional portions of the policy.
-##	</p>
-##	<p>
-##	Since this is a security event, this action is
-##	always audited.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`selinux_set_generic_booleans',`
-	gen_require(`
-		type security_t;
-		bool secure_mode_policyload;
-	')
-
-	allow $1 security_t:dir list_dir_perms;
-	allow $1 security_t:file rw_file_perms;
-
-	if(!secure_mode_policyload) {
-		allow $1 security_t:security setbool;
-
-		ifdef(`distro_rhel4',`
-			# needed for systems without audit support
-			auditallow $1 security_t:security setbool;
-		')
-	}
-')
-
-########################################
-## <summary>
-##	Allow caller to set the state of all Booleans to
-##	enable or disable conditional portions of the policy.
-## </summary>
-## <desc>
-##	<p>
-##	Allow caller to set the state of all Booleans to
-##	enable or disable conditional portions of the policy.
-##	</p>
-##	<p>
-##	Since this is a security event, this action is
-##	always audited.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`selinux_set_all_booleans',`
-	gen_require(`
-		type security_t;
-		attribute boolean_type;
-		bool secure_mode_policyload;
-	')
-
-	allow $1 security_t:dir list_dir_perms;
-	allow $1 boolean_type:dir list_dir_perms;
-	allow $1 boolean_type:file rw_file_perms;
-
-	if(!secure_mode_policyload) {
-		allow $1 security_t:security setbool;
-
-		ifdef(`distro_rhel4',`
-			# needed for systems without audit support
-			auditallow $1 security_t:security setbool;
-		')
-	}
-')
-
-########################################
-## <summary>
-##	Allow caller to set SELinux access vector cache parameters.
-## </summary>
-## <desc>
-##	<p>
-##	Allow caller to set SELinux access vector cache parameters.
-##	The allows the domain to set performance related parameters
-##	of the AVC, such as cache threshold.
-##	</p>
-##	<p>
-##	Since this is a security event, this action is
-##	always audited.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`selinux_set_parameters',`
-	gen_require(`
-		type security_t;
-		attribute can_setsecparam;
-	')
-
-	allow $1 security_t:dir list_dir_perms;
-	allow $1 security_t:file rw_file_perms;
-	allow $1 security_t:security setsecparam;
-	auditallow $1 security_t:security setsecparam;
-	typeattribute $1 can_setsecparam;
-')
-
-########################################
-## <summary>
-##	Allows caller to validate security contexts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`selinux_validate_context',`
-	gen_require(`
-		type security_t;
-	')
-
-	allow $1 security_t:dir list_dir_perms;
-	allow $1 security_t:file rw_file_perms;
-	allow $1 security_t:security check_context;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to validate security contexts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`selinux_dontaudit_validate_context',`
-	gen_require(`
-		type security_t;
-	')
-
-	dontaudit $1 security_t:dir list_dir_perms;
-	dontaudit $1 security_t:file rw_file_perms;
-	dontaudit $1 security_t:security check_context;
-')
-
-########################################
-## <summary>
-##	Allows caller to compute an access vector.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`selinux_compute_access_vector',`
-	gen_require(`
-		type security_t;
-	')
-
-	allow $1 security_t:dir list_dir_perms;
-	allow $1 security_t:file rw_file_perms;
-	allow $1 security_t:security compute_av;
-')
-
-########################################
-## <summary>
-##	Calculate the default type for object creation.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`selinux_compute_create_context',`
-	gen_require(`
-		type security_t;
-	')
-
-	allow $1 security_t:dir list_dir_perms;
-	allow $1 security_t:file rw_file_perms;
-	allow $1 security_t:security compute_create;
-')
-
-########################################
-## <summary>
-##	Allows caller to compute polyinstatntiated
-##	directory members.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`selinux_compute_member',`
-	gen_require(`
-		type security_t;
-	')
-
-	allow $1 security_t:dir list_dir_perms;
-	allow $1 security_t:file rw_file_perms;
-	allow $1 security_t:security compute_member;
-')
-
-########################################
-## <summary>
-##	Calculate the context for relabeling objects.
-## </summary>
-## <desc>
-##	<p>
-##	Calculate the context for relabeling objects.
-##	This is determined by using the type_change
-##	rules in the policy, and is generally used
-##	for determining the context for relabeling
-##	a terminal when a user logs in.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`selinux_compute_relabel_context',`
-	gen_require(`
-		type security_t;
-	')
-
-	allow $1 security_t:dir list_dir_perms;
-	allow $1 security_t:file rw_file_perms;
-	allow $1 security_t:security compute_relabel;
-')
-
-########################################
-## <summary>
-##	Allows caller to compute possible contexts for a user.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`selinux_compute_user_contexts',`
-	gen_require(`
-		type security_t;
-	')
-
-	allow $1 security_t:dir list_dir_perms;
-	allow $1 security_t:file rw_file_perms;
-	allow $1 security_t:security compute_user;
-')
-
-########################################
-## <summary>
-##	Unconfined access to the SELinux kernel security server.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`selinux_unconfined',`
-	gen_require(`
-		attribute selinux_unconfined_type;
-	')
-
-	typeattribute $1 selinux_unconfined_type;
-')
-
-########################################
-## <summary>
-##	Generate a file context for a boolean type
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`selinux_genbool',`
-	gen_require(`
-		attribute boolean_type;
-	')
-
-	type $1, boolean_type;
-	fs_type($1)
-	mls_trusted_object($1)
-')
-
-########################################
-## <summary>
-##	Unmount a security filesystem.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The type of the domain unmounting the filesystem.
-##	</summary>
-## </param>
-#
-interface(`selinux_unmount_fs',`
-	gen_require(`
-		type security_t;
-	')
-
-	allow $1 security_t:filesystem unmount;
-')
-
diff --git a/policy/modules/kernel/selinux.te b/policy/modules/kernel/selinux.te
deleted file mode 100644
index 499e997..0000000
--- a/policy/modules/kernel/selinux.te
+++ /dev/null
@@ -1,51 +0,0 @@
-policy_module(selinux, 1.8.0)
-
-########################################
-#
-# Declarations
-#
-
-attribute boolean_type;
-attribute can_load_policy;
-attribute can_setenforce;
-attribute can_setsecparam;
-attribute selinux_unconfined_type;
-
-# 
-# security_t is the target type when checking
-# the permissions in the security class.  It is also
-# applied to selinuxfs inodes.
-#
-type security_t, boolean_type;
-fs_type(security_t)
-mls_trusted_object(security_t)
-sid security gen_context(system_u:object_r:security_t,mls_systemhigh)
-genfscon selinuxfs / gen_context(system_u:object_r:security_t,s0)
-genfscon securityfs / gen_context(system_u:object_r:security_t,s0)
-
-neverallow ~{ selinux_unconfined_type can_load_policy } security_t:security load_policy;
-neverallow ~{ selinux_unconfined_type can_setenforce } security_t:security setenforce;
-neverallow ~{ selinux_unconfined_type can_setsecparam } security_t:security setsecparam;
-
-########################################
-#
-# Unconfined access to this module
-#
-
-# use SELinuxfs
-allow selinux_unconfined_type security_t:dir list_dir_perms;
-allow selinux_unconfined_type security_t:file rw_file_perms;
-allow selinux_unconfined_type boolean_type:file read_file_perms;
-
-# Access the security API.
-allow selinux_unconfined_type security_t:security ~{ load_policy setenforce setbool };
-
-if(!secure_mode_policyload) {
-	allow selinux_unconfined_type boolean_type:file rw_file_perms;
-	allow selinux_unconfined_type security_t:security { load_policy setenforce setbool };
-
-	ifdef(`distro_rhel4',`
-		# needed for systems without audit support
-		auditallow selinux_unconfined_type security_t:security { load_policy setenforce setbool };
-	')
-}
diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc
deleted file mode 100644
index 811b859..0000000
--- a/policy/modules/kernel/storage.fc
+++ /dev/null
@@ -1,82 +0,0 @@
-
-/dev/n?(raw)?[qr]ft[0-3] -c	gen_context(system_u:object_r:tape_device_t,s0)
-/dev/n?[hs]t[0-9].*	-c	gen_context(system_u:object_r:tape_device_t,s0)
-/dev/n?z?qft[0-3]	-c	gen_context(system_u:object_r:tape_device_t,s0)
-/dev/n?osst[0-3].*	-c	gen_context(system_u:object_r:tape_device_t,s0)
-/dev/n?pt[0-9]+		-c	gen_context(system_u:object_r:tape_device_t,s0)
-/dev/n?tpqic[12].*	-c	gen_context(system_u:object_r:tape_device_t,s0)
-/dev/[shmxv]d[^/]*	-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/aztcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/bpcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/bsg/.+		-c	gen_context(system_u:object_r:scsi_generic_device_t,s0)
-/dev/cdu.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/cm20.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/dasd[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/dm-[0-9]+		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/drbd[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/etherd/.+		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/fd[^/]+		-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/flash[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/gscd		-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/hitcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/ht[0-1]		-b	gen_context(system_u:object_r:tape_device_t,s0)
-/dev/hwcdrom		-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/initrd		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/jsfd		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/jsflash		-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/loop.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/lvm		-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/mcdx?		-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/megadev.*		-c	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/mmcblk.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/mspblk.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/mtd.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/nb[^/]+		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/optcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/p[fg][0-3]		-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/pcd[0-3]		-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/pd[a-d][^/]*	-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/pg[0-3]		-c	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/ps3d.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/ram.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/(raw/)?rawctl	-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/rd.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-ifdef(`distro_redhat', `
-/dev/root		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-')
-/dev/s(cd|r)[^/]*	-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/sbpcd.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/sg[0-9]+		-c	gen_context(system_u:object_r:scsi_generic_device_t,s0)
-/dev/sjcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/sonycd		-b	gen_context(system_u:object_r:removable_device_t,s0)
-/dev/tape.*		-c	gen_context(system_u:object_r:tape_device_t,s0)
-/dev/tw[a-z][^/]+	-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/ub[a-z][^/]+	-b	gen_context(system_u:object_r:removable_device_t,mls_systemhigh)
-/dev/ubd[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/vd[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/xvd[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-
-/dev/ataraid/.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-
-/dev/cciss/[^/]*	-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-
-/dev/fuse		-c	gen_context(system_u:object_r:fuse_device_t,s0)
-/dev/floppy/[^/]*	-b	gen_context(system_u:object_r:removable_device_t,s0)
-
-/dev/i2o/hd[^/]*	-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-
-/dev/ida/[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-
-/dev/md/.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/mapper/.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-
-/dev/device-mapper	-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-
-/dev/raw/raw[0-9]+	-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-
-/dev/scramdisk/.*	-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-
-/dev/usb/rio500		-c	gen_context(system_u:object_r:removable_device_t,s0)
-
-/lib/udev/devices/loop.* -b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/lib/udev/devices/fuse	-c	gen_context(system_u:object_r:fuse_device_t,s0)
diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
deleted file mode 100644
index bde6daa..0000000
--- a/policy/modules/kernel/storage.if
+++ /dev/null
@@ -1,813 +0,0 @@
-## <summary>Policy controlling access to storage devices</summary>
-
-########################################
-## <summary>
-##	Allow the caller to get the attributes of fixed disk
-##	device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_getattr_fixed_disk_dev',`
-	gen_require(`
-		type fixed_disk_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 fixed_disk_device_t:blk_file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts made by the caller to get
-##	the attributes of fixed disk device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`storage_dontaudit_getattr_fixed_disk_dev',`
-	gen_require(`
-		type fixed_disk_device_t;
-	')
-
-	dontaudit $1 fixed_disk_device_t:blk_file getattr;
-	dontaudit $1 fixed_disk_device_t:chr_file getattr; # /dev/rawctl
-')
-
-########################################
-## <summary>
-##	Allow the caller to set the attributes of fixed disk
-##	device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_setattr_fixed_disk_dev',`
-	gen_require(`
-		type fixed_disk_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 fixed_disk_device_t:blk_file setattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts made by the caller to set
-##	the attributes of fixed disk device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`storage_dontaudit_setattr_fixed_disk_dev',`
-	gen_require(`
-		type fixed_disk_device_t;
-	')
-
-	dontaudit $1 fixed_disk_device_t:blk_file setattr;
-')
-
-########################################
-## <summary>
-##	Allow the caller to directly read from a fixed disk.
-##	This is extremly dangerous as it can bypass the
-##	SELinux protections for filesystem objects, and
-##	should only be used by trusted domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_raw_read_fixed_disk',`
-	gen_require(`
-		attribute fixed_disk_raw_read;
-		type fixed_disk_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 fixed_disk_device_t:blk_file read_blk_file_perms;
-	allow $1 fixed_disk_device_t:chr_file read_chr_file_perms;
-	#577012
-	allow $1 fixed_disk_device_t:lnk_file read_lnk_file_perms;
-	typeattribute $1 fixed_disk_raw_read;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts made by the caller to read
-##	fixed disk device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`storage_dontaudit_read_fixed_disk',`
-	gen_require(`
-		type fixed_disk_device_t;
-
-	')
-
-	dontaudit $1 fixed_disk_device_t:blk_file read_blk_file_perms;
-	dontaudit $1 fixed_disk_device_t:chr_file read_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow the caller to directly write to a fixed disk.
-##	This is extremly dangerous as it can bypass the
-##	SELinux protections for filesystem objects, and
-##	should only be used by trusted domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_raw_write_fixed_disk',`
-	gen_require(`
-		attribute fixed_disk_raw_write;
-		type fixed_disk_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 fixed_disk_device_t:blk_file write_blk_file_perms;
-	allow $1 fixed_disk_device_t:chr_file write_chr_file_perms;
-	typeattribute $1 fixed_disk_raw_write;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts made by the caller to write
-##	fixed disk device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`storage_dontaudit_write_fixed_disk',`
-	gen_require(`
-		type fixed_disk_device_t;
-
-	')
-
-	dontaudit $1 fixed_disk_device_t:blk_file write_blk_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow the caller to directly read and write to a fixed disk.
-##	This is extremly dangerous as it can bypass the
-##	SELinux protections for filesystem objects, and
-##	should only be used by trusted domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_raw_rw_fixed_disk',`
-	storage_raw_read_fixed_disk($1)
-	storage_raw_write_fixed_disk($1)
-')
-
-########################################
-## <summary>
-##	Allow the caller to create fixed disk device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_create_fixed_disk_dev',`
-	gen_require(`
-		type fixed_disk_device_t;
-	')
-
-	allow $1 self:capability mknod;
-
-	allow $1 fixed_disk_device_t:blk_file create_blk_file_perms;
-	dev_add_entry_generic_dirs($1)
-')
-
-########################################
-## <summary>
-##	Allow the caller to create fixed disk device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_delete_fixed_disk_dev',`
-	gen_require(`
-		type fixed_disk_device_t;
-	')
-
-	allow $1 fixed_disk_device_t:blk_file delete_blk_file_perms;
-	dev_remove_entry_generic_dirs($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete fixed disk device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_manage_fixed_disk',`
-	gen_require(`
-		attribute fixed_disk_raw_read, fixed_disk_raw_write;
-		type fixed_disk_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 self:capability mknod;
-	allow $1 fixed_disk_device_t:blk_file manage_blk_file_perms;
-	allow $1 fixed_disk_device_t:chr_file manage_chr_file_perms;
-	typeattribute $1 fixed_disk_raw_read, fixed_disk_raw_write;
-')
-
-########################################
-## <summary>
-##	Create block devices in /dev with the fixed disk type
-##	via an automatic type transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_dev_filetrans_fixed_disk',`
-	gen_require(`
-		type fixed_disk_device_t;
-	')
-
-	dev_filetrans($1, fixed_disk_device_t, blk_file)
-')
-
-########################################
-## <summary>
-##	Create block devices in on a tmpfs filesystem with the
-##	fixed disk type via an automatic type transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_tmpfs_filetrans_fixed_disk',`
-	gen_require(`
-		type fixed_disk_device_t;
-	')
-
-	fs_tmpfs_filetrans($1, fixed_disk_device_t, blk_file)
-')
-
-########################################
-## <summary>
-##	Relabel fixed disk device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_relabel_fixed_disk',`
-	gen_require(`
-		type fixed_disk_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 fixed_disk_device_t:blk_file relabel_blk_file_perms;
-')
-
-########################################
-## <summary>
-##	Enable a fixed disk device as swap space
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_swapon_fixed_disk',`
-	gen_require(`
-		type fixed_disk_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 fixed_disk_device_t:blk_file { getattr swapon };
-')
-
-########################################
-## <summary>
-##	Allow the caller to get the attributes
-##	of device nodes of fuse devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_getattr_fuse_dev',`
-	gen_require(`
-		type fuse_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 fuse_device_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	read or write fuse device interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_rw_fuse',`
-	gen_require(`
-		type fuse_device_t;
-	')
-
-	allow $1 fuse_device_t:chr_file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write
-##	fuse device interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`storage_dontaudit_rw_fuse',`
-	gen_require(`
-		type fuse_device_t;
-	')
-
-	dontaudit $1 fuse_device_t:chr_file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow the caller to get the attributes of
-##	the generic SCSI interface device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_getattr_scsi_generic_dev',`
-	gen_require(`
-		type scsi_generic_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 scsi_generic_device_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Allow the caller to set the attributes of
-##	the generic SCSI interface device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_setattr_scsi_generic_dev',`
-	gen_require(`
-		type scsi_generic_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 scsi_generic_device_t:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Allow the caller to directly read, in a
-##	generic fashion, from any SCSI device.
-##	This is extremly dangerous as it can bypass the
-##	SELinux protections for filesystem objects, and
-##	should only be used by trusted domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_read_scsi_generic',`
-	gen_require(`
-		attribute scsi_generic_read;
-		type scsi_generic_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 scsi_generic_device_t:chr_file read_chr_file_perms;
-	typeattribute $1 scsi_generic_read;
-')
-
-########################################
-## <summary>
-##	Allow the caller to directly write, in a
-##	generic fashion, from any SCSI device.
-##	This is extremly dangerous as it can bypass the
-##	SELinux protections for filesystem objects, and
-##	should only be used by trusted domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_write_scsi_generic',`
-	gen_require(`
-		attribute scsi_generic_write;
-		type scsi_generic_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 scsi_generic_device_t:chr_file write_chr_file_perms;
-	typeattribute $1 scsi_generic_write;
-')
-
-########################################
-## <summary>
-##	Set attributes of the device nodes
-##	for the SCSI generic inerface.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_setattr_scsi_generic_dev_dev',`
-	gen_require(`
-		type scsi_generic_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 scsi_generic_device_t:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write
-##	SCSI generic device interfaces.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`storage_dontaudit_rw_scsi_generic',`
-	gen_require(`
-		type scsi_generic_device_t;
-	')
-
-	dontaudit $1 scsi_generic_device_t:chr_file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow the caller to get the attributes of removable
-##	devices device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_getattr_removable_dev',`
-	gen_require(`
-		type removable_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 removable_device_t:blk_file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts made by the caller to get
-##	the attributes of removable devices device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`storage_dontaudit_getattr_removable_dev',`
-	gen_require(`
-		type removable_device_t;
-	')
-
-	dontaudit $1 removable_device_t:blk_file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts made by the caller to read
-##	removable devices device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`storage_dontaudit_read_removable_device',`
-	gen_require(`
-		type removable_device_t;
-
-	')
-
-	dontaudit $1 removable_device_t:blk_file read_blk_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts made by the caller to write
-##	removable devices device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`storage_dontaudit_write_removable_device',`
-	gen_require(`
-		type removable_device_t;
-	')
-
-	dontaudit $1 removable_device_t:blk_file write_blk_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow the caller to set the attributes of removable
-##	devices device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_setattr_removable_dev',`
-	gen_require(`
-		type removable_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 removable_device_t:blk_file setattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts made by the caller to set
-##	the attributes of removable devices device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`storage_dontaudit_setattr_removable_dev',`
-	gen_require(`
-		type removable_device_t;
-	')
-
-	dontaudit $1 removable_device_t:blk_file setattr;
-')
-
-########################################
-## <summary>
-##	Allow the caller to directly read from
-##	a removable device.
-##	This is extremly dangerous as it can bypass the
-##	SELinux protections for filesystem objects, and
-##	should only be used by trusted domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_raw_read_removable_device',`
-	gen_require(`
-		type removable_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 removable_device_t:blk_file read_blk_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to directly read removable devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`storage_dontaudit_raw_read_removable_device',`
-	gen_require(`
-		type removable_device_t;
-	')
-
-	dontaudit $1 removable_device_t:blk_file read_blk_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow the caller to directly write to
-##	a removable device.
-##	This is extremly dangerous as it can bypass the
-##	SELinux protections for filesystem objects, and
-##	should only be used by trusted domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_raw_write_removable_device',`
-	gen_require(`
-		type removable_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 removable_device_t:blk_file write_blk_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to directly write removable devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`storage_dontaudit_raw_write_removable_device',`
-	gen_require(`
-		type removable_device_t;
-	')
-
-	dontaudit $1 removable_device_t:blk_file write_blk_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow the caller to directly read
-##	a tape device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_read_tape',`
-	gen_require(`
-		type tape_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 tape_device_t:chr_file read_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow the caller to directly read
-##	a tape device.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_write_tape',`
-	gen_require(`
-		type tape_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 tape_device_t:chr_file write_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow the caller to get the attributes
-##	of device nodes of tape devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_getattr_tape_dev',`
-	gen_require(`
-		type tape_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 tape_device_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Allow the caller to set the attributes
-##	of device nodes of tape devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_setattr_tape_dev',`
-	gen_require(`
-		type tape_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 tape_device_t:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Unconfined access to storage devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`storage_unconfined',`
-	gen_require(`
-		attribute storage_unconfined_type;
-	')
-
-	typeattribute $1 storage_unconfined_type;
-')
diff --git a/policy/modules/kernel/storage.te b/policy/modules/kernel/storage.te
deleted file mode 100644
index b80b3e9..0000000
--- a/policy/modules/kernel/storage.te
+++ /dev/null
@@ -1,59 +0,0 @@
-policy_module(storage, 1.8.2)
-
-########################################
-#
-# Declarations
-#
-
-attribute fixed_disk_raw_read;
-attribute fixed_disk_raw_write;
-attribute scsi_generic_read;
-attribute scsi_generic_write;
-attribute storage_unconfined_type;
-
-#
-# fixed_disk_device_t is the type of
-# /dev/hd* and /dev/sd*.
-#
-type fixed_disk_device_t;
-dev_node(fixed_disk_device_t)
-
-neverallow ~{ fixed_disk_raw_read storage_unconfined_type } fixed_disk_device_t:{ chr_file blk_file } read;
-neverallow ~{ fixed_disk_raw_write storage_unconfined_type } fixed_disk_device_t:{ chr_file blk_file } { append write };
-
-#
-# fuse_device_t is the type of /dev/fuse
-#
-type fuse_device_t;
-dev_node(fuse_device_t)
-
-#
-# scsi_generic_device_t is the type of /dev/sg*
-# it gives access to ALL SCSI devices (both fixed and removable)
-#
-type scsi_generic_device_t;
-dev_node(scsi_generic_device_t)
-
-neverallow ~{ scsi_generic_read storage_unconfined_type } scsi_generic_device_t:{ chr_file blk_file } read;
-neverallow ~{ scsi_generic_write storage_unconfined_type } scsi_generic_device_t:{ chr_file blk_file } { append write };
-
-#
-# removable_device_t is the type of
-# /dev/scd* and /dev/fd*.
-#
-type removable_device_t;
-dev_node(removable_device_t)
-
-#
-# tape_device_t is the type of
-#
-type tape_device_t;
-dev_node(tape_device_t)
-
-########################################
-#
-# Unconfined access to this module
-#
-
-allow storage_unconfined_type { fixed_disk_device_t removable_device_t }:blk_file *;
-allow storage_unconfined_type { scsi_generic_device_t tape_device_t }:chr_file *;
diff --git a/policy/modules/kernel/terminal.fc b/policy/modules/kernel/terminal.fc
deleted file mode 100644
index 3994e57..0000000
--- a/policy/modules/kernel/terminal.fc
+++ /dev/null
@@ -1,42 +0,0 @@
-
-/dev/.*tty[^/]*		-c	gen_context(system_u:object_r:tty_device_t,s0)
-/dev/[pt]ty[a-ep-z][0-9a-f] -c	gen_context(system_u:object_r:bsdpty_device_t,s0)
-/dev/adb.*		-c	gen_context(system_u:object_r:tty_device_t,s0)
-/dev/capi.*		-c	gen_context(system_u:object_r:tty_device_t,s0)
-/dev/console		-c	gen_context(system_u:object_r:console_device_t,s0)
-/dev/cu.*		-c	gen_context(system_u:object_r:tty_device_t,s0)
-/dev/dcbri[0-9]+	-c	gen_context(system_u:object_r:tty_device_t,s0)
-/dev/hvc.*		-c	gen_context(system_u:object_r:tty_device_t,s0)
-/dev/hvsi.*		-c	gen_context(system_u:object_r:tty_device_t,s0)
-/dev/i2c[^/]*		-c	gen_context(system_u:object_r:tty_device_t,s0)
-/dev/ircomm[0-9]+	-c	gen_context(system_u:object_r:tty_device_t,s0)
-/dev/ip2[^/]*		-c	gen_context(system_u:object_r:tty_device_t,s0)
-/dev/isdn.*		-c	gen_context(system_u:object_r:tty_device_t,s0)
-/dev/ptmx		-c	gen_context(system_u:object_r:ptmx_t,s0)
-/dev/pts/ptmx		-c	gen_context(system_u:object_r:ptmx_t,s0)
-/dev/rfcomm[0-9]+	-c	gen_context(system_u:object_r:tty_device_t,s0)
-/dev/slamr[0-9]+	-c	gen_context(system_u:object_r:tty_device_t,s0)
-/dev/tty		-c	gen_context(system_u:object_r:devtty_t,s0)
-/dev/ttySG.*		-c	gen_context(system_u:object_r:tty_device_t,s0)
-/dev/xvc[^/]*		-c	gen_context(system_u:object_r:tty_device_t,s0)
-
-/dev/pty/.*		-c	gen_context(system_u:object_r:bsdpty_device_t,s0)
-
-/dev/pts		-d	gen_context(system_u:object_r:devpts_t,s0-mls_systemhigh)
-
-/dev/tts/[^/]*		-c	gen_context(system_u:object_r:tty_device_t,s0)
-
-/dev/usb/tty.*		-c	gen_context(system_u:object_r:usbtty_device_t,s0)
-
-/dev/vcc?/.*		-c	gen_context(system_u:object_r:tty_device_t,s0)
-
-/dev/vcs[^/]*		-c	gen_context(system_u:object_r:tty_device_t,s0)
-
-/dev/xvc[0-9]*		-c	gen_context(system_u:object_r:tty_device_t,s0)
-
-ifdef(`distro_gentoo',`
-/dev/tts/[0-9]*		-c	gen_context(system_u:object_r:tty_device_t,s0)
-
-# used by init scripts to initally populate udev /dev
-/lib/udev/devices/console -c	gen_context(system_u:object_r:console_device_t,s0)
-')
diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
deleted file mode 100644
index 87a6942..0000000
--- a/policy/modules/kernel/terminal.if
+++ /dev/null
@@ -1,1476 +0,0 @@
-## <summary>Policy for terminals.</summary>
-## <required val="true">
-##	Depended on by other required modules.
-## </required>
-
-########################################
-## <summary>
-##	Transform specified type into a pty type.
-## </summary>
-## <param name="pty_type">
-##	<summary>
-##	An object type that will applied to a pty.
-##	</summary>
-## </param>
-#
-interface(`term_pty',`
-	gen_require(`
-		attribute ptynode;
-		type devpts_t;
-	')
-
-	dev_node($1)
-	allow $1 devpts_t:filesystem associate;
-	typeattribute $1 ptynode;
-')
-
-########################################
-## <summary>
-##	Transform specified type into an user
-##	pty type. This allows it to be relabeled via
-##	type change by login programs such as ssh.
-## </summary>
-## <param name="userdomain">
-##	<summary>
-##	The type of the user domain associated with
-##	this pty.
-##	</summary>
-## </param>
-## <param name="object_type">
-##	<summary>
-##	An object type that will applied to a pty.
-##	</summary>
-## </param>
-#
-interface(`term_user_pty',`
-	gen_require(`
-		attribute server_ptynode;
-	')
-
-	term_pty($2)
-	type_change $1 server_ptynode:chr_file $2;
-')
-
-########################################
-## <summary>
-##	Transform specified type into a pty type
-##	used by login programs, such as sshd.
-## </summary>
-## <param name="pty_type">
-##	<summary>
-##	An object type that will applied to a pty.
-##	</summary>
-## </param>
-#
-interface(`term_login_pty',`
-	gen_require(`
-		attribute server_ptynode;
-	')
-
-	term_pty($1)
-	typeattribute $1 server_ptynode;
-')
-
-########################################
-## <summary>
-##	Transform specified type into a tty type.
-## </summary>
-## <param name="tty_type">
-##	<summary>
-##	An object type that will applied to a tty.
-##	</summary>
-## </param>
-#
-interface(`term_tty',`
-	gen_require(`
-		attribute ttynode, serial_device;
-		type tty_device_t;
-	')
-
-	typeattribute $1 ttynode, serial_device;
-
-	dev_node($1)
-')
-
-########################################
-## <summary>
-##	Transform specified type into a user tty type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	User domain that is related to this tty.
-##	</summary>
-## </param>
-## <param name="tty_type">
-##	<summary>
-##	An object type that will applied to a tty.
-##	</summary>
-## </param>
-#
-interface(`term_user_tty',`
-	gen_require(`
-		attribute ttynode;
-		type tty_device_t;
-	')
-
-	term_tty($2)
-
-	type_change $1 tty_device_t:chr_file $2;
-
-	# Debian login is from shadow utils and does not allow resetting the perms.
-	# have to fix this!
-	ifdef(`distro_debian',`
-		type_change $1 ttynode:chr_file $2;
-	')
-')
-
-########################################
-## <summary>
-##	Create a pty in the /dev/pts directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The type of the process creating the pty.
-##	</summary>
-## </param>
-## <param name="pty_type">
-##	<summary>
-##	The type of the pty.
-##	</summary>
-## </param>
-#
-interface(`term_create_pty',`
-	gen_require(`
-		type bsdpty_device_t, devpts_t, ptmx_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 ptmx_t:chr_file rw_file_perms;
-
-	allow $1 devpts_t:dir list_dir_perms;
-	allow $1 devpts_t:filesystem getattr;
-	dontaudit $1 bsdpty_device_t:chr_file { getattr read write };
-	type_transition $1 devpts_t:chr_file $2;
-')
-
-########################################
-## <summary>
-##	Write the console, all
-##	ttys and all ptys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_write_all_terms',`
-	gen_require(`
-		attribute ttynode, ptynode;
-		type console_device_t, devpts_t, tty_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 devpts_t:dir list_dir_perms;
-	allow $1 { console_device_t tty_device_t ttynode ptynode }:chr_file write_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write the console, all
-##	ttys and all ptys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_use_all_terms',`
-	gen_require(`
-		attribute ttynode, ptynode;
-		type console_device_t, devpts_t, tty_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 devpts_t:dir list_dir_perms;
-	allow $1 { devpts_t console_device_t tty_device_t ttynode ptynode }:chr_file rw_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Write to the console.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_write_console',`
-	gen_require(`
-		type console_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 console_device_t:chr_file write_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Read from the console.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_read_console',`
-	gen_require(`
-		type console_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 console_device_t:chr_file read_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read from the console.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_dontaudit_read_console',`
-	gen_require(`
-		type console_device_t;
-	')
-
-	dontaudit $1 console_device_t:chr_file read_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Read from and write to the console.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_use_console',`
-	gen_require(`
-		type console_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 console_device_t:chr_file rw_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attemtps to read from
-##	or write to the console.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_use_console',`
-	gen_require(`
-		type console_device_t;
-		type tty_device_t;
-	')
-
-	dontaudit $1 console_device_t:chr_file rw_inherited_chr_file_perms;
-	dontaudit $1 tty_device_t:chr_file rw_inherited_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Set the attributes of the console
-##	device node.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_setattr_console',`
-	gen_require(`
-		type console_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 console_device_t:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Relabel from and to the console type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_relabel_console',`
-	gen_require(`
-		type console_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 console_device_t:chr_file relabel_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Create the console device (/dev/console).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_create_console_dev',`
-	gen_require(`
-		type console_device_t;
-	')
-
-	dev_add_entry_generic_dirs($1)
-	allow $1 console_device_t:chr_file create;
-	allow $1 self:capability mknod;
-')
-
-########################################
-## <summary>
-##	Get the attributes of a pty filesystem
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_getattr_pty_fs',`
-	gen_require(`
-		type devpts_t;
-	')
-
-	allow $1 devpts_t:filesystem getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the
-##	attributes of the /dev/pts directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_getattr_pty_dirs',`
-	gen_require(`
-		type devpts_t;
-	')
-
-	dontaudit $1 devpts_t:dir getattr;
-')
-
-########################################
-## <summary>
-##	Search the contents of the /dev/pts directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_search_ptys',`
-	gen_require(`
-		type devpts_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 devpts_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search the
-##	contents of the /dev/pts directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_search_ptys',`
-	gen_require(`
-		type devpts_t;
-	')
-
-	dev_dontaudit_list_all_dev_nodes($1)
-	dontaudit $1 devpts_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read the /dev/pts directory to
-##	list all ptys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_list_ptys',`
-	gen_require(`
-		type devpts_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 devpts_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read the
-##	/dev/pts directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_list_ptys',`
-	gen_require(`
-		type devpts_t;
-	')
-
-	dontaudit $1 devpts_t:dir { getattr search read };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to create, read,
-##	write, or delete the /dev/pts directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_manage_pty_dirs',`
-	gen_require(`
-		type devpts_t;
-	')
-
-	dontaudit $1 devpts_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of generic pty devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_getattr_generic_ptys',`
-	gen_require(`
-		type devpts_t;
-	')
-
-	dontaudit $1 devpts_t:chr_file getattr;
-')
-########################################
-## <summary>
-##	ioctl of generic pty devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for ppp
-interface(`term_ioctl_generic_ptys',`
-	gen_require(`
-		type devpts_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 devpts_t:dir search;
-	allow $1 devpts_t:chr_file ioctl;
-')
-
-########################################
-## <summary>
-##	Allow setting the attributes of
-##	generic pty devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# dwalsh: added for rhgb
-interface(`term_setattr_generic_ptys',`
-	gen_require(`
-		type devpts_t;
-	')
-
-	allow $1 devpts_t:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Dontaudit setting the attributes of
-##	generic pty devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-# dwalsh: added for rhgb
-interface(`term_dontaudit_setattr_generic_ptys',`
-	gen_require(`
-		type devpts_t;
-	')
-
-	dontaudit $1 devpts_t:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Read and write the generic pty
-##	type.  This is generally only used in
-##	the targeted policy.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_use_generic_ptys',`
-	gen_require(`
-		type devpts_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 devpts_t:dir list_dir_perms;
-	allow $1 devpts_t:chr_file { rw_term_perms lock append };
-')
-
-########################################
-## <summary>
-##	Dot not audit attempts to read and
-##	write the generic pty type.  This is
-##	generally only used in the targeted policy.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_use_generic_ptys',`
-	gen_require(`
-		type devpts_t;
-	')
-
-	dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
-')
-
-#######################################
-## <summary>
-##	Set the attributes of the tty device
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_setattr_controlling_term',`
-	gen_require(`
-		type devtty_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 devtty_t:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Read and write the controlling
-##	terminal (/dev/tty).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_use_controlling_term',`
-	gen_require(`
-		type devtty_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 devtty_t:chr_file { rw_term_perms lock append };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get attributes
-##	on the pty multiplexor (/dev/ptmx).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_getattr_ptmx',`
-	gen_require(`
-		type ptmx_t;
-	')
-
-	dontaudit $1 ptmx_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Read and write the pty multiplexor (/dev/ptmx).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_use_ptmx',`
-	gen_require(`
-		type ptmx_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 ptmx_t:chr_file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and
-##	write the pty multiplexor (/dev/ptmx).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_use_ptmx',`
-	gen_require(`
-		type ptmx_t;
-	')
-
-	dontaudit $1 ptmx_t:chr_file { getattr read write };
-')
-
-########################################
-## <summary>
-##	Get the attributes of all
-##	pty device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_getattr_all_ptys',`
-	gen_require(`
-		attribute ptynode;
-		type devpts_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 devpts_t:dir list_dir_perms;
-	allow $1 ptynode:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the
-##	attributes of any pty
-##	device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_getattr_all_ptys',`
-	gen_require(`
-		attribute ptynode;
-	')
-
-	dontaudit $1 ptynode:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Set the attributes of all
-##	pty device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_setattr_all_ptys',`
-	gen_require(`
-		attribute ptynode;
-		type devpts_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 devpts_t:dir list_dir_perms;
-	allow $1 ptynode:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Relabel to all ptys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_relabelto_all_ptys',`
-	gen_require(`
-		attribute ptynode;
-	')
-
-	allow $1 ptynode:chr_file relabelto;
-')
-
-########################################
-## <summary>
-##	Write to all ptys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_write_all_ptys',`
-	gen_require(`
-		attribute ptynode;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 ptynode:chr_file write_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write all ptys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_use_all_ptys',`
-	gen_require(`
-		attribute ptynode;
-		type devpts_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 devpts_t:dir list_dir_perms;
-	allow $1 ptynode:chr_file { rw_term_perms lock append };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write any ptys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_use_all_ptys',`
-	gen_require(`
-		attribute ptynode;
-	')
-
-	dontaudit $1 ptynode:chr_file { rw_inherited_term_perms lock append };
-')
-
-########################################
-## <summary>
-##	Relabel from and to all pty device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_relabel_all_ptys',`
-	gen_require(`
-		attribute ptynode;
-		type devpts_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	relabel_chr_files_pattern($1, devpts_t, ptynode)
-')
-
-########################################
-## <summary>
-##	Get the attributes of all user
-##	pty device nodes. (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_getattr_all_user_ptys',`
-	refpolicywarn(`$0 has been deprecated, use term_getattr_all_ptys() instead.')
-	term_getattr_all_ptys($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the
-##	attributes of any user pty
-##	device nodes. (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_getattr_all_user_ptys',`
-	refpolicywarn(`$0 has been deprecated, use term_dontaudit_getattr_all_ptys() instead.')
-	term_dontaudit_getattr_all_ptys($1)
-')
-
-########################################
-## <summary>
-##	Set the attributes of all user
-##	pty device nodes. (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_setattr_all_user_ptys',`
-	refpolicywarn(`$0 has been deprecated, use term_setattr_all_ptys() instead.')
-	term_setattr_all_ptys($1)
-')
-
-########################################
-## <summary>
-##	Relabel to all user ptys. (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_relabelto_all_user_ptys',`
-	refpolicywarn(`$0 has been deprecated, use term_relabelto_all_ptys() instead.')
-	term_relabelto_all_ptys($1)
-')
-
-########################################
-## <summary>
-##	Write to all user ptys. (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_write_all_user_ptys',`
-	refpolicywarn(`$0 has been deprecated, use term_write_all_ptys() instead.')
-	term_write_all_ptys($1)
-')
-
-########################################
-## <summary>
-##	Read and write all user ptys. (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_use_all_user_ptys',`
-	refpolicywarn(`$0 has been deprecated, use term_use_all_ptys() instead.')
-	term_use_all_ptys($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read any
-##	user ptys. (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_use_all_user_ptys',`
-	refpolicywarn(`$0 has been deprecated, use term_dontaudit_use_all_ptys() instead.')
-	term_dontaudit_use_all_ptys($1)
-')
-
-########################################
-## <summary>
-##	Relabel from and to all user
-##	user pty device nodes. (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_relabel_all_user_ptys',`
-	refpolicywarn(`$0 has been deprecated, use term_relabel_all_ptys() instead.')
-	term_relabel_all_ptys($1)
-')
-
-########################################
-## <summary>
-##	Get the attributes of all unallocated
-##	tty device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_getattr_unallocated_ttys',`
-	gen_require(`
-		type tty_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 tty_device_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of all unallocated tty device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_getattr_unallocated_ttys',`
-	gen_require(`
-		type tty_device_t;
-	')
-
-	dontaudit $1 tty_device_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Set the attributes of all unallocated
-##	tty device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_setattr_unallocated_ttys',`
-	gen_require(`
-		type tty_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 tty_device_t:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to set the attributes
-##	of unallocated tty device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_setattr_unallocated_ttys',`
-	gen_require(`
-		type tty_device_t;
-	')
-
-	dontaudit $1 tty_device_t:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to ioctl
-##	unallocated tty device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_ioctl_unallocated_ttys',`
-	gen_require(`
-		type tty_device_t;
-	')
-
-	dontaudit $1 tty_device_t:chr_file ioctl;
-')
-
-########################################
-## <summary>
-##	Relabel from and to the unallocated
-##	tty type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_relabel_unallocated_ttys',`
-	gen_require(`
-		type tty_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 tty_device_t:chr_file relabel_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Relabel from all user tty types to
-##	the unallocated tty type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_reset_tty_labels',`
-	gen_require(`
-		attribute ttynode;
-		type tty_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 ttynode:chr_file relabelfrom;
-	allow $1 tty_device_t:chr_file relabelto;
-')
-
-########################################
-## <summary>
-##	Append to unallocated ttys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_append_unallocated_ttys',`
-	gen_require(`
-		type tty_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 tty_device_t:chr_file append_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Write to unallocated ttys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_write_unallocated_ttys',`
-	gen_require(`
-		type tty_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 tty_device_t:chr_file write_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write unallocated ttys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_use_unallocated_ttys',`
-	gen_require(`
-		type tty_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 tty_device_t:chr_file rw_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or
-##	write unallocated ttys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_use_unallocated_ttys',`
-	gen_require(`
-		type tty_device_t;
-	')
-
-	dontaudit $1 tty_device_t:chr_file rw_inherited_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Get the attributes of all tty device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_getattr_all_ttys',`
-	gen_require(`
-		type tty_device_t;
-		attribute ttynode;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 ttynode:chr_file getattr;
-	allow $1 tty_device_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the
-##	attributes of any tty device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_getattr_all_ttys',`
-	gen_require(`
-		attribute ttynode;
-		type tty_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	dontaudit $1 ttynode:chr_file getattr;
-	dontaudit $1 tty_device_t:chr_file getattr;
-')
-
-########################################
-## <summary>
-##	Set the attributes of all tty device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_setattr_all_ttys',`
-	gen_require(`
-		attribute ttynode;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 ttynode:chr_file setattr;
-')
-
-########################################
-## <summary>
-##	Relabel from and to all tty device nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_relabel_all_ttys',`
-	gen_require(`
-		attribute ttynode;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 ttynode:chr_file relabel_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Write to all ttys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_write_all_ttys',`
-	gen_require(`
-		attribute ttynode;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 ttynode:chr_file write_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write all ttys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_use_all_ttys',`
-	gen_require(`
-		attribute ttynode;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 ttynode:chr_file rw_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write
-##	any ttys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_use_all_ttys',`
-	gen_require(`
-		attribute ttynode;
-	')
-
-	dontaudit $1 ttynode:chr_file rw_inherited_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Get the attributes of all user tty
-##	device nodes. (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_getattr_all_user_ttys',`
-	refpolicywarn(`$0() is deprecated, use term_getattr_all_ttys() instead.')
-	term_getattr_all_ttys($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the
-##	attributes of any user tty
-##	device nodes. (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_getattr_all_user_ttys',`
-	refpolicywarn(`$0() is deprecated, use term_dontaudit_getattr_all_ttys() instead.')
-	term_dontaudit_getattr_all_ttys($1)
-')
-
-########################################
-## <summary>
-##	Set the attributes of all user tty
-##	device nodes. (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_setattr_all_user_ttys',`
-	refpolicywarn(`$0() is deprecated, use term_setattr_all_ttys() instead.')
-	term_setattr_all_ttys($1)
-')
-
-########################################
-## <summary>
-##	Relabel from and to all user
-##	user tty device nodes. (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_relabel_all_user_ttys',`
-	refpolicywarn(`$0() is deprecated, use term_relabel_all_ttys() instead.')
-	term_relabel_all_ttys($1)
-')
-
-########################################
-## <summary>
-##	Write to all user ttys. (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_write_all_user_ttys',`
-	refpolicywarn(`$0() is deprecated, use term_write_all_ttys() instead.')
-	term_write_all_ttys($1)
-')
-
-########################################
-## <summary>
-##	Read and write all user to all user ttys. (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`term_use_all_user_ttys',`
-	refpolicywarn(`$0() is deprecated, use term_use_all_ttys() instead.')
-	term_use_all_ttys($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write
-##	any user ttys. (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`term_dontaudit_use_all_user_ttys',`
-	refpolicywarn(`$0() is deprecated, use term_dontaudit_use_all_ttys() instead.')
-	term_dontaudit_use_all_ttys($1)
-')
diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te
deleted file mode 100644
index a5deade..0000000
--- a/policy/modules/kernel/terminal.te
+++ /dev/null
@@ -1,59 +0,0 @@
-policy_module(terminal, 1.8.1)
-
-########################################
-#
-# Declarations
-#
-attribute ttynode;
-attribute ptynode;
-attribute server_ptynode;
-attribute serial_device;
-
-#
-# bsdpty_device_t is the type of /dev/[tp]ty[abcdepqrstuvwxyz][0-9a-f]
-type bsdpty_device_t;
-dev_node(bsdpty_device_t)
-
-#
-# console_device_t is the type of /dev/console.
-#
-type console_device_t;
-dev_node(console_device_t)
-
-#
-# devpts_t is the type of the devpts file system and
-# the type of the root directory of the file system.
-#
-type devpts_t;
-files_mountpoint(devpts_t)
-fs_associate_tmpfs(devpts_t)
-fs_type(devpts_t)
-fs_use_trans devpts gen_context(system_u:object_r:devpts_t,s0);
-dev_associate(devpts_t)
-
-#
-# devtty_t is the type of /dev/tty.
-#
-type devtty_t;
-dev_node(devtty_t)
-mls_trusted_object(devtty_t)
-
-#
-# ptmx_t is the type for /dev/ptmx.
-#
-type ptmx_t;
-dev_node(ptmx_t)
-mls_trusted_object(ptmx_t)
-allow ptmx_t devpts_t:filesystem associate;
-
-#
-# tty_device_t is the type of /dev/*tty*
-#
-type tty_device_t, serial_device;
-dev_node(tty_device_t)
-
-#
-# usbtty_device_t is the type of /dev/usr/tty*
-#
-type usbtty_device_t, serial_device;
-dev_node(usbtty_device_t)
diff --git a/policy/modules/kernel/ubac.fc b/policy/modules/kernel/ubac.fc
deleted file mode 100644
index 778366f..0000000
--- a/policy/modules/kernel/ubac.fc
+++ /dev/null
@@ -1 +0,0 @@
-# no UBAC file contexts
diff --git a/policy/modules/kernel/ubac.if b/policy/modules/kernel/ubac.if
deleted file mode 100644
index 464f759..0000000
--- a/policy/modules/kernel/ubac.if
+++ /dev/null
@@ -1,197 +0,0 @@
-## <summary>User-based access control policy</summary>
-## <required val="true">
-##	Contains attributes used in UBAC policy.
-## </required>
-
-########################################
-## <summary>
-##	Constrain by user-based access control (UBAC).
-## </summary>
-## <desc>
-##	<p>
-##	Constrain the specified type by user-based
-##	access control (UBAC).  Typically, these are
-##	user processes or user files that need to be
-##	differentiated by SELinux user.  Normally this
-##	does not include administrative or privileged
-##	programs. For the UBAC rules to be enforced,
-##	both the subject (source) type and the object
-##	(target) types must be UBAC constrained.
-##	</p>
-## </desc>
-## <param name="type">
-##	<summary>
-##	Type to be constrained by UBAC.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`ubac_constrained',`
-	gen_require(`
-		attribute ubac_constrained_type;
-	')
-
-	typeattribute $1 ubac_constrained_type;
-')
-
-########################################
-## <summary>
-##	Exempt user-based access control for files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to be exempted.
-##	</summary>
-## </param>
-#
-interface(`ubac_file_exempt',`
-	gen_require(`
-		attribute ubacfile;
-	')
-
-	typeattribute $1 ubacfile;
-')
-
-########################################
-## <summary>
-##	Exempt user-based access control for processes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to be exempted.
-##	</summary>
-## </param>
-#
-interface(`ubac_process_exempt',`
-	gen_require(`
-		attribute ubacproc;
-	')
-
-	typeattribute $1 ubacproc;
-')
-
-########################################
-## <summary>
-##	Exempt user-based access control for file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to be exempted.
-##	</summary>
-## </param>
-#
-interface(`ubac_fd_exempt',`
-	gen_require(`
-		attribute ubacfd;
-	')
-
-	typeattribute $1 ubacfd;
-')
-
-########################################
-## <summary>
-##	Exempt user-based access control for sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to be exempted.
-##	</summary>
-## </param>
-#
-interface(`ubac_socket_exempt',`
-	gen_require(`
-		attribute ubacsock;
-	')
-
-	typeattribute $1 ubacsock;
-')
-
-########################################
-## <summary>
-##	Exempt user-based access control for SysV IPC.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to be exempted.
-##	</summary>
-## </param>
-#
-interface(`ubac_sysvipc_exempt',`
-	gen_require(`
-		attribute ubacipc;
-	')
-
-	typeattribute $1 ubacipc;
-')
-
-########################################
-## <summary>
-##	Exempt user-based access control for X Windows.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to be exempted.
-##	</summary>
-## </param>
-#
-interface(`ubac_xwin_exempt',`
-	gen_require(`
-		attribute ubacxwin;
-	')
-
-	typeattribute $1 ubacxwin;
-')
-
-########################################
-## <summary>
-##	Exempt user-based access control for dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to be exempted.
-##	</summary>
-## </param>
-#
-interface(`ubac_dbus_exempt',`
-	gen_require(`
-		attribute ubacdbus;
-	')
-
-	typeattribute $1 ubacdbus;
-')
-
-########################################
-## <summary>
-##	Exempt user-based access control for keys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to be exempted.
-##	</summary>
-## </param>
-#
-interface(`ubac_key_exempt',`
-	gen_require(`
-		attribute ubackey;
-	')
-
-	typeattribute $1 ubackey;
-')
-
-########################################
-## <summary>
-##	Exempt user-based access control for databases.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to be exempted.
-##	</summary>
-## </param>
-#
-interface(`ubac_db_exempt',`
-	gen_require(`
-		attribute ubacdb;
-	')
-
-	typeattribute $1 ubacdb;
-')
diff --git a/policy/modules/kernel/ubac.te b/policy/modules/kernel/ubac.te
deleted file mode 100644
index 0a57c41..0000000
--- a/policy/modules/kernel/ubac.te
+++ /dev/null
@@ -1,19 +0,0 @@
-policy_module(ubac, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-attribute ubac_constrained_type;
-
-attribute ubacfile;
-attribute ubacproc;
-attribute ubacsock;
-attribute ubacfd;
-attribute ubacipc;
-attribute ubacxwin;
-attribute ubacdbus;
-attribute ubackey;
-attribute ubacdb;
-
diff --git a/policy/modules/roles/auditadm.fc b/policy/modules/roles/auditadm.fc
deleted file mode 100644
index 601a7b0..0000000
--- a/policy/modules/roles/auditadm.fc
+++ /dev/null
@@ -1 +0,0 @@
-# file contexts handled by userdomain and genhomedircon
diff --git a/policy/modules/roles/auditadm.if b/policy/modules/roles/auditadm.if
deleted file mode 100644
index d320022..0000000
--- a/policy/modules/roles/auditadm.if
+++ /dev/null
@@ -1,50 +0,0 @@
-## <summary>Audit administrator role</summary>
-
-########################################
-## <summary>
-##	Change to the audit administrator role.
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`auditadm_role_change',`
-	gen_require(`
-		role auditadm_r;
-	')
-
-	allow $1 auditadm_r;
-')
-
-########################################
-## <summary>
-##	Change from the audit administrator role.
-## </summary>
-## <desc>
-##	<p>
-##	Change from the audit administrator role to
-##	the specified role.
-##	</p>
-##	<p>
-##	This is an interface to support third party modules
-##	and its use is not allowed in upstream reference
-##	policy.
-##	</p>
-## </desc>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`auditadm_role_change_to',`
-	gen_require(`
-		role auditadm_r;
-	')
-
-	allow auditadm_r $1;
-')
diff --git a/policy/modules/roles/auditadm.te b/policy/modules/roles/auditadm.te
deleted file mode 100644
index a1bbe8f..0000000
--- a/policy/modules/roles/auditadm.te
+++ /dev/null
@@ -1,65 +0,0 @@
-policy_module(auditadm, 2.1.0)
-
-########################################
-#
-# Declarations
-#
-
-role auditadm_r;
-
-userdom_unpriv_user_template(auditadm)
-
-########################################
-#
-# Local policy
-#
-
-allow auditadm_t self:capability { dac_read_search dac_override };
-
-kernel_read_ring_buffer(auditadm_t)
-
-corecmd_exec_shell(auditadm_t)
-
-domain_kill_all_domains(auditadm_t)
-
-logging_send_syslog_msg(auditadm_t)
-logging_read_generic_logs(auditadm_t)
-logging_manage_audit_log(auditadm_t)
-logging_manage_audit_config(auditadm_t)
-logging_run_auditctl(auditadm_t, auditadm_r)
-logging_run_auditd(auditadm_t, auditadm_r)
-logging_stream_connect_syslog(auditadm_t)
-
-seutil_run_runinit(auditadm_t, auditadm_r)
-seutil_read_bin_policy(auditadm_t)
-
-userdom_dontaudit_search_admin_dir(auditadm_t)
-
-optional_policy(`
-	consoletype_exec(auditadm_t)
-')
-
-optional_policy(`
-	dmesg_exec(auditadm_t)
-')
-
-optional_policy(`
-	screen_role_template(auditadm, auditadm_r, auditadm_t)
-')
-
-optional_policy(`
-	secadm_role_change(auditadm_r)
-')
-
-optional_policy(`
-	su_role_template(auditadm, auditadm_r, auditadm_t)
-')
-
-optional_policy(`
-	sudo_role_template(auditadm, auditadm_r, auditadm_t)
-')
-
-optional_policy(`
-	sysadm_role_change(auditadm_r)
-')
-
diff --git a/policy/modules/roles/dbadm.fc b/policy/modules/roles/dbadm.fc
deleted file mode 100644
index e6aa2fb..0000000
--- a/policy/modules/roles/dbadm.fc
+++ /dev/null
@@ -1 +0,0 @@
-# No dbadm file contexts
diff --git a/policy/modules/roles/dbadm.if b/policy/modules/roles/dbadm.if
deleted file mode 100644
index 56f2af7..0000000
--- a/policy/modules/roles/dbadm.if
+++ /dev/null
@@ -1,50 +0,0 @@
-## <summary>Database administrator role</summary>
-
-########################################
-## <summary>
-##	Change to the database administrator role.
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`dbadm_role_change',`
-	gen_require(`
-		role dbadm_r;
-	')
-
-	allow $1 dbadm_r;
-')
-
-########################################
-## <summary>
-##	Change from the database administrator role.
-## </summary>
-## <desc>
-##	<p>
-##	Change from the database administrator role to
-##	the specified role.
-##	</p>
-##	<p>
-##	This is an interface to support third party modules
-##	and its use is not allowed in upstream reference
-##	policy.
-##	</p>
-## </desc>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`dbadm_role_change_to',`
-	gen_require(`
-		role dbadm_r;
-	')
-
-	allow dbadm_r $1;
-')
diff --git a/policy/modules/roles/dbadm.te b/policy/modules/roles/dbadm.te
deleted file mode 100644
index e9c9277..0000000
--- a/policy/modules/roles/dbadm.te
+++ /dev/null
@@ -1,65 +0,0 @@
-policy_module(dbadm, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Allow dbadm to manage files in users home directories
-## </p>
-## </desc>
-gen_tunable(dbadm_manage_user_files, false)
-
-## <desc>
-## <p>
-## Allow dbadm to read files in users home directories
-## </p>
-## </desc>
-gen_tunable(dbadm_read_user_files, false)
-
-role dbadm_r;
-
-userdom_base_user_template(dbadm)
-
-########################################
-#
-# database admin local policy
-#
-
-allow dbadm_t self:capability { dac_override dac_read_search sys_ptrace };
-
-files_dontaudit_search_all_dirs(dbadm_t)
-files_delete_generic_locks(dbadm_t)
-files_list_var(dbadm_t)
-
-selinux_get_enforce_mode(dbadm_t)
-
-logging_send_syslog_msg(dbadm_t)
-logging_send_audit_msgs(dbadm_t)
-
-userdom_dontaudit_search_user_home_dirs(dbadm_t)
-
-tunable_policy(`dbadm_manage_user_files',`
-	userdom_manage_user_home_content_files(dbadm_t)
-	userdom_read_user_tmp_files(dbadm_t)
-	userdom_write_user_tmp_files(dbadm_t)
-')
-
-tunable_policy(`dbadm_read_user_files',`
-	userdom_read_user_home_content_files(dbadm_t)
-	userdom_read_user_tmp_files(dbadm_t)
-')
-
-optional_policy(`
-	mysql_admin(dbadm_t, dbadm_r)
-')
-
-optional_policy(`
-	postgresql_admin(dbadm_t, dbadm_r)
-')
-
-optional_policy(`
-	sudo_role_template(dbadm, dbadm_r, dbadm_t)
-')
diff --git a/policy/modules/roles/guest.fc b/policy/modules/roles/guest.fc
deleted file mode 100644
index 601a7b0..0000000
--- a/policy/modules/roles/guest.fc
+++ /dev/null
@@ -1 +0,0 @@
-# file contexts handled by userdomain and genhomedircon
diff --git a/policy/modules/roles/guest.if b/policy/modules/roles/guest.if
deleted file mode 100644
index 8906a32..0000000
--- a/policy/modules/roles/guest.if
+++ /dev/null
@@ -1,50 +0,0 @@
-## <summary>Least privledge terminal user role</summary>
-
-########################################
-## <summary>
-##	Change to the guest role.
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`guest_role_change',`
-	gen_require(`
-		role guest_r;
-	')
-
-	allow $1 guest_r;
-')
-
-########################################
-## <summary>
-##	Change from the guest role.
-## </summary>
-## <desc>
-##	<p>
-##	Change from the guest role to
-##	the specified role.
-##	</p>
-##	<p>
-##	This is an interface to support third party modules
-##	and its use is not allowed in upstream reference
-##	policy.
-##	</p>
-## </desc>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`guest_role_change_to',`
-	gen_require(`
-		role guest_r;
-	')
-
-	allow guest_r $1;
-')
diff --git a/policy/modules/roles/guest.te b/policy/modules/roles/guest.te
deleted file mode 100644
index f332441..0000000
--- a/policy/modules/roles/guest.te
+++ /dev/null
@@ -1,23 +0,0 @@
-policy_module(guest, 1.1.1)
-
-########################################
-#
-# Declarations
-#
-
-role guest_r;
-
-userdom_restricted_user_template(guest)
-
-kernel_read_system_state(guest_t)
-
-########################################
-#
-# Local policy
-#
-
-optional_policy(`
-	apache_role(guest_r, guest_t)
-')
-
-gen_user(guest_u, user, guest_r, s0, s0)
diff --git a/policy/modules/roles/logadm.fc b/policy/modules/roles/logadm.fc
deleted file mode 100644
index 601a7b0..0000000
--- a/policy/modules/roles/logadm.fc
+++ /dev/null
@@ -1 +0,0 @@
-# file contexts handled by userdomain and genhomedircon
diff --git a/policy/modules/roles/logadm.if b/policy/modules/roles/logadm.if
deleted file mode 100644
index c9740e5..0000000
--- a/policy/modules/roles/logadm.if
+++ /dev/null
@@ -1,50 +0,0 @@
-## <summary>Log administrator role</summary>
-
-########################################
-## <summary>
-##	Change to the log administrator role.
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`logadm_role_change',`
-	gen_require(`
-		role logadm_r;
-	')
-
-	allow $1 logadm_r;
-')
-
-########################################
-## <summary>
-##	Change from the log administrator role.
-## </summary>
-## <desc>
-##	<p>
-##	Change from the log administrator role to
-##	the specified role.
-##	</p>
-##	<p>
-##	This is an interface to support third party modules
-##	and its use is not allowed in upstream reference
-##	policy.
-##	</p>
-## </desc>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`logadm_role_change_to',`
-	gen_require(`
-		role logadm_r;
-	')
-
-	allow logadm_r $1;
-')
diff --git a/policy/modules/roles/logadm.te b/policy/modules/roles/logadm.te
deleted file mode 100644
index 3a45a3e..0000000
--- a/policy/modules/roles/logadm.te
+++ /dev/null
@@ -1,19 +0,0 @@
-policy_module(logadm, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-role logadm_r;
-
-userdom_base_user_template(logadm)
-
-########################################
-#
-# logadmin local policy
-#
-
-allow logadm_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice };
-
-logging_admin(logadm_t, logadm_r)
diff --git a/policy/modules/roles/metadata.xml b/policy/modules/roles/metadata.xml
deleted file mode 100644
index ba002e8..0000000
--- a/policy/modules/roles/metadata.xml
+++ /dev/null
@@ -1 +0,0 @@
-<summary>Policy modules for user roles.</summary>
diff --git a/policy/modules/roles/secadm.fc b/policy/modules/roles/secadm.fc
deleted file mode 100644
index 601a7b0..0000000
--- a/policy/modules/roles/secadm.fc
+++ /dev/null
@@ -1 +0,0 @@
-# file contexts handled by userdomain and genhomedircon
diff --git a/policy/modules/roles/secadm.if b/policy/modules/roles/secadm.if
deleted file mode 100644
index bb6a5fe..0000000
--- a/policy/modules/roles/secadm.if
+++ /dev/null
@@ -1,51 +0,0 @@
-## <summary>Security administrator role</summary>
-
-########################################
-## <summary>
-##	Change to the security administrator role.
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`secadm_role_change',`
-	gen_require(`
-		role secadm_r;
-	')
-
-	allow $1 secadm_r;
-')
-
-########################################
-## <summary>
-##	Change from the security administrator role.
-## </summary>
-## <desc>
-##	<p>
-##	Change from the security administrator role to
-##	the specified role.
-##	</p>
-##	<p>
-##	This is an interface to support third party modules
-##	and its use is not allowed in upstream reference
-##	policy.
-##	</p>
-## </desc>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`secadm_role_change_to_template',`
-	gen_require(`
-		role secadm_r;
-	')
-
-	allow secadm_r $1;
-')
-
diff --git a/policy/modules/roles/secadm.te b/policy/modules/roles/secadm.te
deleted file mode 100644
index e3a1987..0000000
--- a/policy/modules/roles/secadm.te
+++ /dev/null
@@ -1,75 +0,0 @@
-policy_module(secadm, 2.1.0)
-
-########################################
-#
-# Declarations
-#
-
-role secadm_r;
-
-userdom_unpriv_user_template(secadm)
-userdom_security_admin_template(secadm_t, secadm_r)
-userdom_inherit_append_admin_home_files(secadm_t)
-userdom_read_admin_home_files(secadm_t)
-
-########################################
-#
-# Local policy
-#
-
-allow secadm_t self:capability { dac_read_search dac_override };
-
-corecmd_exec_shell(secadm_t)
-
-dev_relabel_all_dev_nodes(secadm_t)
-
-domain_obj_id_change_exemption(secadm_t)
-
-mls_process_read_up(secadm_t)
-mls_file_read_all_levels(secadm_t)
-mls_file_write_all_levels(secadm_t)
-mls_file_upgrade(secadm_t)
-mls_file_downgrade(secadm_t)
-
-auth_role(secadm_r, secadm_t)
-auth_relabel_all_files_except_shadow(secadm_t)
-auth_relabel_shadow(secadm_t)
-
-init_exec(secadm_t)
-
-logging_read_audit_log(secadm_t)
-logging_read_generic_logs(secadm_t)
-logging_read_audit_config(secadm_t)
-
-optional_policy(`
-	aide_run(secadm_t, secadm_r)
-')
-
-optional_policy(`
-	auditadm_role_change(secadm_r)
-')
-
-optional_policy(`
-	dmesg_exec(secadm_t)
-')
-
-optional_policy(`
-	netlabel_run_mgmt(secadm_t, secadm_r)
-')
-
-optional_policy(`
-	screen_role_template(secadm, secadm_r, secadm_t)
-')
-
-optional_policy(`
-	su_role_template(secadm, secadm_r, secadm_t)
-')
-
-optional_policy(`
-	sudo_role_template(secadm, secadm_r, secadm_t)
-')
-
-optional_policy(`
-	sysadm_role_change(secadm_r)
-')
-
diff --git a/policy/modules/roles/staff.fc b/policy/modules/roles/staff.fc
deleted file mode 100644
index 601a7b0..0000000
--- a/policy/modules/roles/staff.fc
+++ /dev/null
@@ -1 +0,0 @@
-# file contexts handled by userdomain and genhomedircon
diff --git a/policy/modules/roles/staff.if b/policy/modules/roles/staff.if
deleted file mode 100644
index 234a940..0000000
--- a/policy/modules/roles/staff.if
+++ /dev/null
@@ -1,50 +0,0 @@
-## <summary>Administrator's unprivileged user role</summary>
-
-########################################
-## <summary>
-##	Change to the staff role.
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`staff_role_change',`
-	gen_require(`
-		role staff_r;
-	')
-
-	allow $1 staff_r;
-')
-
-########################################
-## <summary>
-##	Change from the staff role.
-## </summary>
-## <desc>
-##	<p>
-##	Change from the staff role to
-##	the specified role.
-##	</p>
-##	<p>
-##	This is an interface to support third party modules
-##	and its use is not allowed in upstream reference
-##	policy.
-##	</p>
-## </desc>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`staff_role_change_to',`
-	gen_require(`
-		role staff_r;
-	')
-
-	allow staff_r $1;
-')
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
deleted file mode 100644
index 571c76e..0000000
--- a/policy/modules/roles/staff.te
+++ /dev/null
@@ -1,279 +0,0 @@
-policy_module(staff, 2.1.2)
-
-########################################
-#
-# Declarations
-#
-
-role staff_r;
-
-userdom_unpriv_user_template(staff)
-fs_exec_noxattr(staff_t)
-
-# needed for sandbox
-allow staff_t self:process setexec;
-
-########################################
-#
-# Local policy
-#
-
-kernel_read_ring_buffer(staff_usertype)
-kernel_getattr_core_if(staff_usertype)
-kernel_getattr_message_if(staff_usertype)
-kernel_read_software_raid_state(staff_usertype)
-kernel_read_fs_sysctls(staff_usertype)
-
-domain_read_all_domains_state(staff_usertype)
-domain_getattr_all_domains(staff_usertype)
-domain_obj_id_change_exemption(staff_t)
-
-files_read_kernel_modules(staff_usertype)
-
-seutil_read_module_store(staff_t)
-seutil_run_newrole(staff_t, staff_r)
-
-term_use_unallocated_ttys(staff_usertype)
-
-auth_domtrans_pam_console(staff_t)
-
-init_dbus_chat(staff_t)
-init_dbus_chat_script(staff_t)
-
-miscfiles_read_hwdata(staff_usertype)
-
-modutils_read_module_config(staff_usertype)
-modutils_read_module_deps(staff_usertype)
-
-netutils_run_ping(staff_t, staff_r)
-netutils_signal_ping(staff_t)
-
-optional_policy(`
-	apache_role(staff_r, staff_t)
-')
-
-optional_policy(`
-	auditadm_role_change(staff_r)
-')
-
-optional_policy(`
-	dbadm_role_change(staff_r)
-')
-
-optional_policy(`
-	accountsd_dbus_chat(staff_t)
-	accountsd_read_lib_files(staff_t)
-')
-
-optional_policy(`
-	gnomeclock_dbus_chat(staff_t)
-')
-
-optional_policy(`
-	firewallgui_dbus_chat(staff_t)
-')
-
-optional_policy(`
-	lpd_list_spool(staff_t)
-')
-
-optional_policy(`
-	kerneloops_dbus_chat(staff_t)
-')
-
-optional_policy(`
-	logadm_role_change(staff_r)
-')
-
-optional_policy(`
-	mozilla_run_plugin(staff_t, staff_r)
-')
-
-optional_policy(`
-	oident_manage_user_content(staff_t)
-	oident_relabel_user_content(staff_t)
-')
-
-optional_policy(`
-	postgresql_role(staff_r, staff_t)
-')
-
-optional_policy(`
-	rtkit_scheduled(staff_t)
-')
-
-optional_policy(`
-	rpm_dbus_chat(staff_usertype)
-')
-
-optional_policy(`
-	secadm_role_change(staff_r)
-')
-
-optional_policy(`
-	sandbox_transition(staff_t, staff_r)
-')
-
-optional_policy(`
-	screen_role_template(staff, staff_r, staff_t)
-')
-
-optional_policy(`
-	sysadm_role_change(staff_r)
-	userdom_dontaudit_use_user_terminals(staff_t)
-')
-optional_policy(`
-	setroubleshoot_stream_connect(staff_t)
-	setroubleshoot_dbus_chat(staff_t)
-	setroubleshoot_dbus_chat_fixit(staff_t)
-')
-
-optional_policy(`
-	ssh_role_template(staff, staff_r, staff_t)
-')
-
-optional_policy(`
-	sudo_role_template(staff, staff_r, staff_t)
-')
-
-optional_policy(`
-	telepathy_dbus_session_role(staff_r, staff_t)
-')
-
-optional_policy(`
-	userhelper_console_role_template(staff, staff_r, staff_usertype)
-')
-
-optional_policy(`
-	unconfined_role_change(staff_r)
-')
-
-optional_policy(`
-	virt_stream_connect(staff_t)
-')
-
-optional_policy(`
-	vnstatd_read_lib_files(staff_t)
-')
-
-optional_policy(`
-	webadm_role_change(staff_r)
-')
-
-optional_policy(`
-	xserver_role(staff_r, staff_t)
-')
-
-ifndef(`distro_redhat',`
-	optional_policy(`
-		auth_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		bluetooth_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		cdrecord_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		cron_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		dbus_role_template(staff, staff_r, staff_t)
-	')
-
-	optional_policy(`
-		evolution_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		games_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		gift_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		gnome_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		gpg_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		irc_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		java_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		lockdev_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		lpd_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		mozilla_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		mplayer_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		mta_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		pyzor_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		razor_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		rssh_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		spamassassin_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		su_role_template(staff, staff_r, staff_t)
-	')
-
-	optional_policy(`
-		thunderbird_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		tvtime_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		uml_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		userhelper_role_template(staff, staff_r, staff_t)
-	')
-
-	optional_policy(`
-		vmware_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		wireshark_role(staff_r, staff_t)
-	')
-')
diff --git a/policy/modules/roles/sysadm.fc b/policy/modules/roles/sysadm.fc
deleted file mode 100644
index 601a7b0..0000000
--- a/policy/modules/roles/sysadm.fc
+++ /dev/null
@@ -1 +0,0 @@
-# file contexts handled by userdomain and genhomedircon
diff --git a/policy/modules/roles/sysadm.if b/policy/modules/roles/sysadm.if
deleted file mode 100644
index ff92430..0000000
--- a/policy/modules/roles/sysadm.if
+++ /dev/null
@@ -1,238 +0,0 @@
-## <summary>General system administration role</summary>
-
-########################################
-## <summary>
-##	Change to the system administrator role.
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`sysadm_role_change',`
-	gen_require(`
-		role sysadm_r;
-	')
-
-	allow $1 sysadm_r;
-')
-
-########################################
-## <summary>
-##	Change from the system administrator role.
-## </summary>
-## <desc>
-##	<p>
-##	Change from the system administrator role to
-##	the specified role.
-##	</p>
-##	<p>
-##	This is an interface to support third party modules
-##	and its use is not allowed in upstream reference
-##	policy.
-##	</p>
-## </desc>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`sysadm_role_change_to',`
-	gen_require(`
-		role sysadm_r;
-	')
-
-	allow sysadm_r $1;
-')
-
-########################################
-## <summary>
-##	Execute a shell in the sysadm domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysadm_shell_domtrans',`
-	gen_require(`
-		type sysadm_t;
-	')
-
-	corecmd_shell_domtrans($1, sysadm_t)
-	allow sysadm_t $1:fd use;
-	allow sysadm_t $1:fifo_file rw_file_perms;
-	allow sysadm_t $1:process sigchld;
-')
-
-########################################
-## <summary>
-##	Execute a generic bin program in the sysadm domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysadm_bin_spec_domtrans',`
-	gen_require(`
-		type sysadm_t;
-	')
-
-	corecmd_bin_spec_domtrans($1, sysadm_t)
-	allow sysadm_t $1:fd use;
-	allow sysadm_t $1:fifo_file rw_file_perms;
-	allow sysadm_t $1:process sigchld;
-')
-
-########################################
-## <summary>
-##	Execute all entrypoint files in the sysadm domain. This
-##	is an explicit transition, requiring the
-##	caller to use setexeccon().
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysadm_entry_spec_domtrans',`
-	gen_require(`
-		type sysadm_t;
-	')
-
-	domain_entry_file_spec_domtrans($1, sysadm_t)
-	allow sysadm_t $1:fd use;
-	allow sysadm_t $1:fifo_file rw_file_perms;
-	allow sysadm_t $1:process sigchld;
-')
-
-########################################
-## <summary>
-##	Allow sysadm to execute all entrypoint files in
-##	a specified domain.  This is an explicit transition,
-##	requiring the caller to use setexeccon().
-## </summary>
-## <desc>
-##	<p>
-##	Allow sysadm to execute all entrypoint files in
-##	a specified domain.  This is an explicit transition,
-##	requiring the caller to use setexeccon().
-##	</p>
-##	<p>
-##	This is a interface to support third party modules
-##	and its use is not allowed in upstream reference
-##	policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysadm_entry_spec_domtrans_to',`
-	gen_require(`
-		type sysadm_t;
-	')
-
-	domain_entry_file_spec_domtrans(sysadm_t, $1)
-	allow $1 sysadm_t:fd use;
-	allow $1 sysadm_t:fifo_file rw_file_perms;
-	allow $1 sysadm_t:process sigchld;
-')
-
-########################################
-## <summary>
-##	Allow sysadm to execute a generic bin program in
-##	a specified domain.  This is an explicit transition,
-##	requiring the caller to use setexeccon().
-## </summary>
-## <desc>
-##	<p>
-##	Allow sysadm to execute a generic bin program in
-##	a specified domain.
-##	</p>
-##	<p>
-##	This is a interface to support third party modules
-##	and its use is not allowed in upstream reference
-##	policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to execute in.
-##	</summary>
-## </param>
-#
-interface(`sysadm_bin_spec_domtrans_to',`
-	gen_require(`
-		type sysadm_t;
-	')
-
-	corecmd_bin_spec_domtrans(sysadm_t, $1)
-	allow $1 sysadm_t:fd use;
-	allow $1 sysadm_t:fifo_file rw_file_perms;
-	allow $1 sysadm_t:process sigchld;
-')
-
-########################################
-## <summary>
-##	Send a SIGCHLD signal to sysadm users.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysadm_sigchld',`
-	gen_require(`
-		type sysadm_t;
-	')
-
-	allow $1 sysadm_t:process sigchld;
-')
-
-########################################
-## <summary>
-##	Inherit and use sysadm file descriptors
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysadm_use_fds',`
-	gen_require(`
-		type sysadm_t;
-	')
-
-	allow $1 sysadm_t:fd use;
-')
-
-########################################
-## <summary>
-##	Read and write sysadm user unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysadm_rw_pipes',`
-	gen_require(`
-		type sysadm_t;
-	')
-
-	allow $1 sysadm_t:fifo_file rw_fifo_file_perms;
-')
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
deleted file mode 100644
index 1a95085..0000000
--- a/policy/modules/roles/sysadm.te
+++ /dev/null
@@ -1,515 +0,0 @@
-policy_module(sysadm, 2.1.1)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Allow sysadm to debug or ptrace all processes.
-## </p>
-## </desc>
-gen_tunable(allow_ptrace, false)
-
-role sysadm_r;
-
-userdom_admin_user_template(sysadm)
-
-ifndef(`enable_mls',`
-	userdom_security_admin_template(sysadm_t, sysadm_r)
-')
-
-########################################
-#
-# Local policy
-#
-kernel_read_fs_sysctls(sysadm_t)
-
-corecmd_exec_shell(sysadm_t)
-
-domain_dontaudit_read_all_domains_state(sysadm_t)
-
-files_read_kernel_modules(sysadm_t)
-
-mls_process_read_up(sysadm_t)
-mls_file_read_to_clearance(sysadm_t)
-mls_process_write_to_clearance(sysadm_t)
-
-ubac_process_exempt(sysadm_t)
-ubac_file_exempt(sysadm_t)
-ubac_fd_exempt(sysadm_t)
-
-application_exec(sysadm_t)
-
-init_exec(sysadm_t)
-init_exec_script_files(sysadm_t)
-init_dbus_chat(sysadm_t)
-init_script_role_transition(sysadm_r)
-
-modutils_read_module_deps(sysadm_t)
-
-miscfiles_read_hwdata(sysadm_t)
-
-# Add/remove user home directories
-userdom_manage_user_home_dirs(sysadm_t)
-userdom_home_filetrans_user_home_dir(sysadm_t)
-userdom_manage_user_tmp_dirs(sysadm_t)
-userdom_manage_user_tmp_files(sysadm_t)
-userdom_manage_user_tmp_symlinks(sysadm_t)
-userdom_manage_user_tmp_chr_files(sysadm_t)
-userdom_manage_user_tmp_blk_files(sysadm_t)
-
-ifdef(`direct_sysadm_daemon',`
-	optional_policy(`
-		init_run_daemon(sysadm_t, sysadm_r)
-	')
-',`
-	ifdef(`distro_gentoo',`
-		optional_policy(`
-			seutil_init_script_run_runinit(sysadm_t, sysadm_r)
-		')
-	')
-')
-
-ifndef(`enable_mls',`
-	logging_manage_audit_log(sysadm_t)
-	logging_manage_audit_config(sysadm_t)
-	logging_run_auditctl(sysadm_t, sysadm_r)
-	logging_stream_connect_syslog(sysadm_t)
-')
-
-tunable_policy(`allow_ptrace',`
-	domain_ptrace_all_domains(sysadm_t)
-')
-
-optional_policy(`
-	amanda_run_recover(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	apache_run_helper(sysadm_t, sysadm_r)
-	#apache_run_all_scripts(sysadm_t, sysadm_r)
-	#apache_domtrans_sys_script(sysadm_t)
-')
-
-optional_policy(`
-	# cjp: why is this not apm_run_client
-	apm_domtrans_client(sysadm_t)
-')
-
-optional_policy(`
-	apt_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	auditadm_role_change(sysadm_r)
-')
-
-optional_policy(`
-	backup_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	bind_run_ndc(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	bootloader_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	certmonger_dbus_chat(sysadm_t)
-')
-
-optional_policy(`
-	certwatch_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	clock_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	clockspeed_run_cli(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	consoletype_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-    daemonstools_run_start(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	dcc_run_cdcc(sysadm_t, sysadm_r)
-	dcc_run_client(sysadm_t, sysadm_r)
-	dcc_run_dbclean(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	ddcprobe_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	dmesg_exec(sysadm_t)
-')
-
-optional_policy(`
-	dmidecode_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	dpkg_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	firstboot_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	fstools_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	hostname_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	# allow system administrator to use the ipsec script to look
-	# at things (e.g., ipsec auto --status)
-	# probably should create an ipsec_admin role for this kind of thing
-	ipsec_exec_mgmt(sysadm_t)
-	ipsec_stream_connect(sysadm_t)
-	# for lsof
-	ipsec_getattr_key_sockets(sysadm_t)
-	ipsec_run_setkey(sysadm_t, sysadm_r)
-	ipsec_run_racoon(sysadm_t, sysadm_r)
-	ipsec_stream_connect_racoon(sysadm_t)
-
-	optional_policy(`
-		ipsec_mgmt_dbus_chat(sysadm_t)
-	')
-')
-
-optional_policy(`
-	iptables_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	kerberos_exec_kadmind(sysadm_t)
-')
-
-optional_policy(`
-	kudzu_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	libs_run_ldconfig(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	logrotate_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	lpd_run_checkpc(sysadm_t, sysadm_r)
-	lpd_role(sysadm_r, sysadm_t)
-')
-
-optional_policy(`
-	lvm_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	modutils_run_depmod(sysadm_t, sysadm_r)
-	modutils_run_insmod(sysadm_t, sysadm_r)
-	modutils_run_update_mods(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	mount_run(sysadm_t, sysadm_r)
-	mount_run_showmount(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	mta_role(sysadm_r, sysadm_t)
-')
-
-optional_policy(`
-	munin_stream_connect(sysadm_t)
-')
-
-optional_policy(`
-	mysql_stream_connect(sysadm_t)
-')
-
-optional_policy(`
-	ncftool_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	netutils_run(sysadm_t, sysadm_r)
-	netutils_run_ping(sysadm_t, sysadm_r)
-	netutils_run_traceroute(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	ntp_stub()
-	corenet_udp_bind_ntp_port(sysadm_t)
-')
-
-optional_policy(`
-	oav_run_update(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	oident_manage_user_content(sysadm_t)
-	oident_relabel_user_content(sysadm_t)
-')
-
-optional_policy(`
-	pcmcia_run_cardctl(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	portage_run(sysadm_t, sysadm_r)
-	portage_run_gcc_config(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	portmap_run_helper(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	prelink_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	quota_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	raid_domtrans_mdadm(sysadm_t)
-')
-
-optional_policy(`
-	rpc_domtrans_nfsd(sysadm_t)
-')
-
-optional_policy(`
-	rpm_run(sysadm_t, sysadm_r)
-')
-
-
-optional_policy(`
-	rsync_exec(sysadm_t)
-')
-
-optional_policy(`
-	samba_run_net(sysadm_t, sysadm_r)
-	samba_run_winbind_helper(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	screen_role_template(sysadm, sysadm_r, sysadm_t)
-')
-
-optional_policy(`
-	secadm_role_change(sysadm_r)
-')
-
-optional_policy(`
-	seutil_run_setfiles(sysadm_t, sysadm_r)
-	seutil_run_runinit(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	shutdown_run(sysadm_t, sysadm_r)
-')
-
-
-optional_policy(`
-	ssh_role_template(sysadm, sysadm_r, sysadm_t)
-')
-
-optional_policy(`
-	staff_role_change(sysadm_r)
-')
-
-optional_policy(`
-	su_role_template(sysadm, sysadm_r, sysadm_t)
-')
-
-optional_policy(`
-	sudo_role_template(sysadm, sysadm_r, sysadm_t)
-')
-
-optional_policy(`
-	sysnet_run_ifconfig(sysadm_t, sysadm_r)
-	sysnet_run_dhcpc(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	tripwire_run_siggen(sysadm_t, sysadm_r)
-	tripwire_run_tripwire(sysadm_t, sysadm_r)
-	tripwire_run_twadmin(sysadm_t, sysadm_r)
-	tripwire_run_twprint(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	tzdata_domtrans(sysadm_t)
-')
-
-optional_policy(`
-	unconfined_domtrans(sysadm_t)
-')
-
-optional_policy(`
-	unprivuser_role_change(sysadm_r)
-')
-
-optional_policy(`
-	usbmodules_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	usermanage_run_admin_passwd(sysadm_t, sysadm_r)
-	usermanage_run_groupadd(sysadm_t, sysadm_r)
-	usermanage_run_useradd(sysadm_t, sysadm_r)
-')
-
-
-optional_policy(`
-	vpn_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	vpn_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	webalizer_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	virt_stream_connect(sysadm_t)
-')
-
-optional_policy(`
-	yam_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	zebra_stream_connect(sysadm_t)
-')
-
-ifndef(`distro_redhat',`
-	optional_policy(`
-		apache_role(sysadm_r, sysadm_t)
-	')
-	optional_policy(`
-		auth_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		bluetooth_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		cdrecord_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		cron_admin_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		dbus_role_template(sysadm, sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		evolution_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		games_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		gift_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		gnome_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		gpg_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		irc_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		java_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		lockdev_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		mozilla_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		mplayer_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		pyzor_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		razor_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		rssh_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		spamassassin_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		thunderbird_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		tvtime_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		uml_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		userhelper_role_template(sysadm, sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		vmware_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		wireshark_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
-		xserver_role(sysadm_r, sysadm_t)
-	')
-')
diff --git a/policy/modules/roles/unconfineduser.fc b/policy/modules/roles/unconfineduser.fc
deleted file mode 100644
index 0e8654b..0000000
--- a/policy/modules/roles/unconfineduser.fc
+++ /dev/null
@@ -1,8 +0,0 @@
-# Add programs here which should not be confined by SELinux
-# e.g.:
-# /usr/local/bin/appsrv		--	gen_context(system_u:object_r:unconfined_exec_t,s0)
-# For the time being until someone writes a sane policy, we need initrc to transition to unconfined_t
-/usr/bin/vncserver		--	gen_context(system_u:object_r:unconfined_exec_t,s0)
-
-/usr/sbin/xrdp   --  gen_context(system_u:object_r:unconfined_exec_t,s0)
-/usr/sbin/xrdp-sesman   --  gen_context(system_u:object_r:unconfined_exec_t,s0)
diff --git a/policy/modules/roles/unconfineduser.if b/policy/modules/roles/unconfineduser.if
deleted file mode 100644
index 8b2cdf3..0000000
--- a/policy/modules/roles/unconfineduser.if
+++ /dev/null
@@ -1,687 +0,0 @@
-## <summary>Unconfiend user role</summary>
-
-########################################
-## <summary>
-##	Change from the unconfineduser role.
-## </summary>
-## <desc>
-##	<p>
-##	Change from the unconfineduser role to
-##	the specified role.
-##	</p>
-##	<p>
-##	This is an interface to support third party modules
-##	and its use is not allowed in upstream reference
-##	policy.
-##	</p>
-## </desc>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`unconfined_role_change_to',`
-	gen_require(`
-		role unconfined_r;
-	')
-
-	allow unconfined_r $1;
-')
-
-########################################
-## <summary>
-##	Transition to the unconfined domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_domtrans',`
-	gen_require(`
-		type unconfined_t, unconfined_exec_t;
-	')
-
-	domtrans_pattern($1,unconfined_exec_t,unconfined_t)
-')
-
-########################################
-## <summary>
-##	Execute specified programs in the unconfined domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The type of the process performing this action.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the unconfined domain.
-##	</summary>
-## </param>
-#
-interface(`unconfined_run',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	unconfined_domtrans($1)
-	role $2 types unconfined_t;
-')
-
-########################################
-## <summary>
-##	Transition to the unconfined domain by executing a shell.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_shell_domtrans',`
-	gen_require(`
-		attribute unconfined_login_domain;
-	')
-	typeattribute $1 unconfined_login_domain;
-')
-
-########################################
-## <summary>
-##	Allow unconfined to execute the specified program in
-##	the specified domain.
-## </summary>
-## <desc>
-##	<p>
-##	Allow unconfined to execute the specified program in
-##	the specified domain.
-##	</p>
-##	<p>
-##	This is a interface to support third party modules
-##	and its use is not allowed in upstream reference
-##	policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to execute in.
-##	</summary>
-## </param>
-## <param name="entry_file">
-##	<summary>
-##	Domain entry point file.
-##	</summary>
-## </param>
-#
-interface(`unconfined_domtrans_to',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	domtrans_pattern(unconfined_t,$2,$1)
-')
-
-########################################
-## <summary>
-##	Allow unconfined to execute the specified program in
-##	the specified domain.  Allow the specified domain the
-##	unconfined role and use of unconfined user terminals.
-## </summary>
-## <desc>
-##	<p>
-##	Allow unconfined to execute the specified program in
-##	the specified domain.  Allow the specified domain the
-##	unconfined role and use of unconfined user terminals.
-##	</p>
-##	<p>
-##	This is a interface to support third party modules
-##	and its use is not allowed in upstream reference
-##	policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to execute in.
-##	</summary>
-## </param>
-## <param name="entry_file">
-##	<summary>
-##	Domain entry point file.
-##	</summary>
-## </param>
-#
-interface(`unconfined_run_to',`
-	gen_require(`
-		type unconfined_t;
-		role unconfined_r;
-	')
-
-	domtrans_pattern(unconfined_t,$2,$1)
-	role unconfined_r types $1;
-	userdom_use_user_terminals($1)
-')
-
-########################################
-## <summary>
-##	Inherit file descriptors from the unconfined domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_use_fds',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	allow $1 unconfined_t:fd use;
-')
-
-########################################
-## <summary>
-##	Send a SIGCHLD signal to the unconfined domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_sigchld',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	allow $1 unconfined_t:process sigchld;
-')
-
-########################################
-## <summary>
-##	Send a SIGNULL signal to the unconfined domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_signull',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	allow $1 unconfined_t:process signull;
-')
-
-########################################
-## <summary>
-##	Send a SIGNULL signal to the unconfined execmem domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_execmem_signull',`
-	gen_require(`
-		type unconfined_execmem_t;
-	')
-
-	allow $1 unconfined_execmem_t:process signull;
-')
-
-########################################
-## <summary>
-##	Send a signal to the unconfined execmem domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_execmem_signal',`
-	gen_require(`
-		type unconfined_execmem_t;
-	')
-
-	allow $1 unconfined_execmem_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send generic signals to the unconfined domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_signal',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	allow $1 unconfined_t:process signal;
-')
-
-########################################
-## <summary>
-##	Read unconfined domain unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_read_pipes',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	allow $1 unconfined_t:fifo_file read_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read unconfined domain unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_dontaudit_read_pipes',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	dontaudit $1 unconfined_t:fifo_file read;
-')
-
-########################################
-## <summary>
-##	Read and write unconfined domain unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_rw_pipes',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	allow $1 unconfined_t:fifo_file rw_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write
-##	unconfined domain unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`unconfined_dontaudit_rw_pipes',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	dontaudit $1 unconfined_t:fifo_file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write
-##	unconfined domain stream.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`unconfined_dontaudit_rw_stream',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	dontaudit $1 unconfined_t:unix_stream_socket rw_socket_perms;
-')
-
-########################################
-## <summary>
-##	Connect to the unconfined domain using
-##	a unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_stream_connect',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	allow $1 unconfined_t:unix_stream_socket connectto;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write
-##	unconfined domain tcp sockets.
-## </summary>
-## <desc>
-##	<p>
-##	Do not audit attempts to read or write
-##	unconfined domain tcp sockets.
-##	</p>
-##	<p>
-##	This interface was added due to a broken
-##	symptom in ldconfig.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`unconfined_dontaudit_rw_tcp_sockets',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	dontaudit $1 unconfined_t:tcp_socket { read write };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write
-##	unconfined domain packet sockets.
-## </summary>
-## <desc>
-##	<p>
-##	Do not audit attempts to read or write
-##	unconfined domain packet sockets.
-##	</p>
-##	<p>
-##	This interface was added due to a broken
-##	symptom.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`unconfined_dontaudit_rw_packet_sockets',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	dontaudit $1 unconfined_t:packet_socket { read write };
-')
-
-########################################
-## <summary>
-##	Create keys for the unconfined domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_create_keys',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	allow $1 unconfined_t:key create;
-')
-
-########################################
-## <summary>
-##	Send messages to the unconfined domain over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_dbus_send',`
-	gen_require(`
-		type unconfined_t;
-		class dbus send_msg;
-	')
-
-	allow $1 unconfined_t:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	unconfined_t over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_dbus_chat',`
-	gen_require(`
-		type unconfined_t;
-		class dbus send_msg;
-	')
-
-	allow $1 unconfined_t:dbus send_msg;
-	allow unconfined_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Connect to the the unconfined DBUS
-##	for service (acquire_svc).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_dbus_connect',`
-	gen_require(`
-		type unconfined_t;
-		class dbus acquire_svc;
-	')
-
-	allow $1 unconfined_t:dbus acquire_svc;
-')
-
-########################################
-## <summary>
-##	Allow ptrace of unconfined domain
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_ptrace',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	allow $1 unconfined_t:process ptrace;
-')
-
-########################################
-## <summary>
-##	Read and write to unconfined shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The type of the process performing this action.
-##	</summary>
-## </param>
-#
-interface(`unconfined_rw_shm',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	allow $1 unconfined_t:shm rw_shm_perms;
-')
-
-########################################
-## <summary>
-##	Read and write to unconfined execmem shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The type of the process performing this action.
-##	</summary>
-## </param>
-#
-interface(`unconfined_execmem_rw_shm',`
-	gen_require(`
-		type unconfined_execmem_t;
-	')
-
-	allow $1 unconfined_execmem_t:shm rw_shm_perms;
-')
-
-########################################
-## <summary>
-##	Transition to the unconfined_execmem domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_execmem_domtrans',`
-
-	gen_require(`
-		type unconfined_execmem_t;
-	')
-
-	execmem_domtrans($1, unconfined_execmem_t)
-')
-
-########################################
-## <summary>
-##	execute the execmem applications
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_execmem_exec',`
-
-	gen_require(`
-		type execmem_exec_t;
-	')
-
-	can_exec($1, execmem_exec_t)
-')
-
-########################################
-## <summary>
-##	Allow apps to set rlimits on userdomain
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_set_rlimitnh',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	allow $1 unconfined_t:process rlimitinh;
-')
-
-########################################
-## <summary>
-##	Get the process group of unconfined.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_getpgid',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	allow $1 unconfined_t:process getpgid;
-')
-
-########################################
-## <summary>
-##	Change to the unconfined role.
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`unconfined_role_change',`
-	gen_require(`
-		role unconfined_r;
-	')
-
-	allow $1 unconfined_r;
-')
-
-########################################
-## <summary>
-##	Allow domain to attach to TUN devices created by unconfined_t users.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`unconfined_attach_tun_iface',`
-	gen_require(`
-		type unconfined_t;
-	')
-
-	allow $1 unconfined_t:tun_socket relabelfrom;
-	allow $1 self:tun_socket relabelto;
-')
-
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
deleted file mode 100644
index cad536c..0000000
--- a/policy/modules/roles/unconfineduser.te
+++ /dev/null
@@ -1,491 +0,0 @@
-policy_module(unconfineduser, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-attribute unconfined_login_domain;
-
-## <desc>
-## <p>
-## Transition unconfined user to the nsplugin domains when running nspluginviewer
-## </p>
-## </desc>
-gen_tunable(allow_unconfined_nsplugin_transition, false)
-
-## <desc>
-## <p>
-## Transition unconfined user to the mozilla plugin domain when running xulrunner plugin-container.
-## </p>
-## </desc>
-gen_tunable(unconfined_mozilla_plugin_transition, false)
-
-## <desc>
-## <p>
-## Allow vidio playing tools to tun unconfined
-## </p>
-## </desc>
-gen_tunable(unconfined_mplayer, false)
-
-## <desc>
-## <p>
-## Allow a user to login as an unconfined domain
-## </p>
-## </desc>
-gen_tunable(unconfined_login, true)
-
-## <desc>
-## <p>
-## Transition to confined qemu domains from unconfined user
-## </p>
-## </desc>
-gen_tunable(allow_unconfined_qemu_transition, false)
-
-# usage in this module of types created by these
-# calls is not correct, however we dont currently
-# have another method to add access to these types
-userdom_base_user_template(unconfined)
-userdom_manage_home_role(unconfined_r, unconfined_t)
-userdom_manage_tmp_role(unconfined_r, unconfined_t)
-userdom_manage_tmpfs_role(unconfined_r, unconfined_t)
-userdom_unpriv_usertype(unconfined, unconfined_t)
-
-type unconfined_exec_t;
-init_system_domain(unconfined_t, unconfined_exec_t)
-role unconfined_r types unconfined_t;
-role_transition system_r unconfined_exec_t unconfined_r;
-allow system_r unconfined_r;
-
-domain_user_exemption_target(unconfined_t)
-allow system_r unconfined_r;
-allow unconfined_r system_r;
-init_script_role_transition(unconfined_r)
-role system_r types unconfined_t;
-typealias unconfined_t alias unconfined_crontab_t;
-
-type unconfined_notrans_t;
-type unconfined_notrans_exec_t;
-init_system_domain(unconfined_notrans_t, unconfined_notrans_exec_t)
-role unconfined_r types unconfined_notrans_t;
-
-########################################
-#
-# Local policy
-#
-
-dontaudit unconfined_t self:dir write;
-dontaudit unconfined_t self:file setattr;
-
-allow unconfined_t self:system syslog_read;
-dontaudit unconfined_t self:capability sys_module;
-
-files_create_boot_flag(unconfined_t)
-files_create_default_dir(unconfined_t)
-files_root_filetrans_default(unconfined_t, dir)
-
-mcs_killall(unconfined_t)
-mcs_ptrace_all(unconfined_t)
-mls_file_write_all_levels(unconfined_t)
-
-init_run_daemon(unconfined_t, unconfined_r)
-init_domtrans_script(unconfined_t)
-init_telinit(unconfined_t)
-
-libs_run_ldconfig(unconfined_t, unconfined_r)
-
-logging_send_syslog_msg(unconfined_t)
-logging_run_auditctl(unconfined_t, unconfined_r)
-
-mount_run_unconfined(unconfined_t, unconfined_r)
-# Unconfined running as system_r
-mount_domtrans_unconfined(unconfined_t)
-
-seutil_run_setsebool(unconfined_t, unconfined_r)
-seutil_run_setfiles(unconfined_t, unconfined_r)
-seutil_run_semanage(unconfined_t, unconfined_r)
-
-unconfined_domain_noaudit(unconfined_t)
-
-userdom_user_home_dir_filetrans_user_home_content(unconfined_t, { dir file lnk_file fifo_file sock_file })
-
-usermanage_run_passwd(unconfined_t, unconfined_r)
-usermanage_run_chfn(unconfined_t, unconfined_r)
-
-tunable_policy(`allow_execmem',`
-	allow unconfined_t self:process execmem;
-')
-
-tunable_policy(`allow_execmem && allow_execstack',`
-	allow unconfined_t self:process execstack;
-')
-
-dev_filetrans_named_dev(unconfined_usertype)
-
-tunable_policy(`allow_execmod',`
-	userdom_execmod_user_home_files(unconfined_usertype)
-')
-
-tunable_policy(`unconfined_login',`
-	corecmd_shell_domtrans(unconfined_login_domain,unconfined_t)
-	allow unconfined_t unconfined_login_domain:fd use;
-	allow unconfined_t unconfined_login_domain:fifo_file rw_file_perms;
-	allow unconfined_t unconfined_login_domain:process sigchld;
-')
-
-optional_policy(`
-	gen_require(`
-		attribute unconfined_usertype;
-	')
-
-	nsplugin_role_notrans(unconfined_r, unconfined_usertype)
-	optional_policy(`
-		tunable_policy(`allow_unconfined_nsplugin_transition',`
-		      nsplugin_domtrans(unconfined_usertype)
-		      nsplugin_domtrans_config(unconfined_usertype)
-		')
-	')
-
-	optional_policy(`
-		abrt_dbus_chat(unconfined_usertype)
-		abrt_run_helper(unconfined_usertype, unconfined_r)
-	')
-
-	optional_policy(`
-		avahi_dbus_chat(unconfined_usertype)
-	')
-
-	optional_policy(`
-		certmonger_dbus_chat(unconfined_usertype)
-	')
-
-	optional_policy(`
-		devicekit_dbus_chat(unconfined_usertype)
-		devicekit_dbus_chat_disk(unconfined_usertype)
-		devicekit_dbus_chat_power(unconfined_usertype)
-	')
-
-	optional_policy(`
-		hal_dbus_chat(unconfined_usertype)
-	')
-
-	optional_policy(`
-		networkmanager_dbus_chat(unconfined_usertype)
-	')
-
-	optional_policy(`
-		policykit_role(unconfined_r, unconfined_usertype)
-	')
-
-	optional_policy(`
-		rtkit_scheduled(unconfined_usertype)
-	')
-
-	optional_policy(`
-		setroubleshoot_dbus_chat(unconfined_usertype)
-		setroubleshoot_dbus_chat_fixit(unconfined_t)
-	')
-
-	optional_policy(`
-		sandbox_transition(unconfined_usertype, unconfined_r)
-	')
-
-	optional_policy(`
-		shutdown_run(unconfined_t, unconfined_r)
-	')
-
-	optional_policy(`
-		tzdata_run(unconfined_usertype, unconfined_r)
-	')
-
-	optional_policy(`
-		gen_require(`
-			type user_tmpfs_t;
-		')
-	
-		xserver_rw_session(unconfined_usertype, user_tmpfs_t)
-		xserver_run_xauth(unconfined_usertype, unconfined_r)
-		xserver_dbus_chat_xdm(unconfined_usertype)
-	')
-')
-
-ifdef(`distro_gentoo',`
-	seutil_run_runinit(unconfined_t, unconfined_r)
-	seutil_init_script_run_runinit(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	accountsd_dbus_chat(unconfined_t)
-')
-
-optional_policy(`
-	ada_run(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	alsa_run(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	apache_run_helper(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	bind_run_ndc(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	bootloader_run(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	cron_unconfined_role(unconfined_r, unconfined_t)
-')
-
-optional_policy(`
-	chrome_role(unconfined_r, unconfined_usertype)
-')
-
-optional_policy(`
-	dbus_role_template(unconfined, unconfined_r, unconfined_t)
-
-	optional_policy(`
-		unconfined_domain(unconfined_dbusd_t)
-		unconfined_execmem_domtrans(unconfined_dbusd_t)
-
-		optional_policy(`
-			xserver_rw_shm(unconfined_dbusd_t)
-		')
-	')
-
-	init_dbus_chat(unconfined_usertype)
-	init_dbus_chat_script(unconfined_usertype)
-
-	dbus_stub(unconfined_t)
-
-	optional_policy(`
-		bluetooth_dbus_chat(unconfined_usertype)
-	')
-
-	optional_policy(`
-		consolekit_dbus_chat(unconfined_usertype)
-	')
-
-	optional_policy(`
-		cups_dbus_chat_config(unconfined_usertype)
-	')
-
-	optional_policy(`
-		fprintd_dbus_chat(unconfined_usertype)
-	')
-
-	optional_policy(`
-		gnomeclock_dbus_chat(unconfined_usertype)
-		gnome_dbus_chat_gconfdefault(unconfined_usertype)
-	')
-
-	optional_policy(`
-		ipsec_mgmt_dbus_chat(unconfined_usertype)
-	')
-
-	optional_policy(`
-		kerneloops_dbus_chat(unconfined_usertype)
-	')
-
-	optional_policy(`
-		oddjob_dbus_chat(unconfined_usertype)
-	')
-
-	optional_policy(`
-		vpn_dbus_chat(unconfined_usertype)
-	')
-')
-
-optional_policy(`
-	firewallgui_dbus_chat(unconfined_usertype)
-')
-
-optional_policy(`
-	firstboot_run(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	ftp_run_ftpdctl(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-        gpsd_run(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	java_run_unconfined(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	livecd_run(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	lpd_run_checkpc(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	modutils_run_update_mods(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	mono_role_template(unconfined, unconfined_r, unconfined_t)
-	unconfined_domain_noaudit(unconfined_mono_t)
-	role system_r types unconfined_mono_t;
-')
-
-
-optional_policy(`
-	mozilla_role_plugin(unconfined_r)
-
-	tunable_policy(`unconfined_mozilla_plugin_transition', `
-			mozilla_domtrans_plugin(unconfined_usertype)
-	')
-')
-
-optional_policy(`
-	ncftool_run(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	oddjob_run_mkhomedir(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	prelink_run(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	portmap_run_helper(unconfined_t, unconfined_r)
-')
-
-#optional_policy(`
-#	ppp_run(unconfined_t, unconfined_r)
-#')
-
-optional_policy(`
-	qemu_unconfined_role(unconfined_r)
-
-	tunable_policy(`allow_unconfined_qemu_transition',`
-		qemu_domtrans(unconfined_t)
-	',`
-		qemu_domtrans_unconfined(unconfined_t)
-	')
-')
-
-optional_policy(`
-	rpm_run(unconfined_t, unconfined_r)
-	# Allow SELinux aware applications to request rpm_script execution
-	rpm_transition_script(unconfined_t)
-	rpm_dbus_chat(unconfined_t)
-')
-
-optional_policy(`
-	optional_policy(`
-		samba_run_unconfined_net(unconfined_t, unconfined_r)
-	')
-
-	samba_role_notrans(unconfined_r)
-#	samba_run_winbind_helper(unconfined_t, unconfined_r)
-	samba_run_smbcontrol(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	sendmail_run_unconfined(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	sysnet_run_dhcpc(unconfined_t, unconfined_r)
-	sysnet_dbus_chat_dhcpc(unconfined_t)
-	sysnet_role_transition_dhcpc(unconfined_r)
-')
-
-optional_policy(`
-	telepathy_dbus_session_role(unconfined_r, unconfined_t)
-')
-
-optional_policy(`
-	vbetool_run(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	virt_transition_svirt(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	vpn_run(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	webalizer_run(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	wine_run(unconfined_t, unconfined_r)
-')
-
-optional_policy(`
-	xserver_run(unconfined_t, unconfined_r)
-')
-
-########################################
-#
-# Unconfined Execmem Local policy
-#
-
-optional_policy(`
-	execmem_role_template(unconfined, unconfined_r, unconfined_t)
-	typealias unconfined_execmem_t alias execmem_t;
-	typealias unconfined_execmem_t alias unconfined_openoffice_t;
-	unconfined_domain_noaudit(unconfined_execmem_t)
-	allow unconfined_execmem_t unconfined_t:process transition;
-	rpm_transition_script(unconfined_execmem_t)
-	role system_r types unconfined_execmem_t;
-
-	optional_policy(`
-		init_dbus_chat_script(unconfined_execmem_t)
-		dbus_system_bus_client(unconfined_execmem_t)
-		unconfined_dbus_chat(unconfined_execmem_t)
-		unconfined_dbus_connect(unconfined_execmem_t)
-	')
-
-	optional_policy(`
-		tunable_policy(`allow_unconfined_nsplugin_transition',`', `
-			nsplugin_exec_domtrans(unconfined_t, unconfined_execmem_t)
-		')
-	')
-
-	optional_policy(`
-		tunable_policy(`unconfined_login',`
-			mplayer_exec_domtrans(unconfined_t, unconfined_execmem_t)
-		')
-	')
-
-	optional_policy(`
-		openoffice_exec_domtrans(unconfined_t, unconfined_execmem_t)
-	')
-')
-
-########################################
-#
-# Unconfined notrans Local policy
-#
-
-allow unconfined_notrans_t self:process { execstack execmem };
-unconfined_domain_noaudit(unconfined_notrans_t)
-userdom_unpriv_usertype(unconfined, unconfined_notrans_t)
-domtrans_pattern(unconfined_t, unconfined_notrans_exec_t, unconfined_notrans_t)
-# Allow SELinux aware applications to request rpm_script execution
-rpm_transition_script(unconfined_notrans_t)
-domain_ptrace_all_domains(unconfined_notrans_t)
-
-########################################
-#
-# Unconfined mount local policy
-#
-
-gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
diff --git a/policy/modules/roles/unprivuser.fc b/policy/modules/roles/unprivuser.fc
deleted file mode 100644
index 601a7b0..0000000
--- a/policy/modules/roles/unprivuser.fc
+++ /dev/null
@@ -1 +0,0 @@
-# file contexts handled by userdomain and genhomedircon
diff --git a/policy/modules/roles/unprivuser.if b/policy/modules/roles/unprivuser.if
deleted file mode 100644
index 3835596..0000000
--- a/policy/modules/roles/unprivuser.if
+++ /dev/null
@@ -1,50 +0,0 @@
-## <summary>Generic unprivileged user role</summary>
-
-########################################
-## <summary>
-##	Change to the generic user role.
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`unprivuser_role_change',`
-	gen_require(`
-		role user_r;
-	')
-
-	allow $1 user_r;
-')
-
-########################################
-## <summary>
-##	Change from the generic user role.
-## </summary>
-## <desc>
-##	<p>
-##	Change from the generic user role to
-##	the specified role.
-##	</p>
-##	<p>
-##	This is an interface to support third party modules
-##	and its use is not allowed in upstream reference
-##	policy.
-##	</p>
-## </desc>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`unprivuser_role_change_to',`
-	gen_require(`
-		role user_r;
-	')
-
-	allow user_r $1;
-')
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
deleted file mode 100644
index 2932c13..0000000
--- a/policy/modules/roles/unprivuser.te
+++ /dev/null
@@ -1,182 +0,0 @@
-policy_module(unprivuser, 2.1.2)
-
-# this module should be named user, but that is
-# a compile error since user is a keyword.
-
-########################################
-#
-# Declarations
-#
-
-role user_r;
-
-userdom_unpriv_user_template(user)
-
-fs_exec_noxattr(user_t)
-
-optional_policy(`
-	apache_role(user_r, user_t)
-')
-
-optional_policy(`
-	oident_manage_user_content(user_t)
-	oident_relabel_user_content(user_t)
-')
-
-optional_policy(`
-	mozilla_run_plugin(user_t, user_r)
-')
-
-optional_policy(`
-	rpm_dontaudit_dbus_chat(user_t)
-')
-
-optional_policy(`
-	rtkit_scheduled(user_t)
-')
-
-optional_policy(`
-	sandbox_transition(user_t, user_r)
-')
-
-optional_policy(`
-	screen_role_template(user, user_r, user_t)
-')
-
-optional_policy(`
-	setroubleshoot_dontaudit_stream_connect(user_t)
-')
-
-optional_policy(`
-	telepathy_dbus_session_role(user_r, user_t)
-')
-
-optional_policy(`
-	xserver_role(user_r, user_t)
-')
-
-ifndef(`distro_redhat',`
-	optional_policy(`
-		auth_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		bluetooth_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		cdrecord_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		cron_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		dbus_role_template(user, user_r, user_t)
-	')
-
-	optional_policy(`
-		evolution_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		games_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		gift_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		gnome_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		gpg_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		irc_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		java_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		lockdev_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		lpd_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		mozilla_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		mplayer_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		mta_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		postgresql_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		pyzor_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		razor_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		rssh_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		spamassassin_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		ssh_role_template(user, user_r, user_t)
-	')
-
-	optional_policy(`
-		su_role_template(user, user_r, user_t)
-	')
-
-	optional_policy(`
-		sudo_role_template(user, user_r, user_t)
-	')
-
-	optional_policy(`
-		thunderbird_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		tvtime_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		uml_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		userhelper_role_template(user, user_r, user_t)
-	')
-
-	optional_policy(`
-		vmware_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		wireshark_role(user_r, user_t)
-	')
-')
diff --git a/policy/modules/roles/webadm.fc b/policy/modules/roles/webadm.fc
deleted file mode 100644
index d46378a..0000000
--- a/policy/modules/roles/webadm.fc
+++ /dev/null
@@ -1 +0,0 @@
-# No webadm file contexts.
diff --git a/policy/modules/roles/webadm.if b/policy/modules/roles/webadm.if
deleted file mode 100644
index cc34f8b..0000000
--- a/policy/modules/roles/webadm.if
+++ /dev/null
@@ -1,50 +0,0 @@
-## <summary>Web administrator role</summary>
-
-########################################
-## <summary>
-##	Change to the web administrator role.
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`webadm_role_change',`
-	gen_require(`
-		role webadm_r;
-	')
-
-	allow $1 webadm_r;
-')
-
-########################################
-## <summary>
-##	Change from the web administrator role.
-## </summary>
-## <desc>
-##	<p>
-##	Change from the web administrator role to
-##	the specified role.
-##	</p>
-##	<p>
-##	This is an interface to support third party modules
-##	and its use is not allowed in upstream reference
-##	policy.
-##	</p>
-## </desc>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`webadm_role_change_to',`
-	gen_require(`
-		role webadm_r;
-	')
-
-	allow webadm_r $1;
-')
diff --git a/policy/modules/roles/webadm.te b/policy/modules/roles/webadm.te
deleted file mode 100644
index dbf2710..0000000
--- a/policy/modules/roles/webadm.te
+++ /dev/null
@@ -1,56 +0,0 @@
-policy_module(webadm, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Allow webadm to manage files in users home directories
-## </p>
-## </desc>
-gen_tunable(webadm_manage_user_files, false)
-
-## <desc>
-## <p>
-## Allow webadm to read files in users home directories
-## </p>   
-## </desc>
-gen_tunable(webadm_read_user_files, false)
-
-role webadm_r;
-
-userdom_base_user_template(webadm)
-
-########################################
-#
-# webadmin local policy
-#
-
-allow webadm_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice };
-
-files_dontaudit_search_all_dirs(webadm_t)
-files_manage_generic_locks(webadm_t)
-files_list_var(webadm_t)
-
-selinux_get_enforce_mode(webadm_t)
-seutil_domtrans_setfiles(webadm_t)
-
-logging_send_syslog_msg(webadm_t)
-logging_send_audit_msgs(webadm_t)
-
-userdom_dontaudit_search_user_home_dirs(webadm_t)
-
-apache_admin(webadm_t, webadm_r)
-
-tunable_policy(`webadm_manage_user_files',`
-	userdom_manage_user_home_content_files(webadm_t)
-	userdom_read_user_tmp_files(webadm_t)
-	userdom_write_user_tmp_files(webadm_t)
-')
-
-tunable_policy(`webadm_read_user_files',`
-	userdom_read_user_home_content_files(webadm_t)
-	userdom_read_user_tmp_files(webadm_t)
-')
diff --git a/policy/modules/roles/xguest.fc b/policy/modules/roles/xguest.fc
deleted file mode 100644
index 601a7b0..0000000
--- a/policy/modules/roles/xguest.fc
+++ /dev/null
@@ -1 +0,0 @@
-# file contexts handled by userdomain and genhomedircon
diff --git a/policy/modules/roles/xguest.if b/policy/modules/roles/xguest.if
deleted file mode 100644
index d2234e3..0000000
--- a/policy/modules/roles/xguest.if
+++ /dev/null
@@ -1,50 +0,0 @@
-## <summary>Least privledge xwindows user role</summary>
-
-########################################
-## <summary>
-##	Change to the xguest role.
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`xguest_role_change',`
-	gen_require(`
-		role xguest_r;
-	')
-
-	allow $1 xguest_r;
-')
-
-########################################
-## <summary>
-##	Change from the xguest role.
-## </summary>
-## <desc>
-##	<p>
-##	Change from the xguest role to
-##	the specified role.
-##	</p>
-##	<p>
-##	This is an interface to support third party modules
-##	and its use is not allowed in upstream reference
-##	policy.
-##	</p>
-## </desc>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`xguest_role_change_to',`
-	gen_require(`
-		role xguest_r;
-	')
-
-	allow xguest_r $1;
-')
diff --git a/policy/modules/roles/xguest.te b/policy/modules/roles/xguest.te
deleted file mode 100644
index e76f7a7..0000000
--- a/policy/modules/roles/xguest.te
+++ /dev/null
@@ -1,173 +0,0 @@
-policy_module(xguest, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Allow xguest users to mount removable media
-## </p>
-## </desc>
-gen_tunable(xguest_mount_media, true)
-
-## <desc>
-## <p>
-## Allow xguest to configure Network Manager and connect to apache ports
-## </p>
-## </desc>
-gen_tunable(xguest_connect_network, true)
-
-## <desc>
-## <p>
-## Allow xguest to use blue tooth devices
-## </p>
-## </desc>
-gen_tunable(xguest_use_bluetooth, true)
-
-role xguest_r;
-
-userdom_restricted_xwindows_user_template(xguest)
-sysnet_dns_name_resolve(xguest_t)
-
-########################################
-#
-# Local policy
-#
-ifndef(`enable_mls',`
-	fs_exec_noxattr(xguest_t)
-
-	tunable_policy(`user_rw_noexattrfile',`
-		fs_manage_noxattr_fs_files(xguest_t)
-		fs_manage_noxattr_fs_dirs(xguest_t)
-		# Write floppies 
-		storage_raw_read_removable_device(xguest_t)
-		storage_raw_write_removable_device(xguest_t)
-	',`
-		storage_raw_read_removable_device(xguest_t)
-	')
-')
-# Dontaudit fusermount
-mount_dontaudit_exec_fusermount(xguest_t)
-
-allow xguest_t self:process execmem;
-kernel_dontaudit_request_load_module(xguest_t)
-
-tunable_policy(`allow_execstack',`
-	allow xguest_t self:process execstack;
-')
-
-# Allow mounting of file systems
-optional_policy(`
-	tunable_policy(`xguest_mount_media',`
-		kernel_read_fs_sysctls(xguest_t)
-		kernel_request_load_module(xguest_t)
-		files_dontaudit_getattr_boot_dirs(xguest_t)
-		files_search_mnt(xguest_t)
-
-		fs_manage_noxattr_fs_files(xguest_t)
-		fs_manage_noxattr_fs_dirs(xguest_t)
-		fs_manage_noxattr_fs_dirs(xguest_t)
-		fs_getattr_noxattr_fs(xguest_t)
-		fs_read_noxattr_fs_symlinks(xguest_t)
-		fs_mount_fusefs(xguest_t)
-
-		auth_list_pam_console_data(xguest_t)
-	')
-')
-
-optional_policy(`
-	tunable_policy(`xguest_use_bluetooth',`
-		bluetooth_dbus_chat(xguest_t)
-	')
-')
-
-optional_policy(`
-	chrome_role(xguest_r, xguest_usertype)
-')
-
-
-optional_policy(`
-	hal_dbus_chat(xguest_t)
-')
-
-optional_policy(`
-	apache_role(xguest_r, xguest_t)
-')
-
-optional_policy(`
-	gnomeclock_dontaudit_dbus_chat(xguest_t)
-')
-
-optional_policy(`
-	java_role_template(xguest, xguest_r, xguest_t)
-')
-
-optional_policy(`
-	mono_role_template(xguest, xguest_r, xguest_t)
-')
-
-optional_policy(`
-	mozilla_run_plugin(xguest_t, xguest_r)
-')
-
-optional_policy(`
-	nsplugin_role(xguest_r, xguest_t)
-')
-
-optional_policy(`
-	tunable_policy(`xguest_connect_network',`
-		kernel_read_network_state(xguest_usertype)
-
-		networkmanager_dbus_chat(xguest_t)
-		networkmanager_read_lib_files(xguest_t)
-		corenet_tcp_connect_pulseaudio_port(xguest_usertype)
-		corenet_all_recvfrom_unlabeled(xguest_usertype)
-		corenet_all_recvfrom_netlabel(xguest_usertype)
-		corenet_tcp_sendrecv_generic_if(xguest_usertype)
-		corenet_raw_sendrecv_generic_if(xguest_usertype)
-		corenet_tcp_sendrecv_generic_node(xguest_usertype)
-		corenet_raw_sendrecv_generic_node(xguest_usertype)
-		corenet_tcp_sendrecv_http_port(xguest_usertype)
-		corenet_tcp_sendrecv_http_cache_port(xguest_usertype)
-		corenet_tcp_sendrecv_squid_port(xguest_usertype)
-		corenet_tcp_sendrecv_ftp_port(xguest_usertype)
-		corenet_tcp_sendrecv_ipp_port(xguest_usertype)
-		corenet_tcp_connect_http_port(xguest_usertype)
-		corenet_tcp_connect_http_cache_port(xguest_usertype)
-		corenet_tcp_connect_squid_port(xguest_usertype)
-		corenet_tcp_connect_flash_port(xguest_usertype)
-		corenet_tcp_connect_ftp_port(xguest_usertype)
-		corenet_tcp_connect_ipp_port(xguest_usertype)
-		corenet_tcp_connect_generic_port(xguest_usertype)
-		corenet_tcp_connect_soundd_port(xguest_usertype)
-		corenet_sendrecv_http_client_packets(xguest_usertype)
-		corenet_sendrecv_http_cache_client_packets(xguest_usertype)
-		corenet_sendrecv_squid_client_packets(xguest_usertype)
-		corenet_sendrecv_ftp_client_packets(xguest_usertype)
-		corenet_sendrecv_ipp_client_packets(xguest_usertype)
-		corenet_sendrecv_generic_client_packets(xguest_usertype)
-		# Should not need other ports
-		corenet_dontaudit_tcp_sendrecv_generic_port(xguest_usertype)
-		corenet_dontaudit_tcp_bind_generic_port(xguest_usertype)
-		corenet_tcp_connect_speech_port(xguest_usertype)
-		corenet_tcp_sendrecv_transproxy_port(xguest_usertype)
-		corenet_tcp_connect_transproxy_port(xguest_usertype)
-	')
-
-	optional_policy(`
-		telepathy_dbus_session_role(xguest_r, xguest_t)
-	')
-')
-
-optional_policy(`
-	gen_require(`
-		type mozilla_t;
-	')
-
-	allow xguest_t mozilla_t:process transition;
-	role xguest_r types mozilla_t;
-')
-
-gen_user(xguest_u, user, xguest_r, s0, s0)
diff --git a/policy/modules/services/abrt.fc b/policy/modules/services/abrt.fc
deleted file mode 100644
index 3b3ba64..0000000
--- a/policy/modules/services/abrt.fc
+++ /dev/null
@@ -1,21 +0,0 @@
-/etc/abrt(/.*)?				gen_context(system_u:object_r:abrt_etc_t,s0)
-/etc/rc\.d/init\.d/abrt		--	gen_context(system_u:object_r:abrt_initrc_exec_t,s0)
-
-/usr/bin/abrt-pyhook-helper 	--	gen_context(system_u:object_r:abrt_helper_exec_t,s0)
-
-/usr/libexec/abrt-pyhook-helper --	gen_context(system_u:object_r:abrt_helper_exec_t,s0)
-/usr/libexec/abrt-hook-python 	--	gen_context(system_u:object_r:abrt_helper_exec_t,s0)
-
-/usr/sbin/abrtd			--	gen_context(system_u:object_r:abrt_exec_t,s0)
-
-/var/cache/abrt(/.*)?			gen_context(system_u:object_r:abrt_var_cache_t,s0)
-/var/cache/abrt-di(/.*)?		gen_context(system_u:object_r:abrt_var_cache_t,s0)
-
-/var/log/abrt-logger		--	gen_context(system_u:object_r:abrt_var_log_t,s0)
-
-/var/run/abrt\.pid		--	gen_context(system_u:object_r:abrt_var_run_t,s0)
-/var/run/abrtd?\.lock		--	gen_context(system_u:object_r:abrt_var_run_t,s0)
-/var/run/abrtd?\.socket		--	gen_context(system_u:object_r:abrt_var_run_t,s0)
-/var/run/abrt(/.*)?			gen_context(system_u:object_r:abrt_var_run_t,s0)
-
-/var/spool/abrt(/.*)?			gen_context(system_u:object_r:abrt_var_cache_t,s0)
diff --git a/policy/modules/services/abrt.if b/policy/modules/services/abrt.if
deleted file mode 100644
index 8961dba..0000000
--- a/policy/modules/services/abrt.if
+++ /dev/null
@@ -1,343 +0,0 @@
-## <summary>ABRT - automated bug-reporting tool</summary>
-
-######################################
-## <summary>
-##	Execute abrt in the abrt domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`abrt_domtrans',`
-	gen_require(`
-		type abrt_t, abrt_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, abrt_exec_t, abrt_t)
-')
-
-######################################
-## <summary>
-##	Execute abrt in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`abrt_exec',`
-	gen_require(`
-		type abrt_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, abrt_exec_t)
-')
-
-########################################
-## <summary>
-##	Send a null signal to abrt.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`abrt_signull',`
-	gen_require(`
-		type abrt_t;
-	')
-
-	allow $1 abrt_t:process signull;
-')
-
-########################################
-## <summary>
-##	Allow the domain to read abrt state files in /proc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`abrt_read_state',`
-	gen_require(`
-		type abrt_t;
-	')
-
-	kernel_search_proc($1)
-	ps_process_pattern($1, abrt_t)
-')
-
-########################################
-## <summary>
-##	Connect to abrt over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`abrt_stream_connect',`
-	gen_require(`
-		type abrt_t, abrt_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, abrt_var_run_t, abrt_var_run_t, abrt_t)
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	abrt over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`abrt_dbus_chat',`
-	gen_require(`
-		type abrt_t;
-		class dbus send_msg;
-	')
-
-	allow $1 abrt_t:dbus send_msg;
-	allow abrt_t $1:dbus send_msg;
-')
-
-#####################################
-## <summary>
-##	Execute abrt-helper in the abrt-helper domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`abrt_domtrans_helper',`
-	gen_require(`
-		type abrt_helper_t, abrt_helper_exec_t;
-	')
-
-	domtrans_pattern($1, abrt_helper_exec_t, abrt_helper_t)
-
-	ifdef(`hide_broken_symptoms', `
-		dontaudit abrt_helper_t $1:socket_class_set { read write };
-	')
-')
-
-########################################
-## <summary>
-##	Execute abrt helper in the abrt_helper domain, and
-##	allow the specified role the abrt_helper domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`abrt_run_helper',`
-	gen_require(`
-		type abrt_helper_t;
-	')
-
-	abrt_domtrans_helper($1)
-	role $2 types abrt_helper_t;
-')
-
-########################################
-## <summary>
-##	Append abrt cache
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`abrt_cache_append',`
-	gen_require(`
-		type abrt_var_cache_t;
-	')
-
-	append_files_pattern($1, abrt_var_cache_t, abrt_var_cache_t)
-')
-
-########################################
-## <summary>
-##	Manage abrt cache
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`abrt_cache_manage',`
-	gen_require(`
-		type abrt_var_cache_t;
-	')
-
-	manage_files_pattern($1, abrt_var_cache_t, abrt_var_cache_t)
-')
-
-####################################
-## <summary>
-##	Read abrt configuration file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`abrt_read_config',`
-	gen_require(`
-		type abrt_etc_t;
-	')
-
-	files_search_etc($1)
-	read_files_pattern($1, abrt_etc_t, abrt_etc_t)
-')
-
-######################################
-## <summary>
-##	Read abrt logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`abrt_read_log',`
-	gen_require(`
-		type abrt_var_log_t;
-	')
-
-	logging_search_logs($1)
-	read_files_pattern($1, abrt_var_log_t, abrt_var_log_t)
-')
-
-######################################
-## <summary>
-##	Read abrt PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`abrt_read_pid_files',`
-	gen_require(`
-		type abrt_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, abrt_var_run_t, abrt_var_run_t)
-')
-
-######################################
-## <summary>
-##	Create, read, write, and delete abrt PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`abrt_manage_pid_files',`
-	gen_require(`
-		type abrt_var_run_t;
-	')
-
-	files_search_pids($1)
-	manage_files_pattern($1, abrt_var_run_t, abrt_var_run_t)
-')
-
-########################################
-## <summary>
-##	Read and write abrt fifo files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`abrt_rw_fifo_file',`
-	gen_require(`
-		type abrt_t;
-	')
-
-	allow $1 abrt_t:fifo_file rw_inherited_fifo_file_perms;
-')
-
-#####################################
-## <summary>
-##	All of the rules required to administrate
-##	an abrt environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the abrt domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`abrt_admin',`
-	gen_require(`
-		type abrt_t, abrt_etc_t;
-		type abrt_var_cache_t, abrt_var_log_t;
-		type abrt_var_run_t, abrt_tmp_t;
-		type abrt_initrc_exec_t;
-	')
-
-	allow $1 abrt_t:process { ptrace signal_perms };
-	ps_process_pattern($1, abrt_t)
-
-	init_labeled_script_domtrans($1, abrt_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 abrt_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, abrt_etc_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, abrt_var_log_t)
-
-	files_list_var($1)
-	admin_pattern($1, abrt_var_cache_t)
-
-	files_list_pids($1)
-	admin_pattern($1, abrt_var_run_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, abrt_tmp_t)
-')
diff --git a/policy/modules/services/abrt.te b/policy/modules/services/abrt.te
deleted file mode 100644
index 5be7dc8..0000000
--- a/policy/modules/services/abrt.te
+++ /dev/null
@@ -1,274 +0,0 @@
-policy_module(abrt, 1.1.1)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow ABRT to modify public files
-##	used for public file transfer services.
-##	</p>
-## </desc>
-gen_tunable(abrt_anon_write, false)
-
-type abrt_t;
-type abrt_exec_t;
-init_daemon_domain(abrt_t, abrt_exec_t)
-
-type abrt_initrc_exec_t;
-init_script_file(abrt_initrc_exec_t)
-
-# etc files
-type abrt_etc_t;
-files_config_file(abrt_etc_t)
-
-# log files
-type abrt_var_log_t;
-logging_log_file(abrt_var_log_t)
-
-# tmp files
-type abrt_tmp_t;
-files_tmp_file(abrt_tmp_t)
-
-# var/cache files
-type abrt_var_cache_t;
-files_type(abrt_var_cache_t)
-
-# pid files
-type abrt_var_run_t;
-files_pid_file(abrt_var_run_t)
-
-# type needed to allow all domains
-# to handle /var/cache/abrt
-type abrt_helper_t;
-type abrt_helper_exec_t;
-application_domain(abrt_helper_t, abrt_helper_exec_t)
-role system_r types abrt_helper_t;
-
-ifdef(`enable_mcs',`
-	init_ranged_daemon_domain(abrt_t, abrt_exec_t, s0 - mcs_systemhigh)
-')
-
-########################################
-#
-# abrt local policy
-#
-
-allow abrt_t self:capability { chown kill setuid setgid sys_nice dac_override };
-dontaudit abrt_t self:capability sys_rawio;
-allow abrt_t self:process { sigkill signal signull setsched getsched };
-
-allow abrt_t self:fifo_file rw_fifo_file_perms;
-allow abrt_t self:tcp_socket create_stream_socket_perms;
-allow abrt_t self:udp_socket create_socket_perms;
-allow abrt_t self:unix_dgram_socket create_socket_perms;
-allow abrt_t self:netlink_route_socket r_netlink_socket_perms;
-
-# abrt etc files
-rw_files_pattern(abrt_t, abrt_etc_t, abrt_etc_t)
-
-# log file
-manage_files_pattern(abrt_t, abrt_var_log_t, abrt_var_log_t)
-logging_log_filetrans(abrt_t, abrt_var_log_t, file)
-
-# abrt tmp files
-manage_dirs_pattern(abrt_t, abrt_tmp_t, abrt_tmp_t)
-manage_files_pattern(abrt_t, abrt_tmp_t, abrt_tmp_t)
-files_tmp_filetrans(abrt_t, abrt_tmp_t, { file dir })
-can_exec(abrt_t, abrt_tmp_t)
-
-# abrt var/cache files
-manage_files_pattern(abrt_t, abrt_var_cache_t, abrt_var_cache_t)
-manage_dirs_pattern(abrt_t, abrt_var_cache_t, abrt_var_cache_t)
-manage_lnk_files_pattern(abrt_t, abrt_var_cache_t, abrt_var_cache_t)
-files_var_filetrans(abrt_t, abrt_var_cache_t, { file dir })
-files_spool_filetrans(abrt_t, abrt_var_cache_t, dir)
-
-# abrt pid files
-manage_files_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
-manage_dirs_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
-manage_sock_files_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
-manage_lnk_files_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
-files_pid_filetrans(abrt_t, abrt_var_run_t, { file dir sock_file })
-
-kernel_read_ring_buffer(abrt_t)
-kernel_read_system_state(abrt_t)
-kernel_rw_kernel_sysctl(abrt_t)
-
-corecmd_exec_bin(abrt_t)
-corecmd_exec_shell(abrt_t)
-corecmd_read_all_executables(abrt_t)
-
-corenet_all_recvfrom_netlabel(abrt_t)
-corenet_all_recvfrom_unlabeled(abrt_t)
-corenet_tcp_sendrecv_generic_if(abrt_t)
-corenet_tcp_sendrecv_generic_node(abrt_t)
-corenet_tcp_sendrecv_generic_port(abrt_t)
-corenet_tcp_bind_generic_node(abrt_t)
-corenet_tcp_connect_http_port(abrt_t)
-corenet_tcp_connect_ftp_port(abrt_t)
-corenet_tcp_connect_all_ports(abrt_t)
-corenet_sendrecv_http_client_packets(abrt_t)
-
-dev_getattr_all_chr_files(abrt_t)
-dev_read_urand(abrt_t)
-dev_rw_sysfs(abrt_t)
-dev_dontaudit_read_raw_memory(abrt_t)
-
-domain_getattr_all_domains(abrt_t)
-domain_read_all_domains_state(abrt_t)
-domain_signull_all_domains(abrt_t)
-
-files_getattr_all_files(abrt_t)
-files_read_etc_files(abrt_t)
-files_read_var_symlinks(abrt_t)
-files_read_var_lib_files(abrt_t)
-files_read_usr_files(abrt_t)
-files_read_generic_tmp_files(abrt_t)
-files_read_kernel_modules(abrt_t)
-files_dontaudit_list_default(abrt_t)
-files_dontaudit_read_default_files(abrt_t)
-files_dontaudit_read_all_symlinks(abrt_t)
-files_dontaudit_getattr_all_sockets(abrt_t)
-
-fs_list_inotifyfs(abrt_t)
-fs_getattr_all_fs(abrt_t)
-fs_getattr_all_dirs(abrt_t)
-fs_read_fusefs_files(abrt_t)
-fs_read_noxattr_fs_files(abrt_t)
-fs_read_nfs_files(abrt_t)
-fs_read_nfs_symlinks(abrt_t)
-fs_search_all(abrt_t)
-
-sysnet_dns_name_resolve(abrt_t)
-
-logging_read_generic_logs(abrt_t)
-logging_send_syslog_msg(abrt_t)
-
-miscfiles_read_generic_certs(abrt_t)
-miscfiles_read_localization(abrt_t)
-
-userdom_dontaudit_read_user_home_content_files(abrt_t)
-userdom_dontaudit_read_admin_home_files(abrt_t)
-
-tunable_policy(`abrt_anon_write',`
-	miscfiles_manage_public_files(abrt_t)
-')
-
-optional_policy(`
-	apache_read_modules(abrt_t)
-')
-
-optional_policy(`
-	dbus_system_domain(abrt_t, abrt_exec_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(abrt_t)
-')
-
-optional_policy(`
-	nsplugin_read_rw_files(abrt_t)
-	nsplugin_read_home(abrt_t)
-')
-
-optional_policy(`
-	policykit_dbus_chat(abrt_t)
-	policykit_domtrans_auth(abrt_t)
-	policykit_read_lib(abrt_t)
-	policykit_read_reload(abrt_t)
-')
-
-optional_policy(`
-	prelink_exec(abrt_t)
-	libs_exec_ld_so(abrt_t)
-	corecmd_exec_all_executables(abrt_t)
-')
-
-# to install debuginfo packages
-optional_policy(`
-	rpm_exec(abrt_t)
-	rpm_dontaudit_manage_db(abrt_t)
-	rpm_manage_cache(abrt_t)
-	rpm_manage_pid_files(abrt_t)
-	rpm_read_db(abrt_t)
-	rpm_signull(abrt_t)
-')
-
-# to run mailx plugin
-optional_policy(`
-	sendmail_domtrans(abrt_t)
-')
-
-optional_policy(`
-	sosreport_domtrans(abrt_t)
-	sosreport_read_tmp_files(abrt_t)
-	sosreport_delete_tmp_files(abrt_t)
-')
-
-optional_policy(`
-	sssd_stream_connect(abrt_t)
-')
-
-########################################
-#
-# abrt-helper local policy
-#
-
-allow abrt_helper_t self:capability { chown setgid sys_nice };
-allow abrt_helper_t self:process signal;
-
-read_files_pattern(abrt_helper_t, abrt_etc_t, abrt_etc_t)
-
-files_search_spool(abrt_helper_t)
-manage_dirs_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t)
-manage_files_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t)
-manage_lnk_files_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t)
-files_var_filetrans(abrt_helper_t, abrt_var_cache_t, { file dir })
-
-read_files_pattern(abrt_helper_t, abrt_var_run_t, abrt_var_run_t)
-read_lnk_files_pattern(abrt_helper_t, abrt_var_run_t, abrt_var_run_t)
-
-domain_read_all_domains_state(abrt_helper_t)
-
-files_read_etc_files(abrt_helper_t)
-files_dontaudit_all_non_security_leaks(abrt_helper_t)
-
-fs_list_inotifyfs(abrt_helper_t)
-fs_getattr_all_fs(abrt_helper_t)
-
-auth_use_nsswitch(abrt_helper_t)
-
-logging_send_syslog_msg(abrt_helper_t)
-
-miscfiles_read_localization(abrt_helper_t)
-
-term_dontaudit_use_all_ttys(abrt_helper_t)
-term_dontaudit_use_all_ptys(abrt_helper_t)
-
-ifdef(`hide_broken_symptoms',`
-	domain_dontaudit_leaks(abrt_helper_t)
-	userdom_dontaudit_read_user_home_content_files(abrt_helper_t)
-	userdom_dontaudit_read_user_tmp_files(abrt_helper_t)
-	dev_dontaudit_read_all_blk_files(abrt_helper_t)
-	dev_dontaudit_read_all_chr_files(abrt_helper_t)
-	dev_dontaudit_write_all_chr_files(abrt_helper_t)
-	dev_dontaudit_write_all_blk_files(abrt_helper_t)
-	fs_dontaudit_rw_anon_inodefs_files(abrt_helper_t)
-
-	optional_policy(`
-		rpm_dontaudit_leaks(abrt_helper_t)
-	')
-')
-
-ifdef(`hide_broken_symptoms',`
-	gen_require(`
-		attribute domain;
-	')
-
-	allow abrt_t self:capability sys_resource;
-	allow abrt_t domain:file write;
-	allow abrt_t domain:process setrlimit;
-')
diff --git a/policy/modules/services/accountsd.fc b/policy/modules/services/accountsd.fc
deleted file mode 100644
index 1adca53..0000000
--- a/policy/modules/services/accountsd.fc
+++ /dev/null
@@ -1,3 +0,0 @@
-/usr/libexec/accounts-daemon		--	gen_context(system_u:object_r:accountsd_exec_t,s0)
-
-/var/lib/AccountsService(/.*)?			gen_context(system_u:object_r:accountsd_var_lib_t,s0)
diff --git a/policy/modules/services/accountsd.if b/policy/modules/services/accountsd.if
deleted file mode 100644
index d639ae0..0000000
--- a/policy/modules/services/accountsd.if
+++ /dev/null
@@ -1,145 +0,0 @@
-## <summary>AccountsService and daemon for manipulating user account information via D-Bus</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run accountsd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`accountsd_domtrans',`
-	gen_require(`
-		type accountsd_t, accountsd_exec_t;
-	')
-
-	domtrans_pattern($1, accountsd_exec_t, accountsd_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write Accounts Daemon
-##	fifo file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`accountsd_dontaudit_rw_fifo_file',`
-	gen_require(`
-		type accountsd_t;
-	')
-
-	dontaudit $1 accountsd_t:fifo_file rw_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	accountsd over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`accountsd_dbus_chat',`
-	gen_require(`
-		type accountsd_t;
-		class dbus send_msg;
-	')
-
-	allow $1 accountsd_t:dbus send_msg;
-	allow accountsd_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Search accountsd lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`accountsd_search_lib',`
-	gen_require(`
-		type accountsd_var_lib_t;
-	')
-
-	allow $1 accountsd_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Read accountsd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`accountsd_read_lib_files',`
-	gen_require(`
-		type accountsd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, accountsd_var_lib_t, accountsd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	accountsd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`accountsd_manage_lib_files',`
-	gen_require(`
-		type accountsd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, accountsd_var_lib_t, accountsd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an accountsd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`accountsd_admin',`
-	gen_require(`
-		type accountsd_t;
-	')
-
-	allow $1 accountsd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, accountsd_t)
-
-	accountsd_manage_lib_files($1)
-')
diff --git a/policy/modules/services/accountsd.te b/policy/modules/services/accountsd.te
deleted file mode 100644
index 2724c11..0000000
--- a/policy/modules/services/accountsd.te
+++ /dev/null
@@ -1,64 +0,0 @@
-policy_module(accountsd, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type accountsd_t;
-type accountsd_exec_t;
-dbus_system_domain(accountsd_t, accountsd_exec_t)
-init_daemon_domain(accountsd_t, accountsd_exec_t)
-role system_r types accountsd_t;
-
-type accountsd_var_lib_t;
-files_type(accountsd_var_lib_t)
-
-########################################
-#
-# accountsd local policy
-#
-
-allow accountsd_t self:capability { dac_override setuid setgid sys_ptrace };
-allow accountsd_t self:fifo_file rw_fifo_file_perms;
-
-manage_dirs_pattern(accountsd_t, accountsd_var_lib_t, accountsd_var_lib_t)
-manage_files_pattern(accountsd_t, accountsd_var_lib_t, accountsd_var_lib_t)
-files_var_lib_filetrans(accountsd_t, accountsd_var_lib_t, { file dir })
-
-kernel_read_kernel_sysctls(accountsd_t)
-
-corecmd_exec_bin(accountsd_t)
-
-files_read_usr_files(accountsd_t)
-files_read_mnt_files(accountsd_t)
-
-fs_list_inotifyfs(accountsd_t)
-fs_read_noxattr_fs_files(accountsd_t)
-
-auth_use_nsswitch(accountsd_t)
-auth_read_shadow(accountsd_t)
-
-miscfiles_read_localization(accountsd_t)
-
-logging_send_syslog_msg(accountsd_t)
-logging_set_loginuid(accountsd_t)
-
-userdom_read_user_tmp_files(accountsd_t)
-userdom_read_user_home_content_files(accountsd_t)
-
-usermanage_domtrans_useradd(accountsd_t)
-usermanage_domtrans_passwd(accountsd_t)
-
-optional_policy(`
-	consolekit_read_log(accountsd_t)
-')
-
-optional_policy(`
-	policykit_dbus_chat(accountsd_t)
-')
-
-optional_policy(`
-	xserver_dbus_chat_xdm(accountsd_t)
-	xserver_manage_xdm_etc_files(accountsd_t)
-')
diff --git a/policy/modules/services/afs.fc b/policy/modules/services/afs.fc
deleted file mode 100644
index eaea138..0000000
--- a/policy/modules/services/afs.fc
+++ /dev/null
@@ -1,32 +0,0 @@
-/etc/rc\.d/init\.d/openafs-client -- gen_context(system_u:object_r:afs_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/afs	--	gen_context(system_u:object_r:afs_initrc_exec_t,s0)
-
-/usr/afs/bin/bosserver	--	gen_context(system_u:object_r:afs_bosserver_exec_t,s0)
-/usr/afs/bin/fileserver	--	gen_context(system_u:object_r:afs_fsserver_exec_t,s0)
-/usr/afs/bin/kaserver	--	gen_context(system_u:object_r:afs_kaserver_exec_t,s0)
-/usr/afs/bin/ptserver	--	gen_context(system_u:object_r:afs_ptserver_exec_t,s0)
-/usr/afs/bin/salvager	--	gen_context(system_u:object_r:afs_fsserver_exec_t,s0)
-/usr/afs/bin/volserver	--	gen_context(system_u:object_r:afs_fsserver_exec_t,s0)
-/usr/afs/bin/vlserver	--	gen_context(system_u:object_r:afs_vlserver_exec_t,s0)
-
-/usr/afs/db		-d	gen_context(system_u:object_r:afs_dbdir_t,s0)
-/usr/afs/db/pr.*	--	gen_context(system_u:object_r:afs_pt_db_t,s0)
-/usr/afs/db/ka.*	--	gen_context(system_u:object_r:afs_ka_db_t,s0)
-/usr/afs/db/vl.*	--	gen_context(system_u:object_r:afs_vl_db_t,s0)
-
-/usr/afs/etc(/.*)?		gen_context(system_u:object_r:afs_config_t,s0)
-
-/usr/afs/local(/.*)?		gen_context(system_u:object_r:afs_config_t,s0)
-
-/usr/afs/logs(/.*)?		gen_context(system_u:object_r:afs_logfile_t,s0)
-
-/usr/sbin/afsd		--	gen_context(system_u:object_r:afs_exec_t,s0)
-
-/usr/vice/cache(/.*)?		gen_context(system_u:object_r:afs_cache_t,s0)
-/usr/vice/etc/afsd	--	gen_context(system_u:object_r:afs_exec_t,s0)
-
-/var/cache/afs(/.*)?		gen_context(system_u:object_r:afs_cache_t,s0)
-
-/vicepa				gen_context(system_u:object_r:afs_files_t,s0)
-/vicepb				gen_context(system_u:object_r:afs_files_t,s0)
-/vicepc				gen_context(system_u:object_r:afs_files_t,s0)
diff --git a/policy/modules/services/afs.if b/policy/modules/services/afs.if
deleted file mode 100644
index 49c0cc8..0000000
--- a/policy/modules/services/afs.if
+++ /dev/null
@@ -1,109 +0,0 @@
-## <summary>Andrew Filesystem server</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run the
-##	afs client.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`afs_domtrans',`
-	gen_require(`
-		type afs_t, afs_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, afs_exec_t, afs_t)
-')
-
-########################################
-## <summary>
-##	Read and write afs client UDP sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`afs_rw_udp_sockets',`
-	gen_require(`
-		type afs_t;
-	')
-
-	allow $1 afs_t:udp_socket { read write };
-')
-
-########################################
-## <summary>
-##	read/write afs cache files
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`afs_rw_cache',`
-	gen_require(`
-		type afs_cache_t;
-	')
-
-	files_search_var($1)
-	allow $1 afs_cache_t:file { read write };
-')
-
-########################################
-## <summary>
-##	Execute afs server in the afs domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`afs_initrc_domtrans',`
-	gen_require(`
-		type afs_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, afs_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an afs environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the afs domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`afs_admin',`
-	gen_require(`
-		type afs_t, afs_initrc_exec_t;
-	')
-
-	allow $1 afs_t:process { ptrace signal_perms };
-	ps_process_pattern($1, afs_t)
-
-	# Allow afs_admin to restart the afs service
-	afs_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 afs_initrc_exec_t system_r;
-	allow $2 system_r;
-
-')
diff --git a/policy/modules/services/afs.te b/policy/modules/services/afs.te
deleted file mode 100644
index 7e2cdf2..0000000
--- a/policy/modules/services/afs.te
+++ /dev/null
@@ -1,359 +0,0 @@
-policy_module(afs, 1.6.1)
-
-########################################
-#
-# Declarations
-#
-
-type afs_t;
-type afs_exec_t;
-init_daemon_domain(afs_t, afs_exec_t)
-
-type afs_bosserver_t;
-type afs_bosserver_exec_t;
-init_daemon_domain(afs_bosserver_t, afs_bosserver_exec_t)
-
-type afs_cache_t;
-files_type(afs_cache_t)
-
-type afs_config_t;
-files_type(afs_config_t)
-
-type afs_dbdir_t;
-files_type(afs_dbdir_t)
-
-# exported files
-type afs_files_t;
-files_type(afs_files_t)
-
-type afs_fsserver_t;
-type afs_fsserver_exec_t;
-domain_type(afs_fsserver_t)
-domain_entry_file(afs_fsserver_t, afs_fsserver_exec_t)
-role system_r types afs_fsserver_t;
-
-type afs_initrc_exec_t;
-init_script_file(afs_initrc_exec_t)
-
-type afs_ka_db_t;
-files_type(afs_ka_db_t)
-
-type afs_kaserver_t;
-type afs_kaserver_exec_t;
-domain_type(afs_kaserver_t)
-domain_entry_file(afs_kaserver_t, afs_kaserver_exec_t)
-role system_r types afs_kaserver_t;
-
-type afs_logfile_t;
-logging_log_file(afs_logfile_t)
-
-type afs_pt_db_t;
-files_type(afs_pt_db_t)
-
-type afs_ptserver_t;
-type afs_ptserver_exec_t;
-domain_type(afs_ptserver_t)
-domain_entry_file(afs_ptserver_t, afs_ptserver_exec_t)
-role system_r types afs_ptserver_t;
-
-type afs_vl_db_t;
-files_type(afs_vl_db_t)
-
-type afs_vlserver_t;
-type afs_vlserver_exec_t;
-domain_type(afs_vlserver_t)
-domain_entry_file(afs_vlserver_t, afs_vlserver_exec_t)
-role system_r types afs_vlserver_t;
-
-########################################
-#
-# afs client local policy
-#
-
-allow afs_t self:capability { sys_admin sys_nice sys_tty_config };
-allow afs_t self:process { setsched signal };
-allow afs_t self:udp_socket create_socket_perms;
-allow afs_t self:fifo_file rw_file_perms;
-allow afs_t self:unix_stream_socket create_stream_socket_perms;
-
-manage_files_pattern(afs_t, afs_cache_t, afs_cache_t)
-manage_dirs_pattern(afs_t, afs_cache_t, afs_cache_t)
-files_var_filetrans(afs_t, afs_cache_t, { file dir })
-
-kernel_rw_afs_state(afs_t)
-
-corenet_all_recvfrom_unlabeled(afs_t)
-corenet_all_recvfrom_netlabel(afs_t)
-corenet_tcp_sendrecv_generic_if(afs_t)
-corenet_udp_sendrecv_generic_if(afs_t)
-corenet_tcp_sendrecv_generic_node(afs_t)
-corenet_udp_sendrecv_generic_node(afs_t)
-corenet_tcp_sendrecv_all_ports(afs_t)
-corenet_udp_sendrecv_all_ports(afs_t)
-corenet_udp_bind_generic_node(afs_t)
-
-files_mounton_mnt(afs_t)
-files_read_etc_files(afs_t)
-files_read_usr_files(afs_t)
-files_rw_etc_runtime_files(afs_t)
-
-fs_getattr_xattr_fs(afs_t)
-fs_mount_nfs(afs_t)
-fs_read_nfs_symlinks(afs_t)
-
-logging_send_syslog_msg(afs_t)
-
-miscfiles_read_localization(afs_t)
-
-sysnet_dns_name_resolve(afs_t)
-
-ifdef(`hide_broken_symptoms',`
-	kernel_rw_unlabeled_files(afs_t)
-')
-
-########################################
-#
-# AFS bossserver local policy
-#
-
-allow afs_bosserver_t self:process { setsched signal_perms };
-allow afs_bosserver_t self:tcp_socket create_stream_socket_perms;
-allow afs_bosserver_t self:udp_socket create_socket_perms;
-
-can_exec(afs_bosserver_t, afs_bosserver_exec_t)
-
-manage_dirs_pattern(afs_bosserver_t, afs_config_t, afs_config_t)
-manage_files_pattern(afs_bosserver_t, afs_config_t, afs_config_t)
-
-allow afs_bosserver_t afs_dbdir_t:dir list_dir_perms;
-
-allow afs_bosserver_t afs_fsserver_t:process signal_perms;
-domtrans_pattern(afs_bosserver_t, afs_fsserver_exec_t, afs_fsserver_t)
-
-allow afs_bosserver_t afs_kaserver_t:process signal_perms;
-domtrans_pattern(afs_bosserver_t, afs_kaserver_exec_t, afs_kaserver_t)
-
-allow afs_bosserver_t afs_logfile_t:file manage_file_perms;
-allow afs_bosserver_t afs_logfile_t:dir manage_dir_perms;
-
-allow afs_bosserver_t afs_ptserver_t:process signal_perms;
-domtrans_pattern(afs_bosserver_t, afs_ptserver_exec_t, afs_ptserver_t)
-
-allow afs_bosserver_t afs_vlserver_t:process signal_perms;
-domtrans_pattern(afs_bosserver_t, afs_vlserver_exec_t, afs_vlserver_t)
-
-kernel_read_kernel_sysctls(afs_bosserver_t)
-
-corenet_all_recvfrom_unlabeled(afs_bosserver_t)
-corenet_all_recvfrom_netlabel(afs_bosserver_t)
-corenet_tcp_sendrecv_generic_if(afs_bosserver_t)
-corenet_udp_sendrecv_generic_if(afs_bosserver_t)
-corenet_tcp_sendrecv_generic_node(afs_bosserver_t)
-corenet_udp_sendrecv_generic_node(afs_bosserver_t)
-corenet_tcp_sendrecv_all_ports(afs_bosserver_t)
-corenet_udp_sendrecv_all_ports(afs_bosserver_t)
-corenet_udp_bind_generic_node(afs_bosserver_t)
-corenet_udp_bind_afs_bos_port(afs_bosserver_t)
-corenet_sendrecv_afs_bos_server_packets(afs_bosserver_t)
-
-files_read_etc_files(afs_bosserver_t)
-files_list_home(afs_bosserver_t)
-files_read_usr_files(afs_bosserver_t)
-
-miscfiles_read_localization(afs_bosserver_t)
-
-seutil_read_config(afs_bosserver_t)
-
-sysnet_read_config(afs_bosserver_t)
-
-########################################
-#
-# fileserver local policy
-#
-
-allow afs_fsserver_t self:capability { kill dac_override chown fowner sys_nice };
-dontaudit afs_fsserver_t self:capability fsetid;
-allow afs_fsserver_t self:process { setsched signal_perms };
-allow afs_fsserver_t self:fifo_file rw_fifo_file_perms;
-allow afs_fsserver_t self:tcp_socket create_stream_socket_perms;
-allow afs_fsserver_t self:udp_socket create_socket_perms;
-
-read_files_pattern(afs_fsserver_t, afs_config_t, afs_config_t)
-allow afs_fsserver_t afs_config_t:dir list_dir_perms;
-
-manage_dirs_pattern(afs_fsserver_t, afs_config_t, afs_config_t)
-manage_files_pattern(afs_fsserver_t, afs_config_t, afs_config_t)
-
-allow afs_fsserver_t afs_files_t:filesystem getattr;
-manage_dirs_pattern(afs_fsserver_t, afs_files_t, afs_files_t)
-manage_files_pattern(afs_fsserver_t, afs_files_t, afs_files_t)
-manage_lnk_files_pattern(afs_fsserver_t, afs_files_t, afs_files_t)
-manage_fifo_files_pattern(afs_fsserver_t, afs_files_t, afs_files_t)
-manage_sock_files_pattern(afs_fsserver_t, afs_files_t, afs_files_t)
-filetrans_pattern(afs_fsserver_t, afs_config_t, afs_files_t, { file lnk_file sock_file fifo_file })
-
-can_exec(afs_fsserver_t, afs_fsserver_exec_t)
-
-manage_dirs_pattern(afs_fsserver_t, afs_logfile_t, afs_logfile_t)
-manage_files_pattern(afs_fsserver_t, afs_logfile_t, afs_logfile_t)
-
-kernel_read_system_state(afs_fsserver_t)
-kernel_read_kernel_sysctls(afs_fsserver_t)
-
-corenet_tcp_sendrecv_generic_if(afs_fsserver_t)
-corenet_udp_sendrecv_generic_if(afs_fsserver_t)
-corenet_tcp_sendrecv_generic_node(afs_fsserver_t)
-corenet_udp_sendrecv_generic_node(afs_fsserver_t)
-corenet_tcp_sendrecv_all_ports(afs_fsserver_t)
-corenet_udp_sendrecv_all_ports(afs_fsserver_t)
-corenet_all_recvfrom_unlabeled(afs_fsserver_t)
-corenet_all_recvfrom_netlabel(afs_fsserver_t)
-corenet_tcp_bind_generic_node(afs_fsserver_t)
-corenet_udp_bind_generic_node(afs_fsserver_t)
-corenet_tcp_bind_afs_fs_port(afs_fsserver_t)
-corenet_udp_bind_afs_fs_port(afs_fsserver_t)
-corenet_sendrecv_afs_fs_server_packets(afs_fsserver_t)
-
-files_read_etc_files(afs_fsserver_t)
-files_read_etc_runtime_files(afs_fsserver_t)
-files_list_home(afs_fsserver_t)
-files_read_usr_files(afs_fsserver_t)
-files_list_pids(afs_fsserver_t)
-files_dontaudit_search_mnt(afs_fsserver_t)
-
-fs_getattr_xattr_fs(afs_fsserver_t)
-
-term_dontaudit_use_console(afs_fsserver_t)
-
-init_dontaudit_use_script_fds(afs_fsserver_t)
-
-logging_send_syslog_msg(afs_fsserver_t)
-
-miscfiles_read_localization(afs_fsserver_t)
-
-seutil_read_config(afs_fsserver_t)
-
-sysnet_read_config(afs_fsserver_t)
-
-userdom_dontaudit_use_user_terminals(afs_fsserver_t)
-
-########################################
-#
-# kaserver local policy
-#
-
-allow afs_kaserver_t self:unix_stream_socket create_stream_socket_perms;
-allow afs_kaserver_t self:tcp_socket create_stream_socket_perms;
-allow afs_kaserver_t self:udp_socket create_socket_perms;
-
-manage_files_pattern(afs_kaserver_t, afs_config_t, afs_config_t)
-
-manage_files_pattern(afs_kaserver_t, afs_dbdir_t, afs_ka_db_t)
-filetrans_pattern(afs_kaserver_t, afs_dbdir_t, afs_ka_db_t, file)
-
-manage_dirs_pattern(afs_kaserver_t, afs_logfile_t, afs_logfile_t)
-manage_files_pattern(afs_kaserver_t, afs_logfile_t, afs_logfile_t)
-
-kernel_read_kernel_sysctls(afs_kaserver_t)
-
-corenet_all_recvfrom_unlabeled(afs_kaserver_t)
-corenet_all_recvfrom_netlabel(afs_kaserver_t)
-corenet_tcp_sendrecv_generic_if(afs_kaserver_t)
-corenet_udp_sendrecv_generic_if(afs_kaserver_t)
-corenet_tcp_sendrecv_generic_node(afs_kaserver_t)
-corenet_udp_sendrecv_generic_node(afs_kaserver_t)
-corenet_tcp_sendrecv_all_ports(afs_kaserver_t)
-corenet_udp_sendrecv_all_ports(afs_kaserver_t)
-corenet_udp_bind_generic_node(afs_kaserver_t)
-corenet_udp_bind_afs_ka_port(afs_kaserver_t)
-corenet_udp_bind_kerberos_port(afs_kaserver_t)
-corenet_sendrecv_afs_ka_server_packets(afs_kaserver_t)
-corenet_sendrecv_kerberos_server_packets(afs_kaserver_t)
-
-files_read_etc_files(afs_kaserver_t)
-files_list_home(afs_kaserver_t)
-files_read_usr_files(afs_kaserver_t)
-
-miscfiles_read_localization(afs_kaserver_t)
-
-seutil_read_config(afs_kaserver_t)
-
-sysnet_read_config(afs_kaserver_t)
-
-userdom_dontaudit_use_user_terminals(afs_kaserver_t)
-
-########################################
-#
-# ptserver local policy
-#
-
-allow afs_ptserver_t self:unix_stream_socket create_stream_socket_perms;
-allow afs_ptserver_t self:tcp_socket create_stream_socket_perms;
-allow afs_ptserver_t self:udp_socket create_socket_perms;
-
-read_files_pattern(afs_ptserver_t, afs_config_t, afs_config_t)
-allow afs_ptserver_t afs_config_t:dir list_dir_perms;
-
-manage_dirs_pattern(afs_ptserver_t, afs_logfile_t, afs_logfile_t)
-manage_files_pattern(afs_ptserver_t, afs_logfile_t, afs_logfile_t)
-
-manage_files_pattern(afs_ptserver_t, afs_dbdir_t, afs_pt_db_t)
-filetrans_pattern(afs_ptserver_t, afs_dbdir_t, afs_pt_db_t, file)
-
-corenet_all_recvfrom_unlabeled(afs_ptserver_t)
-corenet_all_recvfrom_netlabel(afs_ptserver_t)
-corenet_tcp_sendrecv_generic_if(afs_ptserver_t)
-corenet_udp_sendrecv_generic_if(afs_ptserver_t)
-corenet_tcp_sendrecv_generic_node(afs_ptserver_t)
-corenet_udp_sendrecv_generic_node(afs_ptserver_t)
-corenet_tcp_sendrecv_all_ports(afs_ptserver_t)
-corenet_udp_sendrecv_all_ports(afs_ptserver_t)
-corenet_udp_bind_generic_node(afs_ptserver_t)
-corenet_udp_bind_afs_pt_port(afs_ptserver_t)
-corenet_sendrecv_afs_pt_server_packets(afs_ptserver_t)
-
-files_read_etc_files(afs_ptserver_t)
-
-miscfiles_read_localization(afs_ptserver_t)
-
-sysnet_read_config(afs_ptserver_t)
-
-userdom_dontaudit_use_user_terminals(afs_ptserver_t)
-
-########################################
-#
-# vlserver local policy
-#
-
-allow afs_vlserver_t self:unix_stream_socket create_stream_socket_perms;
-allow afs_vlserver_t self:tcp_socket create_stream_socket_perms;
-allow afs_vlserver_t self:udp_socket create_socket_perms;
-
-read_files_pattern(afs_vlserver_t, afs_config_t, afs_config_t)
-allow afs_vlserver_t afs_config_t:dir list_dir_perms;
-
-manage_dirs_pattern(afs_vlserver_t, afs_logfile_t, afs_logfile_t)
-manage_files_pattern(afs_vlserver_t, afs_logfile_t, afs_logfile_t)
-
-manage_files_pattern(afs_vlserver_t, afs_dbdir_t, afs_vl_db_t)
-filetrans_pattern(afs_vlserver_t, afs_dbdir_t, afs_vl_db_t, file)
-
-corenet_all_recvfrom_unlabeled(afs_vlserver_t)
-corenet_all_recvfrom_netlabel(afs_vlserver_t)
-corenet_tcp_sendrecv_generic_if(afs_vlserver_t)
-corenet_udp_sendrecv_generic_if(afs_vlserver_t)
-corenet_tcp_sendrecv_generic_node(afs_vlserver_t)
-corenet_udp_sendrecv_generic_node(afs_vlserver_t)
-corenet_tcp_sendrecv_all_ports(afs_vlserver_t)
-corenet_udp_sendrecv_all_ports(afs_vlserver_t)
-corenet_udp_bind_generic_node(afs_vlserver_t)
-corenet_udp_bind_afs_vl_port(afs_vlserver_t)
-corenet_sendrecv_afs_vl_server_packets(afs_vlserver_t)
-
-files_read_etc_files(afs_vlserver_t)
-
-miscfiles_read_localization(afs_vlserver_t)
-
-sysnet_read_config(afs_vlserver_t)
-
-userdom_dontaudit_use_user_terminals(afs_vlserver_t)
diff --git a/policy/modules/services/aiccu.fc b/policy/modules/services/aiccu.fc
deleted file mode 100644
index 069518f..0000000
--- a/policy/modules/services/aiccu.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-/etc/aiccu.conf			--	gen_context(system_u:object_r:aiccu_etc_t,s0)
-/etc/rc\.d/init\.d/aiccu	--	gen_context(system_u:object_r:aiccu_initrc_exec_t,s0)
-
-/usr/sbin/aiccu			--	gen_context(system_u:object_r:aiccu_exec_t,s0)
-
-/var/run/aiccu\.pid		--	gen_context(system_u:object_r:aiccu_var_run_t,s0)
diff --git a/policy/modules/services/aiccu.if b/policy/modules/services/aiccu.if
deleted file mode 100644
index 6bf0ad6..0000000
--- a/policy/modules/services/aiccu.if
+++ /dev/null
@@ -1,116 +0,0 @@
-## <summary>Automatic IPv6 Connectivity Client Utility.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run aiccu.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`aiccu_domtrans',`
-	gen_require(`
-		type aiccu_t, aiccu_exec_t;
-	')
-
-	domtrans_pattern($1, aiccu_exec_t, aiccu_t)
-	corecmd_search_bin($1)
-')
-
-########################################
-## <summary>
-##	Execute aiccu server in the aiccu domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`aiccu_initrc_domtrans',`
-	gen_require(`
-		type aiccu_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, aiccu_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Read aiccu PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`aiccu_read_pid_files',`
-	gen_require(`
-		type aiccu_var_run_t;
-	')
-
-	allow $1 aiccu_var_run_t:file read_file_perms;
-	files_search_pids($1)
-')
-
-########################################
-## <summary>
-##	Manage aiccu PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`aiccu_manage_var_run',`
-	gen_require(`
-		type aiccu_var_run_t;
-	')
-
-	manage_dirs_pattern($1, aiccu_var_run_t, aiccu_var_run_t)
-	manage_files_pattern($1, aiccu_var_run_t, aiccu_var_run_t)
-	manage_lnk_files_pattern($1, aiccu_var_run_t, aiccu_var_run_t)
-	files_search_pids($1)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an aiccu environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`aiccu_admin',`
-	gen_require(`
-		type aiccu_t, aiccu_initrc_exec_t, aiccu_etc_t;
-		type aiccu_var_run_t;
-	')
-
-	allow $1 aiccu_t:process { ptrace signal_perms };
-	ps_process_pattern($1, aiccu_t)
-
-	aiccu_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 aiccu_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	admin_pattern($1, aiccu_etc_t)
-	files_list_etc($1)
-
-	admin_pattern($1, aiccu_var_run_t)
-	files_list_pids($1)
-')
diff --git a/policy/modules/services/aiccu.te b/policy/modules/services/aiccu.te
deleted file mode 100644
index 4b9dc88..0000000
--- a/policy/modules/services/aiccu.te
+++ /dev/null
@@ -1,71 +0,0 @@
-policy_module(aiccu, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type aiccu_t;
-type aiccu_exec_t;
-init_daemon_domain(aiccu_t, aiccu_exec_t)
-
-type aiccu_initrc_exec_t;
-init_script_file(aiccu_initrc_exec_t)
-
-type aiccu_etc_t;
-files_config_file(aiccu_etc_t)
-
-type aiccu_var_run_t;
-files_pid_file(aiccu_var_run_t)
-
-########################################
-#
-# aiccu local policy
-#
-
-allow aiccu_t self:capability { kill net_admin net_raw };
-dontaudit aiccu_t self:capability sys_tty_config;
-allow aiccu_t self:process signal;
-allow aiccu_t self:fifo_file rw_fifo_file_perms;
-allow aiccu_t self:netlink_route_socket create_netlink_socket_perms;
-allow aiccu_t self:tcp_socket create_stream_socket_perms;
-allow aiccu_t self:tun_socket create_socket_perms;
-allow aiccu_t self:udp_socket create_stream_socket_perms;
-allow aiccu_t self:unix_stream_socket create_stream_socket_perms;
-
-allow aiccu_t aiccu_etc_t:file read_file_perms;
-
-manage_dirs_pattern(aiccu_t, aiccu_var_run_t, aiccu_var_run_t)
-manage_files_pattern(aiccu_t, aiccu_var_run_t, aiccu_var_run_t)
-files_pid_filetrans(aiccu_t, aiccu_var_run_t, { file dir })
-
-kernel_read_system_state(aiccu_t)
-
-corecmd_exec_shell(aiccu_t)
-
-corenet_all_recvfrom_netlabel(aiccu_t)
-corenet_all_recvfrom_unlabeled(aiccu_t)
-corenet_tcp_bind_generic_node(aiccu_t)
-corenet_tcp_sendrecv_generic_if(aiccu_t)
-corenet_tcp_sendrecv_generic_node(aiccu_t)
-corenet_tcp_sendrecv_generic_port(aiccu_t)
-corenet_sendrecv_sixxsconfig_client_packets(aiccu_t)
-corenet_tcp_sendrecv_sixxsconfig_port(aiccu_t)
-corenet_tcp_connect_sixxsconfig_port(aiccu_t)
-corenet_rw_tun_tap_dev(aiccu_t)
-
-domain_use_interactive_fds(aiccu_t)
-
-dev_read_rand(aiccu_t)
-dev_read_urand(aiccu_t)
-
-files_read_etc_files(aiccu_t)
-
-logging_send_syslog_msg(aiccu_t)
-
-miscfiles_read_localization(aiccu_t)
-
-modutils_domtrans_insmod(aiccu_t)
-
-sysnet_domtrans_ifconfig(aiccu_t)
-sysnet_dns_name_resolve(aiccu_t)
diff --git a/policy/modules/services/aide.fc b/policy/modules/services/aide.fc
deleted file mode 100644
index 7798464..0000000
--- a/policy/modules/services/aide.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-/usr/sbin/aide		--	gen_context(system_u:object_r:aide_exec_t,mls_systemhigh)
-
-/var/lib/aide(/.*)		gen_context(system_u:object_r:aide_db_t,mls_systemhigh)
-
-/var/log/aide(/.*)?		gen_context(system_u:object_r:aide_log_t,mls_systemhigh)
-/var/log/aide\.log	--	gen_context(system_u:object_r:aide_log_t,mls_systemhigh)
diff --git a/policy/modules/services/aide.if b/policy/modules/services/aide.if
deleted file mode 100644
index 0b0db39..0000000
--- a/policy/modules/services/aide.if
+++ /dev/null
@@ -1,72 +0,0 @@
-## <summary>Aide filesystem integrity checker</summary>
-
-########################################
-## <summary>
-##	Execute aide in the aide domain
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`aide_domtrans',`
-	gen_require(`
-		type aide_t, aide_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, aide_exec_t, aide_t)
-')
-
-########################################
-## <summary>
-##	Execute aide programs in the AIDE domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the AIDE domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`aide_run',`
-	gen_require(`
-		type aide_t;
-	')
-
-	aide_domtrans($1)
-	role $2 types aide_t;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an aide environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`aide_admin',`
-	gen_require(`
-		type aide_t, aide_db_t, aide_log_t;
-	')
-
-	allow $1 aide_t:process { ptrace signal_perms };
-	ps_process_pattern($1, aide_t)
-
-	files_list_etc($1)
-	admin_pattern($1, aide_db_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, aide_log_t)
-')
diff --git a/policy/modules/services/aide.te b/policy/modules/services/aide.te
deleted file mode 100644
index 4f37ca6..0000000
--- a/policy/modules/services/aide.te
+++ /dev/null
@@ -1,40 +0,0 @@
-policy_module(aide, 1.5.0)
-
-########################################
-#
-# Declarations
-#
-
-type aide_t;
-type aide_exec_t;
-application_domain(aide_t, aide_exec_t)
-
-# log files
-type aide_log_t;
-logging_log_file(aide_log_t)
-
-# aide database
-type aide_db_t;
-files_type(aide_db_t)
-
-########################################
-#
-# aide local policy
-#
-
-allow aide_t self:capability { dac_override fowner };
-
-# database actions
-manage_files_pattern(aide_t, aide_db_t, aide_db_t)
-
-# logs
-manage_files_pattern(aide_t, aide_log_t, aide_log_t)
-logging_log_filetrans(aide_t, aide_log_t, file)
-
-files_read_all_files(aide_t)
-
-logging_send_audit_msgs(aide_t)
-
-seutil_use_newrole_fds(aide_t)
-
-userdom_use_user_terminals(aide_t)
diff --git a/policy/modules/services/aisexec.fc b/policy/modules/services/aisexec.fc
deleted file mode 100644
index 7b4f4b9..0000000
--- a/policy/modules/services/aisexec.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-/etc/rc\.d/init\.d/openais		--	gen_context(system_u:object_r:aisexec_initrc_exec_t,s0)
-
-/usr/sbin/aisexec			--	gen_context(system_u:object_r:aisexec_exec_t,s0)
-
-/var/lib/openais(/.*)?				gen_context(system_u:object_r:aisexec_var_lib_t,s0)
-
-/var/log/cluster/aisexec\.log		--	gen_context(system_u:object_r:aisexec_var_log_t,s0)
-
-/var/run/aisexec\.pid			--	gen_context(system_u:object_r:aisexec_var_run_t,s0)
diff --git a/policy/modules/services/aisexec.if b/policy/modules/services/aisexec.if
deleted file mode 100644
index af5d229..0000000
--- a/policy/modules/services/aisexec.if
+++ /dev/null
@@ -1,106 +0,0 @@
-## <summary>Aisexec Cluster Engine</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run aisexec.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`aisexec_domtrans',`
-	gen_require(`
-		type aisexec_t, aisexec_exec_t;
-	')
-
-	domtrans_pattern($1, aisexec_exec_t, aisexec_t)
-')
-
-#####################################
-## <summary>
-##	Connect to aisexec over a unix domain
-##	stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`aisexec_stream_connect',`
-	gen_require(`
-		type aisexec_t, aisexec_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, aisexec_var_run_t, aisexec_var_run_t, aisexec_t)
-')
-
-#######################################
-## <summary>
-##	Allow the specified domain to read aisexec's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`aisexec_read_log',`
-	gen_require(`
-		type aisexec_var_log_t;
-	')
-
-	logging_search_logs($1)
-	list_dirs_pattern($1, aisexec_var_log_t, aisexec_var_log_t)
-	read_files_pattern($1, aisexec_var_log_t, aisexec_var_log_t)
-')
-
-######################################
-## <summary>
-##	All of the rules required to administrate
-##	an aisexec environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the aisexecd domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`aisexecd_admin',`
-	gen_require(`
-		type aisexec_t, aisexec_var_lib_t, aisexec_var_log_t;
-		type aisexec_var_run_t, aisexec_tmp_t, aisexec_tmpfs_t;
-		type aisexec_initrc_exec_t;
-	')
-
-	allow $1 aisexec_t:process { ptrace signal_perms };
-	ps_process_pattern($1, aisexec_t)
-
-	init_labeled_script_domtrans($1, aisexec_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 aisexec_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_var_lib($1)
-	admin_pattern($1, aisexec_var_lib_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, aisexec_var_log_t)
-
-	files_list_pids($1)
-	admin_pattern($1, aisexec_var_run_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, aisexec_tmp_t)
-
-	admin_pattern($1, aisexec_tmpfs_t)
-')
diff --git a/policy/modules/services/aisexec.te b/policy/modules/services/aisexec.te
deleted file mode 100644
index c24bd66..0000000
--- a/policy/modules/services/aisexec.te
+++ /dev/null
@@ -1,102 +0,0 @@
-policy_module(aisexec, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type aisexec_t;
-type aisexec_exec_t;
-init_daemon_domain(aisexec_t, aisexec_exec_t)
-
-type aisexec_initrc_exec_t;
-init_script_file(aisexec_initrc_exec_t);
-
-type aisexec_tmp_t;
-files_tmp_file(aisexec_tmp_t)
-
-type aisexec_tmpfs_t;
-files_tmpfs_file(aisexec_tmpfs_t)
-
-type aisexec_var_lib_t;
-files_type(aisexec_var_lib_t)
-
-type aisexec_var_log_t;
-logging_log_file(aisexec_var_log_t)
-
-type aisexec_var_run_t;
-files_pid_file(aisexec_var_run_t)
-
-########################################
-#
-# aisexec local policy
-#
-
-allow aisexec_t self:capability { sys_nice sys_resource ipc_lock ipc_owner };
-allow aisexec_t self:process { setrlimit setsched signal };
-allow aisexec_t self:fifo_file rw_fifo_file_perms;
-allow aisexec_t self:sem create_sem_perms;
-allow aisexec_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow aisexec_t self:unix_dgram_socket create_socket_perms;
-allow aisexec_t self:udp_socket create_socket_perms;
-
-manage_dirs_pattern(aisexec_t, aisexec_tmp_t, aisexec_tmp_t)
-manage_files_pattern(aisexec_t, aisexec_tmp_t, aisexec_tmp_t)
-files_tmp_filetrans(aisexec_t, aisexec_tmp_t, { file dir })
-
-manage_dirs_pattern(aisexec_t, aisexec_tmpfs_t, aisexec_tmpfs_t)
-manage_files_pattern(aisexec_t, aisexec_tmpfs_t, aisexec_tmpfs_t)
-fs_tmpfs_filetrans(aisexec_t, aisexec_tmpfs_t, { dir file })
-
-manage_files_pattern(aisexec_t, aisexec_var_lib_t, aisexec_var_lib_t)
-manage_dirs_pattern(aisexec_t, aisexec_var_lib_t, aisexec_var_lib_t)
-manage_sock_files_pattern(aisexec_t, aisexec_var_lib_t, aisexec_var_lib_t)
-files_var_lib_filetrans(aisexec_t, aisexec_var_lib_t, { file dir sock_file })
-
-manage_files_pattern(aisexec_t, aisexec_var_log_t, aisexec_var_log_t)
-manage_sock_files_pattern(aisexec_t, aisexec_var_log_t, aisexec_var_log_t)
-logging_log_filetrans(aisexec_t, aisexec_var_log_t, { sock_file file })
-
-manage_files_pattern(aisexec_t, aisexec_var_run_t, aisexec_var_run_t)
-manage_sock_files_pattern(aisexec_t, aisexec_var_run_t, aisexec_var_run_t)
-files_pid_filetrans(aisexec_t, aisexec_var_run_t, { file sock_file })
-
-kernel_read_system_state(aisexec_t)
-
-corecmd_exec_bin(aisexec_t)
-
-corenet_udp_bind_netsupport_port(aisexec_t)
-corenet_tcp_bind_reserved_port(aisexec_t)
-corenet_udp_bind_cluster_port(aisexec_t)
-
-dev_read_urand(aisexec_t)
-
-files_manage_mounttab(aisexec_t)
-
-auth_use_nsswitch(aisexec_t)
-
-init_rw_script_tmp_files(aisexec_t)
-
-logging_send_syslog_msg(aisexec_t)
-
-miscfiles_read_localization(aisexec_t)
-
-userdom_rw_semaphores(aisexec_t)
-userdom_rw_unpriv_user_shared_mem(aisexec_t)
-
-optional_policy(`
-	ccs_stream_connect(aisexec_t)
-')
-
-optional_policy(`
-	# to communication with RHCS
-	rhcs_rw_dlm_controld_semaphores(aisexec_t)
-
-	rhcs_rw_fenced_semaphores(aisexec_t)
-
-	rhcs_rw_gfs_controld_semaphores(aisexec_t)
-	rhcs_rw_gfs_controld_shm(aisexec_t)
-
-	rhcs_rw_groupd_semaphores(aisexec_t)
-	rhcs_rw_groupd_shm(aisexec_t)
-')
diff --git a/policy/modules/services/ajaxterm.fc b/policy/modules/services/ajaxterm.fc
deleted file mode 100644
index aeb1888..0000000
--- a/policy/modules/services/ajaxterm.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-
-/etc/rc\.d/init\.d/ajaxterm	--	gen_context(system_u:object_r:ajaxterm_initrc_exec_t,s0)
-
-/usr/share/ajaxterm/ajaxterm\.py	--	gen_context(system_u:object_r:ajaxterm_exec_t,s0)
-
-/var/run/ajaxterm\.pid		--	gen_context(system_u:object_r:ajaxterm_var_run_t,s0)
diff --git a/policy/modules/services/ajaxterm.if b/policy/modules/services/ajaxterm.if
deleted file mode 100644
index 8e6e2c3..0000000
--- a/policy/modules/services/ajaxterm.if
+++ /dev/null
@@ -1,68 +0,0 @@
-## <summary>policy for ajaxterm</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run ajaxterm.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ajaxterm_domtrans',`
-	gen_require(`
-		type ajaxterm_t, ajaxterm_exec_t;
-	')
-
-	domtrans_pattern($1, ajaxterm_exec_t, ajaxterm_t)
-')
-
-########################################
-## <summary>
-##	Execute ajaxterm server in the ajaxterm domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ajaxterm_initrc_domtrans',`
-	gen_require(`
-		type ajaxterm_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, ajaxterm_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an ajaxterm environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ajaxterm_admin',`
-	gen_require(`
-		type ajaxterm_t, ajaxterm_initrc_exec_t;
-	')
-
-	allow $1 ajaxterm_t:process { ptrace signal_perms };
-	ps_process_pattern($1, ajaxterm_t)
-
-	ajaxterm_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 ajaxterm_initrc_exec_t system_r;
-	allow $2 system_r;
-')
diff --git a/policy/modules/services/ajaxterm.te b/policy/modules/services/ajaxterm.te
deleted file mode 100644
index cf6af13..0000000
--- a/policy/modules/services/ajaxterm.te
+++ /dev/null
@@ -1,56 +0,0 @@
-policy_module(ajaxterm, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type ajaxterm_t;
-type ajaxterm_exec_t;
-init_daemon_domain(ajaxterm_t, ajaxterm_exec_t)
-
-type ajaxterm_initrc_exec_t;
-init_script_file(ajaxterm_initrc_exec_t)
-
-type ajaxterm_var_run_t;
-files_pid_file(ajaxterm_var_run_t)
-
-type ajaxterm_devpts_t;
-term_login_pty(ajaxterm_devpts_t)
-
-permissive ajaxterm_t;
-
-########################################
-#
-# ajaxterm local policy
-#
-allow ajaxterm_t self:capability setuid;
-allow ajaxterm_t self:process setpgid;
-allow ajaxterm_t self:fifo_file rw_fifo_file_perms;
-allow ajaxterm_t self:unix_stream_socket create_stream_socket_perms;
-allow ajaxterm_t self:tcp_socket create_stream_socket_perms;
-
-allow ajaxterm_t ajaxterm_devpts_t:chr_file { rw_chr_file_perms setattr_chr_file_perms relabelfrom };
-term_create_pty(ajaxterm_t, ajaxterm_devpts_t)
-
-manage_dirs_pattern(ajaxterm_t, ajaxterm_var_run_t, ajaxterm_var_run_t)
-manage_files_pattern(ajaxterm_t, ajaxterm_var_run_t, ajaxterm_var_run_t)
-files_pid_filetrans(ajaxterm_t, ajaxterm_var_run_t, { file dir })
-
-kernel_read_system_state(ajaxterm_t)
-
-corecmd_exec_bin(ajaxterm_t)
-
-corenet_tcp_bind_generic_node(ajaxterm_t)
-corenet_tcp_bind_ajaxterm_port(ajaxterm_t)
-
-dev_read_urand(ajaxterm_t)
-
-domain_use_interactive_fds(ajaxterm_t)
-
-files_read_etc_files(ajaxterm_t)
-files_read_usr_files(ajaxterm_t)
-
-miscfiles_read_localization(ajaxterm_t)
-
-sysnet_dns_name_resolve(ajaxterm_t)
diff --git a/policy/modules/services/amavis.fc b/policy/modules/services/amavis.fc
deleted file mode 100644
index d96fdfa..0000000
--- a/policy/modules/services/amavis.fc
+++ /dev/null
@@ -1,18 +0,0 @@
-
-/etc/amavis\.conf		--	gen_context(system_u:object_r:amavis_etc_t,s0)
-/etc/amavisd(/.*)?			gen_context(system_u:object_r:amavis_etc_t,s0)
-/etc/rc\.d/init\.d/amavis	--	gen_context(system_u:object_r:amavis_initrc_exec_t,s0)
-
-/usr/sbin/amavisd.*		--	gen_context(system_u:object_r:amavis_exec_t,s0)
-/usr/lib(64)?/AntiVir/antivir	--	gen_context(system_u:object_r:amavis_exec_t,s0)
-
-ifdef(`distro_debian',`
-/usr/sbin/amavisd-new-cronjob	--	gen_context(system_u:object_r:amavis_exec_t,s0)
-')
-
-/var/amavis(/.*)?			gen_context(system_u:object_r:amavis_var_lib_t,s0)
-/var/lib/amavis(/.*)?			gen_context(system_u:object_r:amavis_var_lib_t,s0)
-/var/log/amavisd\.log		--	gen_context(system_u:object_r:amavis_var_log_t,s0)
-/var/run/amavis(d)?(/.*)?		gen_context(system_u:object_r:amavis_var_run_t,s0)
-/var/spool/amavisd(/.*)?		gen_context(system_u:object_r:amavis_spool_t,s0)
-/var/virusmails(/.*)?			gen_context(system_u:object_r:amavis_quarantine_t,s0)
diff --git a/policy/modules/services/amavis.if b/policy/modules/services/amavis.if
deleted file mode 100644
index e31d92a..0000000
--- a/policy/modules/services/amavis.if
+++ /dev/null
@@ -1,261 +0,0 @@
-## <summary>
-##	Daemon that interfaces mail transfer agents and content
-##	checkers, such as virus scanners.
-## </summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run amavis.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`amavis_domtrans',`
-	gen_require(`
-		type amavis_t, amavis_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, amavis_exec_t, amavis_t)
-')
-
-########################################
-## <summary>
-##	Execute amavis server in the amavis domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`amavis_initrc_domtrans',`
-	gen_require(`
-		type amavis_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, amavis_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Read amavis spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amavis_read_spool_files',`
-	gen_require(`
-		type amavis_spool_t;
-	')
-
-	files_search_spool($1)
-	read_files_pattern($1, amavis_spool_t, amavis_spool_t)
-')
-
-########################################
-## <summary>
-##	Manage amavis spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amavis_manage_spool_files',`
-	gen_require(`
-		type amavis_spool_t;
-	')
-
-	files_search_spool($1)
-	manage_dirs_pattern($1, amavis_spool_t, amavis_spool_t)
-	manage_files_pattern($1, amavis_spool_t, amavis_spool_t)
-')
-
-########################################
-## <summary>
-##	Create objects in the amavis spool directories
-##	with a private type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private_type">
-##	<summary>
-##	Private file type.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	Class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`amavis_spool_filetrans',`
-	gen_require(`
-		type amavis_spool_t;
-	')
-
-	files_search_spool($1)
-	filetrans_pattern($1, amavis_spool_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Search amavis lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amavis_search_lib',`
-	gen_require(`
-		type amavis_var_lib_t;
-	')
-
-	allow $1 amavis_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Read amavis lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amavis_read_lib_files',`
-	gen_require(`
-		type amavis_var_lib_t;
-	')
-
-	read_files_pattern($1, amavis_var_lib_t, amavis_var_lib_t)
-	allow $1 amavis_var_lib_t:dir list_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	amavis lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amavis_manage_lib_files',`
-	gen_require(`
-		type amavis_var_lib_t;
-	')
-
-	manage_files_pattern($1, amavis_var_lib_t, amavis_var_lib_t)
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Set the attributes of amavis pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amavis_setattr_pid_files',`
-	gen_require(`
-		type amavis_var_run_t;
-	')
-
-	allow $1 amavis_var_run_t:file setattr_file_perms;
-	files_search_pids($1)
-')
-
-########################################
-## <summary>
-##	Create of amavis pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amavis_create_pid_files',`
-	gen_require(`
-		type amavis_var_run_t;
-	')
-
-	allow $1 amavis_var_run_t:file create_file_perms;
-	files_search_pids($1)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an amavis environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`amavis_admin',`
-	gen_require(`
-		type amavis_t, amavis_tmp_t, amavis_var_log_t;
-		type amavis_spool_t, amavis_var_lib_t, amavis_var_run_t;
-		type amavis_etc_t, amavis_quarantine_t;
-		type amavis_initrc_exec_t;
-	')
-
-	allow $1 amavis_t:process { ptrace signal_perms };
-	ps_process_pattern($1, amavis_t)
-
-	amavis_initrc_domtrans($1)
- 	domain_system_change_exemption($1)
- 	role_transition $2 amavis_initrc_exec_t system_r;
- 	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, amavis_etc_t)
-
-	admin_pattern($1, amavis_quarantine_t)
-
-	files_list_spool($1)
-	admin_pattern($1, amavis_spool_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, amavis_tmp_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, amavis_var_lib_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, amavis_var_log_t)
-
-	files_list_pids($1)
-	admin_pattern($1, amavis_var_run_t)
-')
diff --git a/policy/modules/services/amavis.te b/policy/modules/services/amavis.te
deleted file mode 100644
index ec40291..0000000
--- a/policy/modules/services/amavis.te
+++ /dev/null
@@ -1,189 +0,0 @@
-policy_module(amavis, 1.11.0)
-
-########################################
-#
-# Declarations
-#
-
-type amavis_t;
-type amavis_exec_t;
-domain_type(amavis_t)
-init_daemon_domain(amavis_t, amavis_exec_t)
-
-# configuration files
-type amavis_etc_t;
-files_config_file(amavis_etc_t)
-
-type amavis_initrc_exec_t;
-init_script_file(amavis_initrc_exec_t)
-
-# pid files
-type amavis_var_run_t;
-files_pid_file(amavis_var_run_t)
-
-# var/lib files
-type amavis_var_lib_t;
-files_type(amavis_var_lib_t)
-
-# log files
-type amavis_var_log_t;
-logging_log_file(amavis_var_log_t)
-
-# tmp files
-type amavis_tmp_t;
-files_tmp_file(amavis_tmp_t)
-
-# virus quarantine
-type amavis_quarantine_t;
-files_type(amavis_quarantine_t)
-
-type amavis_spool_t;
-files_type(amavis_spool_t)
-
-########################################
-#
-# amavis local policy
-#
-
-allow amavis_t self:capability { kill chown dac_override setgid setuid };
-dontaudit amavis_t self:capability sys_tty_config;
-allow amavis_t self:process { signal sigchld signull };
-allow amavis_t self:fifo_file rw_fifo_file_perms;
-allow amavis_t self:unix_stream_socket create_stream_socket_perms;
-allow amavis_t self:unix_dgram_socket create_socket_perms;
-allow amavis_t self:tcp_socket { listen accept };
-allow amavis_t self:netlink_route_socket r_netlink_socket_perms;
-
-# configuration files
-allow amavis_t amavis_etc_t:dir list_dir_perms;
-read_files_pattern(amavis_t, amavis_etc_t, amavis_etc_t)
-read_lnk_files_pattern(amavis_t, amavis_etc_t, amavis_etc_t)
-
-can_exec(amavis_t, amavis_exec_t)
-
-# mail quarantine
-manage_dirs_pattern(amavis_t, amavis_quarantine_t, amavis_quarantine_t)
-manage_files_pattern(amavis_t, amavis_quarantine_t, amavis_quarantine_t)
-manage_sock_files_pattern(amavis_t, amavis_quarantine_t, amavis_quarantine_t)
-
-# Spool Files
-manage_dirs_pattern(amavis_t, amavis_spool_t, amavis_spool_t)
-manage_files_pattern(amavis_t, amavis_spool_t, amavis_spool_t)
-manage_lnk_files_pattern(amavis_t, amavis_spool_t, amavis_spool_t)
-manage_sock_files_pattern(amavis_t, amavis_spool_t, amavis_spool_t)
-filetrans_pattern(amavis_t, amavis_spool_t, amavis_var_run_t, sock_file)
-files_search_spool(amavis_t)
-
-# tmp files
-manage_files_pattern(amavis_t, amavis_tmp_t, amavis_tmp_t)
-allow amavis_t amavis_tmp_t:dir setattr_dir_perms;
-files_tmp_filetrans(amavis_t, amavis_tmp_t, file)
-
-# var/lib files for amavis
-manage_dirs_pattern(amavis_t, amavis_var_lib_t, amavis_var_lib_t)
-manage_files_pattern(amavis_t, amavis_var_lib_t, amavis_var_lib_t)
-manage_sock_files_pattern(amavis_t, amavis_var_lib_t, amavis_var_lib_t)
-files_search_var_lib(amavis_t)
-
-# log files
-allow amavis_t amavis_var_log_t:dir setattr_dir_perms;
-manage_files_pattern(amavis_t, amavis_var_log_t, amavis_var_log_t)
-manage_sock_files_pattern(amavis_t, amavis_var_log_t, amavis_var_log_t)
-logging_log_filetrans(amavis_t, amavis_var_log_t, { sock_file file dir })
-
-# pid file
-manage_dirs_pattern(amavis_t, amavis_var_run_t, amavis_var_run_t)
-manage_files_pattern(amavis_t, amavis_var_run_t, amavis_var_run_t)
-manage_sock_files_pattern(amavis_t, amavis_var_run_t, amavis_var_run_t)
-files_pid_filetrans(amavis_t, amavis_var_run_t, { dir file sock_file })
-
-kernel_read_kernel_sysctls(amavis_t)
-# amavis tries to access /proc/self/stat, /etc/shadow and /root - perl...
-kernel_dontaudit_list_proc(amavis_t)
-kernel_dontaudit_read_proc_symlinks(amavis_t)
-kernel_dontaudit_read_system_state(amavis_t)
-
-# find perl
-corecmd_exec_bin(amavis_t)
-
-corenet_all_recvfrom_unlabeled(amavis_t)
-corenet_all_recvfrom_netlabel(amavis_t)
-corenet_tcp_sendrecv_generic_if(amavis_t)
-corenet_tcp_sendrecv_generic_node(amavis_t)
-corenet_tcp_bind_generic_node(amavis_t)
-corenet_udp_bind_generic_node(amavis_t)
-# amavis uses well-defined ports
-corenet_tcp_sendrecv_amavisd_recv_port(amavis_t)
-corenet_tcp_sendrecv_amavisd_send_port(amavis_t)
-# just the other side not. ;-)
-corenet_tcp_sendrecv_all_ports(amavis_t)
-# connect to backchannel port
-corenet_tcp_connect_amavisd_send_port(amavis_t)
-# bind to incoming port
-corenet_tcp_bind_amavisd_recv_port(amavis_t)
-corenet_udp_bind_generic_port(amavis_t)
-corenet_dontaudit_udp_bind_all_ports(amavis_t)
-corenet_tcp_connect_razor_port(amavis_t)
-
-dev_read_rand(amavis_t)
-dev_read_urand(amavis_t)
-
-domain_use_interactive_fds(amavis_t)
-
-files_read_etc_files(amavis_t)
-files_read_etc_runtime_files(amavis_t)
-files_read_usr_files(amavis_t)
-
-fs_getattr_xattr_fs(amavis_t)
-
-auth_dontaudit_read_shadow(amavis_t)
-
-# uses uptime which reads utmp - redhat bug 561383
-init_read_utmp(amavis_t)
-init_stream_connect_script(amavis_t)
-
-logging_send_syslog_msg(amavis_t)
-
-miscfiles_read_generic_certs(amavis_t)
-miscfiles_read_localization(amavis_t)
-
-sysnet_dns_name_resolve(amavis_t)
-sysnet_use_ldap(amavis_t)
-
-userdom_dontaudit_search_user_home_dirs(amavis_t)
-
-# Cron handling
-cron_use_fds(amavis_t)
-cron_use_system_job_fds(amavis_t)
-cron_rw_pipes(amavis_t)
-
-mta_read_config(amavis_t)
-
-optional_policy(`
-	clamav_stream_connect(amavis_t)
-	clamav_domtrans_clamscan(amavis_t)
-')
-
-optional_policy(`
-	dcc_domtrans_client(amavis_t)
-	dcc_stream_connect_dccifd(amavis_t)
-')
-
-optional_policy(`
-	postfix_read_config(amavis_t)
-')
-
-optional_policy(`
-	pyzor_domtrans(amavis_t)
-	pyzor_signal(amavis_t)
-')
-
-optional_policy(`
-	razor_domtrans(amavis_t)
-')
-
-optional_policy(`
-	spamassassin_exec(amavis_t)
-	spamassassin_exec_client(amavis_t)
-	spamassassin_read_lib_files(amavis_t)
-')
diff --git a/policy/modules/services/apache.fc b/policy/modules/services/apache.fc
deleted file mode 100644
index 8603d4d..0000000
--- a/policy/modules/services/apache.fc
+++ /dev/null
@@ -1,123 +0,0 @@
-HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
-
-/etc/apache(2)?(/.*)?			gen_context(system_u:object_r:httpd_config_t,s0)
-/etc/apache-ssl(2)?(/.*)?		gen_context(system_u:object_r:httpd_config_t,s0)
-/etc/drupal(6)?(/.*)?			gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
-/etc/htdig(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
-/etc/httpd(/.*)?			gen_context(system_u:object_r:httpd_config_t,s0)
-/etc/httpd/conf/keytab		--	gen_context(system_u:object_r:httpd_keytab_t,s0)
-/etc/httpd/logs				gen_context(system_u:object_r:httpd_log_t,s0)
-/etc/httpd/modules			gen_context(system_u:object_r:httpd_modules_t,s0)
-/etc/lighttpd(/.*)?			gen_context(system_u:object_r:httpd_config_t,s0)
-/etc/mock/koji(/.*)? 			gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
-/etc/rc\.d/init\.d/httpd	--	gen_context(system_u:object_r:httpd_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/lighttpd	--	gen_context(system_u:object_r:httpd_initrc_exec_t,s0)
-
-/etc/vhosts			--	gen_context(system_u:object_r:httpd_config_t,s0)
-/etc/zabbix/web(/.*)?			gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
-
-/srv/([^/]*/)?www(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
-/srv/gallery2(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
-
-/usr/bin/htsslpass 		--	gen_context(system_u:object_r:httpd_helper_exec_t,s0)
-/usr/bin/mongrel_rails		--	gen_context(system_u:object_r:httpd_exec_t,s0)
-
-/usr/lib/apache-ssl/.+		--	gen_context(system_u:object_r:httpd_exec_t,s0)
-/usr/lib/cgi-bin(/.*)?			gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
-/usr/lib(64)?/apache(/.*)?		gen_context(system_u:object_r:httpd_modules_t,s0)
-/usr/lib(64)?/apache2/modules(/.*)?	gen_context(system_u:object_r:httpd_modules_t,s0)
-/usr/lib(64)?/apache(2)?/suexec(2)? --	gen_context(system_u:object_r:httpd_suexec_exec_t,s0)
-/usr/lib(64)?/cgi-bin/(nph-)?cgiwrap(d)? -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0)
-/usr/lib(64)?/httpd(/.*)?		gen_context(system_u:object_r:httpd_modules_t,s0)
-/usr/lib(64)?/lighttpd(/.*)?		gen_context(system_u:object_r:httpd_modules_t,s0)
-
-/usr/sbin/apache(2)?		--	gen_context(system_u:object_r:httpd_exec_t,s0)
-/usr/sbin/apache-ssl(2)?	--	gen_context(system_u:object_r:httpd_exec_t,s0)
-/usr/sbin/httpd(\.worker)?	--	gen_context(system_u:object_r:httpd_exec_t,s0)
-/usr/sbin/lighttpd		--	gen_context(system_u:object_r:httpd_exec_t,s0)
-/usr/sbin/rotatelogs		--	gen_context(system_u:object_r:httpd_rotatelogs_exec_t,s0)
-/usr/sbin/suexec		--	gen_context(system_u:object_r:httpd_suexec_exec_t,s0)
-
-ifdef(`distro_suse', `
-/usr/sbin/httpd2-.*		--	gen_context(system_u:object_r:httpd_exec_t,s0)
-')
-
-/usr/share/drupal(6)?(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
-/usr/share/htdig(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
-/usr/share/icecast(/.*)?		gen_context(system_u:object_r:httpd_sys_content_t,s0)
-/usr/share/mythweb(/.*)?		gen_context(system_u:object_r:httpd_sys_content_t,s0)
-/usr/share/mythweb/mythweb\.pl		gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
-/usr/share/mythtv/mythweather/scripts(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
-/usr/share/mythtv/data(/.*)?		gen_context(system_u:object_r:httpd_sys_content_t,s0)
-/usr/share/ntop/html(/.*)?		gen_context(system_u:object_r:httpd_sys_content_t,s0)
-/usr/share/openca/htdocs(/.*)?		gen_context(system_u:object_r:httpd_sys_content_t,s0)
-/usr/share/selinux-policy[^/]*/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
-/usr/share/wordpress-mu/wp-config\.php	-- gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
-/usr/share/wordpress-mu/wp-content(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
-/usr/share/wordpress/wp-content/uploads(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
-
-/var/cache/httpd(/.*)?			gen_context(system_u:object_r:httpd_cache_t,s0)
-/var/cache/lighttpd(/.*)?		gen_context(system_u:object_r:httpd_cache_t,s0)
-/var/cache/mason(/.*)?			gen_context(system_u:object_r:httpd_cache_t,s0)
-/var/cache/mediawiki(/.*)?		gen_context(system_u:object_r:httpd_cache_t,s0)
-/var/cache/mod_.*			gen_context(system_u:object_r:httpd_cache_t,s0)
-/var/cache/mod_gnutls(/.*)?		gen_context(system_u:object_r:httpd_cache_t,s0)
-/var/cache/mod_proxy(/.*)?		gen_context(system_u:object_r:httpd_cache_t,s0)
-/var/cache/mod_ssl(/.*)?		gen_context(system_u:object_r:httpd_cache_t,s0)
-/var/cache/php-.*			gen_context(system_u:object_r:httpd_cache_t,s0)
-/var/cache/php-eaccelerator(/.*)?	gen_context(system_u:object_r:httpd_cache_t,s0)
-/var/cache/php-mmcache(/.*)?		gen_context(system_u:object_r:httpd_cache_t,s0)
-/var/cache/rt3(/.*)?			gen_context(system_u:object_r:httpd_cache_t,s0)
-/var/cache/ssl.*\.sem		--	gen_context(system_u:object_r:httpd_cache_t,s0)
-
-/var/lib/cacti/rra(/.*)?		gen_context(system_u:object_r:httpd_sys_content_t,s0)
-/var/lib/dav(/.*)?			gen_context(system_u:object_r:httpd_var_lib_t,s0)
-/var/lib/dokuwiki(/.*)?			gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
-/var/lib/drupal(6)?(/.*)?			gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
-/var/lib/htdig(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
-/var/lib/httpd(/.*)?			gen_context(system_u:object_r:httpd_var_lib_t,s0)
-/var/lib/php/session(/.*)?		gen_context(system_u:object_r:httpd_var_run_t,s0)
-/var/lib/squirrelmail/prefs(/.*)?	gen_context(system_u:object_r:httpd_squirrelmail_t,s0)
-
-/var/log/apache(2)?(/.*)?		gen_context(system_u:object_r:httpd_log_t,s0)
-/var/log/apache-ssl(2)?(/.*)?		gen_context(system_u:object_r:httpd_log_t,s0)
-/var/log/cacti(/.*)?			gen_context(system_u:object_r:httpd_log_t,s0)
-/var/log/cgiwrap\.log.*		--	gen_context(system_u:object_r:httpd_log_t,s0)
-/var/log/httpd(/.*)?			gen_context(system_u:object_r:httpd_log_t,s0)
-/var/log/lighttpd(/.*)?			gen_context(system_u:object_r:httpd_log_t,s0)
-
-ifdef(`distro_debian', `
-/var/log/horde2(/.*)?			gen_context(system_u:object_r:httpd_log_t,s0)
-')
-
-/var/run/apache.*			gen_context(system_u:object_r:httpd_var_run_t,s0)
-/var/run/gcache_port		-s	gen_context(system_u:object_r:httpd_var_run_t,s0)
-/var/run/httpd.*			gen_context(system_u:object_r:httpd_var_run_t,s0)
-/var/run/lighttpd(/.*)?			gen_context(system_u:object_r:httpd_var_run_t,s0)
-/var/run/mod_.*				gen_context(system_u:object_r:httpd_var_run_t,s0)
-/var/run/wsgi.*			-s	gen_context(system_u:object_r:httpd_var_run_t,s0)
-
-/var/spool/gosa(/.*)?			gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
-/var/spool/squirrelmail(/.*)?		gen_context(system_u:object_r:squirrelmail_spool_t,s0)
-/var/spool/viewvc(/.*)?			gen_context(system_u:object_r:httpd_sys_rw_content_t, s0)
-
-/var/www(/.*)?				gen_context(system_u:object_r:httpd_sys_content_t,s0)
-/var/www(/.*)?/logs(/.*)?		gen_context(system_u:object_r:httpd_log_t,s0)
-/var/www/[^/]*/cgi-bin(/.*)?		gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
-/var/www/cgi-bin(/.*)?			gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
-/var/www/icons(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
-/var/www/perl(/.*)?			gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
-
-/var/www/html/[^/]*/cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
-
-/var/www/html/configuration\.php 	gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
-
-/var/www/gallery/albums(/.*)?		gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
-
-/var/lib/koji(/.*)? 			gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
-/var/lib/pootle/po(/.*)? 		gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
-/var/lib/rt3/data/RT-Shredder(/.*)?	gen_context(system_u:object_r:httpd_var_lib_t,s0)
-
-/var/www/svn(/.*)?			gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
-/var/www/svn/hooks(/.*)?		gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
-/var/www/svn/conf(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if
deleted file mode 100644
index 6918ff2..0000000
--- a/policy/modules/services/apache.if
+++ /dev/null
@@ -1,1407 +0,0 @@
-## <summary>Apache web server</summary>
-
-########################################
-## <summary>
-##	Create a set of derived types for apache
-##	web content.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	The prefix to be used for deriving type names.
-##	</summary>
-## </param>
-#
-template(`apache_content_template',`
-	gen_require(`
-		attribute httpd_exec_scripts, httpd_script_exec_type;
-		type httpd_t, httpd_suexec_t, httpd_log_t;
-		type httpd_sys_content_t;
-	')
-
-	#This type is for webpages
-	type httpd_$1_content_t; # customizable;
-	typealias httpd_$1_content_t alias httpd_$1_script_ro_t;
-	files_type(httpd_$1_content_t)
-
-	# This type is used for .htaccess files
-	type httpd_$1_htaccess_t; # customizable;
-	files_type(httpd_$1_htaccess_t)
-
-	# Type that CGI scripts run as
-	type httpd_$1_script_t;
-	domain_type(httpd_$1_script_t)
-	role system_r types httpd_$1_script_t;
-
-	search_dirs_pattern(httpd_$1_script_t, httpd_sys_content_t, httpd_script_exec_type)
-
-	# This type is used for executable scripts files
-	type httpd_$1_script_exec_t, httpd_script_exec_type; # customizable;
-	corecmd_shell_entry_type(httpd_$1_script_t)
-	domain_entry_file(httpd_$1_script_t, httpd_$1_script_exec_t)
-
-	type httpd_$1_rw_content_t; # customizable
-	typealias httpd_$1_rw_content_t alias { httpd_$1_script_rw_t httpd_$1_content_rw_t };
-	files_type(httpd_$1_rw_content_t)
-
-	type httpd_$1_ra_content_t; # customizable
-	typealias httpd_$1_ra_content_t alias { httpd_$1_script_ra_t httpd_$1_content_ra_t };
-	files_type(httpd_$1_ra_content_t)
-
-	read_files_pattern(httpd_t, httpd_$1_content_t, httpd_$1_htaccess_t)
-
-	allow httpd_t { httpd_$1_content_t httpd_$1_rw_content_t httpd_$1_script_exec_t }:dir search_dir_perms;
-	allow httpd_suexec_t { httpd_$1_content_t httpd_$1_rw_content_t httpd_$1_script_exec_t }:dir search_dir_perms;
-
-	allow httpd_$1_script_t self:fifo_file rw_file_perms;
-	allow httpd_$1_script_t self:unix_stream_socket connectto;
-
-	allow httpd_$1_script_t httpd_t:fifo_file write;
-	# apache should set close-on-exec
-	dontaudit httpd_$1_script_t httpd_t:unix_stream_socket { read write };
-
-	# Allow the script process to search the cgi directory, and users directory
-	allow httpd_$1_script_t httpd_$1_content_t:dir search_dir_perms;
-
-	append_files_pattern(httpd_$1_script_t, httpd_log_t, httpd_log_t)
-	logging_search_logs(httpd_$1_script_t)
-
-	can_exec(httpd_$1_script_t, httpd_$1_script_exec_t)
-	allow httpd_$1_script_t httpd_$1_script_exec_t:dir list_dir_perms;
-
-	allow httpd_$1_script_t httpd_$1_ra_content_t:dir { list_dir_perms add_entry_dir_perms };
-	read_files_pattern(httpd_$1_script_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)
-	append_files_pattern(httpd_$1_script_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)
-	read_lnk_files_pattern(httpd_$1_script_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)
-
-	allow httpd_$1_script_t httpd_$1_content_t:dir list_dir_perms;
-	read_files_pattern(httpd_$1_script_t, httpd_$1_content_t, httpd_$1_content_t)
-	read_lnk_files_pattern(httpd_$1_script_t, httpd_$1_content_t, httpd_$1_content_t)
-
-	manage_dirs_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
-	manage_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
-	manage_lnk_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
-	manage_fifo_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
-	manage_sock_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
-
-	kernel_dontaudit_search_sysctl(httpd_$1_script_t)
-	kernel_dontaudit_search_kernel_sysctl(httpd_$1_script_t)
-
-	dev_read_rand(httpd_$1_script_t)
-	dev_read_urand(httpd_$1_script_t)
-
-	corecmd_exec_all_executables(httpd_$1_script_t)
-	application_exec_all(httpd_$1_script_t)
-
-	files_exec_etc_files(httpd_$1_script_t)
-	files_read_etc_files(httpd_$1_script_t)
-	files_search_home(httpd_$1_script_t)
-
-	libs_exec_ld_so(httpd_$1_script_t)
-	libs_exec_lib_files(httpd_$1_script_t)
-
-	miscfiles_read_fonts(httpd_$1_script_t)
-	miscfiles_read_public_files(httpd_$1_script_t)
-
-	seutil_dontaudit_search_config(httpd_$1_script_t)
-
-	# Allow the web server to run scripts and serve pages
-	tunable_policy(`httpd_builtin_scripting',`
-		manage_dirs_pattern(httpd_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
-		manage_files_pattern(httpd_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
-		manage_lnk_files_pattern(httpd_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
-		rw_sock_files_pattern(httpd_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
-
-		allow httpd_t httpd_$1_ra_content_t:dir { list_dir_perms add_entry_dir_perms };
-		read_files_pattern(httpd_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)
-		append_files_pattern(httpd_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)
-		read_lnk_files_pattern(httpd_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)
-
-		allow httpd_t httpd_$1_content_t:dir list_dir_perms;
-		read_files_pattern(httpd_t, httpd_$1_content_t, httpd_$1_content_t)
-		read_lnk_files_pattern(httpd_t, httpd_$1_content_t, httpd_$1_content_t)
-
-		allow httpd_t httpd_$1_content_t:dir list_dir_perms;
-		read_files_pattern(httpd_t, httpd_$1_content_t, httpd_$1_content_t)
-		read_lnk_files_pattern(httpd_t, httpd_$1_content_t, httpd_$1_content_t)
-		allow httpd_t httpd_$1_script_t:unix_stream_socket connectto;
-	')
-
-	tunable_policy(`httpd_enable_cgi',`
-		allow httpd_$1_script_t httpd_$1_script_exec_t:file entrypoint;
-
-		domtrans_pattern(httpd_suexec_t, httpd_$1_script_exec_t, httpd_$1_script_t)
-
-		# privileged users run the script:
-		domtrans_pattern(httpd_exec_scripts, httpd_$1_script_exec_t, httpd_$1_script_t)
-
-		allow httpd_exec_scripts httpd_$1_script_exec_t:file read_file_perms;
-
-		# apache runs the script:
-		domtrans_pattern(httpd_t, httpd_$1_script_exec_t, httpd_$1_script_t)
-
-		allow httpd_t httpd_$1_script_exec_t:file read_file_perms;
-
-		allow httpd_t httpd_$1_script_t:process { signal sigkill sigstop };
-		allow httpd_t httpd_$1_script_exec_t:dir list_dir_perms;
-
-		allow httpd_$1_script_t self:process { setsched signal_perms };
-		allow httpd_$1_script_t self:unix_stream_socket create_stream_socket_perms;
-		allow httpd_$1_script_t self:unix_dgram_socket create_socket_perms;
-
-		allow httpd_$1_script_t httpd_t:fd use;
-		allow httpd_$1_script_t httpd_t:process sigchld;
-
-		dontaudit httpd_$1_script_t httpd_t:tcp_socket { read write };
-
-		kernel_read_system_state(httpd_$1_script_t)
-
-		dev_read_urand(httpd_$1_script_t)
-
-		fs_getattr_xattr_fs(httpd_$1_script_t)
-
-		files_read_etc_runtime_files(httpd_$1_script_t)
-		files_read_usr_files(httpd_$1_script_t)
-
-		libs_read_lib_files(httpd_$1_script_t)
-
-		miscfiles_read_localization(httpd_$1_script_t)
-		allow httpd_$1_script_t httpd_sys_content_t:dir search_dir_perms;
-	')
-
-	optional_policy(`
-		tunable_policy(`httpd_enable_cgi && allow_ypbind',`
-			nis_use_ypbind_uncond(httpd_$1_script_t)
-		')
-	')
-
-	optional_policy(`
-		postgresql_unpriv_client(httpd_$1_script_t)
-	')
-
-	optional_policy(`
-		nscd_socket_use(httpd_$1_script_t)
-	')
-')
-
-########################################
-## <summary>
-##	Role access for apache
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`apache_role',`
-	gen_require(`
-		attribute httpdcontent;
-		type httpd_user_content_t, httpd_user_htaccess_t, httpd_user_script_t;
-		type httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_user_script_exec_t;
-	')
-
-	role $1 types httpd_user_script_t;
-
-	allow $2 httpd_user_content_t:{ dir file lnk_file } { relabelto relabelfrom };
-
-	allow $2 httpd_user_htaccess_t:file { manage_file_perms relabel_file_perms };
-
-	manage_dirs_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t)
-	manage_files_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t)
-	manage_lnk_files_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t)
-	relabel_dirs_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t)
-	relabel_files_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t)
-	relabel_lnk_files_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t)
-
-	manage_dirs_pattern($2, httpd_user_content_t, httpd_user_content_t)
-	manage_files_pattern($2, httpd_user_content_t, httpd_user_content_t)
-	manage_lnk_files_pattern($2, httpd_user_content_t, httpd_user_content_t)
-	relabel_dirs_pattern($2, httpd_user_content_t, httpd_user_content_t)
-	relabel_files_pattern($2, httpd_user_content_t, httpd_user_content_t)
-	relabel_lnk_files_pattern($2, httpd_user_content_t, httpd_user_content_t)
-
-	manage_dirs_pattern($2, httpd_user_rw_content_t, httpd_user_rw_content_t)
-	manage_files_pattern($2, httpd_user_rw_content_t, httpd_user_rw_content_t)
-	manage_lnk_files_pattern($2, httpd_user_rw_content_t, httpd_user_rw_content_t)
-	relabel_dirs_pattern($2, httpd_user_rw_content_t, httpd_user_rw_content_t)
-	relabel_files_pattern($2, httpd_user_rw_content_t, httpd_user_rw_content_t)
-	relabel_lnk_files_pattern($2, httpd_user_rw_content_t, httpd_user_rw_content_t)
-
-	manage_dirs_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
-	manage_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
-	manage_lnk_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
-	relabel_dirs_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
-	relabel_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
-	relabel_lnk_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
-
-	apache_exec_modules($2)
-
-	tunable_policy(`httpd_enable_cgi',`
-		# If a user starts a script by hand it gets the proper context
-		domtrans_pattern($2, httpd_user_script_exec_t, httpd_user_script_t)
-	')
-
-	tunable_policy(`httpd_enable_cgi && httpd_unified',`
-		domtrans_pattern($2, httpdcontent, httpd_user_script_t)
-	')
-')
-
-########################################
-## <summary>
-##	Read httpd user scripts executables.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_read_user_scripts',`
-	gen_require(`
-		type httpd_user_script_exec_t;
-	')
-
-	allow $1 httpd_user_script_exec_t:dir list_dir_perms;
-	read_files_pattern($1, httpd_user_script_exec_t, httpd_user_script_exec_t)
-	read_lnk_files_pattern($1, httpd_user_script_exec_t, httpd_user_script_exec_t)
-')
-
-########################################
-## <summary>
-##	Read user web content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_read_user_content',`
-	gen_require(`
-		type httpd_user_content_t;
-	')
-
-	allow $1 httpd_user_content_t:dir list_dir_perms;
-	read_files_pattern($1, httpd_user_content_t, httpd_user_content_t)
-	read_lnk_files_pattern($1, httpd_user_content_t, httpd_user_content_t)
-')
-
-########################################
-## <summary>
-##	Transition to apache.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`apache_domtrans',`
-	gen_require(`
-		type httpd_t, httpd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, httpd_exec_t, httpd_t)
-')
-
-######################################
-## <summary>
-##	Allow the specified domain to execute apache
-##	in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_exec',`
-	gen_require(`
-		type httpd_exec_t;
-	')
-
-	can_exec($1, httpd_exec_t)
-')
-
-#######################################
-## <summary>
-##	Send a generic signal to apache.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_signal',`
-	gen_require(`
-		type httpd_t;
-	')
-
-	allow $1 httpd_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send a null signal to apache.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_signull',`
-	gen_require(`
-		type httpd_t;
-	')
-
-	allow $1 httpd_t:process signull;
-')
-
-########################################
-## <summary>
-##	Send a SIGCHLD signal to apache.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_sigchld',`
-	gen_require(`
-		type httpd_t;
-	')
-
-	allow $1 httpd_t:process sigchld;
-')
-
-########################################
-## <summary>
-##	Inherit and use file descriptors from Apache.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_use_fds',`
-	gen_require(`
-		type httpd_t;
-	')
-
-	allow $1 httpd_t:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write Apache
-##	unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`apache_dontaudit_rw_fifo_file',`
-	gen_require(`
-		type httpd_t;
-	')
-
-	dontaudit $1 httpd_t:fifo_file rw_inherited_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write Apache
-##	unix domain stream sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`apache_dontaudit_rw_stream_sockets',`
-	gen_require(`
-		type httpd_t;
-	')
-
-	dontaudit $1 httpd_t:unix_stream_socket { read write };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write Apache
-##	TCP sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`apache_dontaudit_rw_tcp_sockets',`
-	gen_require(`
-		type httpd_t;
-	')
-
-	dontaudit $1 httpd_t:tcp_socket { read write };
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete all web content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`apache_manage_all_content',`
-	gen_require(`
-		attribute httpdcontent, httpd_script_exec_type;
-	')
-
-	manage_dirs_pattern($1, httpdcontent, httpdcontent)
-	manage_files_pattern($1, httpdcontent, httpdcontent)
-	manage_lnk_files_pattern($1, httpdcontent, httpdcontent)
-
-	manage_dirs_pattern($1, httpd_script_exec_type, httpd_script_exec_type)
-	manage_files_pattern($1, httpd_script_exec_type, httpd_script_exec_type)
-	manage_lnk_files_pattern($1, httpd_script_exec_type, httpd_script_exec_type)
-')
-
-########################################
-## <summary>
-##	Allow domain to  set the attributes
-##	of the APACHE cache directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_setattr_cache_dirs',`
-	gen_require(`
-		type httpd_cache_t;
-	')
-
-	allow $1 httpd_cache_t:dir setattr_dir_perms;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to list
-##	Apache cache.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_list_cache',`
-	gen_require(`
-		type httpd_cache_t;
-	')
-
-	list_dirs_pattern($1, httpd_cache_t, httpd_cache_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	and write Apache cache files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_rw_cache_files',`
-	gen_require(`
-		type httpd_cache_t;
-	')
-
-	allow $1 httpd_cache_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to delete
-##	Apache cache dirs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_delete_cache_dirs',`
-	gen_require(`
-		type httpd_cache_t;
-	')
-
-	delete_dirs_pattern($1, httpd_cache_t, httpd_cache_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to delete
-##	Apache cache.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_delete_cache_files',`
-	gen_require(`
-		type httpd_cache_t;
-	')
-
-	delete_files_pattern($1, httpd_cache_t, httpd_cache_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to search
-##	apache configuration dirs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`apache_search_config',`
-	gen_require(`
-		type httpd_config_t;
-	')
-
-	files_search_etc($1)
-	allow $1 httpd_config_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	apache configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`apache_read_config',`
-	gen_require(`
-		type httpd_config_t;
-	')
-
-	files_search_etc($1)
-	allow $1 httpd_config_t:dir list_dir_perms;
-	read_files_pattern($1, httpd_config_t, httpd_config_t)
-	read_lnk_files_pattern($1, httpd_config_t, httpd_config_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to manage
-##	apache configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_manage_config',`
-	gen_require(`
-		type httpd_config_t;
-	')
-
-	files_search_etc($1)
-	manage_dirs_pattern($1, httpd_config_t, httpd_config_t)
-	manage_files_pattern($1, httpd_config_t, httpd_config_t)
-	read_lnk_files_pattern($1, httpd_config_t, httpd_config_t)
-')
-
-########################################
-## <summary>
-##	Execute the Apache helper program with
-##	a domain transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_domtrans_helper',`
-	gen_require(`
-		type httpd_helper_t, httpd_helper_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, httpd_helper_exec_t, httpd_helper_t)
-')
-
-########################################
-## <summary>
-##	Execute the Apache helper program with
-##	a domain transition, and allow the
-##	specified role the Apache helper domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`apache_run_helper',`
-	gen_require(`
-		type httpd_helper_t;
-	')
-
-	apache_domtrans_helper($1)
-	role $2 types httpd_helper_t;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	apache log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`apache_read_log',`
-	gen_require(`
-		type httpd_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 httpd_log_t:dir list_dir_perms;
-	read_files_pattern($1, httpd_log_t, httpd_log_t)
-	read_lnk_files_pattern($1, httpd_log_t, httpd_log_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to append
-##	to apache log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_append_log',`
-	gen_require(`
-		type httpd_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 httpd_log_t:dir list_dir_perms;
-	append_files_pattern($1, httpd_log_t, httpd_log_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to append to the
-##	Apache logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`apache_dontaudit_append_log',`
-	gen_require(`
-		type httpd_log_t;
-	')
-
-	dontaudit $1 httpd_log_t:file append_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to manage
-##	to apache log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_manage_log',`
-	gen_require(`
-		type httpd_log_t;
-	')
-
-	logging_search_logs($1)
-	manage_dirs_pattern($1, httpd_log_t, httpd_log_t)
-	manage_files_pattern($1, httpd_log_t, httpd_log_t)
-	read_lnk_files_pattern($1, httpd_log_t, httpd_log_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search Apache
-##	module directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`apache_dontaudit_search_modules',`
-	gen_require(`
-		type httpd_modules_t;
-	')
-
-	dontaudit $1 httpd_modules_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	the apache module directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_read_modules',`
-	gen_require(`
-		type httpd_modules_t;
-	')
-
-	read_files_pattern($1, httpd_modules_t, httpd_modules_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to list
-##	the contents of the apache modules
-##	directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_list_modules',`
-	gen_require(`
-		type httpd_modules_t;
-	')
-
-	allow $1 httpd_modules_t:dir list_dir_perms;
-	read_lnk_files_pattern($1, httpd_modules_t, httpd_modules_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to execute
-##	apache modules.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_exec_modules',`
-	gen_require(`
-		type httpd_modules_t;
-	')
-
-	allow $1 httpd_modules_t:dir list_dir_perms;
-	allow $1 httpd_modules_t:lnk_file read_lnk_file_perms;
-	can_exec($1, httpd_modules_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run httpd_rotatelogs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`apache_domtrans_rotatelogs',`
-	gen_require(`
-		type httpd_rotatelogs_t, httpd_rotatelogs_exec_t;
-	')
-
-	domtrans_pattern($1, httpd_rotatelogs_exec_t, httpd_rotatelogs_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to list
-##	apache system content files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_list_sys_content',`
-	gen_require(`
-		type httpd_sys_content_t;
-	')
-
-	list_dirs_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
-	read_lnk_files_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
-	files_search_var($1)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to manage
-##	apache system content files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-# Note that httpd_sys_content_t is found in /var, /etc, /srv and /usr
-interface(`apache_manage_sys_content',`
-	gen_require(`
-		type httpd_sys_content_t;
-	')
-
-	files_search_var($1)
-	manage_dirs_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
-	manage_files_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
-	manage_lnk_files_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
-')
-
-######################################
-## <summary>
-##	Allow the specified domain to read
-##	apache system content rw files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`apache_read_sys_content_rw_files',`
-	gen_require(`
-		type httpd_sys_rw_content_t;
-	')
-
-	read_files_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t)
-')
-
-######################################
-## <summary>
-##	Allow the specified domain to manage
-##	apache system content rw files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`apache_manage_sys_content_rw',`
-	gen_require(`
-		type httpd_sys_rw_content_t;
-	')
-
-	files_search_var($1)
-	manage_dirs_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t)
-	manage_files_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t)
-	manage_lnk_files_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to delete
-##	apache system content rw files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`apache_delete_sys_content_rw',`
-	gen_require(`
-		type httpd_sys_rw_content_t;
-	')
-
-	files_search_tmp($1)
-	delete_dirs_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t)
-	delete_files_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t)
-	delete_lnk_files_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t)
-	delete_fifo_files_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t)
-	delete_sock_files_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t)
-')
-
-########################################
-## <summary>
-##	Execute all web scripts in the system
-##	script domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-# cjp: this interface specifically added to allow
-# sysadm_t to run scripts
-interface(`apache_domtrans_sys_script',`
-	gen_require(`
-		attribute httpdcontent;
-		type httpd_sys_script_t, httpd_sys_content_t;
-	')
-
-	tunable_policy(`httpd_enable_cgi',`
-		domtrans_pattern($1, httpd_sys_script_exec_t, httpd_sys_script_t)
-	')
-
-	tunable_policy(`httpd_enable_cgi && httpd_unified',`
-		domtrans_pattern($1, httpdcontent, httpd_sys_script_t)
-	')
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write Apache
-##	system script unix domain stream sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`apache_dontaudit_rw_sys_script_stream_sockets',`
-	gen_require(`
-		type httpd_sys_script_t;
-	')
-
-	dontaudit $1 httpd_sys_script_t:unix_stream_socket { read write };
-')
-
-########################################
-## <summary>
-##	Execute all user scripts in the user
-##	script domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`apache_domtrans_all_scripts',`
-	gen_require(`
-		attribute httpd_exec_scripts;
-	')
-
-	typeattribute $1 httpd_exec_scripts;
-')
-
-########################################
-## <summary>
-##	Execute all user scripts in the user
-##	script domain.  Add user script domains
-##	to the specified role.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`apache_run_all_scripts',`
-	gen_require(`
-		attribute httpd_exec_scripts, httpd_script_domains;
-	')
-
-	role $2 types httpd_script_domains;
-	apache_domtrans_all_scripts($1)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	apache squirrelmail data.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_read_squirrelmail_data',`
-	gen_require(`
-		type httpd_squirrelmail_t;
-	')
-
-	read_files_pattern($1, httpd_squirrelmail_t, httpd_squirrelmail_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to append
-##	apache squirrelmail data.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_append_squirrelmail_data',`
-	gen_require(`
-		type httpd_squirrelmail_t;
-	')
-
-	allow $1 httpd_squirrelmail_t:file append_file_perms;
-')
-
-########################################
-## <summary>
-##	Search apache system content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_search_sys_content',`
-	gen_require(`
-		type httpd_sys_content_t;
-	')
-
-	allow $1 httpd_sys_content_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read apache system content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_read_sys_content',`
-	gen_require(`
-		type httpd_sys_content_t;
-	')
-
-	allow $1 httpd_sys_content_t:dir list_dir_perms;
-	read_files_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
-	read_lnk_files_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
-')
-
-########################################
-## <summary>
-##	Search apache system CGI directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_search_sys_scripts',`
-	gen_require(`
-		type httpd_sys_content_t, httpd_sys_script_exec_t;
-	')
-
-	search_dirs_pattern($1, httpd_sys_content_t, httpd_sys_script_exec_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete all user web content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`apache_manage_all_user_content',`
-	gen_require(`
-		attribute httpd_user_content_type, httpd_user_script_exec_type;
-	')
-
-	manage_dirs_pattern($1, httpd_user_content_type, httpd_user_content_type)
-	manage_files_pattern($1, httpd_user_content_type, httpd_user_content_type)
-	manage_lnk_files_pattern($1, httpd_user_content_type, httpd_user_content_type)
-
-	manage_dirs_pattern($1, httpd_user_script_exec_type, httpd_user_script_exec_type)
-	manage_files_pattern($1, httpd_user_script_exec_type, httpd_user_script_exec_type)
-	manage_lnk_files_pattern($1, httpd_user_script_exec_type, httpd_user_script_exec_type)
-')
-
-########################################
-## <summary>
-##	Search system script state directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_search_sys_script_state',`
-	gen_require(`
-		type httpd_sys_script_t;
-	')
-
-	allow $1 httpd_sys_script_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	apache tmp files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_read_tmp_files',`
-	gen_require(`
-		type httpd_tmp_t;
-	')
-
-	files_search_tmp($1)
-	read_files_pattern($1, httpd_tmp_t, httpd_tmp_t)
-')
-
-######################################
-## <summary>
-##	Dontaudit attempts to read and write
-##	apache tmp files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`apache_dontaudit_rw_tmp_files',`
-	gen_require(`
-		type httpd_tmp_t;
-	')
-
-	dontaudit $1 httpd_tmp_t:file { read write };
-')
-
-########################################
-## <summary>
-##	Dontaudit attempts to write
-##	apache tmp files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`apache_dontaudit_write_tmp_files',`
-	gen_require(`
-		type httpd_tmp_t;
-	')
-
-	dontaudit $1 httpd_tmp_t:file write;
-')
-
-########################################
-## <summary>
-##	Execute CGI in the specified domain.
-## </summary>
-##	<desc>
-##	<p>
-##	Execute CGI in the specified domain.
-##	</p>
-##	<p>
-##	This is an interface to support third party modules
-##	and its use is not allowed in upstream reference
-##	policy.
-##	</p>
-##	</desc>
-## <param name="domain">
-##	<summary>
-##	Domain run the cgi script in.
-##	</summary>
-## </param>
-## <param name="entrypoint">
-##	<summary>
-##	Type of the executable to enter the cgi domain.
-##	</summary>
-## </param>
-#
-interface(`apache_cgi_domain',`
-	gen_require(`
-		type httpd_t, httpd_sys_script_exec_t;
-	')
-
-	domtrans_pattern(httpd_t, $2, $1)
-	apache_search_sys_scripts($1)
-
-	allow httpd_t $1:process signal;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate an apache environment
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Prefix of the domain. Example, user would be
-##	the prefix for the uder_t domain.
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`apache_admin',`
-	gen_require(`
-		attribute httpdcontent, httpd_script_exec_type;
-		type httpd_t, httpd_config_t, httpd_log_t;
-		type httpd_modules_t, httpd_lock_t, httpd_bool_t;
-		type httpd_var_run_t, httpd_php_tmp_t, httpd_initrc_exec_t;
-		type httpd_suexec_tmp_t, httpd_tmp_t;
-	')
-
-	allow $1 httpd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, httpd_t)
-
-	init_labeled_script_domtrans($1, httpd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 httpd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	apache_manage_all_content($1)
-	miscfiles_manage_public_files($1)
-
-	files_list_etc($1)
-	admin_pattern($1, httpd_config_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, httpd_log_t)
-
-	admin_pattern($1, httpd_modules_t)
-
-	admin_pattern($1, httpd_lock_t)
-	files_lock_filetrans($1, httpd_lock_t, file)
-
-	admin_pattern($1, httpd_var_run_t)
-	files_pid_filetrans($1, httpd_var_run_t, file)
-
-	admin_pattern($1, httpdcontent)
-	admin_pattern($1, httpd_script_exec_type)
-
-	seutil_domtrans_setfiles($1)
-
-	files_list_tmp($1)
-	admin_pattern($1, httpd_tmp_t)
-	admin_pattern($1, httpd_php_tmp_t)
-	admin_pattern($1, httpd_suexec_tmp_t)
-
-	ifdef(`TODO',`
-		apache_set_booleans($1, $2, $3, httpd_bool_t)
-		seutil_setsebool_role_template($1, $3, $2)
-		allow httpd_setsebool_t httpd_bool_t:dir list_dir_perms;
-		allow httpd_setsebool_t httpd_bool_t:file rw_file_perms;
-	')
-')
-
-########################################
-## <summary>
-##	dontaudit read and write an leaked file descriptors
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`apache_dontaudit_leaks',`
-	gen_require(`
-		type httpd_t;
-	')
-
-	dontaudit $1 httpd_t:fifo_file rw_inherited_fifo_file_perms;
-	dontaudit $1 httpd_t:tcp_socket { read write };
-	dontaudit $1 httpd_t:unix_dgram_socket { read write };
-	dontaudit $1 httpd_t:unix_stream_socket { read write };
-')
diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
deleted file mode 100644
index 410ff39..0000000
--- a/policy/modules/services/apache.te
+++ /dev/null
@@ -1,1192 +0,0 @@
-policy_module(apache, 2.2.0)
-
-#
-# NOTES:
-#  This policy will work with SUEXEC enabled as part of the Apache
-#  configuration. However, the user CGI scripts will run under the
-#  system_u:system_r:httpd_user_script_t.
-#
-#  The user CGI scripts must be labeled with the httpd_user_script_exec_t
-#  type, and the directory containing the scripts should also be labeled
-#  with these types. This policy allows the user role to perform that
-#  relabeling. If it is desired that only admin role should be able to relabel
-#  the user CGI scripts, then relabel rule for user roles should be removed.
-#
-
-########################################
-#
-# Declarations
-#
-
-selinux_genbool(httpd_bool_t)
-
-## <desc>
-##	<p>
-##	Allow Apache to modify public files
-##	used for public file transfer services. Directories/Files must
-##	be labeled public_content_rw_t.
-##	</p>
-## </desc>
-gen_tunable(allow_httpd_anon_write, false)
-
-## <desc>
-##	<p>
-##	Allow Apache to use mod_auth_pam
-##	</p>
-## </desc>
-gen_tunable(allow_httpd_mod_auth_pam, false)
-
-## <desc>
-##	<p>
-##	Allow Apache to use mod_auth_pam
-##	</p>
-## </desc>
-gen_tunable(allow_httpd_mod_auth_ntlm_winbind, false)
-
-## <desc>
-##	<p>
-##	Allow httpd scripts and modules execmem/execstack
-##	</p>
-## </desc>
-gen_tunable(httpd_execmem, false)
-
-## <desc>
-##	<p>
-##	Allow httpd daemon to change system limits
-##	</p>
-## </desc>
-gen_tunable(httpd_setrlimit, false)
-
-## <desc>
-##	<p>
-##	Allow httpd to use built in scripting (usually php)
-##	</p>
-## </desc>
-gen_tunable(httpd_builtin_scripting, false)
-
-## <desc>
-##	<p>
-##	Allow HTTPD scripts and modules to connect to the network using any TCP port.
-##	</p>
-## </desc>
-gen_tunable(httpd_can_network_connect, false)
-
-## <desc>
-##	<p>
-##	Allow HTTPD scripts and modules to connect to cobbler over the network.
-##	</p>
-## </desc>
-gen_tunable(httpd_can_network_connect_cobbler, false)
-
-## <desc>
-##	<p>
-##	Allow HTTPD scripts and modules to connect to databases over the network.
-##	</p>
-## </desc>
-gen_tunable(httpd_can_network_connect_db, false)
-
-## <desc>
-##	<p>
-##	Allow httpd to connect to memcache server
-##	</p>
-## </desc>
-gen_tunable(httpd_can_network_memcache, false)
-
-## <desc>
-##	<p>
-##	Allow httpd to act as a relay
-##	</p>
-## </desc>
-gen_tunable(httpd_can_network_relay, false)
-
-## <desc>
-##	<p>
-##	Allow http daemon to send mail
-##	</p>
-## </desc>
-gen_tunable(httpd_can_sendmail, false)
-
-## <desc>
-##	<p>
-##	Allow http daemon to check spam
-##	</p>
-## </desc>
-gen_tunable(httpd_can_check_spam, false)
-
-## <desc>
-##	<p>
-##	Allow Apache to communicate with avahi service via dbus
-##	</p>
-## </desc>
-gen_tunable(httpd_dbus_avahi, false)
-
-## <desc>
-##	<p>
-##	Allow httpd to execute cgi scripts
-##	</p>
-## </desc>
-gen_tunable(httpd_enable_cgi, false)
-
-## <desc>
-##	<p>
-##	Allow httpd to act as a FTP server by
-##	listening on the ftp port.
-##	</p>
-## </desc>
-gen_tunable(httpd_enable_ftp_server, false)
-
-## <desc>
-##	<p>
-##	Allow httpd to read home directories
-##	</p>
-## </desc>
-gen_tunable(httpd_enable_homedirs, false)
-
-## <desc>
-##	<p>
-##	Allow httpd to read user content 
-##	</p>
-## </desc>
-gen_tunable(httpd_read_user_content, false)
-
-## <desc>
-##	<p>
-##	Allow HTTPD to run SSI executables in the same domain as system CGI scripts.
-##	</p>
-## </desc>
-gen_tunable(httpd_ssi_exec, false)
-
-## <desc>
-##	<p>
-##	Allow Apache to execute tmp content.
-##	</p>
-## </desc>
-gen_tunable(httpd_tmp_exec, false)
-
-## <desc>
-##	<p>
-##	Unify HTTPD to communicate with the terminal.
-##	Needed for entering the passphrase for certificates at
-##	the terminal.
-##	</p>
-## </desc>
-gen_tunable(httpd_tty_comm, false)
-
-## <desc>
-##	<p>
-##	Unify HTTPD handling of all content files.
-##	</p>
-## </desc>
-gen_tunable(httpd_unified, false)
-
-## <desc>
-##	<p>
-##	Allow httpd to access cifs file systems
-##	</p>
-## </desc>
-gen_tunable(httpd_use_cifs, false)
-
-## <desc>
-##	<p>
-##	Allow httpd to run gpg in gpg-web domain
-##	</p>
-## </desc>
-gen_tunable(httpd_use_gpg, false)
-
-## <desc>
-##	<p>
-##	Allow httpd to access nfs file systems
-##	</p>
-## </desc>
-gen_tunable(httpd_use_nfs, false)
-
-## <desc>
-##	<p>
-##	Allow apache scripts to write to public content.  Directories/Files must be labeled public_rw_content_t.
-##	</p>
-## </desc>
-gen_tunable(allow_httpd_sys_script_anon_write, false)
-
-attribute httpdcontent;
-attribute httpd_user_content_type;
-
-# domains that can exec all users scripts
-attribute httpd_exec_scripts;
-
-attribute httpd_script_exec_type;
-attribute httpd_user_script_exec_type;
-
-# user script domains
-attribute httpd_script_domains;
-
-type httpd_t;
-type httpd_exec_t;
-init_daemon_domain(httpd_t, httpd_exec_t)
-role system_r types httpd_t;
-
-# httpd_cache_t is the type given to the /var/cache/httpd
-# directory and the files under that directory
-type httpd_cache_t;
-files_type(httpd_cache_t)
-
-# httpd_config_t is the type given to the configuration files
-type httpd_config_t;
-files_type(httpd_config_t)
-
-type httpd_helper_t;
-type httpd_helper_exec_t;
-domain_type(httpd_helper_t)
-domain_entry_file(httpd_helper_t, httpd_helper_exec_t)
-role system_r types httpd_helper_t;
-
-type httpd_initrc_exec_t;
-init_script_file(httpd_initrc_exec_t)
-
-type httpd_lock_t;
-files_lock_file(httpd_lock_t)
-
-type httpd_log_t;
-logging_log_file(httpd_log_t)
-
-# httpd_modules_t is the type given to module files (libraries)
-# that come with Apache /etc/httpd/modules and /usr/lib/apache
-type httpd_modules_t;
-files_type(httpd_modules_t)
-
-type httpd_php_t;
-type httpd_php_exec_t;
-domain_type(httpd_php_t)
-domain_entry_file(httpd_php_t, httpd_php_exec_t)
-role system_r types httpd_php_t;
-
-type httpd_php_tmp_t;
-files_tmp_file(httpd_php_tmp_t)
-
-type httpd_rotatelogs_t;
-type httpd_rotatelogs_exec_t;
-init_daemon_domain(httpd_rotatelogs_t, httpd_rotatelogs_exec_t)
-
-type httpd_squirrelmail_t;
-files_type(httpd_squirrelmail_t)
-
-# SUEXEC runs user scripts as their own user ID
-type httpd_suexec_t; #, daemon;
-type httpd_suexec_exec_t;
-domain_type(httpd_suexec_t)
-domain_entry_file(httpd_suexec_t, httpd_suexec_exec_t)
-role system_r types httpd_suexec_t;
-
-type httpd_suexec_tmp_t;
-files_tmp_file(httpd_suexec_tmp_t)
-
-# setup the system domain for system CGI scripts
-apache_content_template(sys)
-
-typeattribute httpd_sys_content_t httpdcontent; # customizable
-typeattribute httpd_sys_rw_content_t httpdcontent; # customizable
-typeattribute httpd_sys_ra_content_t httpdcontent; # customizable
-
-# Removal of fastcgi, will cause problems without the following
-typealias httpd_sys_script_exec_t alias httpd_fastcgi_script_exec_t;
-typealias httpd_sys_content_t alias { httpd_fastcgi_content_t httpd_fastcgi_script_ro_t };
-typealias httpd_sys_rw_content_t alias { httpd_fastcgi_rw_content_t httpd_fastcgi_script_rw_t };
-typealias httpd_sys_ra_content_t alias httpd_fastcgi_script_ra_t;
-typealias httpd_sys_script_t alias httpd_fastcgi_script_t;
-
-type httpd_tmp_t;
-files_tmp_file(httpd_tmp_t)
-
-type httpd_tmpfs_t;
-files_tmpfs_file(httpd_tmpfs_t)
-
-apache_content_template(user)
-ubac_constrained(httpd_user_script_t)
-typeattribute httpd_user_content_t httpdcontent;
-typeattribute httpd_user_rw_content_t httpdcontent;
-typeattribute httpd_user_ra_content_t httpdcontent;
-
-userdom_user_home_content(httpd_user_content_t)
-userdom_user_home_content(httpd_user_htaccess_t)
-userdom_user_home_content(httpd_user_script_exec_t)
-userdom_user_home_content(httpd_user_ra_content_t)
-userdom_user_home_content(httpd_user_rw_content_t)
-typeattribute httpd_user_script_t httpd_script_domains;
-typealias httpd_user_content_t alias { httpd_staff_content_t httpd_sysadm_content_t };
-typealias httpd_user_content_t alias httpd_unconfined_content_t;
-typealias httpd_user_content_t alias { httpd_auditadm_content_t httpd_secadm_content_t };
-typealias httpd_user_content_t alias { httpd_staff_script_ro_t httpd_sysadm_script_ro_t };
-typealias httpd_user_content_t alias { httpd_auditadm_script_ro_t httpd_secadm_script_ro_t };
-typealias httpd_user_htaccess_t alias { httpd_staff_htaccess_t httpd_sysadm_htaccess_t };
-typealias httpd_user_htaccess_t alias { httpd_auditadm_htaccess_t httpd_secadm_htaccess_t };
-typealias httpd_user_script_t alias { httpd_staff_script_t httpd_sysadm_script_t };
-typealias httpd_user_script_t alias { httpd_auditadm_script_t httpd_secadm_script_t };
-typealias httpd_user_script_exec_t alias { httpd_staff_script_exec_t httpd_sysadm_script_exec_t };
-typealias httpd_user_script_exec_t alias { httpd_auditadm_script_exec_t httpd_secadm_script_exec_t };
-typealias httpd_user_rw_content_t alias { httpd_staff_script_rw_t httpd_sysadm_script_rw_t };
-typealias httpd_user_rw_content_t alias { httpd_auditadm_script_rw_t httpd_secadm_script_rw_t };
-typealias httpd_user_ra_content_t alias { httpd_staff_script_ra_t httpd_sysadm_script_ra_t };
-typealias httpd_user_ra_content_t alias { httpd_auditadm_script_ra_t httpd_secadm_script_ra_t };
-
-# for apache2 memory mapped files
-type httpd_var_lib_t;
-files_type(httpd_var_lib_t)
-
-type httpd_var_run_t;
-files_pid_file(httpd_var_run_t)
-
-# Removal of fastcgi, will cause problems without the following
-typealias httpd_var_run_t alias httpd_fastcgi_var_run_t;
-
-# File Type of squirrelmail attachments
-type squirrelmail_spool_t;
-files_tmp_file(squirrelmail_spool_t)
-
-optional_policy(`
-	prelink_object_file(httpd_modules_t)
-')
-
-########################################
-#
-# Apache server local policy
-#
-
-allow httpd_t self:capability { chown dac_override kill setgid setuid sys_nice sys_tty_config };
-dontaudit httpd_t self:capability { net_admin sys_tty_config };
-allow httpd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow httpd_t self:fd use;
-allow httpd_t self:sock_file read_sock_file_perms;
-allow httpd_t self:fifo_file rw_fifo_file_perms;
-allow httpd_t self:shm create_shm_perms;
-allow httpd_t self:sem create_sem_perms;
-allow httpd_t self:msgq create_msgq_perms;
-allow httpd_t self:msg { send receive };
-allow httpd_t self:unix_dgram_socket { create_socket_perms sendto };
-allow httpd_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow httpd_t self:tcp_socket create_stream_socket_perms;
-allow httpd_t self:udp_socket create_socket_perms;
-dontaudit httpd_t self:netlink_audit_socket create_socket_perms;
-
-# Allow httpd_t to put files in /var/cache/httpd etc
-manage_dirs_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
-manage_files_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
-manage_lnk_files_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
-files_var_filetrans(httpd_t, httpd_cache_t, { file dir })
-
-# Allow the httpd_t to read the web servers config files
-allow httpd_t httpd_config_t:dir list_dir_perms;
-read_files_pattern(httpd_t, httpd_config_t, httpd_config_t)
-read_lnk_files_pattern(httpd_t, httpd_config_t, httpd_config_t)
-
-can_exec(httpd_t, httpd_exec_t)
-
-allow httpd_t httpd_lock_t:file manage_file_perms;
-files_lock_filetrans(httpd_t, httpd_lock_t, file)
-
-allow httpd_t httpd_log_t:dir setattr;
-create_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
-append_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
-read_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
-read_lnk_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
-# cjp: need to refine create interfaces to
-# cut this back to add_name only
-logging_log_filetrans(httpd_t, httpd_log_t, file)
-
-allow httpd_t httpd_modules_t:dir list_dir_perms;
-mmap_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
-read_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
-read_lnk_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
-
-apache_domtrans_rotatelogs(httpd_t)
-# Apache-httpd needs to be able to send signals to the log rotate procs.
-allow httpd_t httpd_rotatelogs_t:process signal_perms;
-
-manage_dirs_pattern(httpd_t, httpd_squirrelmail_t, httpd_squirrelmail_t)
-manage_files_pattern(httpd_t, httpd_squirrelmail_t, httpd_squirrelmail_t)
-manage_lnk_files_pattern(httpd_t, httpd_squirrelmail_t, httpd_squirrelmail_t)
-
-allow httpd_t httpd_suexec_exec_t:file read_file_perms;
-
-allow httpd_t httpd_sys_content_t:dir list_dir_perms;
-read_files_pattern(httpd_t, httpd_sys_content_t, httpd_sys_content_t)
-read_lnk_files_pattern(httpd_t, httpd_sys_content_t, httpd_sys_content_t)
-
-allow httpd_t httpd_sys_script_t:unix_stream_socket connectto;
-
-manage_dirs_pattern(httpd_t, httpd_tmp_t, httpd_tmp_t)
-manage_files_pattern(httpd_t, httpd_tmp_t, httpd_tmp_t)
-manage_lnk_files_pattern(httpd_t, httpd_tmp_t, httpd_tmp_t)
-files_tmp_filetrans(httpd_t, httpd_tmp_t, { file dir lnk_file })
-
-manage_dirs_pattern(httpd_t, httpd_tmpfs_t, httpd_tmpfs_t)
-manage_files_pattern(httpd_t, httpd_tmpfs_t, httpd_tmpfs_t)
-manage_lnk_files_pattern(httpd_t, httpd_tmpfs_t, httpd_tmpfs_t)
-manage_fifo_files_pattern(httpd_t, httpd_tmpfs_t, httpd_tmpfs_t)
-manage_sock_files_pattern(httpd_t, httpd_tmpfs_t, httpd_tmpfs_t)
-fs_tmpfs_filetrans(httpd_t, httpd_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-manage_files_pattern(httpd_t, httpd_var_lib_t, httpd_var_lib_t)
-files_var_lib_filetrans(httpd_t, httpd_var_lib_t, file)
-
-setattr_dirs_pattern(httpd_t, httpd_var_run_t, httpd_var_run_t)
-manage_dirs_pattern(httpd_t, httpd_var_run_t, httpd_var_run_t)
-manage_files_pattern(httpd_t, httpd_var_run_t, httpd_var_run_t)
-manage_sock_files_pattern(httpd_t, httpd_var_run_t, httpd_var_run_t)
-files_pid_filetrans(httpd_t, httpd_var_run_t, { file sock_file dir })
-
-manage_dirs_pattern(httpd_t, squirrelmail_spool_t, squirrelmail_spool_t)
-manage_files_pattern(httpd_t, squirrelmail_spool_t, squirrelmail_spool_t)
-manage_lnk_files_pattern(httpd_t, squirrelmail_spool_t, squirrelmail_spool_t)
-
-kernel_read_kernel_sysctls(httpd_t)
-# for modules that want to access /proc/meminfo
-kernel_read_system_state(httpd_t)
-kernel_search_network_sysctl(httpd_t)
-
-corenet_all_recvfrom_unlabeled(httpd_t)
-corenet_all_recvfrom_netlabel(httpd_t)
-corenet_tcp_sendrecv_generic_if(httpd_t)
-corenet_udp_sendrecv_generic_if(httpd_t)
-corenet_tcp_sendrecv_generic_node(httpd_t)
-corenet_udp_sendrecv_generic_node(httpd_t)
-corenet_tcp_sendrecv_all_ports(httpd_t)
-corenet_udp_sendrecv_all_ports(httpd_t)
-corenet_tcp_bind_generic_node(httpd_t)
-corenet_udp_bind_generic_node(httpd_t)
-corenet_tcp_bind_http_port(httpd_t)
-corenet_tcp_bind_http_cache_port(httpd_t)
-corenet_tcp_bind_ntop_port(httpd_t)
-corenet_sendrecv_http_server_packets(httpd_t)
-# Signal self for shutdown
-corenet_tcp_connect_http_port(httpd_t)
-
-dev_read_sysfs(httpd_t)
-dev_read_rand(httpd_t)
-dev_read_urand(httpd_t)
-dev_rw_crypto(httpd_t)
-
-fs_getattr_all_fs(httpd_t)
-fs_search_auto_mountpoints(httpd_t)
-fs_read_iso9660_files(httpd_t)
-fs_read_anon_inodefs_files(httpd_t)
-
-auth_use_nsswitch(httpd_t)
-
-application_exec_all(httpd_t)
-
-domain_use_interactive_fds(httpd_t)
-
-files_dontaudit_getattr_all_pids(httpd_t)
-files_read_usr_files(httpd_t)
-files_list_mnt(httpd_t)
-files_search_spool(httpd_t)
-files_read_var_lib_files(httpd_t)
-files_search_home(httpd_t)
-files_getattr_home_dir(httpd_t)
-# for modules that want to access /etc/mtab
-files_read_etc_runtime_files(httpd_t)
-# Allow httpd_t to have access to files such as nisswitch.conf
-files_read_etc_files(httpd_t)
-# for tomcat
-files_read_var_lib_symlinks(httpd_t)
-
-fs_search_auto_mountpoints(httpd_sys_script_t)
-# php uploads a file to /tmp and then execs programs to acton them
-manage_dirs_pattern(httpd_sys_script_t, httpd_tmp_t, httpd_tmp_t)
-manage_files_pattern(httpd_sys_script_t, httpd_tmp_t, httpd_tmp_t)
-files_tmp_filetrans(httpd_sys_script_t, httpd_sys_rw_content_t, { dir file lnk_file sock_file fifo_file })
-
-libs_read_lib_files(httpd_t)
-
-logging_send_syslog_msg(httpd_t)
-
-miscfiles_read_localization(httpd_t)
-miscfiles_read_fonts(httpd_t)
-miscfiles_read_public_files(httpd_t)
-miscfiles_read_generic_certs(httpd_t)
-
-seutil_dontaudit_search_config(httpd_t)
-
-userdom_use_unpriv_users_fds(httpd_t)
-
-tunable_policy(`httpd_setrlimit',`
-	allow httpd_t self:process setrlimit;
-')
-
-tunable_policy(`allow_httpd_anon_write',`
-	miscfiles_manage_public_files(httpd_t)
-')
-
-#
-# We need optionals to be able to be within booleans to make this work
-#
-tunable_policy(`allow_httpd_mod_auth_pam',`
-	auth_domtrans_chkpwd(httpd_t)
-	logging_send_audit_msgs(httpd_t)
-')
-
-optional_policy(`
-	tunable_policy(`allow_httpd_mod_auth_ntlm_winbind',`
-		samba_domtrans_winbind_helper(httpd_t)
-	')
-')
-
-tunable_policy(`httpd_can_network_connect',`
-	corenet_tcp_connect_all_ports(httpd_t)
-')
-
-tunable_policy(`httpd_can_network_connect_db',`
-	corenet_tcp_connect_mssql_port(httpd_t)
-	corenet_sendrecv_mssql_client_packets(httpd_t)
-')
-
-tunable_policy(`httpd_can_network_memcache',`
-	corenet_tcp_connect_memcache_port(httpd_t)
-')
-
-tunable_policy(`httpd_can_network_relay',`
-	# allow httpd to work as a relay
-	corenet_tcp_connect_gopher_port(httpd_t)
-	corenet_tcp_connect_ftp_port(httpd_t)
-	corenet_tcp_connect_http_port(httpd_t)
-	corenet_tcp_connect_http_cache_port(httpd_t)
-	corenet_tcp_connect_squid_port(httpd_t)
-	corenet_tcp_connect_memcache_port(httpd_t)
-	corenet_sendrecv_gopher_client_packets(httpd_t)
-	corenet_sendrecv_ftp_client_packets(httpd_t)
-	corenet_sendrecv_http_client_packets(httpd_t)
-	corenet_sendrecv_http_cache_client_packets(httpd_t)
-	corenet_sendrecv_squid_client_packets(httpd_t)
-')
-
-tunable_policy(`httpd_execmem',`
-	allow httpd_t self:process { execmem execstack };
-	allow httpd_sys_script_t self:process { execmem execstack };
-	allow httpd_suexec_t self:process { execmem execstack };
-')
-
-tunable_policy(`httpd_enable_cgi && httpd_unified',`
-	allow httpd_sys_script_t httpd_sys_content_t:file entrypoint;
-	filetrans_pattern(httpd_sys_script_t, httpd_sys_content_t, httpd_sys_rw_content_t, { file dir lnk_file })
-	can_exec(httpd_sys_script_t, httpd_sys_content_t)
-')
-
-tunable_policy(`allow_httpd_sys_script_anon_write',`
-	miscfiles_manage_public_files(httpd_sys_script_t)
-')
-
-tunable_policy(`httpd_enable_cgi && httpd_use_nfs',`
-	fs_nfs_domtrans(httpd_t, httpd_sys_script_t)
-')
-
-tunable_policy(`httpd_enable_cgi && httpd_use_cifs',`
-	fs_cifs_domtrans(httpd_t, httpd_sys_script_t)
-')
-
-tunable_policy(`httpd_enable_cgi && httpd_unified && httpd_builtin_scripting',`
-	domtrans_pattern(httpd_t, httpdcontent, httpd_sys_script_t)
-	filetrans_pattern(httpd_t, httpd_sys_content_t, httpd_sys_rw_content_t, { file dir lnk_file })
-	manage_dirs_pattern(httpd_t, httpdcontent, httpd_sys_rw_content_t)
-	manage_files_pattern(httpd_t, httpdcontent, httpd_sys_rw_content_t)
-	manage_lnk_files_pattern(httpd_t, httpdcontent, httpd_sys_rw_content_t)
-
-	manage_dirs_pattern(httpd_t, httpdcontent, httpdcontent)
-	manage_files_pattern(httpd_t, httpdcontent, httpdcontent)
-	manage_lnk_files_pattern(httpd_t, httpdcontent, httpdcontent)
-')
-
-tunable_policy(`httpd_enable_ftp_server',`
-	corenet_tcp_bind_ftp_port(httpd_t)
-')
-
-tunable_policy(`httpd_tmp_exec && httpd_builtin_scripting',`
-	can_exec(httpd_t, httpd_tmp_t)
-')
-
-tunable_policy(`httpd_tmp_exec && httpd_enable_cgi',`
-	can_exec(httpd_sys_script_t, httpd_tmp_t)
-')
-
-tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-	fs_read_nfs_files(httpd_t)
-	fs_read_nfs_symlinks(httpd_t)
-')
-
-tunable_policy(`httpd_use_nfs',`
-	fs_manage_nfs_dirs(httpd_t)
-	fs_manage_nfs_files(httpd_t)
-	fs_manage_nfs_symlinks(httpd_t)
-')
-
-tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
-	fs_read_cifs_files(httpd_t)
-	fs_read_cifs_symlinks(httpd_t)
-')
-
-tunable_policy(`httpd_can_sendmail',`
-	# allow httpd to connect to mail servers
-	corenet_tcp_connect_smtp_port(httpd_t)
-	corenet_sendrecv_smtp_client_packets(httpd_t)
-	corenet_tcp_connect_pop_port(httpd_t)
-	corenet_sendrecv_pop_client_packets(httpd_t)
-	mta_send_mail(httpd_t)
-	mta_signal_system_mail(httpd_t)
-')
-
-tunable_policy(`httpd_use_cifs',`
-	fs_manage_cifs_dirs(httpd_t)
-	fs_manage_cifs_files(httpd_t)
-	fs_manage_cifs_symlinks(httpd_t)
-')
-
-tunable_policy(`httpd_ssi_exec',`
-	corecmd_shell_domtrans(httpd_t, httpd_sys_script_t)
-	allow httpd_sys_script_t httpd_t:fd use;
-	allow httpd_sys_script_t httpd_t:fifo_file rw_file_perms;
-	allow httpd_sys_script_t httpd_t:process sigchld;
-')
-
-# When the admin starts the server, the server wants to access
-# the TTY or PTY associated with the session. The httpd appears
-# to run correctly without this permission, so the permission
-# are dontaudited here.
-tunable_policy(`httpd_tty_comm',`
-	userdom_use_user_terminals(httpd_t)
-	userdom_use_user_terminals(httpd_suexec_t)
-',`
-	userdom_dontaudit_use_user_terminals(httpd_t)
-	userdom_dontaudit_use_user_terminals(httpd_suexec_t)
-')
-
-optional_policy(`
-	calamaris_read_www_files(httpd_t)
-')
-
-optional_policy(`
-	ccs_read_config(httpd_t)
-')
-
-optional_policy(`
-	cobbler_list_config(httpd_t)
-	cobbler_read_config(httpd_t)
-	cobbler_read_lib_files(httpd_t)
-
-	tunable_policy(`httpd_can_network_connect_cobbler',`
-		corenet_tcp_connect_cobbler_port(httpd_t)
-	')
-')
-
-optional_policy(`
-	cron_system_entry(httpd_t, httpd_exec_t)
-')
-
-optional_policy(`
-	cvs_read_data(httpd_t)
-')
-
-optional_policy(`
-	daemontools_service_domain(httpd_t, httpd_exec_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(httpd_t)
-
-	tunable_policy(`httpd_dbus_avahi',`
-		avahi_dbus_chat(httpd_t)
-	')
-')
-
-optional_policy(`
-	gitosis_read_lib_files(httpd_t)
-')
-
-optional_policy(`
-	tunable_policy(`httpd_enable_cgi && httpd_use_gpg',`
-		gpg_domtrans_web(httpd_t)
-	')
-')
-
-optional_policy(`
-	kerberos_keytab_template(httpd, httpd_t)
-')
-
-optional_policy(`
-	mailman_signal_cgi(httpd_t)
-	mailman_domtrans_cgi(httpd_t)
-	mailman_read_data_files(httpd_t)
-	# should have separate types for public and private archives
-	mailman_search_data(httpd_t)
-	mailman_read_archive(httpd_t)
-')
-
-optional_policy(`
-	mediawiki_read_tmp_files(httpd_t)
-	mediawiki_delete_tmp_files(httpd_t)
-')
-
-optional_policy(`
-	# Allow httpd to work with mysql
-	mysql_read_config(httpd_t)
-	mysql_stream_connect(httpd_t)
-	mysql_rw_db_sockets(httpd_t)
-
-	tunable_policy(`httpd_can_network_connect_db',`
-		mysql_tcp_connect(httpd_t)
-	')
-')
-
-optional_policy(`
-	nagios_read_config(httpd_t)
-	nagios_read_log(httpd_t)
-')
-
-optional_policy(`
-	openca_domtrans(httpd_t)
-	openca_signal(httpd_t)
-	openca_sigstop(httpd_t)
-	openca_kill(httpd_t)
-')
-
-optional_policy(`
-	passenger_domtrans(httpd_t)
-	passenger_manage_pid_content(httpd_t)
-	passenger_read_lib_files(httpd_t)
-')
-
-optional_policy(`
-	rpc_search_nfs_state_data(httpd_t)
-')
-
-optional_policy(`
-	# Allow httpd to work with postgresql
-	postgresql_stream_connect(httpd_t)
-	postgresql_unpriv_client(httpd_t)
-
-	tunable_policy(`httpd_can_network_connect_db',`
-		postgresql_tcp_connect(httpd_t)
-	')
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(httpd_t)
-')
-
-optional_policy(`
-	smokeping_read_lib_files(httpd_t)
-')
-
-optional_policy(`
-	files_dontaudit_rw_usr_dirs(httpd_t)
-	snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
-	snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
-')
-
-optional_policy(`
-	udev_read_db(httpd_t)
-')
-
-optional_policy(`
-	yam_read_content(httpd_t)
-')
-
-optional_policy(`
-	zarafa_stream_connect_server(httpd_t)
-')
-
-########################################
-#
-# Apache helper local policy
-#
-
-domtrans_pattern(httpd_t, httpd_helper_exec_t, httpd_helper_t)
-
-allow httpd_helper_t httpd_config_t:file read_file_perms;
-
-allow httpd_helper_t httpd_log_t:file append_file_perms;
-
-logging_send_syslog_msg(httpd_helper_t)
-
-userdom_use_user_terminals(httpd_helper_t)
-
-tunable_policy(`httpd_tty_comm',`
-	userdom_use_user_terminals(httpd_helper_t)
-')
-
-########################################
-#
-# Apache PHP script local policy
-#
-
-allow httpd_php_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow httpd_php_t self:fd use;
-allow httpd_php_t self:fifo_file rw_fifo_file_perms;
-allow httpd_php_t self:sock_file read_sock_file_perms;
-allow httpd_php_t self:unix_dgram_socket create_socket_perms;
-allow httpd_php_t self:unix_stream_socket create_stream_socket_perms;
-allow httpd_php_t self:unix_dgram_socket sendto;
-allow httpd_php_t self:unix_stream_socket connectto;
-allow httpd_php_t self:shm create_shm_perms;
-allow httpd_php_t self:sem create_sem_perms;
-allow httpd_php_t self:msgq create_msgq_perms;
-allow httpd_php_t self:msg { send receive };
-
-domtrans_pattern(httpd_t, httpd_php_exec_t, httpd_php_t)
-
-# allow php to read and append to apache logfiles
-allow httpd_php_t httpd_log_t:file { read_file_perms append_file_perms };
-
-manage_dirs_pattern(httpd_php_t, httpd_php_tmp_t, httpd_php_tmp_t)
-manage_files_pattern(httpd_php_t, httpd_php_tmp_t, httpd_php_tmp_t)
-files_tmp_filetrans(httpd_php_t, httpd_php_tmp_t, { file dir })
-
-fs_search_auto_mountpoints(httpd_php_t)
-
-auth_use_nsswitch(httpd_php_t)
-
-libs_exec_lib_files(httpd_php_t)
-
-userdom_use_unpriv_users_fds(httpd_php_t)
-
-tunable_policy(`httpd_can_network_connect_db',`
-	corenet_tcp_connect_mssql_port(httpd_php_t)
-	corenet_sendrecv_mssql_client_packets(httpd_php_t)
-')
-
-optional_policy(`
-	mysql_stream_connect(httpd_php_t)
-	mysql_rw_db_sockets(httpd_php_t)
-	mysql_read_config(httpd_php_t)
-
-	tunable_policy(`httpd_can_network_connect_db',`
-		mysql_tcp_connect(httpd_php_t)
-	')
-')
-
-optional_policy(`
-	postgresql_stream_connect(httpd_php_t)
-	postgresql_unpriv_client(httpd_php_t)
-
-	tunable_policy(`httpd_can_network_connect_db',`
-		postgresql_tcp_connect(httpd_php_t)
-	')
-')
-
-########################################
-#
-# Apache suexec local policy
-#
-
-allow httpd_suexec_t self:capability { setuid setgid };
-allow httpd_suexec_t self:process signal_perms;
-allow httpd_suexec_t self:unix_stream_socket create_stream_socket_perms;
-
-domtrans_pattern(httpd_t, httpd_suexec_exec_t, httpd_suexec_t)
-
-create_files_pattern(httpd_suexec_t, httpd_log_t, httpd_log_t)
-append_files_pattern(httpd_suexec_t, httpd_log_t, httpd_log_t)
-read_files_pattern(httpd_suexec_t, httpd_log_t, httpd_log_t)
-
-allow httpd_suexec_t httpd_t:fifo_file read_fifo_file_perms;
-
-manage_dirs_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
-manage_files_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
-files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
-
-can_exec(httpd_suexec_t, httpd_sys_script_exec_t)
-
-read_files_pattern(httpd_suexec_t, httpd_user_content_t, httpd_user_content_t)
-read_files_pattern(httpd_suexec_t, httpd_user_rw_content_t, httpd_user_rw_content_t)
-read_files_pattern(httpd_suexec_t, httpd_user_ra_content_t, httpd_user_ra_content_t)
-
-kernel_read_kernel_sysctls(httpd_suexec_t)
-kernel_list_proc(httpd_suexec_t)
-kernel_read_proc_symlinks(httpd_suexec_t)
-
-dev_read_urand(httpd_suexec_t)
-
-fs_read_iso9660_files(httpd_suexec_t)
-fs_search_auto_mountpoints(httpd_suexec_t)
-
-application_exec_all(httpd_suexec_t)
-
-files_read_etc_files(httpd_suexec_t)
-files_read_usr_files(httpd_suexec_t)
-files_dontaudit_search_pids(httpd_suexec_t)
-files_search_home(httpd_suexec_t)
-
-auth_use_nsswitch(httpd_suexec_t)
-
-logging_search_logs(httpd_suexec_t)
-logging_send_syslog_msg(httpd_suexec_t)
-
-miscfiles_read_localization(httpd_suexec_t)
-miscfiles_read_public_files(httpd_suexec_t)
-
-tunable_policy(`httpd_can_network_connect',`
-	allow httpd_suexec_t self:tcp_socket create_stream_socket_perms;
-	allow httpd_suexec_t self:udp_socket create_socket_perms;
-
-	corenet_all_recvfrom_unlabeled(httpd_suexec_t)
-	corenet_all_recvfrom_netlabel(httpd_suexec_t)
-	corenet_tcp_sendrecv_generic_if(httpd_suexec_t)
-	corenet_udp_sendrecv_generic_if(httpd_suexec_t)
-	corenet_tcp_sendrecv_generic_node(httpd_suexec_t)
-	corenet_udp_sendrecv_generic_node(httpd_suexec_t)
-	corenet_tcp_sendrecv_all_ports(httpd_suexec_t)
-	corenet_udp_sendrecv_all_ports(httpd_suexec_t)
-	corenet_tcp_connect_all_ports(httpd_suexec_t)
-	corenet_sendrecv_all_client_packets(httpd_suexec_t)
-')
-
-tunable_policy(`httpd_can_network_connect_db',`
-	corenet_tcp_connect_mssql_port(httpd_suexec_t)
-	corenet_sendrecv_mssql_client_packets(httpd_suexec_t)
-')
-
-domain_entry_file(httpd_sys_script_t, httpd_sys_content_t)
-
-tunable_policy(`httpd_enable_cgi && httpd_unified',`
-	allow httpd_sys_script_t httpdcontent:file entrypoint;
-	domtrans_pattern(httpd_suexec_t, httpdcontent, httpd_sys_script_t)
-	manage_dirs_pattern(httpd_sys_script_t, httpdcontent, httpdcontent)
-	manage_files_pattern(httpd_sys_script_t, httpdcontent, httpdcontent)
-	manage_sock_files_pattern(httpd_sys_script_t, httpdcontent, httpdcontent)
-	manage_lnk_files_pattern(httpd_sys_script_t, httpdcontent, httpdcontent)
-')
-
-tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-	fs_read_nfs_files(httpd_suexec_t)
-	fs_read_nfs_symlinks(httpd_suexec_t)
-	fs_exec_nfs_files(httpd_suexec_t)
-')
-
-tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
-	fs_read_cifs_files(httpd_suexec_t)
-	fs_read_cifs_symlinks(httpd_suexec_t)
-	fs_exec_cifs_files(httpd_suexec_t)
-')
-
-optional_policy(`
-	mailman_domtrans_cgi(httpd_suexec_t)
-')
-
-optional_policy(`
-	mta_stub(httpd_suexec_t)
-
-	# apache should set close-on-exec
-	dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
-')
-
-optional_policy(`
-	mysql_stream_connect(httpd_suexec_t)
-	mysql_rw_db_sockets(httpd_suexec_t)
-	mysql_read_config(httpd_suexec_t)
-
-	tunable_policy(`httpd_can_network_connect_db',`
-		mysql_tcp_connect(httpd_suexec_t)
-	')
-')
-
-optional_policy(`
-	postgresql_stream_connect(httpd_suexec_t)
-	postgresql_unpriv_client(httpd_suexec_t)
-
-	tunable_policy(`httpd_can_network_connect_db',`
-		postgresql_tcp_connect(httpd_suexec_t)
-	')
-')
-
-########################################
-#
-# Apache system script local policy
-#
-
-allow httpd_sys_script_t self:process getsched;
-
-allow httpd_sys_script_t httpd_t:unix_stream_socket rw_stream_socket_perms;
-allow httpd_sys_script_t httpd_t:tcp_socket { read write };
-
-dontaudit httpd_sys_script_t httpd_config_t:dir search;
-
-allow httpd_sys_script_t httpd_squirrelmail_t:file { append_file_perms read_file_perms };
-
-allow httpd_sys_script_t squirrelmail_spool_t:dir list_dir_perms;
-read_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_spool_t)
-read_lnk_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_spool_t)
-
-kernel_read_kernel_sysctls(httpd_sys_script_t)
-
-files_search_var_lib(httpd_sys_script_t)
-files_search_spool(httpd_sys_script_t)
-
-logging_inherit_append_all_logs(httpd_sys_script_t)
-
-# Should we add a boolean?
-apache_domtrans_rotatelogs(httpd_sys_script_t)
-
-auth_use_nsswitch(httpd_sys_script_t)
-
-ifdef(`distro_redhat',`
-	allow httpd_sys_script_t httpd_log_t:file append_file_perms;
-')
-
-tunable_policy(`httpd_can_sendmail',`
-	mta_send_mail(httpd_sys_script_t)
-')
-
-optional_policy(`
-	tunable_policy(`httpd_can_sendmail && httpd_can_check_spam',`
-		spamassassin_domtrans_client(httpd_t)
-	')
-')
-
-tunable_policy(`httpd_can_network_connect_db',`
-	corenet_tcp_connect_mssql_port(httpd_sys_script_t)
-	corenet_sendrecv_mssql_client_packets(httpd_sys_script_t)
-')
-
-fs_cifs_entry_type(httpd_sys_script_t)
-fs_read_iso9660_files(httpd_sys_script_t)
-fs_nfs_entry_type(httpd_sys_script_t)
-
-tunable_policy(`httpd_use_nfs',`
-	fs_manage_nfs_dirs(httpd_sys_script_t)
-	fs_manage_nfs_files(httpd_sys_script_t)
-	fs_manage_nfs_symlinks(httpd_sys_script_t)
-	fs_exec_nfs_files(httpd_sys_script_t)
-
-	fs_manage_nfs_dirs(httpd_suexec_t)
-	fs_manage_nfs_files(httpd_suexec_t)
-	fs_manage_nfs_symlinks(httpd_suexec_t)
-	fs_exec_nfs_files(httpd_suexec_t)
-')
-
-tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
-	allow httpd_sys_script_t self:tcp_socket create_stream_socket_perms;
-	allow httpd_sys_script_t self:udp_socket create_socket_perms;
-
-	corenet_tcp_bind_all_nodes(httpd_sys_script_t)
-	corenet_udp_bind_all_nodes(httpd_sys_script_t)
-	corenet_all_recvfrom_unlabeled(httpd_sys_script_t)
-	corenet_all_recvfrom_netlabel(httpd_sys_script_t)
-	corenet_tcp_sendrecv_all_if(httpd_sys_script_t)
-	corenet_udp_sendrecv_all_if(httpd_sys_script_t)
-	corenet_tcp_sendrecv_all_nodes(httpd_sys_script_t)
-	corenet_udp_sendrecv_all_nodes(httpd_sys_script_t)
-	corenet_tcp_sendrecv_all_ports(httpd_sys_script_t)
-	corenet_udp_sendrecv_all_ports(httpd_sys_script_t)
-	corenet_tcp_connect_all_ports(httpd_sys_script_t)
-	corenet_sendrecv_all_client_packets(httpd_sys_script_t)
-')
-
-tunable_policy(`httpd_enable_homedirs',`
-	userdom_search_user_home_dirs(httpd_sys_script_t)
-')
-
-tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-	fs_read_nfs_files(httpd_sys_script_t)
-	fs_read_nfs_symlinks(httpd_sys_script_t)
-')
-
-tunable_policy(`httpd_read_user_content',`
-	userdom_read_user_home_content_files(httpd_sys_script_t)
-')
-
-tunable_policy(`httpd_use_cifs',`
-	fs_manage_cifs_dirs(httpd_sys_script_t)
-	fs_manage_cifs_files(httpd_sys_script_t)
-	fs_manage_cifs_symlinks(httpd_sys_script_t)
-	fs_manage_cifs_dirs(httpd_suexec_t)
-	fs_manage_cifs_files(httpd_suexec_t)
-	fs_manage_cifs_symlinks(httpd_suexec_t)
-	fs_exec_cifs_files(httpd_suexec_t)
-')
-
-tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
-	fs_read_cifs_files(httpd_sys_script_t)
-	fs_read_cifs_symlinks(httpd_sys_script_t)
-')
-
-optional_policy(`
-	clamav_domtrans_clamscan(httpd_sys_script_t)
-')
-
-optional_policy(`
-	mysql_stream_connect(httpd_sys_script_t)
-	mysql_rw_db_sockets(httpd_sys_script_t)
-	mysql_read_config(httpd_sys_script_t)
-
-	tunable_policy(`httpd_can_network_connect_db',`
-		mysql_tcp_connect(httpd_sys_script_t)
-	')
-')
-
-optional_policy(`
-	postgresql_stream_connect(httpd_sys_script_t)
-	postgresql_unpriv_client(httpd_sys_script_t)
-
-	tunable_policy(`httpd_can_network_connect_db',`
-		postgresql_tcp_connect(httpd_sys_script_t)
-	')
-')
-
-########################################
-#
-# httpd_rotatelogs local policy
-#
-
-allow httpd_rotatelogs_t self:capability dac_override;
-
-manage_files_pattern(httpd_rotatelogs_t, httpd_log_t, httpd_log_t)
-
-kernel_read_kernel_sysctls(httpd_rotatelogs_t)
-kernel_dontaudit_list_proc(httpd_rotatelogs_t)
-kernel_dontaudit_read_proc_symlinks(httpd_rotatelogs_t)
-
-files_read_etc_files(httpd_rotatelogs_t)
-
-logging_search_logs(httpd_rotatelogs_t)
-
-miscfiles_read_localization(httpd_rotatelogs_t)
-
-########################################
-#
-# Unconfined script local policy
-#
-
-optional_policy(`
-	type httpd_unconfined_script_t;
-	type httpd_unconfined_script_exec_t;
-	domain_type(httpd_unconfined_script_t)
-	domain_entry_file(httpd_unconfined_script_t, httpd_unconfined_script_exec_t)
-	domtrans_pattern(httpd_t, httpd_unconfined_script_exec_t, httpd_unconfined_script_t)
-	unconfined_domain(httpd_unconfined_script_t)
-
-	role system_r types httpd_unconfined_script_t;
-	allow httpd_t httpd_unconfined_script_t:process signal_perms;
-')
-
-########################################
-#
-# User content local policy
-#
-
-tunable_policy(`httpd_enable_cgi && httpd_unified',`
-	allow httpd_user_script_t httpdcontent:file entrypoint;
-	manage_dirs_pattern(httpd_user_script_t, httpd_user_content_t, httpd_user_content_t)
-	manage_files_pattern(httpd_user_script_t, httpd_user_content_t, httpd_user_content_t)
-	manage_dirs_pattern(httpd_user_script_t, httpd_user_ra_content_t, httpd_user_ra_content_t)
-	manage_files_pattern(httpd_user_script_t, httpd_user_ra_content_t, httpd_user_ra_content_t)
-')
-
-# allow accessing files/dirs below the users home dir
-tunable_policy(`httpd_enable_homedirs',`
-	userdom_search_user_home_content(httpd_t)
-	userdom_search_user_home_content(httpd_suexec_t)
-	userdom_search_user_home_content(httpd_user_script_t)
-')
-
-tunable_policy(`httpd_read_user_content',`
-	userdom_read_user_home_content_files(httpd_t)
-	userdom_read_user_home_content_files(httpd_suexec_t)
-	userdom_read_user_home_content_files(httpd_user_script_t)
-')
diff --git a/policy/modules/services/apcupsd.fc b/policy/modules/services/apcupsd.fc
deleted file mode 100644
index cd07b96..0000000
--- a/policy/modules/services/apcupsd.fc
+++ /dev/null
@@ -1,15 +0,0 @@
-/etc/rc\.d/init\.d/apcupsd	--	gen_context(system_u:object_r:apcupsd_initrc_exec_t,s0)
-
-/sbin/apcupsd			--	gen_context(system_u:object_r:apcupsd_exec_t,s0)
-
-/usr/sbin/apcupsd		--	gen_context(system_u:object_r:apcupsd_exec_t,s0)
-
-/var/log/apcupsd\.events.*	--	gen_context(system_u:object_r:apcupsd_log_t,s0)
-/var/log/apcupsd\.status.*	--	gen_context(system_u:object_r:apcupsd_log_t,s0)
-
-/var/run/apcupsd\.pid		--	gen_context(system_u:object_r:apcupsd_var_run_t,s0)
-
-/var/www/apcupsd/multimon\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
-/var/www/apcupsd/upsfstats\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
-/var/www/apcupsd/upsimage\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
-/var/www/apcupsd/upsstats\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
diff --git a/policy/modules/services/apcupsd.if b/policy/modules/services/apcupsd.if
deleted file mode 100644
index d3451b8..0000000
--- a/policy/modules/services/apcupsd.if
+++ /dev/null
@@ -1,166 +0,0 @@
-## <summary>APC UPS monitoring daemon</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run apcupsd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`apcupsd_domtrans',`
-	gen_require(`
-		type apcupsd_t, apcupsd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, apcupsd_exec_t, apcupsd_t)
-')
-
-########################################
-## <summary>
-##	Execute apcupsd server in the apcupsd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`apcupsd_initrc_domtrans',`
-	gen_require(`
-		type apcupsd_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, apcupsd_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Read apcupsd PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apcupsd_read_pid_files',`
-	gen_require(`
-		type apcupsd_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 apcupsd_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read apcupsd's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`apcupsd_read_log',`
-	gen_require(`
-		type apcupsd_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 apcupsd_log_t:dir list_dir_perms;
-	allow $1 apcupsd_log_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to append
-##	apcupsd log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apcupsd_append_log',`
-	gen_require(`
-		type apcupsd_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 apcupsd_log_t:dir list_dir_perms;
-	allow $1 apcupsd_log_t:file append_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run httpd_apcupsd_cgi_script.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`apcupsd_cgi_script_domtrans',`
-	gen_require(`
-		type httpd_apcupsd_cgi_script_t, httpd_apcupsd_cgi_script_exec_t;
-	')
-
-	optional_policy(`
-		apache_search_sys_content($1)
-	')
-
-	files_search_var($1)
-	domtrans_pattern($1, httpd_apcupsd_cgi_script_exec_t, httpd_apcupsd_cgi_script_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an apcupsd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the apcupsd domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`apcupsd_admin',`
-	gen_require(`
-		type apcupsd_t, apcupsd_tmp_t, apcupsd_log_t;
-		type apcupsd_lock_t, apcupsd_var_run_t, apcupsd_initrc_exec_t;
-	')
-
-	allow $1 apcupsd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, apcupsd_t)
-
-	apcupsd_initrc_domtrans($1, apcupsd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 apcupsd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_var($1)
-	admin_pattern($1, apcupsd_lock_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, apcupsd_log_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, apcupsd_tmp_t)
-
-	files_list_pids($1)
-	admin_pattern($1, apcupsd_var_run_t)
-')
diff --git a/policy/modules/services/apcupsd.te b/policy/modules/services/apcupsd.te
deleted file mode 100644
index 472ddad..0000000
--- a/policy/modules/services/apcupsd.te
+++ /dev/null
@@ -1,127 +0,0 @@
-policy_module(apcupsd, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type apcupsd_t;
-type apcupsd_exec_t;
-init_daemon_domain(apcupsd_t, apcupsd_exec_t)
-
-type apcupsd_lock_t;
-files_lock_file(apcupsd_lock_t)
-
-type apcupsd_initrc_exec_t;
-init_script_file(apcupsd_initrc_exec_t)
-
-type apcupsd_log_t;
-logging_log_file(apcupsd_log_t)
-
-type apcupsd_tmp_t;
-files_tmp_file(apcupsd_tmp_t)
-
-type apcupsd_var_run_t;
-files_pid_file(apcupsd_var_run_t)
-
-########################################
-#
-# apcupsd local policy
-#
-
-allow apcupsd_t self:capability { dac_override setgid sys_tty_config };
-allow apcupsd_t self:process signal;
-allow apcupsd_t self:fifo_file rw_file_perms;
-allow apcupsd_t self:unix_stream_socket create_stream_socket_perms;
-allow apcupsd_t self:tcp_socket create_stream_socket_perms;
-
-allow apcupsd_t apcupsd_lock_t:file manage_file_perms;
-files_lock_filetrans(apcupsd_t, apcupsd_lock_t, file)
-
-allow apcupsd_t apcupsd_log_t:dir setattr;
-manage_files_pattern(apcupsd_t, apcupsd_log_t, apcupsd_log_t)
-logging_log_filetrans(apcupsd_t, apcupsd_log_t, { file dir })
-
-manage_files_pattern(apcupsd_t, apcupsd_tmp_t, apcupsd_tmp_t)
-files_tmp_filetrans(apcupsd_t, apcupsd_tmp_t, file)
-
-manage_files_pattern(apcupsd_t, apcupsd_var_run_t, apcupsd_var_run_t)
-files_pid_filetrans(apcupsd_t, apcupsd_var_run_t, file)
-
-kernel_read_system_state(apcupsd_t)
-
-corecmd_exec_bin(apcupsd_t)
-corecmd_exec_shell(apcupsd_t)
-
-corenet_all_recvfrom_unlabeled(apcupsd_t)
-corenet_all_recvfrom_netlabel(apcupsd_t)
-corenet_tcp_sendrecv_generic_if(apcupsd_t)
-corenet_tcp_sendrecv_generic_node(apcupsd_t)
-corenet_tcp_sendrecv_all_ports(apcupsd_t)
-corenet_tcp_bind_generic_node(apcupsd_t)
-corenet_tcp_bind_apcupsd_port(apcupsd_t)
-corenet_sendrecv_apcupsd_server_packets(apcupsd_t)
-corenet_tcp_connect_apcupsd_port(apcupsd_t)
-
-dev_rw_generic_usb_dev(apcupsd_t)
-
-# Init script handling
-domain_use_interactive_fds(apcupsd_t)
-
-files_read_etc_files(apcupsd_t)
-files_search_locks(apcupsd_t)
-# Creates /etc/nologin
-files_manage_etc_runtime_files(apcupsd_t)
-files_etc_filetrans_etc_runtime(apcupsd_t, file)
-
-# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240805
-term_use_unallocated_ttys(apcupsd_t)
-
-#apcupsd runs shutdown, probably need a shutdown domain
-init_rw_utmp(apcupsd_t)
-init_telinit(apcupsd_t)
-
-logging_send_syslog_msg(apcupsd_t)
-
-miscfiles_read_localization(apcupsd_t)
-
-sysnet_dns_name_resolve(apcupsd_t)
-
-userdom_use_user_ttys(apcupsd_t)
-
-optional_policy(`
-	hostname_exec(apcupsd_t)
-')
-
-optional_policy(`
-	shutdown_domtrans(apcupsd_t)
-')
-
-optional_policy(`
-	mta_send_mail(apcupsd_t)
-	mta_system_content(apcupsd_tmp_t)
-')
-
-########################################
-#
-# apcupsd_cgi Declarations
-#
-
-optional_policy(`
-	apache_content_template(apcupsd_cgi)
-
-	allow httpd_apcupsd_cgi_script_t self:tcp_socket create_stream_socket_perms;
-	allow httpd_apcupsd_cgi_script_t self:udp_socket create_socket_perms;
-
-	corenet_all_recvfrom_unlabeled(httpd_apcupsd_cgi_script_t)
-	corenet_all_recvfrom_netlabel(httpd_apcupsd_cgi_script_t)
-	corenet_tcp_sendrecv_generic_if(httpd_apcupsd_cgi_script_t)
-	corenet_tcp_sendrecv_generic_node(httpd_apcupsd_cgi_script_t)
-	corenet_tcp_sendrecv_all_ports(httpd_apcupsd_cgi_script_t)
-	corenet_tcp_connect_apcupsd_port(httpd_apcupsd_cgi_script_t)
-	corenet_udp_sendrecv_generic_if(httpd_apcupsd_cgi_script_t)
-	corenet_udp_sendrecv_generic_node(httpd_apcupsd_cgi_script_t)
-	corenet_udp_sendrecv_all_ports(httpd_apcupsd_cgi_script_t)
-
-	sysnet_dns_name_resolve(httpd_apcupsd_cgi_script_t)
-')
diff --git a/policy/modules/services/apm.fc b/policy/modules/services/apm.fc
deleted file mode 100644
index 0123777..0000000
--- a/policy/modules/services/apm.fc
+++ /dev/null
@@ -1,23 +0,0 @@
-
-#
-# /usr
-#
-/usr/bin/apm		--	gen_context(system_u:object_r:apm_exec_t,s0)
-
-/usr/sbin/acpid		--	gen_context(system_u:object_r:apmd_exec_t,s0)
-/usr/sbin/apmd		--	gen_context(system_u:object_r:apmd_exec_t,s0)
-/usr/sbin/powersaved	--	gen_context(system_u:object_r:apmd_exec_t,s0)
-
-#
-# /var
-#
-/var/log/acpid.*	--	gen_context(system_u:object_r:apmd_log_t,s0)
-
-/var/run/\.?acpid\.socket -s	gen_context(system_u:object_r:apmd_var_run_t,s0)
-/var/run/apmd\.pid	--	gen_context(system_u:object_r:apmd_var_run_t,s0)
-/var/run/powersaved\.pid --	gen_context(system_u:object_r:apmd_var_run_t,s0)
-/var/run/powersave_socket -s	gen_context(system_u:object_r:apmd_var_run_t,s0)
-
-ifdef(`distro_suse',`
-/var/lib/acpi(/.*)?		gen_context(system_u:object_r:apmd_var_lib_t,s0)
-')
diff --git a/policy/modules/services/apm.if b/policy/modules/services/apm.if
deleted file mode 100644
index 49e6c74..0000000
--- a/policy/modules/services/apm.if
+++ /dev/null
@@ -1,112 +0,0 @@
-## <summary>Advanced power management daemon</summary>
-
-########################################
-## <summary>
-##	Execute APM in the apm domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`apm_domtrans_client',`
-	gen_require(`
-		type apm_t, apm_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, apm_exec_t, apm_t)
-')
-
-########################################
-## <summary>
-##	Use file descriptors for apmd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apm_use_fds',`
-	gen_require(`
-		type apmd_t;
-	')
-
-	allow $1 apmd_t:fd use; 
-')
-
-########################################
-## <summary>
-##	Write to apmd unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apm_write_pipes',`
-	gen_require(`
-		type apmd_t;
-	')
-
-	allow $1 apmd_t:fifo_file write_fifo_file_perms; 
-')
-
-########################################
-## <summary>
-##	Read and write to an apm unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apm_rw_stream_sockets',`
-	gen_require(`
-		type apmd_t;
-	')
-
-	allow $1 apmd_t:unix_stream_socket { read write };
-')
-
-########################################
-## <summary>
-##	Append to apm's log file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apm_append_log',`
-	gen_require(`
-		type apmd_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 apmd_log_t:file append_file_perms;
-')
-
-########################################
-## <summary>
-##	Connect to apmd over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apm_stream_connect',`
-	gen_require(`
-		type apmd_t, apmd_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, apmd_var_run_t, apmd_var_run_t, apmd_t)
-')
diff --git a/policy/modules/services/apm.te b/policy/modules/services/apm.te
deleted file mode 100644
index 62bc936..0000000
--- a/policy/modules/services/apm.te
+++ /dev/null
@@ -1,243 +0,0 @@
-policy_module(apm, 1.11.0)
-
-########################################
-#
-# Declarations
-#
-
-type apmd_t;
-type apmd_exec_t;
-init_daemon_domain(apmd_t, apmd_exec_t)
-
-type apm_t;
-type apm_exec_t;
-application_domain(apm_t, apm_exec_t)
-role system_r types apm_t;
-
-type apmd_log_t;
-logging_log_file(apmd_log_t)
-
-type apmd_tmp_t;
-files_tmp_file(apmd_tmp_t)
-
-type apmd_var_run_t;
-files_pid_file(apmd_var_run_t)
-
-ifdef(`distro_redhat',`
-	type apmd_lock_t;
-	files_lock_file(apmd_lock_t)
-')
-
-ifdef(`distro_suse',`
-	type apmd_var_lib_t;
-	files_type(apmd_var_lib_t)
-')
-
-########################################
-#
-# apm client Local policy
-#
-
-allow apm_t self:capability { dac_override sys_admin };
-
-kernel_read_system_state(apm_t)
-
-dev_rw_apm_bios(apm_t)
-
-fs_getattr_xattr_fs(apm_t)
-
-term_use_all_terms(apm_t)
-
-domain_use_interactive_fds(apm_t)
-
-logging_send_syslog_msg(apm_t)
-
-########################################
-#
-# apm daemon Local policy
-#
-
-# mknod: controlling an orderly resume of PCMCIA requires creating device
-# nodes 254,{0,1,2} for some reason.
-allow apmd_t self:capability { sys_admin sys_nice sys_time kill mknod };
-dontaudit apmd_t self:capability { setuid dac_override dac_read_search sys_ptrace sys_tty_config };
-allow apmd_t self:process { signal_perms getsession };
-allow apmd_t self:fifo_file rw_fifo_file_perms;
-allow apmd_t self:netlink_socket create_socket_perms;
-allow apmd_t self:unix_dgram_socket create_socket_perms;
-allow apmd_t self:unix_stream_socket create_stream_socket_perms;
-
-allow apmd_t apmd_log_t:file manage_file_perms;
-logging_log_filetrans(apmd_t, apmd_log_t, file)
-
-manage_dirs_pattern(apmd_t, apmd_tmp_t, apmd_tmp_t)
-manage_files_pattern(apmd_t, apmd_tmp_t, apmd_tmp_t)
-files_tmp_filetrans(apmd_t, apmd_tmp_t, { file dir })
-
-manage_files_pattern(apmd_t, apmd_var_run_t, apmd_var_run_t)
-manage_sock_files_pattern(apmd_t, apmd_var_run_t, apmd_var_run_t)
-files_pid_filetrans(apmd_t, apmd_var_run_t, { file sock_file })
-
-kernel_read_kernel_sysctls(apmd_t)
-kernel_rw_all_sysctls(apmd_t)
-kernel_read_system_state(apmd_t)
-kernel_write_proc_files(apmd_t)
-
-dev_read_input(apmd_t)
-dev_read_realtime_clock(apmd_t)
-dev_read_urand(apmd_t)
-dev_rw_apm_bios(apmd_t)
-dev_rw_sysfs(apmd_t)
-dev_dontaudit_getattr_all_chr_files(apmd_t) # Excessive?
-dev_dontaudit_getattr_all_blk_files(apmd_t) # Excessive?
-
-fs_dontaudit_list_tmpfs(apmd_t)
-fs_getattr_all_fs(apmd_t)
-fs_search_auto_mountpoints(apmd_t)
-fs_dontaudit_getattr_all_files(apmd_t) # Excessive?
-fs_dontaudit_getattr_all_symlinks(apmd_t) # Excessive?
-fs_dontaudit_getattr_all_pipes(apmd_t) # Excessive?
-fs_dontaudit_getattr_all_sockets(apmd_t) # Excessive?
-
-selinux_search_fs(apmd_t)
-
-corecmd_exec_all_executables(apmd_t)
-
-domain_read_all_domains_state(apmd_t)
-domain_dontaudit_ptrace_all_domains(apmd_t)
-domain_use_interactive_fds(apmd_t)
-domain_dontaudit_getattr_all_sockets(apmd_t)
-domain_dontaudit_getattr_all_key_sockets(apmd_t) # Excessive?
-domain_dontaudit_list_all_domains_state(apmd_t) # Excessive?
-
-files_exec_etc_files(apmd_t)
-files_read_etc_runtime_files(apmd_t)
-files_dontaudit_getattr_all_files(apmd_t) # Excessive?
-files_dontaudit_getattr_all_symlinks(apmd_t) # Excessive?
-files_dontaudit_getattr_all_pipes(apmd_t) # Excessive?
-files_dontaudit_getattr_all_sockets(apmd_t) # Excessive?
-
-init_domtrans_script(apmd_t)
-init_rw_utmp(apmd_t)
-init_telinit(apmd_t)
-
-libs_exec_ld_so(apmd_t)
-libs_exec_lib_files(apmd_t)
-
-logging_send_syslog_msg(apmd_t)
-logging_send_audit_msgs(apmd_t)
-
-miscfiles_read_localization(apmd_t)
-miscfiles_read_hwdata(apmd_t)
-
-modutils_domtrans_insmod(apmd_t)
-modutils_read_module_config(apmd_t)
-
-seutil_dontaudit_read_config(apmd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(apmd_t)
-userdom_dontaudit_search_user_home_dirs(apmd_t)
-userdom_dontaudit_search_user_home_content(apmd_t) # Excessive?
-
-ifdef(`distro_redhat',`
-	allow apmd_t apmd_lock_t:file manage_file_perms;
-	files_lock_filetrans(apmd_t, apmd_lock_t, file)
-
-	can_exec(apmd_t, apmd_var_run_t)
-
-	optional_policy(`
-		fstools_domtrans(apmd_t)
-	')
-
-	optional_policy(`
-		iptables_domtrans(apmd_t)
-	')
-
-	optional_policy(`
-		netutils_domtrans(apmd_t)
-	')
-
-	# ifconfig_exec_t needs to be run in its own domain for Red Hat
-	optional_policy(`
-		sssd_search_lib(apmd_t)
-	')
-
-	optional_policy(`
-		sysnet_domtrans_ifconfig(apmd_t)
-	')
-
-',`
-	# for ifconfig which is run all the time
-	kernel_dontaudit_search_sysctl(apmd_t)
-')
-
-ifdef(`distro_suse',`
-	manage_dirs_pattern(apmd_t, apmd_var_lib_t, apmd_var_lib_t)
-	manage_files_pattern(apmd_t, apmd_var_lib_t, apmd_var_lib_t)
-	files_var_lib_filetrans(apmd_t, apmd_var_lib_t, file)
-')
-
-optional_policy(`
-	automount_domtrans(apmd_t)
-')
-
-optional_policy(`
-	clock_domtrans(apmd_t)
-	clock_rw_adjtime(apmd_t)
-')
-
-optional_policy(`
-	cron_system_entry(apmd_t, apmd_exec_t)
-	cron_anacron_domtrans_system_job(apmd_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(apmd_t)
-
-	optional_policy(`
-		consolekit_dbus_chat(apmd_t)
-	')
-
-	optional_policy(`
-		networkmanager_dbus_chat(apmd_t)
-	')
-')
-
-optional_policy(`
-	logrotate_use_fds(apmd_t)
-')
-
-optional_policy(`
-	mta_send_mail(apmd_t)
-')
-
-optional_policy(`
-	nscd_socket_use(apmd_t)
-')
-
-optional_policy(`
-	pcmcia_domtrans_cardmgr(apmd_t)
-	pcmcia_domtrans_cardctl(apmd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(apmd_t)
-')
-
-optional_policy(`
-	udev_read_db(apmd_t)
-	udev_read_state(apmd_t) #necessary?
-')
-
-optional_policy(`
-	unconfined_domain(apmd_t)
-')
-
-optional_policy(`
-	vbetool_domtrans(apmd_t)
-')
-
-# cjp: related to sleep/resume (?)
-optional_policy(`
-	xserver_domtrans(apmd_t)
-')
diff --git a/policy/modules/services/arpwatch.fc b/policy/modules/services/arpwatch.fc
deleted file mode 100644
index a86a6c7..0000000
--- a/policy/modules/services/arpwatch.fc
+++ /dev/null
@@ -1,12 +0,0 @@
-/etc/rc\.d/init\.d/arpwatch --	gen_context(system_u:object_r:arpwatch_initrc_exec_t,s0)
-
-#
-# /usr
-#
-/usr/sbin/arpwatch	--	gen_context(system_u:object_r:arpwatch_exec_t,s0)
-
-#
-# /var
-#
-/var/arpwatch(/.*)?		gen_context(system_u:object_r:arpwatch_data_t,s0)
-/var/lib/arpwatch(/.*)?		gen_context(system_u:object_r:arpwatch_data_t,s0)
diff --git a/policy/modules/services/arpwatch.if b/policy/modules/services/arpwatch.if
deleted file mode 100644
index bdefbe1..0000000
--- a/policy/modules/services/arpwatch.if
+++ /dev/null
@@ -1,156 +0,0 @@
-## <summary>Ethernet activity monitor.</summary>
-
-########################################
-## <summary>
-##	Execute arpwatch server in the arpwatch domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`arpwatch_initrc_domtrans',`
-	gen_require(`
-		type arpwatch_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, arpwatch_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Search arpwatch's data file directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`arpwatch_search_data',`
-	gen_require(`
-		type arpwatch_data_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 arpwatch_data_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create arpwatch data files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`arpwatch_manage_data_files',`
-	gen_require(`
-		type arpwatch_data_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, arpwatch_data_t, arpwatch_data_t)
-')
-
-########################################
-## <summary>
-##	Read and write arpwatch temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`arpwatch_rw_tmp_files',`
-	gen_require(`
-		type arpwatch_tmp_t;
-	')
-
-	files_search_tmp($1)
-	allow $1 arpwatch_tmp_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write arpwatch temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`arpwatch_manage_tmp_files',`
-	gen_require(`
-		type arpwatch_tmp_t;
-	')
-
-	files_search_tmp($1)
-	allow $1 arpwatch_tmp_t:file manage_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write
-##	arpwatch packet sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`arpwatch_dontaudit_rw_packet_sockets',`
-	gen_require(`
-		type arpwatch_t;
-	')
-
-	dontaudit $1 arpwatch_t:packet_socket { read write };
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an arpwatch environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the arpwatch domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`arpwatch_admin',`
-	gen_require(`
-		type arpwatch_t, arpwatch_tmp_t;
-		type arpwatch_data_t, arpwatch_var_run_t;
-		type arpwatch_initrc_exec_t;
-	')
-
-	allow $1 arpwatch_t:process { ptrace signal_perms };
-	ps_process_pattern($1, arpwatch_t)
-
-	arpwatch_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 arpwatch_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, arpwatch_tmp_t)
-
-	files_list_var($1)
-	admin_pattern($1, arpwatch_data_t)
-
-	files_list_pids($1)
-	admin_pattern($1, arpwatch_var_run_t)
-')
diff --git a/policy/modules/services/arpwatch.te b/policy/modules/services/arpwatch.te
deleted file mode 100644
index 3be8b9b..0000000
--- a/policy/modules/services/arpwatch.te
+++ /dev/null
@@ -1,98 +0,0 @@
-policy_module(arpwatch, 1.9.1)
-
-########################################
-#
-# Declarations
-#
-
-type arpwatch_t;
-type arpwatch_exec_t;
-init_daemon_domain(arpwatch_t, arpwatch_exec_t)
-
-type arpwatch_data_t;
-files_type(arpwatch_data_t)
-
-type arpwatch_initrc_exec_t;
-init_script_file(arpwatch_initrc_exec_t)
-
-type arpwatch_tmp_t;
-files_tmp_file(arpwatch_tmp_t)
-
-type arpwatch_var_run_t;
-files_pid_file(arpwatch_var_run_t)
-
-########################################
-#
-# Local policy
-#
-allow arpwatch_t self:capability { net_admin net_raw setgid setuid };
-dontaudit arpwatch_t self:capability sys_tty_config;
-allow arpwatch_t self:process signal_perms;
-allow arpwatch_t self:unix_dgram_socket create_socket_perms;
-allow arpwatch_t self:unix_stream_socket create_stream_socket_perms;
-allow arpwatch_t self:tcp_socket { connect create_stream_socket_perms };
-allow arpwatch_t self:udp_socket create_socket_perms;
-allow arpwatch_t self:packet_socket create_socket_perms;
-allow arpwatch_t self:socket create_socket_perms;
-
-manage_dirs_pattern(arpwatch_t, arpwatch_data_t, arpwatch_data_t)
-manage_files_pattern(arpwatch_t, arpwatch_data_t, arpwatch_data_t)
-manage_lnk_files_pattern(arpwatch_t, arpwatch_data_t, arpwatch_data_t)
-
-manage_dirs_pattern(arpwatch_t, arpwatch_tmp_t, arpwatch_tmp_t)
-manage_files_pattern(arpwatch_t, arpwatch_tmp_t, arpwatch_tmp_t)
-files_tmp_filetrans(arpwatch_t, arpwatch_tmp_t, { file dir })
-
-manage_files_pattern(arpwatch_t, arpwatch_var_run_t, arpwatch_var_run_t)
-files_pid_filetrans(arpwatch_t, arpwatch_var_run_t, file)
-
-kernel_read_network_state(arpwatch_t)
-kernel_read_kernel_sysctls(arpwatch_t)
-kernel_list_proc(arpwatch_t)
-kernel_read_proc_symlinks(arpwatch_t)
-kernel_request_load_module(arpwatch_t)
-
-corenet_all_recvfrom_unlabeled(arpwatch_t)
-corenet_all_recvfrom_netlabel(arpwatch_t)
-corenet_tcp_sendrecv_generic_if(arpwatch_t)
-corenet_udp_sendrecv_generic_if(arpwatch_t)
-corenet_raw_sendrecv_generic_if(arpwatch_t)
-corenet_tcp_sendrecv_generic_node(arpwatch_t)
-corenet_udp_sendrecv_generic_node(arpwatch_t)
-corenet_raw_sendrecv_generic_node(arpwatch_t)
-corenet_tcp_sendrecv_all_ports(arpwatch_t)
-corenet_udp_sendrecv_all_ports(arpwatch_t)
-
-dev_read_sysfs(arpwatch_t)
-dev_read_usbmon_dev(arpwatch_t)
-dev_rw_generic_usb_dev(arpwatch_t)
-
-fs_getattr_all_fs(arpwatch_t)
-fs_search_auto_mountpoints(arpwatch_t)
-
-corecmd_read_bin_symlinks(arpwatch_t)
-
-domain_use_interactive_fds(arpwatch_t)
-
-files_read_etc_files(arpwatch_t)
-files_read_usr_files(arpwatch_t)
-files_search_var_lib(arpwatch_t)
-
-auth_use_nsswitch(arpwatch_t)
-
-logging_send_syslog_msg(arpwatch_t)
-
-miscfiles_read_localization(arpwatch_t)
-
-userdom_dontaudit_search_user_home_dirs(arpwatch_t)
-userdom_dontaudit_use_unpriv_user_fds(arpwatch_t)
-
-mta_send_mail(arpwatch_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(arpwatch_t)
-')
-
-optional_policy(`
-	udev_read_db(arpwatch_t)
-')
diff --git a/policy/modules/services/asterisk.fc b/policy/modules/services/asterisk.fc
deleted file mode 100644
index b4889d4..0000000
--- a/policy/modules/services/asterisk.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-/etc/asterisk(/.*)?		gen_context(system_u:object_r:asterisk_etc_t,s0)
-/etc/rc\.d/init\.d/asterisk --	gen_context(system_u:object_r:asterisk_initrc_exec_t,s0)
-
-/usr/sbin/asterisk	--	gen_context(system_u:object_r:asterisk_exec_t,s0)
-
-/var/lib/asterisk(/.*)?		gen_context(system_u:object_r:asterisk_var_lib_t,s0)
-/var/log/asterisk(/.*)?		gen_context(system_u:object_r:asterisk_log_t,s0)
-/var/run/asterisk(/.*)?		gen_context(system_u:object_r:asterisk_var_run_t,s0)
-/var/spool/asterisk(/.*)?	gen_context(system_u:object_r:asterisk_spool_t,s0)
diff --git a/policy/modules/services/asterisk.if b/policy/modules/services/asterisk.if
deleted file mode 100644
index c1a2b96..0000000
--- a/policy/modules/services/asterisk.if
+++ /dev/null
@@ -1,92 +0,0 @@
-## <summary>Asterisk IP telephony server</summary>
-
-######################################
-## <summary>
-##	Execute asterisk in the asterisk domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`asterisk_domtrans',`
-	gen_require(`
-		type asterisk_t, asterisk_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, asterisk_exec_t, asterisk_t)
-')
-
-#####################################
-## <summary>
-##	Connect to asterisk over a unix domain
-##	stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`asterisk_stream_connect',`
-	gen_require(`
-		type asterisk_t, asterisk_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, asterisk_var_run_t, asterisk_var_run_t, asterisk_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an asterisk environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the asterisk domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`asterisk_admin',`
-	gen_require(`
-		type asterisk_t, asterisk_var_run_t, asterisk_spool_t;
-		type asterisk_etc_t, asterisk_tmp_t, asterisk_log_t;
-		type asterisk_var_lib_t;
-		type asterisk_initrc_exec_t;
-	')
-
-	allow $1 asterisk_t:process { ptrace signal_perms };
-	ps_process_pattern($1, asterisk_t)
-
-	init_labeled_script_domtrans($1, asterisk_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 asterisk_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, asterisk_tmp_t)
-
-	files_list_etc($1)
-	admin_pattern($1, asterisk_etc_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, asterisk_log_t)
-
-	files_list_spool($1)
-	admin_pattern($1, asterisk_spool_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, asterisk_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, asterisk_var_run_t)
-')
diff --git a/policy/modules/services/asterisk.te b/policy/modules/services/asterisk.te
deleted file mode 100644
index 608e3a1..0000000
--- a/policy/modules/services/asterisk.te
+++ /dev/null
@@ -1,170 +0,0 @@
-policy_module(asterisk, 1.8.0)
-
-########################################
-#
-# Declarations
-#
-
-type asterisk_t;
-type asterisk_exec_t;
-init_daemon_domain(asterisk_t, asterisk_exec_t)
-
-type asterisk_etc_t;
-files_config_file(asterisk_etc_t)
-
-type asterisk_initrc_exec_t;
-init_script_file(asterisk_initrc_exec_t)
-
-type asterisk_log_t;
-logging_log_file(asterisk_log_t)
-
-type asterisk_spool_t;
-files_type(asterisk_spool_t)
-
-type asterisk_tmp_t;
-files_tmp_file(asterisk_tmp_t)
-
-type asterisk_tmpfs_t;
-files_tmpfs_file(asterisk_tmpfs_t)
-
-type asterisk_var_lib_t;
-files_type(asterisk_var_lib_t)
-
-type asterisk_var_run_t;
-files_pid_file(asterisk_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-# dac_override for /var/run/asterisk
-allow asterisk_t self:capability { dac_override setgid setuid sys_nice net_admin };
-dontaudit asterisk_t self:capability sys_tty_config;
-allow asterisk_t self:process { getsched setsched signal_perms getcap setcap };
-allow asterisk_t self:fifo_file rw_fifo_file_perms;
-allow asterisk_t self:sem create_sem_perms;
-allow asterisk_t self:shm create_shm_perms;
-allow asterisk_t self:unix_stream_socket connectto;
-allow asterisk_t self:tcp_socket create_stream_socket_perms;
-allow asterisk_t self:udp_socket create_socket_perms;
-
-allow asterisk_t asterisk_etc_t:dir list_dir_perms;
-read_files_pattern(asterisk_t, asterisk_etc_t, asterisk_etc_t)
-read_lnk_files_pattern(asterisk_t, asterisk_etc_t, asterisk_etc_t)
-files_search_etc(asterisk_t)
-
-can_exec(asterisk_t, asterisk_exec_t)
-
-manage_files_pattern(asterisk_t, asterisk_log_t, asterisk_log_t)
-logging_log_filetrans(asterisk_t, asterisk_log_t, { file dir })
-
-manage_dirs_pattern(asterisk_t, asterisk_spool_t, asterisk_spool_t)
-manage_files_pattern(asterisk_t, asterisk_spool_t, asterisk_spool_t)
-manage_lnk_files_pattern(asterisk_t, asterisk_spool_t, asterisk_spool_t)
-
-manage_dirs_pattern(asterisk_t, asterisk_tmp_t, asterisk_tmp_t)
-manage_files_pattern(asterisk_t, asterisk_tmp_t, asterisk_tmp_t)
-files_tmp_filetrans(asterisk_t, asterisk_tmp_t, { file dir })
-
-manage_files_pattern(asterisk_t, asterisk_tmpfs_t, asterisk_tmpfs_t)
-manage_lnk_files_pattern(asterisk_t, asterisk_tmpfs_t, asterisk_tmpfs_t)
-manage_fifo_files_pattern(asterisk_t, asterisk_tmpfs_t, asterisk_tmpfs_t)
-manage_sock_files_pattern(asterisk_t, asterisk_tmpfs_t, asterisk_tmpfs_t)
-fs_tmpfs_filetrans(asterisk_t, asterisk_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-manage_files_pattern(asterisk_t, asterisk_var_lib_t, asterisk_var_lib_t)
-files_var_lib_filetrans(asterisk_t, asterisk_var_lib_t, file)
-
-manage_files_pattern(asterisk_t, asterisk_var_run_t, asterisk_var_run_t)
-manage_fifo_files_pattern(asterisk_t, asterisk_var_run_t, asterisk_var_run_t)
-manage_sock_files_pattern(asterisk_t, asterisk_var_run_t, asterisk_var_run_t)
-files_pid_filetrans(asterisk_t, asterisk_var_run_t, file)
-
-kernel_read_system_state(asterisk_t)
-kernel_read_kernel_sysctls(asterisk_t)
-kernel_request_load_module(asterisk_t)
-
-corecmd_exec_bin(asterisk_t)
-corecmd_exec_shell(asterisk_t)
-
-corenet_all_recvfrom_unlabeled(asterisk_t)
-corenet_all_recvfrom_netlabel(asterisk_t)
-corenet_tcp_sendrecv_generic_if(asterisk_t)
-corenet_udp_sendrecv_generic_if(asterisk_t)
-corenet_tcp_sendrecv_generic_node(asterisk_t)
-corenet_udp_sendrecv_generic_node(asterisk_t)
-corenet_tcp_sendrecv_all_ports(asterisk_t)
-corenet_udp_sendrecv_all_ports(asterisk_t)
-corenet_tcp_bind_generic_node(asterisk_t)
-corenet_udp_bind_generic_node(asterisk_t)
-corenet_tcp_bind_asterisk_port(asterisk_t)
-corenet_tcp_bind_sip_port(asterisk_t)
-corenet_udp_bind_asterisk_port(asterisk_t)
-corenet_udp_bind_sip_port(asterisk_t)
-corenet_sendrecv_asterisk_server_packets(asterisk_t)
-# for VOIP voice channels.
-corenet_tcp_bind_generic_port(asterisk_t)
-corenet_udp_bind_generic_port(asterisk_t)
-corenet_dontaudit_udp_bind_all_ports(asterisk_t)
-corenet_sendrecv_generic_server_packets(asterisk_t)
-corenet_tcp_connect_postgresql_port(asterisk_t)
-corenet_tcp_connect_snmp_port(asterisk_t)
-corenet_tcp_connect_sip_port(asterisk_t)
-
-dev_rw_generic_usb_dev(asterisk_t)
-dev_read_sysfs(asterisk_t)
-dev_read_sound(asterisk_t)
-dev_write_sound(asterisk_t)
-dev_read_urand(asterisk_t)
-
-domain_use_interactive_fds(asterisk_t)
-
-files_read_etc_files(asterisk_t)
-files_search_spool(asterisk_t)
-# demo files installed in /usr/share/asterisk/sounds/demo-instruct.gsm
-# are labeled usr_t
-files_read_usr_files(asterisk_t)
-
-fs_getattr_all_fs(asterisk_t)
-fs_list_inotifyfs(asterisk_t)
-fs_read_anon_inodefs_files(asterisk_t)
-fs_search_auto_mountpoints(asterisk_t)
-
-auth_use_nsswitch(asterisk_t)
-
-logging_send_syslog_msg(asterisk_t)
-
-miscfiles_read_localization(asterisk_t)
-
-userdom_dontaudit_use_unpriv_user_fds(asterisk_t)
-userdom_dontaudit_search_user_home_dirs(asterisk_t)
-
-optional_policy(`
-	mysql_stream_connect(asterisk_t)
-')
-
-optional_policy(`
-	mta_send_mail(asterisk_t)
-')
-
-optional_policy(`
-	postfix_domtrans_postdrop(asterisk_t)
-')
-
-optional_policy(`
-	postgresql_stream_connect(asterisk_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(asterisk_t)
-')
-
-optional_policy(`
-	snmp_read_snmp_var_lib_files(asterisk_t)
-	snmp_stream_connect(asterisk_t)
-')
-
-optional_policy(`
-	udev_read_db(asterisk_t)
-')
diff --git a/policy/modules/services/audioentropy.fc b/policy/modules/services/audioentropy.fc
deleted file mode 100644
index 001235e..0000000
--- a/policy/modules/services/audioentropy.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-#
-# /usr
-#
-/usr/sbin/audio-entropyd	--	gen_context(system_u:object_r:entropyd_exec_t,s0)
-
-/var/run/audio-entropyd\.pid	--	gen_context(system_u:object_r:entropyd_var_run_t,s0)
diff --git a/policy/modules/services/audioentropy.if b/policy/modules/services/audioentropy.if
deleted file mode 100644
index 67906f0..0000000
--- a/policy/modules/services/audioentropy.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>Generate entropy from audio input</summary>
diff --git a/policy/modules/services/audioentropy.te b/policy/modules/services/audioentropy.te
deleted file mode 100644
index 2b348c7..0000000
--- a/policy/modules/services/audioentropy.te
+++ /dev/null
@@ -1,68 +0,0 @@
-policy_module(audioentropy, 1.6.0)
-
-########################################
-#
-# Declarations
-#
-
-type entropyd_t;
-type entropyd_exec_t;
-init_daemon_domain(entropyd_t, entropyd_exec_t)
-
-type entropyd_var_run_t;
-files_pid_file(entropyd_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow entropyd_t self:capability { dac_override ipc_lock sys_admin };
-dontaudit entropyd_t self:capability sys_tty_config;
-allow entropyd_t self:process signal_perms;
-
-manage_files_pattern(entropyd_t, entropyd_var_run_t, entropyd_var_run_t)
-files_pid_filetrans(entropyd_t, entropyd_var_run_t, file)
-
-kernel_read_kernel_sysctls(entropyd_t)
-kernel_list_proc(entropyd_t)
-kernel_read_proc_symlinks(entropyd_t)
-
-dev_read_sysfs(entropyd_t)
-dev_read_urand(entropyd_t)
-dev_write_urand(entropyd_t)
-dev_read_rand(entropyd_t)
-dev_write_rand(entropyd_t)
-dev_read_sound(entropyd_t)
-# set sound card parameters such as
-# sample format, number of channels
-# and sample rate.
-dev_write_sound(entropyd_t)
-
-files_read_etc_files(entropyd_t)
-files_read_usr_files(entropyd_t)
-
-fs_getattr_all_fs(entropyd_t)
-fs_search_auto_mountpoints(entropyd_t)
-
-domain_use_interactive_fds(entropyd_t)
-
-logging_send_syslog_msg(entropyd_t)
-
-miscfiles_read_localization(entropyd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(entropyd_t)
-userdom_dontaudit_search_user_home_dirs(entropyd_t)
-
-optional_policy(`
-	alsa_read_lib(entropyd_t)
-	alsa_read_rw_config(entropyd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(entropyd_t)
-')
-
-optional_policy(`
-	udev_read_db(entropyd_t)
-')
diff --git a/policy/modules/services/automount.fc b/policy/modules/services/automount.fc
deleted file mode 100644
index f16ab68..0000000
--- a/policy/modules/services/automount.fc
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# /etc
-#
-/etc/apm/event\.d/autofs --	gen_context(system_u:object_r:automount_exec_t,s0)
-/etc/rc\.d/init\.d/autofs	--	gen_context(system_u:object_r:automount_initrc_exec_t,s0)
-
-#
-# /usr
-#
-/usr/sbin/automount	--	gen_context(system_u:object_r:automount_exec_t,s0)
-
-#
-# /var
-#
-
-/var/run/autofs.*		gen_context(system_u:object_r:automount_var_run_t,s0)
diff --git a/policy/modules/services/automount.if b/policy/modules/services/automount.if
deleted file mode 100644
index a43e006..0000000
--- a/policy/modules/services/automount.if
+++ /dev/null
@@ -1,168 +0,0 @@
-## <summary>Filesystem automounter service.</summary>
-
-########################################
-## <summary>
-##	Execute automount in the automount domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`automount_domtrans',`
-	gen_require(`
-		type automount_t, automount_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, automount_exec_t, automount_t)
-')
-
-########################################
-## <summary>
-##	Send automount a signal
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`automount_signal',`
-	gen_require(`
-		type automount_t;
-	')
-
-	allow $1 automount_t:process signal;
-')
-
-########################################
-## <summary>
-##	Execute automount in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`automount_exec_config',`
-	refpolicywarn(`$0(): has been deprecated, please use files_exec_etc_files() instead.')
-	files_exec_etc_files($1)
-')
-
-########################################
-## <summary>
-##	Allow the domain to read state files in /proc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to allow access.
-##	</summary>
-## </param>
-#
-interface(`automount_read_state',`
-	gen_require(`
-		type automount_t;
-	')
-
-	kernel_search_proc($1)
-	ps_process_pattern($1, automount_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to file descriptors for automount.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`automount_dontaudit_use_fds',`
-	gen_require(`
-		type automount_t;
-	')
-
-	dontaudit $1 automount_t:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write automount daemon unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`automount_dontaudit_write_pipes',`
-	gen_require(`
-		type automount_t;
-	')
-
-	dontaudit $1 automount_t:fifo_file write;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of automount temporary directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`automount_dontaudit_getattr_tmp_dirs',`
-	gen_require(`
-		type automount_tmp_t;
-	')
-
-	dontaudit $1 automount_tmp_t:dir getattr_dir_perms;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an automount environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the automount domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`automount_admin',`
-	gen_require(`
-		type automount_t, automount_lock_t, automount_tmp_t;
-		type automount_var_run_t, automount_initrc_exec_t;
-	')
-
-	allow $1 automount_t:process { ptrace signal_perms };
-	ps_process_pattern($1, automount_t)
-
-	init_labeled_script_domtrans($1, automount_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 automount_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_var($1)
-	admin_pattern($1, automount_lock_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, automount_tmp_t)
-
-	files_list_pids($1)
-	admin_pattern($1, automount_var_run_t)
-')
diff --git a/policy/modules/services/automount.te b/policy/modules/services/automount.te
deleted file mode 100644
index 6189565..0000000
--- a/policy/modules/services/automount.te
+++ /dev/null
@@ -1,183 +0,0 @@
-policy_module(automount, 1.13.0)
-
-########################################
-#
-# Declarations
-#
-
-type automount_t;
-type automount_exec_t;
-init_daemon_domain(automount_t, automount_exec_t)
-
-type automount_initrc_exec_t;
-init_script_file(automount_initrc_exec_t)
-
-type automount_var_run_t;
-files_pid_file(automount_var_run_t)
-
-type automount_lock_t;
-files_lock_file(automount_lock_t)
-
-type automount_tmp_t;
-files_tmp_file(automount_tmp_t)
-files_mountpoint(automount_tmp_t)
-
-########################################
-#
-# Local policy
-#
-
-allow automount_t self:capability { net_bind_service setgid setuid sys_nice sys_resource dac_override sys_admin };
-dontaudit automount_t self:capability sys_tty_config;
-allow automount_t self:process { signal_perms getpgid setpgid setsched setrlimit };
-allow automount_t self:fifo_file rw_fifo_file_perms;
-allow automount_t self:unix_stream_socket create_socket_perms;
-allow automount_t self:unix_dgram_socket create_socket_perms;
-allow automount_t self:tcp_socket create_stream_socket_perms;
-allow automount_t self:udp_socket create_socket_perms;
-allow automount_t self:rawip_socket create_socket_perms;
-
-can_exec(automount_t, automount_exec_t)
-
-allow automount_t automount_lock_t:file manage_file_perms;
-files_lock_filetrans(automount_t, automount_lock_t, file)
-
-manage_dirs_pattern(automount_t, automount_tmp_t, automount_tmp_t)
-manage_files_pattern(automount_t, automount_tmp_t, automount_tmp_t)
-files_tmp_filetrans(automount_t, automount_tmp_t, { file dir })
-
-# Allow automount to create and delete directories in / and /home
-allow automount_t automount_tmp_t:dir manage_dir_perms;
-files_home_filetrans(automount_t, automount_tmp_t, dir)
-files_root_filetrans(automount_t, automount_tmp_t, dir)
-
-manage_files_pattern(automount_t, automount_var_run_t, automount_var_run_t)
-manage_fifo_files_pattern(automount_t, automount_var_run_t, automount_var_run_t)
-files_pid_filetrans(automount_t, automount_var_run_t, { file fifo_file })
-
-kernel_read_kernel_sysctls(automount_t)
-kernel_read_irq_sysctls(automount_t)
-kernel_read_fs_sysctls(automount_t)
-kernel_read_proc_symlinks(automount_t)
-kernel_read_system_state(automount_t)
-kernel_read_network_state(automount_t)
-kernel_list_proc(automount_t)
-kernel_dontaudit_search_xen_state(automount_t)
-
-files_search_boot(automount_t)
-# Automount is slowly adding all mount functionality internally
-files_search_all(automount_t)
-files_mounton_all_mountpoints(automount_t)
-files_mount_all_file_type_fs(automount_t)
-files_unmount_all_file_type_fs(automount_t)
-files_manage_non_security_dirs(automount_t)
-
-fs_mount_all_fs(automount_t)
-fs_unmount_all_fs(automount_t)
-fs_search_all(automount_t)
-
-corecmd_exec_bin(automount_t)
-corecmd_exec_shell(automount_t)
-
-corenet_all_recvfrom_unlabeled(automount_t)
-corenet_all_recvfrom_netlabel(automount_t)
-corenet_tcp_sendrecv_generic_if(automount_t)
-corenet_udp_sendrecv_generic_if(automount_t)
-corenet_tcp_sendrecv_generic_node(automount_t)
-corenet_udp_sendrecv_generic_node(automount_t)
-corenet_tcp_sendrecv_all_ports(automount_t)
-corenet_udp_sendrecv_all_ports(automount_t)
-corenet_tcp_bind_generic_node(automount_t)
-corenet_udp_bind_generic_node(automount_t)
-corenet_tcp_connect_portmap_port(automount_t)
-corenet_tcp_connect_all_ports(automount_t)
-corenet_dontaudit_tcp_connect_all_reserved_ports(automount_t)
-corenet_sendrecv_all_client_packets(automount_t)
-# Automount execs showmount when you browse /net.  This is required until
-# Someone writes a showmount policy
-corenet_tcp_bind_reserved_port(automount_t)
-corenet_tcp_bind_all_rpc_ports(automount_t)
-corenet_udp_bind_reserved_port(automount_t)
-corenet_udp_bind_all_rpc_ports(automount_t)
-
-dev_read_sysfs(automount_t)
-dev_rw_autofs(automount_t)
-# for SSP
-dev_read_rand(automount_t)
-dev_read_urand(automount_t)
-
-domain_use_interactive_fds(automount_t)
-domain_dontaudit_read_all_domains_state(automount_t)
-
-files_dontaudit_write_var_dirs(automount_t)
-files_getattr_all_dirs(automount_t)
-files_list_mnt(automount_t)
-files_getattr_home_dir(automount_t)
-files_read_etc_files(automount_t)
-files_read_etc_runtime_files(automount_t)
-# for if the mount point is not labelled
-files_getattr_isid_type_dirs(automount_t)
-files_getattr_default_dirs(automount_t)
-# because config files can be shell scripts
-files_exec_etc_files(automount_t)
-files_mounton_mnt(automount_t)
-
-fs_getattr_all_fs(automount_t)
-fs_getattr_all_dirs(automount_t)
-fs_search_auto_mountpoints(automount_t)
-fs_manage_auto_mountpoints(automount_t)
-fs_unmount_autofs(automount_t)
-fs_mount_autofs(automount_t)
-fs_manage_autofs_symlinks(automount_t)
-fs_read_nfs_files(automount_t)
-
-storage_rw_fuse(automount_t)
-
-term_dontaudit_getattr_pty_dirs(automount_t)
-
-auth_use_nsswitch(automount_t)
-
-logging_send_syslog_msg(automount_t)
-logging_search_logs(automount_t)
-
-miscfiles_read_localization(automount_t)
-miscfiles_read_generic_certs(automount_t)
-
-# Run mount in the mount_t domain.
-mount_domtrans(automount_t)
-mount_domtrans_showmount(automount_t)
-mount_signal(automount_t)
-
-userdom_dontaudit_use_unpriv_user_fds(automount_t)
-userdom_dontaudit_search_user_home_dirs(automount_t)
-
-optional_policy(`
-	bind_search_cache(automount_t)
-')
-
-optional_policy(`
-	fstools_domtrans(automount_t)
-')
-
-optional_policy(`
-	kerberos_keytab_template(automount, automount_t)
-	kerberos_read_config(automount_t)
-	kerberos_dontaudit_write_config(automount_t)
-')
-
-optional_policy(`
-	rpc_search_nfs_state_data(automount_t)
-')
-
-optional_policy(`
-	samba_read_config(automount_t)
-	samba_manage_var_files(automount_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(automount_t)
-')
-
-optional_policy(`
-	udev_read_db(automount_t)
-')
diff --git a/policy/modules/services/avahi.fc b/policy/modules/services/avahi.fc
deleted file mode 100644
index 7e36549..0000000
--- a/policy/modules/services/avahi.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-/etc/rc\.d/init\.d/avahi.*	--	gen_context(system_u:object_r:avahi_initrc_exec_t,s0)
-
-/usr/sbin/avahi-daemon		--	gen_context(system_u:object_r:avahi_exec_t,s0)
-/usr/sbin/avahi-dnsconfd 	--	gen_context(system_u:object_r:avahi_exec_t,s0)
-/usr/sbin/avahi-autoipd 	--	gen_context(system_u:object_r:avahi_exec_t,s0)
-
-/var/run/avahi-daemon(/.*)? 		gen_context(system_u:object_r:avahi_var_run_t,s0)
-
-/var/lib/avahi-autoipd(/.*)?		gen_context(system_u:object_r:avahi_var_lib_t,s0)
diff --git a/policy/modules/services/avahi.if b/policy/modules/services/avahi.if
deleted file mode 100644
index 11e1ba9..0000000
--- a/policy/modules/services/avahi.if
+++ /dev/null
@@ -1,167 +0,0 @@
-## <summary>mDNS/DNS-SD daemon implementing Apple ZeroConf architecture</summary>
-
-########################################
-## <summary>
-##	Execute avahi server in the avahi domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`avahi_domtrans',`
-	gen_require(`
-		type avahi_exec_t, avahi_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, avahi_exec_t, avahi_t)
-')
-
-########################################
-## <summary>
-##	Send avahi a signal
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`avahi_signal',`
-	gen_require(`
-		type avahi_t;
-	')
-
-	allow $1 avahi_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send avahi a kill signal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`avahi_kill',`
-	gen_require(`
-		type avahi_t;
-	')
-
-	allow $1 avahi_t:process sigkill;
-')
-
-########################################
-## <summary>
-##	Send avahi a signull
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`avahi_signull',`
-	gen_require(`
-		type avahi_t;
-	')
-
-	allow $1 avahi_t:process signull;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	avahi over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`avahi_dbus_chat',`
-	gen_require(`
-		type avahi_t;
-		class dbus send_msg;
-	')
-
-	allow avahi_t $1:file read;
-	allow $1 avahi_t:dbus send_msg;
-	allow avahi_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Connect to avahi using a unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`avahi_stream_connect',`
-	gen_require(`
-		type avahi_t, avahi_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, avahi_var_run_t, avahi_var_run_t, avahi_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search the avahi pid directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`avahi_dontaudit_search_pid',`
-	gen_require(`
-		type avahi_var_run_t;
-	')
-
-	dontaudit $1 avahi_var_run_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an avahi environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the avahi domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`avahi_admin',`
-	gen_require(`
-		type avahi_t, avahi_var_run_t, avahi_initrc_exec_t;
-	')
-
-	allow $1 avahi_t:process { ptrace signal_perms };
-	ps_process_pattern($1, avahi_t)
-
-	init_labeled_script_domtrans($1, avahi_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 avahi_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_pids($1)
-	admin_pattern($1, avahi_var_run_t)
-')
diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te
deleted file mode 100644
index 52dcf09..0000000
--- a/policy/modules/services/avahi.te
+++ /dev/null
@@ -1,112 +0,0 @@
-policy_module(avahi, 1.12.0)
-
-########################################
-#
-# Declarations
-#
-
-type avahi_t;
-type avahi_exec_t;
-init_daemon_domain(avahi_t, avahi_exec_t)
-
-type avahi_initrc_exec_t;
-init_script_file(avahi_initrc_exec_t)
-
-type avahi_var_lib_t;
-files_pid_file(avahi_var_lib_t)
-
-type avahi_var_run_t;
-files_pid_file(avahi_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow avahi_t self:capability { dac_override setgid chown fowner kill net_admin net_raw setuid sys_chroot };
-dontaudit avahi_t self:capability sys_tty_config;
-allow avahi_t self:process { setrlimit signal_perms getcap setcap };
-allow avahi_t self:fifo_file rw_fifo_file_perms;
-allow avahi_t self:unix_stream_socket { connectto create_stream_socket_perms };
-allow avahi_t self:unix_dgram_socket create_socket_perms;
-allow avahi_t self:tcp_socket create_stream_socket_perms;
-allow avahi_t self:udp_socket create_socket_perms;
-allow avahi_t self:packet_socket create_socket_perms;
-
-manage_dirs_pattern(avahi_t, avahi_var_lib_t, avahi_var_lib_t)
-manage_files_pattern(avahi_t, avahi_var_lib_t, avahi_var_lib_t)
-files_var_lib_filetrans(avahi_t, avahi_var_lib_t, { dir file })
-
-manage_dirs_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
-manage_files_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
-manage_sock_files_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
-allow avahi_t avahi_var_run_t:dir setattr_dir_perms;
-files_pid_filetrans(avahi_t, avahi_var_run_t, { dir file })
-
-kernel_read_system_state(avahi_t)
-kernel_read_kernel_sysctls(avahi_t)
-kernel_read_network_state(avahi_t)
-
-corecmd_exec_bin(avahi_t)
-corecmd_exec_shell(avahi_t)
-
-corenet_all_recvfrom_unlabeled(avahi_t)
-corenet_all_recvfrom_netlabel(avahi_t)
-corenet_tcp_sendrecv_generic_if(avahi_t)
-corenet_udp_sendrecv_generic_if(avahi_t)
-corenet_tcp_sendrecv_generic_node(avahi_t)
-corenet_udp_sendrecv_generic_node(avahi_t)
-corenet_tcp_sendrecv_all_ports(avahi_t)
-corenet_udp_sendrecv_all_ports(avahi_t)
-corenet_tcp_bind_generic_node(avahi_t)
-corenet_udp_bind_generic_node(avahi_t)
-corenet_tcp_bind_howl_port(avahi_t)
-corenet_udp_bind_howl_port(avahi_t)
-corenet_send_howl_client_packets(avahi_t)
-corenet_receive_howl_server_packets(avahi_t)
-
-dev_read_sysfs(avahi_t)
-dev_read_urand(avahi_t)
-
-fs_getattr_all_fs(avahi_t)
-fs_search_auto_mountpoints(avahi_t)
-fs_list_inotifyfs(avahi_t)
-
-domain_use_interactive_fds(avahi_t)
-
-files_read_etc_files(avahi_t)
-files_read_etc_runtime_files(avahi_t)
-files_read_usr_files(avahi_t)
-
-auth_use_nsswitch(avahi_t)
-
-init_signal_script(avahi_t)
-init_signull_script(avahi_t)
-
-logging_send_syslog_msg(avahi_t)
-
-miscfiles_read_localization(avahi_t)
-miscfiles_read_generic_certs(avahi_t)
-
-sysnet_domtrans_ifconfig(avahi_t)
-sysnet_manage_config(avahi_t)
-sysnet_etc_filetrans_config(avahi_t)
-
-userdom_dontaudit_use_unpriv_user_fds(avahi_t)
-userdom_dontaudit_search_user_home_dirs(avahi_t)
-
-optional_policy(`
-	dbus_system_domain(avahi_t, avahi_exec_t)
-	dbus_system_bus_client(avahi_t)
-	dbus_connect_system_bus(avahi_t)
-
-	init_dbus_chat_script(avahi_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(avahi_t)
-')
-
-optional_policy(`
-	udev_read_db(avahi_t)
-')
diff --git a/policy/modules/services/bind.fc b/policy/modules/services/bind.fc
deleted file mode 100644
index 59aa54f..0000000
--- a/policy/modules/services/bind.fc
+++ /dev/null
@@ -1,63 +0,0 @@
-/etc/rc\.d/init\.d/named --	gen_context(system_u:object_r:named_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/unbound --	gen_context(system_u:object_r:named_initrc_exec_t,s0)
-
-/etc/rndc.*		--	gen_context(system_u:object_r:named_conf_t,s0)
-/etc/rndc\.key 		-- 	gen_context(system_u:object_r:dnssec_t,s0)
-/etc/unbound(/.*)?		gen_context(system_u:object_r:named_conf_t,s0)
-
-/usr/sbin/lwresd	--	gen_context(system_u:object_r:named_exec_t,s0)
-/usr/sbin/named		--	gen_context(system_u:object_r:named_exec_t,s0)
-/usr/sbin/named-checkconf --	gen_context(system_u:object_r:named_checkconf_exec_t,s0)
-/usr/sbin/r?ndc		--	gen_context(system_u:object_r:ndc_exec_t,s0)
-/usr/sbin/unbound	--	gen_context(system_u:object_r:named_exec_t,s0)
-
-/var/log/named.*	--	gen_context(system_u:object_r:named_log_t,s0)
-
-/var/run/ndc		-s	gen_context(system_u:object_r:named_var_run_t,s0)
-/var/run/bind(/.*)?		gen_context(system_u:object_r:named_var_run_t,s0)
-/var/run/named(/.*)?		gen_context(system_u:object_r:named_var_run_t,s0)
-/var/run/unbound(/.*)?		gen_context(system_u:object_r:named_var_run_t,s0)
-
-ifdef(`distro_debian',`
-/etc/bind(/.*)?			gen_context(system_u:object_r:named_zone_t,s0)
-/etc/bind/named\.conf	--	gen_context(system_u:object_r:named_conf_t,s0)
-/etc/bind/named\.conf\.local --	gen_context(system_u:object_r:named_conf_t,s0)
-/etc/bind/named\.conf\.options -- gen_context(system_u:object_r:named_conf_t,s0)
-/etc/bind/rndc\.key	--	gen_context(system_u:object_r:dnssec_t,s0)
-/var/cache/bind(/.*)?		gen_context(system_u:object_r:named_cache_t,s0)
-')
-
-ifdef(`distro_gentoo',`
-/etc/bind(/.*)?			gen_context(system_u:object_r:named_zone_t,s0)
-/etc/bind/named\.conf	--	gen_context(system_u:object_r:named_conf_t,s0)
-/etc/bind/rndc\.key	--	gen_context(system_u:object_r:dnssec_t,s0)
-/var/bind(/.*)?			gen_context(system_u:object_r:named_cache_t,s0)
-/var/bind/pri(/.*)?		gen_context(system_u:object_r:named_zone_t,s0)
-')
-
-ifdef(`distro_redhat',`
-/etc/named\.rfc1912.zones --	gen_context(system_u:object_r:named_conf_t,s0)
-/etc/named\.root\.hints	--	gen_context(system_u:object_r:named_conf_t,s0)
-/etc/named\.conf	--	gen_context(system_u:object_r:named_conf_t,s0)
-/etc/named\.caching-nameserver\.conf -- gen_context(system_u:object_r:named_conf_t,s0)
-/var/named(/.*)?		gen_context(system_u:object_r:named_zone_t,s0)
-/var/named/slaves(/.*)?		gen_context(system_u:object_r:named_cache_t,s0)
-/var/named/data(/.*)?		gen_context(system_u:object_r:named_cache_t,s0)
-/var/named/named\.ca	--	gen_context(system_u:object_r:named_conf_t,s0)
-/var/named/chroot(/.*)?		gen_context(system_u:object_r:named_conf_t,s0)
-/var/named/chroot/etc/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0)
-/var/named/chroot/etc/named\.conf -- gen_context(system_u:object_r:named_conf_t,s0)
-/var/named/chroot/etc/named\.rfc1912.zones -- gen_context(system_u:object_r:named_conf_t,s0)
-/var/named/chroot/etc/named\.root\.hints -- gen_context(system_u:object_r:named_conf_t,s0)
-/var/named/chroot/etc/named\.caching-nameserver\.conf -- gen_context(system_u:object_r:named_conf_t,s0)
-/var/named/chroot/proc(/.*)?	<<none>>
-/var/named/chroot/var/run/named.* gen_context(system_u:object_r:named_var_run_t,s0)
-/var/named/chroot/var/tmp(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
-/var/named/chroot/var/named(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
-/var/named/chroot/var/named/slaves(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
-/var/named/chroot/var/named/data(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
-/var/named/chroot/var/named/dynamic(/.*)?	gen_context(system_u:object_r:named_cache_t,s0)
-/var/named/chroot/var/named/named\.ca -- gen_context(system_u:object_r:named_conf_t,s0)
-/var/named/chroot/var/log/named.*	--	gen_context(system_u:object_r:named_log_t,s0)
-/var/named/dynamic(/.*)?		gen_context(system_u:object_r:named_cache_t,s0)
-')
diff --git a/policy/modules/services/bind.if b/policy/modules/services/bind.if
deleted file mode 100644
index 7e9d2fb..0000000
--- a/policy/modules/services/bind.if
+++ /dev/null
@@ -1,418 +0,0 @@
-## <summary>Berkeley internet name domain DNS server.</summary>
-
-########################################
-## <summary>
-##	Execute bind server in the bind domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`bind_initrc_domtrans',`
-	gen_require(`
-		type named_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, named_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute ndc in the ndc domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`bind_domtrans_ndc',`
-	gen_require(`
-		type ndc_t, ndc_exec_t;
-	')
-
-	domtrans_pattern($1, ndc_exec_t, ndc_t)
-')
-
-########################################
-## <summary>
-##	Send generic signals to BIND.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bind_signal',`
-	gen_require(`
-		type named_t;
-	')
-
-	allow $1 named_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send null sigals to BIND.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bind_signull',`
-	gen_require(`
-		type named_t;
-	')
-
-	allow $1 named_t:process signull;
-')
-
-########################################
-## <summary>
-##	Send BIND the kill signal
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bind_kill',`
-	gen_require(`
-		type named_t;
-	')
-
-	allow $1 named_t:process sigkill;
-')
-
-########################################
-## <summary>
-##	Execute ndc in the ndc domain, and
-##	allow the specified role the ndc domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`bind_run_ndc',`
-	gen_require(`
-		type ndc_t;
-	')
-
-	bind_domtrans_ndc($1)
-	role $2 types ndc_t;
-')
-
-########################################
-## <summary>
-##	Execute bind in the named domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`bind_domtrans',`
-	gen_require(`
-		type named_t, named_exec_t;
-	')
-
-	domtrans_pattern($1, named_exec_t, named_t)
-')
-
-########################################
-## <summary>
-##	Read DNSSEC keys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bind_read_dnssec_keys',`
-	gen_require(`
-		type named_conf_t, named_zone_t, dnssec_t;
-	')
-
-	read_files_pattern($1, { named_conf_t named_zone_t }, dnssec_t)
-')
-
-########################################
-## <summary>
-##	Read BIND named configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bind_read_config',`
-	gen_require(`
-		type named_conf_t;
-	')
-
-	read_files_pattern($1, named_conf_t, named_conf_t)
-')
-
-########################################
-## <summary>
-##	Write BIND named configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bind_write_config',`
-	gen_require(`
-		type named_conf_t;
-	')
-
-	write_files_pattern($1, named_conf_t, named_conf_t)
-	allow $1 named_conf_t:file setattr_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	BIND configuration directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bind_manage_config_dirs',`
-	gen_require(`
-		type named_conf_t;
-	')
-
-	manage_dirs_pattern($1, named_conf_t, named_conf_t)
-')
-
-########################################
-## <summary>
-##	Search the BIND cache directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bind_search_cache',`
-	gen_require(`
-		type named_conf_t, named_cache_t, named_zone_t;
-	')
-
-	files_search_var($1)
-	allow $1 named_conf_t:dir search_dir_perms;
-	allow $1 named_zone_t:dir search_dir_perms;
-	allow $1 named_cache_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	BIND cache files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bind_manage_cache',`
-	gen_require(`
-		type named_cache_t, named_zone_t;
-	')
-
-	files_search_var($1)
-	allow $1 named_zone_t:dir search_dir_perms;
-	manage_files_pattern($1, named_cache_t, named_cache_t)
-	manage_lnk_files_pattern($1, named_cache_t, named_cache_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes of the BIND pid directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bind_setattr_pid_dirs',`
-	gen_require(`
-		type named_var_run_t;
-	')
-
-	allow $1 named_var_run_t:dir setattr_dir_perms;
-')
-
-########################################
-## <summary>
-##	Set the attributes of the BIND zone directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bind_setattr_zone_dirs',`
-	gen_require(`
-		type named_zone_t;
-	')
-
-	allow $1 named_zone_t:dir setattr_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read BIND zone files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bind_read_zone',`
-	gen_require(`
-		type named_zone_t;
-	')
-
-	files_search_var($1)
-	read_files_pattern($1, named_zone_t, named_zone_t)
-')
-
-########################################
-## <summary>
-##	Read BIND zone files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bind_read_log',`
-	gen_require(`
-		type named_zone_t;
-		type named_log_t;
-	')
-
-	files_search_var($1)
-	allow $1 named_zone_t:dir search_dir_perms;
-	read_files_pattern($1, named_log_t, named_log_t)
-')
-
-########################################
-## <summary>
-##	Manage BIND zone files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bind_manage_zone',`
-	gen_require(`
-		type named_zone_t;
-	')
-
-	files_search_var($1)
-	manage_files_pattern($1, named_zone_t, named_zone_t)
-')
-
-########################################
-## <summary>
-##	Send and receive datagrams to and from named.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bind_udp_chat_named',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an bind environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the bind domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`bind_admin',`
-	gen_require(`
-		type named_t, named_tmp_t, named_log_t;
-		type named_conf_t, named_var_run_t, named_cache_t;
-		type named_zone_t, named_initrc_exec_t;
-		type dnssec_t, ndc_t, named_keytab_t;
-	')
-
-	allow $1 named_t:process { ptrace signal_perms };
-	ps_process_pattern($1, named_t)
-
-	allow $1 ndc_t:process { ptrace signal_perms };
-	ps_process_pattern($1, ndc_t)
-
-	bind_run_ndc($1, $2)
-
-	init_labeled_script_domtrans($1, named_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 named_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, named_tmp_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, named_log_t)
-
-	files_list_etc($1)
-	admin_pattern($1, named_conf_t)
-
-	admin_pattern($1, named_cache_t)
-	admin_pattern($1, named_zone_t)
-	admin_pattern($1, dnssec_t)
-
-	admin_pattern($1, named_keytab_t)
-
-	files_list_pids($1)
-	admin_pattern($1, named_var_run_t)
-')
diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te
deleted file mode 100644
index 0bde225..0000000
--- a/policy/modules/services/bind.te
+++ /dev/null
@@ -1,261 +0,0 @@
-policy_module(bind, 1.11.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow BIND to write the master zone files.
-##	Generally this is used for dynamic DNS or zone transfers.
-##	</p>
-## </desc>
-gen_tunable(named_write_master_zones, false)
-
-# for DNSSEC key files
-type dnssec_t;
-files_security_file(dnssec_t)
-
-type named_t;
-type named_exec_t;
-init_daemon_domain(named_t, named_exec_t)
-role system_r types named_t;
-
-type named_checkconf_exec_t;
-init_system_domain(named_t, named_checkconf_exec_t)
-
-# A type for configuration files of named.
-type named_conf_t;
-files_type(named_conf_t)
-files_mountpoint(named_conf_t)
-
-# for secondary zone files
-type named_cache_t;
-files_type(named_cache_t)
-
-type named_initrc_exec_t;
-init_script_file(named_initrc_exec_t)
-
-type named_log_t;
-logging_log_file(named_log_t)
-
-type named_tmp_t;
-files_tmp_file(named_tmp_t)
-
-type named_var_run_t;
-files_pid_file(named_var_run_t)
-
-# for primary zone files
-type named_zone_t;
-files_type(named_zone_t)
-
-type ndc_t;
-type ndc_exec_t;
-init_system_domain(ndc_t, ndc_exec_t)
-role system_r types ndc_t;
-
-########################################
-#
-# Named local policy
-#
-
-allow named_t self:capability { chown dac_override fowner setgid setuid sys_chroot sys_nice sys_resource };
-dontaudit named_t self:capability sys_tty_config;
-allow named_t self:process { setsched getcap setcap setrlimit signal_perms };
-allow named_t self:fifo_file rw_fifo_file_perms;
-allow named_t self:unix_stream_socket create_stream_socket_perms;
-allow named_t self:unix_dgram_socket create_socket_perms;
-allow named_t self:tcp_socket create_stream_socket_perms;
-allow named_t self:udp_socket create_socket_perms;
-
-allow named_t dnssec_t:file read_file_perms;
-
-# read configuration
-allow named_t named_conf_t:dir list_dir_perms;
-read_files_pattern(named_t, named_conf_t, named_conf_t)
-read_lnk_files_pattern(named_t, named_conf_t, named_conf_t)
-
-# write cache for secondary zones
-manage_files_pattern(named_t, named_cache_t, named_cache_t)
-manage_lnk_files_pattern(named_t, named_cache_t, named_cache_t)
-
-can_exec(named_t, named_exec_t)
-
-manage_files_pattern(named_t, named_log_t, named_log_t)
-logging_log_filetrans(named_t, named_log_t, { file dir })
-
-manage_dirs_pattern(named_t, named_tmp_t, named_tmp_t)
-manage_files_pattern(named_t, named_tmp_t, named_tmp_t)
-files_tmp_filetrans(named_t, named_tmp_t, { file dir })
-
-manage_dirs_pattern(named_t, named_var_run_t, named_var_run_t)
-manage_files_pattern(named_t, named_var_run_t, named_var_run_t)
-manage_sock_files_pattern(named_t, named_var_run_t, named_var_run_t)
-files_pid_filetrans(named_t, named_var_run_t, { file sock_file dir })
-
-# read zone files
-allow named_t named_zone_t:dir list_dir_perms;
-read_files_pattern(named_t, named_zone_t, named_zone_t)
-read_lnk_files_pattern(named_t, named_zone_t, named_zone_t)
-
-kernel_read_kernel_sysctls(named_t)
-kernel_read_system_state(named_t)
-kernel_read_network_state(named_t)
-
-corecmd_search_bin(named_t)
-
-corenet_all_recvfrom_unlabeled(named_t)
-corenet_all_recvfrom_netlabel(named_t)
-corenet_tcp_sendrecv_generic_if(named_t)
-corenet_udp_sendrecv_generic_if(named_t)
-corenet_tcp_sendrecv_generic_node(named_t)
-corenet_udp_sendrecv_generic_node(named_t)
-corenet_tcp_sendrecv_all_ports(named_t)
-corenet_udp_sendrecv_all_ports(named_t)
-corenet_tcp_bind_generic_node(named_t)
-corenet_udp_bind_generic_node(named_t)
-corenet_tcp_bind_dns_port(named_t)
-corenet_udp_bind_dns_port(named_t)
-corenet_tcp_bind_rndc_port(named_t)
-corenet_tcp_connect_all_ports(named_t)
-corenet_sendrecv_dns_server_packets(named_t)
-corenet_sendrecv_dns_client_packets(named_t)
-corenet_sendrecv_rndc_server_packets(named_t)
-corenet_sendrecv_rndc_client_packets(named_t)
-corenet_dontaudit_udp_bind_all_reserved_ports(named_t)
-corenet_udp_bind_all_unreserved_ports(named_t)
-
-dev_read_sysfs(named_t)
-dev_read_rand(named_t)
-dev_read_urand(named_t)
-
-domain_use_interactive_fds(named_t)
-
-files_read_etc_files(named_t)
-files_read_etc_runtime_files(named_t)
-
-fs_getattr_all_fs(named_t)
-fs_search_auto_mountpoints(named_t)
-
-auth_use_nsswitch(named_t)
-
-logging_send_syslog_msg(named_t)
-
-miscfiles_read_localization(named_t)
-miscfiles_read_generic_certs(named_t)
-
-userdom_dontaudit_use_unpriv_user_fds(named_t)
-userdom_dontaudit_search_user_home_dirs(named_t)
-
-tunable_policy(`named_write_master_zones',`
-	manage_dirs_pattern(named_t, named_zone_t, named_zone_t)
-	manage_files_pattern(named_t, named_zone_t, named_zone_t)
-	manage_lnk_files_pattern(named_t, named_zone_t, named_zone_t)
-')
-
-optional_policy(`
-	init_dbus_chat_script(named_t)
-
-	sysnet_dbus_chat_dhcpc(named_t)
-
-	dbus_system_bus_client(named_t)
-	dbus_connect_system_bus(named_t)
-
-	optional_policy(`
-		networkmanager_dbus_chat(named_t)
-	')
-')
-
-optional_policy(`
-	kerberos_keytab_template(named, named_t)
-')
-
-optional_policy(`
-	# this seems like fds that arent being
-	# closed. these should probably be
-	# dontaudits instead.
-	networkmanager_rw_udp_sockets(named_t)
-	networkmanager_rw_packet_sockets(named_t)
-	networkmanager_rw_routing_sockets(named_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(named_t)
-')
-
-optional_policy(`
-	udev_read_db(named_t)
-')
-
-########################################
-#
-# NDC local policy
-#
-
-# cjp: why net_admin?!
-allow ndc_t self:capability { dac_override net_admin };
-allow ndc_t self:process { fork signal_perms };
-allow ndc_t self:fifo_file rw_fifo_file_perms;
-allow ndc_t self:unix_stream_socket { connect create_stream_socket_perms };
-allow ndc_t self:tcp_socket create_socket_perms;
-allow ndc_t self:netlink_route_socket r_netlink_socket_perms;
-
-allow ndc_t dnssec_t:file read_file_perms;
-allow ndc_t dnssec_t:lnk_file read_lnk_file_perms;
-
-stream_connect_pattern(ndc_t, named_var_run_t, named_var_run_t, named_t)
-
-allow ndc_t named_conf_t:file read_file_perms;
-allow ndc_t named_conf_t:lnk_file read_lnk_file_perms;
-
-allow ndc_t named_zone_t:dir search_dir_perms;
-
-kernel_read_kernel_sysctls(ndc_t)
-
-corenet_all_recvfrom_unlabeled(ndc_t)
-corenet_all_recvfrom_netlabel(ndc_t)
-corenet_tcp_sendrecv_generic_if(ndc_t)
-corenet_tcp_sendrecv_generic_node(ndc_t)
-corenet_tcp_sendrecv_all_ports(ndc_t)
-corenet_tcp_bind_generic_node(ndc_t)
-corenet_tcp_connect_rndc_port(ndc_t)
-corenet_sendrecv_rndc_client_packets(ndc_t)
-
-domain_use_interactive_fds(ndc_t)
-
-files_read_etc_files(ndc_t)
-files_search_pids(ndc_t)
-
-fs_getattr_xattr_fs(ndc_t)
-
-init_use_fds(ndc_t)
-init_use_script_ptys(ndc_t)
-
-logging_send_syslog_msg(ndc_t)
-
-miscfiles_read_localization(ndc_t)
-
-sysnet_read_config(ndc_t)
-sysnet_dns_name_resolve(ndc_t)
-
-userdom_use_user_terminals(ndc_t)
-
-term_dontaudit_use_console(ndc_t)
-
-# for /etc/rndc.key
-ifdef(`distro_redhat',`
-	allow ndc_t named_conf_t:dir search_dir_perms;
-')
-
-optional_policy(`
-	nis_use_ypbind(ndc_t)
-')
-
-optional_policy(`
-	nscd_socket_use(ndc_t)
-')
-
-optional_policy(`
-	ppp_dontaudit_use_fds(ndc_t)
-')
diff --git a/policy/modules/services/bitlbee.fc b/policy/modules/services/bitlbee.fc
deleted file mode 100644
index 0197980..0000000
--- a/policy/modules/services/bitlbee.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-/etc/rc\.d/init\.d/bitlbee --	gen_context(system_u:object_r:bitlbee_initrc_exec_t,s0)
-/etc/bitlbee(/.*)?		gen_context(system_u:object_r:bitlbee_conf_t,s0)
-
-/usr/sbin/bitlbee	--	gen_context(system_u:object_r:bitlbee_exec_t,s0)
-
-/var/lib/bitlbee(/.*)?		gen_context(system_u:object_r:bitlbee_var_t,s0)
diff --git a/policy/modules/services/bitlbee.if b/policy/modules/services/bitlbee.if
deleted file mode 100644
index a64d94d..0000000
--- a/policy/modules/services/bitlbee.if
+++ /dev/null
@@ -1,59 +0,0 @@
-## <summary>Bitlbee service</summary>
-
-########################################
-## <summary>
-##	Read bitlbee configuration files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed accesss.
-##	</summary>
-## </param>
-#
-interface(`bitlbee_read_config',`
-	gen_require(`
-		type bitlbee_conf_t;
-	')
-
-	files_search_etc($1)
-	allow $1 bitlbee_conf_t:dir list_dir_perms;
-	allow $1 bitlbee_conf_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an bitlbee environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the bitlbee domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`bitlbee_admin',`
-	gen_require(`
-		type bitlbee_t, bitlbee_conf_t, bitlbee_var_t;
-		type bitlbee_initrc_exec_t;
-	')
-
-	allow $1 bitlbee_t:process { ptrace signal_perms };
-	ps_process_pattern($1, bitlbee_t)
-
-	init_labeled_script_domtrans($1, bitlbee_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 bitlbee_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, bitlbee_conf_t)
-
-	files_list_var($1)
-	admin_pattern($1, bitlbee_var_t)
-')
diff --git a/policy/modules/services/bitlbee.te b/policy/modules/services/bitlbee.te
deleted file mode 100644
index 2ba2d1f..0000000
--- a/policy/modules/services/bitlbee.te
+++ /dev/null
@@ -1,95 +0,0 @@
-policy_module(bitlbee, 1.3.0)
-
-########################################
-#
-# Declarations
-#
-
-type bitlbee_t;
-type bitlbee_exec_t;
-init_daemon_domain(bitlbee_t, bitlbee_exec_t)
-inetd_tcp_service_domain(bitlbee_t, bitlbee_exec_t)
-
-type bitlbee_conf_t;
-files_config_file(bitlbee_conf_t)
-
-type bitlbee_initrc_exec_t;
-init_script_file(bitlbee_initrc_exec_t)
-
-type bitlbee_tmp_t;
-files_tmp_file(bitlbee_tmp_t)
-
-type bitlbee_var_t;
-files_type(bitlbee_var_t)
-
-########################################
-#
-# Local policy
-#
-
-allow bitlbee_t self:capability { setgid setuid };
-
-allow bitlbee_t self:udp_socket create_socket_perms;
-allow bitlbee_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms };
-allow bitlbee_t self:unix_stream_socket create_stream_socket_perms;
-allow bitlbee_t self:fifo_file rw_fifo_file_perms;
-allow bitlbee_t self:process signal;
-
-bitlbee_read_config(bitlbee_t)
-
-# tmp files
-manage_files_pattern(bitlbee_t, bitlbee_tmp_t, bitlbee_tmp_t)
-files_tmp_filetrans(bitlbee_t, bitlbee_tmp_t, file)
-
-# user account information is read and edited at runtime; give the usual
-# r/w access to bitlbee_var_t
-manage_files_pattern(bitlbee_t, bitlbee_var_t, bitlbee_var_t)
-files_var_lib_filetrans(bitlbee_t, bitlbee_var_t, file)
-
-kernel_read_system_state(bitlbee_t)
-
-corenet_all_recvfrom_unlabeled(bitlbee_t)
-corenet_udp_sendrecv_generic_if(bitlbee_t)
-corenet_udp_sendrecv_generic_node(bitlbee_t)
-corenet_tcp_sendrecv_generic_if(bitlbee_t)
-corenet_tcp_sendrecv_generic_node(bitlbee_t)
-# Allow bitlbee to connect to jabber servers
-corenet_tcp_connect_jabber_client_port(bitlbee_t)
-corenet_tcp_sendrecv_jabber_client_port(bitlbee_t)
-# to AIM servers:
-corenet_tcp_connect_aol_port(bitlbee_t)
-corenet_tcp_sendrecv_aol_port(bitlbee_t)
-# and to MMCC (Yahoo IM) servers:
-corenet_tcp_connect_mmcc_port(bitlbee_t)
-corenet_tcp_sendrecv_mmcc_port(bitlbee_t)
-# and to MSNP (MSN Messenger) servers:
-corenet_tcp_connect_msnp_port(bitlbee_t)
-corenet_tcp_sendrecv_msnp_port(bitlbee_t)
-# MSN can use passport auth, which is over http:
-corenet_tcp_connect_http_port(bitlbee_t)
-corenet_tcp_sendrecv_http_port(bitlbee_t)
-corenet_tcp_connect_http_cache_port(bitlbee_t)
-corenet_tcp_sendrecv_http_cache_port(bitlbee_t)
-
-dev_read_rand(bitlbee_t)
-dev_read_urand(bitlbee_t)
-
-files_read_etc_files(bitlbee_t)
-files_search_pids(bitlbee_t)
-# grant read-only access to the user help files
-files_read_usr_files(bitlbee_t)
-
-libs_legacy_use_shared_libs(bitlbee_t)
-
-auth_use_nsswitch(bitlbee_t)
-
-logging_send_syslog_msg(bitlbee_t)
-
-miscfiles_read_localization(bitlbee_t)
-
-sysnet_dns_name_resolve(bitlbee_t)
-
-optional_policy(`
-	# normally started from inetd using tcpwrappers, so use those entry points
-	tcpd_wrapped_domain(bitlbee_t, bitlbee_exec_t)
-')
diff --git a/policy/modules/services/bluetooth.fc b/policy/modules/services/bluetooth.fc
deleted file mode 100644
index dc687e6..0000000
--- a/policy/modules/services/bluetooth.fc
+++ /dev/null
@@ -1,30 +0,0 @@
-#
-# /etc
-#
-/etc/bluetooth(/.*)?		gen_context(system_u:object_r:bluetooth_conf_t,s0)
-/etc/bluetooth/link_key		gen_context(system_u:object_r:bluetooth_conf_rw_t,s0)
-/etc/rc\.d/init\.d/bluetooth --	gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/dund	--	gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/pand	--	gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0)
-
-#
-# /usr
-#
-/usr/bin/blue.*pin	--	gen_context(system_u:object_r:bluetooth_helper_exec_t,s0)
-/usr/bin/dund		--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
-/usr/bin/hidd		--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
-/usr/bin/rfcomm		--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
-
-/usr/sbin/bluetoothd	--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
-/usr/sbin/hciattach	--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
-/usr/sbin/hcid		--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
-/usr/sbin/hid2hci	--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
-/usr/sbin/sdpd		--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
-
-#
-# /var
-#
-/var/lib/bluetooth(/.*)?	gen_context(system_u:object_r:bluetooth_var_lib_t,s0)
-
-/var/run/bluetoothd_address	gen_context(system_u:object_r:bluetooth_var_run_t,s0)
-/var/run/sdp		-s	gen_context(system_u:object_r:bluetooth_var_run_t,s0)
diff --git a/policy/modules/services/bluetooth.if b/policy/modules/services/bluetooth.if
deleted file mode 100644
index fa57a6f..0000000
--- a/policy/modules/services/bluetooth.if
+++ /dev/null
@@ -1,246 +0,0 @@
-## <summary>Bluetooth tools and system services.</summary>
-
-########################################
-## <summary>
-##	Role access for bluetooth
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`bluetooth_role',`
-	gen_require(`
-		type bluetooth_helper_t, bluetooth_helper_exec_t;
-		type bluetooth_helper_tmp_t, bluetooth_helper_tmpfs_t;
-	')
-
-	role $1 types bluetooth_helper_t;
-
-	domtrans_pattern($2, bluetooth_helper_exec_t, bluetooth_helper_t)
-
-	# allow ps to show cdrecord and allow the user to kill it
-	ps_process_pattern($2, bluetooth_helper_t)
-	allow $2 bluetooth_helper_t:process { ptrace signal_perms };
-
-	manage_dirs_pattern($2, bluetooth_helper_tmp_t, bluetooth_helper_tmp_t)
-	manage_files_pattern($2, bluetooth_helper_tmp_t, bluetooth_helper_tmp_t)
-	manage_sock_files_pattern($2, bluetooth_helper_tmp_t, bluetooth_helper_tmp_t)
-
-	manage_dirs_pattern($2, bluetooth_helper_tmpfs_t, bluetooth_helper_tmpfs_t)
-	manage_files_pattern($2, bluetooth_helper_tmpfs_t, bluetooth_helper_tmpfs_t)
-')
-
-#####################################
-## <summary>
-##	Connect to bluetooth over a unix domain
-##	stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bluetooth_stream_connect',`
-	gen_require(`
-		type bluetooth_t, bluetooth_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 bluetooth_t:socket rw_socket_perms;
-	stream_connect_pattern($1, bluetooth_var_run_t, bluetooth_var_run_t, bluetooth_t)
-')
-
-########################################
-## <summary>
-##	Execute bluetooth in the bluetooth domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`bluetooth_domtrans',`
-	gen_require(`
-		type bluetooth_t, bluetooth_exec_t;
-	')
-
-	domtrans_pattern($1, bluetooth_exec_t, bluetooth_t)
-')
-
-########################################
-## <summary>
-##	Read bluetooth daemon configuration.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bluetooth_read_config',`
-	gen_require(`
-		type bluetooth_conf_t;
-	')
-
-	allow $1 bluetooth_conf_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	bluetooth over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bluetooth_dbus_chat',`
-	gen_require(`
-		type bluetooth_t;
-		class dbus send_msg;
-	')
-
-	allow $1 bluetooth_t:dbus send_msg;
-	allow bluetooth_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	dontaudit Send and receive messages from
-##	bluetooth over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bluetooth_dontaudit_dbus_chat',`
-	gen_require(`
-		type bluetooth_t;
-		class dbus send_msg;
-	')
-
-	dontaudit $1 bluetooth_t:dbus send_msg;
-	dontaudit bluetooth_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Execute bluetooth_helper in the bluetooth_helper domain.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`bluetooth_domtrans_helper',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Execute bluetooth_helper in the bluetooth_helper domain, and
-##	allow the specified role the bluetooth_helper domain.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <param name="terminal">
-##	<summary>
-##	The type of the terminal allow the bluetooth_helper domain to use.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`bluetooth_run_helper',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read bluetooth helper state files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`bluetooth_dontaudit_read_helper_state',`
-	gen_require(`
-		type bluetooth_helper_t;
-	')
-
-	dontaudit $1 bluetooth_helper_t:dir search_dir_perms;
-	dontaudit $1 bluetooth_helper_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an bluetooth environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the bluetooth domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`bluetooth_admin',`
-	gen_require(`
-		type bluetooth_t, bluetooth_tmp_t, bluetooth_lock_t;
-		type bluetooth_var_lib_t, bluetooth_var_run_t, bluetooth_initrc_exec_t;
-		type bluetooth_conf_t, bluetooth_conf_rw_t;
-	')
-
-	allow $1 bluetooth_t:process { ptrace signal_perms };
-	ps_process_pattern($1, bluetooth_t)
-
-	init_labeled_script_domtrans($1, bluetooth_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 bluetooth_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, bluetooth_tmp_t)
-
-	files_list_var($1)
-	admin_pattern($1, bluetooth_lock_t)
-
-	files_list_etc($1)
-	admin_pattern($1, bluetooth_conf_t)
-	admin_pattern($1, bluetooth_conf_rw_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, bluetooth_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, bluetooth_var_run_t)
-')
diff --git a/policy/modules/services/bluetooth.te b/policy/modules/services/bluetooth.te
deleted file mode 100644
index 67818fe..0000000
--- a/policy/modules/services/bluetooth.te
+++ /dev/null
@@ -1,253 +0,0 @@
-policy_module(bluetooth, 3.3.0)
-
-########################################
-#
-# Declarations
-#
-
-type bluetooth_t;
-type bluetooth_exec_t;
-init_daemon_domain(bluetooth_t, bluetooth_exec_t)
-
-type bluetooth_conf_t;
-files_type(bluetooth_conf_t)
-
-type bluetooth_conf_rw_t;
-files_type(bluetooth_conf_rw_t)
-
-type bluetooth_helper_t;
-type bluetooth_helper_exec_t;
-typealias bluetooth_helper_t alias { user_bluetooth_helper_t staff_bluetooth_helper_t sysadm_bluetooth_helper_t };
-typealias bluetooth_helper_t alias { auditadm_bluetooth_helper_t secadm_bluetooth_helper_t };
-application_domain(bluetooth_helper_t, bluetooth_helper_exec_t)
-ubac_constrained(bluetooth_helper_t)
-
-type bluetooth_helper_tmp_t;
-typealias bluetooth_helper_tmp_t alias { user_bluetooth_helper_tmp_t staff_bluetooth_helper_tmp_t sysadm_bluetooth_helper_tmp_t };
-typealias bluetooth_helper_tmp_t alias { auditadm_bluetooth_helper_tmp_t secadm_bluetooth_helper_tmp_t };
-files_tmp_file(bluetooth_helper_tmp_t)
-ubac_constrained(bluetooth_helper_tmp_t)
-
-type bluetooth_helper_tmpfs_t;
-typealias bluetooth_helper_tmpfs_t alias { user_bluetooth_helper_tmpfs_t staff_bluetooth_helper_tmpfs_t sysadm_bluetooth_helper_tmpfs_t };
-typealias bluetooth_helper_tmpfs_t alias { auditadm_bluetooth_helper_tmpfs_t secadm_bluetooth_helper_tmpfs_t };
-files_tmpfs_file(bluetooth_helper_tmpfs_t)
-ubac_constrained(bluetooth_helper_tmpfs_t)
-
-type bluetooth_initrc_exec_t;
-init_script_file(bluetooth_initrc_exec_t)
-
-type bluetooth_lock_t;
-files_lock_file(bluetooth_lock_t)
-
-type bluetooth_tmp_t;
-files_tmp_file(bluetooth_tmp_t)
-
-type bluetooth_var_lib_t;
-files_type(bluetooth_var_lib_t)
-
-type bluetooth_var_run_t;
-files_pid_file(bluetooth_var_run_t)
-
-########################################
-#
-# Bluetooth services local policy
-#
-
-#sys_admin capability - redhat bug 573015
-allow bluetooth_t self:capability { dac_override net_bind_service net_admin net_raw setpcap sys_admin sys_tty_config ipc_lock };
-dontaudit bluetooth_t self:capability sys_tty_config;
-allow bluetooth_t self:process { getcap setcap getsched signal_perms };
-allow bluetooth_t self:fifo_file rw_fifo_file_perms;
-allow bluetooth_t self:shm create_shm_perms;
-allow bluetooth_t self:socket create_stream_socket_perms;
-allow bluetooth_t self:unix_dgram_socket create_socket_perms;
-allow bluetooth_t self:unix_stream_socket { connectto create_stream_socket_perms };
-allow bluetooth_t self:tcp_socket create_stream_socket_perms;
-allow bluetooth_t self:udp_socket create_socket_perms;
-allow bluetooth_t self:netlink_kobject_uevent_socket create_socket_perms;
-
-read_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_t)
-
-manage_dirs_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_rw_t)
-manage_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_rw_t)
-manage_lnk_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_rw_t)
-manage_fifo_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_rw_t)
-manage_sock_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_rw_t)
-filetrans_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_rw_t, { dir file lnk_file sock_file fifo_file })
-
-can_exec(bluetooth_t, bluetooth_helper_exec_t)
-
-allow bluetooth_t bluetooth_lock_t:file manage_file_perms;
-files_lock_filetrans(bluetooth_t, bluetooth_lock_t, file)
-
-manage_dirs_pattern(bluetooth_t, bluetooth_tmp_t, bluetooth_tmp_t)
-manage_files_pattern(bluetooth_t, bluetooth_tmp_t, bluetooth_tmp_t)
-files_tmp_filetrans(bluetooth_t, bluetooth_tmp_t, { file dir })
-
-manage_dirs_pattern(bluetooth_t, bluetooth_var_lib_t, bluetooth_var_lib_t)
-manage_files_pattern(bluetooth_t, bluetooth_var_lib_t, bluetooth_var_lib_t)
-files_var_lib_filetrans(bluetooth_t, bluetooth_var_lib_t, { dir file } )
-
-manage_files_pattern(bluetooth_t, bluetooth_var_run_t, bluetooth_var_run_t)
-manage_sock_files_pattern(bluetooth_t, bluetooth_var_run_t, bluetooth_var_run_t)
-files_pid_filetrans(bluetooth_t, bluetooth_var_run_t, { file sock_file })
-
-kernel_read_kernel_sysctls(bluetooth_t)
-kernel_read_system_state(bluetooth_t)
-kernel_read_network_state(bluetooth_t)
-kernel_request_load_module(bluetooth_t)
-#search debugfs - redhat bug 548206
-kernel_search_debugfs(bluetooth_t)
-
-ifdef(`hide_broken_symptoms', `
-	kernel_rw_unlabeled_socket(bluetooth_t)
-')
-
-corenet_all_recvfrom_unlabeled(bluetooth_t)
-corenet_all_recvfrom_netlabel(bluetooth_t)
-corenet_tcp_sendrecv_generic_if(bluetooth_t)
-corenet_udp_sendrecv_generic_if(bluetooth_t)
-corenet_raw_sendrecv_generic_if(bluetooth_t)
-corenet_tcp_sendrecv_generic_node(bluetooth_t)
-corenet_udp_sendrecv_generic_node(bluetooth_t)
-corenet_raw_sendrecv_generic_node(bluetooth_t)
-corenet_tcp_sendrecv_all_ports(bluetooth_t)
-corenet_udp_sendrecv_all_ports(bluetooth_t)
-
-dev_read_sysfs(bluetooth_t)
-dev_rw_usbfs(bluetooth_t)
-dev_rw_generic_usb_dev(bluetooth_t)
-dev_read_urand(bluetooth_t)
-dev_rw_input_dev(bluetooth_t)
-dev_rw_wireless(bluetooth_t)
-
-fs_getattr_all_fs(bluetooth_t)
-fs_search_auto_mountpoints(bluetooth_t)
-fs_list_inotifyfs(bluetooth_t)
-
-#Handle bluetooth serial devices
-term_use_unallocated_ttys(bluetooth_t)
-
-corecmd_exec_bin(bluetooth_t)
-corecmd_exec_shell(bluetooth_t)
-
-domain_use_interactive_fds(bluetooth_t)
-domain_dontaudit_search_all_domains_state(bluetooth_t)
-
-files_read_etc_files(bluetooth_t)
-files_read_etc_runtime_files(bluetooth_t)
-files_read_usr_files(bluetooth_t)
-
-auth_use_nsswitch(bluetooth_t)
-
-logging_send_syslog_msg(bluetooth_t)
-
-miscfiles_read_localization(bluetooth_t)
-miscfiles_read_fonts(bluetooth_t)
-miscfiles_read_hwdata(bluetooth_t)
-
-userdom_dontaudit_use_unpriv_user_fds(bluetooth_t)
-userdom_dontaudit_use_user_terminals(bluetooth_t)
-userdom_dontaudit_search_user_home_dirs(bluetooth_t)
-
-optional_policy(`
-	devicekit_dbus_chat_power(bluetooth_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(bluetooth_t)
-	dbus_connect_system_bus(bluetooth_t)
-
-	optional_policy(`
-		cups_dbus_chat(bluetooth_t)
-	')
-
-	optional_policy(`
-		hal_dbus_chat(bluetooth_t)
-	')
-
-	optional_policy(`
-		networkmanager_dbus_chat(bluetooth_t)
-	')
-
-	optional_policy(`
-		pulseaudio_dbus_chat(bluetooth_t)
-	')
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(bluetooth_t)
-')
-
-optional_policy(`
-	udev_read_db(bluetooth_t)
-')
-
-optional_policy(`
-	ppp_domtrans(bluetooth_t)
-')
-
-########################################
-#
-# Bluetooth helper programs local policy
-#
-
-allow bluetooth_helper_t self:capability sys_nice;
-allow bluetooth_helper_t self:process getsched;
-allow bluetooth_helper_t self:fifo_file rw_fifo_file_perms;
-allow bluetooth_helper_t self:shm create_shm_perms;
-allow bluetooth_helper_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow bluetooth_helper_t self:tcp_socket create_socket_perms;
-allow bluetooth_helper_t self:netlink_route_socket r_netlink_socket_perms;
-
-allow bluetooth_helper_t bluetooth_t:socket { read write };
-
-manage_dirs_pattern(bluetooth_helper_t, bluetooth_helper_tmp_t, bluetooth_helper_tmp_t)
-manage_files_pattern(bluetooth_helper_t, bluetooth_helper_tmp_t, bluetooth_helper_tmp_t)
-manage_sock_files_pattern(bluetooth_helper_t, bluetooth_helper_tmp_t, bluetooth_helper_tmp_t)
-files_tmp_filetrans(bluetooth_helper_t, bluetooth_helper_tmp_t, { file dir sock_file })
-
-manage_dirs_pattern(bluetooth_helper_t, bluetooth_helper_tmpfs_t, bluetooth_helper_tmpfs_t)
-manage_files_pattern(bluetooth_helper_t, bluetooth_helper_tmpfs_t, bluetooth_helper_tmpfs_t)
-fs_tmpfs_filetrans(bluetooth_helper_t, bluetooth_helper_tmpfs_t, { dir file })
-
-kernel_read_system_state(bluetooth_helper_t)
-kernel_read_kernel_sysctls(bluetooth_helper_t)
-
-dev_read_urand(bluetooth_helper_t)
-
-term_dontaudit_use_all_ttys(bluetooth_helper_t)
-
-corecmd_exec_bin(bluetooth_helper_t)
-corecmd_exec_shell(bluetooth_helper_t)
-
-domain_read_all_domains_state(bluetooth_helper_t)
-
-files_read_etc_files(bluetooth_helper_t)
-files_read_etc_runtime_files(bluetooth_helper_t)
-files_read_usr_files(bluetooth_helper_t)
-files_dontaudit_list_default(bluetooth_helper_t)
-
-locallogin_dontaudit_use_fds(bluetooth_helper_t)
-
-logging_send_syslog_msg(bluetooth_helper_t)
-
-miscfiles_read_localization(bluetooth_helper_t)
-
-sysnet_read_config(bluetooth_helper_t)
-
-optional_policy(`
-	bluetooth_dbus_chat(bluetooth_helper_t)
-
-	dbus_system_bus_client(bluetooth_helper_t)
-	dbus_connect_system_bus(bluetooth_helper_t)
-')
-
-optional_policy(`
-	nscd_socket_use(bluetooth_helper_t)
-')
-
-optional_policy(`
-	xserver_user_x_domain_template(bluetooth_helper, bluetooth_helper_t, bluetooth_helper_tmpfs_t)
-')
diff --git a/policy/modules/services/boinc.fc b/policy/modules/services/boinc.fc
deleted file mode 100644
index c095160..0000000
--- a/policy/modules/services/boinc.fc
+++ /dev/null
@@ -1,8 +0,0 @@
-
-/etc/rc\.d/init\.d/boinc-client		-- 	gen_context(system_u:object_r:boinc_initrc_exec_t,s0)
-
-/usr/bin/boinc_client			--	gen_context(system_u:object_r:boinc_exec_t,s0)
-
-/var/lib/boinc(/.*)?				gen_context(system_u:object_r:boinc_var_lib_t,s0)
-/var/lib/boinc/projects(/.*)?			gen_context(system_u:object_r:boinc_project_var_lib_t,s0)
-/var/lib/boinc/slots(/.*)?          	 	gen_context(system_u:object_r:boinc_project_var_lib_t,s0)
diff --git a/policy/modules/services/boinc.if b/policy/modules/services/boinc.if
deleted file mode 100644
index fa9b95a..0000000
--- a/policy/modules/services/boinc.if
+++ /dev/null
@@ -1,150 +0,0 @@
-## <summary>policy for boinc</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run boinc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`boinc_domtrans',`
-	gen_require(`
-		type boinc_t, boinc_exec_t;
-	')
-
-	domtrans_pattern($1, boinc_exec_t, boinc_t)
-')
-
-#######################################
-## <summary>
-##	Execute boinc server in the boinc domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`boinc_initrc_domtrans',`
-	gen_require(`
-		type boinc_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, boinc_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Search boinc lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`boinc_search_lib',`
-	gen_require(`
-		type boinc_var_lib_t;
-	')
-
-	allow $1 boinc_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Read boinc lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`boinc_read_lib_files',`
-	gen_require(`
-		type boinc_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	boinc lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`boinc_manage_lib_files',`
-	gen_require(`
-		type boinc_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Manage boinc var_lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`boinc_manage_var_lib',`
-	gen_require(`
-		type boinc_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_dirs_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
-	manage_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
-	manage_lnk_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an boinc environment.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`boinc_admin',`
-	gen_require(`
-		type boinc_t, boinc_initrc_exec_t, boinc_var_lib_t;
-	')
-
-	allow $1 boinc_t:process { ptrace signal_perms };
-	ps_process_pattern($1, boinc_t)
-
-	boinc_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 boinc_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_var_lib($1)
-	admin_pattern($1, boinc_var_lib_t)
-')
diff --git a/policy/modules/services/boinc.te b/policy/modules/services/boinc.te
deleted file mode 100644
index 4bc3f06..0000000
--- a/policy/modules/services/boinc.te
+++ /dev/null
@@ -1,167 +0,0 @@
-policy_module(boinc, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type boinc_t;
-type boinc_exec_t;
-init_daemon_domain(boinc_t, boinc_exec_t)
-
-type boinc_initrc_exec_t;
-init_script_file(boinc_initrc_exec_t)
-
-type boinc_tmp_t;
-files_tmp_file(boinc_tmp_t)
-
-type boinc_tmpfs_t;
-files_tmpfs_file(boinc_tmpfs_t)
-
-type boinc_var_lib_t;
-files_type(boinc_var_lib_t)
-
-type boinc_project_t;
-domain_type(boinc_project_t)
-role system_r types boinc_project_t;
-
-permissive boinc_project_t;
-
-type boinc_project_tmp_t;
-files_tmp_file(boinc_project_tmp_t)
-
-type boinc_project_var_lib_t;
-files_type(boinc_project_var_lib_t)
-
-########################################
-#
-# boinc local policy
-#
-
-allow boinc_t self:capability { kill };
-allow boinc_t self:process { setsched sigkill };
-
-allow boinc_t self:fifo_file rw_fifo_file_perms;
-allow boinc_t self:unix_stream_socket create_stream_socket_perms;
-allow boinc_t self:tcp_socket create_stream_socket_perms;
-allow boinc_t self:sem create_sem_perms;
-allow boinc_t self:shm create_shm_perms;
-
-manage_dirs_pattern(boinc_t, boinc_tmp_t, boinc_tmp_t)
-manage_files_pattern(boinc_t, boinc_tmp_t, boinc_tmp_t)
-files_tmp_filetrans(boinc_t, boinc_tmp_t, { dir file })
-
-manage_files_pattern(boinc_t, boinc_tmpfs_t, boinc_tmpfs_t)
-fs_tmpfs_filetrans(boinc_t, boinc_tmpfs_t, file)
-
-exec_files_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
-manage_dirs_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
-manage_files_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
-filetrans_pattern(boinc_t, boinc_var_lib_t, boinc_project_var_lib_t, dir)
-
-manage_dirs_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
-manage_files_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
-
-kernel_read_system_state(boinc_t)
-
-files_getattr_all_dirs(boinc_t)
-files_getattr_all_files(boinc_t)
-
-corecmd_exec_bin(boinc_t)
-corecmd_exec_shell(boinc_t)
-
-corenet_all_recvfrom_unlabeled(boinc_t)
-corenet_all_recvfrom_netlabel(boinc_t)
-corenet_tcp_sendrecv_generic_if(boinc_t)
-corenet_udp_sendrecv_generic_if(boinc_t)
-corenet_tcp_sendrecv_generic_node(boinc_t)
-corenet_udp_sendrecv_generic_node(boinc_t)
-corenet_tcp_sendrecv_all_ports(boinc_t)
-corenet_udp_sendrecv_all_ports(boinc_t)
-corenet_tcp_bind_generic_node(boinc_t)
-corenet_udp_bind_generic_node(boinc_t)
-corenet_tcp_bind_boinc_port(boinc_t)
-corenet_tcp_connect_boinc_port(boinc_t)
-corenet_tcp_connect_http_port(boinc_t)
-corenet_tcp_connect_http_cache_port(boinc_t)
-
-dev_list_sysfs(boinc_t)
-dev_read_rand(boinc_t)
-dev_read_urand(boinc_t)
-dev_read_sysfs(boinc_t)
-
-domain_read_all_domains_state(boinc_t)
-
-files_dontaudit_getattr_boot_dirs(boinc_t)
-
-files_read_etc_files(boinc_t)
-files_read_usr_files(boinc_t)
-
-fs_getattr_all_fs(boinc_t)
-
-term_dontaudit_getattr_ptmx(boinc_t)
-
-miscfiles_read_localization(boinc_t)
-miscfiles_read_generic_certs(boinc_t)
-
-logging_send_syslog_msg(boinc_t)
-
-sysnet_dns_name_resolve(boinc_t)
-
-mta_send_mail(boinc_t)
-
-########################################
-#
-# boinc-projects local policy
-#
-
-domtrans_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_t)
-allow boinc_t boinc_project_t:process sigkill;
-
-allow boinc_project_t self:process { ptrace setsched signal signull sigkill sigstop };
-allow boinc_project_t self:process { execmem execstack };
-
-allow boinc_project_t self:fifo_file rw_fifo_file_perms;
-allow boinc_project_t self:sem create_sem_perms;
-
-manage_dirs_pattern(boinc_project_t, boinc_project_tmp_t, boinc_project_tmp_t)
-manage_files_pattern(boinc_project_t, boinc_project_tmp_t, boinc_project_tmp_t)
-files_tmp_filetrans(boinc_project_t, boinc_project_tmp_t, { dir file })
-
-allow boinc_project_t boinc_project_var_lib_t:file entrypoint;
-exec_files_pattern(boinc_project_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
-manage_dirs_pattern(boinc_project_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
-manage_files_pattern(boinc_project_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
-files_var_lib_filetrans(boinc_project_t, boinc_project_var_lib_t, { file dir })
-
-allow boinc_project_t boinc_project_var_lib_t:file execmod;
-
-allow boinc_project_t boinc_t:shm rw_shm_perms;
-allow boinc_project_t boinc_tmpfs_t:file rw_inherited_file_perms;
-
-list_dirs_pattern(boinc_project_t, boinc_var_lib_t, boinc_var_lib_t)
-rw_files_pattern(boinc_project_t, boinc_var_lib_t, boinc_var_lib_t)
-
-kernel_read_system_state(boinc_project_t)
-kernel_read_kernel_sysctls(boinc_project_t)
-kernel_search_vm_sysctl(boinc_project_t)
-kernel_read_network_state(boinc_project_t)
-
-corecmd_exec_bin(boinc_project_t)
-corecmd_exec_shell(boinc_project_t)
-
-corenet_tcp_connect_boinc_port(boinc_project_t)
-
-dev_read_rand(boinc_project_t)
-dev_read_urand(boinc_project_t)
-dev_read_sysfs(boinc_project_t)
-dev_rw_xserver_misc(boinc_project_t)
-
-files_read_etc_files(boinc_project_t)
-
-miscfiles_read_fonts(boinc_project_t)
-miscfiles_read_localization(boinc_project_t)
-
-optional_policy(`
-	java_exec(boinc_project_t)
-')
diff --git a/policy/modules/services/bugzilla.fc b/policy/modules/services/bugzilla.fc
deleted file mode 100644
index 18f37e2..0000000
--- a/policy/modules/services/bugzilla.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-
-/usr/share/bugzilla(/.*)?	-d	gen_context(system_u:object_r:httpd_bugzilla_content_t,s0)
-/usr/share/bugzilla(/.*)?	--	gen_context(system_u:object_r:httpd_bugzilla_script_exec_t,s0)
-/var/lib/bugzilla(/.*)?			gen_context(system_u:object_r:httpd_bugzilla_rw_content_t,s0)
diff --git a/policy/modules/services/bugzilla.if b/policy/modules/services/bugzilla.if
deleted file mode 100644
index 3964548..0000000
--- a/policy/modules/services/bugzilla.if
+++ /dev/null
@@ -1,80 +0,0 @@
-## <summary>Bugzilla server</summary>
-
-########################################
-## <summary>
-##	Allow the specified domain to search 
-##	bugzilla directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bugzilla_search_dirs',`
-	gen_require(`
-		type httpd_bugzilla_content_t;
-	')
-
-	allow $1 httpd_bugzilla_content_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write 
-##	bugzilla script unix domain stream sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`bugzilla_dontaudit_rw_script_stream_sockets',`
-	gen_require(`
-		type httpd_bugzilla_script_t;
-	')
-
-	dontaudit $1 httpd_bugzilla_script_t:unix_stream_socket { read write };
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an bugzilla environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the bugzilla domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`bugzilla_admin',`
-	gen_require(`
-		type httpd_bugzilla_script_t, httpd_bugzilla_content_t, httpd_bugzilla_ra_content_t;
-		type httpd_bugzilla_rw_content_t, httpd_bugzilla_tmp_t, httpd_bugzilla_script_exec_t;
-		type httpd_bugzilla_htaccess_t;
-	')
-
-	allow $1 httpd_bugzilla_script_t:process { ptrace signal_perms };
-	ps_process_pattern($1, httpd_bugzilla_script_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, httpd_bugzilla_tmp_t)
-
-	files_list_var_lib(httpd_bugzilla_script_t)
-
-	apache_list_sys_content($1)
-	admin_pattern($1, httpd_bugzilla_script_exec_t)
-	admin_pattern($1, httpd_bugzilla_script_t)
-	admin_pattern($1, httpd_bugzilla_content_t)
-	admin_pattern($1, httpd_bugzilla_htaccess_t)
-	admin_pattern($1, httpd_bugzilla_rw_content_t)
-	admin_pattern($1, httpd_bugzilla_ra_content_t)
-')
diff --git a/policy/modules/services/bugzilla.te b/policy/modules/services/bugzilla.te
deleted file mode 100644
index c63c8fa..0000000
--- a/policy/modules/services/bugzilla.te
+++ /dev/null
@@ -1,55 +0,0 @@
-policy_module(bugzilla, 1.0)
-
-########################################
-#
-# Declarations
-#
-
-apache_content_template(bugzilla)
-
-type httpd_bugzilla_tmp_t;
-files_tmp_file(httpd_bugzilla_tmp_t)
-
-########################################
-#
-# bugzilla local policy
-#
-
-allow httpd_bugzilla_script_t self:netlink_route_socket r_netlink_socket_perms;
-allow httpd_bugzilla_script_t self:tcp_socket create_stream_socket_perms;
-allow httpd_bugzilla_script_t self:udp_socket create_socket_perms;
-
-corenet_all_recvfrom_unlabeled(httpd_bugzilla_script_t)
-corenet_all_recvfrom_netlabel(httpd_bugzilla_script_t)
-corenet_tcp_sendrecv_all_if(httpd_bugzilla_script_t)
-corenet_udp_sendrecv_all_if(httpd_bugzilla_script_t)
-corenet_tcp_sendrecv_all_nodes(httpd_bugzilla_script_t)
-corenet_udp_sendrecv_all_nodes(httpd_bugzilla_script_t)
-corenet_tcp_sendrecv_all_ports(httpd_bugzilla_script_t)
-corenet_udp_sendrecv_all_ports(httpd_bugzilla_script_t)
-corenet_tcp_connect_postgresql_port(httpd_bugzilla_script_t)
-corenet_tcp_connect_mysqld_port(httpd_bugzilla_script_t)
-corenet_tcp_connect_http_port(httpd_bugzilla_script_t)
-corenet_tcp_connect_smtp_port(httpd_bugzilla_script_t)
-corenet_sendrecv_postgresql_client_packets(httpd_bugzilla_script_t)
-corenet_sendrecv_mysqld_client_packets(httpd_bugzilla_script_t)
-
-manage_dirs_pattern(httpd_bugzilla_script_t, httpd_bugzilla_tmp_t, httpd_bugzilla_tmp_t)
-manage_files_pattern(httpd_bugzilla_script_t, httpd_bugzilla_tmp_t, httpd_bugzilla_tmp_t)
-files_tmp_filetrans(httpd_bugzilla_script_t, httpd_bugzilla_tmp_t, { file dir })
-
-files_search_var_lib(httpd_bugzilla_script_t)
-
-mta_send_mail(httpd_bugzilla_script_t)
-
-sysnet_read_config(httpd_bugzilla_script_t)
-sysnet_use_ldap(httpd_bugzilla_script_t)
-
-optional_policy(`
-	mysql_search_db(httpd_bugzilla_script_t)
-	mysql_stream_connect(httpd_bugzilla_script_t)
-')
-
-optional_policy(`
-	postgresql_stream_connect(httpd_bugzilla_script_t)
-')
diff --git a/policy/modules/services/cachefilesd.fc b/policy/modules/services/cachefilesd.fc
deleted file mode 100644
index 24d9837..0000000
--- a/policy/modules/services/cachefilesd.fc
+++ /dev/null
@@ -1,29 +0,0 @@
-###############################################################################
-#
-# Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
-# Written by David Howells (dhowells@redhat.com)
-#            Karl MacMillan (kmacmill@redhat.com)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version
-# 2 of the License, or (at your option) any later version.
-#
-###############################################################################
-
-#
-# Define the contexts to be assigned to various files and directories of
-# importance to the CacheFiles kernel module and userspace management daemon.
-#
-
-# cachefilesd executable will have:
-# label: system_u:object_r:cachefilesd_exec_t
-# MLS sensitivity: s0
-# MCS categories: <none>
-
-/sbin/cachefilesd	--	gen_context(system_u:object_r:cachefilesd_exec_t,s0)
-/dev/cachefiles		-c	gen_context(system_u:object_r:cachefiles_dev_t,s0)
-/var/fscache(/.*)?		gen_context(system_u:object_r:cachefiles_var_t,s0)
-/var/cache/fscache(/.*)?		gen_context(system_u:object_r:cachefiles_var_t,s0)
-
-/var/run/cachefilesd\.pid --	gen_context(system_u:object_r:cachefiles_var_t,s0)
diff --git a/policy/modules/services/cachefilesd.if b/policy/modules/services/cachefilesd.if
deleted file mode 100644
index 3b41945..0000000
--- a/policy/modules/services/cachefilesd.if
+++ /dev/null
@@ -1,35 +0,0 @@
-###############################################################################
-#
-# Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
-# Written by David Howells (dhowells@redhat.com)
-#            Karl MacMillan (kmacmill@redhat.com)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version
-# 2 of the License, or (at your option) any later version.
-#
-###############################################################################
-
-#
-# Define the policy interface for the CacheFiles userspace management daemon.
-#
-## <summary>policy for cachefilesd</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run cachefilesd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`cachefilesd_domtrans',`
-	gen_require(`
-		type cachefilesd_t, cachefilesd_exec_t;
-	')
-
-	domtrans_pattern($1, cachefilesd_exec_t, cachefilesd_t)
-')
diff --git a/policy/modules/services/cachefilesd.te b/policy/modules/services/cachefilesd.te
deleted file mode 100644
index 575c16e..0000000
--- a/policy/modules/services/cachefilesd.te
+++ /dev/null
@@ -1,143 +0,0 @@
-###############################################################################
-#
-# Copyright (C) 2006, 2010 Red Hat, Inc. All Rights Reserved.
-# Written by David Howells (dhowells@redhat.com)
-#            Karl MacMillan (kmacmill@redhat.com)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version
-# 2 of the License, or (at your option) any later version.
-#
-###############################################################################
-
-#
-# This security policy governs access by the CacheFiles kernel module and
-# userspace management daemon to the files and directories in the on-disk
-# cache, on behalf of the processes accessing the cache through a network
-# filesystem such as NFS
-#
-policy_module(cachefilesd, 1.0.17)
-
-###############################################################################
-#
-# Declarations
-#
-
-#
-# Files in the cache are created by the cachefiles module with security ID
-# cachefiles_var_t
-#
-type cachefiles_var_t;
-files_type(cachefiles_var_t)
-
-#
-# The /dev/cachefiles character device has security ID cachefiles_dev_t
-#
-type cachefiles_dev_t;
-dev_node(cachefiles_dev_t)
-
-#
-# The cachefilesd daemon normally runs with security ID cachefilesd_t
-#
-type cachefilesd_t;
-type cachefilesd_exec_t;
-init_daemon_domain(cachefilesd_t, cachefilesd_exec_t)
-
-#
-# The cachefilesd daemon pid file context
-#
-type cachefilesd_var_run_t;
-files_pid_file(cachefilesd_var_run_t)
-
-#
-# The CacheFiles kernel module causes processes accessing the cache files to do
-# so acting as security ID cachefiles_kernel_t
-#
-type cachefiles_kernel_t;
-domain_type(cachefiles_kernel_t)
-domain_obj_id_change_exemption(cachefiles_kernel_t)
-role system_r types cachefiles_kernel_t;
-
-###############################################################################
-#
-# Permit RPM to deal with files in the cache
-#
-rpm_use_script_fds(cachefilesd_t)
-
-###############################################################################
-#
-# cachefilesd local policy
-#
-# These define what cachefilesd is permitted to do.  This doesn't include very
-# much: startup stuff, logging, pid file, scanning the cache superstructure and
-# deleting files from the cache.  It is not permitted to read/write files in
-# the cache.
-#
-# Check in /usr/share/selinux/devel/include/ for macros to use instead of allow
-# rules.
-#
-allow cachefilesd_t self:capability { setuid setgid sys_admin dac_override };
-
-# Allow manipulation of pid file
-allow cachefilesd_t cachefilesd_var_run_t:file create_file_perms;
-manage_files_pattern(cachefilesd_t, cachefilesd_var_run_t, cachefilesd_var_run_t)
-manage_dirs_pattern(cachefilesd_t, cachefilesd_var_run_t, cachefilesd_var_run_t)
-files_pid_filetrans(cachefilesd_t, cachefilesd_var_run_t, file)
-files_create_as_is_all_files(cachefilesd_t)
-
-# Allow access to cachefiles device file
-allow cachefilesd_t cachefiles_dev_t:chr_file rw_file_perms;
-
-# Allow access to cache superstructure
-allow cachefilesd_t cachefiles_var_t:dir { rw_dir_perms delete_dir_perms };
-allow cachefilesd_t cachefiles_var_t:file { rename delete_file_perms };
-
-# Permit statfs on the backing filesystem
-fs_getattr_xattr_fs(cachefilesd_t)
-
-# Basic access
-files_read_etc_files(cachefilesd_t)
-miscfiles_read_localization(cachefilesd_t)
-logging_send_syslog_msg(cachefilesd_t)
-init_dontaudit_use_script_ptys(cachefilesd_t)
-term_dontaudit_use_generic_ptys(cachefilesd_t)
-term_dontaudit_getattr_unallocated_ttys(cachefilesd_t)
-
-###############################################################################
-#
-# When cachefilesd invokes the kernel module to begin caching, it has to tell
-# the kernel module the security context in which it should act, and this
-# policy has to approve that.
-#
-# There are two parts to this:
-#
-#   (1) the security context used by the module to access files in the cache,
-#       as set by the 'secctx' command in /etc/cachefilesd.conf, and
-#
-allow cachefilesd_t cachefiles_kernel_t:kernel_service { use_as_override };
-
-#
-#   (2) the label that will be assigned to new files and directories created in
-#       the cache by the module, which will be the same as the label on the
-#       directory pointed to by the 'dir' command.
-#
-allow cachefilesd_t cachefiles_var_t:kernel_service { create_files_as };
-
-###############################################################################
-#
-# cachefiles kernel module local policy
-#
-# This governs what the kernel module is allowed to do the contents of the
-# cache.
-#
-allow cachefiles_kernel_t self:capability { dac_override dac_read_search };
-
-manage_dirs_pattern(cachefiles_kernel_t, cachefiles_var_t, cachefiles_var_t)
-manage_files_pattern(cachefiles_kernel_t, cachefiles_var_t, cachefiles_var_t)
-
-fs_getattr_xattr_fs(cachefiles_kernel_t)
-
-dev_search_sysfs(cachefiles_kernel_t)
-
-init_sigchld_script(cachefiles_kernel_t)
diff --git a/policy/modules/services/canna.fc b/policy/modules/services/canna.fc
deleted file mode 100644
index 5432d0e..0000000
--- a/policy/modules/services/canna.fc
+++ /dev/null
@@ -1,23 +0,0 @@
-/etc/rc\.d/init\.d/canna --	gen_context(system_u:object_r:canna_initrc_exec_t,s0)
-
-#
-# /usr
-#
-/usr/bin/cannaping	--	gen_context(system_u:object_r:canna_exec_t,s0)
-/usr/bin/catdic		--	gen_context(system_u:object_r:canna_exec_t,s0)
-
-/usr/sbin/cannaserver	--	gen_context(system_u:object_r:canna_exec_t,s0)
-/usr/sbin/jserver	--	gen_context(system_u:object_r:canna_exec_t,s0)
-
-#
-# /var
-#
-/var/lib/canna/dic(/.*)?	gen_context(system_u:object_r:canna_var_lib_t,s0)
-/var/lib/wnn/dic(/.*)?		gen_context(system_u:object_r:canna_var_lib_t,s0)
-
-/var/log/canna(/.*)?		gen_context(system_u:object_r:canna_log_t,s0)
-/var/log/wnn(/.*)?		gen_context(system_u:object_r:canna_log_t,s0)
-
-/var/run/\.iroha_unix	-d	gen_context(system_u:object_r:canna_var_run_t,s0)
-/var/run/\.iroha_unix/.* -s	gen_context(system_u:object_r:canna_var_run_t,s0)
-/var/run/wnn-unix(/.*)		gen_context(system_u:object_r:canna_var_run_t,s0)
diff --git a/policy/modules/services/canna.if b/policy/modules/services/canna.if
deleted file mode 100644
index 4a26b0c..0000000
--- a/policy/modules/services/canna.if
+++ /dev/null
@@ -1,61 +0,0 @@
-## <summary>Canna - kana-kanji conversion server</summary>
-
-########################################
-## <summary>
-##	Connect to Canna using a unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`canna_stream_connect',`
-	gen_require(`
-		type canna_t, canna_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, canna_var_run_t, canna_var_run_t, canna_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an canna environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the canna domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`canna_admin',`
-	gen_require(`
-		type canna_t, canna_log_t, canna_var_lib_t;
-		type canna_var_run_t, canna_initrc_exec_t;
-	')
-
-	allow $1 canna_t:process { ptrace signal_perms };
-	ps_process_pattern($1, canna_t)
-
-	init_labeled_script_domtrans($1, canna_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 canna_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	logging_list_logs($1)
-	admin_pattern($1, canna_log_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, canna_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, canna_var_run_t)
-')
diff --git a/policy/modules/services/canna.te b/policy/modules/services/canna.te
deleted file mode 100644
index d60e2bf..0000000
--- a/policy/modules/services/canna.te
+++ /dev/null
@@ -1,93 +0,0 @@
-policy_module(canna, 1.10.1)
-
-########################################
-#
-# Declarations
-#
-
-type canna_t;
-type canna_exec_t;
-init_daemon_domain(canna_t, canna_exec_t)
-
-type canna_initrc_exec_t;
-init_script_file(canna_initrc_exec_t)
-
-type canna_log_t;
-logging_log_file(canna_log_t)
-
-type canna_var_lib_t;
-files_type(canna_var_lib_t)
-
-type canna_var_run_t;
-files_pid_file(canna_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow canna_t self:capability { setgid setuid net_bind_service };
-dontaudit canna_t self:capability sys_tty_config;
-allow canna_t self:process signal_perms;
-allow canna_t self:unix_stream_socket { connectto create_stream_socket_perms};
-allow canna_t self:unix_dgram_socket create_stream_socket_perms;
-allow canna_t self:tcp_socket create_stream_socket_perms;
-
-manage_files_pattern(canna_t, canna_log_t, canna_log_t)
-allow canna_t canna_log_t:dir setattr_dir_perms;
-logging_log_filetrans(canna_t, canna_log_t, { file dir })
-
-manage_dirs_pattern(canna_t, canna_var_lib_t, canna_var_lib_t)
-manage_files_pattern(canna_t, canna_var_lib_t, canna_var_lib_t)
-manage_lnk_files_pattern(canna_t, canna_var_lib_t, canna_var_lib_t)
-files_var_lib_filetrans(canna_t, canna_var_lib_t, file)
-
-manage_dirs_pattern(canna_t, canna_var_run_t, canna_var_run_t)
-manage_files_pattern(canna_t, canna_var_run_t, canna_var_run_t)
-manage_sock_files_pattern(canna_t, canna_var_run_t, canna_var_run_t)
-files_pid_filetrans(canna_t, canna_var_run_t, { dir file sock_file })
-
-kernel_read_kernel_sysctls(canna_t)
-kernel_read_system_state(canna_t)
-
-corenet_all_recvfrom_unlabeled(canna_t)
-corenet_all_recvfrom_netlabel(canna_t)
-corenet_tcp_sendrecv_generic_if(canna_t)
-corenet_tcp_sendrecv_generic_node(canna_t)
-corenet_tcp_sendrecv_all_ports(canna_t)
-corenet_tcp_connect_all_ports(canna_t)
-corenet_sendrecv_all_client_packets(canna_t)
-
-dev_read_sysfs(canna_t)
-
-fs_getattr_all_fs(canna_t)
-fs_search_auto_mountpoints(canna_t)
-
-domain_use_interactive_fds(canna_t)
-
-files_read_etc_files(canna_t)
-files_read_etc_runtime_files(canna_t)
-files_read_usr_files(canna_t)
-files_search_tmp(canna_t)
-files_dontaudit_read_root_files(canna_t)
-
-logging_send_syslog_msg(canna_t)
-
-miscfiles_read_localization(canna_t)
-
-sysnet_read_config(canna_t)
-
-userdom_dontaudit_use_unpriv_user_fds(canna_t)
-userdom_dontaudit_search_user_home_dirs(canna_t)
-
-optional_policy(`
-	nis_use_ypbind(canna_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(canna_t)
-')
-
-optional_policy(`
-	udev_read_db(canna_t)
-')
diff --git a/policy/modules/services/ccs.fc b/policy/modules/services/ccs.fc
deleted file mode 100644
index 8a7177d..0000000
--- a/policy/modules/services/ccs.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-/etc/cluster(/.*)?		gen_context(system_u:object_r:cluster_conf_t,s0)
-
-/sbin/ccsd		--	gen_context(system_u:object_r:ccs_exec_t,s0)
-
-/var/run/cluster/ccsd\.pid --	gen_context(system_u:object_r:ccs_var_run_t,s0)
-/var/run/cluster/ccsd\.sock -s	gen_context(system_u:object_r:ccs_var_run_t,s0)
diff --git a/policy/modules/services/ccs.if b/policy/modules/services/ccs.if
deleted file mode 100644
index 3105b09..0000000
--- a/policy/modules/services/ccs.if
+++ /dev/null
@@ -1,75 +0,0 @@
-## <summary>Cluster Configuration System</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run ccs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ccs_domtrans',`
-	gen_require(`
-		type ccs_t, ccs_exec_t;
-	')
-
-	domtrans_pattern($1, ccs_exec_t, ccs_t)
-')
-
-########################################
-## <summary>
-##	Connect to ccs over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ccs_stream_connect',`
-	gen_require(`
-		type ccs_t, ccs_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, ccs_var_run_t, ccs_var_run_t, ccs_t)
-')
-
-########################################
-## <summary>
-##	Read cluster configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ccs_read_config',`
-	gen_require(`
-		type cluster_conf_t;
-	')
-
-	read_files_pattern($1, cluster_conf_t, cluster_conf_t)
-')
-
-########################################
-## <summary>
-##	Manage cluster configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ccs_manage_config',`
-	gen_require(`
-		type cluster_conf_t;
-	')
-
-	manage_dirs_pattern($1, cluster_conf_t, cluster_conf_t)
-	manage_files_pattern($1, cluster_conf_t, cluster_conf_t)
-')
diff --git a/policy/modules/services/ccs.te b/policy/modules/services/ccs.te
deleted file mode 100644
index 8d7e14e..0000000
--- a/policy/modules/services/ccs.te
+++ /dev/null
@@ -1,127 +0,0 @@
-policy_module(ccs, 1.5.0)
-
-########################################
-#
-# Declarations
-#
-
-type ccs_t;
-type ccs_exec_t;
-init_daemon_domain(ccs_t, ccs_exec_t)
-
-type cluster_conf_t;
-files_type(cluster_conf_t)
-
-type ccs_tmp_t;
-files_tmp_file(ccs_tmp_t)
-
-type ccs_tmpfs_t;
-files_tmpfs_file(ccs_tmpfs_t)
-
-type ccs_var_lib_t;
-logging_log_file(ccs_var_lib_t)
-
-type ccs_var_log_t;
-logging_log_file(ccs_var_log_t)
-
-type ccs_var_run_t;
-files_pid_file(ccs_var_run_t)
-
-########################################
-#
-# ccs local policy
-#
-
-allow ccs_t self:capability { ipc_owner ipc_lock sys_nice sys_resource sys_admin };
-allow ccs_t self:process { signal setrlimit setsched };
-dontaudit ccs_t self:process ptrace;
-allow ccs_t self:fifo_file rw_fifo_file_perms;
-allow ccs_t self:unix_stream_socket { connectto create_stream_socket_perms };
-allow ccs_t self:unix_dgram_socket create_socket_perms;
-allow ccs_t self:netlink_route_socket r_netlink_socket_perms;
-allow ccs_t self:tcp_socket create_stream_socket_perms;
-allow ccs_t self:udp_socket { create_socket_perms listen recv_msg send_msg };
-# cjp: this needs to be fixed to be specific
-allow ccs_t self:socket create_socket_perms;
-
-manage_files_pattern(ccs_t, cluster_conf_t, cluster_conf_t)
-
-# tmp file
-allow ccs_t ccs_tmp_t:dir manage_dir_perms;
-manage_dirs_pattern(ccs_t, ccs_tmp_t, ccs_tmp_t)
-manage_files_pattern(ccs_t, ccs_tmp_t, ccs_tmp_t)
-files_tmp_filetrans(ccs_t, ccs_tmp_t, { file dir })
-
-manage_dirs_pattern(ccs_t, ccs_tmpfs_t, ccs_tmpfs_t)
-manage_files_pattern(ccs_t, ccs_tmpfs_t, ccs_tmpfs_t)
-fs_tmpfs_filetrans(ccs_t, ccs_tmpfs_t, { dir file })
-
-# var lib files
-manage_dirs_pattern(ccs_t, ccs_var_lib_t, ccs_var_lib_t)
-manage_files_pattern(ccs_t, ccs_var_lib_t, ccs_var_lib_t)
-files_var_lib_filetrans(ccs_t, ccs_var_lib_t, { file dir })
-
-allow ccs_t ccs_var_log_t:dir setattr_dir_perms;
-manage_files_pattern(ccs_t, ccs_var_log_t, ccs_var_log_t)
-manage_sock_files_pattern(ccs_t, ccs_var_log_t, ccs_var_log_t)
-logging_log_filetrans(ccs_t, ccs_var_log_t, { sock_file file dir })
-
-# pid file
-manage_dirs_pattern(ccs_t, ccs_var_run_t, ccs_var_run_t)
-manage_files_pattern(ccs_t, ccs_var_run_t, ccs_var_run_t)
-manage_sock_files_pattern(ccs_t, ccs_var_run_t, ccs_var_run_t)
-files_pid_filetrans(ccs_t, ccs_var_run_t, { dir file sock_file })
-
-kernel_read_kernel_sysctls(ccs_t)
-
-corecmd_list_bin(ccs_t)
-corecmd_exec_bin(ccs_t)
-
-corenet_all_recvfrom_unlabeled(ccs_t)
-corenet_all_recvfrom_netlabel(ccs_t)
-corenet_tcp_sendrecv_generic_if(ccs_t)
-corenet_udp_sendrecv_generic_if(ccs_t)
-corenet_tcp_sendrecv_generic_node(ccs_t)
-corenet_udp_sendrecv_generic_node(ccs_t)
-corenet_tcp_sendrecv_all_ports(ccs_t)
-corenet_udp_sendrecv_all_ports(ccs_t)
-corenet_tcp_bind_generic_node(ccs_t)
-corenet_udp_bind_generic_node(ccs_t)
-corenet_tcp_bind_cluster_port(ccs_t)
-corenet_udp_bind_cluster_port(ccs_t)
-corenet_udp_bind_netsupport_port(ccs_t)
-
-dev_read_urand(ccs_t)
-
-files_read_etc_files(ccs_t)
-files_read_etc_runtime_files(ccs_t)
-
-init_rw_script_tmp_files(ccs_t)
-
-logging_send_syslog_msg(ccs_t)
-
-miscfiles_read_localization(ccs_t)
-
-sysnet_dns_name_resolve(ccs_t)
-
-userdom_manage_unpriv_user_shared_mem(ccs_t)
-userdom_manage_unpriv_user_semaphores(ccs_t)
-
-ifdef(`hide_broken_symptoms',`
-	corecmd_dontaudit_write_bin_dirs(ccs_t)
-	files_manage_isid_type_files(ccs_t)
-')
-
-optional_policy(`
-	aisexec_stream_connect(ccs_t)
-	corosync_stream_connect(ccs_t)
-')
-
-optional_policy(`
-	qpidd_rw_semaphores(ccs_t)
-	qpidd_rw_shm(ccs_t)
-')
-
-optional_policy(`
-	unconfined_use_fds(ccs_t)
-')
diff --git a/policy/modules/services/certmaster.fc b/policy/modules/services/certmaster.fc
deleted file mode 100644
index 79295d6..0000000
--- a/policy/modules/services/certmaster.fc
+++ /dev/null
@@ -1,8 +0,0 @@
-/etc/certmaster(/.*)?			gen_context(system_u:object_r:certmaster_etc_rw_t,s0)
-/etc/rc\.d/init\.d/certmaster	--	gen_context(system_u:object_r:certmaster_initrc_exec_t,s0)
-
-/usr/bin/certmaster		--	gen_context(system_u:object_r:certmaster_exec_t,s0)
-
-/var/lib/certmaster(/.*)?		gen_context(system_u:object_r:certmaster_var_lib_t,s0)
-/var/log/certmaster(/.*)?		gen_context(system_u:object_r:certmaster_var_log_t,s0)
-/var/run/certmaster.*			gen_context(system_u:object_r:certmaster_var_run_t,s0)
diff --git a/policy/modules/services/certmaster.if b/policy/modules/services/certmaster.if
deleted file mode 100644
index ffd0da5..0000000
--- a/policy/modules/services/certmaster.if
+++ /dev/null
@@ -1,144 +0,0 @@
-## <summary>Certmaster SSL certificate distribution service</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run certmaster.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`certmaster_domtrans',`
-	gen_require(`
-		type certmaster_t, certmaster_exec_t;
-	')
-
-	domtrans_pattern($1, certmaster_exec_t, certmaster_t)
-')
-
-####################################
-## <summary>
-##	Execute certmaster in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`certmaster_exec',`
-	gen_require(`
-		type certmaster_exec_t;
-	')
-
-	can_exec($1, certmaster_exec_t)
-	corecmd_search_bin($1)
-')
-
-#######################################
-## <summary>
-##	read certmaster logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`certmaster_read_log',`
-	gen_require(`
-		type certmaster_var_log_t;
-	')
-
-	read_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
-	logging_search_logs($1)
-')
-
-#######################################
-## <summary>
-##	Append to certmaster logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`certmaster_append_log',`
-	gen_require(`
-		type certmaster_var_log_t;
-	')
-
-	append_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
-	logging_search_logs($1)
-')
-
-#######################################
-## <summary>
-##	Create, read, write, and delete
-##	certmaster logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`certmaster_manage_log',`
-	gen_require(`
-		type certmaster_var_log_t;
-	')
-
-	manage_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
-	manage_lnk_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
-	logging_search_logs($1)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an snort environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-## 	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`certmaster_admin',`
-	gen_require(`
-		type certmaster_t, certmaster_var_run_t, certmaster_var_lib_t;
-		type certmaster_etc_rw_t, certmaster_var_log_t, certmaster_initrc_exec_t;
-	')
-
-	allow $1 certmaster_t:process { ptrace signal_perms };
-	ps_process_pattern($1, certmaster_t)
-
-	init_labeled_script_domtrans($1, certmaster_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 certmaster_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	miscfiles_manage_generic_cert_dirs($1)
-	miscfiles_manage_generic_cert_files($1)
-
-	admin_pattern($1, certmaster_etc_rw_t)
-
-	files_list_pids($1)
-	admin_pattern($1, certmaster_var_run_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, certmaster_var_log_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, certmaster_var_lib_t)
-')
diff --git a/policy/modules/services/certmaster.te b/policy/modules/services/certmaster.te
deleted file mode 100644
index dbfd0a6..0000000
--- a/policy/modules/services/certmaster.te
+++ /dev/null
@@ -1,72 +0,0 @@
-policy_module(certmaster, 1.1.2)
-
-########################################
-#
-# Declarations
-#
-
-type certmaster_t;
-type certmaster_exec_t;
-init_daemon_domain(certmaster_t, certmaster_exec_t)
-
-type certmaster_initrc_exec_t;
-init_script_file(certmaster_initrc_exec_t)
-
-type certmaster_etc_rw_t;
-files_type(certmaster_etc_rw_t)
-
-type certmaster_var_lib_t;
-files_type(certmaster_var_lib_t)
-
-type certmaster_var_log_t;
-logging_log_file(certmaster_var_log_t)
-
-type certmaster_var_run_t;
-files_pid_file(certmaster_var_run_t)
-
-###########################################
-#
-# certmaster local policy
-#
-
-allow certmaster_t self:capability { dac_read_search dac_override sys_tty_config };
-allow certmaster_t self:tcp_socket create_stream_socket_perms;
-
-# config files
-list_dirs_pattern(certmaster_t, certmaster_etc_rw_t, certmaster_etc_rw_t)
-manage_files_pattern(certmaster_t, certmaster_etc_rw_t, certmaster_etc_rw_t)
-
-# var/lib files for certmaster
-manage_files_pattern(certmaster_t, certmaster_var_lib_t, certmaster_var_lib_t)
-manage_dirs_pattern(certmaster_t, certmaster_var_lib_t, certmaster_var_lib_t)
-files_var_lib_filetrans(certmaster_t, certmaster_var_lib_t, { file dir })
-
-# log files
-manage_files_pattern(certmaster_t, certmaster_var_log_t, certmaster_var_log_t)
-logging_log_filetrans(certmaster_t, certmaster_var_log_t, file)
-
-# pid file
-manage_files_pattern(certmaster_t, certmaster_var_run_t, certmaster_var_run_t)
-manage_sock_files_pattern(certmaster_t, certmaster_var_run_t, certmaster_var_run_t)
-files_pid_filetrans(certmaster_t, certmaster_var_run_t, { file sock_file })
-
-# read meminfo
-kernel_read_system_state(certmaster_t)
-
-corecmd_search_bin(certmaster_t)
-corecmd_getattr_bin_files(certmaster_t)
-
-corenet_tcp_bind_generic_node(certmaster_t)
-corenet_tcp_bind_certmaster_port(certmaster_t)
-
-files_search_etc(certmaster_t)
-files_read_usr_files(certmaster_t)
-files_list_var(certmaster_t)
-files_search_var_lib(certmaster_t)
-
-auth_use_nsswitch(certmaster_t)
-
-miscfiles_read_localization(certmaster_t)
-
-miscfiles_manage_generic_cert_dirs(certmaster_t)
-miscfiles_manage_generic_cert_files(certmaster_t)
diff --git a/policy/modules/services/certmonger.fc b/policy/modules/services/certmonger.fc
deleted file mode 100644
index 5ad1a52..0000000
--- a/policy/modules/services/certmonger.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-/etc/rc\.d/init\.d/certmonger	--	gen_context(system_u:object_r:certmonger_initrc_exec_t,s0)
-
-/usr/sbin/certmonger		--	gen_context(system_u:object_r:certmonger_exec_t,s0)
-
-/var/lib/certmonger(/.*)?		gen_context(system_u:object_r:certmonger_var_lib_t,s0)
-/var/run/certmonger.pid		--	gen_context(system_u:object_r:certmonger_var_run_t,s0)
diff --git a/policy/modules/services/certmonger.if b/policy/modules/services/certmonger.if
deleted file mode 100644
index d664be8..0000000
--- a/policy/modules/services/certmonger.if
+++ /dev/null
@@ -1,174 +0,0 @@
-## <summary>Certificate status monitor and PKI enrollment client</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run certmonger.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`certmonger_domtrans',`
-	gen_require(`
-		type certmonger_t, certmonger_exec_t;
-	')
-
-	domtrans_pattern($1, certmonger_exec_t, certmonger_t)
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	certmonger over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`certmonger_dbus_chat',`
-	gen_require(`
-		type certmonger_t;
-		class dbus send_msg;
-	')
-
-	allow $1 certmonger_t:dbus send_msg;
-	allow certmonger_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Execute certmonger server in the certmonger domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`certmonger_initrc_domtrans',`
-	gen_require(`
-		type certmonger_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, certmonger_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Read certmonger PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`certmonger_read_pid_files',`
-	gen_require(`
-		type certmonger_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 certmonger_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Search certmonger lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`certmonger_search_lib',`
-	gen_require(`
-		type certmonger_var_lib_t;
-	')
-
-	allow $1 certmonger_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Read certmonger lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`certmonger_read_lib_files',`
-	gen_require(`
-		type certmonger_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, certmonger_var_lib_t, certmonger_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	certmonger lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`certmonger_manage_lib_files',`
-	gen_require(`
-		type certmonger_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, certmonger_var_lib_t, certmonger_var_lib_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an certmonger environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`certmonger_admin',`
-	gen_require(`
-		type certmonger_t, certmonger_initrc_exec_t;
-		type certmonger_var_lib_t, certmonger_var_run_t;
-	')
-
-	ps_process_pattern($1, certmonger_t)
-	allow $1 certmonger_t:process { ptrace signal_perms };
-
-	# Allow certmonger_t to restart the apache service
-	certmonger_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 certmonger_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_var_lib($1)
-	admin_pattern($1, certmonger_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, certmonger_var_run_t)
-')
diff --git a/policy/modules/services/certmonger.te b/policy/modules/services/certmonger.te
deleted file mode 100644
index 5595c96..0000000
--- a/policy/modules/services/certmonger.te
+++ /dev/null
@@ -1,83 +0,0 @@
-policy_module(certmonger, 1.0.1)
-
-########################################
-#
-# Declarations
-#
-
-type certmonger_t;
-type certmonger_exec_t;
-init_daemon_domain(certmonger_t, certmonger_exec_t)
-
-type certmonger_initrc_exec_t;
-init_script_file(certmonger_initrc_exec_t)
-
-type certmonger_var_run_t;
-files_pid_file(certmonger_var_run_t)
-
-type certmonger_var_lib_t;
-files_type(certmonger_var_lib_t)
-
-########################################
-#
-# certmonger local policy
-#
-
-allow certmonger_t self:capability { kill sys_nice };
-allow certmonger_t self:process { getsched setsched sigkill };
-allow certmonger_t self:fifo_file rw_file_perms;
-allow certmonger_t self:unix_stream_socket create_stream_socket_perms;
-allow certmonger_t self:tcp_socket create_stream_socket_perms;
-allow certmonger_t self:netlink_route_socket r_netlink_socket_perms;
-
-manage_dirs_pattern(certmonger_t, certmonger_var_lib_t, certmonger_var_lib_t)
-manage_files_pattern(certmonger_t, certmonger_var_lib_t, certmonger_var_lib_t)
-files_var_lib_filetrans(certmonger_t, certmonger_var_lib_t, { file dir })
-
-manage_dirs_pattern(certmonger_t, certmonger_var_run_t, certmonger_var_run_t)
-manage_files_pattern(certmonger_t, certmonger_var_run_t, certmonger_var_run_t)
-files_pid_filetrans(certmonger_t, certmonger_var_run_t, { file dir })
-
-corenet_tcp_sendrecv_generic_if(certmonger_t)
-corenet_tcp_sendrecv_generic_node(certmonger_t)
-corenet_tcp_sendrecv_all_ports(certmonger_t)
-corenet_tcp_connect_certmaster_port(certmonger_t)
-
-dev_read_urand(certmonger_t)
-
-domain_use_interactive_fds(certmonger_t)
-
-files_read_etc_files(certmonger_t)
-files_read_usr_files(certmonger_t)
-files_list_tmp(certmonger_t)
-
-logging_send_syslog_msg(certmonger_t)
-
-miscfiles_read_localization(certmonger_t)
-miscfiles_manage_generic_cert_files(certmonger_t)
-
-sysnet_dns_name_resolve(certmonger_t)
-
-userdom_search_user_home_content(certmonger_t)
-
-optional_policy(`
-	apache_search_config(certmonger_t)
-')
-
-optional_policy(`
-	bind_search_cache(certmonger_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(certmonger_t)
-	dbus_connect_system_bus(certmonger_t)
-')
-
-optional_policy(`
-	kerberos_use(certmonger_t)
-')
-
-optional_policy(`
-	pcscd_stream_connect(certmonger_t)
-')
-
diff --git a/policy/modules/services/cgroup.fc b/policy/modules/services/cgroup.fc
deleted file mode 100644
index 420c9d3..0000000
--- a/policy/modules/services/cgroup.fc
+++ /dev/null
@@ -1,14 +0,0 @@
-/etc/cgconfig.conf		--	gen_context(system_u:object_r:cgconfig_etc_t,s0)
-/etc/cgrules.conf		--	gen_context(system_u:object_r:cgrules_etc_t,s0)
-
-/etc/sysconfig/cgconfig		--	gen_context(system_u:object_r:cgconfig_etc_t,s0)
-/etc/sysconfig/cgred.conf	--	gen_context(system_u:object_r:cgrules_etc_t,s0)
-
-/etc/rc\.d/init\.d/cgconfig	--	gen_context(system_u:object_r:cgconfig_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/cgred	--	gen_context(system_u:object_r:cgred_initrc_exec_t,s0)
-
-/sbin/cgconfigparser		--	gen_context(system_u:object_r:cgconfig_exec_t,s0)
-/sbin/cgrulesengd		--	gen_context(system_u:object_r:cgred_exec_t,s0)
-/sbin/cgclear			--	gen_context(system_u:object_r:cgclear_exec_t,s0)
-
-/var/run/cgred.*			gen_context(system_u:object_r:cgred_var_run_t,s0)
diff --git a/policy/modules/services/cgroup.if b/policy/modules/services/cgroup.if
deleted file mode 100644
index e5cbcef..0000000
--- a/policy/modules/services/cgroup.if
+++ /dev/null
@@ -1,199 +0,0 @@
-## <summary>libcg is a library that abstracts the control group file system in Linux.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run
-##	CG Clear.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`cgroup_domtrans_cgclear',`
-	gen_require(`
-		type cgclear_t, cgclear_exec_t;
-	')
-
-	domtrans_pattern($1, cgclear_exec_t, cgclear_t)
-	corecmd_search_bin($1)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run
-##	CG config parser.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`cgroup_domtrans_cgconfig',`
-	gen_require(`
-		type cgconfig_t, cgconfig_exec_t;
-	')
-
-	domtrans_pattern($1, cgconfig_exec_t, cgconfig_t)
-	corecmd_search_bin($1)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run
-##	CG config parser.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`cgroup_initrc_domtrans_cgconfig',`
-	gen_require(`
-		type cgconfig_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, cgconfig_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run
-##	CG rules engine daemon.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`cgroup_domtrans_cgred',`
-	gen_require(`
-		type cgred_t, cgred_exec_t;
-	')
-
-	domtrans_pattern($1, cgred_exec_t, cgred_t)
-	corecmd_search_bin($1)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run
-## 	CG rules engine daemon.
-##	domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`cgroup_initrc_domtrans_cgred',`
-	gen_require(`
-		type cgred_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, cgred_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to
-##	run CG Clear and allow the
-##	specified role the CG Clear
-##	domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`cgroup_run_cgclear',`
-	gen_require(`
-		type cgclear_t;
-	')
-
-	cgroup_domtrans_cgclear($1)
-	role $2 types cgclear_t;
-')
-
-########################################
-## <summary>
-##	Connect to CG rules engine daemon
-##	over unix stream sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cgroup_stream_connect_cgred', `
-	gen_require(`
-		type cgred_var_run_t, cgred_t;
-	')
-
-	stream_connect_pattern($1, cgred_var_run_t, cgred_var_run_t, cgred_t)
-	files_search_pids($1)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an cgroup environment.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`cgroup_admin',`
-	gen_require(`
-		type cgred_t, cgconfig_t, cgred_var_run_t;
-		type cgconfig_etc_t, cgconfig_initrc_exec_t, cgred_initrc_exec_t;
-		type cgrules_etc_t, cgclear_t;
-	')
-
-	allow $1 cgclear_t:process { ptrace signal_perms };
-	ps_process_pattern($1, cgclear_t)
-
-	allow $1 cgconfig_t:process { ptrace signal_perms };
-	ps_process_pattern($1, cgconfig_t)
-
-	allow $1 cgred_t:process { ptrace signal_perms };
-	ps_process_pattern($1, cgred_t)
-
-	admin_pattern($1, cgconfig_etc_t)
-	admin_pattern($1, cgrules_etc_t)
-	files_list_etc($1)
-
-	admin_pattern($1, cgred_var_run_t)
-	files_list_pids($1)
-
-	cgroup_initrc_domtrans_cgconfig($1)
-	domain_system_change_exemption($1)
-	role_transition $2 cgconfig_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	cgroup_initrc_domtrans_cgred($1)
-	role_transition $2 cgred_initrc_exec_t system_r;
-
-	cgroup_run_cgclear($1, $2)
-')
diff --git a/policy/modules/services/cgroup.te b/policy/modules/services/cgroup.te
deleted file mode 100644
index 63a18fc..0000000
--- a/policy/modules/services/cgroup.te
+++ /dev/null
@@ -1,102 +0,0 @@
-policy_module(cgroup, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type cgclear_t;
-type cgclear_exec_t;
-init_daemon_domain(cgclear_t, cgclear_exec_t)
-
-type cgred_t;
-type cgred_exec_t;
-init_daemon_domain(cgred_t, cgred_exec_t)
-
-type cgred_initrc_exec_t;
-init_script_file(cgred_initrc_exec_t)
-
-type cgred_var_run_t;
-files_pid_file(cgred_var_run_t)
-
-type cgrules_etc_t;
-files_config_file(cgrules_etc_t)
-
-type cgconfig_t alias cgconfigparser_t;
-type cgconfig_exec_t alias cgconfigparser_exec_t;
-init_daemon_domain(cgconfig_t, cgconfig_exec_t)
-
-type cgconfig_initrc_exec_t;
-init_script_file(cgconfig_initrc_exec_t)
-
-type cgconfig_etc_t;
-files_config_file(cgconfig_etc_t)
-
-########################################
-#
-# cgclear personal policy.
-#
-
-allow cgclear_t self:capability sys_admin;
-
-kernel_read_system_state(cgclear_t)
-
-domain_setpriority_all_domains(cgclear_t)
-
-fs_manage_cgroup_dirs(cgclear_t)
-fs_manage_cgroup_files(cgclear_t)
-fs_unmount_cgroup(cgclear_t)
-
-########################################
-#
-# cgconfig personal policy.
-#
-
-allow cgconfig_t self:capability { dac_override fowner chown sys_admin };
-
-allow cgconfig_t cgconfig_etc_t:file read_file_perms;
-
-# search will do.
-kernel_list_unlabeled(cgconfig_t)
-kernel_read_system_state(cgconfig_t)
-
-# /etc/nsswitch.conf, /etc/passwd
-files_read_etc_files(cgconfig_t)
-
-fs_manage_cgroup_dirs(cgconfig_t)
-fs_manage_cgroup_files(cgconfig_t)
-fs_mount_cgroup(cgconfig_t)
-fs_mounton_cgroup(cgconfig_t)
-
-########################################
-#
-# cgred personal policy.
-#
-
-allow cgred_t self:capability { net_admin sys_admin sys_ptrace dac_override };
-allow cgred_t self:netlink_socket { write bind create read };
-allow cgred_t self:unix_dgram_socket { write create connect };
-
-allow cgred_t cgrules_etc_t:file read_file_perms;
-
-# rc script creates pid file
-manage_files_pattern(cgred_t, cgred_var_run_t, cgred_var_run_t)
-manage_sock_files_pattern(cgred_t, cgred_var_run_t, cgred_var_run_t)
-files_pid_filetrans(cgred_t, cgred_var_run_t, { file sock_file })
-
-kernel_read_system_state(cgred_t)
-
-domain_read_all_domains_state(cgred_t)
-domain_setpriority_all_domains(cgred_t)
-
-files_getattr_all_files(cgred_t)
-files_getattr_all_sockets(cgred_t)
-files_read_all_symlinks(cgred_t)
-# /etc/group
-files_read_etc_files(cgred_t)
-
-fs_write_cgroup_files(cgred_t)
-
-logging_send_syslog_msg(cgred_t)
-
-miscfiles_read_localization(cgred_t)
diff --git a/policy/modules/services/chronyd.fc b/policy/modules/services/chronyd.fc
deleted file mode 100644
index fd8cd0b..0000000
--- a/policy/modules/services/chronyd.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-/etc/chrony\.keys		--	gen_context(system_u:object_r:chronyd_keys_t,s0)
-
-/etc/rc\.d/init\.d/chronyd	--	gen_context(system_u:object_r:chronyd_initrc_exec_t,s0)
-
-/usr/sbin/chronyd		--	gen_context(system_u:object_r:chronyd_exec_t,s0)
-
-/var/lib/chrony(/.*)?			gen_context(system_u:object_r:chronyd_var_lib_t,s0)
-/var/log/chrony(/.*)?			gen_context(system_u:object_r:chronyd_var_log_t,s0)
-/var/run/chronyd\.pid		--	gen_context(system_u:object_r:chronyd_var_run_t,s0)
diff --git a/policy/modules/services/chronyd.if b/policy/modules/services/chronyd.if
deleted file mode 100644
index 2ede737..0000000
--- a/policy/modules/services/chronyd.if
+++ /dev/null
@@ -1,180 +0,0 @@
-## <summary>Chrony NTP background daemon</summary>
-
-#####################################
-## <summary>
-##	Execute chronyd in the chronyd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`chronyd_domtrans',`
-	gen_require(`
-		type chronyd_t, chronyd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, chronyd_exec_t, chronyd_t)
-')
-
-########################################
-## <summary>
-##	Execute chronyd server in the chronyd  domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`chronyd_initrc_domtrans',`
-	gen_require(`
-		type chronyd_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, chronyd_initrc_exec_t)
-')
-
-####################################
-## <summary>
-##	Execute chronyd
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`chronyd_exec',`
-	gen_require(`
-		type chronyd_exec_t;
-	')
-
-	can_exec($1, chronyd_exec_t)
-')
-
-#####################################
-## <summary>
-##	Read chronyd logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`chronyd_read_log',`
-	gen_require(`
-		type chronyd_var_log_t;
-	')
-
-	logging_search_logs($1)
-	read_files_pattern($1, chronyd_var_log_t, chronyd_var_log_t)
-')
-
-########################################
-## <summary>
-##	Read and write chronyd shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`chronyd_rw_shm',`
-	gen_require(`
-		type chronyd_t, chronyd_tmpfs_t;
-	')
-
-	allow $1 chronyd_t:shm rw_shm_perms;
-	allow $1 chronyd_tmpfs_t:dir list_dir_perms;
-	rw_files_pattern($1, chronyd_tmpfs_t, chronyd_tmpfs_t)
-	read_lnk_files_pattern($1, chronyd_tmpfs_t, chronyd_tmpfs_t)
-	fs_search_tmpfs($1)
-')
-
-########################################
-## <summary>
-##	Read chronyd keys files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`chronyd_read_keys',`
-	gen_require(`
-		type chronyd_keys_t;
-	')
-
-	read_files_pattern($1, chronyd_keys_t, chronyd_keys_t)
-')
-
-########################################
-## <summary>
-##	Append chronyd keys files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`chronyd_append_keys',`
-	gen_require(`
-		type chronyd_keys_t;
-	')
-
-	append_files_pattern($1, chronyd_keys_t, chronyd_keys_t)
-')
-
-####################################
-## <summary>
-##	All of the rules required to administrate
-##	an chronyd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the chronyd domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`chronyd_admin',`
-	gen_require(`
-		type chronyd_t, chronyd_var_log_t, chronyd_var_run_t;
-		type chronyd_var_lib_t, chronyd_tmpfs_t, chronyd_initrc_exec_t;
-		type chronyd_keys_t;
-	')
-
-	allow $1 chronyd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, chronyd_t)
-
-	init_labeled_script_domtrans($1, chronyd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 chronyd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, chronyd_keys_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, chronyd_var_log_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, chronyd_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, chronyd_var_run_t)
-
-	admin_pattern($1, chronyd_tmpfs_t)
-')
diff --git a/policy/modules/services/chronyd.te b/policy/modules/services/chronyd.te
deleted file mode 100644
index 7f4ca47..0000000
--- a/policy/modules/services/chronyd.te
+++ /dev/null
@@ -1,76 +0,0 @@
-policy_module(chronyd, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type chronyd_t;
-type chronyd_exec_t;
-init_daemon_domain(chronyd_t, chronyd_exec_t)
-
-type chronyd_initrc_exec_t;
-init_script_file(chronyd_initrc_exec_t)
-
-type chronyd_keys_t;
-files_type(chronyd_keys_t)
-
-type chronyd_tmpfs_t;
-files_tmpfs_file(chronyd_tmpfs_t)
-
-type chronyd_var_lib_t;
-files_type(chronyd_var_lib_t)
-
-type chronyd_var_log_t;
-logging_log_file(chronyd_var_log_t)
-
-type chronyd_var_run_t;
-files_pid_file(chronyd_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow chronyd_t self:capability { dac_override ipc_lock setuid setgid sys_resource sys_time };
-allow chronyd_t self:process { getcap setcap setrlimit };
-allow chronyd_t self:shm create_shm_perms;
-allow chronyd_t self:udp_socket create_socket_perms;
-allow chronyd_t self:unix_dgram_socket create_socket_perms;
-
-allow chronyd_t chronyd_keys_t:file read_file_perms;
-
-manage_dirs_pattern(chronyd_t, chronyd_tmpfs_t, chronyd_tmpfs_t)
-manage_files_pattern(chronyd_t, chronyd_tmpfs_t, chronyd_tmpfs_t)
-fs_tmpfs_filetrans(chronyd_t, chronyd_tmpfs_t, { dir file })
-
-manage_files_pattern(chronyd_t, chronyd_var_lib_t, chronyd_var_lib_t)
-manage_dirs_pattern(chronyd_t, chronyd_var_lib_t, chronyd_var_lib_t)
-manage_sock_files_pattern(chronyd_t, chronyd_var_lib_t, chronyd_var_lib_t)
-files_var_lib_filetrans(chronyd_t, chronyd_var_lib_t, { file dir })
-
-manage_files_pattern(chronyd_t, chronyd_var_log_t, chronyd_var_log_t)
-manage_dirs_pattern(chronyd_t, chronyd_var_log_t, chronyd_var_log_t)
-logging_log_filetrans(chronyd_t, chronyd_var_log_t, { file dir })
-
-manage_files_pattern(chronyd_t, chronyd_var_run_t, chronyd_var_run_t)
-manage_dirs_pattern(chronyd_t, chronyd_var_run_t, chronyd_var_run_t)
-files_pid_filetrans(chronyd_t, chronyd_var_run_t, file)
-
-corenet_udp_bind_generic_node(chronyd_t)
-corenet_udp_bind_ntp_port(chronyd_t)
-# bind to udp/323
-corenet_udp_bind_chronyd_port(chronyd_t)
-
-# real time clock option
-dev_rw_realtime_clock(chronyd_t)
-
-auth_use_nsswitch(chronyd_t)
-
-logging_send_syslog_msg(chronyd_t)
-
-miscfiles_read_localization(chronyd_t)
-
-optional_policy(`
-	gpsd_rw_shm(chronyd_t)
-')
diff --git a/policy/modules/services/cipe.fc b/policy/modules/services/cipe.fc
deleted file mode 100644
index afcdf02..0000000
--- a/policy/modules/services/cipe.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-#
-# /usr
-#
-/usr/sbin/ciped.*	--	gen_context(system_u:object_r:ciped_exec_t,s0)
diff --git a/policy/modules/services/cipe.if b/policy/modules/services/cipe.if
deleted file mode 100644
index b5fd668..0000000
--- a/policy/modules/services/cipe.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>Encrypted tunnel daemon</summary>
diff --git a/policy/modules/services/cipe.te b/policy/modules/services/cipe.te
deleted file mode 100644
index 8e1ef38..0000000
--- a/policy/modules/services/cipe.te
+++ /dev/null
@@ -1,72 +0,0 @@
-policy_module(cipe, 1.5.0)
-
-########################################
-#
-# Declarations
-#
-
-type ciped_t;
-type ciped_exec_t;
-init_daemon_domain(ciped_t, ciped_exec_t)
-
-########################################
-#
-# Local policy
-#
-
-allow ciped_t self:capability { net_admin ipc_lock sys_tty_config };
-dontaudit ciped_t self:capability sys_tty_config;
-allow ciped_t self:process signal_perms;
-allow ciped_t self:fifo_file rw_fifo_file_perms;
-allow ciped_t self:unix_dgram_socket create_socket_perms;
-allow ciped_t self:unix_stream_socket create_socket_perms;
-allow ciped_t self:udp_socket create_socket_perms;
-
-kernel_read_kernel_sysctls(ciped_t)
-kernel_read_system_state(ciped_t)
-
-corecmd_exec_shell(ciped_t)
-corecmd_exec_bin(ciped_t)
-
-corenet_all_recvfrom_unlabeled(ciped_t)
-corenet_all_recvfrom_netlabel(ciped_t)
-corenet_udp_sendrecv_generic_if(ciped_t)
-corenet_udp_sendrecv_generic_node(ciped_t)
-corenet_udp_sendrecv_all_ports(ciped_t)
-corenet_udp_bind_generic_node(ciped_t)
-# cipe uses the afs3-bos port (udp 7007)
-corenet_udp_bind_afs_bos_port(ciped_t)
-corenet_sendrecv_afs_bos_server_packets(ciped_t)
-
-dev_read_sysfs(ciped_t)
-dev_read_rand(ciped_t)
-# for SSP
-dev_read_urand(ciped_t)
-
-domain_use_interactive_fds(ciped_t)
-
-files_read_etc_files(ciped_t)
-files_read_etc_runtime_files(ciped_t)
-files_dontaudit_search_var(ciped_t)
-
-fs_search_auto_mountpoints(ciped_t)
-
-logging_send_syslog_msg(ciped_t)
-
-miscfiles_read_localization(ciped_t)
-
-sysnet_read_config(ciped_t)
-
-userdom_dontaudit_use_unpriv_user_fds(ciped_t)
-
-optional_policy(`
-	nis_use_ypbind(ciped_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(ciped_t)
-')
-
-optional_policy(`
-	udev_read_db(ciped_t)
-')
diff --git a/policy/modules/services/clamav.fc b/policy/modules/services/clamav.fc
deleted file mode 100644
index e8e9a21..0000000
--- a/policy/modules/services/clamav.fc
+++ /dev/null
@@ -1,20 +0,0 @@
-/etc/clamav(/.*)?			gen_context(system_u:object_r:clamd_etc_t,s0)
-/etc/rc\.d/init\.d/clamd-wrapper --	gen_context(system_u:object_r:clamd_initrc_exec_t,s0)
-
-/usr/bin/clamscan		--	gen_context(system_u:object_r:clamscan_exec_t,s0)
-/usr/bin/clamdscan		--	gen_context(system_u:object_r:clamscan_exec_t,s0)
-/usr/bin/freshclam		--	gen_context(system_u:object_r:freshclam_exec_t,s0)
-
-/usr/sbin/clamd			--	gen_context(system_u:object_r:clamd_exec_t,s0)
-/usr/sbin/clamav-milter		--	gen_context(system_u:object_r:clamd_exec_t,s0)
-
-/var/clamav(/.*)?			gen_context(system_u:object_r:clamd_var_lib_t,s0)
-/var/lib/clamav(/.*)?			gen_context(system_u:object_r:clamd_var_lib_t,s0)
-/var/log/clamav.*			gen_context(system_u:object_r:clamd_var_log_t,s0)
-/var/log/clamav/freshclam.*	--	gen_context(system_u:object_r:freshclam_var_log_t,s0)
-/var/log/clamd.*			gen_context(system_u:object_r:clamd_var_log_t,s0)
-/var/run/amavis(d)?/clamd\.pid	--	gen_context(system_u:object_r:clamd_var_run_t,s0)
-/var/run/clamav.*			gen_context(system_u:object_r:clamd_var_run_t,s0)
-/var/run/clamd.*			gen_context(system_u:object_r:clamd_var_run_t,s0)
-/var/spool/amavisd/clamd\.sock	-s	gen_context(system_u:object_r:clamd_var_run_t,s0)
-/var/spool/MailScanner(/.*)?		gen_context(system_u:object_r:clamd_var_run_t,s0)
diff --git a/policy/modules/services/clamav.if b/policy/modules/services/clamav.if
deleted file mode 100644
index 01b02f3..0000000
--- a/policy/modules/services/clamav.if
+++ /dev/null
@@ -1,192 +0,0 @@
-## <summary>ClamAV Virus Scanner</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run clamd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`clamav_domtrans',`
-	gen_require(`
-		type clamd_t, clamd_exec_t;
-	')
-
-	domtrans_pattern($1, clamd_exec_t, clamd_t)
-')
-
-########################################
-## <summary>
-##	Connect to run clamd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`clamav_stream_connect',`
-	gen_require(`
-		type clamd_t, clamd_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, clamd_var_run_t, clamd_var_run_t, clamd_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to append
-##	to clamav log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`clamav_append_log',`
-	gen_require(`
-		type clamav_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 clamav_log_t:dir list_dir_perms;
-	append_files_pattern($1, clamav_log_t, clamav_log_t)
-')
-
-########################################
-## <summary>
-##	Read clamav configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`clamav_read_config',`
-	gen_require(`
-		type clamd_etc_t;
-	')
-
-	files_search_etc($1)
-	allow $1 clamd_etc_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Search clamav libraries directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`clamav_search_lib',`
-	gen_require(`
-		type clamd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 clamd_var_lib_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run clamscan.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`clamav_domtrans_clamscan',`
-	gen_require(`
-		type clamscan_t, clamscan_exec_t;
-	')
-
-	domtrans_pattern($1, clamscan_exec_t, clamscan_t)
-')
-
-########################################
-## <summary>
-##	Execute clamscan without a transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`clamav_exec_clamscan',`
-	gen_require(`
-		type clamscan_exec_t;
-	')
-
-	can_exec($1, clamscan_exec_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an clamav environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the clamav domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`clamav_admin',`
-	gen_require(`
-		type clamd_t, clamd_etc_t, clamd_tmp_t;
-		type clamd_var_log_t, clamd_var_lib_t, clamd_var_run_t;
-		type clamscan_t, clamscan_tmp_t, clamd_initrc_exec_t;
-		type freshclam_t, freshclam_var_log_t;
-	')
-
-	allow $1 clamd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, clamd_t)
-
-	allow $1 clamscan_t:process { ptrace signal_perms };
-	ps_process_pattern($1, clamscan_t)
-
-	allow $1 freshclam_t:process { ptrace signal_perms };
-	ps_process_pattern($1, freshclam_t)
-
-	init_labeled_script_domtrans($1, clamd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 clamd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, clamd_etc_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, clamd_var_lib_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, clamd_var_log_t)
-
-	files_list_pids($1)
-	admin_pattern($1, clamd_var_run_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, clamd_tmp_t)
-
-	admin_pattern($1, clamscan_tmp_t)
-
-	admin_pattern($1, freshclam_var_log_t)
-')
diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te
deleted file mode 100644
index 532fa91..0000000
--- a/policy/modules/services/clamav.te
+++ /dev/null
@@ -1,291 +0,0 @@
-policy_module(clamav, 1.8.1)
-
-## <desc>
-##	<p>
-##	Allow clamd to use JIT compiler
-##	</p>
-## </desc>
-gen_tunable(clamd_use_jit, false)
-
-########################################
-#
-# Declarations
-#
-
-# Main clamd domain
-type clamd_t;
-type clamd_exec_t;
-init_daemon_domain(clamd_t, clamd_exec_t)
-
-# configuration files
-type clamd_etc_t;
-files_config_file(clamd_etc_t)
-
-type clamd_initrc_exec_t;
-init_script_file(clamd_initrc_exec_t)
-
-# tmp files
-type clamd_tmp_t;
-files_tmp_file(clamd_tmp_t)
-
-# log files
-type clamd_var_log_t;
-logging_log_file(clamd_var_log_t)
-
-# var/lib files
-type clamd_var_lib_t;
-files_type(clamd_var_lib_t)
-
-# pid files
-type clamd_var_run_t;
-files_pid_file(clamd_var_run_t)
-typealias clamd_var_run_t alias clamd_sock_t;
-
-type clamscan_t;
-type clamscan_exec_t;
-init_daemon_domain(clamscan_t, clamscan_exec_t)
-
-# tmp files
-type clamscan_tmp_t;
-files_tmp_file(clamscan_tmp_t)
-
-type freshclam_t;
-type freshclam_exec_t;
-init_daemon_domain(freshclam_t, freshclam_exec_t)
-
-# log files
-type freshclam_var_log_t;
-logging_log_file(freshclam_var_log_t)
-
-########################################
-#
-# clamd local policy
-#
-
-allow clamd_t self:capability { kill setgid setuid dac_override };
-dontaudit clamd_t self:capability sys_tty_config;
-allow clamd_t self:process signal;
-
-allow clamd_t self:fifo_file rw_fifo_file_perms;
-allow clamd_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow clamd_t self:unix_dgram_socket create_socket_perms;
-allow clamd_t self:tcp_socket { listen accept };
-
-# configuration files
-allow clamd_t clamd_etc_t:dir list_dir_perms;
-read_files_pattern(clamd_t, clamd_etc_t, clamd_etc_t)
-read_lnk_files_pattern(clamd_t, clamd_etc_t, clamd_etc_t)
-
-# tmp files
-manage_dirs_pattern(clamd_t, clamd_tmp_t, clamd_tmp_t)
-manage_files_pattern(clamd_t, clamd_tmp_t, clamd_tmp_t)
-files_tmp_filetrans(clamd_t, clamd_tmp_t, { file dir })
-
-# var/lib files for clamd
-manage_sock_files_pattern(clamd_t, clamd_var_lib_t, clamd_var_lib_t)
-manage_dirs_pattern(clamd_t, clamd_var_lib_t, clamd_var_lib_t)
-manage_files_pattern(clamd_t, clamd_var_lib_t, clamd_var_lib_t)
-
-# log files
-manage_dirs_pattern(clamd_t, clamd_var_log_t, clamd_var_log_t)
-manage_files_pattern(clamd_t, clamd_var_log_t, clamd_var_log_t)
-logging_log_filetrans(clamd_t, clamd_var_log_t, { dir file })
-
-# pid file
-manage_dirs_pattern(clamd_t, clamd_var_run_t, clamd_var_run_t)
-manage_files_pattern(clamd_t, clamd_var_run_t, clamd_var_run_t)
-manage_sock_files_pattern(clamd_t, clamd_var_run_t, clamd_var_run_t)
-files_pid_filetrans(clamd_t, clamd_var_run_t, { sock_file file dir })
-
-kernel_dontaudit_list_proc(clamd_t)
-kernel_read_sysctl(clamd_t)
-kernel_read_kernel_sysctls(clamd_t)
-kernel_read_system_state(clamd_t)
-
-corecmd_exec_shell(clamd_t)
-
-corenet_all_recvfrom_unlabeled(clamd_t)
-corenet_all_recvfrom_netlabel(clamd_t)
-corenet_tcp_sendrecv_generic_if(clamd_t)
-corenet_tcp_sendrecv_generic_node(clamd_t)
-corenet_tcp_sendrecv_all_ports(clamd_t)
-corenet_tcp_sendrecv_clamd_port(clamd_t)
-corenet_tcp_bind_generic_node(clamd_t)
-corenet_tcp_bind_clamd_port(clamd_t)
-corenet_tcp_bind_generic_port(clamd_t)
-corenet_tcp_connect_generic_port(clamd_t)
-corenet_sendrecv_clamd_server_packets(clamd_t)
-
-dev_read_rand(clamd_t)
-dev_read_urand(clamd_t)
-
-domain_use_interactive_fds(clamd_t)
-
-files_read_etc_files(clamd_t)
-files_read_etc_runtime_files(clamd_t)
-files_search_spool(clamd_t)
-
-auth_use_nsswitch(clamd_t)
-
-logging_send_syslog_msg(clamd_t)
-
-miscfiles_read_localization(clamd_t)
-
-cron_use_fds(clamd_t)
-cron_use_system_job_fds(clamd_t)
-cron_rw_pipes(clamd_t)
-
-mta_read_config(clamd_t)
-mta_send_mail(clamd_t)
-
-optional_policy(`
-	amavis_read_lib_files(clamd_t)
-	amavis_read_spool_files(clamd_t)
-	amavis_spool_filetrans(clamd_t, clamd_var_run_t, sock_file)
-	amavis_create_pid_files(clamd_t)
-')
-
-optional_policy(`
-	exim_read_spool_files(clamd_t)
-')
-
-tunable_policy(`clamd_use_jit',`
-	allow clamd_t self:process execmem;
-	allow clamscan_t self:process execmem;
-',`
-	dontaudit clamd_t self:process execmem;
-	dontaudit clamscan_t self:process execmem;
-')
-
-########################################
-#
-# Freshclam local policy
-#
-
-allow freshclam_t self:capability { setgid setuid dac_override };
-allow freshclam_t self:fifo_file rw_fifo_file_perms;
-allow freshclam_t self:unix_stream_socket create_stream_socket_perms;
-allow freshclam_t self:unix_dgram_socket create_socket_perms;
-allow freshclam_t self:tcp_socket { listen accept };
-
-# configuration files
-allow freshclam_t clamd_etc_t:dir list_dir_perms;
-read_files_pattern(freshclam_t, clamd_etc_t, clamd_etc_t)
-read_lnk_files_pattern(freshclam_t, clamd_etc_t, clamd_etc_t)
-
-# var/lib files together with clamd
-manage_dirs_pattern(freshclam_t, clamd_var_lib_t, clamd_var_lib_t)
-manage_files_pattern(freshclam_t, clamd_var_lib_t, clamd_var_lib_t)
-
-# pidfiles- var/run together with clamd
-manage_files_pattern(freshclam_t, clamd_var_run_t, clamd_var_run_t)
-manage_sock_files_pattern(freshclam_t, clamd_var_run_t, clamd_var_run_t)
-files_pid_filetrans(freshclam_t, clamd_var_run_t, file)
-
-# log files (own logfiles only)
-manage_files_pattern(freshclam_t, freshclam_var_log_t, freshclam_var_log_t)
-allow freshclam_t freshclam_var_log_t:dir setattr_dir_perms;
-read_files_pattern(freshclam_t, clamd_var_log_t, clamd_var_log_t)
-logging_log_filetrans(freshclam_t, freshclam_var_log_t, file)
-
-kernel_read_kernel_sysctls(freshclam_t)
-kernel_read_system_state(freshclam_t)
-
-corecmd_exec_shell(freshclam_t)
-corecmd_exec_bin(freshclam_t)
-
-corenet_all_recvfrom_unlabeled(freshclam_t)
-corenet_all_recvfrom_netlabel(freshclam_t)
-corenet_tcp_sendrecv_generic_if(freshclam_t)
-corenet_tcp_sendrecv_generic_node(freshclam_t)
-corenet_tcp_sendrecv_all_ports(freshclam_t)
-corenet_tcp_sendrecv_clamd_port(freshclam_t)
-corenet_tcp_connect_http_port(freshclam_t)
-corenet_tcp_connect_clamd_port(freshclam_t)
-corenet_sendrecv_http_client_packets(freshclam_t)
-
-dev_read_rand(freshclam_t)
-dev_read_urand(freshclam_t)
-
-domain_use_interactive_fds(freshclam_t)
-
-files_read_etc_files(freshclam_t)
-files_read_etc_runtime_files(freshclam_t)
-
-auth_use_nsswitch(freshclam_t)
-
-logging_send_syslog_msg(freshclam_t)
-
-miscfiles_read_localization(freshclam_t)
-
-clamav_stream_connect(freshclam_t)
-
-userdom_stream_connect(freshclam_t)
-
-tunable_policy(`clamd_use_jit',`
-	allow freshclam_t self:process execmem;
-',`
-	dontaudit freshclam_t self:process execmem;
-')
-
-optional_policy(`
-	cron_system_entry(freshclam_t, freshclam_exec_t)
-')
-
-########################################
-#
-# clamscam local policy
-#
-
-allow clamscan_t self:capability { setgid setuid dac_override };
-allow clamscan_t self:fifo_file rw_file_perms;
-allow clamscan_t self:unix_stream_socket create_stream_socket_perms;
-allow clamscan_t self:unix_dgram_socket create_socket_perms;
-allow clamscan_t self:tcp_socket create_stream_socket_perms;
-
-# configuration files
-allow clamscan_t clamd_etc_t:dir list_dir_perms;
-read_files_pattern(clamscan_t, clamd_etc_t, clamd_etc_t)
-read_lnk_files_pattern(clamscan_t, clamd_etc_t, clamd_etc_t)
-
-# tmp files
-manage_dirs_pattern(clamscan_t, clamscan_tmp_t, clamscan_tmp_t)
-manage_files_pattern(clamscan_t, clamscan_tmp_t, clamscan_tmp_t)
-files_tmp_filetrans(clamscan_t, clamscan_tmp_t, { file dir })
-
-# var/lib files together with clamd
-manage_files_pattern(clamscan_t, clamd_var_lib_t, clamd_var_lib_t)
-allow clamscan_t clamd_var_lib_t:dir list_dir_perms;
-
-corenet_all_recvfrom_unlabeled(clamscan_t)
-corenet_all_recvfrom_netlabel(clamscan_t)
-corenet_tcp_sendrecv_generic_if(clamscan_t)
-corenet_tcp_sendrecv_generic_node(clamscan_t)
-corenet_tcp_sendrecv_all_ports(clamscan_t)
-corenet_tcp_sendrecv_clamd_port(clamscan_t)
-corenet_tcp_connect_clamd_port(clamscan_t)
-
-kernel_read_kernel_sysctls(clamscan_t)
-kernel_read_system_state(clamscan_t)
-
-files_read_etc_files(clamscan_t)
-files_read_etc_runtime_files(clamscan_t)
-files_search_var_lib(clamscan_t)
-
-init_read_utmp(clamscan_t)
-init_dontaudit_write_utmp(clamscan_t)
-
-miscfiles_read_localization(clamscan_t)
-miscfiles_read_public_files(clamscan_t)
-
-clamav_stream_connect(clamscan_t)
-
-mta_send_mail(clamscan_t)
-
-optional_policy(`
-	amavis_read_spool_files(clamscan_t)
-')
-
-optional_policy(`
-	apache_read_sys_content(clamscan_t)
-')
diff --git a/policy/modules/services/clockspeed.fc b/policy/modules/services/clockspeed.fc
deleted file mode 100644
index a7aa385..0000000
--- a/policy/modules/services/clockspeed.fc
+++ /dev/null
@@ -1,14 +0,0 @@
-
-#
-# /usr
-#
-/usr/bin/clockadd	--	gen_context(system_u:object_r:clockspeed_cli_exec_t,s0)
-/usr/bin/clockspeed	--	gen_context(system_u:object_r:clockspeed_srv_exec_t,s0)
-/usr/bin/sntpclock	--	gen_context(system_u:object_r:clockspeed_cli_exec_t,s0)
-/usr/bin/taiclock	--	gen_context(system_u:object_r:clockspeed_cli_exec_t,s0)
-/usr/bin/taiclockd	--	gen_context(system_u:object_r:clockspeed_srv_exec_t,s0)
-
-#
-# /var
-#
-/var/lib/clockspeed(/.*)?	gen_context(system_u:object_r:clockspeed_var_lib_t,s0)
diff --git a/policy/modules/services/clockspeed.if b/policy/modules/services/clockspeed.if
deleted file mode 100644
index 0797617..0000000
--- a/policy/modules/services/clockspeed.if
+++ /dev/null
@@ -1,44 +0,0 @@
-## <summary>Clockspeed simple network time protocol client</summary>
-
-########################################
-## <summary>
-##	Execute clockspeed utilities in the clockspeed_cli domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`clockspeed_domtrans_cli',`
-	gen_require(`
-		type clockspeed_cli_t, clockspeed_cli_exec_t;
-	')
-
-	domtrans_pattern($1, clockspeed_cli_exec_t, clockspeed_cli_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified role the clockspeed_cli domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`clockspeed_run_cli',`
-	gen_require(`
-		type clockspeed_cli_t;
-	')
-
-	role $2 types clockspeed_cli_t;
-	clockspeed_domtrans_cli($1)
-')
diff --git a/policy/modules/services/clockspeed.te b/policy/modules/services/clockspeed.te
deleted file mode 100644
index b40f3f7..0000000
--- a/policy/modules/services/clockspeed.te
+++ /dev/null
@@ -1,72 +0,0 @@
-policy_module(clockspeed, 1.5.0)
-
-########################################
-#
-# Declarations
-#
-
-type clockspeed_cli_t;
-type clockspeed_cli_exec_t;
-application_domain(clockspeed_cli_t, clockspeed_cli_exec_t)
-
-type clockspeed_srv_t;
-type clockspeed_srv_exec_t;
-init_daemon_domain(clockspeed_srv_t, clockspeed_srv_exec_t)
-
-type clockspeed_var_lib_t;
-files_type(clockspeed_var_lib_t)
-
-########################################
-#
-# Client local policy
-#
-
-allow clockspeed_cli_t self:capability sys_time;
-allow clockspeed_cli_t self:udp_socket create_socket_perms;
-
-read_files_pattern(clockspeed_cli_t, clockspeed_var_lib_t, clockspeed_var_lib_t)
-
-corenet_all_recvfrom_unlabeled(clockspeed_cli_t)
-corenet_all_recvfrom_netlabel(clockspeed_cli_t)
-corenet_udp_sendrecv_generic_if(clockspeed_cli_t)
-corenet_udp_sendrecv_generic_node(clockspeed_cli_t)
-corenet_udp_sendrecv_ntp_port(clockspeed_cli_t)
-corenet_sendrecv_ntp_client_packets(clockspeed_cli_t)
-
-files_list_var_lib(clockspeed_cli_t)
-files_read_etc_files(clockspeed_cli_t)
-
-miscfiles_read_localization(clockspeed_cli_t)
-
-userdom_use_user_terminals(clockspeed_cli_t)
-
-########################################
-#
-# Server local policy
-#
-
-allow clockspeed_srv_t self:capability { sys_time net_bind_service };
-allow clockspeed_srv_t self:udp_socket create_socket_perms;
-allow clockspeed_srv_t self:unix_dgram_socket create_socket_perms;
-allow clockspeed_srv_t self:unix_stream_socket create_socket_perms;
-
-manage_files_pattern(clockspeed_srv_t, clockspeed_var_lib_t, clockspeed_var_lib_t)
-manage_fifo_files_pattern(clockspeed_srv_t, clockspeed_var_lib_t, clockspeed_var_lib_t)
-
-corenet_all_recvfrom_unlabeled(clockspeed_srv_t)
-corenet_all_recvfrom_netlabel(clockspeed_srv_t)
-corenet_udp_sendrecv_generic_if(clockspeed_srv_t)
-corenet_udp_sendrecv_generic_node(clockspeed_srv_t)
-corenet_udp_sendrecv_ntp_port(clockspeed_srv_t)
-corenet_udp_bind_generic_node(clockspeed_srv_t)
-corenet_udp_bind_clockspeed_port(clockspeed_srv_t)
-corenet_sendrecv_clockspeed_server_packets(clockspeed_srv_t)
-
-files_read_etc_files(clockspeed_srv_t)
-files_list_var_lib(clockspeed_srv_t)
-
-miscfiles_read_localization(clockspeed_srv_t)
-
-optional_policy(`
-	daemontools_service_domain(clockspeed_srv_t, clockspeed_srv_exec_t)
-')
diff --git a/policy/modules/services/clogd.fc b/policy/modules/services/clogd.fc
deleted file mode 100644
index 6793948..0000000
--- a/policy/modules/services/clogd.fc
+++ /dev/null
@@ -1,3 +0,0 @@
-/usr/sbin/clogd			--	gen_context(system_u:object_r:clogd_exec_t,s0)
-
-/var/run/clogd\.pid		--	gen_context(system_u:object_r:clogd_var_run_t,s0)
diff --git a/policy/modules/services/clogd.if b/policy/modules/services/clogd.if
deleted file mode 100644
index e438c5f..0000000
--- a/policy/modules/services/clogd.if
+++ /dev/null
@@ -1,79 +0,0 @@
-## <summary>clogd - Clustered Mirror Log Server</summary>
-
-######################################
-## <summary>
-##	Execute a domain transition to run clogd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`clogd_domtrans',`
-	gen_require(`
-		type clogd_t, clogd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, clogd_exec_t, clogd_t)
-')
-
-#####################################
-## <summary>
-##	Connect to clogd over a unix domain
-##	stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`clogd_stream_connect',`
-	gen_require(`
-		type clogd_t, clogd_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, clogd_var_run_t, clogd_var_run_t, clogd_t)
-')
-
-#####################################
-## <summary>
-##	Allow read and write access to clogd semaphores.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`clogd_rw_semaphores',`
-	gen_require(`
-		type clogd_t;
-	')
-
-	allow $1 clogd_t:sem rw_sem_perms;
-')
-
-########################################
-## <summary>
-##	Read and write to group shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`clogd_rw_shm',`
-	gen_require(`
-		type clogd_t, clogd_tmpfs_t;
-	')
-
-	allow $1 clogd_t:shm rw_shm_perms;
-	allow $1 clogd_tmpfs_t:dir list_dir_perms;
-	rw_files_pattern($1, clogd_tmpfs_t, clogd_tmpfs_t)
-	fs_search_tmpfs($1)
-')
diff --git a/policy/modules/services/clogd.te b/policy/modules/services/clogd.te
deleted file mode 100644
index d10acd2..0000000
--- a/policy/modules/services/clogd.te
+++ /dev/null
@@ -1,53 +0,0 @@
-policy_module(clogd, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type clogd_t;
-type clogd_exec_t;
-init_daemon_domain(clogd_t, clogd_exec_t)
-
-type clogd_tmpfs_t;
-files_tmpfs_file(clogd_tmpfs_t)
-
-# pid files
-type clogd_var_run_t;
-files_pid_file(clogd_var_run_t)
-
-########################################
-#
-# clogd local policy
-#
-
-allow clogd_t self:capability { net_admin mknod };
-allow clogd_t self:process signal;
-allow clogd_t self:sem create_sem_perms;
-allow clogd_t self:shm create_shm_perms;
-allow clogd_t self:netlink_socket create_socket_perms;
-allow clogd_t self:unix_dgram_socket create_socket_perms;
-
-manage_dirs_pattern(clogd_t, clogd_tmpfs_t, clogd_tmpfs_t)
-manage_files_pattern(clogd_t, clogd_tmpfs_t, clogd_tmpfs_t)
-fs_tmpfs_filetrans(clogd_t, clogd_tmpfs_t, { dir file })
-
-# pid files
-manage_files_pattern(clogd_t, clogd_var_run_t, clogd_var_run_t)
-manage_sock_files_pattern(clogd_t, clogd_var_run_t, clogd_var_run_t)
-files_pid_filetrans(clogd_t, clogd_var_run_t, file)
-
-dev_read_lvm_control(clogd_t)
-dev_manage_generic_blk_files(clogd_t)
-
-storage_raw_read_fixed_disk(clogd_t)
-storage_raw_write_fixed_disk(clogd_t)
-
-logging_send_syslog_msg(clogd_t)
-
-miscfiles_read_localization(clogd_t)
-
-optional_policy(`
-	aisexec_stream_connect(clogd_t)
-	corosync_stream_connect(clogd_t)
-')
diff --git a/policy/modules/services/cmirrord.fc b/policy/modules/services/cmirrord.fc
deleted file mode 100644
index e500fa5..0000000
--- a/policy/modules/services/cmirrord.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-
-/etc/rc\.d/init\.d/cmirrord	--	gen_context(system_u:object_r:cmirrord_initrc_exec_t,s0)
-
-/usr/sbin/cmirrord		--	gen_context(system_u:object_r:cmirrord_exec_t,s0)
-
-/var/run/cmirrord\.pid		--	gen_context(system_u:object_r:cmirrord_var_run_t,s0)
diff --git a/policy/modules/services/cmirrord.if b/policy/modules/services/cmirrord.if
deleted file mode 100644
index 756ac91..0000000
--- a/policy/modules/services/cmirrord.if
+++ /dev/null
@@ -1,113 +0,0 @@
-## <summary>policy for cmirrord</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run cmirrord.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`cmirrord_domtrans',`
-	gen_require(`
-		type cmirrord_t, cmirrord_exec_t;
-	')
-
-	domtrans_pattern($1, cmirrord_exec_t, cmirrord_t)
-')
-
-########################################
-## <summary>
-##	Execute cmirrord server in the cmirrord domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cmirrord_initrc_domtrans',`
-	gen_require(`
-		type cmirrord_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, cmirrord_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Read cmirrord PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cmirrord_read_pid_files',`
-	gen_require(`
-		type cmirrord_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 cmirrord_var_run_t:file read_file_perms;
-')
-
-#######################################
-## <summary>
-##	Read and write to cmirrord shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cmirrord_rw_shm',`
-	gen_require(`
-		type cmirrord_t, cmirrord_tmpfs_t;
-	')
-
-	allow $1 cmirrord_t:shm { rw_shm_perms destroy };
-	allow $1 cmirrord_tmpfs_t:dir list_dir_perms;
-	rw_files_pattern($1, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
-	delete_files_pattern($1, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
-	read_lnk_files_pattern($1, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
-	fs_search_tmpfs($1)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an cmirrord environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`cmirrord_admin',`
-	gen_require(`
-		type cmirrord_t, cmirrord_initrc_exec_t, cmirrord_var_run_t;
-	')
-
-	allow $1 cmirrord_t:process { ptrace signal_perms };
-	ps_process_pattern($1, cmirrord_t)
-
-	cmirrord_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 cmirrord_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_pids($1)
-	admin_pattern($1, cmirrord_var_run_t)
-')
diff --git a/policy/modules/services/cmirrord.te b/policy/modules/services/cmirrord.te
deleted file mode 100644
index a2c7134..0000000
--- a/policy/modules/services/cmirrord.te
+++ /dev/null
@@ -1,53 +0,0 @@
-policy_module(cmirrord, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type cmirrord_t;
-type cmirrord_exec_t;
-init_daemon_domain(cmirrord_t, cmirrord_exec_t)
-
-type cmirrord_initrc_exec_t;
-init_script_file(cmirrord_initrc_exec_t)
-
-type cmirrord_tmpfs_t;
-files_tmpfs_file(cmirrord_tmpfs_t)
-
-type cmirrord_var_run_t;
-files_pid_file(cmirrord_var_run_t)
-
-########################################
-#
-# cmirrord local policy
-#
-
-allow cmirrord_t self:capability { net_admin kill };
-dontaudit cmirrord_t self:capability sys_tty_config;
-allow cmirrord_t self:process signal;
-allow cmirrord_t self:fifo_file rw_fifo_file_perms;
-allow cmirrord_t self:sem create_sem_perms;
-allow cmirrord_t self:shm create_shm_perms;
-allow cmirrord_t self:netlink_socket create_socket_perms;
-allow cmirrord_t self:unix_stream_socket create_stream_socket_perms;
-
-manage_dirs_pattern(cmirrord_t, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
-manage_files_pattern(cmirrord_t, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
-fs_tmpfs_filetrans(cmirrord_t, cmirrord_tmpfs_t, { dir file })
-
-manage_dirs_pattern(cmirrord_t, cmirrord_var_run_t, cmirrord_var_run_t)
-manage_files_pattern(cmirrord_t, cmirrord_var_run_t, cmirrord_var_run_t)
-files_pid_filetrans(cmirrord_t, cmirrord_var_run_t, file)
-
-domain_use_interactive_fds(cmirrord_t)
-
-files_read_etc_files(cmirrord_t)
-
-logging_send_syslog_msg(cmirrord_t)
-
-miscfiles_read_localization(cmirrord_t)
-
-optional_policy(`
-	corosync_stream_connect(cmirrord_t)
-')
diff --git a/policy/modules/services/cobbler.fc b/policy/modules/services/cobbler.fc
deleted file mode 100644
index 90c60df..0000000
--- a/policy/modules/services/cobbler.fc
+++ /dev/null
@@ -1,32 +0,0 @@
-
-/etc/cobbler(/.*)?					gen_context(system_u:object_r:cobbler_etc_t,s0)
-
-/etc/rc\.d/init\.d/cobblerd			--	gen_context(system_u:object_r:cobblerd_initrc_exec_t,s0)
-
-/usr/bin/cobblerd				--      gen_context(system_u:object_r:cobblerd_exec_t,s0)
-
-/var/lib/cobbler(/.*)?					gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-
-/var/lib/tftpboot/etc(/.*)?				gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-/var/lib/tftpboot/images(/.*)?                        	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-/var/lib/tftpboot/memdisk			--      gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-/var/lib/tftpboot/menu\.c32			--      gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-/var/lib/tftpboot/ppc(/.*)?				gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-/var/lib/tftpboot/pxelinux\.0			--	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-/var/lib/tftpboot/pxelinux\.cfg(/.*)?			gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-/var/lib/tftpboot/s390x(/.*)?				gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-/var/lib/tftpboot/yaboot			--      gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-
-/var/log/cobbler(/.*)?					gen_context(system_u:object_r:cobbler_var_log_t,s0)
-
-# This should removable when cobbler package installs /var/www/cobbler/rendered
-/var/www/cobbler(/.*)?					gen_context(system_u:object_r:httpd_cobbler_content_t,s0)
-
-/var/www/cobbler/images(/.*)?				gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-/var/www/cobbler/ks_mirror(/.*)?			gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-/var/www/cobbler/links(/.*)?				gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-/var/www/cobbler/localmirror(/.*)?			gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-/var/www/cobbler/pub(/.*)?				gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-/var/www/cobbler/rendered(/.*)?				gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-/var/www/cobbler/repo_mirror(/.*)?			gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-
diff --git a/policy/modules/services/cobbler.if b/policy/modules/services/cobbler.if
deleted file mode 100644
index e3787fb..0000000
--- a/policy/modules/services/cobbler.if
+++ /dev/null
@@ -1,218 +0,0 @@
-## <summary>Cobbler installation server.</summary>
-## <desc>
-##	<p>
-##	Cobbler is a Linux installation server that allows for
-##	rapid setup of network installation environments. It
-##	glues together and automates many associated Linux
-##	tasks so you do not have to hop between lots of various
-##	commands and applications when rolling out new systems,
-##	and, in some cases, changing existing ones.
-##	</p>
-## </desc>
-
-########################################
-## <summary>
-##	Execute a domain transition to run cobblerd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`cobblerd_domtrans',`
-	gen_require(`
-		type cobblerd_t, cobblerd_exec_t;
-	')
-
-	domtrans_pattern($1, cobblerd_exec_t, cobblerd_t)
-	corecmd_search_bin($1)
-')
-
-########################################
-## <summary>
-##	Execute cobblerd server in the cobblerd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`cobblerd_initrc_domtrans',`
-	gen_require(`
-		type cobblerd_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, cobblerd_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	List Cobbler configuration.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cobbler_list_config',`
-	gen_require(`
-		type cobbler_etc_t;
-	')
-
-	list_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
-	files_search_etc($1)
-')
-
-########################################
-## <summary>
-##	Read Cobbler configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`cobbler_read_config',`
-	gen_require(`
-		type cobbler_etc_t;
-	')
-
-	read_files_pattern($1, cobbler_etc_t, cobbler_etc_t)
-	files_search_etc($1)
-')
-
-########################################
-## <summary>
-##	Search cobbler dirs in /var/lib
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cobbler_search_lib',`
-	gen_require(`
-		type cobbler_var_lib_t;
-	')
-
-	search_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
-	read_lnk_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Read cobbler files in /var/lib
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cobbler_read_lib_files',`
-	gen_require(`
-		type cobbler_var_lib_t;
-	')
-
-	read_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
-	read_lnk_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Manage cobbler files in /var/lib
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cobbler_manage_lib_files',`
-	gen_require(`
-		type cobbler_var_lib_t;
-	')
-
-	manage_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
-	manage_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
-	manage_lnk_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write
-##	Cobbler log files (leaked fd).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`cobbler_dontaudit_rw_log',`
-	gen_require(`
-		type cobbler_var_log_t;
-	')
-
-	dontaudit $1 cobbler_var_log_t:file rw_inherited_file_perms;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an cobblerd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`cobblerd_admin',`
-	gen_require(`
-		type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t;
-		type cobbler_etc_t, cobblerd_initrc_exec_t, httpd_cobbler_content_t;
-		type httpd_cobbler_content_ra_t, httpd_cobbler_content_rw_t;
-	')
-
-	allow $1 cobblerd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, cobblerd_t)
-
-	files_list_etc($1)
-	admin_pattern($1, cobbler_etc_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, cobbler_var_lib_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, cobbler_var_log_t)
-
-	apache_list_sys_content($1)
-	admin_pattern($1, httpd_cobbler_content_t)
-	admin_pattern($1, httpd_cobbler_content_ra_t)
-	admin_pattern($1, httpd_cobbler_content_rw_t)
-
-	cobblerd_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 cobblerd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	optional_policy(`
-		# traverse /var/lib/tftpdir to get to cobbler_var_lib_t there.
-		tftp_search_rw_content($1)
-	')
-')
diff --git a/policy/modules/services/cobbler.te b/policy/modules/services/cobbler.te
deleted file mode 100644
index c4d678b..0000000
--- a/policy/modules/services/cobbler.te
+++ /dev/null
@@ -1,235 +0,0 @@
-policy_module(cobbler, 1.1.0)
-
-########################################
-#
-# Cobbler personal declarations.
-#
-
-## <desc>
-##	<p>
-##	Allow Cobbler to modify public files
-##	used for public file transfer services.
-##	</p>
-## </desc>
-gen_tunable(cobbler_anon_write, false)
-
-## <desc>
-##	<p>
-##	Allow Cobbler to connect to the
-##	network using TCP.
-##	</p>
-## </desc>
-gen_tunable(cobbler_can_network_connect, false)
-
-## <desc>
-##	<p>
-##	Allow Cobbler to access cifs file systems.
-##	</p>
-## </desc>
-gen_tunable(cobbler_use_cifs, false)
-
-## <desc>
-##	<p>
-##	Allow Cobbler to access nfs file systems.
-##	</p>
-## </desc>
-gen_tunable(cobbler_use_nfs, false)
-
-type cobblerd_t;
-type cobblerd_exec_t;
-init_daemon_domain(cobblerd_t, cobblerd_exec_t)
-
-type cobblerd_initrc_exec_t;
-init_script_file(cobblerd_initrc_exec_t)
-
-type cobbler_etc_t;
-files_config_file(cobbler_etc_t)
-
-type cobbler_var_log_t;
-logging_log_file(cobbler_var_log_t)
-
-type cobbler_var_lib_t alias cobbler_content_t;
-files_type(cobbler_var_lib_t)
-
-type cobbler_tmp_t;
-files_tmp_file(cobbler_tmp_t)
-
-########################################
-#
-# Cobbler personal policy.
-#
-
-allow cobblerd_t self:capability { chown dac_override fowner fsetid sys_nice };
-dontaudit cobblerd_t self:capability { sys_ptrace sys_tty_config };
-
-allow cobblerd_t self:process { getsched setsched signal };
-allow cobblerd_t self:fifo_file rw_fifo_file_perms;
-allow cobblerd_t self:netlink_route_socket create_netlink_socket_perms;
-allow cobblerd_t self:tcp_socket create_stream_socket_perms;
-allow cobblerd_t self:udp_socket create_socket_perms;
-allow cobblerd_t self:unix_dgram_socket create_socket_perms;
-
-list_dirs_pattern(cobblerd_t, cobbler_etc_t, cobbler_etc_t)
-read_files_pattern(cobblerd_t, cobbler_etc_t, cobbler_etc_t)
-
-# Something that runs in the cobberd_t domain tries to relabelfrom cobbler_var_lib_t dir to httpd_sys_content_t.
-dontaudit cobblerd_t cobbler_var_lib_t:dir relabel_dir_perms;
-
-manage_dirs_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t)
-manage_files_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t)
-manage_lnk_files_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t)
-files_var_lib_filetrans(cobblerd_t, cobbler_var_lib_t, { dir file lnk_file })
-
-# Something really needs to write to cobbler.log. Ideally this should not be happening.
-allow cobblerd_t cobbler_var_log_t:file write;
-
-append_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t)
-create_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t)
-read_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t)
-setattr_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t)
-logging_log_filetrans(cobblerd_t, cobbler_var_log_t, file)
-
-manage_dirs_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t)
-manage_files_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t)
-files_tmp_filetrans(cobblerd_t, cobbler_tmp_t, { dir file })
-
-kernel_read_system_state(cobblerd_t)
-kernel_dontaudit_search_network_state(cobblerd_t)
-
-corecmd_exec_bin(cobblerd_t)
-corecmd_exec_shell(cobblerd_t)
-
-corenet_all_recvfrom_netlabel(cobblerd_t)
-corenet_all_recvfrom_unlabeled(cobblerd_t)
-corenet_sendrecv_cobbler_server_packets(cobblerd_t)
-corenet_tcp_bind_cobbler_port(cobblerd_t)
-corenet_tcp_bind_generic_node(cobblerd_t)
-corenet_tcp_sendrecv_generic_if(cobblerd_t)
-corenet_tcp_sendrecv_generic_node(cobblerd_t)
-corenet_tcp_sendrecv_generic_port(cobblerd_t)
-corenet_tcp_sendrecv_cobbler_port(cobblerd_t)
-# sync and rsync to ftp and http are permitted by default, for any other media use cobbler_can_network_connect.
-corenet_tcp_connect_ftp_port(cobblerd_t)
-corenet_tcp_sendrecv_ftp_port(cobblerd_t)
-corenet_sendrecv_ftp_client_packets(cobblerd_t)
-corenet_tcp_connect_http_port(cobblerd_t)
-corenet_tcp_sendrecv_http_port(cobblerd_t)
-corenet_sendrecv_http_client_packets(cobblerd_t)
-
-dev_read_urand(cobblerd_t)
-
-domain_dontaudit_exec_all_entry_files(cobblerd_t)
-domain_dontaudit_read_all_domains_state(cobblerd_t)
-
-files_read_etc_files(cobblerd_t)
-# mtab
-files_read_etc_runtime_files(cobblerd_t)
-files_read_usr_files(cobblerd_t)
-files_list_boot(cobblerd_t)
-files_read_boot_files(cobblerd_t)
-files_list_tmp(cobblerd_t)
-
-# read from mounted images (install media)
-fs_read_iso9660_files(cobblerd_t)
-
-init_dontaudit_read_all_script_files(cobblerd_t)
-
-term_use_console(cobblerd_t)
-
-miscfiles_read_localization(cobblerd_t)
-miscfiles_read_public_files(cobblerd_t)
-
-selinux_dontaudit_read_fs(cobblerd_t)
-
-sysnet_read_config(cobblerd_t)
-sysnet_rw_dhcp_config(cobblerd_t)
-sysnet_write_config(cobblerd_t)
-
-userdom_dontaudit_use_user_terminals(cobblerd_t)
-userdom_dontaudit_search_user_home_dirs(cobblerd_t)
-userdom_dontaudit_search_admin_dir(cobblerd_t)
-
-tunable_policy(`cobbler_anon_write',`
-	miscfiles_manage_public_files(cobblerd_t)
-')
-
-tunable_policy(`cobbler_can_network_connect',`
-	corenet_tcp_connect_all_ports(cobblerd_t)
-	corenet_tcp_sendrecv_all_ports(cobblerd_t)
-	corenet_sendrecv_all_client_packets(cobblerd_t)
-')
-
-tunable_policy(`cobbler_use_cifs',`
-	fs_manage_cifs_dirs(cobblerd_t)
-	fs_manage_cifs_files(cobblerd_t)
-	fs_manage_cifs_symlinks(cobblerd_t)
-')
-
-tunable_policy(`cobbler_use_nfs',`
-	fs_manage_nfs_dirs(cobblerd_t)
-	fs_manage_nfs_files(cobblerd_t)
-	fs_manage_nfs_symlinks(cobblerd_t)
-')
-
-optional_policy(`
-	# Cobbler traverses /var/www to get to /var/www/cobbler/*
-	apache_search_sys_content(cobblerd_t)
-')
-
-optional_policy(`
-	bind_read_config(cobblerd_t)
-	bind_write_config(cobblerd_t)
-	bind_domtrans_ndc(cobblerd_t)
-	bind_domtrans(cobblerd_t)
-	bind_initrc_domtrans(cobblerd_t)
-	bind_manage_zone(cobblerd_t)
-')
-
-optional_policy(`
-	certmaster_exec(cobblerd_t)
-')
-
-optional_policy(`
-	dhcpd_domtrans(cobblerd_t)
-	dhcpd_initrc_domtrans(cobblerd_t)
-')
-
-optional_policy(`
-	dnsmasq_domtrans(cobblerd_t)
-	dnsmasq_initrc_domtrans(cobblerd_t)
-	dnsmasq_write_config(cobblerd_t)
-')
-
-optional_policy(`
-	gnome_dontaudit_search_config(cobblerd_t)
-')
-
-optional_policy(`
-	rpm_exec(cobblerd_t)
-')
-
-optional_policy(`
-	rsync_exec(cobblerd_t)
-	rsync_manage_config(cobblerd_t)
-	# cobbler creates /etc/rsync.conf if its not there.
-	rsync_filetrans_config(cobblerd_t, file)
-')
-
-optional_policy(`
-	# Cobbler puts objects in both /var/lib/tftpdir as well as /var/lib/tftpdir/images.
-	# tftp_manage_rw_content(cobblerd_t) can be used instead if:
-	# 1. cobbler package installs /var/lib/tftpdir/images.
-	# 2. no FILES in /var/lib/TFTPDIR are hard linked.
-	# Cobbler also creates other directories in /var/lib/tftpdir (etc, s390x, ppc, pxelinux.cfg)
-	# are any of those hard linked?
-	tftp_filetrans_tftpdir(cobblerd_t, cobbler_var_lib_t, { dir file })
-')
-
-########################################
-#
-# Cobbler web local policy.
-#
-
-apache_content_template(cobbler)
-manage_dirs_pattern(cobblerd_t, httpd_cobbler_content_rw_t, httpd_cobbler_content_rw_t)
-manage_files_pattern(cobblerd_t, httpd_cobbler_content_rw_t, httpd_cobbler_content_rw_t)
diff --git a/policy/modules/services/comsat.fc b/policy/modules/services/comsat.fc
deleted file mode 100644
index e7633fa..0000000
--- a/policy/modules/services/comsat.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-
-/usr/sbin/in\.comsat	--	gen_context(system_u:object_r:comsat_exec_t,s0)
diff --git a/policy/modules/services/comsat.if b/policy/modules/services/comsat.if
deleted file mode 100644
index afc4dfe..0000000
--- a/policy/modules/services/comsat.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>Comsat, a biff server.</summary>
diff --git a/policy/modules/services/comsat.te b/policy/modules/services/comsat.te
deleted file mode 100644
index 3d121fd..0000000
--- a/policy/modules/services/comsat.te
+++ /dev/null
@@ -1,74 +0,0 @@
-policy_module(comsat, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type comsat_t;
-type comsat_exec_t;
-inetd_udp_service_domain(comsat_t, comsat_exec_t)
-role system_r types comsat_t;
-
-type comsat_tmp_t;
-files_tmp_file(comsat_tmp_t)
-
-type comsat_var_run_t;
-files_pid_file(comsat_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow comsat_t self:capability { setuid setgid };
-allow comsat_t self:process signal_perms;
-allow comsat_t self:fifo_file rw_fifo_file_perms;
-allow comsat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-allow comsat_t self:tcp_socket connected_stream_socket_perms;
-allow comsat_t self:udp_socket create_socket_perms;
-
-manage_dirs_pattern(comsat_t, comsat_tmp_t, comsat_tmp_t)
-manage_files_pattern(comsat_t, comsat_tmp_t, comsat_tmp_t)
-files_tmp_filetrans(comsat_t, comsat_tmp_t, { file dir })
-
-manage_files_pattern(comsat_t, comsat_var_run_t, comsat_var_run_t)
-files_pid_filetrans(comsat_t, comsat_var_run_t, file)
-
-kernel_read_kernel_sysctls(comsat_t)
-kernel_read_network_state(comsat_t)
-kernel_read_system_state(comsat_t)
-
-corenet_all_recvfrom_unlabeled(comsat_t)
-corenet_all_recvfrom_netlabel(comsat_t)
-corenet_tcp_sendrecv_generic_if(comsat_t)
-corenet_udp_sendrecv_generic_if(comsat_t)
-corenet_tcp_sendrecv_generic_node(comsat_t)
-corenet_udp_sendrecv_generic_node(comsat_t)
-corenet_udp_sendrecv_all_ports(comsat_t)
-
-dev_read_urand(comsat_t)
-
-fs_getattr_xattr_fs(comsat_t)
-
-files_read_etc_files(comsat_t)
-files_list_usr(comsat_t)
-files_search_spool(comsat_t)
-files_search_home(comsat_t)
-
-auth_use_nsswitch(comsat_t)
-
-init_read_utmp(comsat_t)
-init_dontaudit_write_utmp(comsat_t)
-
-logging_send_syslog_msg(comsat_t)
-
-miscfiles_read_localization(comsat_t)
-
-userdom_dontaudit_getattr_user_ttys(comsat_t)
-
-mta_getattr_spool(comsat_t)
-
-optional_policy(`
-	kerberos_use(comsat_t)
-')
diff --git a/policy/modules/services/consolekit.fc b/policy/modules/services/consolekit.fc
deleted file mode 100644
index 32233ab..0000000
--- a/policy/modules/services/consolekit.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-/usr/sbin/console-kit-daemon	--	gen_context(system_u:object_r:consolekit_exec_t,s0)
-
-/var/log/ConsoleKit(/.*)?		gen_context(system_u:object_r:consolekit_log_t,s0)
-
-/var/run/consolekit\.pid	--	gen_context(system_u:object_r:consolekit_var_run_t,s0)
-/var/run/console-kit-daemon\.pid --	gen_context(system_u:object_r:consolekit_var_run_t,s0)
-/var/run/ConsoleKit(/.*)?		gen_context(system_u:object_r:consolekit_var_run_t,s0)
diff --git a/policy/modules/services/consolekit.if b/policy/modules/services/consolekit.if
deleted file mode 100644
index ac43a92..0000000
--- a/policy/modules/services/consolekit.if
+++ /dev/null
@@ -1,134 +0,0 @@
-## <summary>Framework for facilitating multiple user sessions on desktops.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run consolekit.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`consolekit_domtrans',`
-	gen_require(`
-		type consolekit_t, consolekit_exec_t;
-	')
-
-	domtrans_pattern($1, consolekit_exec_t, consolekit_t)
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	consolekit over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`consolekit_dbus_chat',`
-	gen_require(`
-		type consolekit_t;
-		class dbus send_msg;
-	')
-
-	allow $1 consolekit_t:dbus send_msg;
-	allow consolekit_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Dontaudit attempts to read consolekit log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`consolekit_dontaudit_read_log',`
-	gen_require(`
-		type consolekit_log_t;
-	')
-
-	dontaudit $1 consolekit_log_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Read consolekit log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`consolekit_read_log',`
-	gen_require(`
-		type consolekit_log_t;
-	')
-
-	read_files_pattern($1, consolekit_log_t, consolekit_log_t)
-	logging_search_logs($1)
-')
-
-########################################
-## <summary>
-##	Manage consolekit log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`consolekit_manage_log',`
-	gen_require(`
-		type consolekit_log_t;
-	')
-
-	manage_files_pattern($1, consolekit_log_t, consolekit_log_t)
-	files_search_pids($1)
-')
-
-########################################
-## <summary>
-##	Read consolekit PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`consolekit_read_pid_files',`
-	gen_require(`
-		type consolekit_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, consolekit_var_run_t, consolekit_var_run_t)
-')
-
-########################################
-## <summary>
-##	List consolekit PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`consolekit_list_pid_files',`
-	gen_require(`
-		type consolekit_var_run_t;
-	')
-
-	files_search_pids($1)
-	list_dirs_pattern($1, consolekit_var_run_t, consolekit_var_run_t)
-')
diff --git a/policy/modules/services/consolekit.te b/policy/modules/services/consolekit.te
deleted file mode 100644
index 16c0746..0000000
--- a/policy/modules/services/consolekit.te
+++ /dev/null
@@ -1,145 +0,0 @@
-policy_module(consolekit, 1.6.0)
-
-########################################
-#
-# Declarations
-#
-
-type consolekit_t;
-type consolekit_exec_t;
-init_daemon_domain(consolekit_t, consolekit_exec_t)
-
-type consolekit_log_t;
-logging_log_file(consolekit_log_t)
-
-type consolekit_var_run_t;
-files_pid_file(consolekit_var_run_t)
-
-type consolekit_tmpfs_t;
-files_tmpfs_file(consolekit_tmpfs_t)
-
-########################################
-#
-# consolekit local policy
-#
-
-allow consolekit_t self:capability { chown setuid setgid sys_tty_config dac_override sys_nice sys_ptrace };
-allow consolekit_t self:process { getsched signal };
-allow consolekit_t self:fifo_file rw_fifo_file_perms;
-allow consolekit_t self:unix_stream_socket create_stream_socket_perms;
-allow consolekit_t self:unix_dgram_socket create_socket_perms;
-
-manage_files_pattern(consolekit_t, consolekit_log_t, consolekit_log_t)
-logging_log_filetrans(consolekit_t, consolekit_log_t, file)
-
-manage_dirs_pattern(consolekit_t, consolekit_var_run_t, consolekit_var_run_t)
-manage_files_pattern(consolekit_t, consolekit_var_run_t, consolekit_var_run_t)
-files_pid_filetrans(consolekit_t, consolekit_var_run_t, { file dir })
-
-kernel_read_system_state(consolekit_t)
-
-corecmd_exec_bin(consolekit_t)
-corecmd_exec_shell(consolekit_t)
-
-dev_read_urand(consolekit_t)
-dev_read_sysfs(consolekit_t)
-
-domain_read_all_domains_state(consolekit_t)
-domain_use_interactive_fds(consolekit_t)
-domain_dontaudit_ptrace_all_domains(consolekit_t)
-
-files_read_etc_files(consolekit_t)
-files_read_usr_files(consolekit_t)
-# needs to read /var/lib/dbus/machine-id
-files_read_var_lib_files(consolekit_t)
-files_search_all_mountpoints(consolekit_t)
-
-fs_list_inotifyfs(consolekit_t)
-
-mcs_ptrace_all(consolekit_t)
-
-term_use_all_terms(consolekit_t)
-
-auth_use_nsswitch(consolekit_t)
-auth_manage_pam_console_data(consolekit_t)
-auth_write_login_records(consolekit_t)
-
-init_telinit(consolekit_t)
-init_rw_utmp(consolekit_t)
-
-logging_send_syslog_msg(consolekit_t)
-logging_send_audit_msgs(consolekit_t)
-
-miscfiles_read_localization(consolekit_t)
-
-# consolekit needs to be able to ptrace all logged in users 
-userdom_ptrace_all_users(consolekit_t)
-userdom_dontaudit_read_user_home_content_files(consolekit_t)
-userdom_dontaudit_getattr_admin_home_files(consolekit_t)
-userdom_read_user_tmp_files(consolekit_t)
-
-hal_ptrace(consolekit_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_read_nfs_files(consolekit_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_read_cifs_files(consolekit_t)
-')
-
-optional_policy(`
-	cron_read_system_job_lib_files(consolekit_t)
-')
-
-optional_policy(`
-	dbus_system_domain(consolekit_t, consolekit_exec_t)
-
-	optional_policy(`
-		hal_dbus_chat(consolekit_t)
-	')
-
-	optional_policy(`
-		rpm_dbus_chat(consolekit_t)
-	')
-
-	optional_policy(`
-		unconfined_dbus_chat(consolekit_t)
-	')
-')
-
-optional_policy(`
-	networkmanager_append_log(consolekit_t)
-')
-
-optional_policy(`
-	policykit_dbus_chat(consolekit_t)
-	policykit_domtrans_auth(consolekit_t)
-	policykit_read_lib(consolekit_t)
-	policykit_read_reload(consolekit_t)
-')
-
-optional_policy(`
-	shutdown_domtrans(consolekit_t)
-')
-
-optional_policy(`
-	xserver_read_xdm_pid(consolekit_t)
-	xserver_read_user_xauth(consolekit_t)
-	xserver_non_drawing_client(consolekit_t)
-	corenet_tcp_connect_xserver_port(consolekit_t)
-	xserver_stream_connect(consolekit_t)
-	xserver_user_x_domain_template(consolekit, consolekit_t, consolekit_tmpfs_t)
-')
-
-optional_policy(`
-	udev_domtrans(consolekit_t)
-	udev_read_db(consolekit_t)
-	udev_signal(consolekit_t)
-')
-
-optional_policy(`
-	#reading .Xauthity
-	unconfined_ptrace(consolekit_t)
-	unconfined_stream_connect(consolekit_t)
-')
diff --git a/policy/modules/services/corosync.fc b/policy/modules/services/corosync.fc
deleted file mode 100644
index 2098ee9..0000000
--- a/policy/modules/services/corosync.fc
+++ /dev/null
@@ -1,13 +0,0 @@
-/etc/rc\.d/init\.d/corosync	--	gen_context(system_u:object_r:corosync_initrc_exec_t,s0)
-
-/usr/sbin/corosync		--	gen_context(system_u:object_r:corosync_exec_t,s0)
-
-/usr/sbin/ccs_tool		--	gen_context(system_u:object_r:corosync_exec_t,s0)
-/usr/sbin/cman_tool		--	gen_context(system_u:object_r:corosync_exec_t,s0)
-
-/var/lib/corosync(/.*)?			gen_context(system_u:object_r:corosync_var_lib_t,s0)
-
-/var/log/cluster/corosync\.log	--	gen_context(system_u:object_r:corosync_var_log_t,s0)
-
-/var/run/cman_.*		-s	gen_context(system_u:object_r:corosync_var_run_t,s0)
-/var/run/corosync\.pid		--	gen_context(system_u:object_r:corosync_var_run_t,s0)
diff --git a/policy/modules/services/corosync.if b/policy/modules/services/corosync.if
deleted file mode 100644
index a2e6830..0000000
--- a/policy/modules/services/corosync.if
+++ /dev/null
@@ -1,125 +0,0 @@
-## <summary>Corosync Cluster Engine</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run corosync.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`corosync_domtrans',`
-	gen_require(`
-		type corosync_t, corosync_exec_t;
-	')
-
-	domtrans_pattern($1, corosync_exec_t, corosync_t)
-')
-
-######################################
-## <summary>
-##	Execute corosync in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corosync_exec',`
-	gen_require(`
-		type corosync_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, corosync_exec_t)
-')
-
-#######################################
-## <summary>
-##	Allow the specified domain to read corosync's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corosync_read_log',`
-	gen_require(`
-		type corosync_var_log_t;
-	')
-
-	logging_search_logs($1)
-	list_dirs_pattern($1, corosync_var_log_t, corosync_var_log_t)
-	read_files_pattern($1, corosync_var_log_t, corosync_var_log_t)
-')
-
-#####################################
-## <summary>
-##	Connect to corosync over a unix domain
-##	stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`corosync_stream_connect',`
-	gen_require(`
-		type corosync_t, corosync_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, corosync_var_run_t, corosync_var_run_t, corosync_t)
-')
-
-######################################
-## <summary>
-##	All of the rules required to administrate
-##	an corosync environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the corosyncd domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`corosyncd_admin',`
-	gen_require(`
-		type corosync_t, corosync_var_lib_t, corosync_var_log_t;
-		type corosync_var_run_t, corosync_tmp_t, corosync_tmpfs_t;
-		type corosync_initrc_exec_t;
-	')
-
-	allow $1 corosync_t:process { ptrace signal_perms };
-	ps_process_pattern($1, corosync_t)
-
-	init_labeled_script_domtrans($1, corosync_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 corosync_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, corosync_tmp_t)
-
-	admin_pattern($1, corosync_tmpfs_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, corosync_var_lib_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, corosync_var_log_t)
-
-	files_list_pids($1)
-	admin_pattern($1, corosync_var_run_t)
-')
diff --git a/policy/modules/services/corosync.te b/policy/modules/services/corosync.te
deleted file mode 100644
index c3620a0..0000000
--- a/policy/modules/services/corosync.te
+++ /dev/null
@@ -1,121 +0,0 @@
-policy_module(corosync, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type corosync_t;
-type corosync_exec_t;
-init_daemon_domain(corosync_t, corosync_exec_t)
-
-type corosync_initrc_exec_t;
-init_script_file(corosync_initrc_exec_t);
-
-type corosync_tmp_t;
-files_tmp_file(corosync_tmp_t)
-
-type corosync_tmpfs_t;
-files_tmpfs_file(corosync_tmpfs_t)
-
-type corosync_var_lib_t;
-files_type(corosync_var_lib_t)
-
-type corosync_var_log_t;
-logging_log_file(corosync_var_log_t)
-
-type corosync_var_run_t;
-files_pid_file(corosync_var_run_t)
-
-########################################
-#
-# corosync local policy
-#
-
-allow corosync_t self:capability { dac_override sys_nice sys_ptrace sys_resource ipc_lock };
-allow corosync_t self:process { setrlimit setsched signal signull };
-
-allow corosync_t self:fifo_file rw_fifo_file_perms;
-allow corosync_t self:sem create_sem_perms;
-allow corosync_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow corosync_t self:unix_dgram_socket create_socket_perms;
-allow corosync_t self:udp_socket create_socket_perms;
-
-can_exec(corosync_t, corosync_exec_t)
-
-manage_dirs_pattern(corosync_t, corosync_tmp_t, corosync_tmp_t)
-manage_files_pattern(corosync_t, corosync_tmp_t, corosync_tmp_t)
-files_tmp_filetrans(corosync_t, corosync_tmp_t, { file dir })
-
-manage_dirs_pattern(corosync_t, corosync_tmpfs_t, corosync_tmpfs_t)
-manage_files_pattern(corosync_t, corosync_tmpfs_t, corosync_tmpfs_t)
-fs_tmpfs_filetrans(corosync_t, corosync_tmpfs_t, { dir file })
-
-manage_files_pattern(corosync_t, corosync_var_lib_t, corosync_var_lib_t)
-manage_dirs_pattern(corosync_t, corosync_var_lib_t, corosync_var_lib_t)
-manage_sock_files_pattern(corosync_t, corosync_var_lib_t, corosync_var_lib_t)
-files_var_lib_filetrans(corosync_t, corosync_var_lib_t, { file dir sock_file })
-
-manage_files_pattern(corosync_t, corosync_var_log_t, corosync_var_log_t)
-manage_sock_files_pattern(corosync_t, corosync_var_log_t, corosync_var_log_t)
-logging_log_filetrans(corosync_t, corosync_var_log_t, { sock_file file })
-
-manage_files_pattern(corosync_t, corosync_var_run_t, corosync_var_run_t)
-manage_sock_files_pattern(corosync_t, corosync_var_run_t, corosync_var_run_t)
-files_pid_filetrans(corosync_t, corosync_var_run_t, { file sock_file })
-
-kernel_read_system_state(corosync_t)
-kernel_read_network_state(corosync_t)
-
-corecmd_exec_bin(corosync_t)
-corecmd_exec_shell(corosync_t)
-
-corenet_udp_bind_netsupport_port(corosync_t)
-
-dev_read_urand(corosync_t)
-
-domain_read_all_domains_state(corosync_t)
-
-files_manage_mounttab(corosync_t)
-files_read_usr_files(corosync_t)
-
-auth_use_nsswitch(corosync_t)
-
-init_read_script_state(corosync_t)
-init_rw_script_tmp_files(corosync_t)
-
-logging_send_syslog_msg(corosync_t)
-
-miscfiles_read_localization(corosync_t)
-
-userdom_delete_user_tmpfs_files(corosync_t)
-userdom_rw_user_tmpfs_files(corosync_t)
-
-optional_policy(`
-	fs_manage_tmpfs_files(corosync_t)
-	init_manage_script_status_files(corosync_t)
-')
-
-optional_policy(`
-	ccs_read_config(corosync_t)
-')
-
-optional_policy(`
-	cmirrord_rw_shm(corosync_t)
-')
-
-optional_policy(`
-	lvm_rw_clvmd_tmpfs_files(corosync_t)
-')
-
-optional_policy(`
-	# to communication with RHCS
-	rhcs_rw_cluster_shm(corosync_t)
-	rhcs_rw_cluster_semaphores(corosync_t)
-	rhcs_stream_connect_cluster(corosync_t)
-	rhcs_read_cluster_lib_files(corosync_t)
-')
-
-optional_policy(`
-	rgmanager_manage_tmpfs_files(corosync_t)
-')
diff --git a/policy/modules/services/courier.fc b/policy/modules/services/courier.fc
deleted file mode 100644
index f1bf79a..0000000
--- a/policy/modules/services/courier.fc
+++ /dev/null
@@ -1,24 +0,0 @@
-/etc/courier(/.*)?				gen_context(system_u:object_r:courier_etc_t,s0)
-
-/usr/bin/imapd				--	gen_context(system_u:object_r:courier_pop_exec_t,s0)
-
-/usr/sbin/courierlogger			--	gen_context(system_u:object_r:courier_exec_t,s0)
-/usr/sbin/courierldapaliasd		--	gen_context(system_u:object_r:courier_exec_t,s0)
-/usr/sbin/couriertcpd			--	gen_context(system_u:object_r:courier_tcpd_exec_t,s0)
-
-/usr/lib(64)?/courier/authlib/.*	--	gen_context(system_u:object_r:courier_authdaemon_exec_t,s0)
-/usr/lib(64)?/courier/courier/.*	--	gen_context(system_u:object_r:courier_exec_t,s0)
-/usr/lib(64)?/courier/courier/courierpop.* --	gen_context(system_u:object_r:courier_pop_exec_t,s0)
-/usr/lib(64)?/courier/courier/imaplogin --	gen_context(system_u:object_r:courier_pop_exec_t,s0)
-/usr/lib(64)?/courier/courier/pcpd	--	gen_context(system_u:object_r:courier_pcp_exec_t,s0)
-/usr/lib(64)?/courier/imapd		--	gen_context(system_u:object_r:courier_pop_exec_t,s0)
-/usr/lib(64)?/courier/pop3d		--	gen_context(system_u:object_r:courier_pop_exec_t,s0)
-/usr/lib(64)?/courier/rootcerts(/.*)?		gen_context(system_u:object_r:courier_etc_t,s0)
-/usr/lib(64)?/courier/sqwebmail/cleancache\.pl -- gen_context(system_u:object_r:sqwebmail_cron_exec_t,s0)
-
-/var/lib/courier(/.*)?			--	gen_context(system_u:object_r:courier_var_lib_t,s0)
-
-/var/run/courier(/.*)?			--	gen_context(system_u:object_r:courier_var_run_t,s0)
-
-/var/spool/authdaemon(/.*)?			gen_context(system_u:object_r:courier_spool_t,s0)
-/var/spool/courier(/.*)?			gen_context(system_u:object_r:courier_spool_t,s0)
diff --git a/policy/modules/services/courier.if b/policy/modules/services/courier.if
deleted file mode 100644
index f081899..0000000
--- a/policy/modules/services/courier.if
+++ /dev/null
@@ -1,220 +0,0 @@
-## <summary>Courier IMAP and POP3 email servers</summary>
-
-########################################
-## <summary>
-##	Template for creating courier server processes.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Prefix name of the server process.
-##	</summary>
-## </param>
-#
-template(`courier_domain_template',`
-
-	##############################
-	#
-	# Declarations
-	#
-
-	type courier_$1_t;
-	type courier_$1_exec_t;
-	init_daemon_domain(courier_$1_t, courier_$1_exec_t)
-
-	##############################
-	#
-	# Declarations
-	#
-
-	allow courier_$1_t self:capability dac_override;
-	dontaudit courier_$1_t self:capability sys_tty_config;
-	allow courier_$1_t self:process { setpgid signal_perms };
-	allow courier_$1_t self:fifo_file { read write getattr };
-	allow courier_$1_t self:tcp_socket create_stream_socket_perms;
-	allow courier_$1_t self:udp_socket create_socket_perms;
-
-	can_exec(courier_$1_t, courier_$1_exec_t)
-
-	read_files_pattern(courier_$1_t, courier_etc_t, courier_etc_t)
-	allow courier_$1_t courier_etc_t:dir list_dir_perms;
-
-	manage_dirs_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
-	manage_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
-	manage_lnk_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
-	manage_sock_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
-	files_search_pids(courier_$1_t)
-	files_pid_filetrans(courier_$1_t, courier_var_run_t, dir)
-
-	kernel_read_system_state(courier_$1_t)
-	kernel_read_kernel_sysctls(courier_$1_t)
-
-	corecmd_exec_bin(courier_$1_t)
-
-	corenet_all_recvfrom_unlabeled(courier_$1_t)
-	corenet_all_recvfrom_netlabel(courier_$1_t)
-	corenet_tcp_sendrecv_generic_if(courier_$1_t)
-	corenet_udp_sendrecv_generic_if(courier_$1_t)
-	corenet_tcp_sendrecv_generic_node(courier_$1_t)
-	corenet_udp_sendrecv_generic_node(courier_$1_t)
-	corenet_tcp_sendrecv_all_ports(courier_$1_t)
-	corenet_udp_sendrecv_all_ports(courier_$1_t)
-
-	dev_read_sysfs(courier_$1_t)
-
-	domain_use_interactive_fds(courier_$1_t)
-
-	files_read_etc_files(courier_$1_t)
-	files_read_etc_runtime_files(courier_$1_t)
-	files_read_usr_files(courier_$1_t)
-
-	fs_getattr_xattr_fs(courier_$1_t)
-	fs_search_auto_mountpoints(courier_$1_t)
-
-	logging_send_syslog_msg(courier_$1_t)
-
-	sysnet_read_config(courier_$1_t)
-
-	userdom_dontaudit_use_unpriv_user_fds(courier_$1_t)
-
-	optional_policy(`
-		seutil_sigchld_newrole(courier_$1_t)
-	')
-
-	optional_policy(`
-		udev_read_db(courier_$1_t)
-	')
-')
-
-########################################
-## <summary>
-##	Execute the courier authentication daemon with
-##	a domain transition.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`courier_domtrans_authdaemon',`
-	gen_require(`
-		type courier_authdaemon_t, courier_authdaemon_exec_t;
-	')
-
-	domtrans_pattern($1, courier_authdaemon_exec_t, courier_authdaemon_t)
-')
-
-########################################
-## <summary>
-##	Execute the courier POP3 and IMAP server with
-##	a domain transition.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`courier_domtrans_pop',`
-	gen_require(`
-		type courier_pop_t, courier_pop_exec_t;
-	')
-
-	domtrans_pattern($1, courier_pop_exec_t, courier_pop_t)
-')
-
-########################################
-## <summary>
-##	Read courier config files
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`courier_read_config',`
-	gen_require(`
-		type courier_etc_t;
-	')
-
-	files_search_etc($1)
-	read_files_pattern($1, courier_etc_t, courier_etc_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete courier
-##	spool directories.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`courier_manage_spool_dirs',`
-	gen_require(`
-		type courier_spool_t;
-	')
-
-	files_search_spool($1)
-	manage_dirs_pattern($1, courier_spool_t, courier_spool_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete courier
-##	spool files.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`courier_manage_spool_files',`
-	gen_require(`
-		type courier_spool_t;
-	')
-
-	files_search_spool($1)
-	manage_files_pattern($1, courier_spool_t, courier_spool_t)
-')
-
-########################################
-## <summary>
-##	Read courier spool files.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`courier_read_spool',`
-	gen_require(`
-		type courier_spool_t;
-	')
-
-	files_search_spool($1)
-	read_files_pattern($1, courier_spool_t, courier_spool_t)
-')
-
-########################################
-## <summary>
-##	Read and write to courier spool pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`courier_rw_spool_pipes',`
-	gen_require(`
-		type courier_spool_t;
-	')
-
-	allow $1 courier_spool_t:fifo_file rw_fifo_file_perms;
-')
diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te
deleted file mode 100644
index cc93958..0000000
--- a/policy/modules/services/courier.te
+++ /dev/null
@@ -1,146 +0,0 @@
-policy_module(courier, 1.9.1)
-
-########################################
-#
-# Declarations
-#
-
-courier_domain_template(authdaemon)
-
-type courier_etc_t;
-files_config_file(courier_etc_t)
-
-courier_domain_template(pcp)
-
-courier_domain_template(pop)
-
-type courier_spool_t;
-files_type(courier_spool_t)
-
-courier_domain_template(tcpd)
-
-type courier_var_lib_t;
-files_type(courier_var_lib_t)
-
-type courier_var_run_t;
-files_pid_file(courier_var_run_t)
-
-type courier_exec_t;
-mta_agent_executable(courier_exec_t)
-
-courier_domain_template(sqwebmail)
-typealias courier_sqwebmail_exec_t alias sqwebmail_cron_exec_t;
-
-########################################
-#
-# Authdaemon local policy
-#
-
-allow courier_authdaemon_t self:capability { setuid setgid sys_tty_config };
-allow courier_authdaemon_t self:unix_stream_socket connectto;
-
-can_exec(courier_authdaemon_t, courier_exec_t)
-
-allow courier_authdaemon_t courier_tcpd_t:fd use;
-allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_perms;
-allow courier_authdaemon_t courier_tcpd_t:fifo_file rw_fifo_file_perms;
-
-allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_perms;
-allow courier_authdaemon_t courier_tcpd_t:unix_stream_socket rw_stream_socket_perms;
-allow courier_authdaemon_t courier_tcpd_t:process sigchld;
-allow courier_authdaemon_t courier_tcpd_t:fd use;
-allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_perms;
-allow courier_authdaemon_t courier_tcpd_t:fifo_file rw_file_perms;
-
-manage_sock_files_pattern(courier_authdaemon_t, courier_spool_t, courier_spool_t)
-files_search_spool(courier_authdaemon_t)
-
-corecmd_search_bin(courier_authdaemon_t)
-
-# for SSP
-dev_read_urand(courier_authdaemon_t)
-
-files_getattr_tmp_dirs(courier_authdaemon_t)
-
-auth_domtrans_chk_passwd(courier_authdaemon_t)
-
-libs_read_lib_files(courier_authdaemon_t)
-
-miscfiles_read_localization(courier_authdaemon_t)
-
-# should not be needed!
-userdom_search_user_home_dirs(courier_authdaemon_t)
-
-courier_domtrans_pop(courier_authdaemon_t)
-
-########################################
-#
-# Calendar (PCP) local policy
-#
-
-allow courier_pcp_t self:capability { setuid setgid };
-
-dev_read_rand(courier_pcp_t)
-
-########################################
-#
-# POP3/IMAP local policy
-#
-
-allow courier_pop_t courier_authdaemon_t:tcp_socket rw_stream_socket_perms;
-allow courier_pop_t courier_authdaemon_t:process sigchld;
-
-allow courier_pop_t courier_tcpd_t:{ unix_stream_socket tcp_socket } rw_stream_socket_perms;
-
-# inherits file handle - should it?
-allow courier_pop_t courier_var_lib_t:file rw_inherited_file_perms;
-
-miscfiles_read_localization(courier_pop_t)
-
-courier_domtrans_authdaemon(courier_pop_t)
-
-# do the actual work (read the Maildir)
-userdom_manage_user_home_content_files(courier_pop_t)
-# cjp: the fact that this is different for pop vs imap means that
-# there should probably be a courier_pop_t and courier_imap_t
-# this should also probably be a separate type too instead of
-# the regular home dir
-userdom_manage_user_home_content_dirs(courier_pop_t)
-
-########################################
-#
-# TCPd local policy
-#
-
-allow courier_tcpd_t self:capability kill;
-
-can_exec(courier_tcpd_t, courier_exec_t)
-
-manage_files_pattern(courier_tcpd_t, courier_var_lib_t, courier_var_lib_t)
-manage_lnk_files_pattern(courier_tcpd_t, courier_var_lib_t, courier_var_lib_t)
-files_search_var_lib(courier_tcpd_t)
-
-corecmd_search_bin(courier_tcpd_t)
-
-corenet_tcp_bind_generic_node(courier_tcpd_t)
-corenet_tcp_bind_pop_port(courier_tcpd_t)
-corenet_sendrecv_pop_server_packets(courier_tcpd_t)
-
-# for TLS
-dev_read_rand(courier_tcpd_t)
-dev_read_urand(courier_tcpd_t)
-
-miscfiles_read_localization(courier_tcpd_t)
-
-courier_domtrans_pop(courier_tcpd_t)
-
-########################################
-#
-# Webmail local policy
-#
-
-kernel_read_kernel_sysctls(courier_sqwebmail_t)
-
-optional_policy(`
-	cron_system_entry(courier_sqwebmail_t, courier_sqwebmail_exec_t)
-')
diff --git a/policy/modules/services/cpucontrol.fc b/policy/modules/services/cpucontrol.fc
deleted file mode 100644
index 789c8c7..0000000
--- a/policy/modules/services/cpucontrol.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-
-/etc/firmware/.*	--	gen_context(system_u:object_r:cpucontrol_conf_t,s0)
-
-/sbin/microcode_ctl	--	gen_context(system_u:object_r:cpucontrol_exec_t,s0)
-
-/usr/sbin/cpufreqd	--	gen_context(system_u:object_r:cpuspeed_exec_t,s0)
-/usr/sbin/cpuspeed	--	gen_context(system_u:object_r:cpuspeed_exec_t,s0)
-/usr/sbin/powernowd	--	gen_context(system_u:object_r:cpuspeed_exec_t,s0)
-
-/var/run/cpufreqd\.pid	--	gen_context(system_u:object_r:cpuspeed_var_run_t,s0)
diff --git a/policy/modules/services/cpucontrol.if b/policy/modules/services/cpucontrol.if
deleted file mode 100644
index ff6310d..0000000
--- a/policy/modules/services/cpucontrol.if
+++ /dev/null
@@ -1,17 +0,0 @@
-## <summary>Services for loading CPU microcode and CPU frequency scaling.</summary>
-
-########################################
-## <summary>
-##	CPUcontrol stub interface.  No access allowed.
-## </summary>
-## <param name="domain" unused="true">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cpucontrol_stub',`
-	gen_require(`
-		type cpucontrol_t;
-	')
-')
diff --git a/policy/modules/services/cpucontrol.te b/policy/modules/services/cpucontrol.te
deleted file mode 100644
index 13d2f63..0000000
--- a/policy/modules/services/cpucontrol.te
+++ /dev/null
@@ -1,122 +0,0 @@
-policy_module(cpucontrol, 1.3.0)
-
-########################################
-#
-# Declarations
-#
-
-type cpucontrol_t;
-type cpucontrol_exec_t;
-init_system_domain(cpucontrol_t, cpucontrol_exec_t)
-
-type cpucontrol_conf_t;
-files_type(cpucontrol_conf_t)
-
-type cpuspeed_t;
-type cpuspeed_exec_t;
-init_system_domain(cpuspeed_t, cpuspeed_exec_t)
-
-type cpuspeed_var_run_t;
-files_pid_file(cpuspeed_var_run_t)
-
-########################################
-#
-# CPU microcode loader local policy
-#
-
-allow cpucontrol_t self:capability { ipc_lock sys_rawio };
-dontaudit cpucontrol_t self:capability sys_tty_config;
-allow cpucontrol_t self:process signal_perms;
-
-allow cpucontrol_t cpucontrol_conf_t:dir list_dir_perms;
-read_files_pattern(cpucontrol_t, cpucontrol_conf_t, cpucontrol_conf_t)
-read_lnk_files_pattern(cpucontrol_t, cpucontrol_conf_t, cpucontrol_conf_t)
-
-kernel_list_proc(cpucontrol_t)
-kernel_read_proc_symlinks(cpucontrol_t)
-kernel_read_kernel_sysctls(cpucontrol_t)
-
-dev_read_sysfs(cpucontrol_t)
-dev_rw_cpu_microcode(cpucontrol_t)
-
-fs_search_auto_mountpoints(cpucontrol_t)
-
-term_dontaudit_use_console(cpucontrol_t)
-
-domain_use_interactive_fds(cpucontrol_t)
-
-files_list_usr(cpucontrol_t)
-
-init_use_fds(cpucontrol_t)
-init_use_script_ptys(cpucontrol_t)
-
-logging_send_syslog_msg(cpucontrol_t)
-
-userdom_dontaudit_use_unpriv_user_fds(cpucontrol_t)
-
-optional_policy(`
-	nscd_socket_use(cpucontrol_t)
-')
-
-optional_policy(`
-	rhgb_use_ptys(cpucontrol_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(cpucontrol_t)
-')
-
-optional_policy(`
-	udev_read_db(cpucontrol_t)
-')
-
-########################################
-#
-# CPU frequency scaling daemons
-#
-
-dontaudit cpuspeed_t self:capability sys_tty_config;
-allow cpuspeed_t self:process { signal_perms setsched };
-allow cpuspeed_t self:unix_dgram_socket create_socket_perms;
-
-allow cpuspeed_t cpuspeed_var_run_t:file manage_file_perms;
-files_pid_filetrans(cpuspeed_t, cpuspeed_var_run_t, file)
-
-kernel_read_system_state(cpuspeed_t)
-kernel_read_kernel_sysctls(cpuspeed_t)
-
-dev_write_sysfs_dirs(cpuspeed_t)
-dev_rw_sysfs(cpuspeed_t)
-
-domain_use_interactive_fds(cpuspeed_t)
-# for demand/load-based scaling:
-domain_read_all_domains_state(cpuspeed_t)
-
-files_read_etc_files(cpuspeed_t)
-files_read_etc_runtime_files(cpuspeed_t)
-files_list_usr(cpuspeed_t)
-
-fs_search_auto_mountpoints(cpuspeed_t)
-
-term_dontaudit_use_console(cpuspeed_t)
-
-init_use_fds(cpuspeed_t)
-init_use_script_ptys(cpuspeed_t)
-
-logging_send_syslog_msg(cpuspeed_t)
-
-miscfiles_read_localization(cpuspeed_t)
-
-userdom_dontaudit_use_unpriv_user_fds(cpuspeed_t)
-
-optional_policy(`
-	nscd_socket_use(cpuspeed_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(cpuspeed_t)
-')
-
-optional_policy(`
-	udev_read_db(cpuspeed_t)
-')
diff --git a/policy/modules/services/cron.fc b/policy/modules/services/cron.fc
deleted file mode 100644
index 3e8ad69..0000000
--- a/policy/modules/services/cron.fc
+++ /dev/null
@@ -1,51 +0,0 @@
-/etc/rc\.d/init\.d/atd		--	gen_context(system_u:object_r:crond_initrc_exec_t,s0)
-
-/etc/cron\.d(/.*)?			gen_context(system_u:object_r:system_cron_spool_t,s0)
-/etc/crontab			--	gen_context(system_u:object_r:system_cron_spool_t,s0)
-
-/usr/bin/at			--	gen_context(system_u:object_r:crontab_exec_t,s0)
-/usr/bin/(f)?crontab		--	gen_context(system_u:object_r:crontab_exec_t,s0)
-
-/usr/sbin/anacron		--	gen_context(system_u:object_r:anacron_exec_t,s0)
-/usr/sbin/atd			--	gen_context(system_u:object_r:crond_exec_t,s0)
-/usr/sbin/cron(d)?		--	gen_context(system_u:object_r:crond_exec_t,s0)
-/usr/sbin/fcron			--	gen_context(system_u:object_r:crond_exec_t,s0)
-
-/var/run/anacron\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
-/var/run/atd\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
-/var/run/crond?\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
-/var/run/crond?\.reboot		--	gen_context(system_u:object_r:crond_var_run_t,s0)
-/var/run/fcron\.fifo		-s	gen_context(system_u:object_r:crond_var_run_t,s0)
-/var/run/fcron\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
-
-/var/spool/anacron(/.*)?		gen_context(system_u:object_r:system_cron_spool_t,s0)
-/var/spool/at(/.*)?			gen_context(system_u:object_r:user_cron_spool_t,s0)
-
-/var/spool/cron			-d	gen_context(system_u:object_r:cron_spool_t,s0)
-#/var/spool/cron/root		--	gen_context(system_u:object_r:sysadm_cron_spool_t,s0)
-/var/spool/cron/[^/]*		--	<<none>>
-
-ifdef(`distro_gentoo',`
-/var/spool/cron/lastrun		-d	gen_context(system_u:object_r:crond_tmp_t,s0)
-/var/spool/cron/lastrun/[^/]*	--	<<none>>
-')
-
-ifdef(`distro_suse', `
-/var/spool/cron/lastrun		-d	gen_context(system_u:object_r:crond_tmp_t,s0)
-/var/spool/cron/lastrun/[^/]*	--	<<none>>
-/var/spool/cron/tabs		-d	gen_context(system_u:object_r:cron_spool_t,s0)
-')
-
-/var/spool/cron/crontabs 	-d	gen_context(system_u:object_r:cron_spool_t,s0)
-/var/spool/cron/crontabs/.*	--	<<none>>
-#/var/spool/cron/crontabs/root	--	gen_context(system_u:object_r:sysadm_cron_spool_t,s0)
-
-/var/spool/fcron		-d	gen_context(system_u:object_r:cron_spool_t,s0)
-/var/spool/fcron/.*			<<none>>
-/var/spool/fcron/systab\.orig	--	gen_context(system_u:object_r:system_cron_spool_t,s0)
-/var/spool/fcron/systab		--	gen_context(system_u:object_r:system_cron_spool_t,s0)
-/var/spool/fcron/new\.systab	--	gen_context(system_u:object_r:system_cron_spool_t,s0)
-
-/var/lib/glpi/files(/.*)?		gen_context(system_u:object_r:cron_var_lib_t,s0)
-
-/var/log/mcelog.*		--	gen_context(system_u:object_r:cron_log_t,s0)
diff --git a/policy/modules/services/cron.if b/policy/modules/services/cron.if
deleted file mode 100644
index b6402c9..0000000
--- a/policy/modules/services/cron.if
+++ /dev/null
@@ -1,720 +0,0 @@
-## <summary>Periodic execution of scheduled commands.</summary>
-
-#######################################
-## <summary>
-##	The common rules for a crontab domain.
-## </summary>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-#
-template(`cron_common_crontab_template',`
-	gen_require(`
-		type crond_t, crond_var_run_t, crontab_exec_t;
-		type cron_spool_t, user_cron_spool_t;
-	')
-
-	##############################
-	#
-	# Declarations
-	#
-
-	type $1_t;
-	application_domain($1_t, crontab_exec_t)
-	ubac_constrained($1_t)
-
-	type $1_tmp_t;
-	files_tmp_file($1_tmp_t)
-
-	##############################
-	#
-	# Local policy
-	#
-
-	# dac_override is to create the file in the directory under /tmp
-	allow $1_t self:capability { fowner setuid setgid chown dac_override };
-	allow $1_t self:process { setsched signal_perms };
-	allow $1_t self:fifo_file rw_fifo_file_perms;
-
-	allow $1_t crond_t:process signal;
-	allow $1_t crond_var_run_t:file read_file_perms;
-
-	manage_dirs_pattern($1_t, $1_tmp_t, $1_tmp_t)
-	manage_files_pattern($1_t, $1_tmp_t, $1_tmp_t)
-	files_tmp_filetrans($1_t, $1_tmp_t, { dir file })
-
-	# create files in /var/spool/cron
-	manage_files_pattern($1_t, { cron_spool_t user_cron_spool_t }, user_cron_spool_t)
-	filetrans_pattern($1_t, cron_spool_t, user_cron_spool_t, file)
-	files_list_spool($1_t)
-
-	# crontab signals crond by updating the mtime on the spooldir
-	allow $1_t cron_spool_t:dir setattr_dir_perms;
-
-	kernel_read_system_state($1_t)
-
-	# for the checks used by crontab -u
-	selinux_dontaudit_search_fs($1_t)
-
-	fs_getattr_xattr_fs($1_t)
-
-	domain_use_interactive_fds($1_t)
-
-	files_read_etc_files($1_t)
-	files_read_usr_files($1_t)
-	files_dontaudit_search_pids($1_t)
-
-	auth_domtrans_chk_passwd($1_t)
-
-	logging_send_syslog_msg($1_t)
-	logging_send_audit_msgs($1_t)
-	logging_set_loginuid($1_t)
-
-	init_dontaudit_write_utmp($1_t)
-	init_read_utmp($1_t)
-
-	miscfiles_read_localization($1_t)
-
-	seutil_read_config($1_t)
-
-	userdom_manage_user_tmp_dirs($1_t)
-	userdom_manage_user_tmp_files($1_t)
-	# Access terminals.
-	userdom_use_user_terminals($1_t)
-	# Read user crontabs
-	userdom_read_user_home_content_files($1_t)
-	userdom_read_user_home_content_symlinks($1_t)
-
-	tunable_policy(`fcron_crond',`
-		# fcron wants an instant update of a crontab change for the administrator
-		# also crontab does a security check for crontab -u
-		dontaudit $1_t crond_t:process signal;
-	')
-
-	optional_policy(`
-		nscd_socket_use($1_t)
-	')
-')
-
-########################################
-## <summary>
-##	Role access for cron
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`cron_role',`
-	gen_require(`
-		type cronjob_t, crontab_t, crontab_exec_t;
-		type user_cron_spool_t, crond_t;
-	')
-
-	role $1 types { cronjob_t crontab_t };
-
-	# cronjob shows up in user ps
-	ps_process_pattern($2, cronjob_t)
-
-	# Transition from the user domain to the derived domain.
-	domtrans_pattern($2, crontab_exec_t, crontab_t)
-
-	allow crond_t $2:process transition;
-	dontaudit crond_t $2:process { noatsecure siginh rlimitinh };
-	allow $2 crond_t:process sigchld;
-
-	# needs to be authorized SELinux context for cron
-	allow $2 user_cron_spool_t:file entrypoint;
-
-	# crontab shows up in user ps
-	ps_process_pattern($2, crontab_t)
-	allow $2 crontab_t:process { ptrace signal_perms };
-
-	# Run helper programs as the user domain
-	#corecmd_bin_domtrans(crontab_t, $2)
-	#corecmd_shell_domtrans(crontab_t, $2)
-	corecmd_exec_bin(crontab_t)
-	corecmd_exec_shell(crontab_t)
-
-	optional_policy(`
-		gen_require(`
-			class dbus send_msg;
-		')
-
-		dbus_stub(cronjob_t)
-		allow cronjob_t $2:dbus send_msg;
-	')
-')
-
-########################################
-## <summary>
-##	Role access for unconfined cronjobs
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`cron_unconfined_role',`
-	gen_require(`
-		type unconfined_cronjob_t;
-	')
-
-	role $1 types unconfined_cronjob_t;
-
-	# cronjob shows up in user ps
-	ps_process_pattern($2, unconfined_cronjob_t)
-	allow $2 unconfined_cronjob_t:process { ptrace signal_perms };
-
-	optional_policy(`
-		gen_require(`
-			class dbus send_msg;
-		')
-
-		dbus_stub(unconfined_cronjob_t)
-		allow unconfined_cronjob_t $2:dbus send_msg;
-	')
-')
-
-########################################
-## <summary>
-##	Role access for cron
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`cron_admin_role',`
-	gen_require(`
-		type cronjob_t, crontab_exec_t, admin_crontab_t, admin_crontab_tmp_t;
-		class passwd crontab;
-	')
-
-	role $1 types { cronjob_t admin_crontab_t admin_crontab_tmp_t };
-
-	# cronjob shows up in user ps
-	ps_process_pattern($2, cronjob_t)
-
-	# Manipulate other users crontab.
-	allow $2 self:passwd crontab;
-
-	# Transition from the user domain to the derived domain.
-	domtrans_pattern($2, crontab_exec_t, admin_crontab_t)
-
-	# crontab shows up in user ps
-	ps_process_pattern($2, admin_crontab_t)
-	allow $2 admin_crontab_t:process { ptrace signal_perms };
-
-	# Run helper programs as the user domain
-	#corecmd_bin_domtrans(admin_crontab_t, $2)
-	#corecmd_shell_domtrans(admin_crontab_t, $2)
-	corecmd_exec_bin(admin_crontab_t)
-	corecmd_exec_shell(admin_crontab_t)
-
-	optional_policy(`
-		gen_require(`
-			class dbus send_msg;
-		')
-
-		dbus_stub(admin_cronjob_t)
-		allow cronjob_t $2:dbus send_msg;
-	')
-')
-
-########################################
-## <summary>
-##	Make the specified program domain accessable
-##	from the system cron jobs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The type of the process to transition to.
-##	</summary>
-## </param>
-## <param name="entrypoint">
-##	<summary>
-##	The type of the file used as an entrypoint to this domain.
-##	</summary>
-## </param>
-#
-interface(`cron_system_entry',`
-	gen_require(`
-		type crond_t, system_cronjob_t;
-	')
-
-	domtrans_pattern(system_cronjob_t, $2, $1)
-	domtrans_pattern(crond_t, $2, $1)
-
-	role system_r types $1;
-')
-
-########################################
-## <summary>
-##	Execute cron in the cron system domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`cron_domtrans',`
-	gen_require(`
-		type system_cronjob_t, crond_exec_t;
-	')
-
-	domtrans_pattern($1, crond_exec_t, system_cronjob_t)
-')
-
-########################################
-## <summary>
-##	Execute crond_exec_t 
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cron_exec',`
-	gen_require(`
-		type crond_exec_t;
-	')
-
-	can_exec($1, crond_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute crond server in the crond domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`cron_initrc_domtrans',`
-	gen_require(`
-		type crond_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, crond_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Inherit and use a file descriptor
-##	from the cron daemon.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cron_use_fds',`
-	gen_require(`
-		type crond_t;
-	')
-
-	allow $1 crond_t:fd use;
-')
-
-########################################
-## <summary>
-##	Send a SIGCHLD signal to the cron daemon.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cron_sigchld',`
-	gen_require(`
-		type crond_t;
-	')
-
-	allow $1 crond_t:process sigchld;
-')
-
-########################################
-## <summary>
-##	Read a cron daemon unnamed pipe.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cron_read_pipes',`
-	gen_require(`
-		type crond_t;
-	')
-
-	allow $1 crond_t:fifo_file read_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write cron daemon unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`cron_dontaudit_write_pipes',`
-	gen_require(`
-		type crond_t;
-	')
-
-	dontaudit $1 crond_t:fifo_file write;
-')
-
-########################################
-## <summary>
-##	Read and write a cron daemon unnamed pipe.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cron_rw_pipes',`
-	gen_require(`
-		type crond_t;
-	')
-
-	allow $1 crond_t:fifo_file rw_inherited_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write inherited user spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cron_rw_inherited_user_spool_files',`
-	gen_require(`
-		type user_cron_spool_t;
-	')
-
-	allow $1 user_cron_spool_t:file rw_inherited_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write inherited spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cron_rw_inherited_spool_files',`
-	gen_require(`
-		type cron_spool_t;
-	')
-
-	allow $1 cron_spool_t:file rw_inherited_file_perms;
-')
-
-########################################
-## <summary>
-##	Read, and write cron daemon TCP sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cron_rw_tcp_sockets',`
-	gen_require(`
-		type crond_t;
-	')
-
-	allow $1 crond_t:tcp_socket { read write };
-')
-
-########################################
-## <summary>
-##	Dontaudit Read, and write cron daemon TCP sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`cron_dontaudit_rw_tcp_sockets',`
-	gen_require(`
-		type crond_t;
-	')
-
-	dontaudit $1 crond_t:tcp_socket { read write };
-')
-
-########################################
-## <summary>
-##	Search the directory containing user cron tables.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cron_search_spool',`
-	gen_require(`
-		type cron_spool_t;
-	')
-
-	files_search_spool($1)
-	allow $1 cron_spool_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Manage pid files used by cron
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cron_manage_pid_files',`
-	gen_require(`
-		type crond_var_run_t;
-	')
-
-	files_search_pids($1)
-	manage_files_pattern($1, crond_var_run_t, crond_var_run_t)
-')
-
-########################################
-## <summary>
-##	Execute anacron in the cron system domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`cron_anacron_domtrans_system_job',`
-	gen_require(`
-		type system_cronjob_t, anacron_exec_t;
-	')
-
-	domtrans_pattern($1, anacron_exec_t, system_cronjob_t)
-')
-
-########################################
-## <summary>
-##	Inherit and use a file descriptor
-##	from system cron jobs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cron_use_system_job_fds',`
-	gen_require(`
-		type system_cronjob_t;
-	')
-
-	allow $1 system_cronjob_t:fd use;
-')
-
-########################################
-## <summary>
-##	Write a system cron job unnamed pipe.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cron_write_system_job_pipes',`
-	gen_require(`
-		type system_cronjob_t;
-	')
-
-	allow $1 system_cronjob_t:fifo_file write;
-')
-
-########################################
-## <summary>
-##	Read and write a system cron job unnamed pipe.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cron_rw_system_job_pipes',`
-	gen_require(`
-		type system_cronjob_t;
-	')
-
-	allow $1 system_cronjob_t:fifo_file rw_inherited_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow read/write unix stream sockets from the system cron jobs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cron_rw_system_job_stream_sockets',`
-	gen_require(`
-		type system_cronjob_t;
-	')
-
-	allow $1 system_cronjob_t:unix_stream_socket { read write };
-')
-
-########################################
-## <summary>
-##	Read temporary files from the system cron jobs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cron_read_system_job_tmp_files',`
-	gen_require(`
-		type system_cronjob_tmp_t, cron_var_run_t;
-	')
-
-	files_search_tmp($1)
-	allow $1 system_cronjob_tmp_t:file read_file_perms;
-
-	files_search_pids($1)
-	allow $1 cron_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to append temporary
-##	files from the system cron jobs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`cron_dontaudit_append_system_job_tmp_files',`
-	gen_require(`
-		type system_cronjob_tmp_t;
-	')
-
-	dontaudit $1 system_cronjob_tmp_t:file append_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write temporary
-##	files from the system cron jobs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`cron_dontaudit_write_system_job_tmp_files',`
-	gen_require(`
-		type system_cronjob_tmp_t;
-		type cron_var_run_t;
-	')
-
-	dontaudit $1 system_cronjob_tmp_t:file write_file_perms;
-	dontaudit $1 cron_var_run_t:file write_file_perms;
-')
-
-########################################
-## <summary>
-##	Read temporary files from the system cron jobs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cron_read_system_job_lib_files',`
-	gen_require(`
-		type system_cronjob_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Manage files from the system cron jobs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cron_manage_system_job_lib_files',`
-	gen_require(`
-		type system_cronjob_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t)
-')
diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te
deleted file mode 100644
index 2a7f7f4..0000000
--- a/policy/modules/services/cron.te
+++ /dev/null
@@ -1,718 +0,0 @@
-policy_module(cron, 2.2.0)
-
-gen_require(`
-	class passwd rootok;
-')
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow system cron jobs to relabel filesystem
-##	for restoring file contexts.
-##	</p>
-## </desc>
-gen_tunable(cron_can_relabel, false)
-
-## <desc>
-##	<p>
-##	Enable extra rules in the cron domain
-##	to support fcron.
-##	</p>
-## </desc>
-gen_tunable(fcron_crond, false)
-
-attribute cron_spool_type;
-
-type anacron_exec_t;
-application_executable_file(anacron_exec_t)
-
-type cron_spool_t;
-files_type(cron_spool_t)
-
-# var/lib files
-type cron_var_lib_t;
-files_type(cron_var_lib_t)
-
-type cron_var_run_t;
-files_type(cron_var_run_t)
-
-# var/log files
-type cron_log_t;
-logging_log_file(cron_log_t)
-
-type cronjob_t;
-typealias cronjob_t alias { user_crond_t staff_crond_t sysadm_crond_t };
-typealias cronjob_t alias { auditadm_crond_t secadm_crond_t };
-domain_type(cronjob_t)
-domain_cron_exemption_target(cronjob_t)
-corecmd_shell_entry_type(cronjob_t)
-ubac_constrained(cronjob_t)
-
-type crond_t;
-type crond_exec_t;
-init_daemon_domain(crond_t, crond_exec_t)
-domain_interactive_fd(crond_t)
-domain_cron_exemption_source(crond_t)
-
-type crond_initrc_exec_t;
-init_script_file(crond_initrc_exec_t)
-
-type crond_tmp_t;
-files_tmp_file(crond_tmp_t)
-files_poly_parent(crond_tmp_t)
-mta_system_content(crond_tmp_t)
-
-type crond_var_run_t;
-files_pid_file(crond_var_run_t)
-mta_system_content(crond_var_run_t)
-
-type crontab_exec_t;
-application_executable_file(crontab_exec_t)
-
-cron_common_crontab_template(admin_crontab)
-typealias admin_crontab_t alias sysadm_crontab_t;
-typealias admin_crontab_tmp_t alias sysadm_crontab_tmp_t;
-
-cron_common_crontab_template(crontab)
-typealias crontab_t alias { user_crontab_t staff_crontab_t };
-typealias crontab_t alias { auditadm_crontab_t secadm_crontab_t };
-typealias crontab_tmp_t alias { user_crontab_tmp_t staff_crontab_tmp_t };
-typealias crontab_tmp_t alias { auditadm_crontab_tmp_t secadm_crontab_tmp_t };
-allow admin_crontab_t crond_t:process signal;
-
-type system_cron_spool_t, cron_spool_type;
-files_type(system_cron_spool_t)
-
-type system_cronjob_t alias system_crond_t;
-init_daemon_domain(system_cronjob_t, anacron_exec_t)
-corecmd_shell_entry_type(system_cronjob_t)
-role system_r types system_cronjob_t;
-domtrans_pattern(crond_t, anacron_exec_t, system_cronjob_t)
-
-type system_cronjob_lock_t alias system_crond_lock_t;
-files_lock_file(system_cronjob_lock_t)
-
-type system_cronjob_tmp_t alias system_crond_tmp_t;
-files_tmp_file(system_cronjob_tmp_t)
-
-type unconfined_cronjob_t;
-domain_type(unconfined_cronjob_t)
-domain_cron_exemption_target(unconfined_cronjob_t)
-
-# Type of user crontabs once moved to cron spool.
-type user_cron_spool_t, cron_spool_type;
-typealias user_cron_spool_t alias { staff_cron_spool_t sysadm_cron_spool_t unconfined_cron_spool_t };
-typealias user_cron_spool_t alias { auditadm_cron_spool_t secadm_cron_spool_t };
-files_type(user_cron_spool_t)
-ubac_constrained(user_cron_spool_t)
-mta_system_content(user_cron_spool_t)
-
-type system_cronjob_var_lib_t;
-files_type(system_cronjob_var_lib_t)
-typealias system_cronjob_var_lib_t alias system_crond_var_lib_t;
-
-type system_cronjob_var_run_t;
-files_pid_file(system_cronjob_var_run_t)
-
-ifdef(`enable_mcs',`
-	init_ranged_daemon_domain(crond_t, crond_exec_t, s0 - mcs_systemhigh)
-')
-
-########################################
-#
-# Admin crontab local policy
-#
-
-# Allow our crontab domain to unlink a user cron spool file.
-allow admin_crontab_t user_cron_spool_t:file { read_file_perms delete_file_perms };
-
-# Manipulate other users crontab.
-selinux_get_fs_mount(admin_crontab_t)
-selinux_validate_context(admin_crontab_t)
-selinux_compute_access_vector(admin_crontab_t)
-selinux_compute_create_context(admin_crontab_t)
-selinux_compute_relabel_context(admin_crontab_t)
-selinux_compute_user_contexts(admin_crontab_t)
-
-tunable_policy(`fcron_crond',`
-	# fcron wants an instant update of a crontab change for the administrator
-	# also crontab does a security check for crontab -u
-	allow admin_crontab_t self:process setfscreate;
-')
-
-########################################
-#
-# Cron daemon local policy
-#
-
-allow crond_t self:capability { dac_override setgid setuid sys_nice dac_read_search };
-dontaudit crond_t self:capability { sys_resource sys_tty_config };
-allow crond_t self:process ~{ ptrace setcurrent setexec setfscreate execmem execstack execheap };
-allow crond_t self:process { setexec setfscreate };
-allow crond_t self:fd use;
-allow crond_t self:fifo_file rw_fifo_file_perms;
-allow crond_t self:unix_dgram_socket create_socket_perms;
-allow crond_t self:unix_stream_socket create_stream_socket_perms;
-allow crond_t self:unix_dgram_socket sendto;
-allow crond_t self:unix_stream_socket connectto;
-allow crond_t self:shm create_shm_perms;
-allow crond_t self:sem create_sem_perms;
-allow crond_t self:msgq create_msgq_perms;
-allow crond_t self:msg { send receive };
-allow crond_t self:key { search write link };
-
-manage_files_pattern(crond_t, cron_log_t, cron_log_t)
-logging_log_filetrans(crond_t, cron_log_t, file)
-
-manage_files_pattern(crond_t, crond_var_run_t, crond_var_run_t)
-files_pid_filetrans(crond_t, crond_var_run_t, file)
-
-manage_files_pattern(crond_t, cron_spool_t, cron_spool_t)
-
-manage_dirs_pattern(crond_t, crond_tmp_t, crond_tmp_t)
-manage_files_pattern(crond_t, crond_tmp_t, crond_tmp_t)
-files_tmp_filetrans(crond_t, crond_tmp_t, { file dir })
-
-list_dirs_pattern(crond_t, system_cron_spool_t, system_cron_spool_t)
-read_files_pattern(crond_t, system_cron_spool_t, system_cron_spool_t)
-
-kernel_read_kernel_sysctls(crond_t)
-kernel_read_fs_sysctls(crond_t)
-kernel_search_key(crond_t)
-
-dev_read_sysfs(crond_t)
-selinux_get_fs_mount(crond_t)
-selinux_validate_context(crond_t)
-selinux_compute_access_vector(crond_t)
-selinux_compute_create_context(crond_t)
-selinux_compute_relabel_context(crond_t)
-selinux_compute_user_contexts(crond_t)
-
-dev_read_urand(crond_t)
-
-fs_getattr_all_fs(crond_t)
-fs_search_auto_mountpoints(crond_t)
-fs_list_inotifyfs(crond_t)
-
-# need auth_chkpwd to check for locked accounts.
-auth_domtrans_chk_passwd(crond_t)
-
-corecmd_exec_shell(crond_t)
-corecmd_list_bin(crond_t)
-corecmd_read_bin_symlinks(crond_t)
-
-domain_use_interactive_fds(crond_t)
-domain_subj_id_change_exemption(crond_t)
-domain_role_change_exemption(crond_t)
-
-files_read_usr_files(crond_t)
-files_read_etc_runtime_files(crond_t)
-files_read_etc_files(crond_t)
-files_read_generic_spool(crond_t)
-files_list_usr(crond_t)
-# Read from /var/spool/cron.
-files_search_var_lib(crond_t)
-files_search_default(crond_t)
-
-init_rw_utmp(crond_t)
-init_spec_domtrans_script(crond_t)
-
-auth_use_nsswitch(crond_t)
-
-logging_send_audit_msgs(crond_t)
-logging_send_syslog_msg(crond_t)
-logging_set_loginuid(crond_t)
-
-seutil_read_config(crond_t)
-seutil_read_default_contexts(crond_t)
-seutil_sigchld_newrole(crond_t)
-
-miscfiles_read_localization(crond_t)
-
-userdom_use_unpriv_users_fds(crond_t)
-# Not sure why this is needed
-userdom_list_user_home_dirs(crond_t)
-userdom_create_all_users_keys(crond_t)
-
-mta_send_mail(crond_t)
-mta_system_content(cron_spool_t)
-
-ifdef(`distro_debian',`
-	# pam_limits is used
-	allow crond_t self:process setrlimit;
-
-	optional_policy(`
-		# Debian logcheck has the home dir set to its cache
-		logwatch_search_cache_dir(crond_t)
-	')
-')
-
-ifdef(`distro_redhat',`
-	# Run the rpm program in the rpm_t domain. Allow creation of RPM log files
-	# via redirection of standard out.
-	optional_policy(`
-		rpm_manage_log(crond_t)
-	')
-')
-
-tunable_policy(`allow_polyinstantiation',`
-	files_polyinstantiate_all(crond_t)
-')
-
-tunable_policy(`fcron_crond',`
-	allow crond_t system_cron_spool_t:file manage_file_perms;
-')
-
-optional_policy(`
-	apache_search_sys_content(crond_t)
-')
-
-optional_policy(`
-	djbdns_search_tinydns_keys(crond_t)
-	djbdns_link_tinydns_keys(crond_t)
-')
-
-optional_policy(`
-	locallogin_search_keys(crond_t)
-	locallogin_link_keys(crond_t)
-')
-
-optional_policy(`
-	# these should probably be unconfined_crond_t
-	dbus_system_bus_client(crond_t)
-	init_dbus_send_script(crond_t)
-')
-
-optional_policy(`
-	mono_domtrans(crond_t)
-')
-
-optional_policy(`
-	amanda_search_var_lib(crond_t)
-')
-
-optional_policy(`
-	amavis_search_lib(crond_t)
-')
-
-optional_policy(`
-	hal_dbus_chat(crond_t)
-	hal_write_log(crond_t)
-	hal_dbus_chat(system_cronjob_t)
-')
-
-optional_policy(`
-	# cjp: why?
-	munin_search_lib(crond_t)
-')
-
-optional_policy(`
-	rpc_search_nfs_state_data(crond_t)
-')
-
-optional_policy(`
-	# Commonly used from postinst scripts
-	rpm_read_pipes(crond_t)
-')
-
-optional_policy(`
-	# allow crond to find /usr/lib/postgresql/bin/do.maintenance
-	postgresql_search_db(crond_t)
-')
-
-optional_policy(`
-	udev_read_db(crond_t)
-')
-
-optional_policy(`
-	vnstatd_search_lib(crond_t)
-')
-
-########################################
-#
-# System cron process domain
-#
-
-allow system_cronjob_t self:capability { dac_override dac_read_search chown setgid setuid fowner net_bind_service fsetid sys_nice };
-dontaudit system_cronjob_t self:capability sys_ptrace;
-
-allow system_cronjob_t self:process { signal_perms getsched setsched };
-allow system_cronjob_t self:fifo_file rw_fifo_file_perms;
-allow system_cronjob_t self:passwd rootok;
-
-# This is to handle creation of files in /var/log directory.
-#  Used currently by rpm script log files
-allow system_cronjob_t cron_log_t:file manage_file_perms;
-logging_log_filetrans(system_cronjob_t, cron_log_t, file)
-
-# This is to handle /var/lib/misc directory.  Used currently
-# by prelink var/lib files for cron 
-allow system_cronjob_t cron_var_lib_t:file { manage_file_perms relabel_file_perms };
-files_var_lib_filetrans(system_cronjob_t, cron_var_lib_t, file)
-
-allow system_cronjob_t cron_var_run_t:file manage_file_perms;
-files_pid_filetrans(system_cronjob_t, cron_var_run_t, file)
-
-allow system_cronjob_t system_cron_spool_t:file read_file_perms;
-
-# anacron forces the following
-manage_files_pattern(system_cronjob_t, system_cron_spool_t, system_cron_spool_t)
-
-# The entrypoint interface is not used as this is not
-# a regular entrypoint.  Since crontab files are
-# not directly executed, crond must ensure that
-# the crontab file has a type that is appropriate
-# for the domain of the user cron job.  It
-# performs an entrypoint permission check
-# for this purpose.
-allow system_cronjob_t system_cron_spool_t:file entrypoint;
-
-# Permit a transition from the crond_t domain to this domain.
-# The transition is requested explicitly by the modified crond 
-# via setexeccon.  There is no way to set up an automatic
-# transition, since crontabs are configuration files, not executables.
-allow crond_t system_cronjob_t:process transition;
-dontaudit crond_t system_cronjob_t:process { noatsecure siginh rlimitinh };
-allow crond_t system_cronjob_t:fd use;
-allow system_cronjob_t crond_t:fd use;
-allow system_cronjob_t crond_t:fifo_file rw_file_perms;
-allow system_cronjob_t crond_t:process sigchld;
-allow crond_t system_cronjob_t:key manage_key_perms;
-
-# Write /var/lock/makewhatis.lock.
-allow system_cronjob_t system_cronjob_lock_t:file manage_file_perms;
-files_lock_filetrans(system_cronjob_t, system_cronjob_lock_t, file)
-
-# write temporary files
-manage_files_pattern(system_cronjob_t, crond_tmp_t, system_cronjob_tmp_t)
-manage_lnk_files_pattern(system_cronjob_t, crond_tmp_t, system_cronjob_tmp_t)
-filetrans_pattern(system_cronjob_t, crond_tmp_t, system_cronjob_tmp_t, { file lnk_file })
-files_tmp_filetrans(system_cronjob_t, system_cronjob_tmp_t, file)
-
-# var/lib files for system_crond
-files_search_var_lib(system_cronjob_t)
-manage_files_pattern(system_cronjob_t, system_cronjob_var_lib_t, system_cronjob_var_lib_t)
-
-# Read from /var/spool/cron.
-allow system_cronjob_t cron_spool_t:dir list_dir_perms;
-allow system_cronjob_t cron_spool_t:file rw_file_perms;
-
-kernel_read_kernel_sysctls(system_cronjob_t)
-kernel_read_system_state(system_cronjob_t)
-kernel_read_software_raid_state(system_cronjob_t)
-
-# ps does not need to access /boot when run from cron
-files_dontaudit_search_boot(system_cronjob_t)
-
-corecmd_exec_all_executables(system_cronjob_t)
-
-corenet_all_recvfrom_unlabeled(system_cronjob_t)
-corenet_all_recvfrom_netlabel(system_cronjob_t)
-corenet_tcp_sendrecv_generic_if(system_cronjob_t)
-corenet_udp_sendrecv_generic_if(system_cronjob_t)
-corenet_tcp_sendrecv_generic_node(system_cronjob_t)
-corenet_udp_sendrecv_generic_node(system_cronjob_t)
-corenet_tcp_sendrecv_all_ports(system_cronjob_t)
-corenet_udp_sendrecv_all_ports(system_cronjob_t)
-
-dev_getattr_all_blk_files(system_cronjob_t)
-dev_getattr_all_chr_files(system_cronjob_t)
-dev_read_urand(system_cronjob_t)
-dev_read_sysfs(system_cronjob_t)
-
-fs_getattr_all_fs(system_cronjob_t)
-fs_getattr_all_files(system_cronjob_t)
-fs_getattr_all_symlinks(system_cronjob_t)
-fs_getattr_all_pipes(system_cronjob_t)
-fs_getattr_all_sockets(system_cronjob_t)
-
-# quiet other ps operations
-domain_dontaudit_read_all_domains_state(system_cronjob_t)
-
-files_exec_etc_files(system_cronjob_t)
-files_read_etc_files(system_cronjob_t)
-files_read_etc_runtime_files(system_cronjob_t)
-files_list_all(system_cronjob_t)
-files_getattr_all_dirs(system_cronjob_t)
-files_getattr_all_files(system_cronjob_t)
-files_getattr_all_symlinks(system_cronjob_t)
-files_getattr_all_pipes(system_cronjob_t)
-files_getattr_all_sockets(system_cronjob_t)
-files_read_usr_files(system_cronjob_t)
-files_read_var_files(system_cronjob_t)
-# for nscd:
-files_dontaudit_search_pids(system_cronjob_t)
-# Access other spool directories like
-# /var/spool/anacron and /var/spool/slrnpull.
-files_manage_generic_spool(system_cronjob_t)
-files_create_boot_flag(system_cronjob_t)
-
-init_use_script_fds(system_cronjob_t)
-init_read_utmp(system_cronjob_t)
-init_dontaudit_rw_utmp(system_cronjob_t)
-# prelink tells init to restart it self, we either need to allow or dontaudit
-init_telinit(system_cronjob_t)
-init_domtrans_script(system_cronjob_t)
-
-auth_use_nsswitch(system_cronjob_t)
-
-libs_exec_lib_files(system_cronjob_t)
-libs_exec_ld_so(system_cronjob_t)
-
-logging_read_generic_logs(system_cronjob_t)
-logging_send_audit_msgs(system_cronjob_t)
-logging_send_syslog_msg(system_cronjob_t)
-
-miscfiles_read_localization(system_cronjob_t)
-miscfiles_manage_man_pages(system_cronjob_t)
-
-seutil_read_config(system_cronjob_t)
-
-ifdef(`distro_redhat',`
-	# Run the rpm program in the rpm_t domain. Allow creation of RPM log files
-	allow crond_t system_cron_spool_t:file manage_file_perms;
-
-	# via redirection of standard out.
-	optional_policy(`
-		rpm_manage_log(system_cronjob_t)
-	')
-')
-
-tunable_policy(`cron_can_relabel',`
-	seutil_domtrans_setfiles(system_cronjob_t)
-',`
-	selinux_get_fs_mount(system_cronjob_t)
-	selinux_validate_context(system_cronjob_t)
-	selinux_compute_access_vector(system_cronjob_t)
-	selinux_compute_create_context(system_cronjob_t)
-	selinux_compute_relabel_context(system_cronjob_t)
-	selinux_compute_user_contexts(system_cronjob_t)
-	seutil_read_file_contexts(system_cronjob_t)
-')
-
-optional_policy(`
-	# Needed for certwatch
-	apache_exec_modules(system_cronjob_t)
-	apache_read_config(system_cronjob_t)
-	apache_read_log(system_cronjob_t)
-	apache_read_sys_content(system_cronjob_t)
-	apache_delete_cache_dirs(system_cronjob_t)
-	apache_delete_cache_files(system_cronjob_t)
-')
-
-optional_policy(`
-	cyrus_manage_data(system_cronjob_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(system_cronjob_t)
-')
-
-optional_policy(`
-	exim_read_spool_files(system_cronjob_t)
-')
-
-optional_policy(`
-	ftp_read_log(system_cronjob_t)
-')
-
-optional_policy(`
-	inn_manage_log(system_cronjob_t)
-	inn_manage_pid(system_cronjob_t)
-	inn_read_config(system_cronjob_t)
-')
-
-optional_policy(`
-	livecd_read_tmp_files(system_cronjob_t)
-')
-
-optional_policy(`
-	lpd_list_spool(system_cronjob_t)
-')
-
-optional_policy(`
-	mono_domtrans(system_cronjob_t)
-')
-
-optional_policy(`
-	mrtg_append_create_logs(system_cronjob_t)
-')
-
-optional_policy(`
-	mta_send_mail(system_cronjob_t)
-	mta_system_content(system_cron_spool_t)
-')
-
-optional_policy(`
-	mysql_read_config(system_cronjob_t)
-')
-
-optional_policy(`
-	postfix_read_config(system_cronjob_t)
-')	
-
-optional_policy(`
-	prelink_delete_cache(system_cronjob_t)
-	prelink_manage_lib(system_cronjob_t)
-	prelink_manage_log(system_cronjob_t)
-	prelink_read_cache(system_cronjob_t)
-	prelink_relabel_lib(system_cronjob_t)
-')
-
-optional_policy(`
-	samba_read_config(system_cronjob_t)
-	samba_read_log(system_cronjob_t)
-	#samba_read_secrets(system_cronjob_t)
-')
-
-optional_policy(`
-	slocate_create_append_log(system_cronjob_t)
-')
-
-optional_policy(`
-	spamassassin_manage_lib_files(system_cronjob_t)
-	spamassassin_manage_home_client(system_cronjob_t)
-')
-
-optional_policy(`
-	sysstat_manage_log(system_cronjob_t)
-')
-
-optional_policy(`
-	unconfined_domain(crond_t)
-	unconfined_domain(system_cronjob_t)
-')
-
-optional_policy(`
-	unconfined_shell_domtrans(crond_t)
-	unconfined_dbus_send(crond_t)
-	userdom_user_home_dir_filetrans_user_home_content(system_cronjob_t, { dir file lnk_file fifo_file sock_file })
-')
-
-########################################
-#
-# User cronjobs local policy
-#
-
-allow cronjob_t self:process { signal_perms setsched };
-allow cronjob_t self:fifo_file rw_fifo_file_perms;
-allow cronjob_t self:unix_stream_socket create_stream_socket_perms;
-allow cronjob_t self:unix_dgram_socket create_socket_perms;
-
-# The entrypoint interface is not used as this is not
-# a regular entrypoint.  Since crontab files are
-# not directly executed, crond must ensure that
-# the crontab file has a type that is appropriate
-# for the domain of the user cron job.  It
-# performs an entrypoint permission check
-# for this purpose.
-allow cronjob_t user_cron_spool_t:file entrypoint;
-
-# Permit a transition from the crond_t domain to this domain.
-# The transition is requested explicitly by the modified crond 
-# via setexeccon.  There is no way to set up an automatic
-# transition, since crontabs are configuration files, not executables.
-allow crond_t cronjob_t:process transition;
-dontaudit crond_t cronjob_t:process { noatsecure siginh rlimitinh };
-allow crond_t cronjob_t:fd use;
-allow cronjob_t crond_t:fd use;
-allow cronjob_t crond_t:fifo_file rw_file_perms;
-allow cronjob_t crond_t:process sigchld;
-
-kernel_read_system_state(cronjob_t)
-kernel_read_kernel_sysctls(cronjob_t)
-
-# ps does not need to access /boot when run from cron
-files_dontaudit_search_boot(cronjob_t)
-
-corenet_all_recvfrom_unlabeled(cronjob_t)
-corenet_all_recvfrom_netlabel(cronjob_t)
-corenet_tcp_sendrecv_generic_if(cronjob_t)
-corenet_udp_sendrecv_generic_if(cronjob_t)
-corenet_tcp_sendrecv_generic_node(cronjob_t)
-corenet_udp_sendrecv_generic_node(cronjob_t)
-corenet_tcp_sendrecv_all_ports(cronjob_t)
-corenet_udp_sendrecv_all_ports(cronjob_t)
-corenet_tcp_connect_all_ports(cronjob_t)
-corenet_sendrecv_all_client_packets(cronjob_t)
-
-dev_read_urand(cronjob_t)
-
-fs_getattr_all_fs(cronjob_t)
-
-corecmd_exec_all_executables(cronjob_t)
-
-# quiet other ps operations
-domain_dontaudit_read_all_domains_state(cronjob_t)
-domain_dontaudit_getattr_all_domains(cronjob_t)
-
-files_read_usr_files(cronjob_t)
-files_exec_etc_files(cronjob_t)
-# for nscd:
-files_dontaudit_search_pids(cronjob_t)
-
-libs_exec_lib_files(cronjob_t)
-libs_exec_ld_so(cronjob_t)
-
-files_read_etc_runtime_files(cronjob_t)
-files_read_var_files(cronjob_t)
-files_search_spool(cronjob_t)
-
-logging_search_logs(cronjob_t)
-
-seutil_read_config(cronjob_t)
-
-miscfiles_read_localization(cronjob_t)
-
-userdom_manage_user_tmp_files(cronjob_t)
-userdom_manage_user_tmp_symlinks(cronjob_t)
-userdom_manage_user_tmp_pipes(cronjob_t)
-userdom_manage_user_tmp_sockets(cronjob_t)
-# Run scripts in user home directory and access shared libs.
-userdom_exec_user_home_content_files(cronjob_t)
-# Access user files and dirs.
-userdom_manage_user_home_content_files(cronjob_t)
-userdom_manage_user_home_content_symlinks(cronjob_t)
-userdom_manage_user_home_content_pipes(cronjob_t)
-userdom_manage_user_home_content_sockets(cronjob_t)
-#userdom_user_home_dir_filetrans_user_home_content(cronjob_t, notdevfile_class_set)
-
-list_dirs_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
-rw_dirs_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
-read_files_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
-read_lnk_files_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
-allow crond_t user_cron_spool_t:file manage_lnk_file_perms;
-
-tunable_policy(`fcron_crond',`
-	allow crond_t user_cron_spool_t:file manage_file_perms;
-')
-
-# need a per-role version of this:
-#optional_policy(`
-#	mono_domtrans(cronjob_t)
-#')
-
-optional_policy(`
-	nis_use_ypbind(cronjob_t)
-')
-
-########################################
-#
-# Unconfined cronjobs local policy
-#
-
-optional_policy(`
-	# Permit a transition from the crond_t domain to this domain.
-	# The transition is requested explicitly by the modified crond 
-	# via setexeccon.  There is no way to set up an automatic
-	# transition, since crontabs are configuration files, not executables.
-	allow crond_t unconfined_cronjob_t:process transition;
-	dontaudit crond_t unconfined_cronjob_t:process { noatsecure siginh rlimitinh };
-	allow crond_t unconfined_cronjob_t:fd use;
-
-	unconfined_domain(unconfined_cronjob_t)
-')
diff --git a/policy/modules/services/cups.fc b/policy/modules/services/cups.fc
deleted file mode 100644
index 286ec9e..0000000
--- a/policy/modules/services/cups.fc
+++ /dev/null
@@ -1,79 +0,0 @@
-
-/etc/alchemist/namespace/printconf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-
-/etc/cups(/.*)?			gen_context(system_u:object_r:cupsd_etc_t,s0)
-/etc/cups/classes\.conf.* --	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-/etc/cups/cupsd\.conf.* --	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-/etc/cups/lpoptions.* 	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-/etc/cups/ppd(/.*)?		gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-/etc/cups/ppds\.dat	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-/etc/cups/printers\.conf.* --	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-/etc/cups/subscriptions.* --	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-/etc/cups/certs		-d	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-/etc/cups/certs/.*	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-/etc/rc\.d/init\.d/cups	--	gen_context(system_u:object_r:cupsd_initrc_exec_t,s0)
-
-/etc/cups/interfaces(/.*)?	gen_context(system_u:object_r:cupsd_interface_t,s0)
-
-/etc/hp(/.*)?			gen_context(system_u:object_r:hplip_etc_t,s0)
-
-/etc/printcap.* 	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-
-/lib/udev/udev-configure-printer -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
-
-/opt/gutenprint/ppds(/.*)? 	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-
-/usr/bin/cups-config-daemon --	gen_context(system_u:object_r:cupsd_config_exec_t,s0)
-/usr/bin/hpijs		--	gen_context(system_u:object_r:hplip_exec_t,s0)
-
-# keep as separate lines to ensure proper sorting
-/usr/lib/cups/daemon/cups-lpd -- gen_context(system_u:object_r:cupsd_lpd_exec_t,s0)
-/usr/lib64/cups/daemon/cups-lpd -- gen_context(system_u:object_r:cupsd_lpd_exec_t,s0)
-/usr/lib/cups/backend/cups-pdf -- gen_context(system_u:object_r:cups_pdf_exec_t,s0)
-/usr/lib64/cups/backend/cups-pdf -- gen_context(system_u:object_r:cups_pdf_exec_t,s0)
-/usr/lib/cups/backend/hp.* --	gen_context(system_u:object_r:hplip_exec_t,s0)
-/usr/lib64/cups/backend/hp.* -- gen_context(system_u:object_r:hplip_exec_t,s0)
-
-/usr/libexec/cups-pk-helper-mechanism -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
-/usr/libexec/hal_lpadmin --	gen_context(system_u:object_r:cupsd_config_exec_t,s0)
-
-/usr/sbin/hp-[^/]+	--	gen_context(system_u:object_r:hplip_exec_t,s0)
-/usr/sbin/cupsd		--	gen_context(system_u:object_r:cupsd_exec_t,s0)
-/usr/sbin/hal_lpadmin --	gen_context(system_u:object_r:cupsd_config_exec_t,s0)
-/usr/sbin/hpiod		--	gen_context(system_u:object_r:hplip_exec_t,s0)
-/usr/sbin/printconf-backend --	gen_context(system_u:object_r:cupsd_config_exec_t,s0)
-/usr/sbin/ptal-printd	--	gen_context(system_u:object_r:ptal_exec_t,s0)
-/usr/sbin/ptal-mlcd	--	gen_context(system_u:object_r:ptal_exec_t,s0)
-/usr/sbin/ptal-photod	--	gen_context(system_u:object_r:ptal_exec_t,s0)
-
-/usr/share/cups(/.*)?		gen_context(system_u:object_r:cupsd_etc_t,s0)
-/usr/share/foomatic/db/oldprinterids --	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-/usr/share/hplip/.*\.py --	gen_context(system_u:object_r:hplip_exec_t,s0)
-
-/var/cache/alchemist/printconf.* gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-/var/cache/foomatic(/.*)? 	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-/var/cache/cups(/.*)? 		gen_context(system_u:object_r:cupsd_rw_etc_t,mls_systemhigh)
-
-/var/lib/cups/certs	-d	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-/var/lib/cups/certs/.*	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-
-/var/lib/hp(/.*)?		gen_context(system_u:object_r:hplip_var_lib_t,s0)
-
-/var/log/cups(/.*)?		gen_context(system_u:object_r:cupsd_log_t,s0)
-/var/log/turboprint.*		gen_context(system_u:object_r:cupsd_log_t,s0)
-
-/var/ccpd(/.*)?			gen_context(system_u:object_r:cupsd_var_run_t,s0)
-/var/ekpd(/.*)?			gen_context(system_u:object_r:cupsd_var_run_t,s0)
-/var/run/cups(/.*)?		gen_context(system_u:object_r:cupsd_var_run_t,s0)
-/var/run/hp.*\.pid	--	gen_context(system_u:object_r:hplip_var_run_t,s0)
-/var/run/hp.*\.port	--	gen_context(system_u:object_r:hplip_var_run_t,s0)
-/var/run/ptal-printd(/.*)?	gen_context(system_u:object_r:ptal_var_run_t,s0)
-/var/run/ptal-mlcd(/.*)?	gen_context(system_u:object_r:ptal_var_run_t,s0)
-/var/run/udev-configure-printer(/.*)? 	gen_context(system_u:object_r:cupsd_config_var_run_t,s0)
-/var/turboprint(/.*)?		gen_context(system_u:object_r:cupsd_var_run_t,s0)
-
-/usr/local/Brother/fax/.*\.log		gen_context(system_u:object_r:cupsd_log_t,s0)
-/usr/local/Brother/(.*/)?inf(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-/usr/local/Printer/(.*/)?inf(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-
-/usr/local/linuxprinter/ppd(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
diff --git a/policy/modules/services/cups.if b/policy/modules/services/cups.if
deleted file mode 100644
index 777091a..0000000
--- a/policy/modules/services/cups.if
+++ /dev/null
@@ -1,358 +0,0 @@
-## <summary>Common UNIX printing system</summary>
-
-########################################
-## <summary>
-##	Setup cups to transtion to the cups backend domain
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cups_backend',`
-	gen_require(`
-		type cupsd_t;
-	')
-
-	domain_type($1)
-	domain_entry_file($1, $2)
-	role system_r types $1;
-
-	domtrans_pattern(cupsd_t, $2, $1)
-	allow cupsd_t $1:process signal;
-	allow $1 cupsd_t:unix_stream_socket connected_stream_socket_perms;
-
-	cups_read_config($1)
-	cups_append_log($1)
-')
-
-########################################
-## <summary>
-##	Execute cups in the cups domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`cups_domtrans',`
-	gen_require(`
-		type cupsd_t, cupsd_exec_t;
-	')
-
-	domtrans_pattern($1, cupsd_exec_t, cupsd_t)
-')
-
-########################################
-## <summary>
-##	Connect to cupsd over an unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cups_stream_connect',`
-	gen_require(`
-		type cupsd_t, cupsd_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, cupsd_var_run_t, cupsd_var_run_t, cupsd_t)
-')
-
-########################################
-## <summary>
-##	Connect to cups over TCP.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cups_tcp_connect',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	cups over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cups_dbus_chat',`
-	gen_require(`
-		type cupsd_t;
-		class dbus send_msg;
-	')
-
-	allow $1 cupsd_t:dbus send_msg;
-	allow cupsd_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Read cups PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cups_read_pid_files',`
-	gen_require(`
-		type cupsd_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 cupsd_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute cups_config in the cups_config domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`cups_domtrans_config',`
-	gen_require(`
-		type cupsd_config_t, cupsd_config_exec_t;
-	')
-
-	domtrans_pattern($1, cupsd_config_exec_t, cupsd_config_t)
-')
-
-########################################
-## <summary>
-##	Send generic signals to the cups
-##	configuration daemon.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cups_signal_config',`
-	gen_require(`
-		type cupsd_config_t;
-	')
-
-	allow $1 cupsd_config_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	cupsd_config over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cups_dbus_chat_config',`
-	gen_require(`
-		type cupsd_config_t;
-		class dbus send_msg;
-	')
-
-	allow $1 cupsd_config_t:dbus send_msg;
-	allow cupsd_config_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Read cups configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`cups_read_config',`
-	gen_require(`
-		type cupsd_etc_t, cupsd_rw_etc_t;
-		type hplip_etc_t;
-	')
-
-	files_search_etc($1)
-	read_files_pattern($1, cupsd_etc_t, cupsd_etc_t)
-	read_files_pattern($1, hplip_etc_t, hplip_etc_t)
-	read_files_pattern($1, cupsd_etc_t, cupsd_rw_etc_t)
-')
-
-########################################
-## <summary>
-##	Read cups-writable configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`cups_read_rw_config',`
-	gen_require(`
-		type cupsd_etc_t, cupsd_rw_etc_t;
-	')
-
-	files_search_etc($1)
-	read_files_pattern($1, cupsd_etc_t, cupsd_rw_etc_t)
-')
-
-########################################
-## <summary>
-##	Read cups log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`cups_read_log',`
-	gen_require(`
-		type cupsd_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 cupsd_log_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Append cups log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cups_append_log',`
-	gen_require(`
-		type cupsd_log_t;
-	')
-
-	logging_search_logs($1)
-	append_files_pattern($1, cupsd_log_t, cupsd_log_t)
-')
-
-########################################
-## <summary>
-##	Write cups log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cups_write_log',`
-	gen_require(`
-		type cupsd_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 cupsd_log_t:file write_file_perms;
-')
-
-########################################
-## <summary>
-##	Connect to ptal over an unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cups_stream_connect_ptal',`
-	gen_require(`
-		type ptal_t, ptal_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, ptal_var_run_t, ptal_var_run_t, ptal_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an cups environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the cups domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`cups_admin',`
-	gen_require(`
-		type cupsd_t, cupsd_tmp_t, cupsd_lpd_tmp_t;
-		type cupsd_etc_t, cupsd_log_t, hplip_etc_t;
-		type cupsd_config_var_run_t, cupsd_lpd_var_run_t, cupsd_initrc_exec_t;
-		type cupsd_var_run_t, ptal_etc_t, hplip_var_run_t;
-		type ptal_var_run_t;
-	')
-
-	allow $1 cupsd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, cupsd_t)
-
-	init_labeled_script_domtrans($1, cupsd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 cupsd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	admin_pattern($1, cupsd_etc_t)
-	files_list_etc($1)
-
-	admin_pattern($1, cupsd_config_var_run_t)
-
-	admin_pattern($1, cupsd_log_t)
-	logging_list_logs($1)
-
-	admin_pattern($1, cupsd_lpd_tmp_t)
-
-	admin_pattern($1, cupsd_lpd_var_run_t)
-
-	admin_pattern($1, cupsd_tmp_t)
-	files_list_tmp($1)
-
-	admin_pattern($1, cupsd_var_run_t)
-	files_list_pids($1)
-
-	admin_pattern($1, hplip_etc_t)
-
-	admin_pattern($1, hplip_var_run_t)
-
-	admin_pattern($1, ptal_etc_t)
-
-	admin_pattern($1, ptal_var_run_t)
-')
diff --git a/policy/modules/services/cups.te b/policy/modules/services/cups.te
deleted file mode 100644
index b3ab30f..0000000
--- a/policy/modules/services/cups.te
+++ /dev/null
@@ -1,799 +0,0 @@
-policy_module(cups, 1.14.0)
-
-########################################
-#
-# Declarations
-#
-
-type cupsd_config_t;
-type cupsd_config_exec_t;
-init_daemon_domain(cupsd_config_t, cupsd_config_exec_t)
-
-type cupsd_config_var_run_t;
-files_pid_file(cupsd_config_var_run_t)
-
-type cupsd_t;
-type cupsd_exec_t;
-init_daemon_domain(cupsd_t, cupsd_exec_t)
-mls_trusted_object(cupsd_t)
-
-type cupsd_etc_t;
-files_config_file(cupsd_etc_t)
-
-type cupsd_initrc_exec_t;
-init_script_file(cupsd_initrc_exec_t)
-
-type cupsd_interface_t;
-files_type(cupsd_interface_t)
-
-type cupsd_rw_etc_t;
-files_config_file(cupsd_rw_etc_t)
-
-type cupsd_lock_t;
-files_lock_file(cupsd_lock_t)
-
-type cupsd_log_t;
-logging_log_file(cupsd_log_t)
-
-type cupsd_lpd_t;
-type cupsd_lpd_exec_t;
-domain_type(cupsd_lpd_t)
-domain_entry_file(cupsd_lpd_t, cupsd_lpd_exec_t)
-role system_r types cupsd_lpd_t;
-
-type cupsd_lpd_tmp_t;
-files_tmp_file(cupsd_lpd_tmp_t)
-
-type cupsd_lpd_var_run_t;
-files_pid_file(cupsd_lpd_var_run_t)
-
-type cups_pdf_t;
-type cups_pdf_exec_t;
-cups_backend(cups_pdf_t, cups_pdf_exec_t)
-
-type cups_pdf_tmp_t;
-files_tmp_file(cups_pdf_tmp_t)
-
-type cupsd_tmp_t;
-files_tmp_file(cupsd_tmp_t)
-
-type cupsd_var_run_t;
-files_pid_file(cupsd_var_run_t)
-mls_trusted_object(cupsd_var_run_t)
-
-type hplip_t;
-type hplip_exec_t;
-init_daemon_domain(hplip_t, hplip_exec_t)
-# For CUPS to run as a backend
-cups_backend(hplip_t, hplip_exec_t)
-
-type hplip_etc_t;
-files_config_file(hplip_etc_t)
-
-type hplip_tmp_t;
-files_tmp_file(hplip_tmp_t)
-
-type hplip_var_lib_t;
-files_type(hplip_var_lib_t)
-
-type hplip_var_run_t;
-files_pid_file(hplip_var_run_t)
-
-type ptal_t;
-type ptal_exec_t;
-init_daemon_domain(ptal_t, ptal_exec_t)
-
-type ptal_etc_t;
-files_config_file(ptal_etc_t)
-
-type ptal_var_run_t;
-files_pid_file(ptal_var_run_t)
-
-ifdef(`enable_mcs',`
-	init_ranged_daemon_domain(cupsd_t, cupsd_exec_t, s0 - mcs_systemhigh)
-')
-
-ifdef(`enable_mls',`
-	init_ranged_daemon_domain(cupsd_t, cupsd_exec_t, mls_systemhigh)
-')
-
-########################################
-#
-# Cups local policy
-#
-
-# /usr/lib/cups/backend/serial needs sys_admin(?!)
-allow cupsd_t self:capability { ipc_lock sys_admin dac_override dac_read_search kill setgid setuid fsetid net_bind_service fowner chown dac_override sys_rawio sys_resource sys_tty_config };
-dontaudit cupsd_t self:capability { sys_tty_config net_admin };
-allow cupsd_t self:process { getpgid setpgid setsched signal_perms };
-allow cupsd_t self:fifo_file rw_fifo_file_perms;
-allow cupsd_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow cupsd_t self:unix_dgram_socket create_socket_perms;
-allow cupsd_t self:netlink_selinux_socket create_socket_perms;
-allow cupsd_t self:shm create_shm_perms;
-allow cupsd_t self:sem create_sem_perms;
-allow cupsd_t self:tcp_socket create_stream_socket_perms;
-allow cupsd_t self:udp_socket create_socket_perms;
-allow cupsd_t self:appletalk_socket create_socket_perms;
-# generic socket here until appletalk socket is available in kernels
-allow cupsd_t self:socket create_socket_perms;
-
-allow cupsd_t cupsd_etc_t:{ dir file } setattr;
-read_files_pattern(cupsd_t, cupsd_etc_t, cupsd_etc_t)
-read_lnk_files_pattern(cupsd_t, cupsd_etc_t, cupsd_etc_t)
-files_search_etc(cupsd_t)
-
-manage_files_pattern(cupsd_t, cupsd_interface_t, cupsd_interface_t)
-can_exec(cupsd_t, cupsd_interface_t)
-
-manage_dirs_pattern(cupsd_t, cupsd_etc_t, cupsd_rw_etc_t)
-manage_files_pattern(cupsd_t, cupsd_etc_t, cupsd_rw_etc_t)
-filetrans_pattern(cupsd_t, cupsd_etc_t, cupsd_rw_etc_t, file)
-files_var_filetrans(cupsd_t, cupsd_rw_etc_t, { dir file })
-
-# allow cups to execute its backend scripts
-can_exec(cupsd_t, cupsd_exec_t)
-allow cupsd_t cupsd_exec_t:dir search_dir_perms;
-allow cupsd_t cupsd_exec_t:lnk_file read_lnk_file_perms;
-
-allow cupsd_t cupsd_lock_t:file manage_file_perms;
-files_lock_filetrans(cupsd_t, cupsd_lock_t, file)
-
-manage_dirs_pattern(cupsd_t, cupsd_log_t, cupsd_log_t)
-manage_files_pattern(cupsd_t, cupsd_log_t, cupsd_log_t)
-allow cupsd_t cupsd_log_t:dir setattr;
-logging_log_filetrans(cupsd_t, cupsd_log_t, { file dir })
-
-manage_dirs_pattern(cupsd_t, cupsd_tmp_t, cupsd_tmp_t)
-manage_files_pattern(cupsd_t, cupsd_tmp_t, cupsd_tmp_t)
-manage_fifo_files_pattern(cupsd_t, cupsd_tmp_t, cupsd_tmp_t)
-files_tmp_filetrans(cupsd_t, cupsd_tmp_t, { file dir fifo_file })
-
-allow cupsd_t cupsd_var_run_t:dir setattr_dir_perms;
-manage_dirs_pattern(cupsd_t, cupsd_var_run_t, cupsd_var_run_t)
-manage_files_pattern(cupsd_t, cupsd_var_run_t, cupsd_var_run_t)
-manage_sock_files_pattern(cupsd_t, cupsd_var_run_t, cupsd_var_run_t)
-manage_fifo_files_pattern(cupsd_t, cupsd_var_run_t, cupsd_var_run_t)
-files_pid_filetrans(cupsd_t, cupsd_var_run_t, { dir file fifo_file })
-
-allow cupsd_t hplip_t:process { signal sigkill };
-
-read_files_pattern(cupsd_t, hplip_etc_t, hplip_etc_t)
-
-allow cupsd_t hplip_var_run_t:file read_file_perms;
-
-stream_connect_pattern(cupsd_t, ptal_var_run_t, ptal_var_run_t, ptal_t)
-allow cupsd_t ptal_var_run_t:sock_file setattr_sock_file_perms;
-
-kernel_read_system_state(cupsd_t)
-kernel_read_network_state(cupsd_t)
-kernel_read_all_sysctls(cupsd_t)
-kernel_request_load_module(cupsd_t)
-
-corenet_all_recvfrom_unlabeled(cupsd_t)
-corenet_all_recvfrom_netlabel(cupsd_t)
-corenet_tcp_sendrecv_generic_if(cupsd_t)
-corenet_udp_sendrecv_generic_if(cupsd_t)
-corenet_raw_sendrecv_generic_if(cupsd_t)
-corenet_tcp_sendrecv_generic_node(cupsd_t)
-corenet_udp_sendrecv_generic_node(cupsd_t)
-corenet_raw_sendrecv_generic_node(cupsd_t)
-corenet_tcp_sendrecv_all_ports(cupsd_t)
-corenet_udp_sendrecv_all_ports(cupsd_t)
-corenet_tcp_bind_generic_node(cupsd_t)
-corenet_udp_bind_generic_node(cupsd_t)
-corenet_tcp_bind_ipp_port(cupsd_t)
-corenet_udp_bind_ipp_port(cupsd_t)
-corenet_udp_bind_howl_port(cupsd_t)
-corenet_tcp_bind_reserved_port(cupsd_t)
-corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t)
-corenet_tcp_bind_all_rpc_ports(cupsd_t)
-corenet_tcp_connect_all_ports(cupsd_t)
-corenet_sendrecv_hplip_client_packets(cupsd_t)
-corenet_sendrecv_ipp_client_packets(cupsd_t)
-corenet_sendrecv_ipp_server_packets(cupsd_t)
-
-dev_rw_printer(cupsd_t)
-dev_read_urand(cupsd_t)
-dev_read_sysfs(cupsd_t)
-dev_rw_input_dev(cupsd_t)	#447878
-dev_rw_generic_usb_dev(cupsd_t)
-dev_rw_usbfs(cupsd_t)
-dev_getattr_printer_dev(cupsd_t)
-
-domain_read_all_domains_state(cupsd_t)
-
-fs_getattr_all_fs(cupsd_t)
-fs_search_auto_mountpoints(cupsd_t)
-fs_search_fusefs(cupsd_t)
-fs_read_anon_inodefs_files(cupsd_t)
-
-mls_file_downgrade(cupsd_t)
-mls_file_write_all_levels(cupsd_t)
-mls_file_read_all_levels(cupsd_t)
-mls_rangetrans_target(cupsd_t)
-mls_socket_write_all_levels(cupsd_t)
-mls_fd_use_all_levels(cupsd_t)
-
-term_use_unallocated_ttys(cupsd_t)
-term_search_ptys(cupsd_t)
-
-# Filter scripts may be shell scripts, and may invoke progs like /bin/mktemp
-corecmd_exec_shell(cupsd_t)
-corecmd_exec_bin(cupsd_t)
-
-domain_use_interactive_fds(cupsd_t)
-
-files_list_spool(cupsd_t)
-files_read_etc_files(cupsd_t)
-files_read_etc_runtime_files(cupsd_t)
-# read python modules
-files_read_usr_files(cupsd_t)
-# for /var/lib/defoma
-files_read_var_lib_files(cupsd_t)
-files_list_world_readable(cupsd_t)
-files_read_world_readable_files(cupsd_t)
-files_read_world_readable_symlinks(cupsd_t)
-# Satisfy readahead
-files_read_var_files(cupsd_t)
-files_read_var_symlinks(cupsd_t)
-# for /etc/printcap
-files_dontaudit_write_etc_files(cupsd_t)
-# smbspool seems to be iterating through all existing tmp files.
-# redhat bug #214953
-# cjp: this might be a broken behavior
-files_dontaudit_getattr_all_tmp_files(cupsd_t)
-
-selinux_compute_access_vector(cupsd_t)
-selinux_validate_context(cupsd_t)
-
-init_exec_script_files(cupsd_t)
-init_read_utmp(cupsd_t)
-
-auth_domtrans_chk_passwd(cupsd_t)
-auth_dontaudit_read_pam_pid(cupsd_t)
-auth_rw_faillog(cupsd_t)
-auth_use_nsswitch(cupsd_t)
-
-# Read /usr/lib/gconv/gconv-modules.* and /usr/lib/python2.2/.*
-libs_read_lib_files(cupsd_t)
-libs_exec_lib_files(cupsd_t)
-
-logging_send_audit_msgs(cupsd_t)
-logging_send_syslog_msg(cupsd_t)
-
-miscfiles_read_localization(cupsd_t)
-# invoking ghostscript needs to read fonts
-miscfiles_read_fonts(cupsd_t)
-miscfiles_setattr_fonts_cache_dirs(cupsd_t)
-
-seutil_read_config(cupsd_t)
-sysnet_exec_ifconfig(cupsd_t)
-
-files_dontaudit_list_home(cupsd_t)
-userdom_dontaudit_use_unpriv_user_fds(cupsd_t)
-userdom_dontaudit_search_user_home_content(cupsd_t)
-
-# Write to /var/spool/cups.
-lpd_manage_spool(cupsd_t)
-lpd_read_config(cupsd_t)
-lpd_exec_lpr(cupsd_t)
-lpd_relabel_spool(cupsd_t)
-
-optional_policy(`
-	apm_domtrans_client(cupsd_t)
-')
-
-optional_policy(`
-	cron_system_entry(cupsd_t, cupsd_exec_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(cupsd_t)
-
-	userdom_dbus_send_all_users(cupsd_t)
-
-	optional_policy(`
-		avahi_dbus_chat(cupsd_t)
-	')
-
-	optional_policy(`
-		hal_dbus_chat(cupsd_t)
-	')
-
-	# talk to processes that do not have policy
-	optional_policy(`
-		unconfined_dbus_chat(cupsd_t)
-		files_write_generic_pid_pipes(cupsd_t)
-	')
-')
-
-optional_policy(`
-	hostname_exec(cupsd_t)
-')
-
-optional_policy(`
-	inetd_core_service_domain(cupsd_t, cupsd_exec_t)
-')
-
-optional_policy(`
-	logrotate_domtrans(cupsd_t)
-')
-
-optional_policy(`
-	mta_send_mail(cupsd_t)
-')
-
-optional_policy(`
-	# cups execs smbtool which reads samba_etc_t files
-	samba_read_config(cupsd_t)
-	samba_rw_var_files(cupsd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(cupsd_t)
-')
-
-optional_policy(`
-	snmp_read_snmp_var_lib_files(cupsd_t)
-')
-
-optional_policy(`
-	udev_read_db(cupsd_t)
-')
-
-########################################
-#
-# Cups configuration daemon local policy
-#
-
-allow cupsd_config_t self:capability { chown dac_override sys_tty_config };
-dontaudit cupsd_config_t self:capability sys_tty_config;
-allow cupsd_config_t self:process { getsched signal_perms };
-allow cupsd_config_t self:fifo_file rw_fifo_file_perms;
-allow cupsd_config_t self:unix_stream_socket create_socket_perms;
-allow cupsd_config_t self:unix_dgram_socket create_socket_perms;
-allow cupsd_config_t self:tcp_socket create_stream_socket_perms;
-
-allow cupsd_config_t cupsd_t:process signal;
-ps_process_pattern(cupsd_config_t, cupsd_t)
-
-manage_files_pattern(cupsd_config_t, cupsd_etc_t, cupsd_etc_t)
-manage_lnk_files_pattern(cupsd_config_t, cupsd_etc_t, cupsd_etc_t)
-filetrans_pattern(cupsd_config_t, cupsd_etc_t, cupsd_rw_etc_t, file)
-
-manage_files_pattern(cupsd_config_t, cupsd_rw_etc_t, cupsd_rw_etc_t)
-manage_lnk_files_pattern(cupsd_config_t, cupsd_rw_etc_t, cupsd_rw_etc_t)
-files_var_filetrans(cupsd_config_t, cupsd_rw_etc_t, file)
-
-can_exec(cupsd_config_t, cupsd_config_exec_t)
-
-allow cupsd_config_t cupsd_log_t:file rw_file_perms;
-
-manage_lnk_files_pattern(cupsd_config_t, cupsd_tmp_t, cupsd_tmp_t)
-manage_files_pattern(cupsd_config_t, cupsd_tmp_t, cupsd_tmp_t)
-manage_dirs_pattern(cupsd_config_t, cupsd_tmp_t, cupsd_tmp_t)
-files_tmp_filetrans(cupsd_config_t, cupsd_tmp_t, { lnk_file file dir })
-
-allow cupsd_config_t cupsd_var_run_t:file read_file_perms;
-
-manage_dirs_pattern(cupsd_config_t, cupsd_config_var_run_t, cupsd_config_var_run_t)
-manage_files_pattern(cupsd_config_t, cupsd_config_var_run_t, cupsd_config_var_run_t)
-files_pid_filetrans(cupsd_config_t, cupsd_config_var_run_t, { dir file })
-
-domtrans_pattern(cupsd_config_t, hplip_exec_t, hplip_t)
-
-read_files_pattern(cupsd_config_t, hplip_etc_t, hplip_etc_t)
-
-kernel_read_system_state(cupsd_config_t)
-kernel_read_all_sysctls(cupsd_config_t)
-
-corenet_all_recvfrom_unlabeled(cupsd_config_t)
-corenet_all_recvfrom_netlabel(cupsd_config_t)
-corenet_tcp_sendrecv_generic_if(cupsd_config_t)
-corenet_tcp_sendrecv_generic_node(cupsd_config_t)
-corenet_tcp_sendrecv_all_ports(cupsd_config_t)
-corenet_tcp_connect_all_ports(cupsd_config_t)
-corenet_sendrecv_all_client_packets(cupsd_config_t)
-
-dev_read_sysfs(cupsd_config_t)
-dev_read_urand(cupsd_config_t)
-dev_read_rand(cupsd_config_t)
-dev_rw_generic_usb_dev(cupsd_config_t)
-
-files_search_all_mountpoints(cupsd_config_t)
-
-fs_getattr_all_fs(cupsd_config_t)
-fs_search_auto_mountpoints(cupsd_config_t)
-
-corecmd_exec_bin(cupsd_config_t)
-corecmd_exec_shell(cupsd_config_t)
-
-domain_use_interactive_fds(cupsd_config_t)
-# killall causes the following
-domain_dontaudit_search_all_domains_state(cupsd_config_t)
-
-files_read_usr_files(cupsd_config_t)
-files_read_etc_files(cupsd_config_t)
-files_read_etc_runtime_files(cupsd_config_t)
-files_read_var_symlinks(cupsd_config_t)
-
-# Alternatives asks for this
-init_getattr_all_script_files(cupsd_config_t)
-
-auth_use_nsswitch(cupsd_config_t)
-
-logging_send_syslog_msg(cupsd_config_t)
-
-miscfiles_read_localization(cupsd_config_t)
-miscfiles_read_hwdata(cupsd_config_t)
-
-seutil_dontaudit_search_config(cupsd_config_t)
-
-userdom_dontaudit_use_unpriv_user_fds(cupsd_config_t)
-userdom_dontaudit_search_user_home_dirs(cupsd_config_t)
-userdom_rw_user_tmp_files(cupsd_config_t)
-
-cups_stream_connect(cupsd_config_t)
-
-lpd_read_config(cupsd_config_t)
-
-ifdef(`distro_redhat',`
-	optional_policy(`
-		rpm_read_db(cupsd_config_t)
-	')
-')
-
-optional_policy(`
-	term_use_generic_ptys(cupsd_config_t)
-')
-
-optional_policy(`
-	cron_system_entry(cupsd_config_t, cupsd_config_exec_t)
-')
-
-optional_policy(`
-	dbus_system_domain(cupsd_config_t, cupsd_config_exec_t)
-
-	optional_policy(`
-		hal_dbus_chat(cupsd_config_t)
-	')
-')
-
-optional_policy(`
-	gnome_dontaudit_search_config(cupsd_config_t)
-')
-
-optional_policy(`
-	hal_domtrans(cupsd_config_t)
-	hal_read_tmp_files(cupsd_config_t)
-	hal_dontaudit_use_fds(hplip_t)
-')
-
-optional_policy(`
-	hostname_exec(cupsd_config_t)
-')
-
-optional_policy(`
-	logrotate_use_fds(cupsd_config_t)
-')
-
-optional_policy(`
-	policykit_dbus_chat(cupsd_config_t)
-	userdom_read_all_users_state(cupsd_config_t)
-')
-
-optional_policy(`
-	rpm_read_db(cupsd_config_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(cupsd_config_t)
-')
-
-optional_policy(`
-	udev_read_db(cupsd_config_t)
-')
-
-optional_policy(`
-	unconfined_stream_connect(cupsd_config_t)
-')
-
-########################################
-#
-# Cups lpd support
-#
-
-allow cupsd_lpd_t self:process signal_perms;
-allow cupsd_lpd_t self:fifo_file rw_fifo_file_perms;
-allow cupsd_lpd_t self:tcp_socket connected_stream_socket_perms;
-allow cupsd_lpd_t self:udp_socket create_socket_perms;
-
-# for identd
-# cjp: this should probably only be inetd_child rules?
-allow cupsd_lpd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-allow cupsd_lpd_t self:capability { setuid setgid };
-files_search_home(cupsd_lpd_t)
-optional_policy(`
-	kerberos_use(cupsd_lpd_t)
-')
-#end for identd
-
-allow cupsd_lpd_t cupsd_etc_t:dir list_dir_perms;
-read_files_pattern(cupsd_lpd_t, cupsd_etc_t, cupsd_etc_t)
-read_lnk_files_pattern(cupsd_lpd_t, cupsd_etc_t, cupsd_etc_t)
-
-allow cupsd_lpd_t cupsd_rw_etc_t:dir list_dir_perms;
-read_files_pattern(cupsd_lpd_t, cupsd_rw_etc_t, cupsd_rw_etc_t)
-read_lnk_files_pattern(cupsd_lpd_t, cupsd_rw_etc_t, cupsd_rw_etc_t)
-
-manage_dirs_pattern(cupsd_lpd_t, cupsd_lpd_tmp_t, cupsd_lpd_tmp_t)
-manage_files_pattern(cupsd_lpd_t, cupsd_lpd_tmp_t, cupsd_lpd_tmp_t)
-files_tmp_filetrans(cupsd_lpd_t, cupsd_lpd_tmp_t, { file dir })
-
-manage_files_pattern(cupsd_lpd_t, cupsd_lpd_var_run_t, cupsd_lpd_var_run_t)
-files_pid_filetrans(cupsd_lpd_t, cupsd_lpd_var_run_t, file)
-
-kernel_read_kernel_sysctls(cupsd_lpd_t)
-kernel_read_system_state(cupsd_lpd_t)
-kernel_read_network_state(cupsd_lpd_t)
-
-corenet_all_recvfrom_unlabeled(cupsd_lpd_t)
-corenet_all_recvfrom_netlabel(cupsd_lpd_t)
-corenet_tcp_sendrecv_generic_if(cupsd_lpd_t)
-corenet_udp_sendrecv_generic_if(cupsd_lpd_t)
-corenet_tcp_sendrecv_generic_node(cupsd_lpd_t)
-corenet_udp_sendrecv_generic_node(cupsd_lpd_t)
-corenet_tcp_sendrecv_all_ports(cupsd_lpd_t)
-corenet_udp_sendrecv_all_ports(cupsd_lpd_t)
-corenet_tcp_bind_generic_node(cupsd_lpd_t)
-corenet_udp_bind_generic_node(cupsd_lpd_t)
-corenet_tcp_connect_ipp_port(cupsd_lpd_t)
-
-dev_read_urand(cupsd_lpd_t)
-dev_read_rand(cupsd_lpd_t)
-
-fs_getattr_xattr_fs(cupsd_lpd_t)
-
-files_read_etc_files(cupsd_lpd_t)
-
-auth_use_nsswitch(cupsd_lpd_t)
-
-logging_send_syslog_msg(cupsd_lpd_t)
-
-miscfiles_read_localization(cupsd_lpd_t)
-miscfiles_setattr_fonts_cache_dirs(cupsd_lpd_t)
-
-cups_stream_connect(cupsd_lpd_t)
-
-optional_policy(`
-	inetd_service_domain(cupsd_lpd_t, cupsd_lpd_exec_t)
-')
-
-########################################
-#
-# cups_pdf local policy
-#
-
-allow cups_pdf_t self:capability { chown fowner fsetid setuid setgid dac_override };
-allow cups_pdf_t self:fifo_file rw_file_perms;
-allow cups_pdf_t self:unix_stream_socket create_stream_socket_perms;
-
-manage_files_pattern(cups_pdf_t, cupsd_log_t, cupsd_log_t)
-
-manage_files_pattern(cups_pdf_t, cups_pdf_tmp_t, cups_pdf_tmp_t)
-manage_dirs_pattern(cups_pdf_t, cups_pdf_tmp_t, cups_pdf_tmp_t)
-files_tmp_filetrans(cups_pdf_t, cups_pdf_tmp_t, { file dir })
-
-fs_rw_anon_inodefs_files(cups_pdf_t)
-
-kernel_read_system_state(cups_pdf_t)
-
-files_read_etc_files(cups_pdf_t)
-files_read_usr_files(cups_pdf_t)
-
-corecmd_exec_shell(cups_pdf_t)
-corecmd_exec_bin(cups_pdf_t)
-
-auth_use_nsswitch(cups_pdf_t)
-
-miscfiles_read_localization(cups_pdf_t)
-miscfiles_read_fonts(cups_pdf_t)
-miscfiles_setattr_fonts_cache_dirs(cups_pdf_t)
-
-userdom_home_filetrans_user_home_dir(cups_pdf_t)
-userdom_user_home_dir_filetrans_pattern(cups_pdf_t, { file dir })
-userdom_manage_user_home_content_dirs(cups_pdf_t)
-userdom_manage_user_home_content_files(cups_pdf_t)
-userdom_dontaudit_search_admin_dir(cups_pdf_t)
-
-lpd_manage_spool(cups_pdf_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_search_auto_mountpoints(cups_pdf_t)
-	fs_manage_nfs_dirs(cups_pdf_t)
-	fs_manage_nfs_files(cups_pdf_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(cups_pdf_t)
-	fs_manage_cifs_files(cups_pdf_t)
-')
-
-optional_policy(`
-	gnome_read_config(cups_pdf_t)
-')
-
-########################################
-#
-# HPLIP local policy
-#
-
-# Needed for USB Scanneer and xsane
-allow hplip_t self:capability { dac_override dac_read_search net_raw };
-dontaudit hplip_t self:capability sys_tty_config;
-allow hplip_t self:fifo_file rw_fifo_file_perms;
-allow hplip_t self:process signal_perms;
-allow hplip_t self:unix_dgram_socket create_socket_perms;
-allow hplip_t self:unix_stream_socket create_socket_perms;
-allow hplip_t self:netlink_route_socket r_netlink_socket_perms;
-allow hplip_t self:tcp_socket create_stream_socket_perms;
-allow hplip_t self:udp_socket create_socket_perms;
-allow hplip_t self:rawip_socket create_socket_perms;
-
-allow hplip_t cupsd_etc_t:dir search_dir_perms;
-manage_dirs_pattern(hplip_t, cupsd_tmp_t, cupsd_tmp_t)
-manage_files_pattern(hplip_t, cupsd_tmp_t, cupsd_tmp_t)
-files_tmp_filetrans(hplip_t, cupsd_tmp_t, { file dir })
-
-cups_stream_connect(hplip_t)
-
-allow hplip_t hplip_etc_t:dir list_dir_perms;
-read_files_pattern(hplip_t, hplip_etc_t, hplip_etc_t)
-read_lnk_files_pattern(hplip_t, hplip_etc_t, hplip_etc_t)
-files_search_etc(hplip_t)
-
-manage_files_pattern(hplip_t, hplip_var_lib_t, hplip_var_lib_t)
-manage_lnk_files_pattern(hplip_t, hplip_var_lib_t, hplip_var_lib_t)
-
-manage_fifo_files_pattern(hplip_t, hplip_tmp_t, hplip_tmp_t)
-files_tmp_filetrans(hplip_t, hplip_tmp_t, fifo_file)
-
-manage_files_pattern(hplip_t, hplip_var_run_t, hplip_var_run_t)
-files_pid_filetrans(hplip_t, hplip_var_run_t, file)
-
-kernel_read_system_state(hplip_t)
-kernel_read_kernel_sysctls(hplip_t)
-
-corenet_all_recvfrom_unlabeled(hplip_t)
-corenet_all_recvfrom_netlabel(hplip_t)
-corenet_tcp_sendrecv_generic_if(hplip_t)
-corenet_udp_sendrecv_generic_if(hplip_t)
-corenet_raw_sendrecv_generic_if(hplip_t)
-corenet_tcp_sendrecv_generic_node(hplip_t)
-corenet_udp_sendrecv_generic_node(hplip_t)
-corenet_raw_sendrecv_generic_node(hplip_t)
-corenet_tcp_sendrecv_all_ports(hplip_t)
-corenet_udp_sendrecv_all_ports(hplip_t)
-corenet_tcp_bind_generic_node(hplip_t)
-corenet_udp_bind_generic_node(hplip_t)
-corenet_tcp_bind_hplip_port(hplip_t)
-corenet_tcp_connect_hplip_port(hplip_t)
-corenet_tcp_connect_ipp_port(hplip_t)
-corenet_sendrecv_hplip_client_packets(hplip_t)
-corenet_receive_hplip_server_packets(hplip_t)
-corenet_udp_bind_howl_port(hplip_t)
-
-dev_read_sysfs(hplip_t)
-dev_rw_printer(hplip_t)
-dev_read_urand(hplip_t)
-dev_read_rand(hplip_t)
-dev_rw_generic_usb_dev(hplip_t)
-dev_rw_usbfs(hplip_t)
-
-fs_getattr_all_fs(hplip_t)
-fs_search_auto_mountpoints(hplip_t)
-fs_rw_anon_inodefs_files(hplip_t)
-
-# for python
-corecmd_exec_bin(hplip_t)
-
-domain_use_interactive_fds(hplip_t)
-
-files_read_etc_files(hplip_t)
-files_read_etc_runtime_files(hplip_t)
-files_read_usr_files(hplip_t)
-
-logging_send_syslog_msg(hplip_t)
-
-miscfiles_read_localization(hplip_t)
-
-sysnet_read_config(hplip_t)
-
-userdom_dontaudit_use_unpriv_user_fds(hplip_t)
-userdom_dontaudit_search_user_home_dirs(hplip_t)
-userdom_dontaudit_search_user_home_content(hplip_t)
-
-lpd_read_config(hplip_t)
-lpd_manage_spool(hplip_t)
-
-optional_policy(`
-	dbus_system_bus_client(hplip_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(hplip_t)
-')
-
-optional_policy(`
-	snmp_read_snmp_var_lib_files(hplip_t)
-')
-
-optional_policy(`
-	udev_read_db(hplip_t)
-')
-
-########################################
-#
-# PTAL local policy
-#
-
-allow ptal_t self:capability { chown sys_rawio };
-dontaudit ptal_t self:capability sys_tty_config;
-allow ptal_t self:fifo_file rw_fifo_file_perms;
-allow ptal_t self:unix_dgram_socket create_socket_perms;
-allow ptal_t self:unix_stream_socket create_stream_socket_perms;
-allow ptal_t self:tcp_socket create_stream_socket_perms;
-
-allow ptal_t ptal_etc_t:dir list_dir_perms;
-read_files_pattern(ptal_t, ptal_etc_t, ptal_etc_t)
-read_lnk_files_pattern(ptal_t, ptal_etc_t, ptal_etc_t)
-files_search_etc(ptal_t)
-
-manage_dirs_pattern(ptal_t, ptal_var_run_t, ptal_var_run_t)
-manage_files_pattern(ptal_t, ptal_var_run_t, ptal_var_run_t)
-manage_lnk_files_pattern(ptal_t, ptal_var_run_t, ptal_var_run_t)
-manage_fifo_files_pattern(ptal_t, ptal_var_run_t, ptal_var_run_t)
-manage_sock_files_pattern(ptal_t, ptal_var_run_t, ptal_var_run_t)
-files_pid_filetrans(ptal_t, ptal_var_run_t, { dir file lnk_file sock_file fifo_file })
-
-kernel_read_kernel_sysctls(ptal_t)
-kernel_list_proc(ptal_t)
-kernel_read_proc_symlinks(ptal_t)
-
-corenet_all_recvfrom_unlabeled(ptal_t)
-corenet_all_recvfrom_netlabel(ptal_t)
-corenet_tcp_sendrecv_generic_if(ptal_t)
-corenet_tcp_sendrecv_generic_node(ptal_t)
-corenet_tcp_sendrecv_all_ports(ptal_t)
-corenet_tcp_bind_generic_node(ptal_t)
-corenet_tcp_bind_ptal_port(ptal_t)
-
-dev_read_sysfs(ptal_t)
-dev_read_usbfs(ptal_t)
-dev_rw_printer(ptal_t)
-
-fs_getattr_all_fs(ptal_t)
-fs_search_auto_mountpoints(ptal_t)
-
-domain_use_interactive_fds(ptal_t)
-
-files_read_etc_files(ptal_t)
-files_read_etc_runtime_files(ptal_t)
-
-logging_send_syslog_msg(ptal_t)
-
-miscfiles_read_localization(ptal_t)
-
-sysnet_read_config(ptal_t)
-
-userdom_dontaudit_use_unpriv_user_fds(ptal_t)
-userdom_dontaudit_search_user_home_content(ptal_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(ptal_t)
-')
-
-optional_policy(`
-	udev_read_db(ptal_t)
-')
diff --git a/policy/modules/services/cvs.fc b/policy/modules/services/cvs.fc
deleted file mode 100644
index 48a30de..0000000
--- a/policy/modules/services/cvs.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-
-/opt/cvs(/.*)?		gen_context(system_u:object_r:cvs_data_t,s0)
-
-/usr/bin/cvs	--	gen_context(system_u:object_r:cvs_exec_t,s0)
-
-/var/cvs(/.*)?		gen_context(system_u:object_r:cvs_data_t,s0)
-
-#CVSWeb file context
-/usr/share/cvsweb/cvsweb\.cgi	--	gen_context(system_u:object_r:httpd_cvs_script_exec_t,s0)
-/var/www/cgi-bin/cvsweb\.cgi	--	gen_context(system_u:object_r:httpd_cvs_script_exec_t,s0)
diff --git a/policy/modules/services/cvs.if b/policy/modules/services/cvs.if
deleted file mode 100644
index 5bf3e60..0000000
--- a/policy/modules/services/cvs.if
+++ /dev/null
@@ -1,81 +0,0 @@
-## <summary>Concurrent versions system</summary>
-
-########################################
-## <summary>
-##	Read the CVS data and metadata.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cvs_read_data',`
-	gen_require(`
-		type cvs_data_t;
-	')
-
-	list_dirs_pattern($1, cvs_data_t, cvs_data_t)
-	read_files_pattern($1, cvs_data_t, cvs_data_t)
-	read_lnk_files_pattern($1, cvs_data_t, cvs_data_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to execute cvs
-##	in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cvs_exec',`
-	gen_require(`
-		type cvs_exec_t;
-	')
-
-	can_exec($1, cvs_exec_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an cvs environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the cvs domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`cvs_admin',`
-	gen_require(`
-		type cvs_t, cvs_tmp_t, cvs_initrc_exec_t;
-		type cvs_data_t, cvs_var_run_t;
-	')
-
-	allow $1 cvs_t:process { ptrace signal_perms };
-	ps_process_pattern($1, cvs_t)
-
-	# Allow cvs_t to restart the apache service
-	init_labeled_script_domtrans($1, cvs_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 cvs_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, cvs_tmp_t)
-
-	admin_pattern($1, cvs_data_t)
-
-	files_list_pids($1)
-	admin_pattern($1, cvs_var_run_t)
-')
diff --git a/policy/modules/services/cvs.te b/policy/modules/services/cvs.te
deleted file mode 100644
index e18dc0b..0000000
--- a/policy/modules/services/cvs.te
+++ /dev/null
@@ -1,116 +0,0 @@
-policy_module(cvs, 1.9.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow cvs daemon to read shadow
-##	</p>
-## </desc>
-gen_tunable(allow_cvs_read_shadow, false)
-
-type cvs_t;
-type cvs_exec_t;
-inetd_tcp_service_domain(cvs_t, cvs_exec_t)
-application_executable_file(cvs_exec_t)
-role system_r types cvs_t;
-
-type cvs_data_t; # customizable
-files_type(cvs_data_t)
-
-type cvs_initrc_exec_t;
-init_script_file(cvs_initrc_exec_t)
-
-type cvs_tmp_t;
-files_tmp_file(cvs_tmp_t)
-
-type cvs_var_run_t;
-files_pid_file(cvs_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow cvs_t self:capability { setuid setgid };
-allow cvs_t self:process signal_perms;
-allow cvs_t self:fifo_file rw_fifo_file_perms;
-allow cvs_t self:tcp_socket connected_stream_socket_perms;
-# for identd; cjp: this should probably only be inetd_child rules?
-allow cvs_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-
-manage_dirs_pattern(cvs_t, cvs_data_t, cvs_data_t)
-manage_files_pattern(cvs_t, cvs_data_t, cvs_data_t)
-manage_lnk_files_pattern(cvs_t, cvs_data_t, cvs_data_t)
-
-manage_dirs_pattern(cvs_t, cvs_tmp_t, cvs_tmp_t)
-manage_files_pattern(cvs_t, cvs_tmp_t, cvs_tmp_t)
-files_tmp_filetrans(cvs_t, cvs_tmp_t, { file dir })
-
-manage_files_pattern(cvs_t, cvs_var_run_t, cvs_var_run_t)
-files_pid_filetrans(cvs_t, cvs_var_run_t, file)
-
-kernel_read_kernel_sysctls(cvs_t)
-kernel_read_system_state(cvs_t)
-kernel_read_network_state(cvs_t)
-
-corenet_all_recvfrom_unlabeled(cvs_t)
-corenet_all_recvfrom_netlabel(cvs_t)
-corenet_tcp_sendrecv_generic_if(cvs_t)
-corenet_udp_sendrecv_generic_if(cvs_t)
-corenet_tcp_sendrecv_generic_node(cvs_t)
-corenet_udp_sendrecv_generic_node(cvs_t)
-corenet_tcp_sendrecv_all_ports(cvs_t)
-corenet_udp_sendrecv_all_ports(cvs_t)
-
-dev_read_urand(cvs_t)
-
-fs_getattr_xattr_fs(cvs_t)
-
-auth_domtrans_chk_passwd(cvs_t)
-auth_use_nsswitch(cvs_t)
-
-corecmd_exec_bin(cvs_t)
-corecmd_exec_shell(cvs_t)
-
-files_read_etc_files(cvs_t)
-files_read_etc_runtime_files(cvs_t)
-# for identd; cjp: this should probably only be inetd_child rules?
-files_search_home(cvs_t)
-
-logging_send_syslog_msg(cvs_t)
-logging_send_audit_msgs(cvs_t)
-
-miscfiles_read_localization(cvs_t)
-
-mta_send_mail(cvs_t)
-
-# cjp: typeattribute doesnt work in conditionals yet
-auth_can_read_shadow_passwords(cvs_t)
-tunable_policy(`allow_cvs_read_shadow',`
-	allow cvs_t self:capability dac_override;
-	auth_tunable_read_shadow(cvs_t)
-')
-
-optional_policy(`
-	kerberos_keytab_template(cvs, cvs_t)
-	kerberos_read_config(cvs_t)
-	kerberos_dontaudit_write_config(cvs_t)
-')
-
-########################################
-#
-# CVSWeb policy
-#
-
-optional_policy(`
-	apache_content_template(cvs)
-
-	read_files_pattern(httpd_cvs_script_t, cvs_data_t, cvs_data_t)
-	manage_dirs_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
-	manage_files_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
-	files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir })
-')
diff --git a/policy/modules/services/cyphesis.fc b/policy/modules/services/cyphesis.fc
deleted file mode 100644
index c47a772..0000000
--- a/policy/modules/services/cyphesis.fc
+++ /dev/null
@@ -1,5 +0,0 @@
-/usr/bin/cyphesis	--	gen_context(system_u:object_r:cyphesis_exec_t,s0)
-
-/var/log/cyphesis(/.*)?		gen_context(system_u:object_r:cyphesis_log_t,s0)
-
-/var/run/cyphesis(/.*)?		gen_context(system_u:object_r:cyphesis_var_run_t,s0)
diff --git a/policy/modules/services/cyphesis.if b/policy/modules/services/cyphesis.if
deleted file mode 100644
index 7e9057e..0000000
--- a/policy/modules/services/cyphesis.if
+++ /dev/null
@@ -1,19 +0,0 @@
-## <summary>Cyphesis WorldForge game server</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run cyphesis.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`cyphesis_domtrans',`
-	gen_require(`
-		type cyphesis_t, cyphesis_exec_t;
-	')
-
-	domtrans_pattern($1, cyphesis_exec_t, cyphesis_t)
-')
diff --git a/policy/modules/services/cyphesis.te b/policy/modules/services/cyphesis.te
deleted file mode 100644
index 1f789f8..0000000
--- a/policy/modules/services/cyphesis.te
+++ /dev/null
@@ -1,85 +0,0 @@
-policy_module(cyphesis, 1.2.0)
-
-########################################
-#
-# Declarations
-#
-
-type cyphesis_t;
-type cyphesis_exec_t;
-init_daemon_domain(cyphesis_t, cyphesis_exec_t)
-
-type cyphesis_log_t;
-logging_log_file(cyphesis_log_t)
-
-type cyphesis_tmp_t;
-files_tmp_file(cyphesis_tmp_t)
-
-type cyphesis_var_run_t;
-files_pid_file(cyphesis_var_run_t)
-
-########################################
-#
-# cyphesis local policy
-#
-
-allow cyphesis_t self:process { setfscreate setsched signal };
-allow cyphesis_t self:fifo_file rw_fifo_file_perms;
-allow cyphesis_t self:tcp_socket create_stream_socket_perms;
-allow cyphesis_t self:unix_stream_socket create_stream_socket_perms;
-allow cyphesis_t self:unix_dgram_socket create_socket_perms;
-
-manage_files_pattern(cyphesis_t, cyphesis_log_t, cyphesis_log_t)
-logging_log_filetrans(cyphesis_t, cyphesis_log_t, file)
-
-# DAN > Does cyphesis really create a sock_file in /tmp?  Why?
-allow cyphesis_t cyphesis_tmp_t:sock_file manage_sock_file_perms;
-files_tmp_filetrans(cyphesis_t, cyphesis_tmp_t, file)
-
-manage_dirs_pattern(cyphesis_t, cyphesis_var_run_t, cyphesis_var_run_t)
-manage_files_pattern(cyphesis_t, cyphesis_var_run_t, cyphesis_var_run_t)
-manage_sock_files_pattern(cyphesis_t, cyphesis_var_run_t, cyphesis_var_run_t)
-files_pid_filetrans(cyphesis_t, cyphesis_var_run_t, { dir file sock_file })
-
-kernel_read_system_state(cyphesis_t)
-kernel_read_kernel_sysctls(cyphesis_t)
-
-# DAN> What is cyphesis looking for in /bin?
-corecmd_search_bin(cyphesis_t)
-corecmd_getattr_bin_files(cyphesis_t)
-
-corenet_all_recvfrom_unlabeled(cyphesis_t)
-corenet_tcp_sendrecv_generic_if(cyphesis_t)
-corenet_tcp_sendrecv_generic_node(cyphesis_t)
-corenet_tcp_sendrecv_all_ports(cyphesis_t)
-corenet_tcp_bind_generic_node(cyphesis_t)
-corenet_tcp_bind_cyphesis_port(cyphesis_t)
-corenet_sendrecv_cyphesis_server_packets(cyphesis_t)
-
-dev_read_urand(cyphesis_t)
-
-# Init script handling
-domain_use_interactive_fds(cyphesis_t)
-
-files_read_etc_files(cyphesis_t)
-files_read_usr_files(cyphesis_t)
-
-logging_send_syslog_msg(cyphesis_t)
-
-miscfiles_read_localization(cyphesis_t)
-
-sysnet_dns_name_resolve(cyphesis_t)
-
-# cyphesis wants to talk to avahi via dbus
-optional_policy(`
-	avahi_dbus_chat(cyphesis_t)
-	dbus_system_bus_client(cyphesis_t)
-')
-
-optional_policy(`
-	kerberos_use(cyphesis_t)
-')
-
-optional_policy(`
-	postgresql_stream_connect(cyphesis_t)
-')
diff --git a/policy/modules/services/cyrus.fc b/policy/modules/services/cyrus.fc
deleted file mode 100644
index 445d93d..0000000
--- a/policy/modules/services/cyrus.fc
+++ /dev/null
@@ -1,5 +0,0 @@
-/etc/rc\.d/init\.d/cyrus		--	gen_context(system_u:object_r:cyrus_initrc_exec_t,s0)
-
-/usr/lib(64)?/cyrus-imapd/cyrus-master	--	gen_context(system_u:object_r:cyrus_exec_t,s0)
-
-/var/lib/imap(/.*)?				gen_context(system_u:object_r:cyrus_var_lib_t,s0)
diff --git a/policy/modules/services/cyrus.if b/policy/modules/services/cyrus.if
deleted file mode 100644
index e4e86d0..0000000
--- a/policy/modules/services/cyrus.if
+++ /dev/null
@@ -1,81 +0,0 @@
-## <summary>Cyrus is an IMAP service intended to be run on sealed servers</summary>
-
-########################################
-## <summary>
-##	Allow caller to create, read, write,
-##	and delete cyrus data files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cyrus_manage_data',`
-	gen_require(`
-		type cyrus_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, cyrus_var_lib_t, cyrus_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Connect to Cyrus using a unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`cyrus_stream_connect',`
-	gen_require(`
-		type cyrus_t, cyrus_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	stream_connect_pattern($1, cyrus_var_lib_t, cyrus_var_lib_t, cyrus_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an cyrus environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the cyrus domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`cyrus_admin',`
-	gen_require(`
-		type cyrus_t, cyrus_tmp_t, cyrus_var_lib_t;
-		type cyrus_var_run_t, cyrus_initrc_exec_t;
-	')
-
-	allow $1 cyrus_t:process { ptrace signal_perms };
-	ps_process_pattern($1, cyrus_t)
-
-	init_labeled_script_domtrans($1, cyrus_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 cyrus_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, cyrus_tmp_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, cyrus_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, cyrus_var_run_t)
-')
diff --git a/policy/modules/services/cyrus.te b/policy/modules/services/cyrus.te
deleted file mode 100644
index f80e725..0000000
--- a/policy/modules/services/cyrus.te
+++ /dev/null
@@ -1,146 +0,0 @@
-policy_module(cyrus, 1.10.0)
-
-########################################
-#
-# Declarations
-#
-
-type cyrus_t;
-type cyrus_exec_t;
-init_daemon_domain(cyrus_t, cyrus_exec_t)
-
-type cyrus_initrc_exec_t;
-init_script_file(cyrus_initrc_exec_t)
-
-type cyrus_tmp_t;
-files_tmp_file(cyrus_tmp_t)
-
-type cyrus_var_lib_t;
-files_type(cyrus_var_lib_t)
-
-type cyrus_var_run_t;
-files_pid_file(cyrus_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow cyrus_t self:capability { fsetid dac_override net_bind_service setgid setuid sys_resource };
-dontaudit cyrus_t self:capability sys_tty_config;
-allow cyrus_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow cyrus_t self:process setrlimit;
-allow cyrus_t self:fd use;
-allow cyrus_t self:fifo_file rw_fifo_file_perms;
-allow cyrus_t self:sock_file read_sock_file_perms;
-allow cyrus_t self:shm create_shm_perms;
-allow cyrus_t self:sem create_sem_perms;
-allow cyrus_t self:msgq create_msgq_perms;
-allow cyrus_t self:msg { send receive };
-allow cyrus_t self:unix_dgram_socket create_socket_perms;
-allow cyrus_t self:unix_stream_socket create_stream_socket_perms;
-allow cyrus_t self:unix_dgram_socket sendto;
-allow cyrus_t self:unix_stream_socket connectto;
-allow cyrus_t self:tcp_socket create_stream_socket_perms;
-allow cyrus_t self:udp_socket create_socket_perms;
-
-manage_dirs_pattern(cyrus_t, cyrus_tmp_t, cyrus_tmp_t)
-manage_files_pattern(cyrus_t, cyrus_tmp_t, cyrus_tmp_t)
-files_tmp_filetrans(cyrus_t, cyrus_tmp_t, { file dir })
-
-manage_dirs_pattern(cyrus_t, cyrus_var_lib_t, cyrus_var_lib_t)
-manage_files_pattern(cyrus_t, cyrus_var_lib_t, cyrus_var_lib_t)
-manage_lnk_files_pattern(cyrus_t, cyrus_var_lib_t, cyrus_var_lib_t)
-manage_sock_files_pattern(cyrus_t, cyrus_var_lib_t, cyrus_var_lib_t)
-files_pid_filetrans(cyrus_t, cyrus_var_run_t, file)
-
-manage_files_pattern(cyrus_t, cyrus_var_run_t, cyrus_var_run_t)
-manage_sock_files_pattern(cyrus_t, cyrus_var_run_t, cyrus_var_run_t)
-files_pid_filetrans(cyrus_t, cyrus_var_run_t, { file sock_file })
-
-kernel_read_kernel_sysctls(cyrus_t)
-kernel_read_system_state(cyrus_t)
-kernel_read_all_sysctls(cyrus_t)
-
-corenet_all_recvfrom_unlabeled(cyrus_t)
-corenet_all_recvfrom_netlabel(cyrus_t)
-corenet_tcp_sendrecv_generic_if(cyrus_t)
-corenet_udp_sendrecv_generic_if(cyrus_t)
-corenet_tcp_sendrecv_generic_node(cyrus_t)
-corenet_udp_sendrecv_generic_node(cyrus_t)
-corenet_tcp_sendrecv_all_ports(cyrus_t)
-corenet_udp_sendrecv_all_ports(cyrus_t)
-corenet_tcp_bind_generic_node(cyrus_t)
-corenet_tcp_bind_mail_port(cyrus_t)
-corenet_tcp_bind_lmtp_port(cyrus_t)
-corenet_tcp_bind_pop_port(cyrus_t)
-corenet_tcp_bind_sieve_port(cyrus_t)
-corenet_tcp_connect_all_ports(cyrus_t)
-corenet_sendrecv_mail_server_packets(cyrus_t)
-corenet_sendrecv_pop_server_packets(cyrus_t)
-corenet_sendrecv_lmtp_server_packets(cyrus_t)
-corenet_sendrecv_all_client_packets(cyrus_t)
-
-dev_read_rand(cyrus_t)
-dev_read_urand(cyrus_t)
-dev_read_sysfs(cyrus_t)
-
-fs_getattr_all_fs(cyrus_t)
-fs_search_auto_mountpoints(cyrus_t)
-
-corecmd_exec_bin(cyrus_t)
-
-domain_use_interactive_fds(cyrus_t)
-
-files_list_var_lib(cyrus_t)
-files_read_etc_files(cyrus_t)
-files_read_etc_runtime_files(cyrus_t)
-files_read_usr_files(cyrus_t)
-
-auth_use_nsswitch(cyrus_t)
-
-libs_exec_lib_files(cyrus_t)
-
-logging_send_syslog_msg(cyrus_t)
-
-miscfiles_read_localization(cyrus_t)
-miscfiles_read_generic_certs(cyrus_t)
-
-sysnet_read_config(cyrus_t)
-
-userdom_use_unpriv_users_fds(cyrus_t)
-userdom_dontaudit_search_user_home_dirs(cyrus_t)
-
-mta_manage_spool(cyrus_t)
-mta_send_mail(cyrus_t)
-
-optional_policy(`
-	cron_system_entry(cyrus_t, cyrus_exec_t)
-')
-
-optional_policy(`
-	kerberos_keytab_template(cyrus, cyrus_t)
-')
-
-optional_policy(`
-	ldap_stream_connect(cyrus_t)
-')
-
-optional_policy(`
-	sasl_connect(cyrus_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(cyrus_t)
-')
-
-optional_policy(`
-	files_dontaudit_write_usr_dirs(cyrus_t)
-	snmp_read_snmp_var_lib_files(cyrus_t)
-	snmp_dontaudit_write_snmp_var_lib_files(cyrus_t)
-	snmp_stream_connect(cyrus_t)
-')
-
-optional_policy(`
-	udev_read_db(cyrus_t)
-')
diff --git a/policy/modules/services/dante.fc b/policy/modules/services/dante.fc
deleted file mode 100644
index 139171d..0000000
--- a/policy/modules/services/dante.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-
-/etc/socks(/.*)?		gen_context(system_u:object_r:dante_conf_t,s0)
-
-/usr/sbin/sockd		--	gen_context(system_u:object_r:dante_exec_t,s0)
-
-/var/run/sockd\.pid	--	gen_context(system_u:object_r:dante_var_run_t,s0)
diff --git a/policy/modules/services/dante.if b/policy/modules/services/dante.if
deleted file mode 100644
index 704661c..0000000
--- a/policy/modules/services/dante.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>Dante msproxy and socks4/5 proxy server</summary>
diff --git a/policy/modules/services/dante.te b/policy/modules/services/dante.te
deleted file mode 100644
index a8b93c0..0000000
--- a/policy/modules/services/dante.te
+++ /dev/null
@@ -1,79 +0,0 @@
-policy_module(dante, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type dante_t;
-type dante_exec_t;
-init_daemon_domain(dante_t, dante_exec_t)
-
-type dante_conf_t;
-files_type(dante_conf_t)
-
-type dante_var_run_t;
-files_pid_file(dante_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow dante_t self:capability { setuid setgid };
-dontaudit dante_t self:capability sys_tty_config;
-allow dante_t self:process signal_perms;
-allow dante_t self:fifo_file rw_fifo_file_perms;
-allow dante_t self:tcp_socket create_stream_socket_perms;
-allow dante_t self:udp_socket create_socket_perms;
-
-allow dante_t dante_conf_t:dir list_dir_perms;
-allow dante_t dante_conf_t:file read_file_perms;
-
-manage_files_pattern(dante_t, dante_var_run_t, dante_var_run_t)
-files_pid_filetrans(dante_t, dante_var_run_t, file)
-
-kernel_read_kernel_sysctls(dante_t)
-kernel_list_proc(dante_t)
-kernel_read_proc_symlinks(dante_t)
-
-corenet_all_recvfrom_unlabeled(dante_t)
-corenet_all_recvfrom_netlabel(dante_t)
-corenet_tcp_sendrecv_generic_if(dante_t)
-corenet_udp_sendrecv_generic_if(dante_t)
-corenet_tcp_sendrecv_generic_node(dante_t)
-corenet_udp_sendrecv_generic_node(dante_t)
-corenet_tcp_sendrecv_all_ports(dante_t)
-corenet_udp_sendrecv_all_ports(dante_t)
-corenet_tcp_bind_generic_node(dante_t)
-#TODO: no portcons for this type
-#allow dante_t socks_port_t:tcp_socket name_bind;
-
-dev_read_sysfs(dante_t)
-
-domain_use_interactive_fds(dante_t)
-
-files_read_etc_files(dante_t)
-files_read_etc_runtime_files(dante_t)
-
-fs_getattr_all_fs(dante_t)
-fs_search_auto_mountpoints(dante_t)
-
-init_write_utmp(dante_t)
-
-logging_send_syslog_msg(dante_t)
-
-miscfiles_read_localization(dante_t)
-
-sysnet_read_config(dante_t)
-
-userdom_dontaudit_use_unpriv_user_fds(dante_t)
-userdom_dontaudit_search_user_home_dirs(dante_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(dante_t)
-')
-
-optional_policy(`
-	udev_read_db(dante_t)
-')
diff --git a/policy/modules/services/dbskk.fc b/policy/modules/services/dbskk.fc
deleted file mode 100644
index 7af2590..0000000
--- a/policy/modules/services/dbskk.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-
-/usr/sbin/dbskkd-cdb	--	gen_context(system_u:object_r:dbskkd_exec_t,s0)
diff --git a/policy/modules/services/dbskk.if b/policy/modules/services/dbskk.if
deleted file mode 100644
index 9e71004..0000000
--- a/policy/modules/services/dbskk.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>Dictionary server for the SKK Japanese input method system.</summary>
diff --git a/policy/modules/services/dbskk.te b/policy/modules/services/dbskk.te
deleted file mode 100644
index 1445f97..0000000
--- a/policy/modules/services/dbskk.te
+++ /dev/null
@@ -1,69 +0,0 @@
-policy_module(dbskk, 1.5.0)
-
-########################################
-#
-# Declarations
-#
-
-type dbskkd_t;
-type dbskkd_exec_t;
-inetd_service_domain(dbskkd_t, dbskkd_exec_t)
-role system_r types dbskkd_t;
-
-type dbskkd_tmp_t;
-files_tmp_file(dbskkd_tmp_t)
-
-type dbskkd_var_run_t;
-files_pid_file(dbskkd_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow dbskkd_t self:process signal_perms;
-allow dbskkd_t self:fifo_file rw_fifo_file_perms;
-allow dbskkd_t self:tcp_socket connected_stream_socket_perms;
-allow dbskkd_t self:udp_socket create_socket_perms;
-
-# for identd
-# cjp: this should probably only be inetd_child rules?
-allow dbskkd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-allow dbskkd_t self:capability { setuid setgid };
-files_search_home(dbskkd_t)
-optional_policy(`
-	kerberos_use(dbskkd_t)
-')
-#end for identd
-
-manage_dirs_pattern(dbskkd_t, dbskkd_tmp_t, dbskkd_tmp_t)
-manage_files_pattern(dbskkd_t, dbskkd_tmp_t, dbskkd_tmp_t)
-files_tmp_filetrans(dbskkd_t, dbskkd_tmp_t, { file dir })
-
-manage_files_pattern(dbskkd_t, dbskkd_var_run_t, dbskkd_var_run_t)
-files_pid_filetrans(dbskkd_t, dbskkd_var_run_t, file)
-
-kernel_read_kernel_sysctls(dbskkd_t)
-kernel_read_system_state(dbskkd_t)
-kernel_read_network_state(dbskkd_t)
-
-corenet_all_recvfrom_unlabeled(dbskkd_t)
-corenet_all_recvfrom_netlabel(dbskkd_t)
-corenet_tcp_sendrecv_generic_if(dbskkd_t)
-corenet_udp_sendrecv_generic_if(dbskkd_t)
-corenet_tcp_sendrecv_generic_node(dbskkd_t)
-corenet_udp_sendrecv_generic_node(dbskkd_t)
-corenet_tcp_sendrecv_all_ports(dbskkd_t)
-corenet_udp_sendrecv_all_ports(dbskkd_t)
-
-dev_read_urand(dbskkd_t)
-
-fs_getattr_xattr_fs(dbskkd_t)
-
-files_read_etc_files(dbskkd_t)
-
-auth_use_nsswitch(dbskkd_t)
-
-logging_send_syslog_msg(dbskkd_t)
-
-miscfiles_read_localization(dbskkd_t)
diff --git a/policy/modules/services/dbus.fc b/policy/modules/services/dbus.fc
deleted file mode 100644
index 81eba14..0000000
--- a/policy/modules/services/dbus.fc
+++ /dev/null
@@ -1,17 +0,0 @@
-/etc/dbus-1(/.*)?		gen_context(system_u:object_r:dbusd_etc_t,s0)
-
-/bin/dbus-daemon 	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
-
-/lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
-/lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
-
-/usr/bin/dbus-daemon(-1)? --	gen_context(system_u:object_r:dbusd_exec_t,s0)
-/usr/libexec/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
-
-/var/lib/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)
-
-/var/run/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
-
-ifdef(`distro_redhat',`
-/var/named/chroot/var/run/dbus(/.*)?	gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
-')
diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
deleted file mode 100644
index 74fa3d6..0000000
--- a/policy/modules/services/dbus.if
+++ /dev/null
@@ -1,524 +0,0 @@
-## <summary>Desktop messaging bus</summary>
-
-########################################
-## <summary>
-##	DBUS stub interface.  No access allowed.
-## </summary>
-## <param name="domain" unused="true">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-#
-interface(`dbus_stub',`
-	gen_require(`
-		type system_dbusd_t;
-		class dbus all_dbus_perms;
-	')
-')
-
-########################################
-## <summary>
-##	Role access for dbus
-## </summary>
-## <param name="role_prefix">
-##	<summary>
-##	The prefix of the user role (e.g., user
-##	is the prefix for user_r).
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-template(`dbus_role_template',`
-	gen_require(`
-		class dbus { send_msg acquire_svc };
-		attribute dbusd_unconfined, session_bus_type;
-		type system_dbusd_t, session_dbusd_tmp_t, dbusd_exec_t, dbusd_etc_t;
-		type $1_t;
-	')
-
-	##############################
-	#
-	# Delcarations
-	#
-
-	type $1_dbusd_t, session_bus_type;
-	domain_type($1_dbusd_t)
-	domain_entry_file($1_dbusd_t, dbusd_exec_t)
-	ubac_constrained($1_dbusd_t)
-	role $2 types $1_dbusd_t;
-
-	##############################
-	#
-	# Local policy
-	#
-
-	allow $1_dbusd_t self:process { getattr sigkill signal };
-	dontaudit $1_dbusd_t self:process ptrace;
-	allow $1_dbusd_t self:file { getattr read write };
-	allow $1_dbusd_t self:fifo_file rw_fifo_file_perms;
-	allow $1_dbusd_t self:dbus { send_msg acquire_svc };
-	allow $1_dbusd_t self:unix_stream_socket create_stream_socket_perms;
-	allow $1_dbusd_t self:unix_dgram_socket create_socket_perms;
-	allow $1_dbusd_t self:tcp_socket create_stream_socket_perms;
-	allow $1_dbusd_t self:netlink_selinux_socket create_socket_perms;
-
-	# For connecting to the bus
-	allow $3 $1_dbusd_t:unix_stream_socket connectto;
-
-	# SE-DBus specific permissions
-	allow { dbusd_unconfined $3 } $1_dbusd_t:dbus { send_msg acquire_svc };
-	allow $3 system_dbusd_t:dbus { send_msg acquire_svc };
-
-	allow $1_dbusd_t dbusd_etc_t:dir list_dir_perms;
-	read_files_pattern($1_dbusd_t, dbusd_etc_t, dbusd_etc_t)
-	read_lnk_files_pattern($1_dbusd_t, dbusd_etc_t, dbusd_etc_t)
-
-	manage_dirs_pattern($1_dbusd_t, session_dbusd_tmp_t, session_dbusd_tmp_t)
-	manage_files_pattern($1_dbusd_t, session_dbusd_tmp_t, session_dbusd_tmp_t)
-	files_tmp_filetrans($1_dbusd_t, session_dbusd_tmp_t, { file dir })
-
-	domtrans_pattern($3, dbusd_exec_t, $1_dbusd_t)
-
-	ps_process_pattern($3, $1_dbusd_t)
-	allow $3 $1_dbusd_t:process { ptrace signal_perms };
-
-	# cjp: this seems very broken
-	corecmd_bin_domtrans($1_dbusd_t, $1_t)
-	allow $1_dbusd_t $3:process sigkill;
-	allow $3 $1_dbusd_t:fd use;
-	allow $3 $1_dbusd_t:fifo_file rw_fifo_file_perms;
-
-	kernel_read_system_state($1_dbusd_t)
-	kernel_read_kernel_sysctls($1_dbusd_t)
-
-	corecmd_list_bin($1_dbusd_t)
-	corecmd_read_bin_symlinks($1_dbusd_t)
-	corecmd_read_bin_files($1_dbusd_t)
-	corecmd_read_bin_pipes($1_dbusd_t)
-	corecmd_read_bin_sockets($1_dbusd_t)
-
-	corenet_all_recvfrom_unlabeled($1_dbusd_t)
-	corenet_all_recvfrom_netlabel($1_dbusd_t)
-	corenet_tcp_sendrecv_generic_if($1_dbusd_t)
-	corenet_tcp_sendrecv_generic_node($1_dbusd_t)
-	corenet_tcp_sendrecv_all_ports($1_dbusd_t)
-	corenet_tcp_bind_generic_node($1_dbusd_t)
-	corenet_tcp_bind_reserved_port($1_dbusd_t)
-
-	dev_read_urand($1_dbusd_t)
-
-	domain_use_interactive_fds($1_dbusd_t)
-	domain_read_all_domains_state($1_dbusd_t)
-
-	files_read_etc_files($1_dbusd_t)
-	files_list_home($1_dbusd_t)
-	files_read_usr_files($1_dbusd_t)
-	files_dontaudit_search_var($1_dbusd_t)
-
-	fs_getattr_romfs($1_dbusd_t)
-	fs_getattr_xattr_fs($1_dbusd_t)
-	fs_list_inotifyfs($1_dbusd_t)
-	fs_dontaudit_list_nfs($1_dbusd_t)
-
-	selinux_get_fs_mount($1_dbusd_t)
-	selinux_validate_context($1_dbusd_t)
-	selinux_compute_access_vector($1_dbusd_t)
-	selinux_compute_create_context($1_dbusd_t)
-	selinux_compute_relabel_context($1_dbusd_t)
-	selinux_compute_user_contexts($1_dbusd_t)
-
-	auth_read_pam_console_data($1_dbusd_t)
-	auth_use_nsswitch($1_dbusd_t)
-
-	logging_send_audit_msgs($1_dbusd_t)
-	logging_send_syslog_msg($1_dbusd_t)
-
-	miscfiles_read_localization($1_dbusd_t)
-
-	seutil_read_config($1_dbusd_t)
-	seutil_read_default_contexts($1_dbusd_t)
-
-	term_use_all_terms($1_dbusd_t)
-
-	userdom_dontaudit_search_admin_dir($1_dbusd_t)
-	userdom_manage_user_home_content_dirs($1_dbusd_t)
-	userdom_manage_user_home_content_files($1_dbusd_t)
-	userdom_user_home_dir_filetrans_user_home_content($1_dbusd_t, { dir file })
-
-	ifdef(`hide_broken_symptoms',`
-		dontaudit $3 $1_dbusd_t:netlink_selinux_socket { read write };
-	')
-
-	optional_policy(`
-		gnome_read_gconf_home_files($1_dbusd_t)
-	')
-
-	optional_policy(`
-		hal_dbus_chat($1_dbusd_t)
-	')
-
-	optional_policy(`
-		xserver_search_xdm_lib($1_dbusd_t)
-		xserver_use_xdm_fds($1_dbusd_t)
-		xserver_rw_xdm_pipes($1_dbusd_t)
-	')
-')
-
-#######################################
-## <summary>
-##	Template for creating connections to
-##	the system DBUS.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dbus_system_bus_client',`
-	gen_require(`
-		type system_dbusd_t, system_dbusd_t;
-		type system_dbusd_var_run_t, system_dbusd_var_lib_t;
-		class dbus send_msg;
-		attribute dbusd_unconfined;
-	')
-
-	# SE-DBus specific permissions
-	allow $1 { system_dbusd_t self }:dbus send_msg;
-	allow { system_dbusd_t dbusd_unconfined } $1:dbus send_msg;
-
-	read_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
-	files_search_var_lib($1)
-
-	# For connecting to the bus
-	files_search_pids($1)
-	stream_connect_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t, system_dbusd_t)
-	dbus_read_config($1)
-')
-
-#######################################
-## <summary>
-##	Template for creating connections to
-##	a user DBUS.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dbus_session_bus_client',`
-	gen_require(`
-		attribute session_bus_type;
-		class dbus send_msg;
-	')
-
-	# SE-DBus specific permissions
-	allow $1 { session_bus_type self }:dbus send_msg;
-
-	# For connecting to the bus
-	allow $1 session_bus_type:unix_stream_socket connectto;
-')
-
-########################################
-## <summary>
-##	Send a message the session DBUS.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dbus_send_session_bus',`
-	gen_require(`
-		attribute session_bus_type;
-		class dbus send_msg;
-	')
-
-	allow $1 session_bus_type:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Read dbus configuration.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dbus_read_config',`
-	gen_require(`
-		type dbusd_etc_t;
-	')
-
-	allow $1 dbusd_etc_t:dir list_dir_perms;
-	allow $1 dbusd_etc_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Read system dbus lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dbus_read_lib_files',`
-	gen_require(`
-		type system_dbusd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	system dbus lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dbus_manage_lib_files',`
-	gen_require(`
-		type system_dbusd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Connect to the system DBUS
-##	for service (acquire_svc).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dbus_connect_session_bus',`
-	gen_require(`
-		attribute session_bus_type;
-		class dbus acquire_svc;
-	')
-
-	allow $1 session_bus_type:dbus acquire_svc;
-')
-
-########################################
-## <summary>
-##	Allow a application domain to be started
-##	by the session dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Type to be used as a domain.
-##	</summary>
-## </param>
-## <param name="entry_point">
-##	<summary>
-##	Type of the program to be used as an
-##	entry point to this domain.
-##	</summary>
-## </param>
-#
-interface(`dbus_session_domain',`
-	gen_require(`
-		attribute session_bus_type;
-	')
-
-	domtrans_pattern(session_bus_type, $2, $1)
-
-	dbus_session_bus_client($1)
-	dbus_connect_session_bus($1)
-')
-
-########################################
-## <summary>
-##	Connect to the system DBUS
-##	for service (acquire_svc).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dbus_connect_system_bus',`
-	gen_require(`
-		type system_dbusd_t;
-		class dbus acquire_svc;
-	')
-
-	allow $1 system_dbusd_t:dbus acquire_svc;
-')
-
-########################################
-## <summary>
-##	Send a message on the system DBUS.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dbus_send_system_bus',`
-	gen_require(`
-		type system_dbusd_t;
-		class dbus send_msg;
-	')
-
-	allow $1 system_dbusd_t:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Allow unconfined access to the system DBUS.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dbus_system_bus_unconfined',`
-	gen_require(`
-		type system_dbusd_t;
-		class dbus all_dbus_perms;
-	')
-
-	allow $1 system_dbusd_t:dbus *;
-')
-
-########################################
-## <summary>
-##	Create a domain for processes
-##	which can be started by the system dbus
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Type to be used as a domain.
-##	</summary>
-## </param>
-## <param name="entry_point">
-##	<summary>
-##	Type of the program to be used as an entry point to this domain.
-##	</summary>
-## </param>
-#
-interface(`dbus_system_domain',`
-	gen_require(`
-		type system_dbusd_t;
-		role system_r;
-	')
-
-	domain_type($1)
-	domain_entry_file($1, $2)
-
-	role system_r types $1;
-
-	domtrans_pattern(system_dbusd_t, $2, $1)
-
-	fs_search_all($1)
-
-	dbus_system_bus_client($1)
-	dbus_connect_system_bus($1)
-
-	init_stream_connect($1)
-
-	ps_process_pattern(system_dbusd_t, $1)
-
-	userdom_dontaudit_search_admin_dir($1)
-	userdom_read_all_users_state($1)
-
-	optional_policy(`
-		rpm_script_dbus_chat($1)
-	')
-
-	optional_policy(`
-		unconfined_dbus_send($1)
-	')
-
-	ifdef(`hide_broken_symptoms',`
-		dontaudit $1 system_dbusd_t:netlink_selinux_socket { read write };
-	')
-')
-
-########################################
-## <summary>
-##	Dontaudit Read, and write system dbus TCP sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dbus_dontaudit_system_bus_rw_tcp_sockets',`
-	gen_require(`
-		type system_dbusd_t;
-	')
-
-	allow $1 system_dbusd_t:tcp_socket { read write };
-	allow $1 system_dbusd_t:fd use;
-')
-
-########################################
-## <summary>
-##	Allow unconfined access to the system DBUS.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dbus_unconfined',`
-	gen_require(`
-		attribute dbusd_unconfined;
-	')
-
-	typeattribute $1 dbusd_unconfined;
-')
-
-########################################
-## <summary>
-##	Delete all dbus pid files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dbus_delete_pid_files',`
-	gen_require(`
-		type system_dbusd_var_run_t;
-	')
-
-	files_search_pids($1)
-	delete_files_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t)
-')
diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te
deleted file mode 100644
index d9416fc..0000000
--- a/policy/modules/services/dbus.te
+++ /dev/null
@@ -1,180 +0,0 @@
-policy_module(dbus, 1.13.0)
-
-gen_require(`
-	class dbus all_dbus_perms;
-')
-
-##############################
-#
-# Delcarations
-#
-
-attribute dbusd_unconfined;
-attribute session_bus_type;
-
-type dbusd_etc_t;
-files_config_file(dbusd_etc_t)
-
-type dbusd_exec_t;
-corecmd_executable_file(dbusd_exec_t)
-typealias dbusd_exec_t alias system_dbusd_exec_t;
-
-type session_dbusd_tmp_t;
-typealias session_dbusd_tmp_t alias { user_dbusd_tmp_t staff_dbusd_tmp_t sysadm_dbusd_tmp_t };
-typealias session_dbusd_tmp_t alias { auditadm_dbusd_tmp_t secadm_dbusd_tmp_t };
-files_tmp_file(session_dbusd_tmp_t)
-ubac_constrained(session_dbusd_tmp_t)
-
-type system_dbusd_t;
-init_system_domain(system_dbusd_t, dbusd_exec_t)
-
-type system_dbusd_tmp_t;
-files_tmp_file(system_dbusd_tmp_t)
-
-type system_dbusd_var_lib_t;
-files_type(system_dbusd_var_lib_t)
-
-type system_dbusd_var_run_t;
-files_pid_file(system_dbusd_var_run_t)
-
-ifdef(`enable_mcs',`
-	init_ranged_system_domain(system_dbusd_t, dbusd_exec_t, s0 - mcs_systemhigh)
-')
-
-ifdef(`enable_mls',`
-	init_ranged_system_domain(system_dbusd_t, dbusd_exec_t, s0 - mls_systemhigh)
-')
-
-##############################
-#
-# System bus local policy
-#
-
-# dac_override: /var/run/dbus is owned by messagebus on Debian
-# cjp: dac_override should probably go in a distro_debian
-allow system_dbusd_t self:capability { dac_override setgid setpcap setuid };
-dontaudit system_dbusd_t self:capability sys_tty_config;
-allow system_dbusd_t self:process { getattr getsched signal_perms setpgid getcap setcap };
-allow system_dbusd_t self:fifo_file rw_fifo_file_perms;
-allow system_dbusd_t self:dbus { send_msg acquire_svc };
-allow system_dbusd_t self:unix_stream_socket { connectto create_stream_socket_perms connectto };
-allow system_dbusd_t self:unix_dgram_socket create_socket_perms;
-# Receive notifications of policy reloads and enforcing status changes.
-allow system_dbusd_t self:netlink_selinux_socket { create bind read };
-
-can_exec(system_dbusd_t, dbusd_exec_t)
-
-allow system_dbusd_t dbusd_etc_t:dir list_dir_perms;
-read_files_pattern(system_dbusd_t, dbusd_etc_t, dbusd_etc_t)
-read_lnk_files_pattern(system_dbusd_t, dbusd_etc_t, dbusd_etc_t)
-
-manage_dirs_pattern(system_dbusd_t, system_dbusd_tmp_t, system_dbusd_tmp_t)
-manage_files_pattern(system_dbusd_t, system_dbusd_tmp_t, system_dbusd_tmp_t)
-files_tmp_filetrans(system_dbusd_t, system_dbusd_tmp_t, { file dir })
-
-read_files_pattern(system_dbusd_t, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
-
-manage_dirs_pattern(system_dbusd_t, system_dbusd_var_run_t, system_dbusd_var_run_t)
-manage_files_pattern(system_dbusd_t, system_dbusd_var_run_t, system_dbusd_var_run_t)
-manage_sock_files_pattern(system_dbusd_t, system_dbusd_var_run_t, system_dbusd_var_run_t)
-files_pid_filetrans(system_dbusd_t, system_dbusd_var_run_t, { file dir })
-
-kernel_read_system_state(system_dbusd_t)
-kernel_read_kernel_sysctls(system_dbusd_t)
-
-dev_read_urand(system_dbusd_t)
-dev_read_sysfs(system_dbusd_t)
-
-fs_getattr_all_fs(system_dbusd_t)
-fs_list_inotifyfs(system_dbusd_t)
-fs_search_auto_mountpoints(system_dbusd_t)
-fs_dontaudit_list_nfs(system_dbusd_t)
-
-mls_fd_use_all_levels(system_dbusd_t)
-mls_rangetrans_target(system_dbusd_t)
-mls_file_read_all_levels(system_dbusd_t)
-mls_socket_write_all_levels(system_dbusd_t)
-mls_socket_read_to_clearance(system_dbusd_t)
-mls_dbus_recv_all_levels(system_dbusd_t)
-
-selinux_get_fs_mount(system_dbusd_t)
-selinux_validate_context(system_dbusd_t)
-selinux_compute_access_vector(system_dbusd_t)
-selinux_compute_create_context(system_dbusd_t)
-selinux_compute_relabel_context(system_dbusd_t)
-selinux_compute_user_contexts(system_dbusd_t)
-
-term_dontaudit_use_console(system_dbusd_t)
-
-auth_use_nsswitch(system_dbusd_t)
-auth_read_pam_console_data(system_dbusd_t)
-
-corecmd_list_bin(system_dbusd_t)
-corecmd_read_bin_pipes(system_dbusd_t)
-corecmd_read_bin_sockets(system_dbusd_t)
-
-domain_use_interactive_fds(system_dbusd_t)
-domain_read_all_domains_state(system_dbusd_t)
-
-files_read_etc_files(system_dbusd_t)
-files_list_home(system_dbusd_t)
-files_read_usr_files(system_dbusd_t)
-
-init_use_fds(system_dbusd_t)
-init_use_script_ptys(system_dbusd_t)
-init_bin_domtrans_spec(system_dbusd_t)
-init_domtrans_script(system_dbusd_t)
-init_rw_stream_sockets(system_dbusd_t)
-
-logging_send_audit_msgs(system_dbusd_t)
-logging_send_syslog_msg(system_dbusd_t)
-
-miscfiles_read_localization(system_dbusd_t)
-miscfiles_read_generic_certs(system_dbusd_t)
-
-seutil_read_config(system_dbusd_t)
-seutil_read_default_contexts(system_dbusd_t)
-seutil_sigchld_newrole(system_dbusd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(system_dbusd_t)
-userdom_dontaudit_search_user_home_dirs(system_dbusd_t)
-
-optional_policy(`
-	bind_domtrans(system_dbusd_t)
-')
-
-optional_policy(`
-	gnome_exec_gconf(system_dbusd_t)
-')
-
-optional_policy(`
-	networkmanager_initrc_domtrans(system_dbusd_t)
-')
-
-optional_policy(`
-	policykit_dbus_chat(system_dbusd_t)
-	policykit_domtrans_auth(system_dbusd_t)
-	policykit_search_lib(system_dbusd_t)
-')
-
-optional_policy(`
-	sysnet_domtrans_dhcpc(system_dbusd_t)
-')
-
-optional_policy(`
-	udev_read_db(system_dbusd_t)
-')
-
-########################################
-#
-# Unconfined access to this module
-#
-allow dbusd_unconfined session_bus_type:dbus all_dbus_perms;
-allow dbusd_unconfined dbusd_unconfined:dbus all_dbus_perms;
-allow session_bus_type dbusd_unconfined:dbus send_msg;
-
-optional_policy(`
-	xserver_use_xdm_fds(session_bus_type)
-	xserver_rw_xdm_pipes(session_bus_type)
-	xserver_append_xdm_home_files(session_bus_type)
-')
diff --git a/policy/modules/services/dcc.fc b/policy/modules/services/dcc.fc
deleted file mode 100644
index ecda170..0000000
--- a/policy/modules/services/dcc.fc
+++ /dev/null
@@ -1,21 +0,0 @@
-/etc/dcc(/.*)?				gen_context(system_u:object_r:dcc_var_t,s0)
-/etc/dcc/dccifd			-s	gen_context(system_u:object_r:dccifd_var_run_t,s0)
-/etc/dcc/map			--	gen_context(system_u:object_r:dcc_client_map_t,s0)
-
-/usr/bin/cdcc			--	gen_context(system_u:object_r:cdcc_exec_t,s0)
-/usr/bin/dccproc		--	gen_context(system_u:object_r:dcc_client_exec_t,s0)
-
-/usr/libexec/dcc/dbclean	--	gen_context(system_u:object_r:dcc_dbclean_exec_t,s0)
-/usr/libexec/dcc/dccd		--	gen_context(system_u:object_r:dccd_exec_t,s0)
-/usr/libexec/dcc/dccifd		--	gen_context(system_u:object_r:dccifd_exec_t,s0)
-/usr/libexec/dcc/dccm		--	gen_context(system_u:object_r:dccm_exec_t,s0)
-
-/var/dcc(/.*)?				gen_context(system_u:object_r:dcc_var_t,s0)
-/var/dcc/map			--	gen_context(system_u:object_r:dcc_client_map_t,s0)
-
-/var/lib/dcc(/.*)?			gen_context(system_u:object_r:dcc_var_t,s0)
-/var/lib/dcc/map		--	gen_context(system_u:object_r:dcc_client_map_t,s0)
-
-/var/run/dcc(/.*)?			gen_context(system_u:object_r:dcc_var_run_t,s0)
-/var/run/dcc/map		--	gen_context(system_u:object_r:dcc_client_map_t,s0)
-/var/run/dcc/dccifd		-s	gen_context(system_u:object_r:dccifd_var_run_t,s0)
diff --git a/policy/modules/services/dcc.if b/policy/modules/services/dcc.if
deleted file mode 100644
index bf65e7d..0000000
--- a/policy/modules/services/dcc.if
+++ /dev/null
@@ -1,173 +0,0 @@
-## <summary>Distributed checksum clearinghouse spam filtering</summary>
-
-########################################
-## <summary>
-##	Execute cdcc in the cdcc domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`dcc_domtrans_cdcc',`
-	gen_require(`
-		type cdcc_t, cdcc_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, cdcc_exec_t, cdcc_t)
-')
-
-########################################
-## <summary>
-##	Execute cdcc in the cdcc domain, and
-##	allow the specified role the cdcc domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`dcc_run_cdcc',`
-	gen_require(`
-		type cdcc_t;
-	')
-
-	dcc_domtrans_cdcc($1)
-	role $2 types cdcc_t;
-')
-
-########################################
-## <summary>
-##	Execute dcc_client in the dcc_client domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`dcc_domtrans_client',`
-	gen_require(`
-		type dcc_client_t, dcc_client_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, dcc_client_exec_t, dcc_client_t)
-')
-
-########################################
-## <summary>
-##	Send a signal to the dcc_client.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dcc_signal_client',`
-	gen_require(`
-		type dcc_client_t;
-	')
-
-	allow $1 dcc_client_t:process signal;
-')
-
-########################################
-## <summary>
-##	Execute dcc_client in the dcc_client domain, and
-##	allow the specified role the dcc_client domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`dcc_run_client',`
-	gen_require(`
-		type dcc_client_t;
-	')
-
-	dcc_domtrans_client($1)
-	role $2 types dcc_client_t;
-')
-
-########################################
-## <summary>
-##	Execute dbclean in the dcc_dbclean domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`dcc_domtrans_dbclean',`
-	gen_require(`
-		type dcc_dbclean_t, dcc_dbclean_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, dcc_dbclean_exec_t, dcc_dbclean_t)
-')
-
-########################################
-## <summary>
-##	Execute dbclean in the dcc_dbclean domain, and
-##	allow the specified role the dcc_dbclean domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`dcc_run_dbclean',`
-	gen_require(`
-		type dcc_dbclean_t;
-	')
-
-	dcc_domtrans_dbclean($1)
-	role $2 types dcc_dbclean_t;
-')
-
-########################################
-## <summary>
-##	Connect to dccifd over a unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dcc_stream_connect_dccifd',`
-	gen_require(`
-		type dcc_var_t, dccifd_var_run_t, dccifd_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, dcc_var_t, dccifd_var_run_t, dccifd_t)
-')
diff --git a/policy/modules/services/dcc.te b/policy/modules/services/dcc.te
deleted file mode 100644
index 8bab059..0000000
--- a/policy/modules/services/dcc.te
+++ /dev/null
@@ -1,404 +0,0 @@
-policy_module(dcc, 1.9.1)
-
-########################################
-#
-# Declarations
-#
-
-type cdcc_t;
-type cdcc_exec_t;
-application_domain(cdcc_t, cdcc_exec_t)
-role system_r types cdcc_t;
-
-type cdcc_tmp_t;
-files_tmp_file(cdcc_tmp_t)
-
-type dcc_client_t;
-type dcc_client_exec_t;
-application_domain(dcc_client_t, dcc_client_exec_t)
-role system_r types dcc_client_t;
-
-type dcc_client_map_t;
-files_type(dcc_client_map_t)
-
-type dcc_client_tmp_t;
-files_tmp_file(dcc_client_tmp_t)
-
-type dcc_dbclean_t;
-type dcc_dbclean_exec_t;
-application_domain(dcc_dbclean_t, dcc_dbclean_exec_t)
-role system_r types dcc_dbclean_t;
-
-type dcc_dbclean_tmp_t;
-files_tmp_file(dcc_dbclean_tmp_t)
-
-type dcc_var_t;
-files_type(dcc_var_t)
-
-type dcc_var_run_t;
-files_type(dcc_var_run_t)
-
-type dccd_t;
-type dccd_exec_t;
-init_daemon_domain(dccd_t, dccd_exec_t)
-
-type dccd_tmp_t;
-files_tmp_file(dccd_tmp_t)
-
-type dccd_var_run_t;
-files_pid_file(dccd_var_run_t)
-
-type dccifd_t;
-type dccifd_exec_t;
-init_daemon_domain(dccifd_t, dccifd_exec_t)
-
-type dccifd_tmp_t;
-files_tmp_file(dccifd_tmp_t)
-
-type dccifd_var_run_t;
-files_pid_file(dccifd_var_run_t)
-
-type dccm_t;
-type dccm_exec_t;
-init_daemon_domain(dccm_t, dccm_exec_t)
-
-type dccm_tmp_t;
-files_tmp_file(dccm_tmp_t)
-
-type dccm_var_run_t;
-files_pid_file(dccm_var_run_t)
-
-# NOTE: DCC has writeable files in /etc/dcc that should probably be in
-# /var/lib/dcc.  For now this policy supports both directories being
-# writable.
-
-# cjp: dccifd and dccm should be merged, as
-# they have the same rules.
-
-########################################
-#
-# dcc daemon controller local policy
-#
-
-allow cdcc_t self:capability { setuid setgid };
-allow cdcc_t self:unix_dgram_socket create_socket_perms;
-allow cdcc_t self:udp_socket create_socket_perms;
-
-manage_dirs_pattern(cdcc_t, cdcc_tmp_t, cdcc_tmp_t)
-manage_files_pattern(cdcc_t, cdcc_tmp_t, cdcc_tmp_t)
-files_tmp_filetrans(cdcc_t, cdcc_tmp_t, { file dir })
-
-allow cdcc_t dcc_client_map_t:file rw_file_perms;
-
-# Access files in /var/dcc. The map file can be updated
-allow cdcc_t dcc_var_t:dir list_dir_perms;
-read_files_pattern(cdcc_t, dcc_var_t, dcc_var_t)
-read_lnk_files_pattern(cdcc_t, dcc_var_t, dcc_var_t)
-
-corenet_all_recvfrom_unlabeled(cdcc_t)
-corenet_all_recvfrom_netlabel(cdcc_t)
-corenet_udp_sendrecv_generic_if(cdcc_t)
-corenet_udp_sendrecv_generic_node(cdcc_t)
-corenet_udp_sendrecv_all_ports(cdcc_t)
-
-files_read_etc_files(cdcc_t)
-files_read_etc_runtime_files(cdcc_t)
-
-auth_use_nsswitch(cdcc_t)
-
-logging_send_syslog_msg(cdcc_t)
-
-miscfiles_read_localization(cdcc_t)
-
-userdom_use_user_terminals(cdcc_t)
-
-########################################
-#
-# dcc procmail interface local policy
-#
-
-allow dcc_client_t self:capability { setuid setgid };
-allow dcc_client_t self:unix_dgram_socket create_socket_perms;
-allow dcc_client_t self:udp_socket create_socket_perms;
-
-allow dcc_client_t dcc_client_map_t:file rw_file_perms;
-
-manage_dirs_pattern(dcc_client_t, dcc_client_tmp_t, dcc_client_tmp_t)
-manage_files_pattern(dcc_client_t, dcc_client_tmp_t, dcc_client_tmp_t)
-files_tmp_filetrans(dcc_client_t, dcc_client_tmp_t, { file dir })
-
-# Access files in /var/dcc. The map file can be updated
-allow dcc_client_t dcc_var_t:dir list_dir_perms;
-manage_files_pattern(dcc_client_t, dcc_var_t, dcc_var_t)
-read_lnk_files_pattern(dcc_client_t, dcc_var_t, dcc_var_t)
-
-kernel_read_system_state(dcc_client_t)
-
-corenet_all_recvfrom_unlabeled(dcc_client_t)
-corenet_all_recvfrom_netlabel(dcc_client_t)
-corenet_udp_sendrecv_generic_if(dcc_client_t)
-corenet_udp_sendrecv_generic_node(dcc_client_t)
-corenet_udp_sendrecv_all_ports(dcc_client_t)
-corenet_udp_bind_generic_node(dcc_client_t)
-
-files_read_etc_files(dcc_client_t)
-files_read_etc_runtime_files(dcc_client_t)
-
-fs_getattr_all_fs(dcc_client_t)
-
-auth_use_nsswitch(dcc_client_t)
-
-logging_send_syslog_msg(dcc_client_t)
-
-miscfiles_read_localization(dcc_client_t)
-
-userdom_use_user_terminals(dcc_client_t)
-
-optional_policy(`
-	amavis_read_spool_files(dcc_client_t)
-')
-
-optional_policy(`
-	spamassassin_read_spamd_tmp_files(dcc_client_t)
-')
-
-########################################
-#
-# Database cleanup tool local policy
-#
-
-allow dcc_dbclean_t self:unix_dgram_socket create_socket_perms;
-allow dcc_dbclean_t self:udp_socket create_socket_perms;
-
-allow dcc_dbclean_t dcc_client_map_t:file rw_file_perms;
-
-manage_dirs_pattern(dcc_dbclean_t, dcc_dbclean_tmp_t, dcc_dbclean_tmp_t)
-manage_files_pattern(dcc_dbclean_t, dcc_dbclean_tmp_t, dcc_dbclean_tmp_t)
-files_tmp_filetrans(dcc_dbclean_t, dcc_dbclean_tmp_t, { file dir })
-
-manage_dirs_pattern(dcc_dbclean_t, dcc_var_t, dcc_var_t)
-manage_files_pattern(dcc_dbclean_t, dcc_var_t, dcc_var_t)
-manage_lnk_files_pattern(dcc_dbclean_t, dcc_var_t, dcc_var_t)
-
-kernel_read_system_state(dcc_dbclean_t)
-
-corenet_all_recvfrom_unlabeled(dcc_dbclean_t)
-corenet_all_recvfrom_netlabel(dcc_dbclean_t)
-corenet_udp_sendrecv_generic_if(dcc_dbclean_t)
-corenet_udp_sendrecv_generic_node(dcc_dbclean_t)
-corenet_udp_sendrecv_all_ports(dcc_dbclean_t)
-
-files_read_etc_files(dcc_dbclean_t)
-files_read_etc_runtime_files(dcc_dbclean_t)
-
-auth_use_nsswitch(dcc_dbclean_t)
-
-logging_send_syslog_msg(dcc_dbclean_t)
-
-miscfiles_read_localization(dcc_dbclean_t)
-
-userdom_use_user_terminals(dcc_dbclean_t)
-
-########################################
-#
-# Server daemon local policy
-#
-
-allow dccd_t self:capability net_admin;
-dontaudit dccd_t self:capability sys_tty_config;
-allow dccd_t self:process signal_perms;
-allow dccd_t self:unix_stream_socket create_socket_perms;
-allow dccd_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
-allow dccd_t self:udp_socket create_socket_perms;
-
-allow dccd_t dcc_client_map_t:file rw_file_perms;
-
-# Access files in /var/dcc. The map file can be updated
-allow dccd_t dcc_var_t:dir list_dir_perms;
-read_files_pattern(dccd_t, dcc_var_t, dcc_var_t)
-read_lnk_files_pattern(dccd_t, dcc_var_t, dcc_var_t)
-
-# Runs the dbclean program
-domtrans_pattern(dccd_t, dcc_dbclean_exec_t, dcc_dbclean_t)
-corecmd_search_bin(dccd_t)
-
-# Updating dcc_db, flod, ...
-manage_dirs_pattern(dccd_t, dcc_var_t, dcc_var_t)
-manage_files_pattern(dccd_t, dcc_var_t, dcc_var_t)
-manage_lnk_files_pattern(dccd_t, dcc_var_t, dcc_var_t)
-
-manage_dirs_pattern(dccd_t, dccd_tmp_t, dccd_tmp_t)
-manage_files_pattern(dccd_t, dccd_tmp_t, dccd_tmp_t)
-files_tmp_filetrans(dccd_t, dccd_tmp_t, { file dir })
-
-manage_dirs_pattern(dccd_t, dccd_var_run_t, dccd_var_run_t)
-manage_files_pattern(dccd_t, dccd_var_run_t, dccd_var_run_t)
-files_pid_filetrans(dccd_t, dccd_var_run_t, { dir file })
-
-kernel_read_system_state(dccd_t)
-kernel_read_kernel_sysctls(dccd_t)
-
-corenet_all_recvfrom_unlabeled(dccd_t)
-corenet_all_recvfrom_netlabel(dccd_t)
-corenet_udp_sendrecv_generic_if(dccd_t)
-corenet_udp_sendrecv_generic_node(dccd_t)
-corenet_udp_sendrecv_all_ports(dccd_t)
-corenet_udp_bind_generic_node(dccd_t)
-corenet_udp_bind_dcc_port(dccd_t)
-corenet_sendrecv_dcc_server_packets(dccd_t)
-
-dev_read_sysfs(dccd_t)
-
-domain_use_interactive_fds(dccd_t)
-
-files_read_etc_files(dccd_t)
-files_read_etc_runtime_files(dccd_t)
-
-fs_getattr_all_fs(dccd_t)
-fs_search_auto_mountpoints(dccd_t)
-
-auth_use_nsswitch(dccd_t)
-
-logging_send_syslog_msg(dccd_t)
-
-miscfiles_read_localization(dccd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(dccd_t)
-userdom_dontaudit_search_user_home_dirs(dccd_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(dccd_t)
-')
-
-optional_policy(`
-	udev_read_db(dccd_t)
-')
-
-########################################
-#
-# Spamassassin and general MTA persistent client local policy
-#
-
-dontaudit dccifd_t self:capability sys_tty_config;
-allow dccifd_t self:process signal_perms;
-allow dccifd_t self:unix_stream_socket create_stream_socket_perms;
-allow dccifd_t self:unix_dgram_socket create_socket_perms;
-allow dccifd_t self:udp_socket create_socket_perms;
-
-allow dccifd_t dcc_client_map_t:file rw_file_perms;
-
-# Updating dcc_db, flod, ...
-manage_dirs_pattern(dccifd_t, dcc_var_t, dcc_var_t)
-manage_files_pattern(dccifd_t, dcc_var_t, dcc_var_t)
-manage_lnk_files_pattern(dccifd_t, dcc_var_t, dcc_var_t)
-manage_fifo_files_pattern(dccifd_t, dcc_var_t, dcc_var_t)
-manage_sock_files_pattern(dccifd_t, dcc_var_t, dcc_var_t)
-
-manage_dirs_pattern(dccifd_t, dccifd_tmp_t, dccifd_tmp_t)
-manage_files_pattern(dccifd_t, dccifd_tmp_t, dccifd_tmp_t)
-files_tmp_filetrans(dccifd_t, dccifd_tmp_t, { file dir })
-
-manage_files_pattern(dccifd_t, dccifd_var_run_t, dccifd_var_run_t)
-manage_sock_files_pattern(dccifd_t, dccifd_var_run_t, dccifd_var_run_t)
-filetrans_pattern(dccifd_t, dcc_var_t, dccifd_var_run_t, { file sock_file })
-files_pid_filetrans(dccifd_t, dccifd_var_run_t, file)
-
-kernel_read_system_state(dccifd_t)
-kernel_read_kernel_sysctls(dccifd_t)
-
-corenet_all_recvfrom_unlabeled(dccifd_t)
-corenet_all_recvfrom_netlabel(dccifd_t)
-corenet_udp_sendrecv_generic_if(dccifd_t)
-corenet_udp_sendrecv_generic_node(dccifd_t)
-corenet_udp_sendrecv_all_ports(dccifd_t)
-
-dev_read_sysfs(dccifd_t)
-
-domain_use_interactive_fds(dccifd_t)
-
-files_read_etc_files(dccifd_t)
-files_read_etc_runtime_files(dccifd_t)
-
-fs_getattr_all_fs(dccifd_t)
-fs_search_auto_mountpoints(dccifd_t)
-
-auth_use_nsswitch(dccifd_t)
-
-logging_send_syslog_msg(dccifd_t)
-
-miscfiles_read_localization(dccifd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(dccifd_t)
-userdom_dontaudit_search_user_home_dirs(dccifd_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(dccifd_t)
-')
-
-optional_policy(`
-	udev_read_db(dccifd_t)
-')
-
-########################################
-#
-# sendmail milter client local policy
-#
-
-dontaudit dccm_t self:capability sys_tty_config;
-allow dccm_t self:process signal_perms;
-allow dccm_t self:unix_stream_socket create_stream_socket_perms;
-allow dccm_t self:unix_dgram_socket create_socket_perms;
-allow dccm_t self:udp_socket create_socket_perms;
-
-allow dccm_t dcc_client_map_t:file rw_file_perms;
-
-manage_dirs_pattern(dccm_t, dcc_var_t, dcc_var_t)
-manage_files_pattern(dccm_t, dcc_var_t, dcc_var_t)
-manage_lnk_files_pattern(dccm_t, dcc_var_t, dcc_var_t)
-manage_fifo_files_pattern(dccm_t, dcc_var_t, dcc_var_t)
-manage_sock_files_pattern(dccm_t, dcc_var_t, dcc_var_t)
-
-manage_dirs_pattern(dccm_t, dccm_tmp_t, dccm_tmp_t)
-manage_files_pattern(dccm_t, dccm_tmp_t, dccm_tmp_t)
-files_tmp_filetrans(dccm_t, dccm_tmp_t, { file dir })
-
-manage_files_pattern(dccm_t, dccm_var_run_t, dccm_var_run_t)
-manage_sock_files_pattern(dccm_t, dccm_var_run_t, dccm_var_run_t)
-filetrans_pattern(dccm_t, dcc_var_run_t, dccm_var_run_t, { file sock_file })
-files_pid_filetrans(dccm_t, dccm_var_run_t, file)
-
-kernel_read_system_state(dccm_t)
-kernel_read_kernel_sysctls(dccm_t)
-
-corenet_all_recvfrom_unlabeled(dccm_t)
-corenet_all_recvfrom_netlabel(dccm_t)
-corenet_udp_sendrecv_generic_if(dccm_t)
-corenet_udp_sendrecv_generic_node(dccm_t)
-corenet_udp_sendrecv_all_ports(dccm_t)
-
-dev_read_sysfs(dccm_t)
-
-domain_use_interactive_fds(dccm_t)
-
-files_read_etc_files(dccm_t)
-files_read_etc_runtime_files(dccm_t)
-
-fs_getattr_all_fs(dccm_t)
-fs_search_auto_mountpoints(dccm_t)
-
-auth_use_nsswitch(dccm_t)
-
-logging_send_syslog_msg(dccm_t)
-
-miscfiles_read_localization(dccm_t)
-
-userdom_dontaudit_use_unpriv_user_fds(dccm_t)
-userdom_dontaudit_search_user_home_dirs(dccm_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(dccm_t)
-')
-
-optional_policy(`
-	udev_read_db(dccm_t)
-')
diff --git a/policy/modules/services/ddclient.fc b/policy/modules/services/ddclient.fc
deleted file mode 100644
index 083c135..0000000
--- a/policy/modules/services/ddclient.fc
+++ /dev/null
@@ -1,12 +0,0 @@
-/etc/ddclient\.conf	--	gen_context(system_u:object_r:ddclient_etc_t,s0)
-/etc/ddtcd\.conf	--	gen_context(system_u:object_r:ddclient_etc_t,s0)
-/etc/rc\.d/init\.d/ddclient --	gen_context(system_u:object_r:ddclient_initrc_exec_t,s0)
-
-/usr/sbin/ddclient	--	gen_context(system_u:object_r:ddclient_exec_t,s0)
-/usr/sbin/ddtcd		--	gen_context(system_u:object_r:ddclient_exec_t,s0)
-
-/var/cache/ddclient(/.*)?	gen_context(system_u:object_r:ddclient_var_t,s0)
-/var/lib/ddt-client(/.*)?	gen_context(system_u:object_r:ddclient_var_lib_t,s0)
-/var/log/ddtcd\.log.*	--	gen_context(system_u:object_r:ddclient_log_t,s0)
-/var/run/ddclient\.pid	--	gen_context(system_u:object_r:ddclient_var_run_t,s0)
-/var/run/ddtcd\.pid	--	gen_context(system_u:object_r:ddclient_var_run_t,s0)
diff --git a/policy/modules/services/ddclient.if b/policy/modules/services/ddclient.if
deleted file mode 100644
index da508f4..0000000
--- a/policy/modules/services/ddclient.if
+++ /dev/null
@@ -1,93 +0,0 @@
-## <summary>Update dynamic IP address at DynDNS.org</summary>
-
-#######################################
-## <summary>
-##	Execute ddclient in the ddclient domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ddclient_domtrans',`
-	gen_require(`
-		type ddclient_t, ddclient_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, ddclient_exec_t, ddclient_t)
-')
-
-########################################
-## <summary>
-##	 Execute ddclient daemon on behalf of a user or staff type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	 Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ddclient_run',`
-	gen_require(`
-		type ddclient_t;
-	')
-
-	ddclient_domtrans($1)
-	role $2 types ddclient_t;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an ddclient environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the ddclient domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ddclient_admin',`
-	gen_require(`
-		type ddclient_t, ddclient_etc_t, ddclient_log_t;
-		type ddclient_var_t, ddclient_var_lib_t, ddclient_initrc_exec_t;
-		type ddclient_var_run_t;
-	')
-
-	allow $1 ddclient_t:process { ptrace signal_perms };
-	ps_process_pattern($1, ddclient_t)
-
-	init_labeled_script_domtrans($1, ddclient_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 ddclient_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, ddclient_etc_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, ddclient_log_t)
-
-	files_list_var($1)
-	admin_pattern($1, ddclient_var_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, ddclient_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, ddclient_var_run_t)
-')
diff --git a/policy/modules/services/ddclient.te b/policy/modules/services/ddclient.te
deleted file mode 100644
index 24ba98a..0000000
--- a/policy/modules/services/ddclient.te
+++ /dev/null
@@ -1,108 +0,0 @@
-policy_module(ddclient, 1.9.0)
-
-########################################
-#
-# Declarations
-#
-
-type ddclient_t;
-type ddclient_exec_t;
-init_daemon_domain(ddclient_t, ddclient_exec_t)
-
-type ddclient_etc_t;
-files_config_file(ddclient_etc_t)
-
-type ddclient_initrc_exec_t;
-init_script_file(ddclient_initrc_exec_t)
-
-type ddclient_log_t;
-logging_log_file(ddclient_log_t)
-
-type ddclient_var_t;
-files_type(ddclient_var_t)
-
-type ddclient_var_lib_t;
-files_type(ddclient_var_lib_t)
-
-type ddclient_var_run_t;
-files_pid_file(ddclient_var_run_t)
-
-########################################
-#
-# Declarations
-#
-
-dontaudit ddclient_t self:capability sys_tty_config;
-allow ddclient_t self:process signal_perms;
-allow ddclient_t self:fifo_file rw_fifo_file_perms;
-allow ddclient_t self:tcp_socket create_socket_perms;
-allow ddclient_t self:udp_socket create_socket_perms;
-
-allow ddclient_t ddclient_etc_t:file read_file_perms;
-
-allow ddclient_t ddclient_log_t:file manage_file_perms;
-logging_log_filetrans(ddclient_t, ddclient_log_t, file)
-
-manage_dirs_pattern(ddclient_t, ddclient_var_t, ddclient_var_t)
-manage_files_pattern(ddclient_t, ddclient_var_t, ddclient_var_t)
-manage_lnk_files_pattern(ddclient_t, ddclient_var_t, ddclient_var_t)
-manage_fifo_files_pattern(ddclient_t, ddclient_var_t, ddclient_var_t)
-manage_sock_files_pattern(ddclient_t, ddclient_var_t, ddclient_var_t)
-files_var_filetrans(ddclient_t, ddclient_var_t, { file lnk_file sock_file fifo_file })
-
-manage_files_pattern(ddclient_t, ddclient_var_lib_t, ddclient_var_lib_t)
-files_var_lib_filetrans(ddclient_t, ddclient_var_lib_t, file)
-
-manage_files_pattern(ddclient_t, ddclient_var_run_t, ddclient_var_run_t)
-files_pid_filetrans(ddclient_t, ddclient_var_run_t, file)
-
-kernel_read_system_state(ddclient_t)
-kernel_read_network_state(ddclient_t)
-kernel_read_software_raid_state(ddclient_t)
-kernel_getattr_core_if(ddclient_t)
-kernel_getattr_message_if(ddclient_t)
-kernel_read_kernel_sysctls(ddclient_t)
-
-corecmd_exec_shell(ddclient_t)
-corecmd_exec_bin(ddclient_t)
-
-corenet_all_recvfrom_unlabeled(ddclient_t)
-corenet_all_recvfrom_netlabel(ddclient_t)
-corenet_tcp_sendrecv_generic_if(ddclient_t)
-corenet_udp_sendrecv_generic_if(ddclient_t)
-corenet_tcp_sendrecv_generic_node(ddclient_t)
-corenet_udp_sendrecv_generic_node(ddclient_t)
-corenet_tcp_sendrecv_all_ports(ddclient_t)
-corenet_udp_sendrecv_all_ports(ddclient_t)
-corenet_tcp_connect_all_ports(ddclient_t)
-corenet_sendrecv_all_client_packets(ddclient_t)
-
-dev_read_sysfs(ddclient_t)
-dev_read_urand(ddclient_t)
-
-domain_use_interactive_fds(ddclient_t)
-
-files_read_etc_files(ddclient_t)
-files_read_etc_runtime_files(ddclient_t)
-files_read_usr_files(ddclient_t)
-
-fs_getattr_all_fs(ddclient_t)
-fs_search_auto_mountpoints(ddclient_t)
-
-logging_send_syslog_msg(ddclient_t)
-
-miscfiles_read_localization(ddclient_t)
-
-sysnet_exec_ifconfig(ddclient_t)
-sysnet_read_config(ddclient_t)
-
-userdom_dontaudit_use_unpriv_user_fds(ddclient_t)
-userdom_dontaudit_search_user_home_dirs(ddclient_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(ddclient_t)
-')
-
-optional_policy(`
-	udev_read_db(ddclient_t)
-')
diff --git a/policy/modules/services/denyhosts.fc b/policy/modules/services/denyhosts.fc
deleted file mode 100644
index 257fef6..0000000
--- a/policy/modules/services/denyhosts.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-/etc/rc\.d/init\.d/denyhosts	--	gen_context(system_u:object_r:denyhosts_initrc_exec_t,s0)
-
-/usr/bin/denyhosts\.py		--	gen_context(system_u:object_r:denyhosts_exec_t,s0)
-
-/var/lib/denyhosts(/.*)?		gen_context(system_u:object_r:denyhosts_var_lib_t,s0)
-/var/lock/subsys/denyhosts	--	gen_context(system_u:object_r:denyhosts_var_lock_t,s0)
-/var/log/denyhosts(/.*)?		gen_context(system_u:object_r:denyhosts_var_log_t,s0)
diff --git a/policy/modules/services/denyhosts.if b/policy/modules/services/denyhosts.if
deleted file mode 100644
index 9c9e65c..0000000
--- a/policy/modules/services/denyhosts.if
+++ /dev/null
@@ -1,86 +0,0 @@
-## <summary>DenyHosts SSH dictionary attack mitigation</summary>
-## <desc>
-##	<p>
-##	DenyHosts is a script intended to be run by Linux
-##	system administrators to help thwart SSH server attacks
-##	(also known as dictionary based attacks and brute force
-##	attacks).
-##	</p>
-## </desc>
-
-########################################
-## <summary>
-##	Execute a domain transition to run denyhosts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`denyhosts_domtrans',`
-	gen_require(`
-		type denyhosts_t, denyhosts_exec_t;
-	')
-
-	domtrans_pattern($1, denyhosts_exec_t, denyhosts_t)
-')
-
-########################################
-## <summary>
-##	Execute denyhost server in the denyhost domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`denyhosts_initrc_domtrans',`
-	gen_require(`
-		type denyhosts_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, denyhosts_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an denyhosts environment.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`denyhosts_admin',`
-	gen_require(`
-		type denyhosts_t, denyhosts_var_lib_t, denyhosts_var_lock_t;
-		type denyhosts_var_log_t, denyhosts_initrc_exec_t;
-	')
-
-	allow $1 denyhosts_t:process { ptrace signal_perms };
-	ps_process_pattern($1, denyhosts_t)
-
-	denyhosts_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 denyhosts_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_var_lib($1)
-	admin_pattern($1, denyhosts_var_lib_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, denyhosts_var_log_t)
-
-	files_list_locks($1)
-	admin_pattern($1, denyhosts_var_lock_t)
-')
diff --git a/policy/modules/services/denyhosts.te b/policy/modules/services/denyhosts.te
deleted file mode 100644
index b10da2c..0000000
--- a/policy/modules/services/denyhosts.te
+++ /dev/null
@@ -1,81 +0,0 @@
-policy_module(denyhosts, 1.0.0)
-
-########################################
-#
-# DenyHosts personal declarations.
-#
-
-type denyhosts_t;
-type denyhosts_exec_t;
-init_daemon_domain(denyhosts_t, denyhosts_exec_t)
-
-type denyhosts_initrc_exec_t;
-init_script_file(denyhosts_initrc_exec_t)
-
-type denyhosts_var_lib_t;
-files_type(denyhosts_var_lib_t)
-
-type denyhosts_var_lock_t;
-files_lock_file(denyhosts_var_lock_t)
-
-type denyhosts_var_log_t;
-logging_log_file(denyhosts_var_log_t)
-
-########################################
-#
-# DenyHosts personal policy.
-#
-# Bug #588563
-allow denyhosts_t self:capability sys_tty_config;
-allow denyhosts_t self:netlink_route_socket create_netlink_socket_perms;
-allow denyhosts_t self:tcp_socket create_socket_perms;
-allow denyhosts_t self:udp_socket create_socket_perms;
-
-manage_files_pattern(denyhosts_t, denyhosts_var_lib_t, denyhosts_var_lib_t)
-files_var_lib_filetrans(denyhosts_t, denyhosts_var_lib_t, file)
-
-manage_dirs_pattern(denyhosts_t, denyhosts_var_lock_t, denyhosts_var_lock_t)
-manage_files_pattern(denyhosts_t, denyhosts_var_lock_t, denyhosts_var_lock_t)
-files_lock_filetrans(denyhosts_t, denyhosts_var_lock_t, { dir file })
-
-append_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
-create_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
-read_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
-setattr_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
-logging_log_filetrans(denyhosts_t, denyhosts_var_log_t, file)
-
-kernel_read_system_state(denyhosts_t)
-
-corecmd_exec_bin(denyhosts_t)
-
-corenet_all_recvfrom_unlabeled(denyhosts_t)
-corenet_all_recvfrom_netlabel(denyhosts_t)
-corenet_tcp_sendrecv_generic_if(denyhosts_t)
-corenet_tcp_sendrecv_generic_node(denyhosts_t)
-corenet_tcp_bind_generic_node(denyhosts_t)
-corenet_tcp_connect_smtp_port(denyhosts_t)
-corenet_tcp_connect_sype_port(denyhosts_t)
-corenet_sendrecv_smtp_client_packets(denyhosts_t)
-
-dev_read_urand(denyhosts_t)
-
-files_read_etc_files(denyhosts_t)
-files_read_usr_files(denyhosts_t)
-
-# /var/log/secure
-logging_read_generic_logs(denyhosts_t)
-logging_send_syslog_msg(denyhosts_t)
-
-miscfiles_read_localization(denyhosts_t)
-
-sysnet_dns_name_resolve(denyhosts_t)
-sysnet_manage_config(denyhosts_t)
-sysnet_etc_filetrans_config(denyhosts_t)
-
-optional_policy(`
-	cron_system_entry(denyhosts_t, denyhosts_exec_t)
-')
-
-optional_policy(`
-	gnome_dontaudit_search_config(denyhosts_t)
-')
diff --git a/policy/modules/services/devicekit.fc b/policy/modules/services/devicekit.fc
deleted file mode 100644
index 418a5a0..0000000
--- a/policy/modules/services/devicekit.fc
+++ /dev/null
@@ -1,14 +0,0 @@
-/usr/libexec/devkit-daemon	--	gen_context(system_u:object_r:devicekit_exec_t,s0)
-/usr/libexec/devkit-disks-daemon --	gen_context(system_u:object_r:devicekit_disk_exec_t,s0)
-/usr/libexec/devkit-power-daemon --	gen_context(system_u:object_r:devicekit_power_exec_t,s0)
-/usr/libexec/udisks-daemon	--	gen_context(system_u:object_r:devicekit_disk_exec_t,s0)
-/usr/libexec/upowerd		--	gen_context(system_u:object_r:devicekit_power_exec_t,s0)
-
-/var/lib/DeviceKit-.*			gen_context(system_u:object_r:devicekit_var_lib_t,s0)
-/var/lib/upower(/.*)?			gen_context(system_u:object_r:devicekit_var_lib_t,s0)
-/var/lib/udisks(/.*)?			gen_context(system_u:object_r:devicekit_var_lib_t,s0)
-
-/var/run/devkit(/.*)?			gen_context(system_u:object_r:devicekit_var_run_t,s0)
-/var/run/DeviceKit-disks(/.*)?		gen_context(system_u:object_r:devicekit_var_run_t,s0)
-/var/run/udisks(/.*)?			gen_context(system_u:object_r:devicekit_var_run_t,s0)
-/var/run/upower(/.*)?			gen_context(system_u:object_r:devicekit_var_run_t,s0)
diff --git a/policy/modules/services/devicekit.if b/policy/modules/services/devicekit.if
deleted file mode 100644
index ab2edfc..0000000
--- a/policy/modules/services/devicekit.if
+++ /dev/null
@@ -1,175 +0,0 @@
-## <summary>Devicekit modular hardware abstraction layer</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run devicekit.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`devicekit_domtrans',`
-	gen_require(`
-		type devicekit_t, devicekit_exec_t;
-	')
-
-	domtrans_pattern($1, devicekit_exec_t, devicekit_t)
-')
-
-########################################
-## <summary>
-##	Send to devicekit over a unix domain
-##	datagram socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`devicekit_dgram_send',`
-	gen_require(`
-		type devicekit_t;
-	')
-
-	allow $1 devicekit_t:unix_dgram_socket sendto;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	devicekit over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`devicekit_dbus_chat',`
-	gen_require(`
-		type devicekit_t;
-		class dbus send_msg;
-	')
-
-	allow $1 devicekit_t:dbus send_msg;
-	allow devicekit_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	devicekit disk over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`devicekit_dbus_chat_disk',`
-	gen_require(`
-		type devicekit_disk_t;
-		class dbus send_msg;
-	')
-
-	allow $1 devicekit_disk_t:dbus send_msg;
-	allow devicekit_disk_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Send signal devicekit power
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`devicekit_signal_power',`
-	gen_require(`
-		type devicekit_power_t;
-	')
-
-	allow $1 devicekit_power_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	devicekit power over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`devicekit_dbus_chat_power',`
-	gen_require(`
-		type devicekit_power_t;
-		class dbus send_msg;
-	')
-
-	allow $1 devicekit_power_t:dbus send_msg;
-	allow devicekit_power_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Read devicekit PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`devicekit_read_pid_files',`
-	gen_require(`
-		type devicekit_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, devicekit_var_run_t, devicekit_var_run_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an devicekit environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`devicekit_admin',`
-	gen_require(`
-		type devicekit_t, devicekit_disk_t, devicekit_power_t;
-		type devicekit_var_lib_t, devicekit_var_run_t, devicekit_tmp_t;
-	')
-
-	allow $1 devicekit_t:process { ptrace signal_perms };
-	ps_process_pattern($1, devicekit_t)
-
-	allow $1 devicekit_disk_t:process { ptrace signal_perms };
-	ps_process_pattern($1, devicekit_disk_t)
-
-	allow $1 devicekit_power_t:process { ptrace signal_perms };
-	ps_process_pattern($1, devicekit_power_t)
-
-	admin_pattern($1, devicekit_tmp_t)
-	files_list_tmp($1)
-
-	admin_pattern($1, devicekit_var_lib_t)
-	files_list_var_lib($1)
-
-	admin_pattern($1, devicekit_var_run_t)
-	files_list_pids($1)
-')
diff --git a/policy/modules/services/devicekit.te b/policy/modules/services/devicekit.te
deleted file mode 100644
index 184b4b5..0000000
--- a/policy/modules/services/devicekit.te
+++ /dev/null
@@ -1,315 +0,0 @@
-policy_module(devicekit, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type devicekit_t;
-type devicekit_exec_t;
-dbus_system_domain(devicekit_t, devicekit_exec_t)
-
-type devicekit_power_t;
-type devicekit_power_exec_t;
-dbus_system_domain(devicekit_power_t, devicekit_power_exec_t)
-
-type devicekit_disk_t;
-type devicekit_disk_exec_t;
-dbus_system_domain(devicekit_disk_t, devicekit_disk_exec_t)
-
-type devicekit_tmp_t;
-files_tmp_file(devicekit_tmp_t)
-
-type devicekit_var_run_t;
-files_pid_file(devicekit_var_run_t)
-
-type devicekit_var_lib_t;
-files_type(devicekit_var_lib_t)
-
-########################################
-#
-# DeviceKit local policy
-#
-
-allow devicekit_t self:unix_dgram_socket create_socket_perms;
-
-manage_dirs_pattern(devicekit_t, devicekit_var_run_t, devicekit_var_run_t)
-manage_files_pattern(devicekit_t, devicekit_var_run_t, devicekit_var_run_t)
-files_pid_filetrans(devicekit_t, devicekit_var_run_t, { file dir })
-
-kernel_read_system_state(devicekit_t)
-
-dev_read_sysfs(devicekit_t)
-dev_read_urand(devicekit_t)
-
-files_read_etc_files(devicekit_t)
-
-miscfiles_read_localization(devicekit_t)
-
-optional_policy(`
-	dbus_system_bus_client(devicekit_t)
-
-	allow devicekit_t devicekit_disk_t:dbus send_msg;
-	allow devicekit_t devicekit_power_t:dbus send_msg;
-')
-
-optional_policy(`
-	udev_read_db(devicekit_t)
-')
-
-########################################
-#
-# DeviceKit disk local policy
-#
-
-allow devicekit_disk_t self:capability { chown setuid setgid dac_override fowner fsetid net_admin sys_admin sys_nice sys_ptrace sys_rawio };
-allow devicekit_disk_t self:process { getsched signal_perms };
-allow devicekit_disk_t self:fifo_file rw_fifo_file_perms;
-allow devicekit_disk_t self:netlink_kobject_uevent_socket create_socket_perms;
-
-manage_dirs_pattern(devicekit_disk_t, devicekit_tmp_t, devicekit_tmp_t)
-manage_files_pattern(devicekit_disk_t, devicekit_tmp_t, devicekit_tmp_t)
-files_tmp_filetrans(devicekit_disk_t, devicekit_tmp_t, { file dir })
-
-manage_dirs_pattern(devicekit_disk_t, devicekit_var_lib_t, devicekit_var_lib_t)
-manage_files_pattern(devicekit_disk_t, devicekit_var_lib_t, devicekit_var_lib_t)
-files_var_lib_filetrans(devicekit_disk_t, devicekit_var_lib_t, dir)
-
-allow devicekit_disk_t devicekit_var_run_t:dir mounton;
-manage_dirs_pattern(devicekit_disk_t, devicekit_var_run_t, devicekit_var_run_t)
-manage_files_pattern(devicekit_disk_t, devicekit_var_run_t, devicekit_var_run_t)
-files_pid_filetrans(devicekit_disk_t, devicekit_var_run_t, { file dir })
-
-kernel_list_unlabeled(devicekit_disk_t)
-kernel_getattr_message_if(devicekit_disk_t)
-kernel_read_fs_sysctls(devicekit_disk_t)
-kernel_read_network_state(devicekit_disk_t)
-kernel_read_software_raid_state(devicekit_disk_t)
-kernel_read_system_state(devicekit_disk_t)
-kernel_request_load_module(devicekit_disk_t)
-kernel_setsched(devicekit_disk_t)
-
-corecmd_exec_bin(devicekit_disk_t)
-corecmd_exec_shell(devicekit_disk_t)
-corecmd_getattr_all_executables(devicekit_disk_t)
-
-dev_rw_sysfs(devicekit_disk_t)
-dev_read_urand(devicekit_disk_t)
-dev_getattr_usbfs_dirs(devicekit_disk_t)
-dev_manage_generic_files(devicekit_disk_t)
-dev_getattr_all_chr_files(devicekit_disk_t)
-dev_getattr_mtrr_dev(devicekit_disk_t)
-
-domain_getattr_all_pipes(devicekit_disk_t)
-domain_getattr_all_sockets(devicekit_disk_t)
-domain_getattr_all_stream_sockets(devicekit_disk_t)
-domain_read_all_domains_state(devicekit_disk_t)
-
-files_dontaudit_read_all_symlinks(devicekit_disk_t)
-files_getattr_all_sockets(devicekit_disk_t)
-files_getattr_all_dirs(devicekit_disk_t)
-files_getattr_all_files(devicekit_disk_t)
-files_getattr_all_pipes(devicekit_disk_t)
-files_manage_boot_dirs(devicekit_disk_t)
-files_manage_isid_type_dirs(devicekit_disk_t)
-files_manage_mnt_dirs(devicekit_disk_t)
-files_read_etc_files(devicekit_disk_t)
-files_read_etc_runtime_files(devicekit_disk_t)
-files_read_usr_files(devicekit_disk_t)
-
-fs_list_inotifyfs(devicekit_disk_t)
-fs_manage_fusefs_dirs(devicekit_disk_t)
-fs_mount_all_fs(devicekit_disk_t)
-fs_unmount_all_fs(devicekit_disk_t)
-fs_search_all(devicekit_disk_t)
-
-mls_file_read_all_levels(devicekit_disk_t)
-mls_file_write_to_clearance(devicekit_disk_t)
-
-storage_raw_read_fixed_disk(devicekit_disk_t)
-storage_raw_write_fixed_disk(devicekit_disk_t)
-storage_raw_read_removable_device(devicekit_disk_t)
-storage_raw_write_removable_device(devicekit_disk_t)
-
-term_use_all_terms(devicekit_disk_t)
-
-auth_use_nsswitch(devicekit_disk_t)
-
-miscfiles_read_localization(devicekit_disk_t)
-
-userdom_read_all_users_state(devicekit_disk_t)
-userdom_search_user_home_dirs(devicekit_disk_t)
-
-optional_policy(`
-	dbus_system_bus_client(devicekit_disk_t)
-
-	allow devicekit_disk_t devicekit_t:dbus send_msg;
-
-	optional_policy(`
-		consolekit_dbus_chat(devicekit_disk_t)
-	')
-')
-
-optional_policy(`
-	fstools_domtrans(devicekit_disk_t)
-')
-
-optional_policy(`
-	lvm_domtrans(devicekit_disk_t)
-')
-
-optional_policy(`
-	mount_domtrans(devicekit_disk_t)
-')
-
-optional_policy(`
-	policykit_dbus_chat(devicekit_disk_t)
-	policykit_domtrans_auth(devicekit_disk_t)
-	policykit_read_lib(devicekit_disk_t)
-	policykit_read_reload(devicekit_disk_t)
-')
-
-optional_policy(`
-	raid_domtrans_mdadm(devicekit_disk_t)
-')
-
-optional_policy(`
-	udev_domtrans(devicekit_disk_t)
-	udev_read_db(devicekit_disk_t)
-')
-
-optional_policy(`
-	virt_manage_images(devicekit_disk_t)
-')
-
-optional_policy(`
-	unconfined_domain(devicekit_t)
-	unconfined_domain(devicekit_power_t)
-	unconfined_domain(devicekit_disk_t)
-')
-
-########################################
-#
-# DeviceKit-Power local policy
-#
-
-allow devicekit_power_t self:capability { dac_override net_admin sys_admin sys_tty_config sys_nice sys_ptrace };
-allow devicekit_power_t self:process { getsched signal_perms };
-allow devicekit_power_t self:fifo_file rw_fifo_file_perms;
-allow devicekit_power_t self:unix_dgram_socket create_socket_perms;
-allow devicekit_power_t self:netlink_kobject_uevent_socket create_socket_perms;
-
-manage_dirs_pattern(devicekit_power_t, devicekit_tmp_t, devicekit_tmp_t)
-manage_files_pattern(devicekit_power_t, devicekit_tmp_t, devicekit_tmp_t)
-files_tmp_filetrans(devicekit_power_t, devicekit_tmp_t, { file dir })
-
-manage_dirs_pattern(devicekit_power_t, devicekit_var_lib_t, devicekit_var_lib_t)
-manage_files_pattern(devicekit_power_t, devicekit_var_lib_t, devicekit_var_lib_t)
-files_var_lib_filetrans(devicekit_power_t, devicekit_var_lib_t, dir)
-
-kernel_read_network_state(devicekit_power_t)
-kernel_read_system_state(devicekit_power_t)
-kernel_rw_hotplug_sysctls(devicekit_power_t)
-kernel_rw_kernel_sysctl(devicekit_power_t)
-kernel_search_debugfs(devicekit_power_t)
-kernel_write_proc_files(devicekit_power_t)
-
-corecmd_exec_bin(devicekit_power_t)
-corecmd_exec_shell(devicekit_power_t)
-
-consoletype_exec(devicekit_power_t)
-
-domain_read_all_domains_state(devicekit_power_t)
-
-dev_read_input(devicekit_power_t)
-dev_rw_generic_usb_dev(devicekit_power_t)
-dev_rw_generic_chr_files(devicekit_power_t)
-dev_rw_netcontrol(devicekit_power_t)
-dev_rw_sysfs(devicekit_power_t)
-dev_read_rand(devicekit_power_t)
-
-files_read_kernel_img(devicekit_power_t)
-files_read_etc_files(devicekit_power_t)
-files_read_usr_files(devicekit_power_t)
-
-fs_list_inotifyfs(devicekit_power_t)
-fs_getattr_all_fs(devicekit_power_t)
-
-term_use_all_terms(devicekit_power_t)
-
-auth_use_nsswitch(devicekit_power_t)
-
-miscfiles_read_localization(devicekit_power_t)
-
-modutils_domtrans_insmod(devicekit_power_t)
-
-sysnet_read_config(devicekit_power_t)
-sysnet_domtrans_ifconfig(devicekit_power_t)
-sysnet_domtrans_dhcpc(devicekit_power_t)
-
-userdom_read_all_users_state(devicekit_power_t)
-
-optional_policy(`
-	bootloader_domtrans(devicekit_power_t)
-')
-
-optional_policy(`
-	cron_initrc_domtrans(devicekit_power_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(devicekit_power_t)
-
-	allow devicekit_power_t devicekit_t:dbus send_msg;
-
-	optional_policy(`
-		consolekit_dbus_chat(devicekit_power_t)
-	')
-
-	optional_policy(`
-		networkmanager_dbus_chat(devicekit_power_t)
-	')
-
-	optional_policy(`
-		rpm_dbus_chat(devicekit_power_t)
-	')
-')
-
-optional_policy(`
-	fstools_domtrans(devicekit_power_t)
-')
-
-optional_policy(`
-	gnome_read_home_config(devicekit_power_t)
-')
-
-optional_policy(`
-	hal_domtrans_mac(devicekit_power_t)
-	hal_manage_log(devicekit_power_t)
-	hal_manage_pid_dirs(devicekit_power_t)
-	hal_manage_pid_files(devicekit_power_t)
-	hal_dbus_chat(devicekit_power_t)
-')
-
-optional_policy(`
-	networkmanager_domtrans(devicekit_power_t)
-')
-
-optional_policy(`
-	policykit_dbus_chat(devicekit_power_t)
-	policykit_domtrans_auth(devicekit_power_t)
-	policykit_read_lib(devicekit_power_t)
-	policykit_read_reload(devicekit_power_t)
-')
-
-optional_policy(`
-	udev_read_db(devicekit_power_t)
-')
-
-optional_policy(`
-	usbmuxd_stream_connect(devicekit_power_t)
-')
-
-optional_policy(`
-	vbetool_domtrans(devicekit_power_t)
-')
diff --git a/policy/modules/services/dhcp.fc b/policy/modules/services/dhcp.fc
deleted file mode 100644
index 767e0c7..0000000
--- a/policy/modules/services/dhcp.fc
+++ /dev/null
@@ -1,8 +0,0 @@
-/etc/rc\.d/init\.d/dhcpd	--	gen_context(system_u:object_r:dhcpd_initrc_exec_t,s0)
-
-/usr/sbin/dhcpd.*		--	gen_context(system_u:object_r:dhcpd_exec_t,s0)
-
-/var/lib/dhcpd(/.*)?			gen_context(system_u:object_r:dhcpd_state_t,s0)
-/var/lib/dhcp(3)?/dhcpd\.leases.* --	gen_context(system_u:object_r:dhcpd_state_t,s0)
-
-/var/run/dhcpd\.pid		--	gen_context(system_u:object_r:dhcpd_var_run_t,s0)
diff --git a/policy/modules/services/dhcp.if b/policy/modules/services/dhcp.if
deleted file mode 100644
index 7e129ff..0000000
--- a/policy/modules/services/dhcp.if
+++ /dev/null
@@ -1,99 +0,0 @@
-## <summary>Dynamic host configuration protocol (DHCP) server</summary>
-
-########################################
-## <summary>
-##	Transition to dhcpd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`dhcpd_domtrans',`
-	gen_require(`
-		type dhcpd_t, dhcpd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, dhcpd_exec_t, dhcpd_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes of the DCHP
-##	server state files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dhcpd_setattr_state_files',`
-	gen_require(`
-		type dhcpd_state_t;
-	')
-
-	sysnet_search_dhcp_state($1)
-	allow $1 dhcpd_state_t:file setattr_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute dhcp server in the dhcp domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-#
-interface(`dhcpd_initrc_domtrans',`
-	gen_require(`
-		type dhcpd_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, dhcpd_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an dhcp environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the dhcp domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`dhcpd_admin',`
-	gen_require(`
-		type dhcpd_t, dhcpd_tmp_t, dhcpd_state_t;
-		type dhcpd_var_run_t, dhcpd_initrc_exec_t;
-	')
-
-	allow $1 dhcpd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, dhcpd_t)
-
-	init_labeled_script_domtrans($1, dhcpd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 dhcpd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, dhcpd_tmp_t)
-
-	admin_pattern($1, dhcpd_state_t)
-
-	files_list_pids($1)
-	admin_pattern($1, dhcpd_var_run_t)
-')
diff --git a/policy/modules/services/dhcp.te b/policy/modules/services/dhcp.te
deleted file mode 100644
index a307b51..0000000
--- a/policy/modules/services/dhcp.te
+++ /dev/null
@@ -1,128 +0,0 @@
-policy_module(dhcp, 1.9.0)
-
-########################################
-#
-# Declarations
-#
-
-type dhcpd_t;
-type dhcpd_exec_t;
-init_daemon_domain(dhcpd_t, dhcpd_exec_t)
-
-type dhcpd_initrc_exec_t;
-init_script_file(dhcpd_initrc_exec_t)
-
-type dhcpd_state_t;
-files_type(dhcpd_state_t)
-
-type dhcpd_tmp_t;
-files_tmp_file(dhcpd_tmp_t)
-
-type dhcpd_var_run_t;
-files_pid_file(dhcpd_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow dhcpd_t self:capability { net_raw sys_resource };
-dontaudit dhcpd_t self:capability { net_admin sys_tty_config };
-allow dhcpd_t self:process signal_perms;
-allow dhcpd_t self:fifo_file rw_fifo_file_perms;
-allow dhcpd_t self:unix_dgram_socket create_socket_perms;
-allow dhcpd_t self:unix_stream_socket create_socket_perms;
-allow dhcpd_t self:tcp_socket create_stream_socket_perms;
-allow dhcpd_t self:udp_socket create_socket_perms;
-# Allow dhcpd_t to use packet sockets
-allow dhcpd_t self:packet_socket create_socket_perms;
-allow dhcpd_t self:rawip_socket create_socket_perms;
-
-can_exec(dhcpd_t, dhcpd_exec_t)
-
-manage_files_pattern(dhcpd_t, dhcpd_state_t, dhcpd_state_t)
-sysnet_dhcp_state_filetrans(dhcpd_t, dhcpd_state_t, file)
-
-manage_dirs_pattern(dhcpd_t, dhcpd_tmp_t, dhcpd_tmp_t)
-manage_files_pattern(dhcpd_t, dhcpd_tmp_t, dhcpd_tmp_t)
-files_tmp_filetrans(dhcpd_t, dhcpd_tmp_t, { file dir })
-
-manage_files_pattern(dhcpd_t, dhcpd_var_run_t, dhcpd_var_run_t)
-files_pid_filetrans(dhcpd_t, dhcpd_var_run_t, file)
-
-kernel_read_system_state(dhcpd_t)
-kernel_read_kernel_sysctls(dhcpd_t)
-kernel_read_network_state(dhcpd_t)
-
-corenet_all_recvfrom_unlabeled(dhcpd_t)
-corenet_all_recvfrom_netlabel(dhcpd_t)
-corenet_tcp_sendrecv_generic_if(dhcpd_t)
-corenet_udp_sendrecv_generic_if(dhcpd_t)
-corenet_raw_sendrecv_generic_if(dhcpd_t)
-corenet_tcp_sendrecv_generic_node(dhcpd_t)
-corenet_udp_sendrecv_generic_node(dhcpd_t)
-corenet_raw_sendrecv_generic_node(dhcpd_t)
-corenet_tcp_sendrecv_all_ports(dhcpd_t)
-corenet_udp_sendrecv_all_ports(dhcpd_t)
-corenet_tcp_bind_generic_node(dhcpd_t)
-corenet_udp_bind_generic_node(dhcpd_t)
-corenet_tcp_bind_dhcpd_port(dhcpd_t)
-corenet_udp_bind_dhcpd_port(dhcpd_t)
-corenet_udp_bind_pxe_port(dhcpd_t)
-corenet_tcp_connect_all_ports(dhcpd_t)
-corenet_sendrecv_dhcpd_server_packets(dhcpd_t)
-corenet_sendrecv_pxe_server_packets(dhcpd_t)
-corenet_sendrecv_all_client_packets(dhcpd_t)
-
-dev_read_sysfs(dhcpd_t)
-dev_read_rand(dhcpd_t)
-dev_read_urand(dhcpd_t)
-
-fs_getattr_all_fs(dhcpd_t)
-fs_search_auto_mountpoints(dhcpd_t)
-
-corecmd_exec_bin(dhcpd_t)
-
-domain_use_interactive_fds(dhcpd_t)
-
-files_read_etc_files(dhcpd_t)
-files_read_usr_files(dhcpd_t)
-files_read_etc_runtime_files(dhcpd_t)
-files_search_var_lib(dhcpd_t)
-
-auth_use_nsswitch(dhcpd_t)
-
-logging_send_syslog_msg(dhcpd_t)
-
-miscfiles_read_localization(dhcpd_t)
-
-sysnet_read_dhcp_config(dhcpd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(dhcpd_t)
-userdom_dontaudit_search_user_home_dirs(dhcpd_t)
-
-ifdef(`distro_gentoo',`
-	allow dhcpd_t self:capability { chown dac_override setgid setuid sys_chroot };
-')
-
-optional_policy(`
-	# used for dynamic DNS
-	bind_read_dnssec_keys(dhcpd_t)
-')
-
-optional_policy(`
-	cobbler_dontaudit_rw_log(dhcpd_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(dhcpd_t)
-	dbus_connect_system_bus(dhcpd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(dhcpd_t)
-')
-
-optional_policy(`
-	udev_read_db(dhcpd_t)
-')
diff --git a/policy/modules/services/dictd.fc b/policy/modules/services/dictd.fc
deleted file mode 100644
index 54f88c8..0000000
--- a/policy/modules/services/dictd.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-/etc/rc\.d/init\.d/dictd --	gen_context(system_u:object_r:dictd_initrc_exec_t,s0)
-
-/etc/dictd\.conf	--	gen_context(system_u:object_r:dictd_etc_t,s0)
-
-/usr/sbin/dictd		--	gen_context(system_u:object_r:dictd_exec_t,s0)
-
-/var/lib/dictd(/.*)?		gen_context(system_u:object_r:dictd_var_lib_t,s0)
-
-/var/run/dictd\.pid	--	gen_context(system_u:object_r:dictd_var_run_t,s0)
diff --git a/policy/modules/services/dictd.if b/policy/modules/services/dictd.if
deleted file mode 100644
index a0d23ce..0000000
--- a/policy/modules/services/dictd.if
+++ /dev/null
@@ -1,57 +0,0 @@
-## <summary>Dictionary daemon</summary>
-
-########################################
-## <summary>
-##	Use dictionary services by connecting
-##	over TCP.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dictd_tcp_connect',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an dictd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the dictd domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`dictd_admin',`
-	gen_require(`
-		type dictd_t, dictd_etc_t, dictd_var_lib_t;
-		type dictd_var_run_t, dictd_initrc_exec_t;
-	')
-
-	allow $1 dictd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, dictd_t)
-
-	init_labeled_script_domtrans($1, dictd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 dictd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, dictd_etc_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, dictd_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, dictd_var_run_t)
-')
diff --git a/policy/modules/services/dictd.te b/policy/modules/services/dictd.te
deleted file mode 100644
index d2d9359..0000000
--- a/policy/modules/services/dictd.te
+++ /dev/null
@@ -1,98 +0,0 @@
-policy_module(dictd, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type dictd_t;
-type dictd_exec_t;
-init_daemon_domain(dictd_t, dictd_exec_t)
-
-type dictd_etc_t;
-files_config_file(dictd_etc_t)
-
-type dictd_initrc_exec_t;
-init_script_file(dictd_initrc_exec_t)
-
-type dictd_var_lib_t alias var_lib_dictd_t;
-files_type(dictd_var_lib_t)
-
-type dictd_var_run_t;
-files_pid_file(dictd_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow dictd_t self:capability { setuid setgid };
-dontaudit dictd_t self:capability sys_tty_config;
-allow dictd_t self:process { signal_perms setpgid };
-allow dictd_t self:unix_stream_socket create_stream_socket_perms;
-allow dictd_t self:tcp_socket create_stream_socket_perms;
-allow dictd_t self:udp_socket create_socket_perms;
-
-allow dictd_t dictd_etc_t:file read_file_perms;
-files_search_etc(dictd_t)
-
-allow dictd_t dictd_var_lib_t:dir list_dir_perms;
-allow dictd_t dictd_var_lib_t:file read_file_perms;
-
-manage_files_pattern(dictd_t, dictd_var_run_t, dictd_var_run_t)
-files_pid_filetrans(dictd_t, dictd_var_run_t, file)
-
-kernel_read_system_state(dictd_t)
-kernel_read_kernel_sysctls(dictd_t)
-
-corenet_all_recvfrom_unlabeled(dictd_t)
-corenet_all_recvfrom_netlabel(dictd_t)
-corenet_tcp_sendrecv_generic_if(dictd_t)
-corenet_raw_sendrecv_generic_if(dictd_t)
-corenet_udp_sendrecv_generic_if(dictd_t)
-corenet_tcp_sendrecv_generic_node(dictd_t)
-corenet_udp_sendrecv_generic_node(dictd_t)
-corenet_raw_sendrecv_generic_node(dictd_t)
-corenet_tcp_sendrecv_all_ports(dictd_t)
-corenet_udp_sendrecv_all_ports(dictd_t)
-corenet_tcp_bind_generic_node(dictd_t)
-corenet_tcp_bind_dict_port(dictd_t)
-corenet_sendrecv_dict_server_packets(dictd_t)
-
-dev_read_sysfs(dictd_t)
-
-fs_getattr_xattr_fs(dictd_t)
-fs_search_auto_mountpoints(dictd_t)
-
-domain_use_interactive_fds(dictd_t)
-
-files_read_etc_files(dictd_t)
-files_read_etc_runtime_files(dictd_t)
-files_read_usr_files(dictd_t)
-files_search_var_lib(dictd_t)
-# for checking for nscd
-files_dontaudit_search_pids(dictd_t)
-
-logging_send_syslog_msg(dictd_t)
-
-miscfiles_read_localization(dictd_t)
-
-sysnet_read_config(dictd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(dictd_t)
-
-optional_policy(`
-	nis_use_ypbind(dictd_t)
-')
-
-optional_policy(`
-	nscd_socket_use(dictd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(dictd_t)
-')
-
-optional_policy(`
-	udev_read_db(dictd_t)
-')
diff --git a/policy/modules/services/distcc.fc b/policy/modules/services/distcc.fc
deleted file mode 100644
index 6ce6b00..0000000
--- a/policy/modules/services/distcc.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-
-/usr/bin/distccd	--	gen_context(system_u:object_r:distccd_exec_t,s0)
diff --git a/policy/modules/services/distcc.if b/policy/modules/services/distcc.if
deleted file mode 100644
index 926e959..0000000
--- a/policy/modules/services/distcc.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>Distributed compiler daemon</summary>
diff --git a/policy/modules/services/distcc.te b/policy/modules/services/distcc.te
deleted file mode 100644
index 54d93e8..0000000
--- a/policy/modules/services/distcc.te
+++ /dev/null
@@ -1,93 +0,0 @@
-policy_module(distcc, 1.8.0)
-
-########################################
-#
-# Declarations
-#
-
-type distccd_t;
-type distccd_exec_t;
-init_daemon_domain(distccd_t, distccd_exec_t)
-
-type distccd_log_t;
-logging_log_file(distccd_log_t)
-
-type distccd_tmp_t;
-files_tmp_file(distccd_tmp_t)
-
-type distccd_var_run_t;
-files_pid_file(distccd_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow distccd_t self:capability { setgid setuid };
-dontaudit distccd_t self:capability sys_tty_config;
-allow distccd_t self:process { signal_perms setsched };
-allow distccd_t self:fifo_file rw_fifo_file_perms;
-allow distccd_t self:netlink_route_socket r_netlink_socket_perms;
-allow distccd_t self:tcp_socket create_stream_socket_perms;
-allow distccd_t self:udp_socket create_socket_perms;
-
-allow distccd_t distccd_log_t:file manage_file_perms;
-logging_log_filetrans(distccd_t, distccd_log_t, file)
-
-manage_dirs_pattern(distccd_t, distccd_tmp_t, distccd_tmp_t)
-manage_files_pattern(distccd_t, distccd_tmp_t, distccd_tmp_t)
-files_tmp_filetrans(distccd_t, distccd_tmp_t, { file dir })
-
-manage_files_pattern(distccd_t, distccd_var_run_t, distccd_var_run_t)
-files_pid_filetrans(distccd_t, distccd_var_run_t, file)
-
-kernel_read_system_state(distccd_t)
-kernel_read_kernel_sysctls(distccd_t)
-
-corenet_all_recvfrom_unlabeled(distccd_t)
-corenet_all_recvfrom_netlabel(distccd_t)
-corenet_tcp_sendrecv_generic_if(distccd_t)
-corenet_udp_sendrecv_generic_if(distccd_t)
-corenet_tcp_sendrecv_generic_node(distccd_t)
-corenet_udp_sendrecv_generic_node(distccd_t)
-corenet_tcp_sendrecv_all_ports(distccd_t)
-corenet_udp_sendrecv_all_ports(distccd_t)
-corenet_tcp_bind_generic_node(distccd_t)
-corenet_tcp_bind_distccd_port(distccd_t)
-corenet_sendrecv_distccd_server_packets(distccd_t)
-
-dev_read_sysfs(distccd_t)
-
-fs_getattr_all_fs(distccd_t)
-fs_search_auto_mountpoints(distccd_t)
-
-corecmd_exec_bin(distccd_t)
-corecmd_read_bin_symlinks(distccd_t)
-
-domain_use_interactive_fds(distccd_t)
-
-files_read_etc_files(distccd_t)
-files_read_etc_runtime_files(distccd_t)
-
-libs_exec_lib_files(distccd_t)
-
-logging_send_syslog_msg(distccd_t)
-
-miscfiles_read_localization(distccd_t)
-
-sysnet_read_config(distccd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(distccd_t)
-userdom_dontaudit_search_user_home_dirs(distccd_t)
-
-optional_policy(`
-	nis_use_ypbind(distccd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(distccd_t)
-')
-
-optional_policy(`
-	udev_read_db(distccd_t)
-')
diff --git a/policy/modules/services/djbdns.fc b/policy/modules/services/djbdns.fc
deleted file mode 100644
index fdb6652..0000000
--- a/policy/modules/services/djbdns.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-
-/usr/bin/axfrdns		--	gen_context(system_u:object_r:djbdns_axfrdns_exec_t,s0)
-/usr/bin/dnscache	--	gen_context(system_u:object_r:djbdns_dnscache_exec_t,s0)
-/usr/bin/tinydns		--	gen_context(system_u:object_r:djbdns_tinydns_exec_t,s0)
-
-/var/axfrdns/root(/.*)?		gen_context(system_u:object_r:djbdns_axfrdns_conf_t,s0)
-/var/dnscache/root(/.*)?		gen_context(system_u:object_r:djbdns_dnscache_conf_t,s0)
-/var/tinydns/root(/.*)?		gen_context(system_u:object_r:djbdns_tinydns_conf_t,s0)
-
diff --git a/policy/modules/services/djbdns.if b/policy/modules/services/djbdns.if
deleted file mode 100644
index ade3079..0000000
--- a/policy/modules/services/djbdns.if
+++ /dev/null
@@ -1,90 +0,0 @@
-## <summary>small and secure DNS daemon</summary>
-
-########################################
-## <summary>
-##	Create a set of derived types for djbdns
-##	components that are directly supervised by daemontools.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	The prefix to be used for deriving type names.
-##	</summary>
-## </param>
-#
-template(`djbdns_daemontools_domain_template',`
-
-	type djbdns_$1_t;
-	type djbdns_$1_exec_t;
-	type djbdns_$1_conf_t;
-	files_config_file(djbdns_$1_conf_t)
-
-	domain_type(djbdns_$1_t)
-	domain_entry_file(djbdns_$1_t, djbdns_$1_exec_t)
-	role system_r types djbdns_$1_t;
-
-	daemontools_service_domain(djbdns_$1_t, djbdns_$1_exec_t)
-	daemontools_read_svc(djbdns_$1_t)
-
-	allow djbdns_$1_t self:capability { net_bind_service setgid setuid sys_chroot };
-	allow djbdns_$1_t self:process signal;
-	allow djbdns_$1_t self:fifo_file rw_fifo_file_perms;
-	allow djbdns_$1_t self:tcp_socket create_stream_socket_perms;
-	allow djbdns_$1_t self:udp_socket create_socket_perms;
-
-	allow djbdns_$1_t djbdns_$1_conf_t:dir list_dir_perms;
-	allow djbdns_$1_t djbdns_$1_conf_t:file read_file_perms;
-
-	corenet_all_recvfrom_unlabeled(djbdns_$1_t)
-	corenet_all_recvfrom_netlabel(djbdns_$1_t)
-	corenet_tcp_sendrecv_generic_if(djbdns_$1_t)
-	corenet_udp_sendrecv_generic_if(djbdns_$1_t)
-	corenet_tcp_sendrecv_generic_node(djbdns_$1_t)
-	corenet_udp_sendrecv_generic_node(djbdns_$1_t)
-	corenet_tcp_sendrecv_all_ports(djbdns_$1_t)
-	corenet_udp_sendrecv_all_ports(djbdns_$1_t)
-	corenet_tcp_bind_generic_node(djbdns_$1_t)
-	corenet_udp_bind_generic_node(djbdns_$1_t)
-	corenet_tcp_bind_dns_port(djbdns_$1_t)
-	corenet_udp_bind_dns_port(djbdns_$1_t)
-	corenet_udp_bind_generic_port(djbdns_$1_t)
-	corenet_sendrecv_dns_server_packets(djbdns_$1_t)
-	corenet_sendrecv_generic_server_packets(djbdns_$1_t)
-
-	files_search_var(djbdns_$1_t)
-')
-
-#####################################
-## <summary>
-##	Allow search the djbdns-tinydns key ring.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`djbdns_search_tinydns_keys',`
-	gen_require(`
-		type djbdns_tinydns_t;
-	')
-
-	allow $1 djbdns_tinydns_t:key search;
-')
-
-#####################################
-## <summary>
-##	Allow link to the djbdns-tinydns key ring.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`djbdns_link_tinydns_keys',`
-	gen_require(`
-		type djbdns_tinydn_t;
-	')
-
-	allow $1 djbdns_tinydn_t:key link;
-')
diff --git a/policy/modules/services/djbdns.te b/policy/modules/services/djbdns.te
deleted file mode 100644
index 51e2ce8..0000000
--- a/policy/modules/services/djbdns.te
+++ /dev/null
@@ -1,49 +0,0 @@
-policy_module(djbdns, 1.4.1)
-
-########################################
-#
-# Declarations
-#
-
-type djbdns_axfrdns_t;
-type djbdns_axfrdns_exec_t;
-domain_type(djbdns_axfrdns_t)
-domain_entry_file(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
-role system_r types djbdns_axfrdns_t;
-
-type djbdns_axfrdns_conf_t;
-files_config_file(djbdns_axfrdns_conf_t)
-
-djbdns_daemontools_domain_template(dnscache)
-
-djbdns_daemontools_domain_template(tinydns)
-
-########################################
-#
-# Local policy for axfrdns component
-#
-
-allow djbdns_axfrdns_t self:capability { setuid setgid sys_chroot };
-
-allow djbdns_axfrdns_t djbdns_axfrdns_conf_t:dir list_dir_perms;
-allow djbdns_axfrdns_t djbdns_axfrdns_conf_t:file read_file_perms;
-
-allow djbdns_axfrdns_t djbdns_tinydns_t:dir list_dir_perms;
-allow djbdns_axfrdns_t djbdns_tinydns_t:file read_file_perms;
-
-allow djbdns_axfrdns_t djbdns_tinydns_conf_t:dir list_dir_perms;
-allow djbdns_axfrdns_t djbdns_tinydns_conf_t:file read_file_perms;
-
-files_search_var(djbdns_axfrdns_t)
-
-daemontools_ipc_domain(djbdns_axfrdns_t)
-daemontools_read_svc(djbdns_axfrdns_t)
-
-ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
-
-########################################
-#
-# Local policy for tinydns
-#
-
-init_dontaudit_use_script_fds(djbdns_tinydns_t)
diff --git a/policy/modules/services/dkim.fc b/policy/modules/services/dkim.fc
deleted file mode 100644
index dc1056c..0000000
--- a/policy/modules/services/dkim.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-/etc/mail/dkim-milter/keys(/.*)?	gen_context(system_u:object_r:dkim_milter_private_key_t,s0)
-
-/usr/sbin/dkim-filter		--	gen_context(system_u:object_r:dkim_milter_exec_t,s0)
-
-/var/db/dkim(/.*)?			gen_context(system_u:object_r:dkim_milter_private_key_t,s0)
-
-/var/run/dkim-filter(/.*)?		gen_context(system_u:object_r:dkim_milter_data_t,s0)
-/var/run/dkim-milter(/.*)?		gen_context(system_u:object_r:dkim_milter_data_t,s0)
-/var/run/dkim-milter\.pid	--	gen_context(system_u:object_r:dkim_milter_data_t,s0)
diff --git a/policy/modules/services/dkim.if b/policy/modules/services/dkim.if
deleted file mode 100644
index 32d108a..0000000
--- a/policy/modules/services/dkim.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>DomainKeys Identified Mail milter.</summary>
diff --git a/policy/modules/services/dkim.te b/policy/modules/services/dkim.te
deleted file mode 100644
index 1b4983d..0000000
--- a/policy/modules/services/dkim.te
+++ /dev/null
@@ -1,31 +0,0 @@
-policy_module(dkim, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-milter_template(dkim)
-
-# Type for the private key of dkim-filter
-type dkim_milter_private_key_t;
-files_type(dkim_milter_private_key_t)
-
-########################################
-#
-# Local policy
-#
-
-allow dkim_milter_t self:capability { setgid setuid };
-
-read_files_pattern(dkim_milter_t, dkim_milter_private_key_t, dkim_milter_private_key_t)
-
-kernel_read_kernel_sysctls(dkim_milter_t)
-
-dev_read_urand(dkim_milter_t)
-
-files_read_etc_files(dkim_milter_t)
-
-sysnet_dns_name_resolve(dkim_milter_t)
-
-mta_read_config(dkim_milter_t)
diff --git a/policy/modules/services/dnsmasq.fc b/policy/modules/services/dnsmasq.fc
deleted file mode 100644
index b886676..0000000
--- a/policy/modules/services/dnsmasq.fc
+++ /dev/null
@@ -1,12 +0,0 @@
-/etc/dnsmasq\.conf		--	gen_context(system_u:object_r:dnsmasq_etc_t, s0)
-/etc/rc\.d/init\.d/dnsmasq	--	gen_context(system_u:object_r:dnsmasq_initrc_exec_t,s0)
-
-/usr/sbin/dnsmasq		--	gen_context(system_u:object_r:dnsmasq_exec_t,s0)
-
-/var/lib/misc/dnsmasq\.leases	--	gen_context(system_u:object_r:dnsmasq_lease_t,s0)
-/var/lib/dnsmasq(/.*)?			gen_context(system_u:object_r:dnsmasq_lease_t,s0)
-
-/var/log/dnsmasq\.log			gen_context(system_u:object_r:dnsmasq_var_log_t,s0)
-
-/var/run/dnsmasq\.pid		--	gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
-/var/run/libvirt/network(/.*)?		gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
diff --git a/policy/modules/services/dnsmasq.if b/policy/modules/services/dnsmasq.if
deleted file mode 100644
index c808b31..0000000
--- a/policy/modules/services/dnsmasq.if
+++ /dev/null
@@ -1,212 +0,0 @@
-## <summary>dnsmasq DNS forwarder and DHCP server</summary>
-
-########################################
-## <summary>
-##	Execute dnsmasq server in the dnsmasq domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-#
-interface(`dnsmasq_domtrans',`
-	gen_require(`
-		type dnsmasq_exec_t, dnsmasq_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, dnsmasq_exec_t, dnsmasq_t)
-')
-
-########################################
-## <summary>
-##	Execute the dnsmasq init script in the init script domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-#
-interface(`dnsmasq_initrc_domtrans',`
-	gen_require(`
-		type dnsmasq_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, dnsmasq_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Send dnsmasq a signal
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-#
-interface(`dnsmasq_signal',`
-	gen_require(`
-		type dnsmasq_t;
-	')
-
-	allow $1 dnsmasq_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send dnsmasq a signull
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-#
-interface(`dnsmasq_signull',`
-	gen_require(`
-		type dnsmasq_t;
-	')
-
-	allow $1 dnsmasq_t:process signull;
-')
-
-########################################
-## <summary>
-##	Send dnsmasq a kill signal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-#
-interface(`dnsmasq_kill',`
-	gen_require(`
-		type dnsmasq_t;
-	')
-
-	allow $1 dnsmasq_t:process sigkill;
-')
-
-########################################
-## <summary>
-##	Read dnsmasq config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dnsmasq_read_config',`
-	gen_require(`
-		type dnsmasq_etc_t;
-	')
-
-	read_files_pattern($1, dnsmasq_etc_t, dnsmasq_etc_t)
-	files_search_etc($1)
-')
-
-########################################
-## <summary>
-##	Write to dnsmasq config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dnsmasq_write_config',`
-	gen_require(`
-		type dnsmasq_etc_t;
-	')
-
-	write_files_pattern($1, dnsmasq_etc_t, dnsmasq_etc_t)
-	files_search_etc($1)
-')
-
-########################################
-## <summary>
-##	Delete dnsmasq pid files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dnsmasq_delete_pid_files',`
-	gen_require(`
-		type dnsmasq_var_run_t;
-	')
-
-	files_search_pids($1)
-	delete_files_pattern($1, dnsmasq_var_run_t, dnsmasq_var_run_t)
-')
-
-########################################
-## <summary>
-##	Read dnsmasq pid files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-#
-interface(`dnsmasq_read_pid_files',`
-	gen_require(`
-		type dnsmasq_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, dnsmasq_var_run_t, dnsmasq_var_run_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an dnsmasq environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the dnsmasq domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`dnsmasq_admin',`
-	gen_require(`
-		type dnsmasq_t, dnsmasq_lease_t, dnsmasq_var_run_t;
-		type dnsmasq_initrc_exec_t;
-	')
-
-	allow $1 dnsmasq_t:process { ptrace signal_perms };
-	ps_process_pattern($1, dnsmasq_t)
-
-	init_labeled_script_domtrans($1, dnsmasq_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 dnsmasq_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_var_lib($1)
-	admin_pattern($1, dnsmasq_lease_t)
-
-	files_list_pids($1)
-	admin_pattern($1, dnsmasq_var_run_t)
-')
diff --git a/policy/modules/services/dnsmasq.te b/policy/modules/services/dnsmasq.te
deleted file mode 100644
index a50a8a7..0000000
--- a/policy/modules/services/dnsmasq.te
+++ /dev/null
@@ -1,121 +0,0 @@
-policy_module(dnsmasq, 1.9.0)
-
-########################################
-#
-# Declarations
-#
-
-type dnsmasq_t;
-type dnsmasq_exec_t;
-init_daemon_domain(dnsmasq_t, dnsmasq_exec_t)
-
-type dnsmasq_initrc_exec_t;
-init_script_file(dnsmasq_initrc_exec_t)
-
-type dnsmasq_etc_t;
-files_config_file(dnsmasq_etc_t)
-
-type dnsmasq_lease_t;
-files_type(dnsmasq_lease_t)
-
-type dnsmasq_var_log_t;
-logging_log_file(dnsmasq_var_log_t)
-
-type dnsmasq_var_run_t;
-files_pid_file(dnsmasq_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow dnsmasq_t self:capability { chown dac_override net_admin setgid setuid net_bind_service net_raw };
-dontaudit dnsmasq_t self:capability sys_tty_config;
-allow dnsmasq_t self:process { getcap setcap signal_perms };
-allow dnsmasq_t self:fifo_file rw_fifo_file_perms;
-allow dnsmasq_t self:netlink_route_socket { bind create nlmsg_read read write };
-allow dnsmasq_t self:tcp_socket create_stream_socket_perms;
-allow dnsmasq_t self:udp_socket create_socket_perms;
-allow dnsmasq_t self:packet_socket create_socket_perms;
-allow dnsmasq_t self:rawip_socket create_socket_perms;
-
-read_files_pattern(dnsmasq_t, dnsmasq_etc_t, dnsmasq_etc_t)
-
-# dhcp leases
-manage_files_pattern(dnsmasq_t, dnsmasq_lease_t, dnsmasq_lease_t)
-files_var_lib_filetrans(dnsmasq_t, dnsmasq_lease_t, file)
-
-manage_files_pattern(dnsmasq_t, dnsmasq_var_log_t, dnsmasq_var_log_t)
-logging_log_filetrans(dnsmasq_t, dnsmasq_var_log_t, file)
-
-manage_files_pattern(dnsmasq_t, dnsmasq_var_run_t, dnsmasq_var_run_t)
-files_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, file)
-
-kernel_read_kernel_sysctls(dnsmasq_t)
-kernel_read_system_state(dnsmasq_t)
-
-corenet_all_recvfrom_unlabeled(dnsmasq_t)
-corenet_all_recvfrom_netlabel(dnsmasq_t)
-corenet_tcp_sendrecv_generic_if(dnsmasq_t)
-corenet_udp_sendrecv_generic_if(dnsmasq_t)
-corenet_raw_sendrecv_generic_if(dnsmasq_t)
-corenet_tcp_sendrecv_generic_node(dnsmasq_t)
-corenet_udp_sendrecv_generic_node(dnsmasq_t)
-corenet_raw_sendrecv_generic_node(dnsmasq_t)
-corenet_tcp_sendrecv_all_ports(dnsmasq_t)
-corenet_udp_sendrecv_all_ports(dnsmasq_t)
-corenet_tcp_bind_generic_node(dnsmasq_t)
-corenet_udp_bind_generic_node(dnsmasq_t)
-corenet_tcp_bind_dns_port(dnsmasq_t)
-corenet_udp_bind_all_ports(dnsmasq_t)
-corenet_sendrecv_dns_server_packets(dnsmasq_t)
-corenet_sendrecv_dhcpd_server_packets(dnsmasq_t)
-
-dev_read_sysfs(dnsmasq_t)
-dev_read_urand(dnsmasq_t)
-
-domain_use_interactive_fds(dnsmasq_t)
-
-files_read_etc_files(dnsmasq_t)
-files_read_etc_runtime_files(dnsmasq_t)
-
-fs_getattr_all_fs(dnsmasq_t)
-fs_search_auto_mountpoints(dnsmasq_t)
-
-auth_use_nsswitch(dnsmasq_t)
-
-logging_send_syslog_msg(dnsmasq_t)
-
-miscfiles_read_localization(dnsmasq_t)
-
-userdom_dontaudit_use_unpriv_user_fds(dnsmasq_t)
-userdom_dontaudit_search_user_home_dirs(dnsmasq_t)
-
-optional_policy(`
-	cobbler_read_lib_files(dnsmasq_t)
-')
-
-optional_policy(`
-	cron_manage_pid_files(dnsmasq_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(dnsmasq_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(dnsmasq_t)
-')
-
-optional_policy(`
-	tftp_read_content(dnsmasq_t)
-')
-
-optional_policy(`
-	udev_read_db(dnsmasq_t)
-')
-
-optional_policy(`
-	virt_manage_lib_files(dnsmasq_t)
-	virt_read_pid_files(dnsmasq_t)
-')
diff --git a/policy/modules/services/dovecot.fc b/policy/modules/services/dovecot.fc
deleted file mode 100644
index 9a1dcba..0000000
--- a/policy/modules/services/dovecot.fc
+++ /dev/null
@@ -1,43 +0,0 @@
-
-#
-# /etc
-#
-/etc/dovecot(/.*)?*			gen_context(system_u:object_r:dovecot_etc_t,s0)
-/etc/dovecot\.conf.*			gen_context(system_u:object_r:dovecot_etc_t,s0)
-/etc/dovecot\.passwd.*			gen_context(system_u:object_r:dovecot_passwd_t,s0)
-
-/etc/pki/dovecot(/.*)?			gen_context(system_u:object_r:dovecot_cert_t,s0)
-/etc/rc\.d/init\.d/dovecot	--	gen_context(system_u:object_r:dovecot_initrc_exec_t,s0)
-
-#
-# /usr
-#
-/usr/sbin/dovecot		--	gen_context(system_u:object_r:dovecot_exec_t,s0)
-
-/usr/share/ssl/certs/dovecot\.pem --	gen_context(system_u:object_r:dovecot_cert_t,s0)
-/usr/share/ssl/private/dovecot\.pem --	gen_context(system_u:object_r:dovecot_cert_t,s0)
-
-ifdef(`distro_debian', `
-/usr/lib/dovecot/dovecot-auth	--	gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
-/usr/lib/dovecot/deliver	--	gen_context(system_u:object_r:dovecot_deliver_exec_t,s0)
-')
-
-ifdef(`distro_redhat', `
-/usr/libexec/dovecot/auth 	--	gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
-/usr/libexec/dovecot/deliver	--	gen_context(system_u:object_r:dovecot_deliver_exec_t,s0)
-/usr/libexec/dovecot/dovecot-lda --	gen_context(system_u:object_r:dovecot_deliver_exec_t,s0)
-/usr/libexec/dovecot/dovecot-auth --	gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
-')
-
-#
-# /var
-#
-/var/run/dovecot(-login)?(/.*)?		gen_context(system_u:object_r:dovecot_var_run_t,s0)
-/var/run/dovecot/login/ssl-parameters.dat -- gen_context(system_u:object_r:dovecot_var_lib_t,s0)
-
-/var/lib/dovecot(/.*)?			gen_context(system_u:object_r:dovecot_var_lib_t,s0)
-
-/var/log/dovecot(/.*)?			gen_context(system_u:object_r:dovecot_var_log_t,s0)
-/var/log/dovecot\.log.*			gen_context(system_u:object_r:dovecot_var_log_t,s0)
-
-/var/spool/dovecot(/.*)?		gen_context(system_u:object_r:dovecot_spool_t,s0)
diff --git a/policy/modules/services/dovecot.if b/policy/modules/services/dovecot.if
deleted file mode 100644
index ee51a19..0000000
--- a/policy/modules/services/dovecot.if
+++ /dev/null
@@ -1,135 +0,0 @@
-## <summary>Dovecot POP and IMAP mail server</summary>
-
-########################################
-## <summary>
-##	Connect to dovecot auth unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dovecot_stream_connect_auth',`
-	gen_require(`
-		type dovecot_auth_t, dovecot_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, dovecot_var_run_t, dovecot_var_run_t, dovecot_auth_t)
-')
-
-########################################
-## <summary>
-##	Execute dovecot_deliver in the dovecot_deliver domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`dovecot_domtrans_deliver',`
-	gen_require(`
-		type dovecot_deliver_t, dovecot_deliver_exec_t;
-	')
-
-	domtrans_pattern($1, dovecot_deliver_exec_t, dovecot_deliver_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete the dovecot spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`dovecot_manage_spool',`
-	gen_require(`
-		type dovecot_spool_t;
-	')
-
-	files_search_spool($1)
-	manage_files_pattern($1, dovecot_spool_t, dovecot_spool_t)
-	manage_lnk_files_pattern($1, dovecot_spool_t, dovecot_spool_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to delete dovecot lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`dovecot_dontaudit_unlink_lib_files',`
-	gen_require(`
-		type dovecot_var_lib_t;
-	')
-
-	dontaudit $1 dovecot_var_lib_t:file unlink;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an dovecot environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the dovecot domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`dovecot_admin',`
-	gen_require(`
-		type dovecot_t, dovecot_etc_t, dovecot_auth_tmp_t;
-		type dovecot_spool_t, dovecot_var_lib_t, dovecot_var_log_t;
-		type dovecot_var_run_t, dovecot_tmp_t, dovecot_keytab_t;
-		type dovecot_cert_t, dovecot_passwd_t, dovecot_initrc_exec_t;
-	')
-
-	allow $1 dovecot_t:process { ptrace signal_perms };
-	ps_process_pattern($1, dovecot_t)
-
-	init_labeled_script_domtrans($1, dovecot_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 dovecot_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, dovecot_etc_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, dovecot_auth_tmp_t)
-	admin_pattern($1, dovecot_tmp_t)
-
-	admin_pattern($1, dovecot_keytab_t)
-
-	files_list_spool($1)
-	admin_pattern($1, dovecot_spool_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, dovecot_var_lib_t)
-
-	logging_search_logs($1)
-	admin_pattern($1, dovecot_var_log_t)
-
-	files_list_pids($1)
-	admin_pattern($1, dovecot_var_run_t)
-
-	admin_pattern($1, dovecot_cert_t)
-
-	admin_pattern($1, dovecot_passwd_t)
-')
diff --git a/policy/modules/services/dovecot.te b/policy/modules/services/dovecot.te
deleted file mode 100644
index 396f956..0000000
--- a/policy/modules/services/dovecot.te
+++ /dev/null
@@ -1,329 +0,0 @@
-policy_module(dovecot, 1.12.0)
-
-########################################
-#
-# Declarations
-#
-type dovecot_t;
-type dovecot_exec_t;
-init_daemon_domain(dovecot_t, dovecot_exec_t)
-
-type dovecot_auth_t;
-type dovecot_auth_exec_t;
-domain_type(dovecot_auth_t)
-domain_entry_file(dovecot_auth_t, dovecot_auth_exec_t)
-role system_r types dovecot_auth_t;
-
-type dovecot_auth_tmp_t;
-files_tmp_file(dovecot_auth_tmp_t)
-
-type dovecot_cert_t;
-miscfiles_cert_type(dovecot_cert_t)
-
-type dovecot_deliver_t;
-type dovecot_deliver_exec_t;
-domain_type(dovecot_deliver_t)
-domain_entry_file(dovecot_deliver_t, dovecot_deliver_exec_t)
-role system_r types dovecot_deliver_t;
-
-type dovecot_deliver_tmp_t;
-files_tmp_file(dovecot_deliver_tmp_t)
-
-type dovecot_etc_t;
-files_config_file(dovecot_etc_t)
-
-type dovecot_initrc_exec_t;
-init_script_file(dovecot_initrc_exec_t)
-
-type dovecot_passwd_t;
-files_type(dovecot_passwd_t)
-
-type dovecot_spool_t;
-files_type(dovecot_spool_t)
-
-type dovecot_tmp_t;
-files_tmp_file(dovecot_tmp_t)
-
-# /var/lib/dovecot holds SSL parameters file
-type dovecot_var_lib_t;
-files_type(dovecot_var_lib_t)
-
-type dovecot_var_log_t;
-logging_log_file(dovecot_var_log_t)
-
-type dovecot_var_run_t;
-files_pid_file(dovecot_var_run_t)
-
-########################################
-#
-# dovecot local policy
-#
-
-allow dovecot_t self:capability { dac_override dac_read_search chown kill net_bind_service setgid setuid sys_chroot };
-dontaudit dovecot_t self:capability sys_tty_config;
-allow dovecot_t self:process { setrlimit signal_perms getcap setcap setsched };
-allow dovecot_t self:fifo_file rw_fifo_file_perms;
-allow dovecot_t self:tcp_socket create_stream_socket_perms;
-allow dovecot_t self:unix_dgram_socket create_socket_perms;
-allow dovecot_t self:unix_stream_socket { create_stream_socket_perms connectto };
-
-domtrans_pattern(dovecot_t, dovecot_auth_exec_t, dovecot_auth_t)
-
-allow dovecot_t dovecot_auth_t:process signal;
-
-allow dovecot_t dovecot_cert_t:dir list_dir_perms;
-read_files_pattern(dovecot_t, dovecot_cert_t, dovecot_cert_t)
-read_lnk_files_pattern(dovecot_t, dovecot_cert_t, dovecot_cert_t)
-
-allow dovecot_t dovecot_etc_t:dir list_dir_perms;
-read_files_pattern(dovecot_t, dovecot_etc_t, dovecot_etc_t)
-files_search_etc(dovecot_t)
-
-can_exec(dovecot_t, dovecot_exec_t)
-
-manage_dirs_pattern(dovecot_t, dovecot_tmp_t, dovecot_tmp_t)
-manage_files_pattern(dovecot_t, dovecot_tmp_t, dovecot_tmp_t)
-files_tmp_filetrans(dovecot_t, dovecot_tmp_t, { file dir })
-
-# Allow dovecot to create and read SSL parameters file
-manage_files_pattern(dovecot_t, dovecot_var_lib_t, dovecot_var_lib_t)
-files_search_var_lib(dovecot_t)
-files_read_var_symlinks(dovecot_t)
-
-manage_dirs_pattern(dovecot_t, dovecot_var_log_t, dovecot_var_log_t)
-manage_files_pattern(dovecot_t, dovecot_var_log_t, dovecot_var_log_t)
-logging_log_filetrans(dovecot_t, dovecot_var_log_t, { file dir })
-
-manage_dirs_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
-manage_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
-manage_lnk_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
-
-manage_dirs_pattern(dovecot_t, dovecot_var_run_t, dovecot_var_run_t)
-manage_files_pattern(dovecot_t, dovecot_var_run_t, dovecot_var_run_t)
-manage_lnk_files_pattern(dovecot_t, dovecot_var_run_t, dovecot_var_run_t)
-manage_sock_files_pattern(dovecot_t, dovecot_var_run_t, dovecot_var_run_t)
-files_pid_filetrans(dovecot_t, dovecot_var_run_t, { dir file })
-
-kernel_read_kernel_sysctls(dovecot_t)
-kernel_read_system_state(dovecot_t)
-
-corenet_all_recvfrom_unlabeled(dovecot_t)
-corenet_all_recvfrom_netlabel(dovecot_t)
-corenet_tcp_sendrecv_generic_if(dovecot_t)
-corenet_tcp_sendrecv_generic_node(dovecot_t)
-corenet_tcp_sendrecv_all_ports(dovecot_t)
-corenet_tcp_bind_generic_node(dovecot_t)
-corenet_tcp_bind_mail_port(dovecot_t)
-corenet_tcp_bind_pop_port(dovecot_t)
-corenet_tcp_connect_all_ports(dovecot_t)
-corenet_tcp_connect_postgresql_port(dovecot_t)
-corenet_sendrecv_pop_server_packets(dovecot_t)
-corenet_sendrecv_all_client_packets(dovecot_t)
-
-dev_read_sysfs(dovecot_t)
-dev_read_urand(dovecot_t)
-
-fs_getattr_all_fs(dovecot_t)
-fs_getattr_all_dirs(dovecot_t)
-fs_search_auto_mountpoints(dovecot_t)
-fs_list_inotifyfs(dovecot_t)
-
-corecmd_exec_bin(dovecot_t)
-
-domain_use_interactive_fds(dovecot_t)
-
-files_read_etc_files(dovecot_t)
-files_search_spool(dovecot_t)
-files_search_tmp(dovecot_t)
-files_dontaudit_list_default(dovecot_t)
-# Dovecot now has quota support and it uses getmntent() to find the mountpoints.
-files_read_etc_runtime_files(dovecot_t)
-files_search_all_mountpoints(dovecot_t)
-
-init_getattr_utmp(dovecot_t)
-
-auth_use_nsswitch(dovecot_t)
-
-logging_send_syslog_msg(dovecot_t)
-
-miscfiles_read_generic_certs(dovecot_t)
-miscfiles_read_localization(dovecot_t)
-
-userdom_dontaudit_use_unpriv_user_fds(dovecot_t)
-userdom_manage_user_home_content_dirs(dovecot_t)
-userdom_manage_user_home_content_files(dovecot_t)
-userdom_manage_user_home_content_symlinks(dovecot_t)
-userdom_manage_user_home_content_pipes(dovecot_t)
-userdom_manage_user_home_content_sockets(dovecot_t)
-userdom_user_home_dir_filetrans_user_home_content(dovecot_t, { dir file lnk_file fifo_file sock_file })
-
-mta_manage_spool(dovecot_t)
-
-optional_policy(`
-	kerberos_keytab_template(dovecot, dovecot_t)
-')
-
-optional_policy(`
-	postfix_manage_private_sockets(dovecot_t)
-	postfix_search_spool(dovecot_t)
-')
-
-optional_policy(`
-	postgresql_stream_connect(dovecot_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(dovecot_t)
-')
-
-optional_policy(`
-	squid_dontaudit_search_cache(dovecot_t)
-')
-
-optional_policy(`
-	udev_read_db(dovecot_t)
-')
-
-########################################
-#
-# dovecot auth local policy
-#
-
-allow dovecot_auth_t self:capability { chown dac_override setgid setuid };
-allow dovecot_auth_t self:process { signal_perms getcap setcap };
-allow dovecot_auth_t self:fifo_file rw_fifo_file_perms;
-allow dovecot_auth_t self:unix_dgram_socket create_socket_perms;
-allow dovecot_auth_t self:unix_stream_socket create_stream_socket_perms;
-
-allow dovecot_auth_t dovecot_t:unix_stream_socket { connectto rw_stream_socket_perms };
-
-read_files_pattern(dovecot_auth_t, dovecot_passwd_t, dovecot_passwd_t)
-
-manage_dirs_pattern(dovecot_auth_t, dovecot_auth_tmp_t, dovecot_auth_tmp_t)
-manage_files_pattern(dovecot_auth_t, dovecot_auth_tmp_t, dovecot_auth_tmp_t)
-files_tmp_filetrans(dovecot_auth_t, dovecot_auth_tmp_t, { file dir })
-
-allow dovecot_auth_t dovecot_var_run_t:dir list_dir_perms;
-manage_sock_files_pattern(dovecot_auth_t, dovecot_var_run_t, dovecot_var_run_t)
-dovecot_stream_connect_auth(dovecot_auth_t)
-
-kernel_read_all_sysctls(dovecot_auth_t)
-kernel_read_system_state(dovecot_auth_t)
-
-logging_send_audit_msgs(dovecot_auth_t)
-logging_send_syslog_msg(dovecot_auth_t)
-
-dev_read_urand(dovecot_auth_t)
-
-auth_domtrans_chk_passwd(dovecot_auth_t)
-auth_use_nsswitch(dovecot_auth_t)
-
-files_read_etc_files(dovecot_auth_t)
-files_read_etc_runtime_files(dovecot_auth_t)
-files_search_pids(dovecot_auth_t)
-files_read_usr_files(dovecot_auth_t)
-files_read_usr_symlinks(dovecot_auth_t)
-files_read_var_lib_files(dovecot_auth_t)
-files_search_tmp(dovecot_auth_t)
-files_read_var_lib_files(dovecot_t)
-
-init_rw_utmp(dovecot_auth_t)
-
-miscfiles_read_localization(dovecot_auth_t)
-
-seutil_dontaudit_search_config(dovecot_auth_t)
-
-optional_policy(`
-	kerberos_use(dovecot_auth_t)
-
-	# for gssapi (kerberos)
-	userdom_list_user_tmp(dovecot_auth_t)
-	userdom_read_user_tmp_files(dovecot_auth_t)
-	userdom_read_user_tmp_symlinks(dovecot_auth_t)
-')
-
-optional_policy(`
-	mysql_search_db(dovecot_auth_t)
-	mysql_stream_connect(dovecot_auth_t)
-')
-
-optional_policy(`
-	nis_authenticate(dovecot_auth_t)
-')
-
-optional_policy(`
-	postfix_manage_private_sockets(dovecot_auth_t)
-	postfix_search_spool(dovecot_auth_t)
-')
-
-########################################
-#
-# dovecot deliver local policy
-#
-allow dovecot_deliver_t self:unix_dgram_socket create_socket_perms;
-
-allow dovecot_deliver_t dovecot_t:process signull;
-
-read_files_pattern(dovecot_deliver_t, dovecot_etc_t, dovecot_etc_t)
-allow dovecot_deliver_t dovecot_var_run_t:dir list_dir_perms;
-
-allow dovecot_deliver_t dovecot_cert_t:dir search_dir_perms;
-
-append_files_pattern(dovecot_deliver_t, dovecot_var_log_t, dovecot_var_log_t)
-
-manage_dirs_pattern(dovecot_deliver_t, dovecot_deliver_tmp_t, dovecot_deliver_tmp_t)
-manage_files_pattern(dovecot_deliver_t, dovecot_deliver_tmp_t, dovecot_deliver_tmp_t)
-files_tmp_filetrans(dovecot_deliver_t, dovecot_deliver_tmp_t, { file dir })
-
-can_exec(dovecot_deliver_t, dovecot_deliver_exec_t)
-
-kernel_read_all_sysctls(dovecot_deliver_t)
-kernel_read_system_state(dovecot_deliver_t)
-
-corecmd_exec_bin(dovecot_deliver_t)
-
-files_read_etc_files(dovecot_deliver_t)
-files_read_etc_runtime_files(dovecot_deliver_t)
-
-auth_use_nsswitch(dovecot_deliver_t)
-
-logging_send_syslog_msg(dovecot_deliver_t)
-logging_append_all_logs(dovecot_deliver_t)
-
-miscfiles_read_localization(dovecot_deliver_t)
-
-dovecot_stream_connect_auth(dovecot_deliver_t)
-
-files_search_tmp(dovecot_deliver_t)
-
-fs_getattr_all_fs(dovecot_deliver_t)
-
-userdom_manage_user_home_content_dirs(dovecot_deliver_t)
-userdom_manage_user_home_content_files(dovecot_deliver_t)
-userdom_manage_user_home_content_symlinks(dovecot_deliver_t)
-userdom_manage_user_home_content_pipes(dovecot_deliver_t)
-userdom_manage_user_home_content_sockets(dovecot_deliver_t)
-userdom_user_home_dir_filetrans_user_home_content(dovecot_deliver_t, { dir file lnk_file fifo_file sock_file })
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(dovecot_deliver_t)
-	fs_manage_nfs_files(dovecot_deliver_t)
-	fs_manage_nfs_symlinks(dovecot_deliver_t)
-	fs_manage_nfs_dirs(dovecot_t)
-	fs_manage_nfs_files(dovecot_t)
-	fs_manage_nfs_symlinks(dovecot_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(dovecot_deliver_t)
-	fs_manage_cifs_files(dovecot_deliver_t)
-	fs_manage_cifs_symlinks(dovecot_deliver_t)
-	fs_manage_cifs_dirs(dovecot_t)
-	fs_manage_cifs_files(dovecot_t)
-	fs_manage_cifs_symlinks(dovecot_t)
-')
-
-optional_policy(`
-	mta_manage_spool(dovecot_deliver_t)
-	mta_read_queue(dovecot_deliver_t)
-')
diff --git a/policy/modules/services/exim.fc b/policy/modules/services/exim.fc
deleted file mode 100644
index c2570df..0000000
--- a/policy/modules/services/exim.fc
+++ /dev/null
@@ -1,11 +0,0 @@
-
-/etc/rc\.d/init\.d/exim        --  gen_context(system_u:object_r:exim_initrc_exec_t,s0)
-
-/usr/sbin/exim[0-9]?		--	gen_context(system_u:object_r:exim_exec_t,s0)
-/var/log/exim[0-9]?(/.*)?		gen_context(system_u:object_r:exim_log_t,s0)
-/var/run/exim[0-9]?\.pid	--	gen_context(system_u:object_r:exim_var_run_t,s0)
-/var/spool/exim[0-9]?(/.*)?		gen_context(system_u:object_r:exim_spool_t,s0)
-
-ifdef(`distro_debian',`
-/var/run/exim[0-9]?(/.*)?		gen_context(system_u:object_r:exim_var_run_t,s0)
-')
diff --git a/policy/modules/services/exim.if b/policy/modules/services/exim.if
deleted file mode 100644
index 464669c..0000000
--- a/policy/modules/services/exim.if
+++ /dev/null
@@ -1,257 +0,0 @@
-## <summary>Exim mail transfer agent</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run exim.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`exim_domtrans',`
-	gen_require(`
-		type exim_t, exim_exec_t;
-	')
-
-	domtrans_pattern($1, exim_exec_t, exim_t)
-')
-
-########################################
-## <summary>
-##	Execute exim in the exim domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`exim_initrc_domtrans',`
-	gen_require(`
-		type exim_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, exim_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read, 
-##	exim tmp files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`exim_dontaudit_read_tmp_files',`
-	gen_require(`
-		type exim_tmp_t;
-	')
-
-	dontaudit $1 exim_tmp_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow domain to read, exim tmp files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`exim_read_tmp_files',`
-	gen_require(`
-		type exim_tmp_t;
-	')
-
-	allow $1 exim_tmp_t:file read_file_perms;
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	Read exim PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`exim_read_pid_files',`
-	gen_require(`
-		type exim_var_run_t;
-	')
-
-	allow $1 exim_var_run_t:file read_file_perms;
-	files_search_pids($1)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read exim's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`exim_read_log',`
-	gen_require(`
-		type exim_log_t;
-	')
-
-	read_files_pattern($1, exim_log_t, exim_log_t)
-	logging_search_logs($1)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to append
-##	exim log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`exim_append_log',`
-	gen_require(`
-		type exim_log_t;
-	')
-
-	append_files_pattern($1, exim_log_t, exim_log_t)
-	logging_search_logs($1)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to manage exim's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`exim_manage_log',`
-	gen_require(`
-		type exim_log_t;
-	')
-
-	manage_files_pattern($1, exim_log_t, exim_log_t)
-	logging_search_logs($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	exim spool dirs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`exim_manage_spool_dirs',`
-	gen_require(`
-		type exim_spool_t;
-	')
-
-	manage_dirs_pattern($1, exim_spool_t, exim_spool_t)
-	files_search_spool($1)
-')
-
-########################################
-## <summary>
-##	Read exim spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`exim_read_spool_files',`
-	gen_require(`
-		type exim_spool_t;
-	')
-
-	allow $1 exim_spool_t:file read_file_perms;
-	allow $1 exim_spool_t:dir list_dir_perms;
-	files_search_spool($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	exim spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`exim_manage_spool_files',`
-	gen_require(`
-		type exim_spool_t;
-	')
-
-	manage_files_pattern($1, exim_spool_t, exim_spool_t)
-	files_search_spool($1)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an exim environment.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`exim_admin',`
-	gen_require(`
-		type exim_t, exim_initrc_exec_t, exim_log_t;
-		type exim_tmp_t, exim_spool_t, exim_var_run_t;
-	')
-
-	allow $1 exim_t:process { ptrace signal_perms };
-	ps_process_pattern($1, exim_t)
-
-	exim_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 exim_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	logging_list_logs($1)
-	admin_pattern($1, exim_log_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, exim_tmp_t)
-
-	files_list_spool($1)
-	admin_pattern($1, exim_spool_t)
-
-	files_list_pids($1)
-	admin_pattern($1, exim_var_run_t)
-')
diff --git a/policy/modules/services/exim.te b/policy/modules/services/exim.te
deleted file mode 100644
index 18c3c33..0000000
--- a/policy/modules/services/exim.te
+++ /dev/null
@@ -1,211 +0,0 @@
-policy_module(exim, 1.5.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow exim to connect to databases (postgres, mysql)
-##	</p>
-## </desc>
-gen_tunable(exim_can_connect_db, false)
-
-## <desc>
-##	<p>
-##	Allow exim to read unprivileged user files.
-##	</p>
-## </desc>
-gen_tunable(exim_read_user_files, false)
-
-## <desc>
-##	<p>
-##	Allow exim to create, read, write, and delete
-##	unprivileged user files.
-##	</p>
-## </desc>
-gen_tunable(exim_manage_user_files, false)
-
-type exim_t;
-type exim_exec_t;
-init_daemon_domain(exim_t, exim_exec_t)
-mta_mailserver(exim_t, exim_exec_t)
-mta_mailserver_user_agent(exim_t)
-application_executable_file(exim_exec_t)
-mta_agent_executable(exim_exec_t)
-
-type exim_initrc_exec_t;
-init_script_file(exim_initrc_exec_t)
-
-type exim_log_t;
-logging_log_file(exim_log_t)
-
-type exim_spool_t;
-files_type(exim_spool_t)
-
-type exim_tmp_t;
-files_tmp_file(exim_tmp_t)
-
-type exim_var_run_t;
-files_pid_file(exim_var_run_t)
-
-########################################
-#
-# exim local policy
-#
-
-allow exim_t self:capability { chown dac_override dac_read_search fowner setuid setgid sys_resource };
-allow exim_t self:process { setrlimit setpgid };
-allow exim_t self:fifo_file rw_fifo_file_perms;
-allow exim_t self:unix_stream_socket create_stream_socket_perms;
-allow exim_t self:tcp_socket create_stream_socket_perms;
-allow exim_t self:udp_socket create_socket_perms;
-
-can_exec(exim_t, exim_exec_t)
-
-manage_files_pattern(exim_t, exim_log_t, exim_log_t)
-logging_log_filetrans(exim_t, exim_log_t, { file dir })
-
-manage_dirs_pattern(exim_t, exim_spool_t, exim_spool_t)
-manage_files_pattern(exim_t, exim_spool_t, exim_spool_t)
-manage_sock_files_pattern(exim_t, exim_spool_t, exim_spool_t)
-files_spool_filetrans(exim_t, exim_spool_t, { file dir sock_file })
-
-manage_dirs_pattern(exim_t, exim_tmp_t, exim_tmp_t)
-manage_files_pattern(exim_t, exim_tmp_t, exim_tmp_t)
-files_tmp_filetrans(exim_t, exim_tmp_t, { file dir })
-
-manage_dirs_pattern(exim_t, exim_var_run_t, exim_var_run_t)
-manage_files_pattern(exim_t, exim_var_run_t, exim_var_run_t)
-files_pid_filetrans(exim_t, exim_var_run_t, { file dir })
-
-kernel_read_kernel_sysctls(exim_t)
-kernel_read_network_state(exim_t)
-kernel_dontaudit_read_system_state(exim_t)
-
-corecmd_search_bin(exim_t)
-
-corenet_all_recvfrom_unlabeled(exim_t)
-corenet_all_recvfrom_netlabel(exim_t)
-corenet_tcp_sendrecv_generic_if(exim_t)
-corenet_udp_sendrecv_generic_if(exim_t)
-corenet_tcp_sendrecv_generic_node(exim_t)
-corenet_udp_sendrecv_generic_node(exim_t)
-corenet_tcp_sendrecv_all_ports(exim_t)
-corenet_tcp_bind_generic_node(exim_t)
-corenet_tcp_bind_smtp_port(exim_t)
-corenet_tcp_bind_amavisd_send_port(exim_t)
-corenet_tcp_connect_auth_port(exim_t)
-corenet_tcp_connect_smtp_port(exim_t)
-corenet_tcp_connect_ldap_port(exim_t)
-corenet_tcp_connect_inetd_child_port(exim_t)
-# connect to spamassassin
-corenet_tcp_connect_spamd_port(exim_t)
-
-dev_read_rand(exim_t)
-dev_read_urand(exim_t)
-
-# Init script handling
-domain_use_interactive_fds(exim_t)
-
-files_search_usr(exim_t)
-files_search_var(exim_t)
-files_read_etc_files(exim_t)
-files_read_etc_runtime_files(exim_t)
-files_getattr_all_mountpoints(exim_t)
-
-fs_getattr_xattr_fs(exim_t)
-fs_list_inotifyfs(exim_t)
-
-auth_use_nsswitch(exim_t)
-
-logging_send_syslog_msg(exim_t)
-
-miscfiles_read_localization(exim_t)
-miscfiles_read_generic_certs(exim_t)
-
-userdom_dontaudit_search_user_home_dirs(exim_t)
-
-mta_read_aliases(exim_t)
-mta_read_config(exim_t)
-mta_manage_spool(exim_t)
-mta_mailserver_delivery(exim_t)
-
-tunable_policy(`exim_can_connect_db',`
-	corenet_tcp_connect_mysqld_port(exim_t)
-	corenet_sendrecv_mysqld_client_packets(exim_t)
-	corenet_tcp_connect_postgresql_port(exim_t)
-	corenet_sendrecv_postgresql_client_packets(exim_t)
-')
-
-tunable_policy(`exim_read_user_files',`
-	userdom_read_user_home_content_files(exim_t)
-	userdom_read_user_tmp_files(exim_t)
-')
-
-tunable_policy(`exim_manage_user_files',`
-	userdom_manage_user_home_content_dirs(exim_t)
-	userdom_read_user_tmp_files(exim_t)
-	userdom_write_user_tmp_files(exim_t)
-')
-
-optional_policy(`
-	clamav_domtrans_clamscan(exim_t)
-	clamav_stream_connect(exim_t)
-')
-
-optional_policy(`
-	cron_read_pipes(exim_t)
-	cron_rw_system_job_pipes(exim_t)
-')
-
-optional_policy(`
-	cyrus_stream_connect(exim_t)
-')
-
-optional_policy(`
-	kerberos_keytab_template(exim, exim_t)
-')
-
-optional_policy(`
-	mailman_read_data_files(exim_t)
-	mailman_domtrans(exim_t)
-')
-
-optional_policy(`
-	nagios_search_spool(exim_t)
-')
-
-optional_policy(`
-	tunable_policy(`exim_can_connect_db',`
-		mysql_stream_connect(exim_t)
-	')
-')
-
-optional_policy(`
-	tunable_policy(`exim_can_connect_db',`
-		postgresql_stream_connect(exim_t)
-	')
-')
-
-optional_policy(`
-	procmail_domtrans(exim_t)
-	procmail_read_home_files(exim_t)
-')
-
-optional_policy(`
-	sasl_connect(exim_t)
-')
-
-optional_policy(`
-	# https://bugzilla.redhat.com/show_bug.cgi?id=512710
-	# uses sendmail for outgoing mail and exim
-	# for incoming mail
-	sendmail_manage_tmp_files(exim_t)
-')
-
-optional_policy(`
-	spamassassin_exec(exim_t)
-	spamassassin_exec_client(exim_t)
-')
diff --git a/policy/modules/services/fail2ban.fc b/policy/modules/services/fail2ban.fc
deleted file mode 100644
index 0de2b83..0000000
--- a/policy/modules/services/fail2ban.fc
+++ /dev/null
@@ -1,8 +0,0 @@
-/etc/rc\.d/init\.d/fail2ban --	gen_context(system_u:object_r:fail2ban_initrc_exec_t,s0)
-
-/usr/bin/fail2ban	--	gen_context(system_u:object_r:fail2ban_exec_t,s0)
-/usr/bin/fail2ban-server --	gen_context(system_u:object_r:fail2ban_exec_t,s0)
-
-/var/lib/fail2ban(/.*)?		gen_context(system_u:object_r:fail2ban_var_lib_t,s0)
-/var/log/fail2ban\.log	--	gen_context(system_u:object_r:fail2ban_log_t,s0)
-/var/run/fail2ban.*		gen_context(system_u:object_r:fail2ban_var_run_t,s0)
diff --git a/policy/modules/services/fail2ban.if b/policy/modules/services/fail2ban.if
deleted file mode 100644
index 87f6bfb..0000000
--- a/policy/modules/services/fail2ban.if
+++ /dev/null
@@ -1,195 +0,0 @@
-## <summary>Update firewall filtering to ban IP addresses with too many password failures.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run fail2ban.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`fail2ban_domtrans',`
-	gen_require(`
-		type fail2ban_t, fail2ban_exec_t;
-	')
-
-	domtrans_pattern($1, fail2ban_exec_t, fail2ban_t)
-')
-
-#####################################
-## <summary>
-##	Connect to fail2ban over a unix domain
-##	stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fail2ban_stream_connect',`
-	gen_require(`
-		type fail2ban_t, fail2ban_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, fail2ban_var_run_t, fail2ban_var_run_t, fail2ban_t)
-')
-
-########################################
-## <summary>
-##	Read and write to an fail2ban unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fail2ban_rw_stream_sockets',`
-	gen_require(`
-		type fail2ban_t;
-	')
-
-	allow $1 fail2ban_t:unix_stream_socket rw_stream_socket_perms;
-')
-
-########################################
-## <summary>
-##	Read fail2ban lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fail2ban_read_lib_files',`
-	gen_require(`
-		type fail2ban_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 fail2ban_var_lib_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read fail2ban's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fail2ban_read_log',`
-	gen_require(`
-		type fail2ban_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 fail2ban_log_t:dir list_dir_perms;
-	allow $1 fail2ban_log_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to append
-##	fail2ban log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fail2ban_append_log',`
-	gen_require(`
-		type fail2ban_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 fail2ban_log_t:dir list_dir_perms;
-	allow $1 fail2ban_log_t:file append_file_perms;
-')
-
-########################################
-## <summary>
-##	Read fail2ban PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fail2ban_read_pid_files',`
-	gen_require(`
-		type fail2ban_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 fail2ban_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	dontaudit read and write an leaked file descriptors
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fail2ban_dontaudit_leaks',`
-	gen_require(`
-		type fail2ban_t;
-	')
-
- 	dontaudit $1 fail2ban_t:tcp_socket { read write };
-	dontaudit $1 fail2ban_t:unix_dgram_socket { read write };
-	dontaudit $1 fail2ban_t:unix_stream_socket { read write };
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an fail2ban environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the fail2ban domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fail2ban_admin',`
-	gen_require(`
-		type fail2ban_t, fail2ban_log_t, fail2ban_initrc_exec_t;
-		type fail2ban_var_run_t;
-	')
-
-	allow $1 fail2ban_t:process { ptrace signal_perms };
-	ps_process_pattern($1, fail2ban_t)
-
-	init_labeled_script_domtrans($1, fail2ban_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 fail2ban_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	logging_list_logs($1)
-	admin_pattern($1, fail2ban_log_t)
-
-	files_list_pids($1)
-	admin_pattern($1, fail2ban_var_run_t)
-')
diff --git a/policy/modules/services/fail2ban.te b/policy/modules/services/fail2ban.te
deleted file mode 100644
index 0a4216c..0000000
--- a/policy/modules/services/fail2ban.te
+++ /dev/null
@@ -1,102 +0,0 @@
-policy_module(fail2ban, 1.4.0)
-
-########################################
-#
-# Declarations
-#
-
-type fail2ban_t;
-type fail2ban_exec_t;
-init_daemon_domain(fail2ban_t, fail2ban_exec_t)
-
-type fail2ban_initrc_exec_t;
-init_script_file(fail2ban_initrc_exec_t)
-
-# log files
-type fail2ban_log_t;
-logging_log_file(fail2ban_log_t)
-
-type fail2ban_var_lib_t;
-files_type(fail2ban_var_lib_t)
-
-# pid files
-type fail2ban_var_run_t;
-files_pid_file(fail2ban_var_run_t)
-
-########################################
-#
-# fail2ban local policy
-#
-
-allow fail2ban_t self:capability { dac_read_search dac_override sys_tty_config };
-allow fail2ban_t self:process signal;
-allow fail2ban_t self:fifo_file rw_fifo_file_perms;
-allow fail2ban_t self:unix_stream_socket { connectto create_stream_socket_perms };
-allow fail2ban_t self:unix_dgram_socket create_socket_perms;
-allow fail2ban_t self:tcp_socket create_stream_socket_perms;
-
-# log files
-allow fail2ban_t fail2ban_log_t:dir setattr_dir_perms;
-manage_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
-logging_log_filetrans(fail2ban_t, fail2ban_log_t, file)
-
-manage_dirs_pattern(fail2ban_t, fail2ban_var_lib_t, fail2ban_var_lib_t)
-manage_files_pattern(fail2ban_t, fail2ban_var_lib_t, fail2ban_var_lib_t)
-files_var_lib_filetrans(fail2ban_t, fail2ban_var_lib_t, { dir file })
-
-# pid file
-manage_dirs_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
-manage_sock_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
-manage_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
-files_pid_filetrans(fail2ban_t, fail2ban_var_run_t, { dir file sock_file })
-
-kernel_read_system_state(fail2ban_t)
-
-corecmd_exec_bin(fail2ban_t)
-corecmd_exec_shell(fail2ban_t)
-
-corenet_all_recvfrom_unlabeled(fail2ban_t)
-corenet_all_recvfrom_netlabel(fail2ban_t)
-corenet_tcp_sendrecv_generic_if(fail2ban_t)
-corenet_tcp_sendrecv_generic_node(fail2ban_t)
-corenet_tcp_sendrecv_all_ports(fail2ban_t)
-corenet_tcp_connect_whois_port(fail2ban_t)
-corenet_sendrecv_whois_client_packets(fail2ban_t)
-
-dev_read_urand(fail2ban_t)
-
-domain_use_interactive_fds(fail2ban_t)
-
-files_read_etc_files(fail2ban_t)
-files_read_etc_runtime_files(fail2ban_t)
-files_read_usr_files(fail2ban_t)
-files_list_var(fail2ban_t)
-files_search_var_lib(fail2ban_t)
-
-fs_list_inotifyfs(fail2ban_t)
-fs_getattr_all_fs(fail2ban_t)
-
-auth_use_nsswitch(fail2ban_t)
-
-logging_read_all_logs(fail2ban_t)
-logging_send_syslog_msg(fail2ban_t)
-
-miscfiles_read_localization(fail2ban_t)
-
-mta_send_mail(fail2ban_t)
-
-optional_policy(`
-	apache_read_log(fail2ban_t)
-')
-
-optional_policy(`
-	ftp_read_log(fail2ban_t)
-')
-
-optional_policy(`
-	gnome_dontaudit_search_config(fail2ban_t)
-')
-
-optional_policy(`
-	iptables_domtrans(fail2ban_t)
-')
diff --git a/policy/modules/services/fetchmail.fc b/policy/modules/services/fetchmail.fc
deleted file mode 100644
index 455c620..0000000
--- a/policy/modules/services/fetchmail.fc
+++ /dev/null
@@ -1,19 +0,0 @@
-
-#
-# /etc
-#
-
-/etc/fetchmailrc		--	gen_context(system_u:object_r:fetchmail_etc_t,s0)
-
-#
-# /usr
-#
-
-/usr/bin/fetchmail		--	gen_context(system_u:object_r:fetchmail_exec_t,s0)
-
-#
-# /var
-#
-
-/var/run/fetchmail/.*		--	gen_context(system_u:object_r:fetchmail_var_run_t,s0)
-/var/mail/\.fetchmail-UIDL-cache --	gen_context(system_u:object_r:fetchmail_uidl_cache_t,s0)
diff --git a/policy/modules/services/fetchmail.if b/policy/modules/services/fetchmail.if
deleted file mode 100644
index 7d64c0a..0000000
--- a/policy/modules/services/fetchmail.if
+++ /dev/null
@@ -1,31 +0,0 @@
-## <summary>Remote-mail retrieval and forwarding utility</summary>
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an fetchmail environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fetchmail_admin',`
-	gen_require(`
-		type fetchmail_t, fetchmail_etc_t, fetchmail_uidl_cache_t;
-		type fetchmail_var_run_t;
-	')
-
-	allow $1 fetchmail_t:process { ptrace signal_perms };
-	ps_process_pattern($1, fetchmail_t)
-
-	files_list_etc($1)
-	admin_pattern($1, fetchmail_etc_t)
-
-	admin_pattern($1, fetchmail_uidl_cache_t)
-
-	files_list_pids($1)
-	admin_pattern($1, fetchmail_var_run_t)
-')
diff --git a/policy/modules/services/fetchmail.te b/policy/modules/services/fetchmail.te
deleted file mode 100644
index 870d101..0000000
--- a/policy/modules/services/fetchmail.te
+++ /dev/null
@@ -1,104 +0,0 @@
-policy_module(fetchmail, 1.10.1)
-
-########################################
-#
-# Declarations
-#
-
-type fetchmail_t;
-type fetchmail_exec_t;
-init_daemon_domain(fetchmail_t, fetchmail_exec_t)
-application_executable_file(fetchmail_exec_t)
-
-type fetchmail_var_run_t;
-files_pid_file(fetchmail_var_run_t)
-
-type fetchmail_etc_t;
-files_config_file(fetchmail_etc_t)
-
-type fetchmail_uidl_cache_t;
-files_type(fetchmail_uidl_cache_t)
-
-########################################
-#
-# Local policy
-#
-
-dontaudit fetchmail_t self:capability sys_tty_config;
-allow fetchmail_t self:process { signal_perms setrlimit };
-allow fetchmail_t self:unix_dgram_socket create_socket_perms;
-allow fetchmail_t self:unix_stream_socket create_stream_socket_perms;
-allow fetchmail_t self:netlink_route_socket r_netlink_socket_perms;
-allow fetchmail_t self:tcp_socket create_socket_perms;
-allow fetchmail_t self:udp_socket create_socket_perms;
-
-allow fetchmail_t fetchmail_etc_t:file read_file_perms;
-
-allow fetchmail_t fetchmail_uidl_cache_t:file manage_file_perms;
-mta_spool_filetrans(fetchmail_t, fetchmail_uidl_cache_t, file)
-
-manage_dirs_pattern(fetchmail_t, fetchmail_var_run_t, fetchmail_var_run_t)
-manage_files_pattern(fetchmail_t, fetchmail_var_run_t, fetchmail_var_run_t)
-files_pid_filetrans(fetchmail_t, fetchmail_var_run_t, { dir file })
-
-kernel_read_kernel_sysctls(fetchmail_t)
-kernel_list_proc(fetchmail_t)
-kernel_getattr_proc_files(fetchmail_t)
-kernel_read_proc_symlinks(fetchmail_t)
-kernel_dontaudit_read_system_state(fetchmail_t)
-
-#looks like it uses system command - calls uname
-corecmd_exec_bin(fetchmail_t)
-corecmd_exec_shell(fetchmail_t)
-
-corenet_all_recvfrom_unlabeled(fetchmail_t)
-corenet_all_recvfrom_netlabel(fetchmail_t)
-corenet_tcp_sendrecv_generic_if(fetchmail_t)
-corenet_udp_sendrecv_generic_if(fetchmail_t)
-corenet_tcp_sendrecv_generic_node(fetchmail_t)
-corenet_udp_sendrecv_generic_node(fetchmail_t)
-corenet_tcp_sendrecv_dns_port(fetchmail_t)
-corenet_udp_sendrecv_dns_port(fetchmail_t)
-corenet_tcp_sendrecv_pop_port(fetchmail_t)
-corenet_tcp_sendrecv_smtp_port(fetchmail_t)
-corenet_tcp_connect_all_ports(fetchmail_t)
-corenet_sendrecv_all_client_packets(fetchmail_t)
-
-dev_read_sysfs(fetchmail_t)
-dev_read_rand(fetchmail_t)
-dev_read_urand(fetchmail_t)
-
-files_read_etc_files(fetchmail_t)
-files_read_etc_runtime_files(fetchmail_t)
-files_dontaudit_search_home(fetchmail_t)
-
-fs_getattr_all_fs(fetchmail_t)
-fs_search_auto_mountpoints(fetchmail_t)
-
-domain_use_interactive_fds(fetchmail_t)
-
-logging_send_syslog_msg(fetchmail_t)
-
-miscfiles_read_localization(fetchmail_t)
-miscfiles_read_generic_certs(fetchmail_t)
-
-sysnet_read_config(fetchmail_t)
-
-userdom_dontaudit_use_unpriv_user_fds(fetchmail_t)
-userdom_dontaudit_search_user_home_dirs(fetchmail_t)
-
-optional_policy(`
-	procmail_domtrans(fetchmail_t)
-')
-
-optional_policy(`
-	sendmail_manage_log(fetchmail_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(fetchmail_t)
-')
-
-optional_policy(`
-	udev_read_db(fetchmail_t)
-')
diff --git a/policy/modules/services/finger.fc b/policy/modules/services/finger.fc
deleted file mode 100644
index c861192..0000000
--- a/policy/modules/services/finger.fc
+++ /dev/null
@@ -1,19 +0,0 @@
-# fingerd
-
-#
-# /etc
-#
-/etc/cfingerd(/.*)?		gen_context(system_u:object_r:fingerd_etc_t,s0)
-
-/etc/cron\.weekly/(c)?fingerd -- gen_context(system_u:object_r:fingerd_exec_t,s0)
-
-#
-# /usr
-#
-/usr/sbin/in\.fingerd	--	gen_context(system_u:object_r:fingerd_exec_t,s0)
-/usr/sbin/[cef]fingerd	--	gen_context(system_u:object_r:fingerd_exec_t,s0)
-
-#
-# /var
-#
-/var/log/cfingerd\.log.* --	gen_context(system_u:object_r:fingerd_log_t,s0)
diff --git a/policy/modules/services/finger.if b/policy/modules/services/finger.if
deleted file mode 100644
index b5dd671..0000000
--- a/policy/modules/services/finger.if
+++ /dev/null
@@ -1,33 +0,0 @@
-## <summary>Finger user information service.</summary>
-
-########################################
-## <summary>
-##	Execute fingerd in the fingerd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`finger_domtrans',`
-	gen_require(`
-		type fingerd_t, fingerd_exec_t;
-	')
-
-	domtrans_pattern($1, fingerd_exec_t, fingerd_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to connect to fingerd with a tcp socket.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`finger_tcp_connect',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
diff --git a/policy/modules/services/finger.te b/policy/modules/services/finger.te
deleted file mode 100644
index 9b7036a..0000000
--- a/policy/modules/services/finger.te
+++ /dev/null
@@ -1,121 +0,0 @@
-policy_module(finger, 1.9.0)
-
-########################################
-#
-# Declarations
-#
-
-type fingerd_t;
-type fingerd_exec_t;
-init_daemon_domain(fingerd_t, fingerd_exec_t)
-inetd_tcp_service_domain(fingerd_t, fingerd_exec_t)
-
-type fingerd_etc_t;
-files_config_file(fingerd_etc_t)
-
-type fingerd_log_t;
-logging_log_file(fingerd_log_t)
-
-type fingerd_var_run_t;
-files_pid_file(fingerd_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow fingerd_t self:capability { setgid setuid };
-dontaudit fingerd_t self:capability { sys_tty_config fsetid };
-allow fingerd_t self:process signal_perms;
-allow fingerd_t self:fifo_file rw_fifo_file_perms;
-allow fingerd_t self:tcp_socket connected_stream_socket_perms;
-allow fingerd_t self:udp_socket create_socket_perms;
-allow fingerd_t self:unix_dgram_socket create_socket_perms;
-allow fingerd_t self:unix_stream_socket create_socket_perms;
-
-manage_files_pattern(fingerd_t, fingerd_var_run_t, fingerd_var_run_t)
-files_pid_filetrans(fingerd_t, fingerd_var_run_t, file)
-
-allow fingerd_t fingerd_etc_t:dir list_dir_perms;
-read_files_pattern(fingerd_t, fingerd_etc_t, fingerd_etc_t)
-read_lnk_files_pattern(fingerd_t, fingerd_etc_t, fingerd_etc_t)
-
-allow fingerd_t fingerd_log_t:file manage_file_perms;
-logging_log_filetrans(fingerd_t, fingerd_log_t, file)
-
-kernel_read_kernel_sysctls(fingerd_t)
-kernel_read_system_state(fingerd_t)
-
-corenet_all_recvfrom_unlabeled(fingerd_t)
-corenet_all_recvfrom_netlabel(fingerd_t)
-corenet_tcp_sendrecv_generic_if(fingerd_t)
-corenet_udp_sendrecv_generic_if(fingerd_t)
-corenet_tcp_sendrecv_generic_node(fingerd_t)
-corenet_udp_sendrecv_generic_node(fingerd_t)
-corenet_tcp_sendrecv_all_ports(fingerd_t)
-corenet_udp_sendrecv_all_ports(fingerd_t)
-corenet_tcp_bind_generic_node(fingerd_t)
-corenet_tcp_bind_fingerd_port(fingerd_t)
-
-dev_read_sysfs(fingerd_t)
-
-fs_getattr_all_fs(fingerd_t)
-fs_search_auto_mountpoints(fingerd_t)
-
-term_getattr_all_ttys(fingerd_t)
-term_getattr_all_ptys(fingerd_t)
-
-auth_read_lastlog(fingerd_t)
-
-corecmd_exec_bin(fingerd_t)
-corecmd_exec_shell(fingerd_t)
-
-domain_use_interactive_fds(fingerd_t)
-
-files_search_home(fingerd_t)
-files_read_etc_files(fingerd_t)
-files_read_etc_runtime_files(fingerd_t)
-
-init_read_utmp(fingerd_t)
-init_dontaudit_write_utmp(fingerd_t)
-
-logging_send_syslog_msg(fingerd_t)
-
-mta_getattr_spool(fingerd_t)
-
-sysnet_read_config(fingerd_t)
-
-miscfiles_read_localization(fingerd_t)
-
-# stop it accessing sub-directories, prevents checking a Maildir for new mail,
-# have to change this when we create a type for Maildir
-userdom_read_user_home_content_files(fingerd_t)
-userdom_dontaudit_use_unpriv_user_fds(fingerd_t)
-
-optional_policy(`
-	cron_system_entry(fingerd_t, fingerd_exec_t)
-')
-
-optional_policy(`
-	logrotate_exec(fingerd_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(fingerd_t)
-')
-
-optional_policy(`
-	nscd_socket_use(fingerd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(fingerd_t)
-')
-
-optional_policy(`
-	tcpd_wrapped_domain(fingerd_t, fingerd_exec_t)
-')
-
-optional_policy(`
-	udev_read_db(fingerd_t)
-')
diff --git a/policy/modules/services/fprintd.fc b/policy/modules/services/fprintd.fc
deleted file mode 100644
index a4f5fb1..0000000
--- a/policy/modules/services/fprintd.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-/usr/libexec/fprintd	--	gen_context(system_u:object_r:fprintd_exec_t,s0)
-/var/lib/fprint(/.*)?		gen_context(system_u:object_r:fprintd_var_lib_t,s0)
diff --git a/policy/modules/services/fprintd.if b/policy/modules/services/fprintd.if
deleted file mode 100644
index c02062c..0000000
--- a/policy/modules/services/fprintd.if
+++ /dev/null
@@ -1,40 +0,0 @@
-## <summary>DBus fingerprint reader service</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run fprintd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`fprintd_domtrans',`
-	gen_require(`
-		type fprintd_t, fprintd_exec_t;
-	')
-
-	domtrans_pattern($1, fprintd_exec_t, fprintd_t)
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	fprintd over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fprintd_dbus_chat',`
-	gen_require(`
-		type fprintd_t;
-		class dbus send_msg;
-	')
-
-	allow $1 fprintd_t:dbus send_msg;
-	allow fprintd_t $1:dbus send_msg;
-')
diff --git a/policy/modules/services/fprintd.te b/policy/modules/services/fprintd.te
deleted file mode 100644
index 899feaf..0000000
--- a/policy/modules/services/fprintd.te
+++ /dev/null
@@ -1,58 +0,0 @@
-policy_module(fprintd, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type fprintd_t;
-type fprintd_exec_t;
-dbus_system_domain(fprintd_t, fprintd_exec_t)
-
-type fprintd_var_lib_t;
-files_type(fprintd_var_lib_t)
-
-########################################
-#
-# Local policy
-#
-
-allow fprintd_t self:capability { sys_nice sys_ptrace };
-allow fprintd_t self:fifo_file rw_fifo_file_perms;
-allow fprintd_t self:process { getsched setsched signal };
-
-manage_dirs_pattern(fprintd_t, fprintd_var_lib_t, fprintd_var_lib_t)
-manage_files_pattern(fprintd_t, fprintd_var_lib_t, fprintd_var_lib_t)
-files_var_lib_filetrans(fprintd_t, fprintd_var_lib_t, { dir file })
-
-kernel_read_system_state(fprintd_t)
-
-corecmd_search_bin(fprintd_t)
-
-dev_list_usbfs(fprintd_t)
-dev_rw_generic_usb_dev(fprintd_t)
-dev_read_sysfs(fprintd_t)
-
-files_read_etc_files(fprintd_t)
-files_read_usr_files(fprintd_t)
-
-fs_getattr_all_fs(fprintd_t)
-
-auth_use_nsswitch(fprintd_t)
-
-miscfiles_read_localization(fprintd_t)
-
-userdom_use_user_ptys(fprintd_t)
-userdom_read_all_users_state(fprintd_t)
-
-optional_policy(`
-	consolekit_dbus_chat(fprintd_t)
-')
-
-optional_policy(`
-	policykit_read_reload(fprintd_t)
-	policykit_read_lib(fprintd_t)
-	policykit_dbus_chat(fprintd_t)
-	policykit_domtrans_auth(fprintd_t)
-	policykit_dbus_chat_auth(fprintd_t)
-')
diff --git a/policy/modules/services/ftp.fc b/policy/modules/services/ftp.fc
deleted file mode 100644
index a9a9116..0000000
--- a/policy/modules/services/ftp.fc
+++ /dev/null
@@ -1,32 +0,0 @@
-#
-# /etc
-#
-/etc/proftpd\.conf	--	gen_context(system_u:object_r:ftpd_etc_t,s0)
-/etc/cron\.monthly/proftpd --	gen_context(system_u:object_r:ftpd_exec_t,s0)
-/etc/rc\.d/init\.d/vsftpd --	gen_context(system_u:object_r:ftpd_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/proftpd --	gen_context(system_u:object_r:ftpd_initrc_exec_t,s0)
-
-#
-# /usr
-#
-/usr/bin/ftpdctl	--	gen_context(system_u:object_r:ftpdctl_exec_t,s0)
-
-/usr/kerberos/sbin/ftpd	--	gen_context(system_u:object_r:ftpd_exec_t,s0)
-
-/usr/sbin/ftpwho	--	gen_context(system_u:object_r:ftpd_exec_t,s0)
-/usr/sbin/in\.ftpd	--	gen_context(system_u:object_r:ftpd_exec_t,s0)
-/usr/sbin/muddleftpd	--	gen_context(system_u:object_r:ftpd_exec_t,s0)
-/usr/sbin/proftpd	--	gen_context(system_u:object_r:ftpd_exec_t,s0)
-/usr/sbin/vsftpd	--	gen_context(system_u:object_r:ftpd_exec_t,s0)
-
-#
-# /var
-#
-/var/run/proftpd.* 		gen_context(system_u:object_r:ftpd_var_run_t,s0)
-
-/var/log/muddleftpd\.log.* --	gen_context(system_u:object_r:xferlog_t,s0)
-/var/log/proftpd(/.*)?		gen_context(system_u:object_r:xferlog_t,s0)
-/var/log/vsftpd.*	--	gen_context(system_u:object_r:xferlog_t,s0)
-/var/log/xferlog.*	--	gen_context(system_u:object_r:xferlog_t,s0)
-/var/log/xferreport.*	--	gen_context(system_u:object_r:xferlog_t,s0)
-/usr/libexec/webmin/vsftpd/webalizer/xfer_log 	--	gen_context(system_u:object_r:xferlog_t,s0)
diff --git a/policy/modules/services/ftp.if b/policy/modules/services/ftp.if
deleted file mode 100644
index 26cc64b..0000000
--- a/policy/modules/services/ftp.if
+++ /dev/null
@@ -1,186 +0,0 @@
-## <summary>File transfer protocol service</summary>
-
-#######################################
-## <summary>
-##	Allow domain dyntransition to sftpd_anon domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ftp_dyntrans_anon_sftpd',`
-	gen_require(`
-		type anon_sftpd_t;
-	')
-
-	dyntrans_pattern($1, anon_sftpd_t);
-')
-
-########################################
-## <summary>
-##	Use ftp by connecting over TCP.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ftp_tcp_connect',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Read ftpd etc files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ftp_read_config',`
-	gen_require(`
-		type ftpd_etc_t;
-	')
-
-	files_search_etc($1)
-	allow $1 ftpd_etc_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Read FTP transfer logs
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ftp_read_log',`
-	gen_require(`
-		type xferlog_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 xferlog_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute the ftpdctl program in the ftpdctl domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ftp_domtrans_ftpdctl',`
-	gen_require(`
-		type ftpdctl_t, ftpdctl_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, ftpdctl_exec_t, ftpdctl_t)
-')
-
-########################################
-## <summary>
-##	Execute the ftpdctl program in the ftpdctl domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the ftpdctl domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ftp_run_ftpdctl',`
-	gen_require(`
-		type ftpdctl_t;
-	')
-
-	ftp_domtrans_ftpdctl($1)
-	role $2 types ftpdctl_t;
-')
-
-#######################################
-## <summary>
-##	Allow domain dyntransition to sftpd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ftp_dyntrans_sftpd',`
-	gen_require(`
-		type sftpd_t;
-	')
-
-	dyntrans_pattern($1, sftpd_t);
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an ftp environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the ftp domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ftp_admin',`
-	gen_require(`
-		type ftpd_t, ftpdctl_t, ftpd_tmp_t;
-		type ftpd_etc_t, ftpd_lock_t, ftpd_initrc_exec_t;
-		type ftpd_var_run_t, xferlog_t;
-	')
-
-	allow $1 ftpd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, ftpd_t)
-
-	init_labeled_script_domtrans($1, ftpd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 ftpd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	ps_process_pattern($1, ftpdctl_t)
-	ftp_run_ftpdctl($1, $2)
-
-	miscfiles_manage_public_files($1)
-
-	files_list_tmp($1)
-	admin_pattern($1, ftpd_tmp_t)
-
-	files_list_etc($1)
-	admin_pattern($1, ftpd_etc_t)
-
-	files_list_var($1)
-	admin_pattern($1, ftpd_lock_t)
-
-	files_list_pids($1)
-	admin_pattern($1, ftpd_var_run_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, xferlog_t)
-')
diff --git a/policy/modules/services/ftp.te b/policy/modules/services/ftp.te
deleted file mode 100644
index 2284f4e..0000000
--- a/policy/modules/services/ftp.te
+++ /dev/null
@@ -1,464 +0,0 @@
-policy_module(ftp, 1.12.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow ftp servers to upload files,  used for public file
-##	transfer services. Directories must be labeled
-##	public_content_rw_t.
-##	</p>
-## </desc>
-gen_tunable(allow_ftpd_anon_write, false)
-
-## <desc>
-##	<p>
-##	Allow ftp servers to login to local users and
-##	read/write all files on the system, governed by DAC.
-##	</p>
-## </desc>
-gen_tunable(allow_ftpd_full_access, false)
-
-## <desc>
-##	<p>
-##	Allow ftp servers to use cifs
-##	used for public file transfer services.
-##	</p>
-## </desc>
-gen_tunable(allow_ftpd_use_cifs, false)
-
-## <desc>
-##	<p>
-##	Allow ftp servers to use nfs
-##	used for public file transfer services.
-##	</p>
-## </desc>
-gen_tunable(allow_ftpd_use_nfs, false)
-
-## <desc>
-##	<p>
-##	Allow ftp servers to use connect to mysql database
-##	</p>
-## </desc>
-gen_tunable(ftpd_connect_db, false)
-
-## <desc>
-##	<p>
-##	Allow ftp to read and write files in the user home directories
-##	</p>
-## </desc>
-gen_tunable(ftp_home_dir, false)
-
-## <desc>
-##	<p>
-##	Allow anon internal-sftp to upload files, used for
-##	public file transfer services. Directories must be labeled
-##	public_content_rw_t.
-##	</p>
-## </desc>
-gen_tunable(sftpd_anon_write, false)
-
-## <desc>
-##	<p>
-##	Allow sftp-internal to read and write files
-##	in the user home directories
-##	</p>
-## </desc>
-gen_tunable(sftpd_enable_homedirs, false)
-
-## <desc>
-##	<p>
-##	Allow sftp-internal to login to local users and
-##	read/write all files on the system, governed by DAC.
-##	</p>
-## </desc>
-gen_tunable(sftpd_full_access, false)
-
-## <desc>
-##	<p>
-##	Allow interlnal-sftp to read and write files 
-##	in the user ssh home directories.
-##	</p>
-## </desc>
-gen_tunable(sftpd_write_ssh_home, false)
-
-type anon_sftpd_t;
-typealias anon_sftpd_t alias sftpd_anon_t;
-domain_type(anon_sftpd_t)
-role system_r types anon_sftpd_t;
-
-type ftpd_t;
-type ftpd_exec_t;
-init_daemon_domain(ftpd_t, ftpd_exec_t)
-
-type ftpd_etc_t;
-files_config_file(ftpd_etc_t)
-
-type ftpd_initrc_exec_t;
-init_script_file(ftpd_initrc_exec_t)
-
-type ftpd_lock_t;
-files_lock_file(ftpd_lock_t)
-
-type ftpd_tmp_t;
-files_tmp_file(ftpd_tmp_t)
-
-type ftpd_tmpfs_t;
-files_tmpfs_file(ftpd_tmpfs_t)
-
-type ftpd_var_run_t;
-files_pid_file(ftpd_var_run_t)
-
-type ftpdctl_t;
-type ftpdctl_exec_t;
-init_system_domain(ftpdctl_t, ftpdctl_exec_t)
-
-type ftpdctl_tmp_t;
-files_tmp_file(ftpdctl_tmp_t)
-
-type sftpd_t;
-domain_type(sftpd_t)
-role system_r types sftpd_t;
-
-type xferlog_t;
-logging_log_file(xferlog_t)
-
-ifdef(`enable_mcs',`
-	init_ranged_daemon_domain(ftpd_t, ftpd_exec_t, s0 - mcs_systemhigh)
-')
-
-ifdef(`enable_mls',`
-	init_ranged_daemon_domain(ftpd_t, ftpd_exec_t, mls_systemhigh)
-')
-
-########################################
-#
-# anon-sftp local policy
-#
-
-files_read_etc_files(anon_sftpd_t)
-
-miscfiles_read_public_files(anon_sftpd_t)
-
-tunable_policy(`sftpd_anon_write',`
-	miscfiles_manage_public_files(anon_sftpd_t)
-')
-
-########################################
-#
-# ftpd local policy
-#
-
-allow ftpd_t self:capability { chown fowner fsetid ipc_lock setgid setuid sys_chroot sys_admin sys_nice sys_resource };
-dontaudit ftpd_t self:capability sys_tty_config;
-allow ftpd_t self:process { getcap getpgid setcap setsched setrlimit signal_perms };
-allow ftpd_t self:fifo_file rw_fifo_file_perms;
-allow ftpd_t self:unix_dgram_socket { sendto create_socket_perms };
-allow ftpd_t self:unix_stream_socket create_stream_socket_perms;
-allow ftpd_t self:tcp_socket create_stream_socket_perms;
-allow ftpd_t self:udp_socket create_socket_perms;
-allow ftpd_t self:shm create_shm_perms;
-allow ftpd_t self:key manage_key_perms;
-
-allow ftpd_t ftpd_etc_t:file read_file_perms;
-
-allow ftpd_t ftpd_lock_t:file manage_file_perms;
-files_lock_filetrans(ftpd_t, ftpd_lock_t, file)
-
-manage_dirs_pattern(ftpd_t, ftpd_tmp_t, ftpd_tmp_t)
-manage_files_pattern(ftpd_t, ftpd_tmp_t, ftpd_tmp_t)
-
-manage_dirs_pattern(ftpd_t, ftpd_tmpfs_t, ftpd_tmpfs_t)
-manage_files_pattern(ftpd_t, ftpd_tmpfs_t, ftpd_tmpfs_t)
-manage_lnk_files_pattern(ftpd_t, ftpd_tmpfs_t, ftpd_tmpfs_t)
-manage_fifo_files_pattern(ftpd_t, ftpd_tmpfs_t, ftpd_tmpfs_t)
-manage_sock_files_pattern(ftpd_t, ftpd_tmpfs_t, ftpd_tmpfs_t)
-fs_tmpfs_filetrans(ftpd_t, ftpd_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-manage_dirs_pattern(ftpd_t, ftpd_var_run_t, ftpd_var_run_t)
-manage_files_pattern(ftpd_t, ftpd_var_run_t, ftpd_var_run_t)
-manage_sock_files_pattern(ftpd_t, ftpd_var_run_t, ftpd_var_run_t)
-files_pid_filetrans(ftpd_t, ftpd_var_run_t, { file dir })
-
-# proftpd requires the client side to bind a socket so that
-# it can stat the socket to perform access control decisions,
-# since getsockopt with SO_PEERCRED is not available on all
-# proftpd-supported OSs
-allow ftpd_t ftpdctl_tmp_t:sock_file delete_sock_file_perms;
-
-# Create and modify /var/log/xferlog.
-manage_files_pattern(ftpd_t, xferlog_t, xferlog_t)
-logging_log_filetrans(ftpd_t, xferlog_t, file)
-
-kernel_read_kernel_sysctls(ftpd_t)
-kernel_read_system_state(ftpd_t)
-kernel_search_network_state(ftpd_t)
-
-dev_read_sysfs(ftpd_t)
-dev_read_urand(ftpd_t)
-
-corecmd_exec_bin(ftpd_t)
-
-corenet_all_recvfrom_unlabeled(ftpd_t)
-corenet_all_recvfrom_netlabel(ftpd_t)
-corenet_tcp_sendrecv_generic_if(ftpd_t)
-corenet_udp_sendrecv_generic_if(ftpd_t)
-corenet_tcp_sendrecv_generic_node(ftpd_t)
-corenet_udp_sendrecv_generic_node(ftpd_t)
-corenet_tcp_sendrecv_all_ports(ftpd_t)
-corenet_udp_sendrecv_all_ports(ftpd_t)
-corenet_tcp_bind_generic_node(ftpd_t)
-corenet_tcp_bind_ftp_port(ftpd_t)
-corenet_tcp_bind_ftp_data_port(ftpd_t)
-corenet_tcp_bind_generic_port(ftpd_t)
-corenet_tcp_bind_all_unreserved_ports(ftpd_t)
-corenet_dontaudit_tcp_bind_all_ports(ftpd_t)
-corenet_tcp_connect_all_ports(ftpd_t)
-corenet_sendrecv_ftp_server_packets(ftpd_t)
-
-domain_use_interactive_fds(ftpd_t)
-
-files_search_etc(ftpd_t)
-files_read_etc_files(ftpd_t)
-files_read_etc_runtime_files(ftpd_t)
-files_search_var_lib(ftpd_t)
-
-fs_search_auto_mountpoints(ftpd_t)
-fs_getattr_all_fs(ftpd_t)
-fs_search_fusefs(ftpd_t)
-
-auth_use_nsswitch(ftpd_t)
-auth_domtrans_chk_passwd(ftpd_t)
-# Append to /var/log/wtmp.
-auth_append_login_records(ftpd_t)
-#kerberized ftp requires the following
-auth_write_login_records(ftpd_t)
-auth_rw_faillog(ftpd_t)
-
-init_rw_utmp(ftpd_t)
-
-logging_send_audit_msgs(ftpd_t)
-logging_send_syslog_msg(ftpd_t)
-logging_set_loginuid(ftpd_t)
-
-miscfiles_read_localization(ftpd_t)
-miscfiles_read_public_files(ftpd_t)
-
-seutil_dontaudit_search_config(ftpd_t)
-
-sysnet_read_config(ftpd_t)
-sysnet_use_ldap(ftpd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(ftpd_t)
-userdom_dontaudit_search_user_home_dirs(ftpd_t)
-
-tunable_policy(`allow_ftpd_anon_write',`
-	miscfiles_manage_public_files(ftpd_t)
-')
-
-tunable_policy(`allow_ftpd_use_cifs',`
-	fs_read_cifs_files(ftpd_t)
-	fs_read_cifs_symlinks(ftpd_t)
-')
-
-tunable_policy(`allow_ftpd_use_cifs && allow_ftpd_anon_write',`
-	fs_manage_cifs_files(ftpd_t)
-')
-
-tunable_policy(`allow_ftpd_use_nfs',`
-	fs_read_nfs_files(ftpd_t)
-	fs_read_nfs_symlinks(ftpd_t)
-')
-
-tunable_policy(`allow_ftpd_use_nfs && allow_ftpd_anon_write',`
-	fs_manage_nfs_files(ftpd_t)
-')
-
-tunable_policy(`allow_ftpd_full_access',`
-	allow ftpd_t self:capability { dac_override dac_read_search };
-	auth_manage_all_files_except_shadow(ftpd_t)
-')
-
-tunable_policy(`ftp_home_dir',`
-	allow ftpd_t self:capability { dac_override dac_read_search };
-
-	# allow access to /home
-	files_list_home(ftpd_t)
-	userdom_read_user_home_content_files(ftpd_t)
-	userdom_manage_user_home_content(ftpd_t)
-	userdom_manage_user_tmp_files(ftpd_t)
-	userdom_tmp_filetrans_user_tmp(ftpd_t, file)
-',`
-	# Needed for permissive mode, to make sure everything gets labeled correctly
-	userdom_user_home_dir_filetrans_pattern(ftpd_t, { dir file lnk_file })
-	files_tmp_filetrans(ftpd_t, ftpd_tmp_t, { file dir })
-')
-
-tunable_policy(`ftp_home_dir && use_nfs_home_dirs',`
-	fs_manage_nfs_files(ftpd_t)
-	fs_read_nfs_symlinks(ftpd_t)
-')
-
-tunable_policy(`ftp_home_dir && use_samba_home_dirs',`
-	fs_manage_cifs_files(ftpd_t)
-	fs_read_cifs_symlinks(ftpd_t)
-')
-
-optional_policy(`
-	tunable_policy(`ftp_home_dir',`
-		apache_search_sys_content(ftpd_t)
-	')
-')
-
-optional_policy(`
-	corecmd_exec_shell(ftpd_t)
-
-	files_read_usr_files(ftpd_t)
-
-	cron_system_entry(ftpd_t, ftpd_exec_t)
-
-	optional_policy(`
-		logrotate_exec(ftpd_t)
-	')
-')
-
-optional_policy(`
-	daemontools_service_domain(ftpd_t, ftpd_exec_t)
-')
-
-optional_policy(`
-	selinux_validate_context(ftpd_t)
-
-	kerberos_keytab_template(ftpd, ftpd_t)
-	kerberos_manage_host_rcache(ftpd_t)
-')
-
-optional_policy(`
-	tunable_policy(`ftpd_connect_db',`
-		mysql_stream_connect(ftpd_t)
-	')
-')
-
-optional_policy(`
-	tunable_policy(`ftpd_connect_db',`
-		postgresql_stream_connect(ftpd_t)
-	')
-')
-
-tunable_policy(`ftpd_connect_db',`
-	mysql_tcp_connect(ftpd_t)
-	postgresql_tcp_connect(ftpd_t)
-')
-
-optional_policy(`
-	inetd_tcp_service_domain(ftpd_t, ftpd_exec_t)
-
-	optional_policy(`
-		tcpd_domtrans(tcpd_t)
-	')
-')
-
-optional_policy(`
-	dbus_system_bus_client(ftpd_t)
-
-	optional_policy(`
-		oddjob_dbus_chat(ftpd_t)
-		oddjob_domtrans_mkhomedir(ftpd_t)
-	')
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(ftpd_t)
-')
-
-optional_policy(`
-	udev_read_db(ftpd_t)
-')
-
-########################################
-#
-# ftpdctl local policy
-#
-
-# Allow ftpdctl to talk to ftpd over a socket connection
-stream_connect_pattern(ftpdctl_t, ftpd_var_run_t, ftpd_var_run_t, ftpd_t)
-files_search_pids(ftpdctl_t)
-
-# ftpdctl creates a socket so that the daemon can perform
-# access control decisions (see comments in ftpd_t rules above)
-allow ftpdctl_t ftpdctl_tmp_t:sock_file manage_sock_file_perms;
-files_tmp_filetrans(ftpdctl_t, ftpdctl_tmp_t, sock_file)
-
-# Allow ftpdctl to read config files
-files_read_etc_files(ftpdctl_t)
-
-userdom_use_user_terminals(ftpdctl_t)
-
-########################################
-#
-# sftpd local policy
-#
-
-files_read_etc_files(sftpd_t)
-
-# allow read access to /home by default
-userdom_read_user_home_content_files(sftpd_t)
-userdom_read_user_home_content_symlinks(sftpd_t)
-userdom_dontaudit_list_admin_dir(sftpd_t)
-
-tunable_policy(`sftpd_full_access',`
-	allow sftpd_t self:capability { dac_override dac_read_search };
-	fs_read_noxattr_fs_files(sftpd_t)
-	auth_manage_all_files_except_shadow(sftpd_t)
-')
-
-tunable_policy(`sftpd_write_ssh_home',`
-	ssh_manage_home_files(sftpd_t)
-')
-
-tunable_policy(`sftpd_enable_homedirs',`
-	allow sftpd_t self:capability { dac_override dac_read_search };
-
-	# allow access to /home
-	files_list_home(sftpd_t)
-	userdom_read_user_home_content_files(sftpd_t)
-	userdom_manage_user_home_content(sftpd_t)
-',`
-	# Needed for permissive mode, to make sure everything gets labeled correctly
-	userdom_user_home_dir_filetrans_pattern(sftpd_t, { dir file lnk_file })
-')
-
-tunable_policy(`sftpd_enable_homedirs && use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(sftpd_t)
-	fs_manage_nfs_files(sftpd_t)
-	fs_manage_nfs_symlinks(sftpd_t)
-')
-
-tunable_policy(`sftpd_enable_homedirs && use_samba_home_dirs',`
-	fs_manage_cifs_dirs(sftpd_t)
-	fs_manage_cifs_files(sftpd_t)
-	fs_manage_cifs_symlinks(sftpd_t)
-')
-
-tunable_policy(`sftpd_full_access',`
-	allow sftpd_t self:capability { dac_override dac_read_search };
-	fs_read_noxattr_fs_files(sftpd_t)
-	auth_manage_all_files_except_shadow(sftpd_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	# allow read access to /home by default
-	fs_list_cifs(sftpd_t)
-	fs_read_cifs_files(sftpd_t)
-	fs_read_cifs_symlinks(sftpd_t)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	# allow read access to /home by default
-	fs_list_nfs(sftpd_t)
-	fs_read_nfs_files(sftpd_t)
-	fs_read_nfs_symlinks(ftpd_t)
-')
diff --git a/policy/modules/services/gatekeeper.fc b/policy/modules/services/gatekeeper.fc
deleted file mode 100644
index d6ef025..0000000
--- a/policy/modules/services/gatekeeper.fc
+++ /dev/null
@@ -1,8 +0,0 @@
-/etc/gatekeeper\.ini	--	gen_context(system_u:object_r:gatekeeper_etc_t,s0)
-
-/usr/sbin/gk		--	gen_context(system_u:object_r:gatekeeper_exec_t,s0)
-/usr/sbin/gnugk		--	gen_context(system_u:object_r:gatekeeper_exec_t,s0)
-
-/var/log/gnugk(/.*)?		gen_context(system_u:object_r:gatekeeper_log_t,s0)
-/var/run/gk\.pid	--	gen_context(system_u:object_r:gatekeeper_var_run_t,s0)
-/var/run/gnugk(/.*)?		gen_context(system_u:object_r:gatekeeper_var_run_t,s0)
diff --git a/policy/modules/services/gatekeeper.if b/policy/modules/services/gatekeeper.if
deleted file mode 100644
index 311cb06..0000000
--- a/policy/modules/services/gatekeeper.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>OpenH.323 Voice-Over-IP Gatekeeper</summary>
diff --git a/policy/modules/services/gatekeeper.te b/policy/modules/services/gatekeeper.te
deleted file mode 100644
index 6dbc203..0000000
--- a/policy/modules/services/gatekeeper.te
+++ /dev/null
@@ -1,99 +0,0 @@
-policy_module(gatekeeper, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type gatekeeper_t;
-type gatekeeper_exec_t;
-init_daemon_domain(gatekeeper_t, gatekeeper_exec_t)
-
-type gatekeeper_etc_t;
-files_config_file(gatekeeper_etc_t)
-
-type gatekeeper_log_t;
-logging_log_file(gatekeeper_log_t)
-
-# for stupid symlinks
-type gatekeeper_tmp_t;
-files_tmp_file(gatekeeper_tmp_t)
-
-type gatekeeper_var_run_t;
-files_pid_file(gatekeeper_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-dontaudit gatekeeper_t self:capability sys_tty_config;
-allow gatekeeper_t self:process { setsched signal_perms };
-allow gatekeeper_t self:fifo_file rw_fifo_file_perms;
-allow gatekeeper_t self:tcp_socket create_stream_socket_perms;
-allow gatekeeper_t self:udp_socket create_socket_perms;
-
-allow gatekeeper_t gatekeeper_etc_t:lnk_file read_lnk_file_perms;
-allow gatekeeper_t gatekeeper_etc_t:file read_file_perms;
-files_search_etc(gatekeeper_t)
-
-manage_files_pattern(gatekeeper_t, gatekeeper_log_t, gatekeeper_log_t)
-logging_log_filetrans(gatekeeper_t, gatekeeper_log_t, { file dir })
-
-manage_dirs_pattern(gatekeeper_t, gatekeeper_tmp_t, gatekeeper_tmp_t)
-manage_files_pattern(gatekeeper_t, gatekeeper_tmp_t, gatekeeper_tmp_t)
-files_tmp_filetrans(gatekeeper_t, gatekeeper_tmp_t, { file dir })
-
-manage_files_pattern(gatekeeper_t, gatekeeper_var_run_t, gatekeeper_var_run_t)
-files_pid_filetrans(gatekeeper_t, gatekeeper_var_run_t, file)
-
-kernel_read_system_state(gatekeeper_t)
-kernel_read_kernel_sysctls(gatekeeper_t)
-
-corecmd_list_bin(gatekeeper_t)
-
-corenet_all_recvfrom_unlabeled(gatekeeper_t)
-corenet_all_recvfrom_netlabel(gatekeeper_t)
-corenet_tcp_sendrecv_generic_if(gatekeeper_t)
-corenet_udp_sendrecv_generic_if(gatekeeper_t)
-corenet_tcp_sendrecv_generic_node(gatekeeper_t)
-corenet_udp_sendrecv_generic_node(gatekeeper_t)
-corenet_tcp_sendrecv_all_ports(gatekeeper_t)
-corenet_udp_sendrecv_all_ports(gatekeeper_t)
-corenet_tcp_bind_generic_node(gatekeeper_t)
-corenet_udp_bind_generic_node(gatekeeper_t)
-corenet_tcp_bind_gatekeeper_port(gatekeeper_t)
-corenet_udp_bind_gatekeeper_port(gatekeeper_t)
-corenet_sendrecv_gatekeeper_server_packets(gatekeeper_t)
-
-dev_read_sysfs(gatekeeper_t)
-# for SSP
-dev_read_urand(gatekeeper_t)
-
-domain_use_interactive_fds(gatekeeper_t)
-
-files_read_etc_files(gatekeeper_t)
-
-fs_getattr_all_fs(gatekeeper_t)
-fs_search_auto_mountpoints(gatekeeper_t)
-
-logging_send_syslog_msg(gatekeeper_t)
-
-miscfiles_read_localization(gatekeeper_t)
-
-sysnet_read_config(gatekeeper_t)
-
-userdom_dontaudit_use_unpriv_user_fds(gatekeeper_t)
-userdom_dontaudit_search_user_home_dirs(gatekeeper_t)
-
-optional_policy(`
-	nis_use_ypbind(gatekeeper_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(gatekeeper_t)
-')
-
-optional_policy(`
-	udev_read_db(gatekeeper_t)
-')
diff --git a/policy/modules/services/git.fc b/policy/modules/services/git.fc
deleted file mode 100644
index 2b552c5..0000000
--- a/policy/modules/services/git.fc
+++ /dev/null
@@ -1,13 +0,0 @@
-HOME_DIR/public_git(/.*)?	gen_context(system_u:object_r:git_session_content_t,s0)
-HOME_DIR/\.gitaliases	--	gen_context(system_u:object_r:git_session_content_t,s0)
-HOME_DIR/\.gitconfig	--	gen_context(system_u:object_r:git_session_content_t,s0)
-
-/srv/git(/.*)?			gen_context(system_u:object_r:git_system_content_t,s0)
-
-/usr/libexec/git-core/git-daemon	--	gen_context(system_u:object_r:gitd_exec_t,s0)
-
-/var/cache/cgit(/.*)?		gen_context(system_u:object_r:httpd_git_rw_content_t,s0)
-/var/lib/git(/.*)?		gen_context(system_u:object_r:git_system_content_t,s0)
-/var/www/cgi-bin/cgit	--	gen_context(system_u:object_r:httpd_git_script_exec_t,s0)
-/var/www/git(/.*)?		gen_context(system_u:object_r:httpd_git_content_t,s0)
-/var/www/git/gitweb.cgi		gen_context(system_u:object_r:httpd_git_script_exec_t,s0)
diff --git a/policy/modules/services/git.if b/policy/modules/services/git.if
deleted file mode 100644
index 3780650..0000000
--- a/policy/modules/services/git.if
+++ /dev/null
@@ -1,520 +0,0 @@
-## <summary>Fast Version Control System.</summary>
-## <desc>
-##	<p>
-##	A really simple TCP git daemon that normally listens on
-##	port DEFAULT_GIT_PORT aka 9418. It waits for a
-##	connection asking for a service, and will serve that
-##	service if it is enabled.
-##	</p>
-## </desc>
-
-#######################################
-## <summary>
-##	Role access for Git daemon session.
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role.
-##	</summary>
-## </param>
-#
-interface(`git_session_role',`
-	gen_require(`
-		type git_session_t, gitd_exec_t, git_session_content_t;
-	')
-
-	########################################
-	#
-	# Git daemon session shared declarations.
-	#
-
-	role $1 types git_session_t;
-
-	########################################
-	#
-	# Git daemon session shared policy.
-	#
-
-	domtrans_pattern($2, gitd_exec_t, git_session_t)
-
-	allow $2 git_session_t:process { ptrace signal_perms };
-	ps_process_pattern($2, git_session_t)
-')
-
-########################################
-## <summary>
-##	Create a set of derived types for Git
-##	daemon shared repository content.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	The prefix to be used for deriving type names.
-##	</summary>
-## </param>
-#
-template(`git_content_template',`
-	gen_require(`
-		attribute git_system_content, git_content;
-	')
-
-	########################################
-	#
-	# Git daemon content shared declarations.
-	#
-
-	type git_$1_content_t, git_system_content, git_content;
-	files_type(git_$1_content_t)
-')
-
-########################################
-## <summary>
-##	Create a set of derived types for Git
-##	daemon shared repository roles.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	The prefix to be used for deriving type names.
-##	</summary>
-## </param>
-#
-template(`git_role_template',`
-	gen_require(`
-		class context contains;
-		role system_r;
-	')
-
-	########################################
-	#
-	# Git daemon role shared declarations.
-	#
-
-	attribute $1_usertype;
-
-	type $1_t;
-	userdom_unpriv_usertype($1, $1_t)
-	domain_type($1_t)
-
-	role $1_r types $1_t;
-	allow system_r $1_r;
-
-	########################################
-	#
-	# Git daemon role shared policy.
-	#
-
-	allow $1_t self:context contains;
-	allow $1_t self:fifo_file rw_fifo_file_perms;
-
-	corecmd_exec_bin($1_t)
-	corecmd_bin_entry_type($1_t)
-	corecmd_shell_entry_type($1_t)
-
-	domain_interactive_fd($1_t)
-	domain_user_exemption_target($1_t)
-
-	kernel_read_system_state($1_t)
-
-	files_read_etc_files($1_t)
-	files_dontaudit_search_home($1_t)
-
-	miscfiles_read_localization($1_t)
-
-	git_rwx_generic_system_content($1_t)
-
-	ssh_rw_stream_sockets($1_t)
-
-	tunable_policy(`git_system_use_cifs',`
-		fs_exec_cifs_files($1_t)
-		fs_manage_cifs_dirs($1_t)
-		fs_manage_cifs_files($1_t)
-	')
-
-	tunable_policy(`git_system_use_nfs',`
-		fs_exec_nfs_files($1_t)
-		fs_manage_nfs_dirs($1_t)
-		fs_manage_nfs_files($1_t)
-	')
-
-	optional_policy(`
-		nscd_read_pid($1_t)
-	')
-')
-
-#######################################
-## <summary>
-##	Allow specified domain access to the
-##	specified Git daemon content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="object">
-##	<summary>
-##	Type of the object that access is allowed to.
-##	</summary>
-## </param>
-#
-interface(`git_content_delegation',`
-	gen_require(`
-		type $1, $2;
-	')
-
-	exec_files_pattern($1, $2, $2)
-	manage_dirs_pattern($1, $2, $2)
-	manage_files_pattern($1, $2, $2)
-	files_search_var_lib($1)
-
-	tunable_policy(`git_system_use_cifs',`
-		fs_exec_cifs_files($1)
-		fs_manage_cifs_dirs($1)
-		fs_manage_cifs_files($1)
-	')
-
-	tunable_policy(`git_system_use_nfs',`
-		fs_exec_nfs_files($1)
-		fs_manage_nfs_dirs($1)
-		fs_manage_nfs_files($1)
-	')
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to manage
-##	and execute all Git daemon content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`git_rwx_all_content',`
-	gen_require(`
-		attribute git_content;
-	')
-
-	exec_files_pattern($1, git_content, git_content)
-	manage_dirs_pattern($1, git_content, git_content)
-	manage_files_pattern($1, git_content, git_content)
-	userdom_search_user_home_dirs($1)
-	files_search_var_lib($1)
-
-	tunable_policy(`use_nfs_home_dirs',`
-		fs_exec_nfs_files($1)
-		fs_manage_nfs_dirs($1)
-		fs_manage_nfs_files($1)
-	')
-
-	tunable_policy(`use_samba_home_dirs',`
-		fs_exec_cifs_files($1)
-		fs_manage_cifs_dirs($1)
-		fs_manage_cifs_files($1)
-	')
-
-	tunable_policy(`git_system_use_cifs',`
-		fs_exec_cifs_files($1)
-		fs_manage_cifs_dirs($1)
-		fs_manage_cifs_files($1)
-	')
-
-	tunable_policy(`git_system_use_nfs',`
-		fs_exec_nfs_files($1)
-		fs_manage_nfs_dirs($1)
-		fs_manage_nfs_files($1)
-	')
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to manage
-##	and execute all Git daemon system content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`git_rwx_all_system_content',`
-	gen_require(`
-		attribute git_system_content;
-	')
-
-	exec_files_pattern($1, git_system_content, git_system_content)
-	manage_dirs_pattern($1, git_system_content, git_system_content)
-	manage_files_pattern($1, git_system_content, git_system_content)
-	files_search_var_lib($1)
-
-	tunable_policy(`git_system_use_cifs',`
-		fs_exec_cifs_files($1)
-		fs_manage_cifs_dirs($1)
-		fs_manage_cifs_files($1)
-	')
-
-	tunable_policy(`git_system_use_nfs',`
-		fs_exec_nfs_files($1)
-		fs_manage_nfs_dirs($1)
-		fs_manage_nfs_files($1)
-	')
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to manage
-##	and execute Git daemon generic system content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`git_rwx_generic_system_content',`
-	gen_require(`
-		type git_system_content_t;
-	')
-
-	exec_files_pattern($1, git_system_content_t, git_system_content_t)
-	manage_dirs_pattern($1, git_system_content_t, git_system_content_t)
-	manage_files_pattern($1, git_system_content_t, git_system_content_t)
-	files_search_var_lib($1)
-
-	tunable_policy(`git_system_use_cifs',`
-		fs_exec_cifs_files($1)
-		fs_manage_cifs_dirs($1)
-		fs_manage_cifs_files($1)
-	')
-
-	tunable_policy(`git_system_use_nfs',`
-		fs_exec_nfs_files($1)
-		fs_manage_nfs_dirs($1)
-		fs_manage_nfs_files($1)
-	')
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	all Git daemon content files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`git_read_all_content_files',`
-	gen_require(`
-		attribute git_content;
-	')
-
-	list_dirs_pattern($1, git_content, git_content)
-	read_files_pattern($1, git_content, git_content)
-	userdom_search_user_home_dirs($1)
-	files_search_var_lib($1)
-
-	tunable_policy(`use_nfs_home_dirs',`
-		fs_list_nfs($1)
-		fs_read_nfs_files($1)
-	')
-
-	tunable_policy(`use_samba_home_dirs',`
-		fs_list_cifs($1)
-		fs_read_cifs_files($1)
-	')
-
-	tunable_policy(`git_system_use_cifs',`
-		fs_list_cifs($1)
-		fs_read_cifs_files($1)
-	')
-
-	tunable_policy(`git_system_use_nfs',`
-		fs_list_nfs($1)
-		fs_read_nfs_files($1)
-	')
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	Git daemon session content files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`git_read_session_content_files',`
-	gen_require(`
-		type git_session_content_t;
-	')
-
-	list_dirs_pattern($1, git_session_content_t, git_session_content_t)
-	read_files_pattern($1, git_session_content_t, git_session_content_t)
-	userdom_search_user_home_dirs($1)
-
-	tunable_policy(`use_nfs_home_dirs',`
-		fs_list_nfs($1)
-		fs_read_nfs_files($1)
-	')
-
-	tunable_policy(`use_samba_home_dirs',`
-		fs_list_cifs($1)
-		fs_read_cifs_files($1)
-	')
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	all Git daemon system content files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`git_read_all_system_content_files',`
-	gen_require(`
-		attribute git_system_content;
-	')
-
-	list_dirs_pattern($1, git_system_content, git_system_content)
-	read_files_pattern($1, git_system_content, git_system_content)
-	files_search_var_lib($1)
-
-	tunable_policy(`git_system_use_cifs',`
-		fs_list_cifs($1)
-		fs_read_cifs_files($1)
-	')
-
-	tunable_policy(`git_system_use_nfs',`
-		fs_list_nfs($1)
-		fs_read_nfs_files($1)
-	')
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	Git daemon generic system content files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`git_read_generic_system_content_files',`
-	gen_require(`
-		type git_system_content_t;
-	')
-
-	list_dirs_pattern($1, git_system_content_t, git_system_content_t)
-	read_files_pattern($1, git_system_content_t, git_system_content_t)
-	files_search_var_lib($1)
-
-	tunable_policy(`git_system_use_cifs',`
-		fs_list_cifs($1)
-		fs_read_cifs_files($1)
-	')
-
-	tunable_policy(`git_system_use_nfs',`
-		fs_list_nfs($1)
-		fs_read_nfs_files($1)
-	')
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to relabel
-##	all Git daemon content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`git_relabel_all_content',`
-	gen_require(`
-		attribute git_content;
-	')
-
-	relabel_dirs_pattern($1, git_content, git_content)
-	relabel_files_pattern($1, git_content, git_content)
-	userdom_search_user_home_dirs($1)
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to relabel
-##	all Git daemon system content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`git_relabel_all_system_content',`
-	gen_require(`
-		attribute git_system_content;
-	')
-
-	relabel_dirs_pattern($1, git_system_content, git_system_content)
-	relabel_files_pattern($1, git_system_content, git_system_content)
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to relabel
-##	Git daemon generic system content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`git_relabel_generic_system_content',`
-	gen_require(`
-		type git_system_content_t;
-	')
-
-	relabel_dirs_pattern($1, git_system_content_t, git_system_content_t)
-	relabel_files_pattern($1, git_system_content_t, git_system_content_t)
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to relabel
-##	Git daemon session content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`git_relabel_session_content',`
-	gen_require(`
-		type git_session_content_t;
-	')
-
-	relabel_dirs_pattern($1, git_session_content_t, git_session_content_t)
-	relabel_files_pattern($1, git_session_content_t, git_session_content_t)
-	userdom_search_user_home_dirs($1)
-')
diff --git a/policy/modules/services/git.te b/policy/modules/services/git.te
deleted file mode 100644
index 8d10fc5..0000000
--- a/policy/modules/services/git.te
+++ /dev/null
@@ -1,192 +0,0 @@
-policy_module(git, 1.0.3)
-
-## <desc>
-##	<p>
-##	Allow Git daemon system to search home directories.
-##	</p>
-## </desc>
-gen_tunable(git_system_enable_homedirs, false)
-
-## <desc>
-##	<p>
-##	Allow Git daemon system to access cifs file systems.
-##	</p>
-## </desc>
-gen_tunable(git_system_use_cifs, false)
-
-## <desc>
-##	<p>
-##	Allow Git daemon system to access nfs file systems.
-##	</p>
-## </desc>
-gen_tunable(git_system_use_nfs, false)
-
-########################################
-#
-# Git daemon global private declarations.
-#
-
-attribute git_domains;
-attribute git_system_content;
-attribute git_content;
-
-type gitd_exec_t;
-application_executable_file(gitd_exec_t)
-
-########################################
-#
-# Git daemon system private declarations.
-#
-
-type git_system_t, git_domains;
-inetd_service_domain(git_system_t, gitd_exec_t)
-role system_r types git_system_t;
-
-type git_system_content_t, git_system_content, git_content;
-files_type(git_system_content_t)
-typealias git_system_content_t alias git_data_t;
-
-########################################
-#
-# Git daemon session private declarations.
-#
-
-## <desc>
-##	<p>
-##	Allow Git daemon session to bind
-##	tcp sockets to all unreserved ports.
-##	</p>
-## </desc>
-gen_tunable(git_session_bind_all_unreserved_ports, false)
-
-type git_session_t, git_domains;
-application_domain(git_session_t, gitd_exec_t)
-ubac_constrained(git_session_t)
-
-type git_session_content_t, git_content;
-userdom_user_home_content(git_session_content_t)
-
-########################################
-#
-# Git daemon global private policy.
-#
-
-allow git_domains self:fifo_file rw_fifo_file_perms;
-allow git_domains self:netlink_route_socket create_netlink_socket_perms;
-allow git_domains self:tcp_socket create_socket_perms;
-allow git_domains self:udp_socket create_socket_perms;
-allow git_domains self:unix_dgram_socket create_socket_perms;
-
-corenet_all_recvfrom_netlabel(git_domains)
-corenet_all_recvfrom_unlabeled(git_domains)
-corenet_tcp_bind_generic_node(git_domains)
-corenet_tcp_sendrecv_generic_if(git_domains)
-corenet_tcp_sendrecv_generic_node(git_domains)
-corenet_tcp_sendrecv_generic_port(git_domains)
-corenet_tcp_bind_git_port(git_domains)
-corenet_sendrecv_git_server_packets(git_domains)
-
-corecmd_exec_bin(git_domains)
-
-files_read_etc_files(git_domains)
-files_read_usr_files(git_domains)
-
-fs_search_auto_mountpoints(git_domains)
-
-kernel_read_system_state(git_domains)
-
-auth_use_nsswitch(git_domains)
-
-logging_send_syslog_msg(git_domains)
-
-miscfiles_read_localization(git_domains)
-
-sysnet_read_config(git_domains)
-
-optional_policy(`
-	automount_dontaudit_getattr_tmp_dirs(git_domains)
-')
-
-optional_policy(`
-	nis_use_ypbind(git_domains)
-')
-
-########################################
-#
-# Git daemon system repository private policy.
-#
-
-list_dirs_pattern(git_system_t, git_content, git_content)
-read_files_pattern(git_system_t, git_content, git_content)
-files_search_var_lib(git_system_t)
-
-tunable_policy(`git_system_enable_homedirs',`
-	userdom_search_user_home_dirs(git_system_t)
-')
-
-tunable_policy(`git_system_enable_homedirs && use_nfs_home_dirs',`
-	fs_list_nfs(git_system_t)
-	fs_read_nfs_files(git_system_t)
-')
-
-tunable_policy(`git_system_enable_homedirs && use_samba_home_dirs',`
-	fs_list_cifs(git_system_t)
-	fs_read_cifs_files(git_system_t)
-')
-
-tunable_policy(`git_system_use_cifs',`
-	fs_list_cifs(git_system_t)
-	fs_read_cifs_files(git_system_t)
-')
-
-tunable_policy(`git_system_use_nfs',`
-	fs_list_nfs(git_system_t)
-	fs_read_nfs_files(git_system_t)
-')
-
-########################################
-#
-# Git daemon session repository private policy.
-#
-
-allow git_session_t self:tcp_socket { accept listen };
-
-list_dirs_pattern(git_session_t, git_session_content_t, git_session_content_t)
-read_files_pattern(git_session_t, git_session_content_t, git_session_content_t)
-userdom_search_user_home_dirs(git_session_t)
-
-userdom_use_user_terminals(git_session_t)
-
-tunable_policy(`git_session_bind_all_unreserved_ports',`
-	corenet_tcp_bind_all_unreserved_ports(git_session_t)
-	corenet_sendrecv_generic_server_packets(git_session_t)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_list_nfs(git_session_t)
-	fs_read_nfs_files(git_session_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_list_cifs(git_session_t)
-	fs_read_cifs_files(git_session_t)
-')
-
-########################################
-#
-# cgi git Declarations
-#
-
-optional_policy(`
-	apache_content_template(git)
-	git_read_all_content_files(httpd_git_script_t)
-	files_dontaudit_getattr_tmp_dirs(httpd_git_script_t)
-')
-
-########################################
-#
-# Git-shell private policy.
-#
-
-git_role_template(git_shell)
-gen_user(git_shell_u, user, git_shell_r, s0, s0)
diff --git a/policy/modules/services/gnomeclock.fc b/policy/modules/services/gnomeclock.fc
deleted file mode 100644
index a8ce02e..0000000
--- a/policy/modules/services/gnomeclock.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-/usr/libexec/gnome-clock-applet-mechanism	--	gen_context(system_u:object_r:gnomeclock_exec_t,s0)
-
-/usr/libexec/gsd-datetime-mechanism		--	gen_context(system_u:object_r:gnomeclock_exec_t,s0)
-
diff --git a/policy/modules/services/gnomeclock.if b/policy/modules/services/gnomeclock.if
deleted file mode 100644
index b1f8f93..0000000
--- a/policy/modules/services/gnomeclock.if
+++ /dev/null
@@ -1,86 +0,0 @@
-## <summary>Gnome clock handler for setting the time.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run gnomeclock.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`gnomeclock_domtrans',`
-	gen_require(`
-		type gnomeclock_t, gnomeclock_exec_t;
-	')
-
-	domtrans_pattern($1, gnomeclock_exec_t, gnomeclock_t)
-')
-
-########################################
-## <summary>
-##	Execute gnomeclock in the gnomeclock domain, and
-##	allow the specified role the gnomeclock domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnomeclock_run',`
-	gen_require(`
-		type gnomeclock_t;
-	')
-
-	gnomeclock_domtrans($1)
-	role $2 types gnomeclock_t;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	gnomeclock over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnomeclock_dbus_chat',`
-	gen_require(`
-		type gnomeclock_t;
-		class dbus send_msg;
-	')
-
-	allow $1 gnomeclock_t:dbus send_msg;
-	allow gnomeclock_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Do not audit send and receive messages from
-##	gnomeclock over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`gnomeclock_dontaudit_dbus_chat',`
-	gen_require(`
-		type gnomeclock_t;
-		class dbus send_msg;
-	')
-
-	dontaudit $1 gnomeclock_t:dbus send_msg;
-	dontaudit gnomeclock_t $1:dbus send_msg;
-')
diff --git a/policy/modules/services/gnomeclock.te b/policy/modules/services/gnomeclock.te
deleted file mode 100644
index 4fde46b..0000000
--- a/policy/modules/services/gnomeclock.te
+++ /dev/null
@@ -1,46 +0,0 @@
-policy_module(gnomeclock, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type gnomeclock_t;
-type gnomeclock_exec_t;
-dbus_system_domain(gnomeclock_t, gnomeclock_exec_t)
-
-########################################
-#
-# gnomeclock local policy
-#
-
-allow gnomeclock_t self:capability { sys_nice sys_time sys_ptrace };
-allow gnomeclock_t self:process { getattr getsched };
-allow gnomeclock_t self:fifo_file rw_fifo_file_perms;
-allow gnomeclock_t self:unix_stream_socket create_stream_socket_perms;
-
-corecmd_exec_bin(gnomeclock_t)
-
-files_read_etc_files(gnomeclock_t)
-files_read_usr_files(gnomeclock_t)
-
-auth_use_nsswitch(gnomeclock_t)
-
-clock_domtrans(gnomeclock_t)
-
-miscfiles_read_localization(gnomeclock_t)
-miscfiles_manage_localization(gnomeclock_t)
-miscfiles_etc_filetrans_localization(gnomeclock_t)
-
-userdom_read_all_users_state(gnomeclock_t)
-
-optional_policy(`
-	consolekit_dbus_chat(gnomeclock_t)
-')
-
-optional_policy(`
-	policykit_dbus_chat(gnomeclock_t)
-	policykit_domtrans_auth(gnomeclock_t)
-	policykit_read_lib(gnomeclock_t)
-	policykit_read_reload(gnomeclock_t)
-')
diff --git a/policy/modules/services/gpm.fc b/policy/modules/services/gpm.fc
deleted file mode 100644
index 6fc9661..0000000
--- a/policy/modules/services/gpm.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-
-/dev/gpmctl		-s	gen_context(system_u:object_r:gpmctl_t,s0)
-/dev/gpmdata		-p	gen_context(system_u:object_r:gpmctl_t,s0)
-
-/etc/gpm(/.*)?			gen_context(system_u:object_r:gpm_conf_t,s0)
-
-/usr/sbin/gpm		--	gen_context(system_u:object_r:gpm_exec_t,s0)
diff --git a/policy/modules/services/gpm.if b/policy/modules/services/gpm.if
deleted file mode 100644
index d6b2959..0000000
--- a/policy/modules/services/gpm.if
+++ /dev/null
@@ -1,81 +0,0 @@
-## <summary>General Purpose Mouse driver</summary>
-
-########################################
-## <summary>
-##	Connect to GPM over a unix domain
-##	stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gpm_stream_connect',`
-	gen_require(`
-		type gpmctl_t, gpm_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	stream_connect_pattern($1, gpmctl_t, gpmctl_t, gpm_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of the GPM
-##	control channel named socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gpm_getattr_gpmctl',`
-	gen_require(`
-		type gpmctl_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 gpmctl_t:sock_file getattr_sock_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the 
-##	attributes of the GPM control channel
-##	named socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`gpm_dontaudit_getattr_gpmctl',`
-	gen_require(`
-		type gpmctl_t;
-	')
-
-	dontaudit $1 gpmctl_t:sock_file getattr_sock_file_perms;
-')
-
-########################################
-## <summary>
-##	Set the attributes of the GPM
-##	control channel named socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gpm_setattr_gpmctl',`
-	gen_require(`
-		type gpmctl_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 gpmctl_t:sock_file setattr_sock_file_perms;
-')
diff --git a/policy/modules/services/gpm.te b/policy/modules/services/gpm.te
deleted file mode 100644
index a627b34..0000000
--- a/policy/modules/services/gpm.te
+++ /dev/null
@@ -1,79 +0,0 @@
-policy_module(gpm, 1.8.0)
-
-########################################
-#
-# Declarations
-#
-
-type gpm_t;
-type gpm_exec_t;
-init_daemon_domain(gpm_t, gpm_exec_t)
-
-type gpm_conf_t;
-files_type(gpm_conf_t)
-
-type gpm_tmp_t;
-files_tmp_file(gpm_tmp_t)
-
-type gpm_var_run_t;
-files_pid_file(gpm_var_run_t)
-
-type gpmctl_t;
-files_type(gpmctl_t)
-
-########################################
-#
-# Local policy
-#
-
-allow gpm_t self:capability { setpcap setuid dac_override sys_admin sys_tty_config };
-allow gpm_t self:process { getcap setcap };
-allow gpm_t self:unix_stream_socket create_stream_socket_perms;
-
-allow gpm_t gpm_conf_t:dir list_dir_perms;
-read_files_pattern(gpm_t, gpm_conf_t, gpm_conf_t)
-read_lnk_files_pattern(gpm_t, gpm_conf_t, gpm_conf_t)
-
-manage_dirs_pattern(gpm_t, gpm_tmp_t, gpm_tmp_t)
-manage_files_pattern(gpm_t, gpm_tmp_t, gpm_tmp_t)
-files_tmp_filetrans(gpm_t, gpm_tmp_t, { file dir })
-
-allow gpm_t gpm_var_run_t:file manage_file_perms;
-files_pid_filetrans(gpm_t, gpm_var_run_t, file)
-
-allow gpm_t gpmctl_t:sock_file manage_sock_file_perms;
-allow gpm_t gpmctl_t:fifo_file manage_fifo_file_perms;
-dev_filetrans(gpm_t, gpmctl_t, { sock_file fifo_file })
-
-kernel_read_kernel_sysctls(gpm_t)
-kernel_list_proc(gpm_t)
-kernel_read_proc_symlinks(gpm_t)
-
-dev_read_sysfs(gpm_t)
-# Access the mouse.
-dev_rw_input_dev(gpm_t)
-dev_rw_mouse(gpm_t)
-
-files_read_etc_files(gpm_t)
-
-fs_getattr_all_fs(gpm_t)
-fs_search_auto_mountpoints(gpm_t)
-
-term_use_unallocated_ttys(gpm_t)
-
-domain_use_interactive_fds(gpm_t)
-
-logging_send_syslog_msg(gpm_t)
-
-miscfiles_read_localization(gpm_t)
-
-userdom_dontaudit_use_unpriv_user_fds(gpm_t)
-userdom_dontaudit_search_user_home_dirs(gpm_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(gpm_t)
-')
-
-optional_policy(`
-	udev_read_db(gpm_t)
-')
diff --git a/policy/modules/services/gpsd.fc b/policy/modules/services/gpsd.fc
deleted file mode 100644
index 5e81e33..0000000
--- a/policy/modules/services/gpsd.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-/etc/rc\.d/init\.d/gpsd	--	gen_context(system_u:object_r:gpsd_initrc_exec_t,s0)
-
-/usr/sbin/gpsd		--	gen_context(system_u:object_r:gpsd_exec_t,s0)
-
-/var/run/gpsd\.pid	--	gen_context(system_u:object_r:gpsd_var_run_t,s0)
-/var/run/gpsd\.sock	-s	gen_context(system_u:object_r:gpsd_var_run_t,s0)
diff --git a/policy/modules/services/gpsd.if b/policy/modules/services/gpsd.if
deleted file mode 100644
index c0ee676..0000000
--- a/policy/modules/services/gpsd.if
+++ /dev/null
@@ -1,66 +0,0 @@
-## <summary>gpsd monitor daemon</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run gpsd.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`gpsd_domtrans',`
-	gen_require(`
-		type gpsd_t, gpsd_exec_t;
-	')
-
-	domtrans_pattern($1, gpsd_exec_t, gpsd_t)
-')
-
-########################################
-## <summary>
-##	Execute gpsd in the gpsd domain, and
-##	allow the specified role the gpsd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`gpsd_run',`
-	gen_require(`
-		type gpsd_t;
-	')
-
-	gpsd_domtrans($1)
-	role $2 types gpsd_t;
-')
-
-########################################
-## <summary>
-##	Read and write gpsd shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gpsd_rw_shm',`
-	gen_require(`
-		type gpsd_t, gpsd_tmpfs_t;
-	')
-
-	allow $1 gpsd_t:shm rw_shm_perms;
-	allow $1 gpsd_tmpfs_t:dir list_dir_perms;
-	rw_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
-	read_lnk_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
-	fs_search_tmpfs($1)
-')
diff --git a/policy/modules/services/gpsd.te b/policy/modules/services/gpsd.te
deleted file mode 100644
index 7b9c543..0000000
--- a/policy/modules/services/gpsd.te
+++ /dev/null
@@ -1,68 +0,0 @@
-policy_module(gpsd, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type gpsd_t;
-type gpsd_exec_t;
-application_domain(gpsd_t, gpsd_exec_t)
-init_daemon_domain(gpsd_t, gpsd_exec_t)
-
-type gpsd_initrc_exec_t;
-init_script_file(gpsd_initrc_exec_t)
-
-type gpsd_tmpfs_t;
-files_tmpfs_file(gpsd_tmpfs_t)
-
-type gpsd_var_run_t;
-files_pid_file(gpsd_var_run_t)
-
-########################################
-#
-# gpsd local policy
-#
-
-allow gpsd_t self:capability { fowner fsetid setuid setgid sys_nice sys_tty_config };
-allow gpsd_t self:process setsched;
-allow gpsd_t self:shm create_shm_perms;
-allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto };
-allow gpsd_t self:tcp_socket create_stream_socket_perms;
-
-manage_dirs_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t)
-manage_files_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t)
-fs_tmpfs_filetrans(gpsd_t, gpsd_tmpfs_t, { dir file })
-
-manage_files_pattern(gpsd_t, gpsd_var_run_t, gpsd_var_run_t)
-manage_sock_files_pattern(gpsd_t, gpsd_var_run_t, gpsd_var_run_t)
-files_pid_filetrans(gpsd_t, gpsd_var_run_t, { file sock_file })
-
-corenet_all_recvfrom_unlabeled(gpsd_t)
-corenet_all_recvfrom_netlabel(gpsd_t)
-corenet_tcp_sendrecv_generic_if(gpsd_t)
-corenet_tcp_sendrecv_generic_node(gpsd_t)
-corenet_tcp_sendrecv_all_ports(gpsd_t)
-corenet_tcp_bind_all_nodes(gpsd_t)
-corenet_tcp_bind_gpsd_port(gpsd_t)
-
-term_use_unallocated_ttys(gpsd_t)
-term_setattr_unallocated_ttys(gpsd_t)
-
-auth_use_nsswitch(gpsd_t)
-
-logging_send_syslog_msg(gpsd_t)
-
-miscfiles_read_localization(gpsd_t)
-
-optional_policy(`
-	chronyd_rw_shm(gpsd_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(gpsd_t)
-')
-
-optional_policy(`
-	ntp_rw_shm(gpsd_t)
-')
diff --git a/policy/modules/services/hal.fc b/policy/modules/services/hal.fc
deleted file mode 100644
index c98b0df..0000000
--- a/policy/modules/services/hal.fc
+++ /dev/null
@@ -1,33 +0,0 @@
-
-/etc/hal/device\.d/printer_remove\.hal -- 	gen_context(system_u:object_r:hald_exec_t,s0)
-/etc/hal/capability\.d/printer_update\.hal --	gen_context(system_u:object_r:hald_exec_t,s0)
-
-/usr/bin/hal-setup-keymap		--	gen_context(system_u:object_r:hald_keymap_exec_t,s0)
-
-/usr/libexec/hal-acl-tool		--	gen_context(system_u:object_r:hald_acl_exec_t,s0)
-/usr/libexec/hal-dccm			--	gen_context(system_u:object_r:hald_dccm_exec_t,s0)
-/usr/libexec/hal-hotplug-map 		--	gen_context(system_u:object_r:hald_exec_t,s0)
-/usr/libexec/hal-system-sonypic	 	--	gen_context(system_u:object_r:hald_sonypic_exec_t,s0)
-/usr/libexec/hald-addon-macbookpro-backlight --	gen_context(system_u:object_r:hald_mac_exec_t,s0)
-/usr/libexec/hald-addon-macbook-backlight --	gen_context(system_u:object_r:hald_mac_exec_t,s0)
-/usr/sbin/radeontool			--	gen_context(system_u:object_r:hald_mac_exec_t,s0)
-
-/usr/sbin/hald		--			gen_context(system_u:object_r:hald_exec_t,s0)
-
-/var/cache/hald(/.*)?				gen_context(system_u:object_r:hald_cache_t,s0)
-
-/var/lib/hal(/.*)?				gen_context(system_u:object_r:hald_var_lib_t,s0)
-
-/var/log/pm(/.*)?				gen_context(system_u:object_r:hald_log_t,s0)
-/var/log/pm-.*\.log				gen_context(system_u:object_r:hald_log_t,s0)
-
-/var/run/hald(/.*)?				gen_context(system_u:object_r:hald_var_run_t,s0)
-/var/run/haldaemon\.pid	--	 		gen_context(system_u:object_r:hald_var_run_t,s0)
-/var/run/pm(/.*)?				gen_context(system_u:object_r:hald_var_run_t,s0)
-/var/run/pm-utils(/.*)?				gen_context(system_u:object_r:hald_var_run_t,s0)
-/var/run/synce.*	 			gen_context(system_u:object_r:hald_var_run_t,s0)
-/var/run/vbe.*	 	--			gen_context(system_u:object_r:hald_var_run_t,s0)
-
-ifdef(`distro_gentoo',`
-/var/lib/cache/hald(/.*)?			gen_context(system_u:object_r:hald_cache_t,s0)
-')
diff --git a/policy/modules/services/hal.if b/policy/modules/services/hal.if
deleted file mode 100644
index 26de57a..0000000
--- a/policy/modules/services/hal.if
+++ /dev/null
@@ -1,457 +0,0 @@
-## <summary>Hardware abstraction layer</summary>
-
-########################################
-## <summary>
-##	Execute hal in the hal domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`hal_domtrans',`
-	gen_require(`
-		type hald_t, hald_exec_t;
-	')
-
-	domtrans_pattern($1, hald_exec_t, hald_t)
-')
-
-########################################
-## <summary>
-##	Read hal system state
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hal_read_state',`
-	gen_require(`
-		type hald_t;
-	')
-
-	kernel_search_proc($1)
-	ps_process_pattern($1, hald_t)
-')
-
-########################################
-## <summary>
-##	Allow ptrace of hal domain
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hal_ptrace',`
-	gen_require(`
-		type hald_t;
-	')
-
-	allow $1 hald_t:process ptrace;
-')
-
-########################################
-## <summary>
-##	Allow domain to use file descriptors from hal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hal_use_fds',`
-	gen_require(`
-		type hald_t;
-	')
-
-	allow $1 hald_t:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to use file descriptors from hal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`hal_dontaudit_use_fds',`
-	gen_require(`
-		type hald_t;
-	')
-
-	dontaudit $1 hald_t:fd use;
-')
-
-########################################
-## <summary>
-##	Allow attempts to read and write to
-##	hald unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hal_rw_pipes',`
-	gen_require(`
-		type hald_t;
-	')
-
-	allow $1 hald_t:fifo_file rw_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write to
-##	hald unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`hal_dontaudit_rw_pipes',`
-	gen_require(`
-		type hald_t;
-	')
-
-	dontaudit $1 hald_t:fifo_file rw_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Send to hal over a unix domain
-##	datagram socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hal_dgram_send',`
-	gen_require(`
-		type hald_t;
-	')
-
-	allow $1 hald_t:unix_dgram_socket sendto;
-')
-
-########################################
-## <summary>
-##	Send to hal over a unix domain
-##	stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hal_stream_connect',`
-	gen_require(`
-		type hald_t;
-	')
-
-	allow $1 hald_t:unix_stream_socket connectto;
-')
-
-########################################
-## <summary>
-##	Dontaudit read/write to a hal unix datagram socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`hal_dontaudit_rw_dgram_sockets',`
-	gen_require(`
-		type hald_t;
-	')
-
-	dontaudit $1 hald_t:unix_dgram_socket { read write };
-')
-
-########################################
-## <summary>
-##	Send a dbus message to hal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hal_dbus_send',`
-	gen_require(`
-		type hald_t;
-		class dbus send_msg;
-	')
-
-	allow $1 hald_t:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	hal over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hal_dbus_chat',`
-	gen_require(`
-		type hald_t;
-		class dbus send_msg;
-	')
-
-	allow $1 hald_t:dbus send_msg;
-	allow hald_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Execute hal mac in the hal mac domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`hal_domtrans_mac',`
-	gen_require(`
-		type hald_mac_t, hald_mac_exec_t;
-	')
-
-	domtrans_pattern($1, hald_mac_exec_t, hald_mac_t)
-')
-
-########################################
-## <summary>
-##	Allow attempts to write the hal
-##	log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hal_write_log',`
-	gen_require(`
-		type hald_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 hald_log_t:file write_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write the hal
-##	log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`hal_dontaudit_write_log',`
-	gen_require(`
-		type hald_log_t;
-	')
-
-	dontaudit $1 hald_log_t:file { append write };
-')
-
-########################################
-## <summary>
-##	Manage hald log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hal_manage_log',`
-	gen_require(`
-		type hald_log_t;
-	')
-
-	# log files for hald
-	manage_files_pattern($1, hald_log_t, hald_log_t)
-	logging_log_filetrans($1, hald_log_t, file)
-')
-
-########################################
-## <summary>
-##	Read hald tmp files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hal_read_tmp_files',`
-	gen_require(`
-		type hald_tmp_t;
-	')
-
-	allow $1 hald_tmp_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write
-##	HAL libraries files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`hal_dontaudit_append_lib_files',`
-	gen_require(`
-		type hald_var_lib_t;
-	')
-
-	dontaudit $1 hald_var_lib_t:file { read_file_perms append_file_perms };
-')
-
-########################################
-## <summary>
-##	Read hald PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hal_read_pid_files',`
-	gen_require(`
-		type hald_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 hald_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read
-##	hald PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`hal_dontaudit_read_pid_files',`
-	gen_require(` 
-		type hald_var_run_t;
-	')
-
-	dontaudit $1 hald_var_run_t:file read_inherited_file_perms;
-')
-
-########################################
-## <summary>
-##	Read/Write hald PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hal_rw_pid_files',`
-	gen_require(`
-		type hald_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 hald_var_run_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Manage hald PID dirs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hal_manage_pid_dirs',`
-	gen_require(`
-		type hald_var_run_t;
-	')
-
-	files_search_pids($1)
-	manage_dirs_pattern($1, hald_var_run_t, hald_var_run_t)
-')
-
-########################################
-## <summary>
-##	Manage hald PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hal_manage_pid_files',`
-	gen_require(`
-		type hald_var_run_t;
-	')
-
-	files_search_pids($1)
-	manage_files_pattern($1, hald_var_run_t, hald_var_run_t)
-')
-
-########################################
-## <summary>
-##	dontaudit read and write an leaked file descriptors
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`hal_dontaudit_leaks',`
-	gen_require(`
-		type hald_log_t, hald_t, hald_var_run_t;
-	')
-
-	dontaudit $1 hald_t:fd use;
-	dontaudit $1 hald_log_t:file rw_inherited_file_perms;
-	dontaudit $1 hald_t:fifo_file rw_inherited_fifo_file_perms;
-	dontaudit hald_t $1:socket_class_set { read write };
-	dontaudit $1 hald_var_run_t:file read_inherited_file_perms;
-')
diff --git a/policy/modules/services/hal.te b/policy/modules/services/hal.te
deleted file mode 100644
index ae0b05b..0000000
--- a/policy/modules/services/hal.te
+++ /dev/null
@@ -1,557 +0,0 @@
-policy_module(hal, 1.13.0)
-
-########################################
-#
-# Declarations
-#
-
-type hald_t;
-type hald_exec_t;
-init_daemon_domain(hald_t, hald_exec_t)
-
-type hald_acl_t;
-type hald_acl_exec_t;
-domain_type(hald_acl_t)
-domain_entry_file(hald_acl_t, hald_acl_exec_t)
-role system_r types hald_acl_t;
-
-type hald_cache_t;
-files_pid_file(hald_cache_t)
-
-type hald_dccm_t;
-type hald_dccm_exec_t;
-domain_type(hald_dccm_t)
-domain_entry_file(hald_dccm_t, hald_dccm_exec_t)
-role system_r types hald_dccm_t;
-
-type hald_keymap_t;
-type hald_keymap_exec_t;
-domain_type(hald_keymap_t)
-domain_entry_file(hald_keymap_t, hald_keymap_exec_t)
-role system_r types hald_keymap_t;
-
-type hald_log_t;
-logging_log_file(hald_log_t)
-
-type hald_mac_t;
-type hald_mac_exec_t;
-domain_type(hald_mac_t)
-domain_entry_file(hald_mac_t, hald_mac_exec_t)
-role system_r types hald_mac_t;
-
-type hald_sonypic_t;
-type hald_sonypic_exec_t;
-domain_type(hald_sonypic_t)
-domain_entry_file(hald_sonypic_t, hald_sonypic_exec_t)
-role system_r types hald_sonypic_t;
-
-type hald_tmp_t;
-files_tmp_file(hald_tmp_t)
-
-type hald_var_run_t;
-files_pid_file(hald_var_run_t)
-
-type hald_var_lib_t;
-files_type(hald_var_lib_t)
-
-typealias hald_log_t alias pmtools_log_t;
-typealias hald_var_run_t alias pmtools_var_run_t;
-
-########################################
-#
-# Local policy
-#
-
-# execute openvt which needs setuid
-allow hald_t self:capability { chown setuid setgid kill net_admin sys_admin sys_nice dac_override dac_read_search mknod sys_rawio sys_tty_config };
-dontaudit hald_t self:capability {sys_ptrace sys_tty_config };
-allow hald_t self:process { getsched getattr signal_perms };
-allow hald_t self:fifo_file rw_fifo_file_perms;
-allow hald_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow hald_t self:unix_dgram_socket create_socket_perms;
-allow hald_t self:netlink_kobject_uevent_socket create_socket_perms;
-allow hald_t self:tcp_socket create_stream_socket_perms;
-allow hald_t self:udp_socket create_socket_perms;
-# For backwards compatibility with older kernels
-allow hald_t self:netlink_socket create_socket_perms;
-
-manage_files_pattern(hald_t, hald_cache_t, hald_cache_t)
-
-# log files for hald
-manage_files_pattern(hald_t, hald_log_t, hald_log_t)
-logging_log_filetrans(hald_t, hald_log_t, file)
-
-manage_dirs_pattern(hald_t, hald_tmp_t, hald_tmp_t)
-manage_files_pattern(hald_t, hald_tmp_t, hald_tmp_t)
-files_tmp_filetrans(hald_t, hald_tmp_t, { file dir })
-
-# var/lib files for hald
-manage_dirs_pattern(hald_t, hald_var_lib_t, hald_var_lib_t)
-manage_files_pattern(hald_t, hald_var_lib_t, hald_var_lib_t)
-manage_sock_files_pattern(hald_t, hald_var_lib_t, hald_var_lib_t)
-
-manage_dirs_pattern(hald_t, hald_var_run_t, hald_var_run_t)
-manage_files_pattern(hald_t, hald_var_run_t, hald_var_run_t)
-files_pid_filetrans(hald_t, hald_var_run_t, { dir file })
-
-kernel_read_system_state(hald_t)
-kernel_read_network_state(hald_t)
-kernel_read_software_raid_state(hald_t)
-kernel_rw_kernel_sysctl(hald_t)
-kernel_read_fs_sysctls(hald_t)
-kernel_rw_irq_sysctls(hald_t)
-kernel_rw_vm_sysctls(hald_t)
-kernel_write_proc_files(hald_t)
-kernel_rw_net_sysctls(hald_t)
-kernel_setsched(hald_t)
-kernel_request_load_module(hald_t)
-
-auth_read_pam_console_data(hald_t)
-
-corecmd_exec_all_executables(hald_t)
-
-corenet_all_recvfrom_unlabeled(hald_t)
-corenet_all_recvfrom_netlabel(hald_t)
-corenet_tcp_sendrecv_generic_if(hald_t)
-corenet_udp_sendrecv_generic_if(hald_t)
-corenet_tcp_sendrecv_generic_node(hald_t)
-corenet_udp_sendrecv_generic_node(hald_t)
-corenet_tcp_sendrecv_all_ports(hald_t)
-corenet_udp_sendrecv_all_ports(hald_t)
-
-dev_rw_usbfs(hald_t)
-dev_read_rand(hald_t)
-dev_read_urand(hald_t)
-dev_read_input(hald_t)
-dev_read_mouse(hald_t)
-dev_rw_printer(hald_t)
-dev_read_lvm_control(hald_t)
-dev_getattr_all_chr_files(hald_t)
-dev_manage_generic_chr_files(hald_t)
-dev_manage_generic_blk_files(hald_t)
-dev_rw_generic_usb_dev(hald_t)
-dev_setattr_generic_usb_dev(hald_t)
-dev_setattr_usbfs_files(hald_t)
-dev_rw_power_management(hald_t)
-dev_read_raw_memory(hald_t)
-# hal is now execing pm-suspend
-dev_rw_sysfs(hald_t)
-dev_read_video_dev(hald_t)
-
-domain_use_interactive_fds(hald_t)
-domain_read_all_domains_state(hald_t)
-domain_dontaudit_ptrace_all_domains(hald_t)
-
-files_exec_etc_files(hald_t)
-files_read_etc_files(hald_t)
-files_rw_etc_runtime_files(hald_t)
-files_manage_mnt_dirs(hald_t)
-files_manage_mnt_files(hald_t)
-files_manage_mnt_symlinks(hald_t)
-files_search_var_lib(hald_t)
-files_read_usr_files(hald_t)
-# hal is now execing pm-suspend
-files_create_boot_flag(hald_t)
-files_getattr_all_dirs(hald_t)
-files_getattr_all_files(hald_t)
-files_read_kernel_img(hald_t)
-files_rw_lock_dirs(hald_t)
-files_read_generic_pids(hald_t)
-
-fs_getattr_all_fs(hald_t)
-fs_search_all(hald_t)
-fs_list_inotifyfs(hald_t)
-fs_list_auto_mountpoints(hald_t)
-fs_mount_dos_fs(hald_t)
-fs_unmount_dos_fs(hald_t)
-fs_manage_dos_files(hald_t)
-fs_manage_fusefs_dirs(hald_t)
-fs_rw_removable_blk_files(hald_t)
-
-files_getattr_all_mountpoints(hald_t)
-
-mls_file_read_all_levels(hald_t)
-
-selinux_get_fs_mount(hald_t)
-selinux_validate_context(hald_t)
-selinux_compute_access_vector(hald_t)
-selinux_compute_create_context(hald_t)
-selinux_compute_relabel_context(hald_t)
-selinux_compute_user_contexts(hald_t)
-
-storage_raw_read_removable_device(hald_t)
-storage_raw_write_removable_device(hald_t)
-storage_raw_read_fixed_disk(hald_t)
-storage_raw_write_fixed_disk(hald_t)
-
-# hal_probe_serial causes these
-term_setattr_unallocated_ttys(hald_t)
-term_use_unallocated_ttys(hald_t)
-
-auth_use_nsswitch(hald_t)
-
-fstools_getattr_swap_files(hald_t)
-
-init_domtrans_script(hald_t)
-init_read_utmp(hald_t)
-#hal runs shutdown, probably need a shutdown domain
-init_rw_utmp(hald_t)
-init_telinit(hald_t)
-
-libs_exec_ld_so(hald_t)
-libs_exec_lib_files(hald_t)
-
-logging_send_audit_msgs(hald_t)
-logging_send_syslog_msg(hald_t)
-logging_search_logs(hald_t)
-
-miscfiles_read_localization(hald_t)
-miscfiles_read_hwdata(hald_t)
-
-modutils_domtrans_insmod(hald_t)
-modutils_read_module_deps(hald_t)
-
-seutil_read_config(hald_t)
-seutil_read_default_contexts(hald_t)
-seutil_read_file_contexts(hald_t)
-
-sysnet_delete_dhcpc_pid(hald_t)
-sysnet_domtrans_dhcpc(hald_t)
-sysnet_domtrans_ifconfig(hald_t)
-sysnet_read_config(hald_t)
-sysnet_read_dhcp_config(hald_t)
-sysnet_read_dhcpc_pid(hald_t)
-sysnet_signal_dhcpc(hald_t)
-
-userdom_dontaudit_use_unpriv_user_fds(hald_t)
-userdom_dontaudit_search_user_home_dirs(hald_t)
-userdom_stream_connect(hald_t)
-
-netutils_domtrans(hald_t)
-
-optional_policy(`
-	alsa_domtrans(hald_t)
-	alsa_read_rw_config(hald_t)
-')
-
-optional_policy(`
-	bootloader_domtrans(hald_t)
-')
-
-optional_policy(`
-	# For /usr/libexec/hald-addon-acpi
-	# writes to /var/run/acpid.socket
-	apm_stream_connect(hald_t)
-')
-
-optional_policy(`
-	bind_search_cache(hald_t)
-')
-
-optional_policy(`
-	bluetooth_domtrans(hald_t)
-')
-
-optional_policy(`
-	clock_domtrans(hald_t)
-')
-
-optional_policy(`
-	cups_domtrans_config(hald_t)
-	cups_signal_config(hald_t)
-')
-
-optional_policy(`
-	dbus_system_domain(hald_t, hald_exec_t)
-
-	init_dbus_chat_script(hald_t)
-
-	optional_policy(`
-		networkmanager_dbus_chat(hald_t)
-	')
-')
-
-optional_policy(`
-	# For /usr/libexec/hald-probe-smbios
-	dmidecode_domtrans(hald_t)
-')
-
-optional_policy(`
-	gnome_read_config(hald_t)
-')
-
-optional_policy(`
-	gpm_dontaudit_getattr_gpmctl(hald_t)
-')
-
-optional_policy(`
-	hotplug_read_config(hald_t)
-')
-
-optional_policy(`
-	lvm_domtrans(hald_t)
-')
-
-optional_policy(`
-	mount_domtrans(hald_t)
-')
-
-optional_policy(`
-	ntp_domtrans(hald_t)
-')
-
-optional_policy(`
-	pcmcia_manage_pid(hald_t)
-	pcmcia_manage_pid_chr_files(hald_t)
-')
-
-optional_policy(`
-	podsleuth_domtrans(hald_t)
-')
-
-optional_policy(`
-	ppp_domtrans(hald_t)
-	ppp_read_rw_config(hald_t)
-')
-
-optional_policy(`
-	policykit_dbus_chat(hald_t)
-	policykit_domtrans_auth(hald_t)
-	policykit_domtrans_resolve(hald_t)
-	policykit_read_lib(hald_t)
-	policykit_read_reload(hald_t)
-')
-
-optional_policy(`
-	rpc_search_nfs_state_data(hald_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(hald_t)
-')
-
-optional_policy(`
-	shutdown_domtrans(hald_t)
-')
-
-optional_policy(`
-	udev_domtrans(hald_t)
-	udev_read_db(hald_t)
-')
-
-optional_policy(`
-	usbmuxd_stream_connect(hald_t)
-')
-
-optional_policy(`
-	updfstab_domtrans(hald_t)
-')
-
-optional_policy(`
-	vbetool_domtrans(hald_t)
-')
-
-optional_policy(`
-	virt_manage_images(hald_t)
-')
-
-optional_policy(`
-	xserver_read_pid(hald_t)
-')
-
-########################################
-#
-# Hal acl local policy
-#
-
-allow hald_acl_t self:capability { dac_override fowner sys_resource };
-allow hald_acl_t self:process { getattr signal };
-allow hald_acl_t self:fifo_file rw_fifo_file_perms;
-
-domtrans_pattern(hald_t, hald_acl_exec_t, hald_acl_t)
-allow hald_t hald_acl_t:process signal;
-allow hald_acl_t hald_t:unix_stream_socket connectto;
-
-manage_dirs_pattern(hald_acl_t, hald_var_lib_t, hald_var_lib_t)
-manage_files_pattern(hald_acl_t, hald_var_lib_t, hald_var_lib_t)
-files_search_var_lib(hald_acl_t)
-
-manage_dirs_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
-manage_files_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
-files_pid_filetrans(hald_acl_t, hald_var_run_t, { dir file })
-allow hald_t hald_var_run_t:dir mounton;
-
-corecmd_exec_bin(hald_acl_t)
-
-dev_getattr_all_chr_files(hald_acl_t)
-dev_setattr_all_chr_files(hald_acl_t)
-dev_getattr_generic_usb_dev(hald_acl_t)
-dev_getattr_video_dev(hald_acl_t)
-dev_setattr_video_dev(hald_acl_t)
-dev_getattr_sound_dev(hald_acl_t)
-dev_setattr_sound_dev(hald_acl_t)
-dev_setattr_generic_usb_dev(hald_acl_t)
-dev_setattr_usbfs_files(hald_acl_t)
-
-files_read_usr_files(hald_acl_t)
-files_read_etc_files(hald_acl_t)
-
-fs_getattr_all_fs(hald_acl_t)
-
-storage_getattr_removable_dev(hald_acl_t)
-storage_setattr_removable_dev(hald_acl_t)
-storage_getattr_fixed_disk_dev(hald_acl_t)
-storage_setattr_fixed_disk_dev(hald_acl_t)
-
-auth_use_nsswitch(hald_acl_t)
-
-logging_send_syslog_msg(hald_acl_t)
-
-miscfiles_read_localization(hald_acl_t)
-
-optional_policy(`
-	policykit_dbus_chat(hald_acl_t)
-	policykit_domtrans_auth(hald_acl_t)
-	policykit_read_lib(hald_acl_t)
-	policykit_read_reload(hald_acl_t)
-')
-
-########################################
-#
-# Local hald mac policy
-#
-
-allow hald_mac_t self:capability { setgid setuid sys_admin };
-
-domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
-allow hald_t hald_mac_t:process signal;
-allow hald_mac_t hald_t:unix_stream_socket connectto;
-
-manage_dirs_pattern(hald_mac_t, hald_var_lib_t, hald_var_lib_t)
-manage_files_pattern(hald_mac_t, hald_var_lib_t, hald_var_lib_t)
-files_search_var_lib(hald_mac_t)
-
-write_files_pattern(hald_mac_t, hald_log_t, hald_log_t)
-
-kernel_read_system_state(hald_mac_t)
-
-dev_read_raw_memory(hald_mac_t)
-dev_write_raw_memory(hald_mac_t)
-dev_read_sysfs(hald_mac_t)
-
-files_read_usr_files(hald_mac_t)
-files_read_etc_files(hald_mac_t)
-
-auth_use_nsswitch(hald_mac_t)
-
-logging_send_syslog_msg(hald_mac_t)
-
-miscfiles_read_localization(hald_mac_t)
-
-########################################
-#
-# Local hald sonypic policy
-#
-
-domtrans_pattern(hald_t, hald_sonypic_exec_t, hald_sonypic_t)
-allow hald_t hald_sonypic_t:process signal;
-allow hald_sonypic_t hald_t:unix_stream_socket connectto;
-
-dev_read_video_dev(hald_sonypic_t)
-dev_write_video_dev(hald_sonypic_t)
-
-manage_dirs_pattern(hald_sonypic_t, hald_var_lib_t, hald_var_lib_t)
-manage_files_pattern(hald_sonypic_t, hald_var_lib_t, hald_var_lib_t)
-files_search_var_lib(hald_sonypic_t)
-
-write_files_pattern(hald_sonypic_t, hald_log_t, hald_log_t)
-
-files_read_usr_files(hald_sonypic_t)
-
-miscfiles_read_localization(hald_sonypic_t)
-
-########################################
-#
-# Hal keymap local policy
-#
-
-domtrans_pattern(hald_t, hald_keymap_exec_t, hald_keymap_t)
-allow hald_t hald_keymap_t:process signal;
-allow hald_keymap_t hald_t:unix_stream_socket connectto;
-
-manage_dirs_pattern(hald_keymap_t, hald_var_lib_t, hald_var_lib_t)
-manage_files_pattern(hald_keymap_t, hald_var_lib_t, hald_var_lib_t)
-files_search_var_lib(hald_keymap_t)
-
-write_files_pattern(hald_keymap_t, hald_log_t, hald_log_t)
-
-dev_rw_input_dev(hald_keymap_t)
-
-files_read_etc_files(hald_keymap_t)
-files_read_usr_files(hald_keymap_t)
-
-miscfiles_read_localization(hald_keymap_t)
-
-# This is caused by a bug in hald and PolicyKit.
-# Should be removed when this is fixed
-cron_read_system_job_lib_files(hald_t)
-
-########################################
-#
-# Local hald dccm policy
-#
-
-allow hald_dccm_t self:capability { chown net_bind_service };
-allow hald_dccm_t self:process getsched;
-allow hald_dccm_t self:fifo_file rw_fifo_file_perms;
-allow hald_dccm_t self:tcp_socket create_stream_socket_perms;
-allow hald_dccm_t self:udp_socket create_socket_perms;
-allow hald_dccm_t self:netlink_route_socket rw_netlink_socket_perms;
-
-domtrans_pattern(hald_t, hald_dccm_exec_t, hald_dccm_t)
-allow hald_t hald_dccm_t:process signal;
-allow hald_dccm_t hald_t:unix_stream_socket connectto;
-
-manage_dirs_pattern(hald_dccm_t, hald_var_lib_t, hald_var_lib_t)
-manage_files_pattern(hald_dccm_t, hald_var_lib_t, hald_var_lib_t)
-files_search_var_lib(hald_dccm_t)
-
-manage_dirs_pattern(hald_dccm_t, hald_var_run_t, hald_var_run_t)
-manage_files_pattern(hald_dccm_t, hald_var_run_t, hald_var_run_t)
-manage_sock_files_pattern(hald_dccm_t, hald_var_run_t, hald_var_run_t)
-files_pid_filetrans(hald_dccm_t, hald_var_run_t, { dir file sock_file })
-
-manage_sock_files_pattern(hald_dccm_t, hald_tmp_t, hald_tmp_t)
-files_tmp_filetrans(hald_dccm_t, hald_tmp_t, sock_file)
-
-write_files_pattern(hald_dccm_t, hald_log_t, hald_log_t)
-
-kernel_search_network_sysctl(hald_dccm_t)
-
-dev_read_urand(hald_dccm_t)
-
-corenet_all_recvfrom_unlabeled(hald_dccm_t)
-corenet_all_recvfrom_netlabel(hald_dccm_t)
-corenet_tcp_sendrecv_generic_if(hald_dccm_t)
-corenet_udp_sendrecv_generic_if(hald_dccm_t)
-corenet_tcp_sendrecv_generic_node(hald_dccm_t)
-corenet_udp_sendrecv_generic_node(hald_dccm_t)
-corenet_tcp_sendrecv_all_ports(hald_dccm_t)
-corenet_udp_sendrecv_all_ports(hald_dccm_t)
-corenet_tcp_bind_generic_node(hald_dccm_t)
-corenet_udp_bind_generic_node(hald_dccm_t)
-corenet_udp_bind_dhcpc_port(hald_dccm_t)
-corenet_tcp_bind_ftp_port(hald_dccm_t)
-corenet_tcp_bind_dccm_port(hald_dccm_t)
-
-logging_send_syslog_msg(hald_dccm_t)
-
-files_read_usr_files(hald_dccm_t)
-
-miscfiles_read_localization(hald_dccm_t)
-
-hal_dontaudit_rw_dgram_sockets(hald_dccm_t)
-
-optional_policy(`
-	dbus_system_bus_client(hald_dccm_t)
-')
diff --git a/policy/modules/services/hddtemp.fc b/policy/modules/services/hddtemp.fc
deleted file mode 100644
index 1676612..0000000
--- a/policy/modules/services/hddtemp.fc
+++ /dev/null
@@ -1,5 +0,0 @@
-/etc/rc\.d/init\.d/hddtemp	--	gen_context(system_u:object_r:hddtemp_initrc_exec_t,s0)
-
-/etc/sysconfig/hddtemp		--	gen_context(system_u:object_r:hddtemp_etc_t,s0)
-
-/usr/sbin/hddtemp		--	gen_context(system_u:object_r:hddtemp_exec_t,s0)
diff --git a/policy/modules/services/hddtemp.if b/policy/modules/services/hddtemp.if
deleted file mode 100644
index db2d189..0000000
--- a/policy/modules/services/hddtemp.if
+++ /dev/null
@@ -1,73 +0,0 @@
-## <summary>hddtemp hard disk temperature tool running as a daemon.</summary>
-
-#######################################
-## <summary>
-##	Execute a domain transition to run hddtemp.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`hddtemp_domtrans',`
-	gen_require(`
-		type hddtemp_t, hddtemp_exec_t;
-	')
-
-	domtrans_pattern($1, hddtemp_exec_t, hddtemp_t)
-	corecmd_search_bin($1)
-')
-
-######################################
-## <summary>
-##	Execute hddtemp.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hddtemp_exec',`
-	gen_require(`
-		type hddtemp_exec_t;
-	')
-
-	can_exec($1, hddtemp_exec_t)
-	corecmd_search_bin($1)
-')
-
-########################################
-## <summary>
-##	All of the rules required to
-##	administrate an hddtemp environment.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`hddtemp_admin',`
-	gen_require(`
-		type hddtemp_t, hddtemp_etc_t, hddtemp_initrc_exec_t;
-	')
-
-	allow $1 hddtemp_t:process { ptrace signal_perms };
-	ps_process_pattern($1, hddtemp_t)
-
-	init_labeled_script_domtrans($1, hddtemp_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 hddtemp_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	admin_pattern($1, hddtemp_etc_t)
-	files_list_etc($1)
-')
diff --git a/policy/modules/services/hddtemp.te b/policy/modules/services/hddtemp.te
deleted file mode 100644
index 1647fc4..0000000
--- a/policy/modules/services/hddtemp.te
+++ /dev/null
@@ -1,48 +0,0 @@
-policy_module(hddtemp, 1.0.1)
-
-########################################
-#
-# Declarations
-#
-
-type hddtemp_t;
-type hddtemp_exec_t;
-init_daemon_domain(hddtemp_t, hddtemp_exec_t)
-
-type hddtemp_initrc_exec_t;
-init_script_file(hddtemp_initrc_exec_t)
-
-type hddtemp_etc_t;
-files_config_file(hddtemp_etc_t)
-
-########################################
-#
-# hddtemp local policy
-#
-
-allow hddtemp_t self:capability sys_rawio;
-dontaudit hddtemp_t self:capability sys_admin;
-allow hddtemp_t self:netlink_route_socket r_netlink_socket_perms;
-allow hddtemp_t self:tcp_socket create_stream_socket_perms;
-allow hddtemp_t self:udp_socket create_socket_perms;
-
-allow hddtemp_t hddtemp_etc_t:file read_file_perms;
-
-corenet_all_recvfrom_unlabeled(hddtemp_t)
-corenet_all_recvfrom_netlabel(hddtemp_t)
-corenet_tcp_sendrecv_generic_if(hddtemp_t)
-corenet_tcp_sendrecv_generic_node(hddtemp_t)
-corenet_tcp_bind_generic_node(hddtemp_t)
-corenet_tcp_sendrecv_all_ports(hddtemp_t)
-corenet_tcp_bind_hddtemp_port(hddtemp_t)
-corenet_sendrecv_hddtemp_server_packets(hddtemp_t)
-corenet_tcp_sendrecv_hddtemp_port(hddtemp_t)
-
-files_search_etc(hddtemp_t)
-files_read_usr_files(hddtemp_t)
-
-storage_raw_read_fixed_disk(hddtemp_t)
-
-logging_send_syslog_msg(hddtemp_t)
-
-miscfiles_read_localization(hddtemp_t)
diff --git a/policy/modules/services/howl.fc b/policy/modules/services/howl.fc
deleted file mode 100644
index faf9146..0000000
--- a/policy/modules/services/howl.fc
+++ /dev/null
@@ -1,5 +0,0 @@
-
-/usr/bin/mDNSResponder	--	gen_context(system_u:object_r:howl_exec_t,s0)
-/usr/bin/nifd		--	gen_context(system_u:object_r:howl_exec_t,s0)
-
-/var/run/nifd\.pid	--	gen_context(system_u:object_r:howl_var_run_t,s0)
diff --git a/policy/modules/services/howl.if b/policy/modules/services/howl.if
deleted file mode 100644
index 9164dd2..0000000
--- a/policy/modules/services/howl.if
+++ /dev/null
@@ -1,19 +0,0 @@
-## <summary>Port of Apple Rendezvous multicast DNS</summary>
-
-########################################
-## <summary>
-##	Send generic signals to howl.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`howl_signal',`
-	gen_require(`
-		type howl_t;
-	')
-
-	allow $1 howl_t:process signal;
-')
diff --git a/policy/modules/services/howl.te b/policy/modules/services/howl.te
deleted file mode 100644
index 6ad2d3c..0000000
--- a/policy/modules/services/howl.te
+++ /dev/null
@@ -1,80 +0,0 @@
-policy_module(howl, 1.9.0)
-
-########################################
-#
-# Declarations
-#
-
-type howl_t;
-type howl_exec_t;
-init_daemon_domain(howl_t, howl_exec_t)
-
-type howl_var_run_t;
-files_pid_file(howl_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow howl_t self:capability { kill net_admin };
-dontaudit howl_t self:capability sys_tty_config;
-allow howl_t self:process signal_perms;
-allow howl_t self:fifo_file rw_fifo_file_perms;
-allow howl_t self:tcp_socket create_stream_socket_perms;
-allow howl_t self:udp_socket create_socket_perms;
-
-manage_files_pattern(howl_t, howl_var_run_t, howl_var_run_t)
-files_pid_filetrans(howl_t, howl_var_run_t, file)
-
-kernel_read_network_state(howl_t)
-kernel_read_kernel_sysctls(howl_t)
-kernel_request_load_module(howl_t)
-kernel_list_proc(howl_t)
-kernel_read_proc_symlinks(howl_t)
-
-corenet_all_recvfrom_unlabeled(howl_t)
-corenet_all_recvfrom_netlabel(howl_t)
-corenet_tcp_sendrecv_generic_if(howl_t)
-corenet_udp_sendrecv_generic_if(howl_t)
-corenet_tcp_sendrecv_generic_node(howl_t)
-corenet_udp_sendrecv_generic_node(howl_t)
-corenet_tcp_sendrecv_all_ports(howl_t)
-corenet_udp_sendrecv_all_ports(howl_t)
-corenet_tcp_bind_generic_node(howl_t)
-corenet_udp_bind_generic_node(howl_t)
-corenet_tcp_bind_howl_port(howl_t)
-corenet_udp_bind_howl_port(howl_t)
-corenet_sendrecv_howl_server_packets(howl_t)
-
-dev_read_sysfs(howl_t)
-
-fs_getattr_all_fs(howl_t)
-fs_search_auto_mountpoints(howl_t)
-
-domain_use_interactive_fds(howl_t)
-
-files_read_etc_files(howl_t)
-
-init_rw_utmp(howl_t)
-
-logging_send_syslog_msg(howl_t)
-
-miscfiles_read_localization(howl_t)
-
-sysnet_read_config(howl_t)
-
-userdom_dontaudit_use_unpriv_user_fds(howl_t)
-userdom_dontaudit_search_user_home_dirs(howl_t)
-
-optional_policy(`
-	nis_use_ypbind(howl_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(howl_t)
-')
-
-optional_policy(`
-	udev_read_db(howl_t)
-')
diff --git a/policy/modules/services/i18n_input.fc b/policy/modules/services/i18n_input.fc
deleted file mode 100644
index 024eb18..0000000
--- a/policy/modules/services/i18n_input.fc
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# /usr
-#
-
-/usr/bin/iiimd\.bin	--	 gen_context(system_u:object_r:i18n_input_exec_t,s0)
-/usr/bin/httx		--	 gen_context(system_u:object_r:i18n_input_exec_t,s0)
-/usr/bin/htt_xbe	--	 gen_context(system_u:object_r:i18n_input_exec_t,s0)
-/usr/bin/iiimx		--	 gen_context(system_u:object_r:i18n_input_exec_t,s0)
-
-/usr/lib/iiim/iiim-xbe	--	 gen_context(system_u:object_r:i18n_input_exec_t,s0)
-
-/usr/sbin/htt		--	 gen_context(system_u:object_r:i18n_input_exec_t,s0)
-/usr/sbin/htt_server	--	 gen_context(system_u:object_r:i18n_input_exec_t,s0)
-
-#
-# /var
-#
-
-/var/run/iiim(/.*)?		 gen_context(system_u:object_r:i18n_input_var_run_t,s0)
diff --git a/policy/modules/services/i18n_input.if b/policy/modules/services/i18n_input.if
deleted file mode 100644
index bc7de4f..0000000
--- a/policy/modules/services/i18n_input.if
+++ /dev/null
@@ -1,15 +0,0 @@
-## <summary>IIIMF htt server</summary>
-
-########################################
-## <summary>
-##	Use i18n_input over a TCP connection.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`i18n_use',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
diff --git a/policy/modules/services/i18n_input.te b/policy/modules/services/i18n_input.te
deleted file mode 100644
index 5fc89c4..0000000
--- a/policy/modules/services/i18n_input.te
+++ /dev/null
@@ -1,102 +0,0 @@
-policy_module(i18n_input, 1.8.0)
-
-########################################
-#
-# Declarations
-#
-
-type i18n_input_t;
-type i18n_input_exec_t;
-init_daemon_domain(i18n_input_t, i18n_input_exec_t)
-
-type i18n_input_var_run_t;
-files_pid_file(i18n_input_var_run_t)
-
-########################################
-#
-# i18n_input local policy
-#
-
-allow i18n_input_t self:capability { kill setgid setuid };
-dontaudit i18n_input_t self:capability sys_tty_config;
-allow i18n_input_t self:process { signal_perms setsched setpgid };
-allow i18n_input_t self:fifo_file rw_fifo_file_perms;
-allow i18n_input_t self:unix_dgram_socket create_socket_perms;
-allow i18n_input_t self:unix_stream_socket create_stream_socket_perms;
-allow i18n_input_t self:tcp_socket create_stream_socket_perms;
-allow i18n_input_t self:udp_socket create_socket_perms;
-
-manage_dirs_pattern(i18n_input_t, i18n_input_var_run_t, i18n_input_var_run_t)
-manage_files_pattern(i18n_input_t, i18n_input_var_run_t, i18n_input_var_run_t)
-manage_sock_files_pattern(i18n_input_t, i18n_input_var_run_t, i18n_input_var_run_t)
-files_pid_filetrans(i18n_input_t, i18n_input_var_run_t, file)
-
-can_exec(i18n_input_t, i18n_input_exec_t)
-
-kernel_read_kernel_sysctls(i18n_input_t)
-kernel_read_system_state(i18n_input_t)
-
-corenet_all_recvfrom_unlabeled(i18n_input_t)
-corenet_all_recvfrom_netlabel(i18n_input_t)
-corenet_tcp_sendrecv_generic_if(i18n_input_t)
-corenet_udp_sendrecv_generic_if(i18n_input_t)
-corenet_tcp_sendrecv_generic_node(i18n_input_t)
-corenet_udp_sendrecv_generic_node(i18n_input_t)
-corenet_tcp_sendrecv_all_ports(i18n_input_t)
-corenet_udp_sendrecv_all_ports(i18n_input_t)
-corenet_tcp_bind_generic_node(i18n_input_t)
-corenet_tcp_bind_i18n_input_port(i18n_input_t)
-corenet_tcp_connect_all_ports(i18n_input_t)
-corenet_sendrecv_i18n_input_server_packets(i18n_input_t)
-corenet_sendrecv_all_client_packets(i18n_input_t)
-
-dev_read_sysfs(i18n_input_t)
-
-fs_getattr_all_fs(i18n_input_t)
-fs_search_auto_mountpoints(i18n_input_t)
-
-corecmd_search_bin(i18n_input_t)
-corecmd_exec_bin(i18n_input_t)
-
-domain_use_interactive_fds(i18n_input_t)
-
-files_read_etc_files(i18n_input_t)
-files_read_etc_runtime_files(i18n_input_t)
-files_read_usr_files(i18n_input_t)
-
-init_stream_connect_script(i18n_input_t)
-
-logging_send_syslog_msg(i18n_input_t)
-
-miscfiles_read_localization(i18n_input_t)
-
-sysnet_read_config(i18n_input_t)
-
-userdom_dontaudit_use_unpriv_user_fds(i18n_input_t)
-userdom_read_user_home_content_files(i18n_input_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_read_nfs_files(i18n_input_t)
-	fs_read_nfs_symlinks(i18n_input_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_read_cifs_files(i18n_input_t)
-	fs_read_cifs_symlinks(i18n_input_t)
-')
-
-optional_policy(`
-	canna_stream_connect(i18n_input_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(i18n_input_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(i18n_input_t)
-')
-
-optional_policy(`
-	udev_read_db(i18n_input_t)
-')
diff --git a/policy/modules/services/icecast.fc b/policy/modules/services/icecast.fc
deleted file mode 100644
index a81e090..0000000
--- a/policy/modules/services/icecast.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-/etc/rc\.d/init\.d/icecast	--	gen_context(system_u:object_r:icecast_initrc_exec_t,s0)
-
-/usr/bin/icecast		--	gen_context(system_u:object_r:icecast_exec_t,s0)
-
-/var/log/icecast(/.*)?			gen_context(system_u:object_r:icecast_log_t,s0)
-
-/var/run/icecast(/.*)?			gen_context(system_u:object_r:icecast_var_run_t,s0)
diff --git a/policy/modules/services/icecast.if b/policy/modules/services/icecast.if
deleted file mode 100644
index 40affd8..0000000
--- a/policy/modules/services/icecast.if
+++ /dev/null
@@ -1,187 +0,0 @@
-## <summary> ShoutCast compatible streaming media server</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run icecast.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`icecast_domtrans',`
-	gen_require(`
-		type icecast_t, icecast_exec_t;
-	')
-
-	domtrans_pattern($1, icecast_exec_t, icecast_t)
-')
-
-########################################
-## <summary>
-##	Allow domain signal icecast
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`icecast_signal',`
-	gen_require(`
-		type icecast_t;
-	')
-
-	allow $1 icecast_t:process signal;
-')
-
-########################################
-## <summary>
-##	Execute icecast server in the icecast domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`icecast_initrc_domtrans',`
-	gen_require(`
-		type icecast_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, icecast_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Read icecast PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`icecast_read_pid_files',`
-	gen_require(`
-		type icecast_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 icecast_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Manage icecast pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`icecast_manage_pid_files',`
-	gen_require(`
-		type icecast_var_run_t;
-	')
-
-	files_search_pids($1)
-	manage_files_pattern($1, icecast_var_run_t, icecast_var_run_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read icecast's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`icecast_read_log',`
-	gen_require(`
-		type icecast_log_t;
-	')
-
-	logging_search_logs($1)
-	read_files_pattern($1, icecast_log_t, icecast_log_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to append
-##	icecast log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`icecast_append_log',`
-	gen_require(`
-		type icecast_log_t;
-	')
-
-	logging_search_logs($1)
-	append_files_pattern($1, icecast_log_t, icecast_log_t)
-')
-
-########################################
-## <summary>
-##	Allow domain to manage icecast log files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allow access.
-##	</summary>
-## </param>
-#
-interface(`icecast_manage_log',`
-	gen_require(`
-		type icecast_log_t;
-	')
-
-	logging_search_logs($1)
-	manage_files_pattern($1, icecast_log_t, icecast_log_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an icecast environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`icecast_admin',`
-	gen_require(`
-		type icecast_t, icecast_initrc_exec_t;
-	')
-
-	allow $1 icecast_t:process { ptrace signal_perms };
-	ps_process_pattern($1, icecast_t)
-
-	# Allow icecast_t to restart the apache service
-	icecast_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 icecast_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	icecast_manage_pid_files($1)
-	icecast_manage_log($1)
-')
diff --git a/policy/modules/services/icecast.te b/policy/modules/services/icecast.te
deleted file mode 100644
index 6bf7cc3..0000000
--- a/policy/modules/services/icecast.te
+++ /dev/null
@@ -1,76 +0,0 @@
-policy_module(icecast, 1.0.1)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow icecast to connect to all ports, not just
-##	sound ports.
-##	</p>
-## </desc>
-gen_tunable(icecast_connect_any, false)
-
-type icecast_t;
-type icecast_exec_t;
-init_daemon_domain(icecast_t, icecast_exec_t)
-
-type icecast_initrc_exec_t;
-init_script_file(icecast_initrc_exec_t)
-
-type icecast_var_run_t;
-files_pid_file(icecast_var_run_t)
-
-type icecast_log_t;
-logging_log_file(icecast_log_t)
-
-########################################
-#
-# icecast local policy
-#
-
-allow icecast_t self:capability { dac_override setgid setuid sys_nice };
-allow icecast_t self:process { getsched fork setsched signal };
-allow icecast_t self:fifo_file rw_fifo_file_perms;
-allow icecast_t self:unix_stream_socket create_stream_socket_perms;
-allow icecast_t self:tcp_socket create_stream_socket_perms;
-
-manage_dirs_pattern(icecast_t, icecast_log_t, icecast_log_t)
-manage_files_pattern(icecast_t, icecast_log_t, icecast_log_t)
-logging_log_filetrans(icecast_t, icecast_log_t, { file dir })
-
-manage_dirs_pattern(icecast_t, icecast_var_run_t, icecast_var_run_t)
-manage_files_pattern(icecast_t, icecast_var_run_t, icecast_var_run_t)
-files_pid_filetrans(icecast_t, icecast_var_run_t, { file dir })
-
-kernel_read_system_state(icecast_t)
-
-corenet_tcp_bind_soundd_port(icecast_t)
-corenet_tcp_connect_soundd_port(icecast_t)
-
-tunable_policy(`icecast_connect_any',`
-	corenet_tcp_connect_all_ports(icecast_t)
-	corenet_tcp_bind_all_ports(icecast_t)
-	corenet_sendrecv_all_packets(icecast_t)
-')
-
-# Init script handling
-domain_use_interactive_fds(icecast_t)
-
-files_read_etc_files(icecast_t)
-
-auth_use_nsswitch(icecast_t)
-
-miscfiles_read_localization(icecast_t)
-
-sysnet_dns_name_resolve(icecast_t)
-
-optional_policy(`
-	apache_read_sys_content(icecast_t)
-')
-
-optional_policy(`
-	rtkit_scheduled(icecast_t)
-')
diff --git a/policy/modules/services/ifplugd.fc b/policy/modules/services/ifplugd.fc
deleted file mode 100644
index 2eda96f..0000000
--- a/policy/modules/services/ifplugd.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-/etc/ifplugd(/.*)?			gen_context(system_u:object_r:ifplugd_etc_t,s0)
-
-/etc/rc\.d/init\.d/ifplugd	--	gen_context(system_u:object_r:ifplugd_initrc_exec_t,s0)
-
-/usr/sbin/ifplugd		--	gen_context(system_u:object_r:ifplugd_exec_t,s0)
-
-/var/run/ifplugd.*			gen_context(system_u:object_r:ifplugd_var_run_t,s0)
diff --git a/policy/modules/services/ifplugd.if b/policy/modules/services/ifplugd.if
deleted file mode 100644
index 7665429..0000000
--- a/policy/modules/services/ifplugd.if
+++ /dev/null
@@ -1,133 +0,0 @@
-## <summary>Bring up/down ethernet interfaces based on cable detection.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run ifplugd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ifplugd_domtrans',`
-	gen_require(`
-		type ifplugd_t, ifplugd_exec_t;
-	')
-
-	domtrans_pattern($1, ifplugd_exec_t, ifplugd_t)
-')
-
-########################################
-## <summary>
-##	Send a generic signal to ifplugd
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ifplugd_signal',`
-	gen_require(`
-		type ifplugd_t;
-	')
-
-	allow $1 ifplugd_t:process signal;
-')
-
-########################################
-## <summary>
-##	Read ifplugd etc configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ifplugd_read_config',`
-	gen_require(`
-		type ifplugd_etc_t;
-	')
-
-	files_search_etc($1)
-	read_files_pattern($1, ifplugd_etc_t, ifplugd_etc_t)
-')
-
-########################################
-## <summary>
-##	Manage ifplugd etc configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ifplugd_manage_config',`
-	gen_require(`
-		type ifplugd_etc_t;
-	')
-
-	files_search_etc($1)
-	manage_dirs_pattern($1, ifplugd_etc_t, ifplugd_etc_t)
-	manage_files_pattern($1, ifplugd_etc_t, ifplugd_etc_t)
-')
-
-########################################
-## <summary>
-##	Read ifplugd PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ifplugd_read_pid_files',`
-	gen_require(`
-		type ifplugd_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 ifplugd_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an ifplugd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the ifplugd domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ifplugd_admin',`
-	gen_require(`
-		type ifplugd_t, ifplugd_etc_t, ifplugd_var_run_t;
-		type ifplugd_initrc_exec_t;
-	')
-
-	allow $1 ifplugd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, ifplugd_t)
-
-	init_labeled_script_domtrans($1, ifplugd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 ifplugd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, ifplugd_etc_t)
-
-	files_list_pids($1)
-	admin_pattern($1, ifplugd_var_run_t)
-')
diff --git a/policy/modules/services/ifplugd.te b/policy/modules/services/ifplugd.te
deleted file mode 100644
index 978c32f..0000000
--- a/policy/modules/services/ifplugd.te
+++ /dev/null
@@ -1,76 +0,0 @@
-policy_module(ifplugd, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type ifplugd_t;
-type ifplugd_exec_t;
-init_daemon_domain(ifplugd_t, ifplugd_exec_t)
-
-# config files
-type ifplugd_etc_t;
-files_type(ifplugd_etc_t)
-
-type ifplugd_initrc_exec_t;
-init_script_file(ifplugd_initrc_exec_t)
-
-# pid files
-type ifplugd_var_run_t;
-files_pid_file(ifplugd_var_run_t)
-
-########################################
-#
-# ifplugd local policy
-#
-
-allow ifplugd_t self:capability { net_admin sys_nice net_bind_service };
-dontaudit ifplugd_t self:capability { sys_tty_config sys_ptrace };
-allow ifplugd_t self:process { signal signull };
-allow ifplugd_t self:fifo_file rw_fifo_file_perms;
-allow ifplugd_t self:tcp_socket create_stream_socket_perms;
-allow ifplugd_t self:udp_socket create_socket_perms;
-allow ifplugd_t self:packet_socket create_socket_perms;
-allow ifplugd_t self:netlink_route_socket create_netlink_socket_perms;
-
-# pid file
-manage_files_pattern(ifplugd_t, ifplugd_var_run_t, ifplugd_var_run_t)
-manage_sock_files_pattern(ifplugd_t, ifplugd_var_run_t, ifplugd_var_run_t)
-files_pid_filetrans(ifplugd_t, ifplugd_var_run_t, { file sock_file })
-
-# config files
-read_files_pattern(ifplugd_t, ifplugd_etc_t, ifplugd_etc_t)
-exec_files_pattern(ifplugd_t, ifplugd_etc_t, ifplugd_etc_t)
-
-kernel_read_system_state(ifplugd_t)
-kernel_read_network_state(ifplugd_t)
-kernel_rw_net_sysctls(ifplugd_t)
-kernel_read_kernel_sysctls(ifplugd_t)
-
-corecmd_exec_shell(ifplugd_t)
-corecmd_exec_bin(ifplugd_t)
-
-# reading of hardware information
-dev_read_sysfs(ifplugd_t)
-
-domain_read_confined_domains_state(ifplugd_t)
-domain_dontaudit_read_all_domains_state(ifplugd_t)
-
-auth_use_nsswitch(ifplugd_t)
-
-logging_send_syslog_msg(ifplugd_t)
-
-miscfiles_read_localization(ifplugd_t)
-
-netutils_domtrans(ifplugd_t)
-# transition to ifconfig & dhcpc
-sysnet_domtrans_ifconfig(ifplugd_t)
-sysnet_domtrans_dhcpc(ifplugd_t)
-sysnet_delete_dhcpc_pid(ifplugd_t)
-sysnet_read_dhcpc_pid(ifplugd_t)
-sysnet_signal_dhcpc(ifplugd_t)
-
-optional_policy(`
-	consoletype_exec(ifplugd_t)
-')
diff --git a/policy/modules/services/imaze.fc b/policy/modules/services/imaze.fc
deleted file mode 100644
index 8d455ba..0000000
--- a/policy/modules/services/imaze.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-/usr/games/imazesrv		 --	gen_context(system_u:object_r:imazesrv_exec_t,s0)
-/usr/share/games/imaze(/.*)?		gen_context(system_u:object_r:imazesrv_data_t,s0)
-
-/var/log/imaze\.log		 --	gen_context(system_u:object_r:imazesrv_log_t,s0)
diff --git a/policy/modules/services/imaze.if b/policy/modules/services/imaze.if
deleted file mode 100644
index 8eb9ec3..0000000
--- a/policy/modules/services/imaze.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>iMaze game server</summary>
diff --git a/policy/modules/services/imaze.te b/policy/modules/services/imaze.te
deleted file mode 100644
index 0778af8..0000000
--- a/policy/modules/services/imaze.te
+++ /dev/null
@@ -1,99 +0,0 @@
-policy_module(imaze, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type imazesrv_t;
-type imazesrv_exec_t;
-init_daemon_domain(imazesrv_t, imazesrv_exec_t)
-
-type imazesrv_data_t;
-files_type(imazesrv_data_t)
-
-type imazesrv_data_labs_t;
-files_type(imazesrv_data_labs_t)
-
-type imazesrv_log_t;
-logging_log_file(imazesrv_log_t)
-
-type imazesrv_var_run_t;
-files_pid_file(imazesrv_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-dontaudit imazesrv_t self:capability sys_tty_config;
-allow imazesrv_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow imazesrv_t self:fd use;
-allow imazesrv_t self:fifo_file rw_fifo_file_perms;
-allow imazesrv_t self:unix_dgram_socket { create_socket_perms sendto };
-allow imazesrv_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow imazesrv_t self:shm create_shm_perms;
-allow imazesrv_t self:sem create_sem_perms;
-allow imazesrv_t self:msgq create_msgq_perms;
-allow imazesrv_t self:msg { send receive };
-allow imazesrv_t self:tcp_socket create_stream_socket_perms;
-allow imazesrv_t self:udp_socket create_socket_perms;
-
-allow imazesrv_t imazesrv_data_t:dir list_dir_perms;
-read_files_pattern(imazesrv_t, imazesrv_data_t, imazesrv_data_t)
-read_lnk_files_pattern(imazesrv_t, imazesrv_data_t, imazesrv_data_t)
-
-allow imazesrv_t imazesrv_log_t:file manage_file_perms;
-allow imazesrv_t imazesrv_log_t:dir add_entry_dir_perms;
-logging_log_filetrans(imazesrv_t, imazesrv_log_t, file)
-
-manage_files_pattern(imazesrv_t, imazesrv_var_run_t, imazesrv_var_run_t)
-files_pid_filetrans(imazesrv_t, imazesrv_var_run_t, file)
-
-kernel_read_kernel_sysctls(imazesrv_t)
-kernel_list_proc(imazesrv_t)
-kernel_read_proc_symlinks(imazesrv_t)
-
-corenet_all_recvfrom_unlabeled(imazesrv_t)
-corenet_all_recvfrom_netlabel(imazesrv_t)
-corenet_tcp_sendrecv_generic_if(imazesrv_t)
-corenet_udp_sendrecv_generic_if(imazesrv_t)
-corenet_tcp_sendrecv_generic_node(imazesrv_t)
-corenet_udp_sendrecv_generic_node(imazesrv_t)
-corenet_tcp_sendrecv_all_ports(imazesrv_t)
-corenet_udp_sendrecv_all_ports(imazesrv_t)
-corenet_tcp_bind_generic_node(imazesrv_t)
-corenet_udp_bind_generic_node(imazesrv_t)
-corenet_tcp_bind_imaze_port(imazesrv_t)
-corenet_udp_bind_imaze_port(imazesrv_t)
-corenet_sendrecv_imaze_server_packets(imazesrv_t)
-
-dev_read_sysfs(imazesrv_t)
-
-domain_use_interactive_fds(imazesrv_t)
-
-files_read_etc_files(imazesrv_t)
-
-fs_getattr_all_fs(imazesrv_t)
-fs_search_auto_mountpoints(imazesrv_t)
-
-logging_send_syslog_msg(imazesrv_t)
-
-miscfiles_read_localization(imazesrv_t)
-
-sysnet_read_config(imazesrv_t)
-
-userdom_use_unpriv_users_fds(imazesrv_t)
-userdom_dontaudit_search_user_home_dirs(imazesrv_t)
-
-optional_policy(`
-	nis_use_ypbind(imazesrv_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(imazesrv_t)
-')
-
-optional_policy(`
-	udev_read_db(imazesrv_t)
-')
diff --git a/policy/modules/services/inetd.fc b/policy/modules/services/inetd.fc
deleted file mode 100644
index 39d5baa..0000000
--- a/policy/modules/services/inetd.fc
+++ /dev/null
@@ -1,12 +0,0 @@
-
-/usr/sbin/identd	--	gen_context(system_u:object_r:inetd_child_exec_t,s0)
-/usr/sbin/in\..*d	--	gen_context(system_u:object_r:inetd_child_exec_t,s0)
-/usr/local/lib/pysieved/pysieved.*\.py -- gen_context(system_u:object_r:inetd_child_exec_t,s0)
-
-/usr/sbin/inetd		--	gen_context(system_u:object_r:inetd_exec_t,s0)
-/usr/sbin/rlinetd	--	gen_context(system_u:object_r:inetd_exec_t,s0)
-/usr/sbin/xinetd	--	gen_context(system_u:object_r:inetd_exec_t,s0)
-
-/var/log/(x)?inetd\.log	--	gen_context(system_u:object_r:inetd_log_t,s0)
-
-/var/run/(x)?inetd\.pid	--	gen_context(system_u:object_r:inetd_var_run_t,s0)
diff --git a/policy/modules/services/inetd.if b/policy/modules/services/inetd.if
deleted file mode 100644
index 6985546..0000000
--- a/policy/modules/services/inetd.if
+++ /dev/null
@@ -1,204 +0,0 @@
-## <summary>Internet services daemon.</summary>
-
-########################################
-## <summary>
-##	Define the specified domain as a inetd service.
-## </summary>
-## <desc>
-##	<p>
-##	Define the specified domain as a inetd service.  The
-##	inetd_service_domain(), inetd_tcp_service_domain(),
-##	or inetd_udp_service_domain() interfaces should be used
-##	instead of this interface, as this interface only provides
-##	the common rules to these three interfaces.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	The type associated with the inetd service process.
-##	</summary>
-## </param>
-## <param name="entrypoint">
-##	<summary>
-##	The type associated with the process program.
-##	</summary>
-## </param>
-#
-interface(`inetd_core_service_domain',`
-	gen_require(`
-		type inetd_t;
-		role system_r;
-	')
-
-	domain_type($1)
-	domain_entry_file($1, $2)
-
-	role system_r types $1;
-
-	domtrans_pattern(inetd_t, $2, $1)
-	allow inetd_t $1:process { siginh sigkill };
-')
-
-########################################
-## <summary>
-##	Define the specified domain as a TCP inetd service.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The type associated with the inetd service process.
-##	</summary>
-## </param>
-## <param name="entrypoint">
-##	<summary>
-##	The type associated with the process program.
-##	</summary>
-## </param>
-#
-interface(`inetd_tcp_service_domain',`
-	gen_require(`
-		type inetd_t;
-	')
-
-	inetd_core_service_domain($1, $2)
-
-	allow $1 inetd_t:tcp_socket rw_stream_socket_perms;
-')
-
-########################################
-## <summary>
-##	Define the specified domain as a UDP inetd service.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The type associated with the inetd service process.
-##	</summary>
-## </param>
-## <param name="entrypoint">
-##	<summary>
-##	The type associated with the process program.
-##	</summary>
-## </param>
-#
-interface(`inetd_udp_service_domain',`
-	gen_require(`
-		type inetd_t;
-	')
-
-	inetd_core_service_domain($1, $2)
-
-	allow $1 inetd_t:udp_socket rw_socket_perms;
-')
-
-########################################
-## <summary>
-##	Define the specified domain as a TCP and UDP inetd service.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The type associated with the inetd service process.
-##	</summary>
-## </param>
-## <param name="entrypoint">
-##	<summary>
-##	The type associated with the process program.
-##	</summary>
-## </param>
-#
-interface(`inetd_service_domain',`
-	gen_require(`
-		type inetd_t;
-	')
-
-	inetd_core_service_domain($1, $2)
-
-	allow $1 inetd_t:tcp_socket rw_stream_socket_perms;
-	allow $1 inetd_t:udp_socket rw_socket_perms;
-
-	# encrypt the service through stunnel
-	optional_policy(`
-		stunnel_service_domain($1, $2)
-	')
-')
-
-########################################
-## <summary>
-##	Inherit and use file descriptors from inetd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`inetd_use_fds',`
-	gen_require(`
-		type inetd_t;
-	')
-
-	allow $1 inetd_t:fd use;
-')
-
-########################################
-## <summary>
-##	Connect to the inetd service using a TCP connection.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`inetd_tcp_connect',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Run inetd child process in the inet child domain
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`inetd_domtrans_child',`
-	gen_require(`
-		type inetd_child_t, inetd_child_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, inetd_child_exec_t, inetd_child_t)
-')
-
-########################################
-## <summary>
-##	Send UDP network traffic to inetd.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`inetd_udp_send',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Read and write inetd TCP sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`inetd_rw_tcp_sockets',`
-	gen_require(`
-		type inetd_t;
-	')
-
-	allow $1 inetd_t:tcp_socket rw_stream_socket_perms;
-')
diff --git a/policy/modules/services/inetd.te b/policy/modules/services/inetd.te
deleted file mode 100644
index c51a7b2..0000000
--- a/policy/modules/services/inetd.te
+++ /dev/null
@@ -1,242 +0,0 @@
-policy_module(inetd, 1.11.0)
-
-########################################
-#
-# Declarations
-#
-
-type inetd_t;
-type inetd_exec_t;
-init_daemon_domain(inetd_t, inetd_exec_t)
-
-type inetd_log_t;
-logging_log_file(inetd_log_t)
-
-type inetd_tmp_t;
-files_tmp_file(inetd_tmp_t)
-
-type inetd_var_run_t;
-files_pid_file(inetd_var_run_t)
-
-type inetd_child_t;
-type inetd_child_exec_t;
-inetd_service_domain(inetd_child_t, inetd_child_exec_t)
-role system_r types inetd_child_t;
-
-type inetd_child_tmp_t;
-files_tmp_file(inetd_child_tmp_t)
-
-type inetd_child_var_run_t;
-files_pid_file(inetd_child_var_run_t)
-
-ifdef(`enable_mcs',`
-	init_ranged_daemon_domain(inetd_t, inetd_exec_t, s0 - mcs_systemhigh)
-')
-
-########################################
-#
-# Local policy
-#
-
-allow inetd_t self:capability { setuid setgid };
-dontaudit inetd_t self:capability sys_tty_config;
-allow inetd_t self:process { setsched setexec };
-allow inetd_t self:fifo_file rw_fifo_file_perms;
-allow inetd_t self:tcp_socket create_stream_socket_perms;
-allow inetd_t self:udp_socket create_socket_perms;
-allow inetd_t self:fd use;
-
-allow inetd_t inetd_log_t:file manage_file_perms;
-logging_log_filetrans(inetd_t, inetd_log_t, file)
-
-manage_dirs_pattern(inetd_t, inetd_tmp_t, inetd_tmp_t)
-manage_files_pattern(inetd_t, inetd_tmp_t, inetd_tmp_t)
-files_tmp_filetrans(inetd_t, inetd_tmp_t, { file dir })
-
-allow inetd_t inetd_var_run_t:file manage_file_perms;
-files_pid_filetrans(inetd_t, inetd_var_run_t, file)
-
-kernel_read_kernel_sysctls(inetd_t)
-kernel_list_proc(inetd_t)
-kernel_read_proc_symlinks(inetd_t)
-kernel_read_system_state(inetd_t)
-kernel_tcp_recvfrom_unlabeled(inetd_t)
-
-corecmd_bin_domtrans(inetd_t, inetd_child_t)
-
-# base networking:
-corenet_all_recvfrom_unlabeled(inetd_t)
-corenet_all_recvfrom_netlabel(inetd_t)
-corenet_tcp_sendrecv_generic_if(inetd_t)
-corenet_udp_sendrecv_generic_if(inetd_t)
-corenet_tcp_sendrecv_generic_node(inetd_t)
-corenet_udp_sendrecv_generic_node(inetd_t)
-corenet_tcp_sendrecv_all_ports(inetd_t)
-corenet_udp_sendrecv_all_ports(inetd_t)
-corenet_tcp_bind_generic_node(inetd_t)
-corenet_udp_bind_generic_node(inetd_t)
-corenet_tcp_connect_all_ports(inetd_t)
-corenet_sendrecv_all_client_packets(inetd_t)
-
-# listen on service ports:
-corenet_tcp_bind_amanda_port(inetd_t)
-corenet_udp_bind_amanda_port(inetd_t)
-corenet_tcp_bind_auth_port(inetd_t)
-corenet_udp_bind_comsat_port(inetd_t)
-corenet_tcp_bind_dbskkd_port(inetd_t)
-corenet_udp_bind_dbskkd_port(inetd_t)
-corenet_tcp_bind_ftp_port(inetd_t)
-corenet_udp_bind_ftp_port(inetd_t)
-corenet_tcp_bind_inetd_child_port(inetd_t)
-corenet_udp_bind_inetd_child_port(inetd_t)
-corenet_tcp_bind_ircd_port(inetd_t)
-corenet_udp_bind_ktalkd_port(inetd_t)
-corenet_tcp_bind_printer_port(inetd_t)
-corenet_udp_bind_rlogind_port(inetd_t)
-corenet_udp_bind_rsh_port(inetd_t)
-corenet_tcp_bind_rsh_port(inetd_t)
-corenet_tcp_bind_rsync_port(inetd_t)
-corenet_udp_bind_rsync_port(inetd_t)
-#corenet_tcp_bind_stunnel_port(inetd_t)
-corenet_tcp_bind_swat_port(inetd_t)
-corenet_udp_bind_swat_port(inetd_t)
-corenet_tcp_bind_telnetd_port(inetd_t)
-corenet_udp_bind_tftp_port(inetd_t)
-corenet_tcp_bind_ssh_port(inetd_t)
-corenet_tcp_bind_git_port(inetd_t)
-corenet_udp_bind_git_port(inetd_t)
-
-# service port packets:
-corenet_sendrecv_amanda_server_packets(inetd_t)
-corenet_sendrecv_auth_server_packets(inetd_t)
-corenet_sendrecv_comsat_server_packets(inetd_t)
-corenet_sendrecv_dbskkd_server_packets(inetd_t)
-corenet_sendrecv_ftp_server_packets(inetd_t)
-corenet_sendrecv_inetd_child_server_packets(inetd_t)
-corenet_sendrecv_ircd_server_packets(inetd_t)
-corenet_sendrecv_ktalkd_server_packets(inetd_t)
-corenet_sendrecv_printer_server_packets(inetd_t)
-corenet_sendrecv_rsh_server_packets(inetd_t)
-corenet_sendrecv_rsync_server_packets(inetd_t)
-#corenet_sendrecv_stunnel_server_packets(inetd_t)
-corenet_sendrecv_swat_server_packets(inetd_t)
-corenet_sendrecv_tftp_server_packets(inetd_t)
-
-dev_read_sysfs(inetd_t)
-
-fs_getattr_all_fs(inetd_t)
-fs_search_auto_mountpoints(inetd_t)
-
-selinux_validate_context(inetd_t)
-selinux_compute_create_context(inetd_t)
-
-# Run other daemons in the inetd_child_t domain.
-corecmd_search_bin(inetd_t)
-corecmd_read_bin_symlinks(inetd_t)
-
-domain_use_interactive_fds(inetd_t)
-
-files_read_etc_files(inetd_t)
-files_read_etc_runtime_files(inetd_t)
-
-auth_use_nsswitch(inetd_t)
-
-logging_send_syslog_msg(inetd_t)
-
-miscfiles_read_localization(inetd_t)
-
-# xinetd needs MLS override privileges to work
-mls_fd_share_all_levels(inetd_t)
-mls_socket_read_to_clearance(inetd_t)
-mls_socket_write_to_clearance(inetd_t)
-mls_process_set_level(inetd_t)
-
-sysnet_read_config(inetd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(inetd_t)
-userdom_dontaudit_search_user_home_dirs(inetd_t)
-
-ifdef(`distro_redhat',`
-	optional_policy(`
-		unconfined_domain(inetd_t)
-	')
-')
-
-ifdef(`enable_mls',`
-	corenet_tcp_recvfrom_netlabel(inetd_t)
-	corenet_udp_recvfrom_netlabel(inetd_t)
-')
-
-optional_policy(`
-	amanda_search_lib(inetd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(inetd_t)
-')
-
-optional_policy(`
-	udev_read_db(inetd_t)
-')
-
-optional_policy(`
-	unconfined_domtrans(inetd_t)
-')
-
-########################################
-#
-# inetd child local_policy
-#
-
-allow inetd_child_t self:process signal_perms;
-allow inetd_child_t self:fifo_file rw_fifo_file_perms;
-allow inetd_child_t self:tcp_socket connected_stream_socket_perms;
-allow inetd_child_t self:udp_socket create_socket_perms;
-
-# for identd
-allow inetd_child_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-allow inetd_child_t self:capability { setuid setgid };
-files_search_home(inetd_child_t)
-
-manage_dirs_pattern(inetd_child_t, inetd_child_tmp_t, inetd_child_tmp_t)
-manage_files_pattern(inetd_child_t, inetd_child_tmp_t, inetd_child_tmp_t)
-files_tmp_filetrans(inetd_child_t, inetd_child_tmp_t, { file dir })
-
-manage_files_pattern(inetd_child_t, inetd_child_var_run_t, inetd_child_var_run_t)
-files_pid_filetrans(inetd_child_t, inetd_child_var_run_t, file)
-
-kernel_read_kernel_sysctls(inetd_child_t)
-kernel_read_system_state(inetd_child_t)
-kernel_read_network_state(inetd_child_t)
-
-corenet_all_recvfrom_unlabeled(inetd_child_t)
-corenet_all_recvfrom_netlabel(inetd_child_t)
-corenet_tcp_sendrecv_generic_if(inetd_child_t)
-corenet_udp_sendrecv_generic_if(inetd_child_t)
-corenet_tcp_sendrecv_generic_node(inetd_child_t)
-corenet_udp_sendrecv_generic_node(inetd_child_t)
-corenet_tcp_sendrecv_all_ports(inetd_child_t)
-corenet_udp_sendrecv_all_ports(inetd_child_t)
-
-dev_read_urand(inetd_child_t)
-
-fs_getattr_xattr_fs(inetd_child_t)
-
-files_read_etc_files(inetd_child_t)
-files_read_etc_runtime_files(inetd_child_t)
-
-auth_use_nsswitch(inetd_child_t)
-
-logging_send_syslog_msg(inetd_child_t)
-
-miscfiles_read_localization(inetd_child_t)
-
-sysnet_read_config(inetd_child_t)
-
-optional_policy(`
-	kerberos_use(inetd_child_t)
-')
-
-optional_policy(`
-	unconfined_domain(inetd_child_t)
-')
diff --git a/policy/modules/services/inn.fc b/policy/modules/services/inn.fc
deleted file mode 100644
index 8ca038d..0000000
--- a/policy/modules/services/inn.fc
+++ /dev/null
@@ -1,67 +0,0 @@
-
-#
-# /etc
-#
-/etc/news(/.*)?				gen_context(system_u:object_r:innd_etc_t,s0)
-/etc/news/boot		--		gen_context(system_u:object_r:innd_exec_t,s0)
-/etc/rc\.d/init\.d/innd	--		gen_context(system_u:object_r:innd_initrc_exec_t,s0)
-
-#
-# /usr
-#
-/usr/bin/inews		--		gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/bin/rnews		--		gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/bin/rpost		--		gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/bin/suck		--		gen_context(system_u:object_r:innd_exec_t,s0)
-
-/usr/sbin/in\.nnrpd	--		gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/sbin/innd.*	--		gen_context(system_u:object_r:innd_exec_t,s0)
-
-/var/lib/news(/.*)?			gen_context(system_u:object_r:innd_var_lib_t,s0)
-
-/usr/lib(64)?/news/bin/actsync	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/archive	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/batcher	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/buffchan	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/convdate	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/ctlinnd	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/cvtbatch	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/expire	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/expireover --	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/fastrm	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/filechan	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/getlist	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/grephistory --	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/inews	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/innconfval --	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/inndf	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/inndstart --	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/innfeed	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/innxbatch --	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/innxmit	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/makedbz	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/makehistory --	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/newsrequeue --	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/nnrpd	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/nntpget	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/ovdb_recover --	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/overchan	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/prunehistory --	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/rnews	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/shlock	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/shrinkfile --	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib(64)?/news/bin/startinnfeed --	gen_context(system_u:object_r:innd_exec_t,s0)
-
-# cjp: split these to fix an ordering
-# problem with a match in corecommands
-/usr/lib/news/bin/innd 		--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib/news/bin/sm		--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib64/news/bin/innd 	--	gen_context(system_u:object_r:innd_exec_t,s0)
-/usr/lib64/news/bin/sm		--	gen_context(system_u:object_r:innd_exec_t,s0)
-
-/var/log/news(/.*)?			gen_context(system_u:object_r:innd_log_t,s0)
-
-/var/run/innd(/.*)?			gen_context(system_u:object_r:innd_var_run_t,s0)
-/var/run/news(/.*)?	 		gen_context(system_u:object_r:innd_var_run_t,s0)
-
-/var/spool/news(/.*)?			gen_context(system_u:object_r:news_spool_t,s0)
diff --git a/policy/modules/services/inn.if b/policy/modules/services/inn.if
deleted file mode 100644
index 2f3d8dc..0000000
--- a/policy/modules/services/inn.if
+++ /dev/null
@@ -1,227 +0,0 @@
-## <summary>Internet News NNTP server</summary>
-
-########################################
-## <summary>
-##	Allow the specified domain to execute innd
-##	in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`inn_exec',`
-	gen_require(`
-		type innd_t;
-	')
-
-	can_exec($1, innd_exec_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to execute
-##	inn configuration files in /etc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`inn_exec_config',`
-	gen_require(`
-		type innd_etc_t;
-	')
-
-	can_exec($1, innd_etc_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete the innd log.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`inn_manage_log',`
-	gen_require(`
-		type innd_log_t;
-	')
-
-	logging_rw_generic_log_dirs($1)
-	manage_files_pattern($1, innd_log_t, innd_log_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete the innd pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`inn_manage_pid',`
-	gen_require(`
-		type innd_var_run_t;
-	')
-
-	files_search_pids($1)
-	manage_files_pattern($1, innd_var_run_t, innd_var_run_t)
-	manage_lnk_files_pattern($1, innd_var_run_t, innd_var_run_t)
-')
-
-########################################
-## <summary>
-##	Read innd configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-
-#
-interface(`inn_read_config',`
-	gen_require(`
-		type innd_etc_t;
-	')
-
-	files_search_etc($1)
-	allow $1 innd_etc_t:dir list_dir_perms;
-	allow $1 innd_etc_t:file read_file_perms;
-	allow $1 innd_etc_t:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Read innd news library files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`inn_read_news_lib',`
-	gen_require(`
-		type innd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 innd_var_lib_t:dir list_dir_perms;
-	allow $1 innd_var_lib_t:file read_file_perms;
-	allow $1 innd_var_lib_t:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Read innd news library files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`inn_read_news_spool',`
-	gen_require(`
-		type news_spool_t;
-	')
-
-	files_search_spool($1)
-	allow $1 news_spool_t:dir list_dir_perms;
-	allow $1 news_spool_t:file read_file_perms;
-	allow $1 news_spool_t:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Send to a innd unix dgram socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`inn_dgram_send',`
-	gen_require(`
-		type innd_t;
-	')
-
-	allow $1 innd_t:unix_dgram_socket sendto;
-')
-
-########################################
-## <summary>
-##	Execute inn in the inn domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`inn_domtrans',`
-	gen_require(`
-		type innd_t, innd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, innd_exec_t, innd_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an inn environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the inn domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`inn_admin',`
-	gen_require(`
-		type innd_t, innd_etc_t, innd_log_t;
-		type news_spool_t, innd_var_lib_t, innd_var_run_t;
-		type innd_initrc_exec_t;
-	')
-
-	allow $1 innd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, innd_t)
-
-	init_labeled_script_domtrans($1, innd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 innd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, innd_etc_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, innd_log_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, innd_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, innd_var_run_t)
-
-	files_list_spool($1)
-	admin_pattern($1, news_spool_t)
-')
diff --git a/policy/modules/services/inn.te b/policy/modules/services/inn.te
deleted file mode 100644
index dc7dd01..0000000
--- a/policy/modules/services/inn.te
+++ /dev/null
@@ -1,132 +0,0 @@
-policy_module(inn, 1.9.0)
-
-########################################
-#
-# Declarations
-#
-
-type innd_t;
-type innd_exec_t;
-init_daemon_domain(innd_t, innd_exec_t)
-
-type innd_etc_t;
-files_config_file(innd_etc_t)
-
-type innd_initrc_exec_t;
-init_script_file(innd_initrc_exec_t)
-
-type innd_log_t;
-logging_log_file(innd_log_t)
-
-type innd_var_lib_t;
-files_type(innd_var_lib_t)
-
-type innd_var_run_t;
-files_pid_file(innd_var_run_t)
-
-type news_spool_t;
-files_mountpoint(news_spool_t)
-
-########################################
-#
-# Local policy
-#
-
-allow innd_t self:capability { dac_override kill setgid setuid };
-dontaudit innd_t self:capability sys_tty_config;
-allow innd_t self:process { setsched signal_perms };
-allow innd_t self:fifo_file rw_fifo_file_perms;
-allow innd_t self:unix_dgram_socket { sendto create_socket_perms };
-allow innd_t self:unix_stream_socket { connectto create_stream_socket_perms };
-allow innd_t self:tcp_socket create_stream_socket_perms;
-allow innd_t self:udp_socket create_socket_perms;
-allow innd_t self:netlink_route_socket r_netlink_socket_perms;
-
-read_files_pattern(innd_t, innd_etc_t, innd_etc_t)
-read_lnk_files_pattern(innd_t, innd_etc_t, innd_etc_t)
-
-can_exec(innd_t, innd_exec_t)
-
-manage_files_pattern(innd_t, innd_log_t, innd_log_t)
-allow innd_t innd_log_t:dir setattr_dir_perms;
-logging_log_filetrans(innd_t, innd_log_t, file)
-
-manage_dirs_pattern(innd_t, innd_var_lib_t, innd_var_lib_t)
-manage_files_pattern(innd_t, innd_var_lib_t, innd_var_lib_t)
-files_var_lib_filetrans(innd_t, innd_var_lib_t, file)
-
-manage_dirs_pattern(innd_t, innd_var_run_t, innd_var_run_t)
-manage_files_pattern(innd_t, innd_var_run_t, innd_var_run_t)
-manage_sock_files_pattern(innd_t, innd_var_run_t, innd_var_run_t)
-files_pid_filetrans(innd_t, innd_var_run_t, { dir file })
-
-manage_dirs_pattern(innd_t, news_spool_t, news_spool_t)
-manage_files_pattern(innd_t, news_spool_t, news_spool_t)
-manage_lnk_files_pattern(innd_t, news_spool_t, news_spool_t)
-
-kernel_read_kernel_sysctls(innd_t)
-kernel_read_system_state(innd_t)
-
-corenet_all_recvfrom_unlabeled(innd_t)
-corenet_all_recvfrom_netlabel(innd_t)
-corenet_tcp_sendrecv_generic_if(innd_t)
-corenet_udp_sendrecv_generic_if(innd_t)
-corenet_tcp_sendrecv_generic_node(innd_t)
-corenet_udp_sendrecv_generic_node(innd_t)
-corenet_tcp_sendrecv_all_ports(innd_t)
-corenet_udp_sendrecv_all_ports(innd_t)
-corenet_tcp_bind_generic_node(innd_t)
-corenet_tcp_bind_innd_port(innd_t)
-corenet_tcp_connect_all_ports(innd_t)
-corenet_sendrecv_innd_server_packets(innd_t)
-corenet_sendrecv_all_client_packets(innd_t)
-
-dev_read_sysfs(innd_t)
-dev_read_urand(innd_t)
-
-fs_getattr_all_fs(innd_t)
-fs_search_auto_mountpoints(innd_t)
-
-corecmd_exec_bin(innd_t)
-corecmd_exec_shell(innd_t)
-
-domain_use_interactive_fds(innd_t)
-
-files_list_spool(innd_t)
-files_read_etc_files(innd_t)
-files_read_etc_runtime_files(innd_t)
-files_read_usr_files(innd_t)
-
-logging_send_syslog_msg(innd_t)
-
-miscfiles_read_localization(innd_t)
-
-seutil_dontaudit_search_config(innd_t)
-
-sysnet_read_config(innd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(innd_t)
-userdom_dontaudit_search_user_home_dirs(innd_t)
-userdom_dgram_send(innd_t)
-
-mta_send_mail(innd_t)
-
-optional_policy(`
-	cron_system_entry(innd_t, innd_exec_t)
-')
-
-optional_policy(`
-	hostname_exec(innd_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(innd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(innd_t)
-')
-
-optional_policy(`
-	udev_read_db(innd_t)
-')
diff --git a/policy/modules/services/ircd.fc b/policy/modules/services/ircd.fc
deleted file mode 100644
index d733fa8..0000000
--- a/policy/modules/services/ircd.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-/etc/(dancer-)?ircd(/.*)?	gen_context(system_u:object_r:ircd_etc_t,s0)
-
-/usr/sbin/(dancer-)?ircd --	gen_context(system_u:object_r:ircd_exec_t,s0)
-
-/var/lib/dancer-ircd(/.*)?	gen_context(system_u:object_r:ircd_var_lib_t,s0)
-/var/log/(dancer-)?ircd(/.*)?	gen_context(system_u:object_r:ircd_log_t,s0)
-/var/run/dancer-ircd(/.*)?	gen_context(system_u:object_r:ircd_var_run_t,s0)
diff --git a/policy/modules/services/ircd.if b/policy/modules/services/ircd.if
deleted file mode 100644
index 3f4de83..0000000
--- a/policy/modules/services/ircd.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>IRC server</summary>
diff --git a/policy/modules/services/ircd.te b/policy/modules/services/ircd.te
deleted file mode 100644
index 75ab1e2..0000000
--- a/policy/modules/services/ircd.te
+++ /dev/null
@@ -1,93 +0,0 @@
-policy_module(ircd, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type ircd_t;
-type ircd_exec_t;
-init_daemon_domain(ircd_t, ircd_exec_t)
-
-type ircd_etc_t;
-files_config_file(ircd_etc_t)
-
-type ircd_log_t;
-logging_log_file(ircd_log_t)
-
-type ircd_var_lib_t;
-files_type(ircd_var_lib_t)
-
-type ircd_var_run_t;
-files_pid_file(ircd_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-dontaudit ircd_t self:capability sys_tty_config;
-allow ircd_t self:process signal_perms;
-allow ircd_t self:tcp_socket create_stream_socket_perms;
-allow ircd_t self:udp_socket create_socket_perms;
-
-read_files_pattern(ircd_t, ircd_etc_t, ircd_etc_t)
-read_lnk_files_pattern(ircd_t, ircd_etc_t, ircd_etc_t)
-files_search_etc(ircd_t)
-
-manage_files_pattern(ircd_t, ircd_log_t, ircd_log_t)
-logging_log_filetrans(ircd_t, ircd_log_t, { file dir })
-
-manage_files_pattern(ircd_t, ircd_var_lib_t, ircd_var_lib_t)
-files_var_lib_filetrans(ircd_t, ircd_var_lib_t, file)
-
-manage_files_pattern(ircd_t, ircd_var_run_t, ircd_var_run_t)
-files_pid_filetrans(ircd_t, ircd_var_run_t, file)
-
-kernel_read_system_state(ircd_t)
-kernel_read_kernel_sysctls(ircd_t)
-
-corecmd_search_bin(ircd_t)
-
-corenet_all_recvfrom_unlabeled(ircd_t)
-corenet_all_recvfrom_netlabel(ircd_t)
-corenet_tcp_sendrecv_generic_if(ircd_t)
-corenet_udp_sendrecv_generic_if(ircd_t)
-corenet_tcp_sendrecv_generic_node(ircd_t)
-corenet_udp_sendrecv_generic_node(ircd_t)
-corenet_tcp_sendrecv_all_ports(ircd_t)
-corenet_udp_sendrecv_all_ports(ircd_t)
-corenet_tcp_bind_generic_node(ircd_t)
-corenet_tcp_bind_ircd_port(ircd_t)
-corenet_sendrecv_ircd_server_packets(ircd_t)
-
-dev_read_sysfs(ircd_t)
-
-domain_use_interactive_fds(ircd_t)
-
-files_read_etc_files(ircd_t)
-files_read_etc_runtime_files(ircd_t)
-
-fs_getattr_all_fs(ircd_t)
-fs_search_auto_mountpoints(ircd_t)
-
-logging_send_syslog_msg(ircd_t)
-
-miscfiles_read_localization(ircd_t)
-
-sysnet_read_config(ircd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(ircd_t)
-userdom_dontaudit_search_user_home_dirs(ircd_t)
-
-optional_policy(`
-	nis_use_ypbind(ircd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(ircd_t)
-')
-
-optional_policy(`
-	udev_read_db(ircd_t)
-')
diff --git a/policy/modules/services/irqbalance.fc b/policy/modules/services/irqbalance.fc
deleted file mode 100644
index 3831075..0000000
--- a/policy/modules/services/irqbalance.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-
-/usr/sbin/irqbalance	-- gen_context(system_u:object_r:irqbalance_exec_t,s0)
diff --git a/policy/modules/services/irqbalance.if b/policy/modules/services/irqbalance.if
deleted file mode 100644
index 058fb75..0000000
--- a/policy/modules/services/irqbalance.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>IRQ balancing daemon</summary>
diff --git a/policy/modules/services/irqbalance.te b/policy/modules/services/irqbalance.te
deleted file mode 100644
index 9aeeaf9..0000000
--- a/policy/modules/services/irqbalance.te
+++ /dev/null
@@ -1,56 +0,0 @@
-policy_module(irqbalance, 1.5.0)
-
-########################################
-#
-# Declarations
-#
-
-type irqbalance_t;
-type irqbalance_exec_t;
-init_daemon_domain(irqbalance_t, irqbalance_exec_t)
-
-type irqbalance_var_run_t;
-files_pid_file(irqbalance_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow irqbalance_t self:capability { setpcap net_admin };
-dontaudit irqbalance_t self:capability sys_tty_config;
-allow irqbalance_t self:process { getcap setcap signal_perms };
-allow irqbalance_t self:udp_socket create_socket_perms;
-
-manage_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
-files_pid_filetrans(irqbalance_t, irqbalance_var_run_t, file)
-
-kernel_read_network_state(irqbalance_t)
-kernel_read_system_state(irqbalance_t)
-kernel_read_kernel_sysctls(irqbalance_t)
-kernel_rw_irq_sysctls(irqbalance_t)
-
-dev_read_sysfs(irqbalance_t)
-
-files_read_etc_files(irqbalance_t)
-files_read_etc_runtime_files(irqbalance_t)
-
-fs_getattr_all_fs(irqbalance_t)
-fs_search_auto_mountpoints(irqbalance_t)
-
-domain_use_interactive_fds(irqbalance_t)
-
-logging_send_syslog_msg(irqbalance_t)
-
-miscfiles_read_localization(irqbalance_t)
-
-userdom_dontaudit_use_unpriv_user_fds(irqbalance_t)
-userdom_dontaudit_search_user_home_dirs(irqbalance_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(irqbalance_t)
-')
-
-optional_policy(`
-	udev_read_db(irqbalance_t)
-')
diff --git a/policy/modules/services/jabber.fc b/policy/modules/services/jabber.fc
deleted file mode 100644
index deef4c7..0000000
--- a/policy/modules/services/jabber.fc
+++ /dev/null
@@ -1,15 +0,0 @@
-/etc/rc\.d/init\.d/jabber --	gen_context(system_u:object_r:jabberd_initrc_exec_t,s0)
-
-/usr/sbin/jabberd	--	gen_context(system_u:object_r:jabberd_exec_t,s0)
-
-# for new version of jabberd
-/usr/bin/router         --      gen_context(system_u:object_r:jabberd_router_exec_t,s0)
-/usr/bin/c2s            --      gen_context(system_u:object_r:jabberd_router_exec_t,s0)
-/usr/bin/s2s            --      gen_context(system_u:object_r:jabberd_exec_t,s0)
-/usr/bin/sm             --      gen_context(system_u:object_r:jabberd_exec_t,s0)
-
-/var/lib/jabberd(/.*)?           gen_context(system_u:object_r:jabberd_var_lib_t,s0)
-
-
-/var/lib/jabber(/.*)?		gen_context(system_u:object_r:jabberd_var_lib_t,s0)
-/var/log/jabber(/.*)?		gen_context(system_u:object_r:jabberd_log_t,s0)
diff --git a/policy/modules/services/jabber.if b/policy/modules/services/jabber.if
deleted file mode 100644
index 9167dc9..0000000
--- a/policy/modules/services/jabber.if
+++ /dev/null
@@ -1,138 +0,0 @@
-## <summary>Jabber instant messaging server</summary>
-
-#######################################
-## <summary>
-##	Execute a domain transition to run jabberd services
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`jabber_domtrans_jabberd',`
-	gen_require(`
-		type jabberd_t, jabberd_exec_t;
-	')
-
-	domtrans_pattern($1, jabberd_exec_t, jabberd_t)
-')
-
-######################################
-## <summary>
-##	Execute a domain transition to run jabberd router service
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`jabber_domtrans_jabberd_router',`
-	gen_require(`
-		type jabberd_router_t, jabberd_router_exec_t;
-	')
-
-	domtrans_pattern($1, jabberd_router_exec_t, jabberd_router_t)
-')
-
-#######################################
-## <summary>
-##	Read jabberd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`jabberd_read_lib_files',`
-	gen_require(`
-		type jabberd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t)
-')
-
-#######################################
-## <summary>
-##	Dontaudit inherited read jabberd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`jabberd_dontaudit_read_lib_files',`
-	gen_require(`
-		type jabberd_var_lib_t;
-	')
-
-	dontaudit $1 jabberd_var_lib_t:file read_inherited_file_perms;
-')
-
-#######################################
-## <summary>
-##	Create, read, write, and delete
-##	jabberd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`jabberd_manage_lib_files',`
-	gen_require(`
-		type jabberd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an jabber environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the jabber domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`jabber_admin',`
-	gen_require(`
-		type jabberd_t, jabberd_log_t, jabberd_var_lib_t;
-		type jabberd_var_run_t, jabberd_initrc_exec_t, jabberd_router_t;
-	')
-
-	allow $1 jabberd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, jabberd_t)
-
-	allow $1 jabberd_router_t:process { ptrace signal_perms };
-	ps_process_pattern($1, jabberd_router_t)
-
-	init_labeled_script_domtrans($1, jabberd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 jabberd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	logging_list_logs($1)
-	admin_pattern($1, jabberd_log_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, jabberd_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, jabberd_var_run_t)
-')
diff --git a/policy/modules/services/jabber.te b/policy/modules/services/jabber.te
deleted file mode 100644
index e184dff..0000000
--- a/policy/modules/services/jabber.te
+++ /dev/null
@@ -1,120 +0,0 @@
-policy_module(jabber, 1.8.0)
-
-########################################
-#
-# Declarations
-#
-
-attribute jabberd_domain;
-
-type jabberd_t, jabberd_domain;
-type jabberd_exec_t;
-init_daemon_domain(jabberd_t, jabberd_exec_t)
-
-type jabberd_initrc_exec_t;
-init_script_file(jabberd_initrc_exec_t)
-
-type jabberd_router_t, jabberd_domain;
-type jabberd_router_exec_t;
-init_daemon_domain(jabberd_router_t, jabberd_router_exec_t)
-
-type jabberd_log_t;
-logging_log_file(jabberd_log_t)
-
-type jabberd_var_lib_t;
-files_type(jabberd_var_lib_t)
-
-type jabberd_var_run_t;
-files_pid_file(jabberd_var_run_t)
-
-permissive jabberd_router_t;
-permissive jabberd_t;
-
-######################################
-#
-# Local policy for jabberd-router and c2s components
-#
-
-allow jabberd_router_t self:netlink_route_socket r_netlink_socket_perms;
-
-corenet_tcp_bind_jabber_client_port(jabberd_router_t)
-corenet_tcp_bind_jabber_router_port(jabberd_router_t)
-corenet_tcp_connect_jabber_router_port(jabberd_router_t)
-corenet_sendrecv_jabber_router_server_packets(jabberd_router_t)
-corenet_sendrecv_jabber_client_server_packets(jabberd_router_t)
-
-fs_getattr_all_fs(jabberd_router_t)
-
-miscfiles_read_certs(jabberd_router_t)
-
-optional_policy(`
-        kerberos_use(jabberd_router_t)
-')
-
-optional_policy(`
-       nis_use_ypbind(jabberd_router_t)
-')
-
-#####################################
-#
-# Local policy for other jabberd components
-#
-
-kernel_read_system_state(jabberd_t)
-
-corenet_tcp_bind_jabber_interserver_port(jabberd_t)
-corenet_tcp_connect_jabber_router_port(jabberd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(jabberd_t)
-userdom_dontaudit_search_user_home_dirs(jabberd_t)
-
-optional_policy(`
-       seutil_sigchld_newrole(jabberd_t)
-')
-
-optional_policy(`
-       udev_read_db(jabberd_t)
-')
-
-#######################################
-#
-# Local policy for jabberd domains
-#
-
-allow jabberd_domain self:process signal_perms;
-allow jabberd_domain self:fifo_file read_fifo_file_perms;
-allow jabberd_domain self:tcp_socket create_stream_socket_perms;
-allow jabberd_domain self:udp_socket create_socket_perms;
-
-manage_files_pattern(jabberd_domain, jabberd_var_lib_t, jabberd_var_lib_t)
-manage_dirs_pattern(jabberd_domain, jabberd_var_lib_t, jabberd_var_lib_t)
-
-# log and pid files are moved into /var/lib/jabberd in the newer version of jabberd
-manage_files_pattern(jabberd_domain, jabberd_log_t, jabberd_log_t)
-logging_log_filetrans(jabberd_domain, jabberd_log_t, { file dir })
-
-manage_files_pattern(jabberd_domain, jabberd_var_run_t, jabberd_var_run_t)
-files_pid_filetrans(jabberd_domain, jabberd_var_run_t, file)
-
-corenet_all_recvfrom_unlabeled(jabberd_domain)
-corenet_all_recvfrom_netlabel(jabberd_domain)
-corenet_tcp_sendrecv_generic_if(jabberd_domain)
-corenet_udp_sendrecv_generic_if(jabberd_domain)
-corenet_tcp_sendrecv_generic_node(jabberd_domain)
-corenet_udp_sendrecv_generic_node(jabberd_domain)
-corenet_tcp_sendrecv_all_ports(jabberd_domain)
-corenet_udp_sendrecv_all_ports(jabberd_domain)
-corenet_tcp_bind_generic_node(jabberd_domain)
-
-dev_read_urand(jabberd_domain)
-dev_read_urand(jabberd_domain)
-dev_read_sysfs(jabberd_domain)
-
-files_read_etc_files(jabberd_domain)
-files_read_etc_runtime_files(jabberd_domain)
-
-logging_send_syslog_msg(jabberd_domain)
-
-miscfiles_read_localization(jabberd_domain)
-
-sysnet_read_config(jabberd_domain)
diff --git a/policy/modules/services/kerberos.fc b/policy/modules/services/kerberos.fc
deleted file mode 100644
index e5db539..0000000
--- a/policy/modules/services/kerberos.fc
+++ /dev/null
@@ -1,33 +0,0 @@
-HOME_DIR/\.k5login		--	gen_context(system_u:object_r:krb5_home_t,s0)
-/root/\.k5login			--	gen_context(system_u:object_r:krb5_home_t,s0)
-
-/etc/krb5\.conf			--	gen_context(system_u:object_r:krb5_conf_t,s0)
-/etc/krb5\.keytab			gen_context(system_u:object_r:krb5_keytab_t,s0)
-
-/etc/krb5kdc(/.*)?			gen_context(system_u:object_r:krb5kdc_conf_t,s0)
-/etc/krb5kdc/kadm5\.keytab 	--	gen_context(system_u:object_r:krb5_keytab_t,s0)
-/etc/krb5kdc/principal.*		gen_context(system_u:object_r:krb5kdc_principal_t,s0)
-
-/etc/rc\.d/init\.d/kadmin 	--	gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/kprop	--	gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/krb524d	--	gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/krb5kdc	--	gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
-
-/usr/(local/)?(kerberos/)?sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0)
-/usr/(local/)?(kerberos/)?sbin/kadmind -- gen_context(system_u:object_r:kadmind_exec_t,s0)
-/usr/kerberos/sbin/kadmin\.local --	gen_context(system_u:object_r:kadmind_exec_t,s0)
-/usr/kerberos/sbin/kpropd	--	gen_context(system_u:object_r:kpropd_exec_t,s0)
-
-/usr/local/var/krb5kdc(/.*)?		gen_context(system_u:object_r:krb5kdc_conf_t,s0)
-/usr/local/var/krb5kdc/principal.*	gen_context(system_u:object_r:krb5kdc_principal_t,s0)
-
-/var/kerberos/krb5kdc(/.*)?		gen_context(system_u:object_r:krb5kdc_conf_t,s0)
-/var/kerberos/krb5kdc/from_master.*	gen_context(system_u:object_r:krb5kdc_lock_t,s0)
-/var/kerberos/krb5kdc/kadm5\.keytab --	gen_context(system_u:object_r:krb5_keytab_t,s0)
-/var/kerberos/krb5kdc/principal.*	gen_context(system_u:object_r:krb5kdc_principal_t,s0)
-/var/kerberos/krb5kdc/principal.*\.ok	gen_context(system_u:object_r:krb5kdc_lock_t,s0)
-
-/var/log/krb5kdc\.log			gen_context(system_u:object_r:krb5kdc_log_t,s0)
-/var/log/kadmin(d)?\.log		gen_context(system_u:object_r:kadmind_log_t,s0)
-
-/var/tmp/host_0			-- 	gen_context(system_u:object_r:krb5_host_rcache_t,s0)
diff --git a/policy/modules/services/kerberos.if b/policy/modules/services/kerberos.if
deleted file mode 100644
index 8c72504..0000000
--- a/policy/modules/services/kerberos.if
+++ /dev/null
@@ -1,378 +0,0 @@
-## <summary>MIT Kerberos admin and KDC</summary>
-## <desc>
-##	<p>
-##	This policy supports:
-##	</p>
-##	<p>
-##	Servers:
-##	<ul>
-##		<li>kadmind</li>
-##		<li>krb5kdc</li>
-##	</ul>
-##	</p>
-##	<p>
-##	Clients:
-##	<ul>
-##		<li>kinit</li>
-##		<li>kdestroy</li>
-##		<li>klist</li>
-##		<li>ksu (incomplete)</li>
-##	</ul>
-##	</p>
-## </desc>
-
-########################################
-## <summary>
-##	Execute kadmind in the current domain
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kerberos_exec_kadmind',`
-	gen_require(`
-		type kadmind_exec_t;
-	')
-
-	can_exec($1, kadmind_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run kpropd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`kerberos_domtrans_kpropd',`
-	gen_require(`
-		type kpropd_t, kpropd_exec_t;
-	')
-
-	domtrans_pattern($1, kpropd_exec_t, kpropd_t)
-')
-
-########################################
-## <summary>
-##	Use kerberos services
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kerberos_use',`
-	gen_require(`
-		type krb5_conf_t, krb5kdc_conf_t, krb5_host_rcache_t;
-	')
-
-	files_search_etc($1)
-	read_files_pattern($1, krb5_conf_t, krb5_conf_t)
-	dontaudit $1 krb5_conf_t:file write;
-	dontaudit $1 krb5kdc_conf_t:dir list_dir_perms;
-	dontaudit $1 krb5kdc_conf_t:file rw_file_perms;
-
-	#kerberos libraries are attempting to set the correct file context
-	dontaudit $1 self:process setfscreate;
-	selinux_dontaudit_validate_context($1)
-	seutil_dontaudit_read_file_contexts($1)
-
-	tunable_policy(`allow_kerberos',`
-		allow $1 self:tcp_socket create_socket_perms;
-		allow $1 self:udp_socket create_socket_perms;
-
-		corenet_all_recvfrom_unlabeled($1)
-		corenet_all_recvfrom_netlabel($1)
-		corenet_tcp_sendrecv_generic_if($1)
-		corenet_udp_sendrecv_generic_if($1)
-		corenet_tcp_sendrecv_generic_node($1)
-		corenet_udp_sendrecv_generic_node($1)
-		corenet_tcp_sendrecv_kerberos_port($1)
-		corenet_udp_sendrecv_kerberos_port($1)
-		corenet_tcp_bind_generic_node($1)
-		corenet_udp_bind_generic_node($1)
-		corenet_tcp_connect_kerberos_port($1)
-		corenet_tcp_connect_ocsp_port($1)
-		corenet_sendrecv_kerberos_client_packets($1)
-		corenet_sendrecv_ocsp_client_packets($1)
-
-		allow $1 krb5_host_rcache_t:file getattr_file_perms;
-	')
-
-	optional_policy(`
-		tunable_policy(`allow_kerberos',`
-			pcscd_stream_connect($1)
-		')
-	')
-
-	optional_policy(`
-		sssd_read_public_files($1)
-	')
-')
-
-########################################
-## <summary>
-##	Read the kerberos configuration file (/etc/krb5.conf).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kerberos_read_config',`
-	gen_require(`
-		type krb5_conf_t, krb5_home_t;
-	')
-
-	files_search_etc($1)
-	allow $1 krb5_conf_t:file read_file_perms;
-	allow $1 krb5_home_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write the kerberos
-##	configuration file (/etc/krb5.conf).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kerberos_dontaudit_write_config',`
-	gen_require(`
-		type krb5_conf_t;
-	')
-
-	dontaudit $1 krb5_conf_t:file write;
-')
-
-########################################
-## <summary>
-##	Read and write the kerberos configuration file (/etc/krb5.conf).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kerberos_rw_config',`
-	gen_require(`
-		type krb5_conf_t;
-	')
-
-	files_search_etc($1)
-	allow $1 krb5_conf_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Read the kerberos key table.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kerberos_read_keytab',`
-	gen_require(`
-		type krb5_keytab_t;
-	')
-
-	files_search_etc($1)
-	allow $1 krb5_keytab_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Read/Write the kerberos key table.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kerberos_rw_keytab',`
-	gen_require(`
-		type krb5_keytab_t;
-	')
-
-	files_search_etc($1)
-	allow $1 krb5_keytab_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Create a derived type for kerberos keytab
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	The prefix to be used for deriving type names.
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-template(`kerberos_keytab_template',`
-	type $1_keytab_t;
-	files_type($1_keytab_t)
-
-	allow $2 $1_keytab_t:file read_file_perms;
-
-	kerberos_read_keytab($2)
-	kerberos_use($2)
-')
-
-########################################
-## <summary>
-##	Read the kerberos kdc configuration file (/etc/krb5kdc.conf).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kerberos_read_kdc_config',`
-	gen_require(`
-		type krb5kdc_conf_t;
-	')
-
-	files_search_etc($1)
-	read_files_pattern($1, krb5kdc_conf_t, krb5kdc_conf_t)
-')
-
-########################################
-## <summary>
-##	Read the kerberos kdc configuration file (/etc/krb5kdc.conf).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kerberos_manage_host_rcache',`
-	gen_require(`
-		type krb5_host_rcache_t;
-	')
-
-	# creates files as system_u no matter what the selinux user
-	# cjp: should be in the below tunable but typeattribute
-	# does not work in conditionals
-	domain_obj_id_change_exemption($1)
-
-	tunable_policy(`allow_kerberos',`
-		allow $1 self:process setfscreate;
-
-		selinux_validate_context($1)
-
-		seutil_read_file_contexts($1)
-
-		allow $1 krb5_host_rcache_t:file manage_file_perms;
-		files_search_tmp($1)
-	')
-')
-
-########################################
-## <summary>
-##	Connect to krb524 service
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kerberos_connect_524',`
-	tunable_policy(`allow_kerberos',`
-		allow $1 self:udp_socket create_socket_perms;
-
-		corenet_all_recvfrom_unlabeled($1)
-		corenet_udp_sendrecv_generic_if($1)
-		corenet_udp_sendrecv_generic_node($1)
-		corenet_udp_sendrecv_kerberos_master_port($1)
-		corenet_sendrecv_kerberos_master_client_packets($1)
-	')
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an kerberos environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the kerberos domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kerberos_admin',`
-	gen_require(`
-		type kadmind_t, krb5kdc_t, kerberos_initrc_exec_t;
-		type kadmind_log_t, kadmind_tmp_t, kadmind_var_run_t;
-		type krb5_conf_t, krb5_keytab_t, krb5kdc_conf_t;
-		type krb5kdc_principal_t, krb5kdc_tmp_t, kpropd_t;
-		type krb5kdc_var_run_t, krb5_host_rcache_t;
-	')
-
-	allow $1 kadmind_t:process { ptrace signal_perms };
-	ps_process_pattern($1, kadmind_t)
-
-	allow $1 krb5kdc_t:process { ptrace signal_perms };
-	ps_process_pattern($1, krb5kdc_t)
-
-	allow $1 kpropd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, kpropd_t)
-
-	init_labeled_script_domtrans($1, kerberos_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 kerberos_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	logging_list_logs($1)
-	admin_pattern($1, kadmind_log_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, kadmind_tmp_t)
-
-	files_list_pids($1)
-	admin_pattern($1, kadmind_var_run_t)
-
-	admin_pattern($1, krb5_conf_t)
-
-	admin_pattern($1, krb5_host_rcache_t)
-
-	admin_pattern($1, krb5_keytab_t)
-
-	admin_pattern($1, krb5kdc_principal_t)
-
-	admin_pattern($1, krb5kdc_tmp_t)
-
-	admin_pattern($1, krb5kdc_var_run_t)
-')
diff --git a/policy/modules/services/kerberos.te b/policy/modules/services/kerberos.te
deleted file mode 100644
index 744e7d6..0000000
--- a/policy/modules/services/kerberos.te
+++ /dev/null
@@ -1,329 +0,0 @@
-policy_module(kerberos, 1.11.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow confined applications to run with kerberos.
-##	</p>
-## </desc>
-gen_tunable(allow_kerberos, false)
-
-type kadmind_t;
-type kadmind_exec_t;
-init_daemon_domain(kadmind_t, kadmind_exec_t)
-domain_obj_id_change_exemption(kadmind_t)
-
-type kadmind_log_t;
-logging_log_file(kadmind_log_t)
-
-type kadmind_tmp_t;
-files_tmp_file(kadmind_tmp_t)
-
-type kadmind_var_run_t;
-files_pid_file(kadmind_var_run_t)
-
-type kerberos_initrc_exec_t;
-init_script_file(kerberos_initrc_exec_t)
-
-type kpropd_t;
-type kpropd_exec_t;
-init_daemon_domain(kpropd_t, kpropd_exec_t)
-domain_obj_id_change_exemption(kpropd_t)
-
-type krb5_conf_t;
-files_type(krb5_conf_t)
-
-type krb5_home_t;
-userdom_user_home_content(krb5_home_t)
-
-type krb5_host_rcache_t;
-files_tmp_file(krb5_host_rcache_t)
-
-# types for general configuration files in /etc
-type krb5_keytab_t;
-files_security_file(krb5_keytab_t)
-
-# types for KDC configs and principal file(s)
-type krb5kdc_conf_t;
-files_type(krb5kdc_conf_t)
-
-type krb5kdc_lock_t;
-files_type(krb5kdc_lock_t)
-
-# types for KDC principal file(s)
-type krb5kdc_principal_t;
-files_type(krb5kdc_principal_t)
-
-type krb5kdc_t;
-type krb5kdc_exec_t;
-init_daemon_domain(krb5kdc_t, krb5kdc_exec_t)
-domain_obj_id_change_exemption(krb5kdc_t)
-
-type krb5kdc_log_t;
-logging_log_file(krb5kdc_log_t)
-
-type krb5kdc_tmp_t;
-files_tmp_file(krb5kdc_tmp_t)
-
-type krb5kdc_var_run_t;
-files_pid_file(krb5kdc_var_run_t)
-
-########################################
-#
-# kadmind local policy
-#
-
-# Use capabilities. Surplus capabilities may be allowed.
-allow kadmind_t self:capability { setuid setgid chown fowner dac_override sys_nice };
-dontaudit kadmind_t self:capability sys_tty_config;
-allow kadmind_t self:process { setfscreate signal_perms };
-allow kadmind_t self:netlink_route_socket r_netlink_socket_perms;
-allow kadmind_t self:unix_dgram_socket { connect create write };
-allow kadmind_t self:tcp_socket connected_stream_socket_perms;
-allow kadmind_t self:udp_socket create_socket_perms;
-
-allow kadmind_t kadmind_log_t:file manage_file_perms;
-logging_log_filetrans(kadmind_t, kadmind_log_t, file)
-
-allow kadmind_t krb5_conf_t:file read_file_perms;
-dontaudit kadmind_t krb5_conf_t:file write;
-
-read_files_pattern(kadmind_t, krb5kdc_conf_t, krb5kdc_conf_t)
-dontaudit kadmind_t krb5kdc_conf_t:file { write_file_perms setattr_file_perms };
-
-allow kadmind_t krb5kdc_lock_t:file { rw_file_perms setattr_file_perms };
-
-allow kadmind_t krb5kdc_principal_t:file manage_file_perms;
-filetrans_pattern(kadmind_t, krb5kdc_conf_t, krb5kdc_principal_t, file)
-
-can_exec(kadmind_t, kadmind_exec_t)
-
-manage_dirs_pattern(kadmind_t, kadmind_tmp_t, kadmind_tmp_t)
-manage_files_pattern(kadmind_t, kadmind_tmp_t, kadmind_tmp_t)
-files_tmp_filetrans(kadmind_t, kadmind_tmp_t, { file dir })
-
-manage_files_pattern(kadmind_t, kadmind_var_run_t, kadmind_var_run_t)
-files_pid_filetrans(kadmind_t, kadmind_var_run_t, file)
-
-kernel_read_kernel_sysctls(kadmind_t)
-kernel_list_proc(kadmind_t)
-kernel_read_network_state(kadmind_t)
-kernel_read_proc_symlinks(kadmind_t)
-kernel_read_system_state(kadmind_t)
-
-corenet_all_recvfrom_unlabeled(kadmind_t)
-corenet_all_recvfrom_netlabel(kadmind_t)
-corenet_tcp_sendrecv_generic_if(kadmind_t)
-corenet_udp_sendrecv_generic_if(kadmind_t)
-corenet_tcp_sendrecv_generic_node(kadmind_t)
-corenet_udp_sendrecv_generic_node(kadmind_t)
-corenet_tcp_sendrecv_all_ports(kadmind_t)
-corenet_udp_sendrecv_all_ports(kadmind_t)
-corenet_tcp_bind_generic_node(kadmind_t)
-corenet_udp_bind_generic_node(kadmind_t)
-corenet_tcp_bind_kerberos_admin_port(kadmind_t)
-corenet_tcp_bind_kerberos_password_port(kadmind_t)
-corenet_udp_bind_kerberos_admin_port(kadmind_t)
-corenet_udp_bind_kerberos_password_port(kadmind_t)
-corenet_tcp_bind_reserved_port(kadmind_t)
-corenet_dontaudit_tcp_bind_all_reserved_ports(kadmind_t)
-corenet_sendrecv_kerberos_admin_server_packets(kadmind_t)
-corenet_sendrecv_kerberos_password_server_packets(kadmind_t)
-
-dev_read_sysfs(kadmind_t)
-dev_read_rand(kadmind_t)
-dev_read_urand(kadmind_t)
-
-fs_getattr_all_fs(kadmind_t)
-fs_search_auto_mountpoints(kadmind_t)
-
-domain_use_interactive_fds(kadmind_t)
-
-files_read_etc_files(kadmind_t)
-files_read_usr_symlinks(kadmind_t)
-files_read_usr_files(kadmind_t)
-files_read_var_files(kadmind_t)
-
-selinux_validate_context(kadmind_t)
-
-logging_send_syslog_msg(kadmind_t)
-
-miscfiles_read_generic_certs(kadmind_t)
-miscfiles_read_localization(kadmind_t)
-
-seutil_read_file_contexts(kadmind_t)
-
-sysnet_read_config(kadmind_t)
-sysnet_use_ldap(kadmind_t)
-
-userdom_dontaudit_use_unpriv_user_fds(kadmind_t)
-userdom_dontaudit_search_user_home_dirs(kadmind_t)
-
-optional_policy(`
-	nis_use_ypbind(kadmind_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(kadmind_t)
-')
-
-optional_policy(`
-	udev_read_db(kadmind_t)
-')
-
-########################################
-#
-# Krb5kdc local policy
-#
-
-# Use capabilities. Surplus capabilities may be allowed.
-allow krb5kdc_t self:capability { setuid setgid net_admin chown fowner dac_override sys_nice };
-dontaudit krb5kdc_t self:capability sys_tty_config;
-allow krb5kdc_t self:process { setfscreate setsched getsched signal_perms };
-allow krb5kdc_t self:netlink_route_socket r_netlink_socket_perms;
-allow krb5kdc_t self:tcp_socket create_stream_socket_perms;
-allow krb5kdc_t self:udp_socket create_socket_perms;
-allow krb5kdc_t self:fifo_file rw_fifo_file_perms;
-
-allow krb5kdc_t krb5_conf_t:file read_file_perms;
-dontaudit krb5kdc_t krb5_conf_t:file write;
-
-can_exec(krb5kdc_t, krb5kdc_exec_t)
-
-read_files_pattern(krb5kdc_t, krb5kdc_conf_t, krb5kdc_conf_t)
-dontaudit krb5kdc_t krb5kdc_conf_t:file write;
-
-allow krb5kdc_t krb5kdc_lock_t:file { rw_file_perms setattr_file_perms };
-
-allow krb5kdc_t krb5kdc_log_t:file manage_file_perms;
-logging_log_filetrans(krb5kdc_t, krb5kdc_log_t, file)
-
-allow krb5kdc_t krb5kdc_principal_t:file rw_file_perms;
-
-manage_dirs_pattern(krb5kdc_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
-manage_files_pattern(krb5kdc_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
-files_tmp_filetrans(krb5kdc_t, krb5kdc_tmp_t, { file dir })
-
-manage_files_pattern(krb5kdc_t, krb5kdc_var_run_t, krb5kdc_var_run_t)
-files_pid_filetrans(krb5kdc_t, krb5kdc_var_run_t, file)
-
-kernel_read_system_state(krb5kdc_t)
-kernel_read_kernel_sysctls(krb5kdc_t)
-kernel_list_proc(krb5kdc_t)
-kernel_read_proc_symlinks(krb5kdc_t)
-kernel_read_network_state(krb5kdc_t)
-kernel_search_network_sysctl(krb5kdc_t)
-
-corecmd_exec_bin(krb5kdc_t)
-
-corenet_all_recvfrom_unlabeled(krb5kdc_t)
-corenet_all_recvfrom_netlabel(krb5kdc_t)
-corenet_tcp_sendrecv_generic_if(krb5kdc_t)
-corenet_udp_sendrecv_generic_if(krb5kdc_t)
-corenet_tcp_sendrecv_generic_node(krb5kdc_t)
-corenet_udp_sendrecv_generic_node(krb5kdc_t)
-corenet_tcp_sendrecv_all_ports(krb5kdc_t)
-corenet_udp_sendrecv_all_ports(krb5kdc_t)
-corenet_tcp_bind_generic_node(krb5kdc_t)
-corenet_udp_bind_generic_node(krb5kdc_t)
-corenet_tcp_bind_kerberos_port(krb5kdc_t)
-corenet_udp_bind_kerberos_port(krb5kdc_t)
-corenet_tcp_connect_ocsp_port(krb5kdc_t)
-corenet_sendrecv_kerberos_server_packets(krb5kdc_t)
-corenet_sendrecv_ocsp_client_packets(krb5kdc_t)
-
-dev_read_sysfs(krb5kdc_t)
-dev_read_urand(krb5kdc_t)
-
-fs_getattr_all_fs(krb5kdc_t)
-fs_search_auto_mountpoints(krb5kdc_t)
-
-domain_use_interactive_fds(krb5kdc_t)
-
-files_read_etc_files(krb5kdc_t)
-files_read_usr_symlinks(krb5kdc_t)
-files_read_var_files(krb5kdc_t)
-
-selinux_validate_context(krb5kdc_t)
-
-logging_send_syslog_msg(krb5kdc_t)
-
-miscfiles_read_generic_certs(krb5kdc_t)
-miscfiles_read_localization(krb5kdc_t)
-
-seutil_read_file_contexts(krb5kdc_t)
-
-sysnet_read_config(krb5kdc_t)
-sysnet_use_ldap(krb5kdc_t)
-
-userdom_dontaudit_use_unpriv_user_fds(krb5kdc_t)
-userdom_dontaudit_search_user_home_dirs(krb5kdc_t)
-
-optional_policy(`
-	nis_use_ypbind(krb5kdc_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(krb5kdc_t)
-')
-
-optional_policy(`
-	udev_read_db(krb5kdc_t)
-')
-
-########################################
-#
-# kpropd local policy
-#
-
-allow kpropd_t self:capability net_bind_service;
-allow kpropd_t self:process setfscreate;
-
-allow kpropd_t self:fifo_file rw_file_perms;
-allow kpropd_t self:unix_stream_socket create_stream_socket_perms;
-allow kpropd_t self:tcp_socket create_stream_socket_perms;
-
-allow kpropd_t krb5_host_rcache_t:file manage_file_perms;
-
-allow kpropd_t krb5_keytab_t:file read_file_perms;
-
-read_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_conf_t)
-
-manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t)
-filetrans_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t, file)
-
-manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_principal_t)
-
-manage_dirs_pattern(kpropd_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
-manage_files_pattern(kpropd_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
-files_tmp_filetrans(kpropd_t, krb5kdc_tmp_t, { file dir })
-
-corecmd_exec_bin(kpropd_t)
-
-corenet_all_recvfrom_unlabeled(kpropd_t)
-corenet_tcp_sendrecv_generic_if(kpropd_t)
-corenet_tcp_sendrecv_generic_node(kpropd_t)
-corenet_tcp_sendrecv_all_ports(kpropd_t)
-corenet_tcp_bind_generic_node(kpropd_t)
-corenet_tcp_bind_kprop_port(kpropd_t)
-
-dev_read_urand(kpropd_t)
-
-files_read_etc_files(kpropd_t)
-files_search_tmp(kpropd_t)
-
-selinux_validate_context(kpropd_t)
-
-logging_send_syslog_msg(kpropd_t)
-
-miscfiles_read_localization(kpropd_t)
-
-seutil_read_file_contexts(kpropd_t)
-
-sysnet_dns_name_resolve(kpropd_t)
-
-kerberos_use(kpropd_t)
diff --git a/policy/modules/services/kerneloops.fc b/policy/modules/services/kerneloops.fc
deleted file mode 100644
index 5ef261a..0000000
--- a/policy/modules/services/kerneloops.fc
+++ /dev/null
@@ -1,3 +0,0 @@
-/etc/rc\.d/init\.d/kerneloops	--	gen_context(system_u:object_r:kerneloops_initrc_exec_t,s0)
-
-/usr/sbin/kerneloops	--	gen_context(system_u:object_r:kerneloops_exec_t,s0)
diff --git a/policy/modules/services/kerneloops.if b/policy/modules/services/kerneloops.if
deleted file mode 100644
index dd32883..0000000
--- a/policy/modules/services/kerneloops.if
+++ /dev/null
@@ -1,114 +0,0 @@
-## <summary>Service for reporting kernel oopses to kerneloops.org</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run kerneloops.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`kerneloops_domtrans',`
-	gen_require(`
-		type kerneloops_t, kerneloops_exec_t;
-	')
-
-	domtrans_pattern($1, kerneloops_exec_t, kerneloops_t)
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	kerneloops over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kerneloops_dbus_chat',`
-	gen_require(`
-		type kerneloops_t;
-		class dbus send_msg;
-	')
-
-	allow $1 kerneloops_t:dbus send_msg;
-	allow kerneloops_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	dontaudit attempts to Send and receive messages from
-##	kerneloops over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`kerneloops_dontaudit_dbus_chat',`
-	gen_require(`
-		type kerneloops_t;
-		class dbus send_msg;
-	')
-
-	dontaudit $1 kerneloops_t:dbus send_msg;
-	dontaudit kerneloops_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Allow domain to manage kerneloops tmp files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kerneloops_manage_tmp_files',`
-	gen_require(`
-		type kerneloops_tmp_t;
-	')
-
-	manage_files_pattern($1, kerneloops_tmp_t, kerneloops_tmp_t)
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an kerneloops environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the kerneloops domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kerneloops_admin',`
-	gen_require(`
-		type kerneloops_t, kerneloops_initrc_exec_t, kerneloops_tmp_t;
-	')
-
-	allow $1 kerneloops_t:process { ptrace signal_perms };
-	ps_process_pattern($1, kerneloops_t)
-
-	init_labeled_script_domtrans($1, kerneloops_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 kerneloops_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, kerneloops_tmp_t)
-')
diff --git a/policy/modules/services/kerneloops.te b/policy/modules/services/kerneloops.te
deleted file mode 100644
index 6b35547..0000000
--- a/policy/modules/services/kerneloops.te
+++ /dev/null
@@ -1,54 +0,0 @@
-policy_module(kerneloops, 1.4.0)
-
-########################################
-#
-# Declarations
-#
-
-type kerneloops_t;
-type kerneloops_exec_t;
-init_daemon_domain(kerneloops_t, kerneloops_exec_t)
-
-type kerneloops_initrc_exec_t;
-init_script_file(kerneloops_initrc_exec_t)
-
-type kerneloops_tmp_t;
-files_tmp_file(kerneloops_tmp_t)
-
-########################################
-#
-# kerneloops local policy
-#
-
-allow kerneloops_t self:capability sys_nice;
-allow kerneloops_t self:process { getcap setcap setsched getsched signal };
-allow kerneloops_t self:fifo_file rw_file_perms;
-
-manage_files_pattern(kerneloops_t, kerneloops_tmp_t, kerneloops_tmp_t)
-files_tmp_filetrans(kerneloops_t, kerneloops_tmp_t, file)
-
-kernel_read_ring_buffer(kerneloops_t)
-
-# Init script handling
-domain_use_interactive_fds(kerneloops_t)
-
-corenet_all_recvfrom_unlabeled(kerneloops_t)
-corenet_all_recvfrom_netlabel(kerneloops_t)
-corenet_tcp_sendrecv_generic_if(kerneloops_t)
-corenet_tcp_sendrecv_generic_node(kerneloops_t)
-corenet_tcp_sendrecv_all_ports(kerneloops_t)
-corenet_tcp_bind_http_port(kerneloops_t)
-corenet_tcp_connect_http_port(kerneloops_t)
-
-files_read_etc_files(kerneloops_t)
-
-auth_use_nsswitch(kerneloops_t)
-
-logging_send_syslog_msg(kerneloops_t)
-logging_read_generic_logs(kerneloops_t)
-
-miscfiles_read_localization(kerneloops_t)
-
-optional_policy(`
-	dbus_system_domain(kerneloops_t, kerneloops_exec_t)
-')
diff --git a/policy/modules/services/ksmtuned.fc b/policy/modules/services/ksmtuned.fc
deleted file mode 100644
index 8360166..0000000
--- a/policy/modules/services/ksmtuned.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-/etc/rc\.d/init\.d/ksmtuned	--	gen_context(system_u:object_r:ksmtuned_initrc_exec_t,s0)
-
-/usr/sbin/ksmtuned		--	gen_context(system_u:object_r:ksmtuned_exec_t,s0)
-
-/var/run/ksmtune\.pid		--	gen_context(system_u:object_r:ksmtuned_var_run_t,s0)
-
-/var/log/ksmtuned.*			gen_context(system_u:object_r:ksmtuned_log_t,s0)
diff --git a/policy/modules/services/ksmtuned.if b/policy/modules/services/ksmtuned.if
deleted file mode 100644
index b733e45..0000000
--- a/policy/modules/services/ksmtuned.if
+++ /dev/null
@@ -1,72 +0,0 @@
-## <summary>Kernel Samepage Merging (KSM) Tuning Daemon</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run ksmtuned.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ksmtuned_domtrans',`
-	gen_require(`
-		type ksmtuned_t, ksmtuned_exec_t;
-	')
-
-	domtrans_pattern($1, ksmtuned_exec_t, ksmtuned_t)
-')
-
-########################################
-## <summary>
-##	Execute ksmtuned server in the ksmtuned domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ksmtuned_initrc_domtrans',`
-	gen_require(`
-		type ksmtuned_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, ksmtuned_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an ksmtuned environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ksmtuned_admin',`
-	gen_require(`
-		type ksmtuned_t, ksmtuned_var_run_t, ksmtuned_initrc_exec_t;
-	')
-
-	allow $1 ksmtuned_t:process { ptrace signal_perms };
-	ps_process_pattern($1, ksmtuned_t)
-
-	files_list_pids($1)
-	admin_pattern($1, ksmtuned_var_run_t)
-
-	# Allow ksmtuned_t to restart the apache service
-	ksmtuned_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 ksmtuned_initrc_exec_t system_r;
-	allow $2 system_r;
-')
diff --git a/policy/modules/services/ksmtuned.te b/policy/modules/services/ksmtuned.te
deleted file mode 100644
index 01adbed..0000000
--- a/policy/modules/services/ksmtuned.te
+++ /dev/null
@@ -1,51 +0,0 @@
-policy_module(ksmtuned, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type ksmtuned_t;
-type ksmtuned_exec_t;
-init_daemon_domain(ksmtuned_t, ksmtuned_exec_t)
-
-type ksmtuned_log_t;
-logging_log_file(ksmtuned_log_t)
-
-type ksmtuned_initrc_exec_t;
-init_script_file(ksmtuned_initrc_exec_t)
-
-type ksmtuned_var_run_t;
-files_pid_file(ksmtuned_var_run_t)
-
-########################################
-#
-# ksmtuned local policy
-#
-
-allow ksmtuned_t self:capability { sys_ptrace sys_tty_config };
-allow ksmtuned_t self:fifo_file rw_file_perms;
-
-manage_dirs_pattern(ksmtuned_t, ksmtuned_log_t, ksmtuned_log_t)
-manage_files_pattern(ksmtuned_t, ksmtuned_log_t, ksmtuned_log_t)
-logging_log_filetrans(ksmtuned_t, ksmtuned_log_t, { file dir })
-
-manage_files_pattern(ksmtuned_t, ksmtuned_var_run_t, ksmtuned_var_run_t)
-files_pid_filetrans(ksmtuned_t, ksmtuned_var_run_t, file)
-
-kernel_read_system_state(ksmtuned_t)
-
-dev_rw_sysfs(ksmtuned_t)
-
-domain_read_all_domains_state(ksmtuned_t)
-domain_dontaudit_read_all_domains_state(ksmtuned_t)
-
-corecmd_exec_bin(ksmtuned_t)
-
-files_read_etc_files(ksmtuned_t)
-
-mls_file_read_to_clearance(ksmtuned_t)
-
-term_use_all_terms(ksmtuned_t)
-
-miscfiles_read_localization(ksmtuned_t)
diff --git a/policy/modules/services/ktalk.fc b/policy/modules/services/ktalk.fc
deleted file mode 100644
index 47d0bf3..0000000
--- a/policy/modules/services/ktalk.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-
-/usr/bin/ktalkd		--	gen_context(system_u:object_r:ktalkd_exec_t,s0)
-
-/usr/sbin/in\.talkd	--	gen_context(system_u:object_r:ktalkd_exec_t,s0)
-/usr/sbin/in\.ntalkd	--	gen_context(system_u:object_r:ktalkd_exec_t,s0)
-
-/var/log/talkd.*	--	gen_context(system_u:object_r:ktalkd_log_t,s0)
diff --git a/policy/modules/services/ktalk.if b/policy/modules/services/ktalk.if
deleted file mode 100644
index 5ba36db..0000000
--- a/policy/modules/services/ktalk.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>KDE Talk daemon</summary>
diff --git a/policy/modules/services/ktalk.te b/policy/modules/services/ktalk.te
deleted file mode 100644
index ca5cfdf..0000000
--- a/policy/modules/services/ktalk.te
+++ /dev/null
@@ -1,79 +0,0 @@
-policy_module(ktalk, 1.8.0)
-
-########################################
-#
-# Declarations
-#
-
-type ktalkd_t;
-type ktalkd_exec_t;
-inetd_udp_service_domain(ktalkd_t, ktalkd_exec_t)
-role system_r types ktalkd_t;
-
-type ktalkd_log_t;
-logging_log_file(ktalkd_log_t)
-
-type ktalkd_tmp_t;
-files_tmp_file(ktalkd_tmp_t)
-
-type ktalkd_var_run_t;
-files_pid_file(ktalkd_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow ktalkd_t self:process signal_perms;
-allow ktalkd_t self:fifo_file rw_fifo_file_perms;
-allow ktalkd_t self:tcp_socket connected_stream_socket_perms;
-allow ktalkd_t self:udp_socket create_socket_perms;
-# for identd
-# cjp: this should probably only be inetd_child rules?
-allow ktalkd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-allow ktalkd_t self:capability { setuid setgid };
-files_search_home(ktalkd_t)
-optional_policy(`
-	kerberos_use(ktalkd_t)
-')
-#end for identd
-
-allow ktalkd_t ktalkd_log_t:file manage_file_perms;
-logging_log_filetrans(ktalkd_t, ktalkd_log_t, file)
-
-manage_dirs_pattern(ktalkd_t, ktalkd_tmp_t, ktalkd_tmp_t)
-manage_files_pattern(ktalkd_t, ktalkd_tmp_t, ktalkd_tmp_t)
-files_tmp_filetrans(ktalkd_t, ktalkd_tmp_t, { file dir })
-
-manage_files_pattern(ktalkd_t, ktalkd_var_run_t, ktalkd_var_run_t)
-files_pid_filetrans(ktalkd_t, ktalkd_var_run_t, file)
-
-kernel_read_kernel_sysctls(ktalkd_t)
-kernel_read_system_state(ktalkd_t)
-kernel_read_network_state(ktalkd_t)
-
-corenet_all_recvfrom_unlabeled(ktalkd_t)
-corenet_all_recvfrom_netlabel(ktalkd_t)
-corenet_tcp_sendrecv_generic_if(ktalkd_t)
-corenet_udp_sendrecv_generic_if(ktalkd_t)
-corenet_tcp_sendrecv_generic_node(ktalkd_t)
-corenet_udp_sendrecv_generic_node(ktalkd_t)
-corenet_tcp_sendrecv_all_ports(ktalkd_t)
-corenet_udp_sendrecv_all_ports(ktalkd_t)
-
-dev_read_urand(ktalkd_t)
-
-fs_getattr_xattr_fs(ktalkd_t)
-
-files_read_etc_files(ktalkd_t)
-
-term_search_ptys(ktalkd_t)
-term_use_all_terms(ktalkd_t)
-
-auth_use_nsswitch(ktalkd_t)
-
-init_read_utmp(ktalkd_t)
-
-logging_send_syslog_msg(ktalkd_t)
-
-miscfiles_read_localization(ktalkd_t)
diff --git a/policy/modules/services/ldap.fc b/policy/modules/services/ldap.fc
deleted file mode 100644
index 335fda1..0000000
--- a/policy/modules/services/ldap.fc
+++ /dev/null
@@ -1,20 +0,0 @@
-
-/etc/ldap/slapd\.conf	--	gen_context(system_u:object_r:slapd_etc_t,s0)
-/etc/openldap/slapd\.d(/.*)?	gen_context(system_u:object_r:slapd_db_t,s0)
-
-/etc/rc\.d/init\.d/sldap	--	gen_context(system_u:object_r:slapd_initrc_exec_t,s0)
-
-/usr/sbin/slapd		--	gen_context(system_u:object_r:slapd_exec_t,s0)
-
-ifdef(`distro_debian',`
-/usr/lib/slapd		--	gen_context(system_u:object_r:slapd_exec_t,s0)
-')
-
-/var/lib/ldap(/.*)?		gen_context(system_u:object_r:slapd_db_t,s0)
-/var/lib/ldap/replog(/.*)?	gen_context(system_u:object_r:slapd_replog_t,s0)
-
-/var/run/ldapi		-s	gen_context(system_u:object_r:slapd_var_run_t,s0)
-/var/run/openldap(/.*)?		gen_context(system_u:object_r:slapd_var_run_t,s0)
-/var/run/slapd\.args	--	gen_context(system_u:object_r:slapd_var_run_t,s0)
-/var/run/slapd\.pid	--	gen_context(system_u:object_r:slapd_var_run_t,s0)
-/var/run/slapd.*	-s	gen_context(system_u:object_r:slapd_var_run_t,s0)
diff --git a/policy/modules/services/ldap.if b/policy/modules/services/ldap.if
deleted file mode 100644
index c51c1f6..0000000
--- a/policy/modules/services/ldap.if
+++ /dev/null
@@ -1,198 +0,0 @@
-## <summary>OpenLDAP directory server</summary>
-
-#######################################
-## <summary>
-##	Execute OpenLDAP in the ldap domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ldap_domtrans',`
-	gen_require(`
-		type slapd_t, slapd_exec_t;
-	')
-
-	domtrans_pattern($1, slapd_exec_t, slapd_t)
-')
-
-#######################################
-## <summary>
-##	Execute OpenLDAP server in the ldap domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ldap_initrc_domtrans',`
-	gen_require(`
-		type slapd_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, slapd_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Read the contents of the OpenLDAP
-##	database directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ldap_list_db',`
-	gen_require(`
-		type slapd_db_t;
-	')
-
-	allow $1 slapd_db_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read the contents of the OpenLDAP
-##	database files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ldap_read_db_files',`
-	gen_require(`
-		type slapd_db_t;
-	')
-
-	read_files_pattern($1, slapd_db_t, slapd_db_t)
-')
-
-########################################
-## <summary>
-##	Read the OpenLDAP configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ldap_read_config',`
-	gen_require(`
-		type slapd_etc_t;
-	')
-
-	files_search_etc($1)
-	allow $1 slapd_etc_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Use LDAP over TCP connection.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ldap_use',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Connect to slapd over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ldap_stream_connect',`
-	gen_require(`
-		type slapd_t, slapd_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, slapd_var_run_t, slapd_var_run_t, slapd_t)
-
-	optional_policy(`
-		ldap_stream_connect_dirsrv($1)
-	')
-')
-
-########################################
-## <summary>
-##	Connect to dirsrv over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ldap_stream_connect_dirsrv',`
-	gen_require(`
-		type dirsrv_t, dirsrv_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, dirsrv_var_run_t, dirsrv_var_run_t, dirsrv_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an ldap environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the ldap domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ldap_admin',`
-	gen_require(`
-		type slapd_t, slapd_tmp_t, slapd_replog_t;
-		type slapd_lock_t, slapd_etc_t, slapd_var_run_t;
-		type slapd_initrc_exec_t;
-	')
-
-	allow $1 slapd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, slapd_t)
-
-	init_labeled_script_domtrans($1, slapd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 slapd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, slapd_etc_t)
-
-	admin_pattern($1, slapd_lock_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, slapd_replog_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, slapd_tmp_t)
-
-	files_list_pids($1)
-	admin_pattern($1, slapd_var_run_t)
-')
diff --git a/policy/modules/services/ldap.te b/policy/modules/services/ldap.te
deleted file mode 100644
index 10c2d54..0000000
--- a/policy/modules/services/ldap.te
+++ /dev/null
@@ -1,146 +0,0 @@
-policy_module(ldap, 1.10.0)
-
-########################################
-#
-# Declarations
-#
-
-type slapd_t;
-type slapd_exec_t;
-init_daemon_domain(slapd_t, slapd_exec_t)
-
-type slapd_cert_t;
-miscfiles_cert_type(slapd_cert_t)
-
-type slapd_db_t;
-files_type(slapd_db_t)
-
-type slapd_etc_t;
-files_config_file(slapd_etc_t)
-
-type slapd_initrc_exec_t;
-init_script_file(slapd_initrc_exec_t)
-
-type slapd_lock_t;
-files_lock_file(slapd_lock_t)
-
-type slapd_replog_t;
-files_type(slapd_replog_t)
-
-type slapd_log_t;
-logging_log_file(slapd_log_t)
-
-type slapd_tmp_t;
-files_tmp_file(slapd_tmp_t)
-
-type slapd_tmpfs_t;
-files_tmpfs_file(slapd_tmpfs_t)
-
-type slapd_var_run_t;
-files_pid_file(slapd_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-# should not need kill
-# cjp: why net_raw?
-allow slapd_t self:capability { kill setgid setuid net_raw dac_override dac_read_search };
-dontaudit slapd_t self:capability sys_tty_config;
-allow slapd_t self:process setsched;
-allow slapd_t self:fifo_file rw_fifo_file_perms;
-allow slapd_t self:udp_socket create_socket_perms;
-#slapd needs to listen and accept needed by ldapsearch (slapd needs to accept from ldapseach)
-allow slapd_t self:tcp_socket create_stream_socket_perms;
-
-allow slapd_t slapd_cert_t:dir list_dir_perms;
-read_files_pattern(slapd_t, slapd_cert_t, slapd_cert_t)
-read_lnk_files_pattern(slapd_t, slapd_cert_t, slapd_cert_t)
-
-# Allow access to the slapd databases
-manage_dirs_pattern(slapd_t, slapd_db_t, slapd_db_t)
-manage_files_pattern(slapd_t, slapd_db_t, slapd_db_t)
-manage_lnk_files_pattern(slapd_t, slapd_db_t, slapd_db_t)
-
-allow slapd_t slapd_etc_t:file read_file_perms;
-
-allow slapd_t slapd_lock_t:file manage_file_perms;
-files_lock_filetrans(slapd_t, slapd_lock_t, file)
-
-# Allow access to write the replication log (should tighten this)
-manage_dirs_pattern(slapd_t, slapd_replog_t, slapd_replog_t)
-manage_files_pattern(slapd_t, slapd_replog_t, slapd_replog_t)
-manage_lnk_files_pattern(slapd_t, slapd_replog_t, slapd_replog_t)
-
-manage_dirs_pattern(slapd_t, slapd_log_t, slapd_log_t)
-manage_files_pattern(slapd_t, slapd_log_t, slapd_log_t)
-logging_log_filetrans(slapd_t, slapd_log_t, { file dir })
-
-manage_dirs_pattern(slapd_t, slapd_tmp_t, slapd_tmp_t)
-manage_files_pattern(slapd_t, slapd_tmp_t, slapd_tmp_t)
-files_tmp_filetrans(slapd_t, slapd_tmp_t, { file dir })
-
-manage_files_pattern(slapd_t, slapd_tmpfs_t, slapd_tmpfs_t)
-fs_tmpfs_filetrans(slapd_t, slapd_tmpfs_t, file)
-
-manage_dirs_pattern(slapd_t, slapd_var_run_t, slapd_var_run_t)
-manage_files_pattern(slapd_t, slapd_var_run_t, slapd_var_run_t)
-manage_sock_files_pattern(slapd_t, slapd_var_run_t, slapd_var_run_t)
-files_pid_filetrans(slapd_t, slapd_var_run_t, { dir file sock_file })
-
-kernel_read_system_state(slapd_t)
-kernel_read_kernel_sysctls(slapd_t)
-
-corenet_all_recvfrom_unlabeled(slapd_t)
-corenet_all_recvfrom_netlabel(slapd_t)
-corenet_tcp_sendrecv_generic_if(slapd_t)
-corenet_udp_sendrecv_generic_if(slapd_t)
-corenet_tcp_sendrecv_generic_node(slapd_t)
-corenet_udp_sendrecv_generic_node(slapd_t)
-corenet_tcp_sendrecv_all_ports(slapd_t)
-corenet_udp_sendrecv_all_ports(slapd_t)
-corenet_tcp_bind_generic_node(slapd_t)
-corenet_tcp_bind_ldap_port(slapd_t)
-corenet_tcp_connect_all_ports(slapd_t)
-corenet_sendrecv_ldap_server_packets(slapd_t)
-corenet_sendrecv_all_client_packets(slapd_t)
-
-dev_read_urand(slapd_t)
-dev_read_sysfs(slapd_t)
-
-fs_getattr_all_fs(slapd_t)
-fs_search_auto_mountpoints(slapd_t)
-
-domain_use_interactive_fds(slapd_t)
-
-files_read_etc_files(slapd_t)
-files_read_etc_runtime_files(slapd_t)
-files_read_usr_files(slapd_t)
-files_list_var_lib(slapd_t)
-
-auth_use_nsswitch(slapd_t)
-
-logging_send_syslog_msg(slapd_t)
-
-miscfiles_read_generic_certs(slapd_t)
-miscfiles_read_localization(slapd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(slapd_t)
-userdom_dontaudit_search_user_home_dirs(slapd_t)
-
-optional_policy(`
-	kerberos_keytab_template(slapd, slapd_t)
-')
-
-optional_policy(`
-	sasl_connect(slapd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(slapd_t)
-')
-
-optional_policy(`
-	udev_read_db(slapd_t)
-')
diff --git a/policy/modules/services/likewise.fc b/policy/modules/services/likewise.fc
deleted file mode 100644
index 057a4e4..0000000
--- a/policy/modules/services/likewise.fc
+++ /dev/null
@@ -1,54 +0,0 @@
-/etc/likewise-open(/.*)?			gen_context(system_u:object_r:likewise_etc_t,s0)
-/etc/likewise-open/.pstore.lock		--	gen_context(system_u:object_r:likewise_pstore_lock_t,s0)
-/etc/likewise-open/likewise-krb5-ad.conf --	gen_context(system_u:object_r:likewise_krb5_ad_t,s0)
-
-/etc/rc\.d/init\.d/dcerpcd		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/eventlogd		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/lsassd		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/lwiod		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/lwregd		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/lwsmd		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/netlogond		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/srvsvcd		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-
-/usr/sbin/dcerpcd			--	gen_context(system_u:object_r:dcerpcd_exec_t,s0)
-/usr/sbin/eventlogd			--	gen_context(system_u:object_r:eventlogd_exec_t,s0)
-/usr/sbin/lsassd			--	gen_context(system_u:object_r:lsassd_exec_t,s0)
-/usr/sbin/lwiod				--	gen_context(system_u:object_r:lwiod_exec_t,s0)
-/usr/sbin/lwregd			--	gen_context(system_u:object_r:lwregd_exec_t,s0)
-/usr/sbin/lwsmd				--	gen_context(system_u:object_r:lwsmd_exec_t,s0)
-/usr/sbin/netlogond			--	gen_context(system_u:object_r:netlogond_exec_t,s0)
-/usr/sbin/srvsvcd			--	gen_context(system_u:object_r:srvsvcd_exec_t,s0)
-
-/var/lib/likewise-open(/.*)?			gen_context(system_u:object_r:likewise_var_lib_t,s0)
-/var/lib/likewise-open/\.lsassd		-s	gen_context(system_u:object_r:lsassd_var_socket_t,s0)
-/var/lib/likewise-open/\.lwiod		-s	gen_context(system_u:object_r:lwiod_var_socket_t,s0)
-/var/lib/likewise-open/\.regsd		-s	gen_context(system_u:object_r:lwregd_var_socket_t,s0)
-/var/lib/likewise-open/\.lwsm		-s	gen_context(system_u:object_r:lwsmd_var_socket_t,s0)
-/var/lib/likewise-open/\.netlogond	-s	gen_context(system_u:object_r:netlogond_var_socket_t,s0)
-/var/lib/likewise-open/\.ntlmd		-s	gen_context(system_u:object_r:lsassd_var_socket_t,s0)
-/var/lib/likewise-open/krb5-affinity.conf --	gen_context(system_u:object_r:netlogond_var_lib_t, s0)
-/var/lib/likewise-open/krb5ccr_lsass	--	gen_context(system_u:object_r:lsassd_var_lib_t, s0)
-/var/lib/likewise-open/LWNetsd\.err	--	gen_context(system_u:object_r:netlogond_var_lib_t,s0)
-/var/lib/likewise-open/lsasd\.err	--	gen_context(system_u:object_r:lsassd_var_lib_t,s0)
-/var/lib/likewise-open/regsd\.err	--	gen_context(system_u:object_r:lwregd_var_lib_t,s0)
-/var/lib/likewise-open/db		-d	gen_context(system_u:object_r:likewise_var_lib_t,s0)
-/var/lib/likewise-open/db/lwi_events.db	--	gen_context(system_u:object_r:eventlogd_var_lib_t,s0)
-/var/lib/likewise-open/db/sam\.db	--	gen_context(system_u:object_r:lsassd_var_lib_t,s0)
-/var/lib/likewise-open/db/lsass-adcache\.db --	gen_context(system_u:object_r:lsassd_var_lib_t,s0)
-/var/lib/likewise-open/db/lsass-adstate\.filedb -- gen_context(system_u:object_r:lsassd_var_lib_t,s0)
-/var/lib/likewise-open/db/registry\.db	--	gen_context(system_u:object_r:lwregd_var_lib_t,s0)
-/var/lib/likewise-open/rpc		-d	gen_context(system_u:object_r:likewise_var_lib_t,s0)
-/var/lib/likewise-open/rpc/epmapper	-s	gen_context(system_u:object_r:dcerpcd_var_socket_t, s0)
-/var/lib/likewise-open/rpc/lsass	-s	gen_context(system_u:object_r:lsassd_var_socket_t, s0)
-/var/lib/likewise-open/rpc/socket 	-s	gen_context(system_u:object_r:eventlogd_var_socket_t, s0)
-/var/lib/likewise-open/run		-d	gen_context(system_u:object_r:likewise_var_lib_t,s0)
-/var/lib/likewise-open/run/rpcdep.dat	--	gen_context(system_u:object_r:dcerpcd_var_lib_t, s0)
-
-/var/run/eventlogd.pid			--	gen_context(system_u:object_r:eventlogd_var_run_t,s0)
-/var/run/lsassd.pid			--	gen_context(system_u:object_r:lsassd_var_run_t,s0)
-/var/run/lwiod.pid			--	gen_context(system_u:object_r:lwiod_var_run_t,s0)
-/var/run/lwregd.pid			--	gen_context(system_u:object_r:lwregd_var_run_t,s0)
-/var/run/netlogond.pid			--	gen_context(system_u:object_r:netlogond_var_run_t,s0)
-/var/run/srvsvcd.pid			--	gen_context(system_u:object_r:srvsvcd_var_run_t,s0)
-
diff --git a/policy/modules/services/likewise.if b/policy/modules/services/likewise.if
deleted file mode 100644
index 81d98b3..0000000
--- a/policy/modules/services/likewise.if
+++ /dev/null
@@ -1,105 +0,0 @@
-## <summary>Likewise Active Directory support for UNIX.</summary>
-## <desc>
-##	<p>
-##	Likewise Open is a free, open source application that joins Linux, Unix,
-##	and Mac machines to Microsoft Active Directory to securely authenticate
-##	users with their domain credentials.
-##	</p>
-## </desc>
-
-#######################################
-## <summary>
-##	The template to define a likewise domain.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a domain to be used for
-##	a new likewise daemon.
-##	</p>
-## </desc>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The type of daemon to be used.
-##	</summary>
-## </param>
-#
-template(`likewise_domain_template',`
-
-	gen_require(`
-		attribute likewise_domains;
-		type likewise_var_lib_t;
-	')
-
-	########################################
-	#
-	# Declarations
-	#
-
-	type $1_t;
-	type $1_exec_t;
-	init_daemon_domain($1_t, $1_exec_t)
-	domain_use_interactive_fds($1_t)
-
-	typeattribute $1_t likewise_domains;
-
-	type $1_var_run_t;
-	files_pid_file($1_var_run_t)
-
-	type $1_var_socket_t;
-	files_type($1_var_socket_t)
-
-	type $1_var_lib_t;
-	files_type($1_var_lib_t)
-
-	####################################
-	#
-	# Local Policy
-	#
-
-	allow $1_t self:process { signal_perms getsched setsched };
-	allow $1_t self:fifo_file rw_fifo_file_perms;
-	allow $1_t self:unix_dgram_socket create_socket_perms;
-	allow $1_t self:unix_stream_socket create_stream_socket_perms;
-	allow $1_t self:tcp_socket create_stream_socket_perms;
-	allow $1_t self:udp_socket create_socket_perms;
-
-	allow $1_t likewise_var_lib_t:dir setattr_dir_perms;
-
-	manage_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
-	files_pid_filetrans($1_t, $1_var_run_t, file)
-
-	manage_files_pattern($1_t, likewise_var_lib_t, $1_var_lib_t)
-	filetrans_pattern($1_t, likewise_var_lib_t, $1_var_lib_t, file)
-
-	manage_sock_files_pattern($1_t, likewise_var_lib_t, $1_var_socket_t)
-	filetrans_pattern($1_t, likewise_var_lib_t, $1_var_socket_t, sock_file)
-
-	dev_read_rand($1_t)
-	dev_read_urand($1_t)
-
-	files_read_etc_files($1_t)
-	files_search_var_lib($1_t)
-
-	logging_send_syslog_msg($1_t)
-
-	miscfiles_read_localization($1_t)
-')
-
-########################################
-## <summary>
-##	Connect to lsassd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`likewise_stream_connect_lsassd',`
-	gen_require(`
-		type likewise_var_lib_t, lsassd_var_socket_t, lsassd_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, likewise_var_lib_t, lsassd_var_socket_t, lsassd_t)
-')
diff --git a/policy/modules/services/likewise.te b/policy/modules/services/likewise.te
deleted file mode 100644
index 65e6d81..0000000
--- a/policy/modules/services/likewise.te
+++ /dev/null
@@ -1,238 +0,0 @@
-policy_module(likewise, 1.0.1)
-
-#################################
-#
-# Declarations
-#
-
-attribute likewise_domains;
-
-type likewise_etc_t;
-files_config_file(likewise_etc_t)
-
-type likewise_initrc_exec_t;
-init_script_file(likewise_initrc_exec_t)
-
-type likewise_var_lib_t;
-files_type(likewise_var_lib_t)
-
-type likewise_pstore_lock_t;
-files_type(likewise_pstore_lock_t)
-
-type likewise_krb5_ad_t;
-files_type(likewise_krb5_ad_t)
-
-likewise_domain_template(dcerpcd)
-
-likewise_domain_template(eventlogd)
-
-likewise_domain_template(lsassd)
-
-type lsassd_tmp_t;
-files_tmp_file(lsassd_tmp_t)
-
-likewise_domain_template(lwiod)
-
-likewise_domain_template(lwregd)
-
-likewise_domain_template(lwsmd)
-
-likewise_domain_template(netlogond)
-
-likewise_domain_template(srvsvcd)
-
-#################################
-#
-# Likewise dcerpcd personal policy
-#
-
-stream_connect_pattern(dcerpcd_t, likewise_var_lib_t, lwregd_var_socket_t, lwregd_t)
-
-corenet_all_recvfrom_netlabel(dcerpcd_t)
-corenet_all_recvfrom_unlabeled(dcerpcd_t)
-corenet_sendrecv_generic_client_packets(dcerpcd_t)
-corenet_sendrecv_generic_server_packets(dcerpcd_t)
-corenet_tcp_sendrecv_generic_if(dcerpcd_t)
-corenet_tcp_sendrecv_generic_node(dcerpcd_t)
-corenet_tcp_sendrecv_generic_port(dcerpcd_t)
-corenet_tcp_bind_generic_node(dcerpcd_t)
-corenet_tcp_bind_epmap_port(dcerpcd_t)
-corenet_tcp_connect_generic_port(dcerpcd_t)
-corenet_udp_bind_generic_node(dcerpcd_t)
-corenet_udp_bind_epmap_port(dcerpcd_t)
-corenet_udp_sendrecv_generic_if(dcerpcd_t)
-corenet_udp_sendrecv_generic_node(dcerpcd_t)
-corenet_udp_sendrecv_generic_port(dcerpcd_t)
-
-#################################
-#
-# Likewise Auditing and Logging service policy
-#
-
-stream_connect_pattern(eventlogd_t, likewise_var_lib_t, dcerpcd_var_socket_t, dcerpcd_t)
-stream_connect_pattern(eventlogd_t, likewise_var_lib_t, lwregd_var_socket_t, lwregd_t)
-
-corenet_all_recvfrom_netlabel(eventlogd_t)
-corenet_all_recvfrom_unlabeled(eventlogd_t)
-corenet_sendrecv_generic_server_packets(eventlogd_t)
-corenet_tcp_sendrecv_generic_if(eventlogd_t)
-corenet_tcp_sendrecv_generic_node(eventlogd_t)
-corenet_tcp_sendrecv_generic_port(eventlogd_t)
-corenet_tcp_bind_generic_node(eventlogd_t)
-corenet_udp_bind_generic_node(eventlogd_t)
-corenet_udp_sendrecv_generic_if(eventlogd_t)
-corenet_udp_sendrecv_generic_node(eventlogd_t)
-corenet_udp_sendrecv_generic_port(eventlogd_t)
-
-#################################
-#
-# Likewise Authentication service local policy
-#
-
-allow lsassd_t self:capability { fowner chown fsetid dac_override sys_time };
-allow lsassd_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow lsassd_t self:netlink_route_socket rw_netlink_socket_perms;
-
-allow lsassd_t likewise_krb5_ad_t:file read_file_perms;
-allow lsassd_t netlogond_var_lib_t:file read_file_perms;
-
-manage_files_pattern(lsassd_t, likewise_etc_t, likewise_etc_t)
-
-manage_files_pattern(lsassd_t, lsassd_tmp_t, lsassd_tmp_t);
-files_tmp_filetrans(lsassd_t, lsassd_tmp_t, file)
-
-stream_connect_pattern(lsassd_t, likewise_var_lib_t, dcerpcd_var_socket_t, dcerpcd_t)
-stream_connect_pattern(lsassd_t, likewise_var_lib_t, eventlogd_var_socket_t, eventlogd_t)
-stream_connect_pattern(lsassd_t, likewise_var_lib_t, lwiod_var_socket_t, lwiod_t)
-stream_connect_pattern(lsassd_t, likewise_var_lib_t, lwregd_var_socket_t, lwregd_t)
-stream_connect_pattern(lsassd_t, likewise_var_lib_t, netlogond_var_socket_t, netlogond_t)
-
-kernel_read_system_state(lsassd_t)
-kernel_getattr_proc_files(lsassd_t)
-kernel_list_all_proc(lsassd_t)
-kernel_list_proc(lsassd_t)
-
-corecmd_exec_bin(lsassd_t)
-corecmd_exec_shell(lsassd_t)
-
-corenet_all_recvfrom_netlabel(lsassd_t)
-corenet_all_recvfrom_unlabeled(lsassd_t)
-corenet_tcp_sendrecv_generic_if(lsassd_t)
-corenet_tcp_sendrecv_generic_node(lsassd_t)
-corenet_tcp_sendrecv_generic_port(lsassd_t)
-corenet_tcp_bind_generic_node(lsassd_t)
-corenet_tcp_connect_epmap_port(lsassd_t)
-corenet_tcp_sendrecv_epmap_port(lsassd_t)
-
-domain_obj_id_change_exemption(lsassd_t)
-
-files_manage_etc_files(lsassd_t)
-files_manage_etc_symlinks(lsassd_t)
-files_manage_etc_runtime_files(lsassd_t)
-files_relabelto_home(lsassd_t)
-
-selinux_get_fs_mount(lsassd_t)
-selinux_validate_context(lsassd_t)
-
-seutil_read_config(lsassd_t)
-seutil_read_default_contexts(lsassd_t)
-seutil_read_file_contexts(lsassd_t)
-seutil_run_semanage(lsassd_t, lsassd_t)
-
-sysnet_use_ldap(lsassd_t)
-sysnet_read_config(lsassd_t)
-
-userdom_home_filetrans_user_home_dir(lsassd_t)
-userdom_manage_user_home_content_files(lsassd_t)
-
-optional_policy(`
-	kerberos_rw_keytab(lsassd_t)
-	kerberos_use(lsassd_t)
-')
-
-#################################
-#
-# Likewise I/O service local policy
-#
-
-allow lwiod_t self:capability { fowner chown fsetid dac_override };
-allow lwiod_t self:netlink_route_socket rw_netlink_socket_perms;
-
-allow lwiod_t likewise_krb5_ad_t:file read_file_perms;
-allow lwiod_t netlogond_var_lib_t:file read_file_perms;
-
-stream_connect_pattern(lwiod_t, likewise_var_lib_t, lwregd_var_socket_t, lwregd_t)
-stream_connect_pattern(lwiod_t, likewise_var_lib_t, lsassd_var_socket_t, lsassd_t)
-
-corenet_all_recvfrom_netlabel(lwiod_t)
-corenet_all_recvfrom_unlabeled(lwiod_t)
-corenet_sendrecv_smbd_server_packets(lwiod_t)
-corenet_sendrecv_smbd_client_packets(lwiod_t)
-corenet_tcp_sendrecv_generic_if(lwiod_t)
-corenet_tcp_sendrecv_generic_node(lwiod_t)
-corenet_tcp_sendrecv_generic_port(lwiod_t)
-corenet_tcp_bind_generic_node(lwiod_t)
-corenet_tcp_bind_smbd_port(lwiod_t)
-corenet_tcp_connect_smbd_port(lwiod_t)
-
-sysnet_read_config(lwiod_t)
-
-optional_policy(`
-	kerberos_rw_config(lwiod_t)
-	kerberos_use(lwiod_t)
-')
-
-#################################
-#
-# Likewise Service Manager service local policy
-#
-
-allow lwsmd_t likewise_domains:process signal;
-
-domtrans_pattern(lwsmd_t, dcerpcd_exec_t, dcerpcd_t)
-domtrans_pattern(lwsmd_t, eventlogd_exec_t, eventlogd_t)
-domtrans_pattern(lwsmd_t, lsassd_exec_t, lsassd_t)
-domtrans_pattern(lwsmd_t, lwiod_exec_t, lwiod_t)
-domtrans_pattern(lwsmd_t, lwregd_exec_t, lwregd_t)
-domtrans_pattern(lwsmd_t, netlogond_exec_t, netlogond_t)
-domtrans_pattern(lwsmd_t, srvsvcd_exec_t, srvsvcd_t)
-
-stream_connect_pattern(lwsmd_t, likewise_var_lib_t, lwiod_var_socket_t, lwiod_t)
-stream_connect_pattern(lwsmd_t, likewise_var_lib_t, lwregd_var_socket_t, lwregd_t)
-
-#################################
-#
-# Likewise DC location service local policy
-#
-
-allow netlogond_t self:capability dac_override;
-
-manage_files_pattern(netlogond_t, likewise_etc_t, likewise_etc_t)
-
-stream_connect_pattern(netlogond_t, likewise_var_lib_t, lwregd_var_socket_t, lwregd_t)
-
-sysnet_dns_name_resolve(netlogond_t)
-sysnet_use_ldap(netlogond_t)
-
-#################################
-#
-# Likewise Srv service local policy
-#
-
-allow srvsvcd_t likewise_etc_t:dir search_dir_perms;
-
-stream_connect_pattern(srvsvcd_t, likewise_var_lib_t, dcerpcd_var_socket_t, dcerpcd_t)
-stream_connect_pattern(srvsvcd_t, likewise_var_lib_t, lwiod_var_socket_t, lwiod_t)
-stream_connect_pattern(srvsvcd_t, likewise_var_lib_t, lwregd_var_socket_t, lwregd_t)
-
-corenet_all_recvfrom_netlabel(srvsvcd_t)
-corenet_all_recvfrom_unlabeled(srvsvcd_t)
-corenet_sendrecv_generic_server_packets(srvsvcd_t)
-corenet_tcp_sendrecv_generic_if(srvsvcd_t)
-corenet_tcp_sendrecv_generic_node(srvsvcd_t)
-corenet_tcp_sendrecv_generic_port(srvsvcd_t)
-corenet_tcp_bind_generic_node(srvsvcd_t)
-
-optional_policy(`
-	kerberos_use(srvsvcd_t)
-')
diff --git a/policy/modules/services/lircd.fc b/policy/modules/services/lircd.fc
deleted file mode 100644
index 49e04e5..0000000
--- a/policy/modules/services/lircd.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-/dev/lircd		-s	gen_context(system_u:object_r:lircd_sock_t,s0)
-
-/etc/rc\.d/init\.d/lirc	--	gen_context(system_u:object_r:lircd_initrc_exec_t,s0)
-/etc/lircd\.conf	--	gen_context(system_u:object_r:lircd_etc_t,s0)
-
-/usr/sbin/lircd		--	gen_context(system_u:object_r:lircd_exec_t,s0)
-
-/var/run/lirc(/.*)?		gen_context(system_u:object_r:lircd_var_run_t,s0)
-/var/run/lircd(/.*)?		gen_context(system_u:object_r:lircd_var_run_t,s0)
-/var/run/lircd\.pid		gen_context(system_u:object_r:lircd_var_run_t,s0)
diff --git a/policy/modules/services/lircd.if b/policy/modules/services/lircd.if
deleted file mode 100644
index 5cfe950..0000000
--- a/policy/modules/services/lircd.if
+++ /dev/null
@@ -1,95 +0,0 @@
-## <summary>Linux infared remote control daemon</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run lircd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`lircd_domtrans',`
-	gen_require(`
-		type lircd_t, lircd_exec_t;
-	')
-
-	domain_auto_trans($1, lircd_exec_t, lircd_t)
-')
-
-######################################
-## <summary>
-##	Connect to lircd over a unix domain
-##	stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`lircd_stream_connect',`
-	gen_require(`
-		type lircd_var_run_t, lircd_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, lircd_var_run_t, lircd_var_run_t, lircd_t)
-')
-
-#######################################
-## <summary>
-##	Read lircd etc file
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`lircd_read_config',`
-	gen_require(`
-		type lircd_etc_t;
-	')
-
-	read_files_pattern($1, lircd_etc_t, lircd_etc_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	a lircd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the syslog domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`lircd_admin',`
-	gen_require(`
-		type lircd_t, lircd_var_run_t, lircd_etc_t;
-		type lircd_initrc_exec_t;
-	')
-
-	allow $1 lircd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, lircd_t)
-
-	init_labeled_script_domtrans($1, lircd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 lircd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, lircd_etc_t)
-
-	files_list_pids($1)
-	admin_pattern($1, lircd_var_run_t)
-')
diff --git a/policy/modules/services/lircd.te b/policy/modules/services/lircd.te
deleted file mode 100644
index 02f6985..0000000
--- a/policy/modules/services/lircd.te
+++ /dev/null
@@ -1,65 +0,0 @@
-policy_module(lircd, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type lircd_t;
-type lircd_exec_t;
-init_daemon_domain(lircd_t, lircd_exec_t)
-
-type lircd_initrc_exec_t;
-init_script_file(lircd_initrc_exec_t)
-
-type lircd_etc_t;
-files_type(lircd_etc_t)
-
-type lircd_var_run_t alias lircd_sock_t;
-files_pid_file(lircd_var_run_t)
-
-########################################
-#
-# lircd local policy
-#
-
-allow lircd_t self:capability { chown kill sys_admin };
-allow lircd_t self:process { fork signal };
-allow lircd_t self:fifo_file rw_fifo_file_perms;
-allow lircd_t self:unix_dgram_socket create_socket_perms;
-allow lircd_t self:tcp_socket create_stream_socket_perms;
-
-# etc file
-read_files_pattern(lircd_t, lircd_etc_t, lircd_etc_t)
-
-manage_dirs_pattern(lircd_t, lircd_var_run_t, lircd_var_run_t)
-manage_files_pattern(lircd_t, lircd_var_run_t, lircd_var_run_t)
-manage_sock_files_pattern(lircd_t, lircd_var_run_t, lircd_var_run_t)
-files_pid_filetrans(lircd_t, lircd_var_run_t, { file dir })
-# /dev/lircd socket
-dev_filetrans(lircd_t, lircd_var_run_t, sock_file)
-
-corenet_tcp_sendrecv_generic_if(lircd_t)
-corenet_tcp_bind_generic_node(lircd_t)
-corenet_tcp_bind_lirc_port(lircd_t)
-corenet_tcp_sendrecv_all_ports(lircd_t)
-corenet_tcp_connect_lirc_port(lircd_t)
-
-dev_rw_generic_usb_dev(lircd_t)
-dev_read_mouse(lircd_t)
-dev_filetrans_lirc(lircd_t)
-dev_rw_lirc(lircd_t)
-dev_rw_input_dev(lircd_t)
-
-files_read_etc_files(lircd_t)
-files_list_var(lircd_t)
-files_manage_generic_locks(lircd_t)
-files_read_all_locks(lircd_t)
-
-term_use_ptmx(lircd_t)
-
-logging_send_syslog_msg(lircd_t)
-
-miscfiles_read_localization(lircd_t)
-
-sysnet_dns_name_resolve(lircd_t)
diff --git a/policy/modules/services/lpd.fc b/policy/modules/services/lpd.fc
deleted file mode 100644
index 5c9eb68..0000000
--- a/policy/modules/services/lpd.fc
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# /dev
-#
-/dev/printer		-s	gen_context(system_u:object_r:printer_t,s0)
-
-/opt/gutenprint/s?bin(/.*)?	gen_context(system_u:object_r:lpr_exec_t,s0)
-
-#
-# /usr
-#
-/usr/bin/cancel(\.cups)? --	gen_context(system_u:object_r:lpr_exec_t,s0)
-/usr/bin/lp(\.cups)?	--	gen_context(system_u:object_r:lpr_exec_t,s0)
-/usr/bin/lpoptions	--	gen_context(system_u:object_r:lpr_exec_t,s0)
-/usr/bin/lpq(\.cups)?	--	gen_context(system_u:object_r:lpr_exec_t,s0)
-/usr/bin/lpr(\.cups)?	--	gen_context(system_u:object_r:lpr_exec_t,s0)
-/usr/bin/lprm(\.cups)?	--	gen_context(system_u:object_r:lpr_exec_t,s0)
-/usr/bin/lpstat(\.cups)? --	gen_context(system_u:object_r:lpr_exec_t,s0)
-
-/usr/sbin/accept	--	gen_context(system_u:object_r:lpr_exec_t,s0)
-/usr/sbin/checkpc	--	gen_context(system_u:object_r:checkpc_exec_t,s0)
-/usr/sbin/lpd		--	gen_context(system_u:object_r:lpd_exec_t,s0)
-/usr/sbin/lpadmin	--	gen_context(system_u:object_r:lpr_exec_t,s0)
-/usr/sbin/lpc(\.cups)?	--	gen_context(system_u:object_r:lpr_exec_t,s0)
-/usr/sbin/lpinfo	--	gen_context(system_u:object_r:lpr_exec_t,s0)
-/usr/sbin/lpmove	--	gen_context(system_u:object_r:lpr_exec_t,s0)
-
-/usr/local/linuxprinter/bin/l?lpr -- gen_context(system_u:object_r:lpr_exec_t,s0)
-
-/usr/share/printconf/.* --	gen_context(system_u:object_r:printconf_t,s0)
-
-#
-# /var
-#
-/var/spool/cups(/.*)?		gen_context(system_u:object_r:print_spool_t,mls_systemhigh)
-/var/spool/cups-pdf(/.*)?	gen_context(system_u:object_r:print_spool_t,mls_systemhigh)
-/var/spool/lpd(/.*)?		gen_context(system_u:object_r:print_spool_t,s0)
-/var/run/lprng(/.*)?		gen_context(system_u:object_r:lpd_var_run_t,s0)
diff --git a/policy/modules/services/lpd.if b/policy/modules/services/lpd.if
deleted file mode 100644
index ea7dca0..0000000
--- a/policy/modules/services/lpd.if
+++ /dev/null
@@ -1,215 +0,0 @@
-## <summary>Line printer daemon</summary>
-
-########################################
-## <summary>
-##	Role access for lpd
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`lpd_role',`
-	gen_require(`
-		type lpr_t, lpr_exec_t, print_spool_t;
-	')
-
-	role $1 types lpr_t;
-
-	# Transition from the user domain to the derived domain.
-	domtrans_pattern($2, lpr_exec_t, lpr_t)
-	dontaudit lpr_t $2:unix_stream_socket { read write };
-
-	ps_process_pattern($2, lpr_t)
-	allow $2 lpr_t:process { ptrace signal_perms };
-
-	optional_policy(`
-		cups_read_config($2)
-	')
-')
-
-########################################
-## <summary>
-##	Execute lpd in the lpd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`lpd_domtrans_checkpc',`
-	gen_require(`
-		type checkpc_t, checkpc_exec_t;
-	')
-
-	domtrans_pattern($1, checkpc_exec_t, checkpc_t)
-')
-
-########################################
-## <summary>
-##	Execute amrecover in the lpd domain, and
-##	allow the specified role the lpd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`lpd_run_checkpc',`
-	gen_require(`
-		type checkpc_t;
-	')
-
-	lpd_domtrans_checkpc($1)
-	role $2 types checkpc_t;
-')
-
-########################################
-## <summary>
-##	List the contents of the printer spool directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`lpd_list_spool',`
-	gen_require(`
-		type print_spool_t;
-	')
-
-	files_search_spool($1)
-	allow $1 print_spool_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read the printer spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`lpd_read_spool',`
-	gen_require(`
-		type print_spool_t;
-	')
-
-	files_search_spool($1)
-	read_files_pattern($1, print_spool_t, print_spool_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete printer spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`lpd_manage_spool',`
-	gen_require(`
-		type print_spool_t;
-	')
-
-	files_search_spool($1)
-	manage_dirs_pattern($1, print_spool_t, print_spool_t)
-	manage_files_pattern($1, print_spool_t, print_spool_t)
-	manage_lnk_files_pattern($1, print_spool_t, print_spool_t)
-')
-
-########################################
-## <summary>
-##	Relabel from and to the spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`lpd_relabel_spool',`
-	gen_require(`
-		type print_spool_t;
-	')
-
-	files_search_spool($1)
-	allow $1 print_spool_t:file relabel_file_perms;
-')
-
-########################################
-## <summary>
-##	List the contents of the printer spool directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`lpd_read_config',`
-	gen_require(`
-		type printconf_t;
-	')
-
-	allow $1 printconf_t:dir list_dir_perms;
-	read_files_pattern($1, printconf_t, printconf_t)
-')
-
-########################################
-## <summary>
-##	Transition to a user lpr domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`lpd_domtrans_lpr',`
-	gen_require(`
-		type lpr_t, lpr_exec_t;
-	')
-
-	domtrans_pattern($1, lpr_exec_t, lpr_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to execute lpr
-##	in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`lpd_exec_lpr',`
-	gen_require(`
-		type lpr_exec_t;
-	')
-
-	can_exec($1, lpr_exec_t)
-')
diff --git a/policy/modules/services/lpd.te b/policy/modules/services/lpd.te
deleted file mode 100644
index 80671d9..0000000
--- a/policy/modules/services/lpd.te
+++ /dev/null
@@ -1,333 +0,0 @@
-policy_module(lpd, 1.12.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Use lpd server instead of cups
-##	</p>
-## </desc>
-gen_tunable(use_lpd_server, false)
-
-type checkpc_t;
-type checkpc_exec_t;
-init_system_domain(checkpc_t, checkpc_exec_t)
-role system_r types checkpc_t;
-
-type checkpc_log_t;
-logging_log_file(checkpc_log_t)
-
-type lpd_t;
-type lpd_exec_t;
-init_daemon_domain(lpd_t, lpd_exec_t)
-
-type lpd_tmp_t;
-files_tmp_file(lpd_tmp_t)
-
-type lpd_var_run_t;
-files_pid_file(lpd_var_run_t)
-
-type lpr_t;
-type lpr_exec_t;
-typealias lpr_t alias { user_lpr_t staff_lpr_t sysadm_lpr_t };
-typealias lpr_t alias { auditadm_lpr_t secadm_lpr_t };
-application_domain(lpr_t, lpr_exec_t)
-ubac_constrained(lpr_t)
-
-type lpr_tmp_t;
-typealias lpr_tmp_t alias { user_lpr_tmp_t staff_lpr_tmp_t sysadm_lpr_tmp_t };
-typealias lpr_tmp_t alias { auditadm_lpr_tmp_t secadm_lpr_tmp_t };
-files_tmp_file(lpr_tmp_t)
-ubac_constrained(lpr_tmp_t)
-
-# Type for spool files.
-type print_spool_t;
-typealias print_spool_t alias { user_print_spool_t staff_print_spool_t sysadm_print_spool_t };
-typealias print_spool_t alias { auditadm_print_spool_t secadm_print_spool_t };
-files_type(print_spool_t)
-ubac_constrained(print_spool_t)
-
-type printer_t;
-files_type(printer_t)
-
-type printconf_t;
-files_type(printconf_t)
-
-########################################
-#
-# Checkpc local policy
-#
-
-# Allow checkpc to access the lpd spool so it can check & fix it.
-# This requires that /usr/sbin/checkpc have type checkpc_t.
-
-allow checkpc_t self:capability { setgid setuid dac_override };
-allow checkpc_t self:process signal_perms;
-allow checkpc_t self:unix_stream_socket create_socket_perms;
-allow checkpc_t self:tcp_socket create_socket_perms;
-allow checkpc_t self:udp_socket create_socket_perms;
-
-allow checkpc_t checkpc_log_t:file manage_file_perms;
-logging_log_filetrans(checkpc_t, checkpc_log_t, file)
-
-allow checkpc_t lpd_var_run_t:dir search_dir_perms;
-files_search_pids(checkpc_t)
-
-rw_files_pattern(checkpc_t, print_spool_t, print_spool_t)
-delete_files_pattern(checkpc_t, print_spool_t, print_spool_t)
-files_search_spool(checkpc_t)
-
-allow checkpc_t printconf_t:file getattr_file_perms;
-allow checkpc_t printconf_t:dir list_dir_perms;
-
-kernel_read_system_state(checkpc_t)
-
-corenet_all_recvfrom_unlabeled(checkpc_t)
-corenet_all_recvfrom_netlabel(checkpc_t)
-corenet_tcp_sendrecv_generic_if(checkpc_t)
-corenet_udp_sendrecv_generic_if(checkpc_t)
-corenet_tcp_sendrecv_generic_node(checkpc_t)
-corenet_udp_sendrecv_generic_node(checkpc_t)
-corenet_tcp_sendrecv_all_ports(checkpc_t)
-corenet_udp_sendrecv_all_ports(checkpc_t)
-corenet_tcp_connect_all_ports(checkpc_t)
-corenet_sendrecv_all_client_packets(checkpc_t)
-
-dev_append_printer(checkpc_t)
-
-# This is less desirable, but checkpc demands /bin/bash and /bin/chown:
-corecmd_exec_shell(checkpc_t)
-corecmd_exec_bin(checkpc_t)
-
-domain_use_interactive_fds(checkpc_t)
-
-files_read_etc_files(checkpc_t)
-files_read_etc_runtime_files(checkpc_t)
-
-init_use_script_ptys(checkpc_t)
-# Allow access to /dev/console through the fd:
-init_use_fds(checkpc_t)
-
-sysnet_read_config(checkpc_t)
-
-userdom_use_user_terminals(checkpc_t)
-
-optional_policy(`
-	cron_system_entry(checkpc_t, checkpc_exec_t)
-')
-
-optional_policy(`
-	logging_send_syslog_msg(checkpc_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(checkpc_t)
-')
-
-########################################
-#
-# Lpd local policy
-#
-
-allow lpd_t self:capability { setgid setuid net_bind_service dac_read_search dac_override chown fowner };
-dontaudit lpd_t self:capability sys_tty_config;
-allow lpd_t self:process signal_perms;
-allow lpd_t self:fifo_file rw_fifo_file_perms;
-allow lpd_t self:unix_stream_socket create_stream_socket_perms;
-allow lpd_t self:unix_dgram_socket create_socket_perms;
-allow lpd_t self:tcp_socket create_stream_socket_perms;
-allow lpd_t self:udp_socket create_stream_socket_perms;
-
-manage_dirs_pattern(lpd_t, lpd_tmp_t, lpd_tmp_t)
-manage_files_pattern(lpd_t, lpd_tmp_t, lpd_tmp_t)
-files_tmp_filetrans(lpd_t, lpd_tmp_t, { file dir })
-
-manage_dirs_pattern(lpd_t, lpd_var_run_t, lpd_var_run_t)
-manage_files_pattern(lpd_t, lpd_var_run_t, lpd_var_run_t)
-manage_sock_files_pattern(lpd_t, lpd_var_run_t, lpd_var_run_t)
-files_pid_filetrans(lpd_t, lpd_var_run_t, { dir file })
-
-# Write to /var/spool/lpd.
-manage_files_pattern(lpd_t, print_spool_t, print_spool_t)
-files_search_spool(lpd_t)
-
-# lpd must be able to execute the filter utilities in /usr/share/printconf.
-allow lpd_t printconf_t:dir list_dir_perms;
-can_exec(lpd_t, printconf_t)
-
-# Create and bind to /dev/printer.
-allow lpd_t printer_t:lnk_file manage_lnk_file_perms;
-dev_filetrans(lpd_t, printer_t, lnk_file)
-
-kernel_read_kernel_sysctls(lpd_t)
-# bash wants access to /proc/meminfo
-kernel_read_system_state(lpd_t)
-
-corenet_all_recvfrom_unlabeled(lpd_t)
-corenet_all_recvfrom_netlabel(lpd_t)
-corenet_tcp_sendrecv_generic_if(lpd_t)
-corenet_udp_sendrecv_generic_if(lpd_t)
-corenet_tcp_sendrecv_generic_node(lpd_t)
-corenet_udp_sendrecv_generic_node(lpd_t)
-corenet_tcp_sendrecv_all_ports(lpd_t)
-corenet_udp_sendrecv_all_ports(lpd_t)
-corenet_tcp_bind_generic_node(lpd_t)
-corenet_tcp_bind_printer_port(lpd_t)
-corenet_sendrecv_printer_server_packets(lpd_t)
-
-dev_read_sysfs(lpd_t)
-dev_rw_printer(lpd_t)
-
-fs_getattr_all_fs(lpd_t)
-fs_search_auto_mountpoints(lpd_t)
-
-# Filter scripts may be shell scripts, and may invoke progs like /bin/mktemp
-corecmd_exec_bin(lpd_t)
-corecmd_exec_shell(lpd_t)
-
-domain_use_interactive_fds(lpd_t)
-
-files_read_etc_runtime_files(lpd_t)
-files_read_usr_files(lpd_t)
-# for defoma
-files_list_world_readable(lpd_t)
-files_read_world_readable_files(lpd_t)
-files_read_world_readable_symlinks(lpd_t)
-files_list_var_lib(lpd_t)
-files_read_var_lib_files(lpd_t)
-files_read_var_lib_symlinks(lpd_t)
-# config files for lpd are of type etc_t, probably should change this
-files_read_etc_files(lpd_t)
-
-logging_send_syslog_msg(lpd_t)
-
-miscfiles_read_fonts(lpd_t)
-miscfiles_read_localization(lpd_t)
-
-sysnet_read_config(lpd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(lpd_t)
-userdom_dontaudit_search_user_home_dirs(lpd_t)
-
-optional_policy(`
-	nis_use_ypbind(lpd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(lpd_t)
-')
-
-optional_policy(`
-	udev_read_db(lpd_t)
-')
-
-##############################
-#
-# Local policy
-#
-
-allow lpr_t self:capability { setuid dac_override net_bind_service chown };
-allow lpr_t self:unix_stream_socket create_stream_socket_perms;
-allow lpr_t self:tcp_socket create_socket_perms;
-allow lpr_t self:udp_socket create_socket_perms;
-
-can_exec(lpr_t, lpr_exec_t)
-
-# Allow lpd to read, rename, and unlink spool files.
-allow lpd_t print_spool_t:file { read_file_perms rename_file_perms delete_file_perms };
-
-kernel_read_kernel_sysctls(lpr_t)
-
-corenet_all_recvfrom_unlabeled(lpr_t)
-corenet_all_recvfrom_netlabel(lpr_t)
-corenet_tcp_sendrecv_generic_if(lpr_t)
-corenet_udp_sendrecv_generic_if(lpr_t)
-corenet_tcp_sendrecv_generic_node(lpr_t)
-corenet_udp_sendrecv_generic_node(lpr_t)
-corenet_tcp_sendrecv_all_ports(lpr_t)
-corenet_udp_sendrecv_all_ports(lpr_t)
-corenet_tcp_connect_all_ports(lpr_t)
-corenet_sendrecv_all_client_packets(lpr_t)
-
-dev_read_rand(lpr_t)
-dev_read_urand(lpr_t)
-
-domain_use_interactive_fds(lpr_t)
-
-files_search_spool(lpr_t)
-# for lpd config files (should have a new type)
-files_read_etc_files(lpr_t)
-# for test print
-files_read_usr_files(lpr_t)
-#Added to cover read_content macro
-files_list_home(lpr_t)
-files_read_generic_tmp_files(lpr_t)
-
-fs_getattr_xattr_fs(lpr_t)
-
-# Access the terminal.
-term_use_controlling_term(lpr_t)
-term_use_generic_ptys(lpr_t)
-
-auth_use_nsswitch(lpr_t)
-
-miscfiles_read_localization(lpr_t)
-
-userdom_read_user_tmp_symlinks(lpr_t)
-# Write to the user domain tty.
-userdom_use_user_terminals(lpr_t)
-userdom_read_user_home_content_files(lpr_t)
-userdom_read_user_tmp_files(lpr_t)
-
-tunable_policy(`use_lpd_server',`
-	# lpr can run in lightweight mode, without a local print spooler.
-	allow lpr_t lpd_var_run_t:dir search_dir_perms;
-	allow lpr_t lpd_var_run_t:sock_file write_sock_file_perms;
-	files_read_var_files(lpr_t)
-
-	# Connect to lpd via a Unix domain socket.
-	allow lpr_t printer_t:sock_file read_sock_file_perms;
-	stream_connect_pattern(lpr_t, printer_t, printer_t, lpd_t)
-	# Send SIGHUP to lpd.
-	allow lpr_t lpd_t:process signal;
-
-	manage_dirs_pattern(lpr_t, lpr_tmp_t, lpr_tmp_t)
-	manage_files_pattern(lpr_t, lpr_tmp_t, lpr_tmp_t)
-	files_tmp_filetrans(lpr_t, lpr_tmp_t, { file dir })
-
-	manage_files_pattern(lpr_t, print_spool_t, print_spool_t)
-	filetrans_pattern(lpr_t, print_spool_t, print_spool_t, file)
-	# Read and write shared files in the spool directory.
-	allow lpr_t print_spool_t:file rw_file_perms;
-
-	allow lpr_t printconf_t:dir list_dir_perms;
-	read_files_pattern(lpr_t, printconf_t, printconf_t)
-	read_lnk_files_pattern(lpr_t, printconf_t, printconf_t)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	files_list_home(lpr_t)
-	fs_list_auto_mountpoints(lpr_t)
-	fs_read_nfs_files(lpr_t)
-	fs_read_nfs_symlinks(lpr_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	files_list_home(lpr_t)
-	fs_list_auto_mountpoints(lpr_t)
-	fs_read_cifs_files(lpr_t)
-	fs_read_cifs_symlinks(lpr_t)
-')
-
-optional_policy(`
-	cups_read_config(lpr_t)
-	cups_stream_connect(lpr_t)
-	cups_read_pid_files(lpr_t)
-')
-
-optional_policy(`
-	logging_send_syslog_msg(lpr_t)
-')
diff --git a/policy/modules/services/mailman.fc b/policy/modules/services/mailman.fc
deleted file mode 100644
index 14ad189..0000000
--- a/policy/modules/services/mailman.fc
+++ /dev/null
@@ -1,34 +0,0 @@
-/usr/lib(64)?/mailman/bin/mailmanctl --	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-/usr/lib/mailman/cron/.*	--	gen_context(system_u:object_r:mailman_queue_exec_t,s0)
-
-/var/lib/mailman(/.*)?			gen_context(system_u:object_r:mailman_data_t,s0)
-/var/lib/mailman/archives(/.*)?		gen_context(system_u:object_r:mailman_archive_t,s0)
-/var/lock/mailman(/.*)?			gen_context(system_u:object_r:mailman_lock_t,s0)
-/var/log/mailman(/.*)?			gen_context(system_u:object_r:mailman_log_t,s0)
-/var/run/mailman(/.*)?			gen_context(system_u:object_r:mailman_lock_t,s0)
-
-#
-# distro_debian
-#
-ifdef(`distro_debian', `
-/etc/cron\.daily/mailman 	-- 	gen_context(system_u:object_r:mailman_queue_exec_t,s0)
-/etc/cron\.monthly/mailman 	-- 	gen_context(system_u:object_r:mailman_queue_exec_t,s0)
-
-/usr/lib/cgi-bin/mailman/.*	--	gen_context(system_u:object_r:mailman_cgi_exec_t,s0)
-/usr/lib/mailman/mail/wrapper 	--	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-/usr/mailman/mail/wrapper	--	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-')
-
-#
-# distro_redhat
-#
-ifdef(`distro_redhat', `
-/etc/mailman(/.*)?			gen_context(system_u:object_r:mailman_data_t,s0)
-
-/usr/lib(64)?/mailman/bin/qrunner --	gen_context(system_u:object_r:mailman_queue_exec_t,s0)
-/usr/lib(64)?/mailman/cgi-bin/.* --	gen_context(system_u:object_r:mailman_cgi_exec_t,s0)
-/usr/lib(64)?/mailman/mail/mailman --	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-/usr/lib(64)?/mailman/scripts/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-
-/var/spool/mailman(/.*)?		gen_context(system_u:object_r:mailman_data_t,s0)
-')
diff --git a/policy/modules/services/mailman.if b/policy/modules/services/mailman.if
deleted file mode 100644
index 84b7626..0000000
--- a/policy/modules/services/mailman.if
+++ /dev/null
@@ -1,352 +0,0 @@
-## <summary>Mailman is for managing electronic mail discussion and e-newsletter lists</summary>
-
-#######################################
-## <summary>
-##	The template to define a mailmain domain.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a domain to be used for
-##	a new mailman daemon.
-##	</p>
-## </desc>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The type of daemon to be used eg, cgi would give mailman_cgi_
-##	</summary>
-## </param>
-#
-template(`mailman_domain_template',`
-	type mailman_$1_t;
-	domain_type(mailman_$1_t)
-	role system_r types mailman_$1_t;
-
-	type mailman_$1_exec_t;
-	domain_entry_file(mailman_$1_t, mailman_$1_exec_t)
-
-	type mailman_$1_tmp_t;
-	files_tmp_file(mailman_$1_tmp_t)
-
-	allow mailman_$1_t self:{ unix_stream_socket unix_dgram_socket } create_socket_perms;
-	allow mailman_$1_t self:tcp_socket create_stream_socket_perms;
-	allow mailman_$1_t self:udp_socket create_socket_perms;
-
-	files_search_spool(mailman_$1_t)
-
-	manage_dirs_pattern(mailman_$1_t, mailman_archive_t, mailman_archive_t)
-	manage_files_pattern(mailman_$1_t, mailman_archive_t, mailman_archive_t)
-	manage_lnk_files_pattern(mailman_$1_t, mailman_archive_t, mailman_archive_t)
-
-	manage_dirs_pattern(mailman_$1_t, mailman_data_t, mailman_data_t)
-	manage_files_pattern(mailman_$1_t, mailman_data_t, mailman_data_t)
-	manage_lnk_files_pattern(mailman_$1_t, mailman_data_t, mailman_data_t)
-
-	manage_files_pattern(mailman_$1_t, mailman_lock_t, mailman_lock_t)
-	files_lock_filetrans(mailman_$1_t, mailman_lock_t, file)
-
-	manage_files_pattern(mailman_$1_t, mailman_log_t, mailman_log_t)
-	logging_log_filetrans(mailman_$1_t, mailman_log_t, file)
-
-	manage_dirs_pattern(mailman_$1_t, mailman_$1_tmp_t, mailman_$1_tmp_t)
-	manage_files_pattern(mailman_$1_t, mailman_$1_tmp_t, mailman_$1_tmp_t)
-	files_tmp_filetrans(mailman_$1_t, mailman_$1_tmp_t, { file dir })
-
-	kernel_read_kernel_sysctls(mailman_$1_t)
-	kernel_read_system_state(mailman_$1_t)
-
-	corenet_all_recvfrom_unlabeled(mailman_$1_t)
-	corenet_all_recvfrom_netlabel(mailman_$1_t)
-	corenet_tcp_sendrecv_generic_if(mailman_$1_t)
-	corenet_udp_sendrecv_generic_if(mailman_$1_t)
-	corenet_raw_sendrecv_generic_if(mailman_$1_t)
-	corenet_tcp_sendrecv_generic_node(mailman_$1_t)
-	corenet_udp_sendrecv_generic_node(mailman_$1_t)
-	corenet_raw_sendrecv_generic_node(mailman_$1_t)
-	corenet_tcp_sendrecv_all_ports(mailman_$1_t)
-	corenet_udp_sendrecv_all_ports(mailman_$1_t)
-	corenet_tcp_bind_generic_node(mailman_$1_t)
-	corenet_udp_bind_generic_node(mailman_$1_t)
-	corenet_tcp_connect_smtp_port(mailman_$1_t)
-	corenet_sendrecv_smtp_client_packets(mailman_$1_t)
-
-	fs_getattr_xattr_fs(mailman_$1_t)
-
-	corecmd_exec_all_executables(mailman_$1_t)
-
-	files_exec_etc_files(mailman_$1_t)
-	files_read_usr_files(mailman_$1_t)
-	files_list_var(mailman_$1_t)
-	files_list_var_lib(mailman_$1_t)
-	files_read_var_lib_symlinks(mailman_$1_t)
-	files_read_etc_runtime_files(mailman_$1_t)
-
-	auth_use_nsswitch(mailman_$1_t)
-
-	libs_exec_ld_so(mailman_$1_t)
-	libs_exec_lib_files(mailman_$1_t)
-
-	logging_send_syslog_msg(mailman_$1_t)
-
-	miscfiles_read_localization(mailman_$1_t)
-')
-
-#######################################
-## <summary>
-##	Execute mailman in the mailman domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`mailman_domtrans',`
-	gen_require(`
-		type mailman_mail_exec_t, mailman_mail_t;
-	')
-
-	domtrans_pattern($1, mailman_mail_exec_t, mailman_mail_t)
-')
-
-#######################################
-## <summary>
-##	Execute mailman CGI scripts in the 
-##	mailman CGI domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`mailman_domtrans_cgi',`
-	gen_require(`
-		type mailman_cgi_exec_t, mailman_cgi_t;
-	')
-
-	domtrans_pattern($1, mailman_cgi_exec_t, mailman_cgi_t)
-')
-
-#######################################
-## <summary>
-##	Execute mailman in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowd access.
-##	</summary>
-## </param>
-#
-interface(`mailman_exec',`
-	gen_require(`
-		type mailman_mail_exec_t;
-	')
-
-	can_exec($1, mailman_mail_exec_t)
-')
-
-#######################################
-## <summary>
-##	Send generic signals to the mailman cgi domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mailman_signal_cgi',`
-	gen_require(`
-		type mailman_cgi_t;
-	')
-
-	allow $1 mailman_cgi_t:process signal;
-')
-
-#######################################
-## <summary>
-##	Allow domain to search data directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mailman_search_data',`
-	gen_require(`
-		type mailman_data_t;
-	')
-
-	allow $1 mailman_data_t:dir search_dir_perms;
-')
-
-#######################################
-## <summary>
-##	Allow domain to to read mailman data files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mailman_read_data_files',`
-	gen_require(`
-		type mailman_data_t;
-	')
-
-	list_dirs_pattern($1, mailman_data_t, mailman_data_t)
-	read_files_pattern($1, mailman_data_t, mailman_data_t)
-	read_lnk_files_pattern($1, mailman_data_t, mailman_data_t)
-')
-
-#######################################
-## <summary>
-##	Allow domain to to create mailman data files
-##	and write the directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mailman_manage_data_files',`
-	gen_require(`
-		type mailman_data_t;
-	')
-
-	manage_dirs_pattern($1, mailman_data_t, mailman_data_t)
-	manage_files_pattern($1, mailman_data_t, mailman_data_t)
-')
-
-#######################################
-## <summary>
-##	List the contents of mailman data directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mailman_list_data',`
-	gen_require(`
-		type mailman_data_t;
-	')
-
-	allow $1 mailman_data_t:dir list_dir_perms;
-')
-
-#######################################
-## <summary>
-##	Allow read acces to mailman data symbolic links.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mailman_read_data_symlinks',`
-	gen_require(`
-		type mailman_data_t;
-	')
-
-	read_lnk_files_pattern($1, mailman_data_t, mailman_data_t)
-')
-
-#######################################
-## <summary>
-##	Read mailman logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mailman_read_log',`
-	gen_require(`
-		type mailman_log_t;
-	')
-
-	read_files_pattern($1, mailman_log_t, mailman_log_t)
-')
-
-#######################################
-## <summary>
-##	Append to mailman logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mailman_append_log',`
-	gen_require(`
-		type mailman_log_t;
-	')
-
-	append_files_pattern($1, mailman_log_t, mailman_log_t)
-')
-
-#######################################
-## <summary>
-##	Create, read, write, and delete
-##	mailman logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mailman_manage_log',`
-	gen_require(`
-		type mailman_log_t;
-	')
-
-	manage_files_pattern($1, mailman_log_t, mailman_log_t)
-	manage_lnk_files_pattern($1, mailman_log_t, mailman_log_t)
-')
-
-#######################################
-## <summary>
-##	Allow domain to read mailman archive files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mailman_read_archive',`
-	gen_require(`
-		type mailman_archive_t;
-	')
-
-	allow $1 mailman_archive_t:dir list_dir_perms;
-	read_files_pattern($1, mailman_archive_t, mailman_archive_t)
-	read_lnk_files_pattern($1, mailman_archive_t, mailman_archive_t)
-')
-
-#######################################
-## <summary>
-##	Execute mailman_queue in the mailman_queue domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`mailman_domtrans_queue',`
-	gen_require(`
-		type mailman_queue_exec_t, mailman_queue_t;
-	')
-
-	domtrans_pattern($1, mailman_queue_exec_t, mailman_queue_t)
-')
diff --git a/policy/modules/services/mailman.te b/policy/modules/services/mailman.te
deleted file mode 100644
index 96e3c80..0000000
--- a/policy/modules/services/mailman.te
+++ /dev/null
@@ -1,132 +0,0 @@
-policy_module(mailman, 1.8.0)
-
-########################################
-#
-# Declarations
-#
-
-mailman_domain_template(cgi)
-
-type mailman_data_t;
-files_type(mailman_data_t)
-
-type mailman_archive_t;
-files_type(mailman_archive_t)
-
-type mailman_log_t;
-logging_log_file(mailman_log_t)
-
-type mailman_lock_t;
-files_lock_file(mailman_lock_t)
-
-mailman_domain_template(mail)
-init_daemon_domain(mailman_mail_t, mailman_mail_exec_t)
-
-mailman_domain_template(queue)
-
-########################################
-#
-# Mailman CGI local policy
-#
-
-# cjp: the template invocation for cgi should be
-# in the below optional policy; however, there are no
-# optionals for file contexts yet, so it is promoted
-# to global scope until such facilities exist.
-
-optional_policy(`
-	dev_read_urand(mailman_cgi_t)
-
-	manage_dirs_pattern(mailman_cgi_t, mailman_archive_t, mailman_archive_t)
-	manage_files_pattern(mailman_cgi_t, mailman_archive_t, mailman_archive_t)
-	manage_lnk_files_pattern(mailman_cgi_t, mailman_archive_t, mailman_archive_t)
-
-	files_search_spool(mailman_cgi_t)
-
-	term_use_controlling_term(mailman_cgi_t)
-
-	# for python pre-compile foolishness
-	libs_dontaudit_write_lib_dirs(mailman_cgi_t)
-
-	apache_sigchld(mailman_cgi_t)
-	apache_use_fds(mailman_cgi_t)
-	apache_dontaudit_append_log(mailman_cgi_t)
-	apache_search_sys_script_state(mailman_cgi_t)
-	apache_read_config(mailman_cgi_t)
-	apache_dontaudit_rw_stream_sockets(mailman_cgi_t)
-')
-
-########################################
-#
-# Mailman mail local policy
-#
-
-allow mailman_mail_t self:capability { kill dac_override setuid setgid sys_tty_config };
-allow mailman_mail_t self:process { signal signull };
-allow mailman_mail_t self:unix_dgram_socket create_socket_perms;
-
-manage_dirs_pattern(mailman_mail_t, mailman_archive_t, mailman_archive_t)
-manage_files_pattern(mailman_mail_t, mailman_archive_t, mailman_archive_t)
-manage_lnk_files_pattern(mailman_mail_t, mailman_archive_t, mailman_archive_t)
-
-files_search_spool(mailman_mail_t)
-
-fs_rw_anon_inodefs_files(mailman_mail_t)
-
-mta_dontaudit_rw_delivery_tcp_sockets(mailman_mail_t)
-mta_dontaudit_rw_queue(mailman_mail_t)
-
-optional_policy(`
-	courier_read_spool(mailman_mail_t)
-')
-
-optional_policy(`
-	gnome_dontaudit_search_config(mailman_mail_t)
-')
-
-optional_policy(`
-	cron_read_pipes(mailman_mail_t)
-')
-
-optional_policy(`
-	postfix_search_spool(mailman_mail_t)
-')
-
-########################################
-#
-# Mailman queue local policy
-#
-
-allow mailman_queue_t self:capability { setgid setuid };
-allow mailman_queue_t self:process signal;
-allow mailman_queue_t self:fifo_file rw_fifo_file_perms;
-allow mailman_queue_t self:unix_dgram_socket create_socket_perms;
-
-manage_dirs_pattern(mailman_queue_t, mailman_archive_t, mailman_archive_t)
-manage_files_pattern(mailman_queue_t, mailman_archive_t, mailman_archive_t)
-manage_lnk_files_pattern(mailman_queue_t, mailman_archive_t, mailman_archive_t)
-
-kernel_read_proc_symlinks(mailman_queue_t)
-
-auth_domtrans_chk_passwd(mailman_queue_t)
-
-files_dontaudit_search_pids(mailman_queue_t)
-
-# for su
-seutil_dontaudit_search_config(mailman_queue_t)
-
-# some of the following could probably be changed to dontaudit, someone who
-# knows mailman well should test this out and send the changes
-userdom_search_user_home_dirs(mailman_queue_t)
-
-optional_policy(`
-	apache_read_config(mailman_queue_t)
-')
-
-optional_policy(`
-	cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
-')
-
-optional_policy(`
-	su_exec(mailman_queue_t)
-')
diff --git a/policy/modules/services/memcached.fc b/policy/modules/services/memcached.fc
deleted file mode 100644
index 4d69477..0000000
--- a/policy/modules/services/memcached.fc
+++ /dev/null
@@ -1,5 +0,0 @@
-/etc/rc\.d/init\.d/memcached	--	gen_context(system_u:object_r:memcached_initrc_exec_t,s0)
-
-/usr/bin/memcached		--	gen_context(system_u:object_r:memcached_exec_t,s0)
-
-/var/run/memcached(/.*)?		gen_context(system_u:object_r:memcached_var_run_t,s0)
diff --git a/policy/modules/services/memcached.if b/policy/modules/services/memcached.if
deleted file mode 100644
index 5008a6c..0000000
--- a/policy/modules/services/memcached.if
+++ /dev/null
@@ -1,72 +0,0 @@
-## <summary>high-performance memory object caching system</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run memcached.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`memcached_domtrans',`
-	gen_require(`
-		type memcached_t, memcached_exec_t;
-	')
-
-	domtrans_pattern($1, memcached_exec_t, memcached_t)
-')
-
-########################################
-## <summary>
-##	Read memcached PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`memcached_read_pid_files',`
-	gen_require(`
-		type memcached_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 memcached_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an memcached environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the memcached domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`memcached_admin',`
-	gen_require(`
-		type memcached_t, memcached_initrc_exec_t, memcached_var_run_t;
-	')
-
-	allow $1 memcached_t:process { ptrace signal_perms };
-	ps_process_pattern($1, memcached_t)
-
-	init_labeled_script_domtrans($1, memcached_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 memcached_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_pids($1)
-	admin_pattern($1, memcached_var_run_t)
-')
diff --git a/policy/modules/services/memcached.te b/policy/modules/services/memcached.te
deleted file mode 100644
index b681608..0000000
--- a/policy/modules/services/memcached.te
+++ /dev/null
@@ -1,58 +0,0 @@
-policy_module(memcached, 1.2.0)
-
-########################################
-#
-# Declarations
-#
-
-type memcached_t;
-type memcached_exec_t;
-init_daemon_domain(memcached_t, memcached_exec_t)
-
-type memcached_initrc_exec_t;
-init_script_file(memcached_initrc_exec_t)
-
-type memcached_var_run_t;
-files_pid_file(memcached_var_run_t)
-
-########################################
-#
-# memcached local policy
-#
-
-allow memcached_t self:capability { setuid setgid };
-dontaudit memcached_t self:capability sys_tty_config;
-allow memcached_t self:process { setrlimit signal_perms };
-allow memcached_t self:tcp_socket create_stream_socket_perms;
-allow memcached_t self:udp_socket { create_socket_perms listen };
-allow memcached_t self:fifo_file rw_fifo_file_perms;
-allow memcached_t self:unix_stream_socket create_stream_socket_perms;
-
-corenet_all_recvfrom_unlabeled(memcached_t)
-corenet_udp_sendrecv_generic_if(memcached_t)
-corenet_udp_sendrecv_generic_node(memcached_t)
-corenet_udp_sendrecv_all_ports(memcached_t)
-corenet_udp_bind_generic_node(memcached_t)
-corenet_tcp_sendrecv_generic_if(memcached_t)
-corenet_tcp_sendrecv_generic_node(memcached_t)
-corenet_tcp_sendrecv_all_ports(memcached_t)
-corenet_tcp_bind_generic_node(memcached_t)
-corenet_tcp_bind_memcache_port(memcached_t)
-corenet_udp_bind_memcache_port(memcached_t)
-
-manage_dirs_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
-manage_files_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
-files_pid_filetrans(memcached_t, memcached_var_run_t, { file dir })
-
-kernel_read_kernel_sysctls(memcached_t)
-kernel_read_system_state(memcached_t)
-
-files_read_etc_files(memcached_t)
-
-term_dontaudit_use_all_ptys(memcached_t)
-term_dontaudit_use_all_ttys(memcached_t)
-term_dontaudit_use_console(memcached_t)
-
-auth_use_nsswitch(memcached_t)
-
-miscfiles_read_localization(memcached_t)
diff --git a/policy/modules/services/metadata.xml b/policy/modules/services/metadata.xml
deleted file mode 100644
index 4e6ec17..0000000
--- a/policy/modules/services/metadata.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<summary>
-	Policy modules for system services, like cron, and network services,
-	like sshd.
-</summary>
diff --git a/policy/modules/services/milter.fc b/policy/modules/services/milter.fc
deleted file mode 100644
index 613c69d..0000000
--- a/policy/modules/services/milter.fc
+++ /dev/null
@@ -1,17 +0,0 @@
-/etc/mail/dkim-milter/keys(/.*)?        gen_context(system_u:object_r:dkim_milter_private_key_t,s0)
-
-/usr/sbin/dkim-filter           --      gen_context(system_u:object_r:dkim_milter_exec_t,s0)
-/usr/sbin/milter-greylist	--	gen_context(system_u:object_r:greylist_milter_exec_t,s0)
-/usr/sbin/milter-regex				--	gen_context(system_u:object_r:regex_milter_exec_t,s0)
-/usr/sbin/spamass-milter	--	gen_context(system_u:object_r:spamass_milter_exec_t,s0)
-
-/var/lib/milter-greylist(/.*)?		gen_context(system_u:object_r:greylist_milter_data_t,s0)
-/var/lib/spamass-milter(/.*)?		gen_context(system_u:object_r:spamass_milter_state_t,s0)
-
-/var/run/dkim-milter(/.*)?              gen_context(system_u:object_r:dkim_milter_data_t,s0)
-/var/run/milter-greylist(/.*)?		gen_context(system_u:object_r:greylist_milter_data_t,s0)
-/var/run/milter-greylist\.pid	--	gen_context(system_u:object_r:greylist_milter_data_t,s0)
-/var/run/spamass-milter(/.*)?		gen_context(system_u:object_r:spamass_milter_data_t,s0)
-/var/run/spamass-milter\.pid	--	gen_context(system_u:object_r:spamass_milter_data_t,s0)
-
-/var/spool/milter-regex(/.*)?		gen_context(system_u:object_r:regex_milter_data_t,s0)
diff --git a/policy/modules/services/milter.if b/policy/modules/services/milter.if
deleted file mode 100644
index d7e81f3..0000000
--- a/policy/modules/services/milter.if
+++ /dev/null
@@ -1,140 +0,0 @@
-## <summary>Milter mail filters</summary>
-
-########################################
-## <summary>
-##	Create a set of derived types for various
-##	mail filter applications using the milter interface.
-## </summary>
-## <param name="milter_name">
-##	<summary>
-##	The name to be used for deriving type names.
-##	</summary>
-## </param>
-#
-template(`milter_template',`
-	# attributes common to all milters
-	gen_require(`
-		attribute milter_data_type, milter_domains;
-	')
-
-	type $1_milter_t, milter_domains;
-	type $1_milter_exec_t;
-	init_daemon_domain($1_milter_t, $1_milter_exec_t)
-	role system_r types $1_milter_t;
-
-	# Type for the milter data (e.g. the socket used to communicate with the MTA)
-	type $1_milter_data_t, milter_data_type;
-	files_type($1_milter_data_t)
-
-	allow $1_milter_t self:fifo_file rw_fifo_file_perms;
-
-	# Allow communication with MTA over a unix-domain socket
-	# Note: usage with TCP sockets requires additional policy
-	manage_sock_files_pattern($1_milter_t, $1_milter_data_t, $1_milter_data_t)
-
-	# Create other data files and directories in the data directory
-	manage_files_pattern($1_milter_t, $1_milter_data_t, $1_milter_data_t)
-
-	files_read_etc_files($1_milter_t)
-
-	kernel_dontaudit_read_system_state($1_milter_t)
-
-	miscfiles_read_localization($1_milter_t)
-
-	logging_send_syslog_msg($1_milter_t)
-')
-
-########################################
-## <summary>
-##	MTA communication with milter sockets
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`milter_stream_connect_all',`
-	gen_require(`
-		attribute milter_data_type, milter_domains;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, milter_data_type, milter_data_type, milter_domains)
-')
-
-########################################
-## <summary>
-##	Allow getattr of milter sockets
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`milter_getattr_all_sockets',`
-	gen_require(`
-		attribute milter_data_type;
-	')
-
-	getattr_sock_files_pattern($1, milter_data_type, milter_data_type)
-')
-
-########################################
-## <summary>
-##	Allow setattr of milter dirs
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`milter_setattr_all_dirs',`
-	gen_require(`
-		attribute milter_data_type;
-	')
-
-	setattr_dirs_pattern($1, milter_data_type, milter_data_type)
-')
-
-########################################
-## <summary>
-##	Manage spamassassin milter state
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`milter_manage_spamass_state',`
-	gen_require(`
-		type spamass_milter_state_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
-	manage_dirs_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
-	manage_lnk_files_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
-')
-
-#######################################
-## <summary>
-##	Delete dkim-milter PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`milter_delete_dkim_pid_files',`
-	gen_require(`
-		type dkim_milter_data_t;
-	')
-
-	files_search_pids($1)
-	delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t)
-')
diff --git a/policy/modules/services/milter.te b/policy/modules/services/milter.te
deleted file mode 100644
index f42a489..0000000
--- a/policy/modules/services/milter.te
+++ /dev/null
@@ -1,119 +0,0 @@
-policy_module(milter, 1.2.1)
-
-########################################
-#
-# Declarations
-#
-
-# attributes common to all milters
-attribute milter_domains;
-attribute milter_data_type;
-
-# support for dkim-milter - domainKeys Identified Mail sender authentication sendmail milter
-milter_template(dkim)
-
-# type for the private key of dkim-milter
-type dkim_milter_private_key_t;
-files_type(dkim_milter_private_key_t)
-
-# currently-supported milters are milter-greylist, milter-regex and spamass-milter
-milter_template(greylist)
-milter_template(regex)
-milter_template(spamass)
-
-# Type for the spamass-milter home directory, under which spamassassin will
-# store system-wide preferences, bayes databases etc. if not configured to
-# use per-user configuration
-type spamass_milter_state_t;
-files_type(spamass_milter_state_t)
-
-#######################################
-#
-# dkim-milter local policy
-#
-
-allow dkim_milter_t self:capability { kill setgid setuid };
-allow dkim_milter_t self:unix_stream_socket create_stream_socket_perms;
-
-read_files_pattern(dkim_milter_t, dkim_milter_private_key_t, dkim_milter_private_key_t)
-
-auth_use_nsswitch(dkim_milter_t)
-
-sysnet_dns_name_resolve(dkim_milter_t)
-
-mta_read_config(dkim_milter_t)
-
-########################################
-#
-# milter-greylist local policy
-#	ensure smtp clients retry mail like real MTAs and not spamware
-#	http://hcpnet.free.fr/milter-greylist/
-#
-
-# It removes any existing socket (not owned by root) whilst running as root,
-# fixes permissions, renices itself and then calls setgid() and setuid() to
-# drop privileges
-allow greylist_milter_t self:capability { chown dac_override setgid setuid sys_nice };
-allow greylist_milter_t self:process { setsched getsched };
-
-# It creates a pid file /var/run/milter-greylist.pid
-files_pid_filetrans(greylist_milter_t, greylist_milter_data_t, file)
-
-kernel_read_kernel_sysctls(greylist_milter_t)
-
-# Allow the milter to read a GeoIP database in /usr/share
-files_read_usr_files(greylist_milter_t)
-# The milter runs from /var/lib/milter-greylist and maintains files there
-files_search_var_lib(greylist_milter_t)
-
-# Look up username for dropping privs
-auth_use_nsswitch(greylist_milter_t)
-
-# Config is in /etc/mail/greylist.conf
-mta_read_config(greylist_milter_t)
-
-########################################
-#
-# milter-regex local policy
-#	filter emails using regular expressions
-#	http://www.benzedrine.cx/milter-regex.html
-#
-
-# It removes any existing socket (not owned by root) whilst running as root
-# and then calls setgid() and setuid() to drop privileges
-allow regex_milter_t self:capability { setuid setgid dac_override };
-
-# The milter's socket directory lives under /var/spool
-files_search_spool(regex_milter_t)
-
-# Look up username for dropping privs
-auth_use_nsswitch(regex_milter_t)
-
-# Config is in /etc/mail/milter-regex.conf
-mta_read_config(regex_milter_t)
-
-########################################
-#
-# spamass-milter local policy
-#	pipe emails through SpamAssassin
-#	http://savannah.nongnu.org/projects/spamass-milt/
-#
-
-# The milter runs from /var/lib/spamass-milter
-allow spamass_milter_t spamass_milter_state_t:dir search_dir_perms;
-files_search_var_lib(spamass_milter_t)
-
-kernel_read_system_state(spamass_milter_t)
-
-# When used with -b or -B options, the milter invokes sendmail to send mail
-# to a spamtrap address, using popen()
-corecmd_exec_shell(spamass_milter_t)
-corecmd_read_bin_symlinks(spamass_milter_t)
-corecmd_search_bin(spamass_milter_t)
-
-mta_send_mail(spamass_milter_t)
-
-# The main job of the milter is to pipe spam through spamc and act on the result
-optional_policy(`
-	spamassassin_domtrans_client(spamass_milter_t)
-')
diff --git a/policy/modules/services/mock.fc b/policy/modules/services/mock.fc
deleted file mode 100644
index 42bb2a3..0000000
--- a/policy/modules/services/mock.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-
-/usr/sbin/mock		--	gen_context(system_u:object_r:mock_exec_t,s0)
-
-/var/lib/mock(/.*)?		gen_context(system_u:object_r:mock_var_lib_t,s0)
-
-/var/cache/mock(/.*)?		gen_context(system_u:object_r:mock_cache_t,s0)
diff --git a/policy/modules/services/mock.if b/policy/modules/services/mock.if
deleted file mode 100644
index d76fb11..0000000
--- a/policy/modules/services/mock.if
+++ /dev/null
@@ -1,236 +0,0 @@
-## <summary>policy for mock</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run mock.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`mock_domtrans',`
-	gen_require(`
-		type mock_t, mock_exec_t;
-	')
-
-	domtrans_pattern($1, mock_exec_t, mock_t)
-')
-
-########################################
-## <summary>
-##	Search mock lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mock_search_lib',`
-	gen_require(`
-		type mock_var_lib_t;
-	')
-
-	allow $1 mock_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Read mock lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mock_read_lib_files',`
-	gen_require(`
-		type mock_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	mock lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mock_manage_lib_files',`
-	gen_require(`
-		type mock_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Manage mock lib dirs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mock_manage_lib_dirs',`
-	gen_require(`
-		type mock_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_dirs_pattern($1, mock_var_lib_t, mock_var_lib_t)
-')
-
-#########################################
-## <summary>
-##	Manage mock lib symlinks.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mock_manage_lib_symlinks',`
-	gen_require(`
-		type mock_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_lnk_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Manage mock lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mock_manage_lib_chr_files',`
-	gen_require(`
-		type mock_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_chr_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Execute mock in the mock domain, and
-##	allow the specified role the mock domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed the mock domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mock_run',`
-	gen_require(`
-		type mock_t;
-	')
-
-	mock_domtrans($1)
-	role $2 types mock_t;
-')
-
-########################################
-## <summary>
-##	Role access for mock
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mock_role',`
-	gen_require(`
-		type mock_t;
-	')
-
-	role $1 types mock_t;
-
-	mock_domtrans($2)
-
-	ps_process_pattern($2, mock_t)
-	allow $2 mock_t:process { ptrace signal_perms };
-')
-
-#######################################
-## <summary>
-##	Send a generic signal to mock.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mock_signal',`
-	gen_require(`
-		type mock_t;
-	')
-
-	allow $1 mock_t:process signal;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an mock environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mock_admin',`
-	gen_require(`
-		type mock_t, mock_var_lib_t;
-	')
-
-	allow $1 mock_t:process { ptrace signal_perms };
-	ps_process_pattern($1, mock_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, mock_var_lib_t)
-')
diff --git a/policy/modules/services/mock.te b/policy/modules/services/mock.te
deleted file mode 100644
index b05a9cd..0000000
--- a/policy/modules/services/mock.te
+++ /dev/null
@@ -1,99 +0,0 @@
-policy_module(mock,1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type mock_t;
-type mock_exec_t;
-application_domain(mock_t, mock_exec_t)
-domain_role_change_exemption(mock_t)
-domain_system_change_exemption(mock_t)
-role system_r types mock_t;
-
-permissive mock_t;
-
-type mock_cache_t;
-files_type(mock_cache_t)
-
-type mock_tmp_t;
-files_tmp_file(mock_tmp_t)
-
-type mock_var_lib_t;
-files_type(mock_var_lib_t)
-
-########################################
-#
-# mock local policy
-#
-
-allow mock_t self:capability { sys_admin setfcap setuid sys_ptrace sys_chroot chown audit_write dac_override sys_nice mknod fsetid setgid fowner };
-allow mock_t self:process { siginh noatsecure signull transition rlimitinh setsched setpgid sigkill };
-dontaudit mock_t self:process { siginh noatsecure rlimitinh };
-allow mock_t self:fifo_file manage_fifo_file_perms;
-allow mock_t self:unix_stream_socket create_stream_socket_perms;
-allow mock_t self:unix_dgram_socket create_socket_perms;
-
-manage_dirs_pattern(mock_t, mock_cache_t, mock_cache_t)
-manage_files_pattern(mock_t, mock_cache_t, mock_cache_t)
-files_var_filetrans(mock_t, mock_cache_t, { dir file } )
-
-manage_dirs_pattern(mock_t, mock_tmp_t, mock_tmp_t)
-manage_files_pattern(mock_t, mock_tmp_t, mock_tmp_t)
-files_tmp_filetrans(mock_t, mock_tmp_t, { dir file })
-can_exec(mock_t, mock_tmp_t)
-
-manage_dirs_pattern(mock_t, mock_var_lib_t, mock_var_lib_t)
-manage_files_pattern(mock_t, mock_var_lib_t, mock_var_lib_t)
-manage_lnk_files_pattern(mock_t, mock_var_lib_t, mock_var_lib_t)
-manage_chr_files_pattern(mock_t, mock_var_lib_t, mock_var_lib_t)
-files_var_lib_filetrans(mock_t, mock_var_lib_t, { dir file })
-can_exec(mock_t, mock_var_lib_t)
-allow mock_t mock_var_lib_t:dir mounton;
-
-kernel_list_proc(mock_t)
-kernel_read_irq_sysctls(mock_t)
-kernel_read_system_state(mock_t)
-kernel_read_kernel_sysctls(mock_t)
-kernel_request_load_module(mock_t)
-
-corecmd_exec_bin(mock_t)
-corecmd_exec_shell(mock_t)
-
-corenet_tcp_connect_http_port(mock_t)
-
-dev_read_urand(mock_t)
-
-domain_read_all_domains_state(mock_t)
-domain_use_interactive_fds(mock_t)
-
-files_read_etc_files(mock_t)
-files_read_usr_files(mock_t)
-
-fs_getattr_all_fs(mock_t)
-
-selinux_get_enforce_mode(mock_t)
-
-auth_use_nsswitch(mock_t)
-
-init_exec(mock_t)
-
-libs_domtrans_ldconfig(mock_t)
-
-logging_send_audit_msgs(mock_t)
-logging_send_syslog_msg(mock_t)
-
-miscfiles_read_localization(mock_t)
-
-mount_domtrans(mock_t)
-
-optional_policy(`
-	rpm_exec(mock_t)
-	rpm_manage_db(mock_t)
-	rpm_entry_type(mock_t)
-')
-
-optional_policy(`
-	apache_read_sys_content_rw_files(mock_t)
-')
diff --git a/policy/modules/services/modemmanager.fc b/policy/modules/services/modemmanager.fc
deleted file mode 100644
index a83894c..0000000
--- a/policy/modules/services/modemmanager.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/sbin/modem-manager	--	gen_context(system_u:object_r:modemmanager_exec_t,s0)
diff --git a/policy/modules/services/modemmanager.if b/policy/modules/services/modemmanager.if
deleted file mode 100644
index 7a7fc02..0000000
--- a/policy/modules/services/modemmanager.if
+++ /dev/null
@@ -1,40 +0,0 @@
-## <summary>Provides a DBus interface to communicate with mobile broadband (GSM, CDMA, UMTS, ...) cards.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run modemmanager.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`modemmanager_domtrans',`
-	gen_require(`
-		type modemmanager_t, modemmanager_exec_t;
-	')
-
-	domtrans_pattern($1, modemmanager_exec_t, modemmanager_t)
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	modemmanager over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`modemmanager_dbus_chat',`
-	gen_require(`
-		type modemmanager_t;
-		class dbus send_msg;
-	')
-
-	allow $1 modemmanager_t:dbus send_msg;
-	allow modemmanager_t $1:dbus send_msg;
-')
diff --git a/policy/modules/services/modemmanager.te b/policy/modules/services/modemmanager.te
deleted file mode 100644
index 7f18c33..0000000
--- a/policy/modules/services/modemmanager.te
+++ /dev/null
@@ -1,51 +0,0 @@
-policy_module(modemmanager, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type modemmanager_t;
-type modemmanager_exec_t;
-dbus_system_domain(modemmanager_t, modemmanager_exec_t)
-typealias modemmanager_t alias ModemManager_t;
-typealias modemmanager_exec_t alias ModemManager_exec_t;
-
-########################################
-#
-# ModemManager local policy
-#
-
-allow modemmanager_t self:capability { net_admin sys_admin sys_tty_config };
-allow modemmanager_t self:process { getsched signal };  
-allow modemmanager_t self:fifo_file rw_file_perms;
-allow modemmanager_t self:unix_stream_socket create_stream_socket_perms;
-allow modemmanager_t self:netlink_kobject_uevent_socket create_socket_perms;
-
-kernel_read_system_state(modemmanager_t)
-
-dev_read_sysfs(modemmanager_t)
-dev_rw_modem(modemmanager_t)
-
-files_read_etc_files(modemmanager_t)
-
-term_use_generic_ptys(modemmanager_t)
-term_use_unallocated_ttys(modemmanager_t)
-
-miscfiles_read_localization(modemmanager_t)
-
-logging_send_syslog_msg(modemmanager_t)
-
-networkmanager_dbus_chat(modemmanager_t)
-
-optional_policy(`
-	devicekit_dbus_chat_power(modemmanager_t)
-')
-
-optional_policy(`
-	policykit_dbus_chat(modemmanager_t)
-')
-
-optional_policy(`
-	udev_read_db(modemmanager_t)
-')
diff --git a/policy/modules/services/mojomojo.fc b/policy/modules/services/mojomojo.fc
deleted file mode 100644
index 824c979..0000000
--- a/policy/modules/services/mojomojo.fc
+++ /dev/null
@@ -1,5 +0,0 @@
-/usr/bin/mojomojo_fastcgi\.pl	--	gen_context(system_u:object_r:httpd_mojomojo_script_exec_t,s0)
-
-/usr/share/mojomojo/root(/.*)?		gen_context(system_u:object_r:httpd_mojomojo_content_t,s0)
-
-/var/lib/mojomojo(/.*)?			gen_context(system_u:object_r:httpd_mojomojo_rw_content_t,s0)
diff --git a/policy/modules/services/mojomojo.if b/policy/modules/services/mojomojo.if
deleted file mode 100644
index 88e7330..0000000
--- a/policy/modules/services/mojomojo.if
+++ /dev/null
@@ -1,42 +0,0 @@
-## <summary>MojoMojo Wiki</summary>
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an mojomojo environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mojomojo_admin',`
-	gen_require(`
-		type httpd_mojomojo_script_t, httpd_mojomojo_content_t, httpd_mojomojo_ra_content_t;
-		type httpd_mojomojo_rw_content_t, httpd_mojomojo_tmp_t, httpd_mojomojo_htaccess_t;
-		type httpd_mojomojo_script_exec_t;
-	')
-
-	allow $1 httpd_mojomojo_script_t:process { ptrace signal_perms };
-	ps_process_pattern($1, httpd_mojomojo_script_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, httpd_mojomojo_tmp_t)
-
-	files_list_var_lib(httpd_mojomojo_script_t)
-
-	apache_list_sys_content($1)
-	admin_pattern($1, httpd_mojomojo_script_exec_t)
-	admin_pattern($1, httpd_mojomojo_script_t)
-	admin_pattern($1, httpd_mojomojo_content_t)
-	admin_pattern($1, httpd_mojomojo_htaccess_t)
-	admin_pattern($1, httpd_mojomojo_rw_content_t)
-	admin_pattern($1, httpd_mojomojo_ra_content_t)
-')
diff --git a/policy/modules/services/mojomojo.te b/policy/modules/services/mojomojo.te
deleted file mode 100644
index ed69996..0000000
--- a/policy/modules/services/mojomojo.te
+++ /dev/null
@@ -1,43 +0,0 @@
-policy_module(mojomojo, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-apache_content_template(mojomojo)
-
-type httpd_mojomojo_tmp_t;
-files_tmp_file(httpd_mojomojo_tmp_t)
-
-########################################
-#
-# mojomojo local policy
-#
-
-allow httpd_mojomojo_script_t httpd_t:unix_stream_socket rw_stream_socket_perms;
-
-manage_dirs_pattern(httpd_mojomojo_script_t, httpd_mojomojo_tmp_t, httpd_mojomojo_tmp_t)
-manage_files_pattern(httpd_mojomojo_script_t, httpd_mojomojo_tmp_t, httpd_mojomojo_tmp_t)
-files_tmp_filetrans(httpd_mojomojo_script_t, httpd_mojomojo_tmp_t, { file dir })
-
-corenet_tcp_connect_postgresql_port(httpd_mojomojo_script_t)
-corenet_tcp_connect_mysqld_port(httpd_mojomojo_script_t)
-corenet_tcp_connect_smtp_port(httpd_mojomojo_script_t)
-corenet_sendrecv_postgresql_client_packets(httpd_mojomojo_script_t)
-corenet_sendrecv_mysqld_client_packets(httpd_mojomojo_script_t)
-corenet_sendrecv_smtp_client_packets(httpd_mojomojo_script_t)
-
-files_search_var_lib(httpd_mojomojo_script_t)
-
-sysnet_dns_name_resolve(httpd_mojomojo_script_t)
-
-mta_send_mail(httpd_mojomojo_script_t)
-
-optional_policy(`
-	mysql_stream_connect(httpd_mojomojo_script_t)
-')
-
-optional_policy(`
-	postgresql_stream_connect(httpd_mojomojo_script_t)
-')
diff --git a/policy/modules/services/monop.fc b/policy/modules/services/monop.fc
deleted file mode 100644
index 9ee4028..0000000
--- a/policy/modules/services/monop.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-/etc/monopd\.conf	--	gen_context(system_u:object_r:monopd_etc_t,s0)
-
-/usr/sbin/monopd	--	gen_context(system_u:object_r:monopd_exec_t,s0)
-/usr/share/monopd/games(/.*)?	gen_context(system_u:object_r:monopd_share_t,s0)
diff --git a/policy/modules/services/monop.if b/policy/modules/services/monop.if
deleted file mode 100644
index 2611351..0000000
--- a/policy/modules/services/monop.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>Monopoly daemon</summary>
diff --git a/policy/modules/services/monop.te b/policy/modules/services/monop.te
deleted file mode 100644
index 6647a35..0000000
--- a/policy/modules/services/monop.te
+++ /dev/null
@@ -1,85 +0,0 @@
-policy_module(monop, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type monopd_t;
-type monopd_exec_t;
-init_daemon_domain(monopd_t, monopd_exec_t)
-
-type monopd_etc_t;
-files_config_file(monopd_etc_t)
-
-type monopd_share_t;
-files_type(monopd_share_t)
-
-type monopd_var_run_t;
-files_pid_file(monopd_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-dontaudit monopd_t self:capability sys_tty_config;
-allow monopd_t self:process signal_perms;
-allow monopd_t self:tcp_socket create_stream_socket_perms;
-allow monopd_t self:udp_socket create_socket_perms;
-
-allow monopd_t monopd_etc_t:file read_file_perms;
-files_search_etc(monopd_t)
-
-allow monopd_t monopd_share_t:dir list_dir_perms;
-read_files_pattern(monopd_t, monopd_share_t, monopd_share_t)
-read_lnk_files_pattern(monopd_t, monopd_share_t, monopd_share_t)
-
-manage_files_pattern(monopd_t, monopd_var_run_t, monopd_var_run_t)
-files_pid_filetrans(monopd_t, monopd_var_run_t, file)
-
-kernel_read_kernel_sysctls(monopd_t)
-kernel_list_proc(monopd_t)
-kernel_read_proc_symlinks(monopd_t)
-
-corenet_all_recvfrom_unlabeled(monopd_t)
-corenet_all_recvfrom_netlabel(monopd_t)
-corenet_tcp_sendrecv_generic_if(monopd_t)
-corenet_udp_sendrecv_generic_if(monopd_t)
-corenet_tcp_sendrecv_generic_node(monopd_t)
-corenet_udp_sendrecv_generic_node(monopd_t)
-corenet_tcp_sendrecv_all_ports(monopd_t)
-corenet_udp_sendrecv_all_ports(monopd_t)
-corenet_tcp_bind_generic_node(monopd_t)
-corenet_tcp_bind_monopd_port(monopd_t)
-corenet_sendrecv_monopd_server_packets(monopd_t)
-
-dev_read_sysfs(monopd_t)
-
-domain_use_interactive_fds(monopd_t)
-
-files_read_etc_files(monopd_t)
-
-fs_getattr_all_fs(monopd_t)
-fs_search_auto_mountpoints(monopd_t)
-
-logging_send_syslog_msg(monopd_t)
-
-miscfiles_read_localization(monopd_t)
-
-sysnet_read_config(monopd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(monopd_t)
-userdom_dontaudit_search_user_home_dirs(monopd_t)
-
-optional_policy(`
-	nis_use_ypbind(monopd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(monopd_t)
-')
-
-optional_policy(`
-	udev_read_db(monopd_t)
-')
diff --git a/policy/modules/services/mpd.fc b/policy/modules/services/mpd.fc
deleted file mode 100644
index 564b22d..0000000
--- a/policy/modules/services/mpd.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-
-/etc/mpd\.conf		--      gen_context(system_u:object_r:mpd_etc_t,s0)
-
-/etc/rc\.d/init\.d/mpd	--	gen_context(system_u:object_r:mpd_initrc_exec_t,s0)
-
-/usr/bin/mpd		--	gen_context(system_u:object_r:mpd_exec_t,s0)
-
-/var/lib/mpd(/.*)?		gen_context(system_u:object_r:mpd_var_lib_t,s0)
-/var/lib/mpd/music(/.*)?       gen_context(system_u:object_r:mpd_data_t,s0)    
-/var/lib/mpd/playlists(/.*)?   gen_context(system_u:object_r:mpd_data_t,s0)
diff --git a/policy/modules/services/mpd.if b/policy/modules/services/mpd.if
deleted file mode 100644
index 311aaed..0000000
--- a/policy/modules/services/mpd.if
+++ /dev/null
@@ -1,267 +0,0 @@
-## <summary>policy for daemon for playing music</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run mpd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`mpd_domtrans',`
-	gen_require(`
-		type mpd_t, mpd_exec_t;
-	')
-
-	domtrans_pattern($1, mpd_exec_t, mpd_t)
-')
-
-########################################
-## <summary>
-##	Execute mpd server in the mpd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mpd_initrc_domtrans',`
-	gen_require(`
-		type mpd_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, mpd_initrc_exec_t)
-')
-
-#######################################
-## <summary>
-##	Read mpd data files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mpd_read_data_files',`
-	gen_require(`
-		type mpd_data_t;
-	')
-
-	mpd_search_lib($1)
-	read_files_pattern($1, mpd_data_t, mpd_data_t)
-')
-
-#######################################
-## <summary>
-##	Read mpd tmpfs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mpd_read_tmpfs_files',`
-	gen_require(`
-		type mpd_tmpfs_t;
-	')
-
-	fs_search_tmpfs($1)
-	read_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
-')
-
-###################################
-## <summary>
-##	Manage mpd tmpfs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mpd_manage_tmpfs_files',`
-	gen_require(`
-		type mpd_tmpfs_t;
-	')
-
-	fs_search_tmpfs($1)
-	manage_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
-	manage_lnk_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
-')
-
-######################################
-## <summary>
-##	Manage mpd data files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mpd_manage_data_files',`
-	gen_require(`
-		type mpd_data_t;
-	')
-
-	mpd_search_lib($1)
-	manage_files_pattern($1, mpd_data_t, mpd_data_t)
-')
-
-########################################
-## <summary>
-##	Search mpd lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mpd_search_lib',`
-	gen_require(`
-		type mpd_var_lib_t;
-	')
-
-	allow $1 mpd_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Read mpd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mpd_read_lib_files',`
-	gen_require(`
-		type mpd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	mpd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mpd_manage_lib_files',`
-	gen_require(`
-		type mpd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
-')
-
-#######################################
-## <summary>
-##	Create an object in the root directory, with a private
-##	type using a type transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private type">
-##	<summary>
-##	The type of the object to be created.
-##	</summary>
-## </param>
-## <param name="object">
-##	<summary>
-##	The object class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`mpd_var_lib_filetrans',`
-	gen_require(`
-		type mpd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	filetrans_pattern($1, mpd_var_lib_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Manage mpd lib dirs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mpd_manage_lib_dirs',`
-	gen_require(`
-		type mpd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_dirs_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an mpd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mpd_admin',`
-	gen_require(`
-		type mpd_t, mpd_initrc_exec_t, mpd_etc_t;
-		type mpd_data_t, mpd_log_t, mpd_var_lib_t;
-		type mpd_tmpfs_t;
-	')
-
-	allow $1 mpd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, mpd_t)
-
-	mpd_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 mpd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	admin_pattern($1, mpd_etc_t)
-	files_list_etc($1)
-
-	files_list_var_lib($1)
-	admin_pattern($1, mpd_var_lib_t)
-
-	admin_pattern($1, mpd_data_t)
-
-	admin_pattern($1, mpd_log_t)
-
-	fs_list_tmpfs($1)
-	admin_pattern($1, mpd_tmpfs_t)
-')
diff --git a/policy/modules/services/mpd.te b/policy/modules/services/mpd.te
deleted file mode 100644
index 84bc8bb..0000000
--- a/policy/modules/services/mpd.te
+++ /dev/null
@@ -1,110 +0,0 @@
-policy_module(mpd, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type mpd_t;
-type mpd_exec_t;
-init_daemon_domain(mpd_t, mpd_exec_t)
-
-permissive mpd_t;
-
-type mpd_initrc_exec_t;
-init_script_file(mpd_initrc_exec_t)
-
-type mpd_etc_t;
-files_config_file(mpd_etc_t)
-
-# type for music content
-type mpd_data_t;
-files_type(mpd_data_t)
-
-type mpd_log_t;
-logging_log_file(mpd_log_t)
-
-type mpd_tmp_t;
-files_tmp_file(mpd_tmp_t)
-
-type mpd_tmpfs_t;
-files_tmpfs_file(mpd_tmpfs_t)
-
-type mpd_var_lib_t;
-files_type(mpd_var_lib_t)
-
-########################################
-#
-# mpd local policy
-#
-
-#cjp: dac_override bug in mpd relating to mpd.log file
-allow mpd_t self:capability { dac_override kill setgid setuid };
-allow mpd_t self:process { getsched setsched setrlimit signal signull };
-allow mpd_t self:fifo_file rw_fifo_file_perms;
-allow mpd_t self:unix_stream_socket { connectto create_stream_socket_perms };
-allow mpd_t self:tcp_socket create_stream_socket_perms;
-allow mpd_t self:netlink_kobject_uevent_socket create_socket_perms;
-allow mpd_t self:unix_dgram_socket { create_socket_perms sendto };
-
-read_files_pattern(mpd_t, mpd_etc_t, mpd_etc_t)
-
-manage_dirs_pattern(mpd_t, mpd_data_t, mpd_data_t)
-manage_files_pattern(mpd_t, mpd_data_t, mpd_data_t)
-
-manage_dirs_pattern(mpd_t, mpd_tmp_t, mpd_tmp_t)
-manage_files_pattern(mpd_t, mpd_tmp_t, mpd_tmp_t)
-manage_sock_files_pattern(mpd_t, mpd_tmp_t, mpd_tmp_t)
-files_tmp_filetrans(mpd_t, mpd_tmp_t, { dir file sock_file })
-
-manage_files_pattern(mpd_t, mpd_tmpfs_t, mpd_tmpfs_t)
-manage_dirs_pattern(mpd_t, mpd_tmpfs_t, mpd_tmpfs_t)
-fs_tmpfs_filetrans(mpd_t, mpd_tmpfs_t, file )
-
-manage_dirs_pattern(mpd_t, mpd_var_lib_t, mpd_var_lib_t)
-manage_files_pattern(mpd_t, mpd_var_lib_t, mpd_var_lib_t)
-manage_lnk_files_pattern(mpd_t, mpd_var_lib_t, mpd_var_lib_t)
-files_var_lib_filetrans(mpd_t, mpd_var_lib_t, { dir file lnk_file })
-
-kernel_read_system_state(mpd_t)
-kernel_read_kernel_sysctls(mpd_t)
-
-corecmd_exec_bin(mpd_t)
-
-corenet_sendrecv_pulseaudio_client_packets(mpd_t)
-corenet_tcp_connect_http_port(mpd_t)
-corenet_tcp_connect_http_cache_port(mpd_t)
-corenet_tcp_connect_pulseaudio_port(mpd_t)
-corenet_tcp_bind_mpd_port(mpd_t)
-corenet_tcp_bind_soundd_port(mpd_t)
-
-dev_read_sysfs(mpd_t)
-
-files_read_usr_files(mpd_t)
-
-fs_getattr_tmpfs(mpd_t)
-fs_list_inotifyfs(mpd_t)
-fs_rw_anon_inodefs_files(mpd_t)
-
-auth_use_nsswitch(mpd_t)
-
-logging_send_syslog_msg(mpd_t)
-
-miscfiles_read_localization(mpd_t)
-
-userdom_read_home_audio_files(mpd_t)
-userdom_read_user_tmpfs_files(mpd_t)
-
-optional_policy(`
-	dbus_system_bus_client(mpd_t)
-')
-
-optional_policy(`
-	pulseaudio_exec(mpd_t)
-	pulseaudio_stream_connect(mpd_t)
-	pulseaudio_signull(mpd_t)
-')
-
-optional_policy(`
-	udev_read_db(mpd_t)
-')
diff --git a/policy/modules/services/mta.fc b/policy/modules/services/mta.fc
deleted file mode 100644
index c526ce8..0000000
--- a/policy/modules/services/mta.fc
+++ /dev/null
@@ -1,34 +0,0 @@
-HOME_DIR/\.forward	--	gen_context(system_u:object_r:mail_home_t,s0)
-HOME_DIR/dead.letter	--	gen_context(system_u:object_r:mail_home_t,s0)
-
-/bin/mail(x)?		--	gen_context(system_u:object_r:sendmail_exec_t,s0)
-
-/etc/aliases		--	gen_context(system_u:object_r:etc_aliases_t,s0)
-/etc/aliases\.db	--	gen_context(system_u:object_r:etc_aliases_t,s0)
-/etc/mail(/.*)?			gen_context(system_u:object_r:etc_mail_t,s0)
-/etc/mail/aliases	--	gen_context(system_u:object_r:etc_aliases_t,s0)
-/etc/mail/aliases\.db	--	gen_context(system_u:object_r:etc_aliases_t,s0)
-ifdef(`distro_redhat',`
-/etc/postfix/aliases.*		gen_context(system_u:object_r:etc_aliases_t,s0)
-')
-
-/root/\.forward	--	gen_context(system_u:object_r:mail_home_t,s0)
-/root/dead.letter	--	gen_context(system_u:object_r:mail_home_t,s0)
-
-/usr/bin/esmtp			-- gen_context(system_u:object_r:sendmail_exec_t,s0)
-
-/usr/lib(64)?/sendmail	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
-/usr/lib/courier/bin/sendmail	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
-
-/usr/sbin/rmail		--	gen_context(system_u:object_r:sendmail_exec_t,s0)
-/usr/sbin/sendmail\.postfix --	gen_context(system_u:object_r:sendmail_exec_t,s0)
-/usr/sbin/sendmail(\.sendmail)? -- gen_context(system_u:object_r:sendmail_exec_t,s0)
-/usr/sbin/ssmtp 		-- gen_context(system_u:object_r:sendmail_exec_t,s0)
-
-/var/mail(/.*)?			gen_context(system_u:object_r:mail_spool_t,s0)
-
-/var/qmail/bin/sendmail	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
-
-/var/spool/imap(/.*)?		gen_context(system_u:object_r:mail_spool_t,s0)
-/var/spool/(client)?mqueue(/.*)? gen_context(system_u:object_r:mqueue_spool_t,s0)
-/var/spool/mail(/.*)?		gen_context(system_u:object_r:mail_spool_t,s0)
diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if
deleted file mode 100644
index 2f948ad..0000000
--- a/policy/modules/services/mta.if
+++ /dev/null
@@ -1,985 +0,0 @@
-## <summary>Policy common to all email tranfer agents.</summary>
-
-########################################
-## <summary>
-##	MTA stub interface.  No access allowed.
-## </summary>
-## <param name="domain" unused="true">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_stub',`
-	gen_require(`
-		type sendmail_exec_t;
-	')
-')
-
-#######################################
-## <summary>
-##	Basic mail transfer agent domain template.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a derived domain which is
-##	a email transfer agent, which sends mail on
-##	behalf of the user.
-##	</p>
-##	<p>
-##	This is the basic types and rules, common
-##	to the system agent and user agents.
-##	</p>
-## </desc>
-## <param name="domain_prefix">
-##	<summary>
-##	The prefix of the domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <rolecap/>
-#
-template(`mta_base_mail_template',`
-	gen_require(`
-		attribute user_mail_domain;
-		type sendmail_exec_t;
-	')
-
-	##############################
-	#
-	# $1_mail_t declarations
-	#
-
-	type $1_mail_t, user_mail_domain;
-	application_domain($1_mail_t, sendmail_exec_t)
-
-	type $1_mail_tmp_t;
-	files_tmp_file($1_mail_tmp_t)
-
-	##############################
-	#
-	# $1_mail_t local policy
-	#
-
-	allow $1_mail_t self:capability { setuid setgid chown };
-	allow $1_mail_t self:process { signal_perms setrlimit };
-	allow $1_mail_t self:tcp_socket create_socket_perms;
-
-	# re-exec itself
-	can_exec($1_mail_t, sendmail_exec_t)
-	allow $1_mail_t sendmail_exec_t:lnk_file read_lnk_file_perms;
-
-	kernel_read_system_state($1_mail_t)
-	kernel_read_kernel_sysctls($1_mail_t)
-
-	corenet_all_recvfrom_unlabeled($1_mail_t)
-	corenet_all_recvfrom_netlabel($1_mail_t)
-	corenet_tcp_sendrecv_generic_if($1_mail_t)
-	corenet_tcp_sendrecv_generic_node($1_mail_t)
-	corenet_tcp_sendrecv_all_ports($1_mail_t)
-	corenet_tcp_connect_all_ports($1_mail_t)
-	corenet_tcp_connect_smtp_port($1_mail_t)
-	corenet_sendrecv_smtp_client_packets($1_mail_t)
-
-	corecmd_exec_bin($1_mail_t)
-
-	files_read_etc_files($1_mail_t)
-	files_search_spool($1_mail_t)
-	# It wants to check for nscd
-	files_dontaudit_search_pids($1_mail_t)
-
-	auth_use_nsswitch($1_mail_t)
-
-	init_dontaudit_rw_utmp($1_mail_t)
-
-	logging_send_syslog_msg($1_mail_t)
-
-	miscfiles_read_localization($1_mail_t)
-
-	optional_policy(`
-		exim_read_log($1_mail_t)
-		exim_append_log($1_mail_t)
-		exim_manage_spool_files($1_mail_t)
-	')
-
-	optional_policy(`
-		postfix_domtrans_user_mail_handler($1_mail_t)
-	')
-
-	optional_policy(`
-		procmail_exec($1_mail_t)
-	')
-
-	optional_policy(`
-		qmail_domtrans_inject($1_mail_t)
-	')
-
-	optional_policy(`
-		gen_require(`
-			type etc_mail_t, mail_spool_t, mqueue_spool_t;
-		')
-
-		manage_dirs_pattern($1_mail_t, $1_mail_tmp_t, $1_mail_tmp_t)
-		manage_files_pattern($1_mail_t, $1_mail_tmp_t, $1_mail_tmp_t)
-		files_tmp_filetrans($1_mail_t, $1_mail_tmp_t, { file dir })
-
-		allow $1_mail_t etc_mail_t:dir search_dir_perms;
-
-		# Write to /var/spool/mail and /var/spool/mqueue.
-		manage_files_pattern($1_mail_t, mail_spool_t, mail_spool_t)
-		manage_files_pattern($1_mail_t, mqueue_spool_t, mqueue_spool_t)
-
-		# Check available space.
-		fs_getattr_xattr_fs($1_mail_t)
-
-		files_read_etc_runtime_files($1_mail_t)
-
-		# Write to /var/log/sendmail.st
-		sendmail_manage_log($1_mail_t)
-		sendmail_create_log($1_mail_t)
-	')
-
-	optional_policy(`
-		uucp_manage_spool($1_mail_t)
-	')
-')
-
-########################################
-## <summary>
-##	Role access for mta
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mta_role',`
-	gen_require(`
-		attribute mta_user_agent;
-		type user_mail_t, sendmail_exec_t;
-	')
-
-	role $1 types { user_mail_t mta_user_agent };
-
-	# Transition from the user domain to the derived domain.
-	domtrans_pattern($2, sendmail_exec_t, user_mail_t)
-	allow $2 sendmail_exec_t:lnk_file read_lnk_file_perms;
-
-	allow mta_user_agent $2:fd use;
-	allow mta_user_agent $2:process sigchld;
-	allow mta_user_agent $2:fifo_file { read write };
-')
-
-########################################
-## <summary>
-##	Make the specified domain usable for a mail server.
-## </summary>
-## <param name="type">
-##	<summary>
-##	Type to be used as a mail server domain.
-##	</summary>
-## </param>
-## <param name="entry_point">
-##	<summary>
-##	Type of the program to be used as an entry point to this domain.
-##	</summary>
-## </param>
-#
-interface(`mta_mailserver',`
-	gen_require(`
-		attribute mailserver_domain;
-	')
-
-	init_daemon_domain($1, $2)
-	typeattribute $1 mailserver_domain;
-')
-
-########################################
-## <summary>
-##	Make the specified type a MTA executable file.
-## </summary>
-## <param name="type">
-##	<summary>
-##	Type to be used as a mail client.
-##	</summary>
-## </param>
-#
-interface(`mta_agent_executable',`
-	gen_require(`
-		attribute mta_exec_type;
-	')
-
-	typeattribute $1 mta_exec_type;
-
-	application_executable_file($1)
-')
-
-######################################
-## <summary>
-##  Dontaudit read and write an leaked file descriptors
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`mta_dontaudit_leaks_system_mail',`
-	gen_require(`
-		type system_mail_t;
-	')
-
-	dontaudit $1 system_mail_t:fifo_file write;
-	dontaudit $1 system_mail_t:tcp_socket { read write };
-')
-
-########################################
-## <summary>
-##	Make the specified type by a system MTA.
-## </summary>
-## <param name="type">
-##	<summary>
-##	Type to be used as a mail client.
-##	</summary>
-## </param>
-#
-interface(`mta_system_content',`
-	gen_require(`
-		attribute mailcontent_type;
-	')
-
-	typeattribute $1 mailcontent_type;
-')
-
-########################################
-## <summary>
-##	Modified mailserver interface for
-##	sendmail daemon use.
-## </summary>
-## <desc>
-##	<p>
-##	A modified MTA mail server interface for
-##	the sendmail program.  It's design does
-##	not fit well with policy, and using the
-##	regular interface causes a type_transition
-##	conflict if direct running of init scripts
-##	is enabled.
-##	</p>
-##	<p>
-##	This interface should most likely only be used
-##	by the sendmail policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	The type to be used for the mail server.
-##	</summary>
-## </param>
-#
-interface(`mta_sendmail_mailserver',`
-	gen_require(`
-		attribute mailserver_domain;
-		type sendmail_exec_t;
-	')
-
-	init_system_domain($1, sendmail_exec_t)
-	typeattribute $1 mailserver_domain;
-')
-
-#######################################
-## <summary>
-##	Make a type a mailserver type used
-##	for sending mail.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Mail server domain type used for sending mail.
-##	</summary>
-## </param>
-#
-interface(`mta_mailserver_sender',`
-	gen_require(`
-		attribute mailserver_sender;
-	')
-
-	typeattribute $1 mailserver_sender;
-')
-
-#######################################
-## <summary>
-##	Make a type a mailserver type used
-##	for delivering mail to local users.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Mail server domain type used for delivering mail.
-##	</summary>
-## </param>
-#
-interface(`mta_mailserver_delivery',`
-	gen_require(`
-		attribute mailserver_delivery;
-	')
-
-	typeattribute $1 mailserver_delivery;
-')
-
-#######################################
-## <summary>
-##	Make a type a mailserver type used
-##	for sending mail on behalf of local
-##	users to the local mail spool.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Mail server domain type used for sending local mail.
-##	</summary>
-## </param>
-#
-interface(`mta_mailserver_user_agent',`
-	gen_require(`
-		attribute mta_user_agent;
-	')
-
-	typeattribute $1 mta_user_agent;
-')
-
-########################################
-## <summary>
-##	Send mail from the system.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`mta_send_mail',`
-	gen_require(`
-		attribute mta_user_agent, mta_exec_type;
-		type system_mail_t;
-	')
-
-	allow $1 mta_exec_type:lnk_file read_lnk_file_perms;
-	corecmd_read_bin_symlinks($1)
-	domtrans_pattern($1, mta_exec_type, system_mail_t)
-
-	allow mta_user_agent $1:fd use;
-	allow mta_user_agent $1:process sigchld;
-	allow mta_user_agent $1:fifo_file rw_fifo_file_perms;
-
-	ifdef(`hide_broken_symptoms',`
-		dontaudit system_mail_t $1:socket_class_set { read write };
-	')
-')
-
-########################################
-## <summary>
-##	Execute send mail in a specified domain.
-## </summary>
-## <desc>
-##	<p>
-##	Execute send mail in a specified domain.
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-## </desc>
-## <param name="source_domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	Domain to transition to.
-##	</summary>
-## </param>
-#
-interface(`mta_sendmail_domtrans',`
-	gen_require(`
-		attribute mta_exec_type;
-	')
-
-	files_search_usr($1)
-	allow $1 mta_exec_type:lnk_file read_lnk_file_perms;
-	corecmd_read_bin_symlinks($1)
-
-	allow $2 mta_exec_type:file entrypoint;
-	domtrans_pattern($1, mta_exec_type, $2)
-')
-
-########################################
-## <summary>
-##	Send system mail client a signal
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_signal_system_mail',`
-	gen_require(`
-		type system_mail_t;
-	')
-
-	allow $1 system_mail_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send system mail client a kill signal
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_kill_system_mail',`
-	gen_require(`
-		type system_mail_t;
-	')
-
-	allow $1 system_mail_t:process sigkill;
-')
-
-########################################
-## <summary>
-##	Execute sendmail in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_sendmail_exec',`
-	gen_require(`
-		type sendmail_exec_t;
-	')
-
-	can_exec($1, sendmail_exec_t)
-')
-
-########################################
-## <summary>
-##	Read mail server configuration.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mta_read_config',`
-	gen_require(`
-		type etc_mail_t;
-	')
-
-	files_search_etc($1)
-	allow $1 etc_mail_t:dir list_dir_perms;
-	read_files_pattern($1, etc_mail_t, etc_mail_t)
-	read_lnk_files_pattern($1, etc_mail_t, etc_mail_t)
-')
-
-########################################
-## <summary>
-##	write mail server configuration.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mta_write_config',`
-	gen_require(`
-		type etc_mail_t;
-	')
-
-	manage_files_pattern($1, etc_mail_t, etc_mail_t)
-	allow $1 etc_mail_t:file setattr_file_perms;
-')
-
-########################################
-## <summary>
-##	Read mail address aliases.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_read_aliases',`
-	gen_require(`
-		type etc_aliases_t;
-	')
-
-	files_search_etc($1)
-	allow $1 etc_aliases_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete mail address aliases.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_manage_aliases',`
-	gen_require(`
-		type etc_aliases_t;
-	')
-
-	files_search_etc($1)
-	manage_files_pattern($1, etc_aliases_t, etc_aliases_t)
-	manage_lnk_files_pattern($1, etc_aliases_t, etc_aliases_t)
-')
-
-########################################
-## <summary>
-##	Type transition files created in /etc
-##	to the mail address aliases type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_etc_filetrans_aliases',`
-	gen_require(`
-		type etc_aliases_t;
-	')
-
-	files_etc_filetrans($1, etc_aliases_t, file)
-')
-
-########################################
-## <summary>
-##	Read and write mail aliases.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mta_rw_aliases',`
-	gen_require(`
-		type etc_aliases_t;
-	')
-
-	files_search_etc($1)
-	allow $1 etc_aliases_t:file { rw_file_perms setattr_file_perms };
-')
-
-#######################################
-## <summary>
-##	Do not audit attempts to read and write TCP
-##	sockets of mail delivery domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`mta_dontaudit_rw_delivery_tcp_sockets',`
-	gen_require(`
-		attribute mailserver_delivery;
-	')
-
-	dontaudit $1 mailserver_delivery:tcp_socket { read write };
-')
-
-#######################################
-## <summary>
-##	Connect to all mail servers over TCP.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_tcp_connect_all_mailservers',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-#######################################
-## <summary>
-##	Do not audit attempts to read a symlink
-##	in the mail spool.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`mta_dontaudit_read_spool_symlinks',`
-	gen_require(`
-		type mail_spool_t;
-	')
-
-	dontaudit $1 mail_spool_t:lnk_file read;
-')
-
-########################################
-## <summary>
-##	Get the attributes of mail spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_getattr_spool',`
-	gen_require(`
-		type mail_spool_t;
-	')
-
-	files_search_spool($1)
-	allow $1 mail_spool_t:dir list_dir_perms;
-	getattr_files_pattern($1, mail_spool_t, mail_spool_t)
-	read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of mail spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`mta_dontaudit_getattr_spool_files',`
-	gen_require(`
-		type mail_spool_t;
-	')
-
-	files_dontaudit_search_spool($1)
-	dontaudit $1 mail_spool_t:dir search_dir_perms;
-	dontaudit $1 mail_spool_t:lnk_file read_lnk_file_perms;
-	dontaudit $1 mail_spool_t:file getattr_file_perms;
-')
-
-#######################################
-## <summary>
-##	Create private objects in the
-##	mail spool directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private type">
-##	<summary>
-##	The type of the object to be created.
-##	</summary>
-## </param>
-## <param name="object">
-##	<summary>
-##	The object class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`mta_spool_filetrans',`
-	gen_require(`
-		type mail_spool_t;
-	')
-
-	files_search_spool($1)
-	filetrans_pattern($1, mail_spool_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Read and write the mail spool.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_rw_spool',`
-	gen_require(`
-		type mail_spool_t;
-	')
-
-	files_search_spool($1)
-	allow $1 mail_spool_t:dir list_dir_perms;
-	allow $1 mail_spool_t:file setattr_file_perms;
-	manage_files_pattern($1, mail_spool_t, mail_spool_t)
-	read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
-')
-
-#######################################
-## <summary>
-##	Create, read, and write the mail spool.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_append_spool',`
-	gen_require(`
-		type mail_spool_t;
-	')
-
-	files_search_spool($1)
-	allow $1 mail_spool_t:dir list_dir_perms;
-	create_files_pattern($1, mail_spool_t, mail_spool_t)
-	write_files_pattern($1, mail_spool_t, mail_spool_t)
-	read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
-')
-
-#######################################
-## <summary>
-##	Delete from the mail spool.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_delete_spool',`
-	gen_require(`
-		type mail_spool_t;
-	')
-
-	files_search_spool($1)
-	delete_files_pattern($1, mail_spool_t, mail_spool_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete mail spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_manage_spool',`
-	gen_require(`
-		type mail_spool_t;
-	')
-
-	files_search_spool($1)
-	manage_dirs_pattern($1, mail_spool_t, mail_spool_t)
-	manage_files_pattern($1, mail_spool_t, mail_spool_t)
-	manage_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
-')
-
-########################################
-## <summary>
-##	Search mail queue dirs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_search_queue',`
-	gen_require(`
-		type mqueue_spool_t;
-	')
-
-	files_search_spool($1)
-	allow $1 mqueue_spool_t:dir search_dir_perms;
-')
-
-#######################################
-## <summary>
-##	List the mail queue.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_list_queue',`
-	gen_require(`
-		type mqueue_spool_t;
-	')
-
-	allow $1 mqueue_spool_t:dir list_dir_perms;
-	files_search_spool($1)
-')
-
-#######################################
-## <summary>
-##	Read the mail queue.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_read_queue',`
-	gen_require(`
-		type mqueue_spool_t;
-	')
-
-	read_files_pattern($1, mqueue_spool_t, mqueue_spool_t)
-	files_search_spool($1)
-')
-
-#######################################
-## <summary>
-##	Do not audit attempts to read and
-##	write the mail queue.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`mta_dontaudit_rw_queue',`
-	gen_require(`
-		type mqueue_spool_t;
-	')
-
-	dontaudit $1 mqueue_spool_t:dir search_dir_perms;
-	dontaudit $1 mqueue_spool_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	mail queue files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_manage_queue',`
-	gen_require(`
-		type mqueue_spool_t;
-	')
-
-	files_search_spool($1)
-	manage_dirs_pattern($1, mqueue_spool_t, mqueue_spool_t)
-	manage_files_pattern($1, mqueue_spool_t, mqueue_spool_t)
-')
-
-#######################################
-## <summary>
-##	Read sendmail binary.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for postfix
-interface(`mta_read_sendmail_bin',`
-	gen_require(`
-		type sendmail_exec_t;
-	')
-
-	allow $1 sendmail_exec_t:file read_file_perms;
-')
-
-#######################################
-## <summary>
-##	Read and write unix domain stream sockets
-##	of user mail domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_rw_user_mail_stream_sockets',`
-	gen_require(`
-		attribute user_mail_domain;
-	')
-
-	allow $1 user_mail_domain:unix_stream_socket rw_socket_perms;
-')
-
-########################################
-## <summary>
-##	Type transition files created in calling dir 
-##	to the mail address aliases type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	Directory to transition on.
-##	</summary>
-## </param>
-#
-interface(`mta_filetrans_aliases',`
-	gen_require(`
-		type etc_aliases_t;
-	')
-
-	filetrans_pattern($1, $2, etc_aliases_t, file)
-')
-
-######################################
-## <summary>
-##	ALlow domain to read mail content in the homedir
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mta_read_home',`
-	gen_require(`
-		type mail_home_t;
-	')
-
-	userdom_search_user_home_dirs($1)
-	read_files_pattern($1, mail_home_t, mail_home_t)
-
-	ifdef(`distro_redhat',`
-		userdom_search_admin_dir($1)
-	')
-')
diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te
deleted file mode 100644
index 36e64e9..0000000
--- a/policy/modules/services/mta.te
+++ /dev/null
@@ -1,334 +0,0 @@
-policy_module(mta, 2.3.0)
-
-########################################
-#
-# Declarations
-#
-
-attribute mailcontent_type;
-attribute mta_exec_type;
-attribute mta_user_agent;
-attribute mailserver_delivery;
-attribute mailserver_domain;
-attribute mailserver_sender;
-
-attribute user_mail_domain;
-
-type etc_aliases_t;
-files_type(etc_aliases_t)
-
-type etc_mail_t;
-files_config_file(etc_mail_t)
-
-type mail_home_t alias mail_forward_t;
-userdom_user_home_content(mail_home_t)
-
-type mqueue_spool_t;
-files_mountpoint(mqueue_spool_t)
-
-type mail_spool_t;
-files_mountpoint(mail_spool_t)
-
-type sendmail_exec_t;
-mta_agent_executable(sendmail_exec_t)
-
-mta_base_mail_template(system)
-role system_r types system_mail_t;
-
-mta_base_mail_template(user)
-typealias user_mail_t alias { staff_mail_t sysadm_mail_t };
-typealias user_mail_t alias { auditadm_mail_t secadm_mail_t };
-typealias user_mail_tmp_t alias { staff_mail_tmp_t sysadm_mail_tmp_t };
-typealias user_mail_tmp_t alias { auditadm_mail_tmp_t secadm_mail_tmp_t };
-ubac_constrained(user_mail_t)
-ubac_constrained(user_mail_tmp_t)
-
-########################################
-#
-# System mail local policy
-#
-
-# newalias required this, not sure if it is needed in 'if' file
-allow system_mail_t self:capability { dac_override fowner };
-
-read_files_pattern(system_mail_t, mailcontent_type, mailcontent_type)
-
-dev_read_sysfs(system_mail_t)
-dev_read_rand(system_mail_t)
-dev_read_urand(system_mail_t)
-
-files_read_usr_files(system_mail_t)
-
-fs_rw_anon_inodefs_files(system_mail_t)
-
-selinux_getattr_fs(system_mail_t)
-
-term_dontaudit_use_unallocated_ttys(system_mail_t)
-
-init_use_script_ptys(system_mail_t)
-
-userdom_use_user_terminals(system_mail_t)
-userdom_dontaudit_search_user_home_dirs(system_mail_t)
-userdom_dontaudit_list_admin_dir(system_mail_t)
-
-logging_append_all_logs(system_mail_t)
-
-optional_policy(`
-	apache_read_squirrelmail_data(system_mail_t)
-	apache_append_squirrelmail_data(system_mail_t)
-
-	# apache should set close-on-exec
-	apache_dontaudit_append_log(system_mail_t)
-	apache_dontaudit_rw_stream_sockets(system_mail_t)
-	apache_dontaudit_rw_tcp_sockets(system_mail_t)
-	apache_dontaudit_rw_sys_script_stream_sockets(system_mail_t)
-	apache_dontaudit_write_tmp_files(system_mail_t)
-
-	# apache should set close-on-exec
-	apache_dontaudit_rw_stream_sockets(mta_user_agent)
-	apache_dontaudit_rw_sys_script_stream_sockets(mta_user_agent)
-	apache_append_log(mta_user_agent)
-')
-
-optional_policy(`
-	arpwatch_manage_tmp_files(system_mail_t)
-
-	ifdef(`hide_broken_symptoms',`
-		arpwatch_dontaudit_rw_packet_sockets(system_mail_t)
-	')
-')
-
-optional_policy(`
-	bugzilla_search_dirs(system_mail_t)
-	bugzilla_dontaudit_rw_script_stream_sockets(system_mail_t)
-')
-
-optional_policy(`
-	clamav_stream_connect(system_mail_t)
-	clamav_append_log(system_mail_t)
-')
-
-optional_policy(`
-	cron_read_system_job_tmp_files(system_mail_t)
-	cron_dontaudit_write_pipes(system_mail_t)
-	cron_rw_system_job_stream_sockets(system_mail_t)
-	cron_rw_inherited_spool_files(system_mail_t)
-	cron_rw_inherited_user_spool_files(system_mail_t)
-')
-
-optional_policy(`
-	courier_manage_spool_dirs(system_mail_t)
-	courier_manage_spool_files(system_mail_t)
-	courier_rw_spool_pipes(system_mail_t)
-')
-
-optional_policy(`
-	cvs_read_data(system_mail_t)
-')
-
-optional_policy(`
-	fail2ban_append_log(system_mail_t)
-	fail2ban_dontaudit_leaks(system_mail_t)
-')
-
-optional_policy(`
-	logrotate_read_tmp_files(system_mail_t)
-')
-
-optional_policy(`
-	logwatch_read_tmp_files(system_mail_t)
-')
-
-optional_policy(`
-	# newaliases runs as system_mail_t when the sendmail initscript does a restart
-	milter_getattr_all_sockets(system_mail_t)
-')
-
-optional_policy(`
-	munin_dontaudit_leaks(system_mail_t)
-')
-
-optional_policy(`
-	nagios_read_tmp_files(system_mail_t)
-')
-
-optional_policy(`
-	manage_dirs_pattern(system_mail_t, etc_aliases_t, etc_aliases_t)
-	manage_files_pattern(system_mail_t, etc_aliases_t, etc_aliases_t)
-	manage_lnk_files_pattern(system_mail_t, etc_aliases_t, etc_aliases_t)
-	manage_fifo_files_pattern(system_mail_t, etc_aliases_t, etc_aliases_t)
-	manage_sock_files_pattern(system_mail_t, etc_aliases_t, etc_aliases_t)
-	files_etc_filetrans(system_mail_t, etc_aliases_t, { file lnk_file sock_file fifo_file })
-
-	domain_use_interactive_fds(system_mail_t)
-')
-
-optional_policy(`
-	qmail_domtrans_inject(system_mail_t)
-')
-
-optional_policy(`
-	sxid_read_log(system_mail_t)
-')
-
-optional_policy(`
-	userdom_dontaudit_use_user_ptys(system_mail_t)
-
-	optional_policy(`
-		cron_dontaudit_append_system_job_tmp_files(system_mail_t)
-	')
-')
-
-optional_policy(`
-	spamd_stream_connect(system_mail_t)
-')
-
-optional_policy(`
-	smartmon_read_tmp_files(system_mail_t)
-')
-
-# should break this up among sections:
-
-optional_policy(`
-	# why is mail delivered to a directory of type arpwatch_data_t?
-	arpwatch_search_data(mailserver_delivery)
-	arpwatch_manage_tmp_files(mta_user_agent)
-
-	ifdef(`hide_broken_symptoms',`
-		arpwatch_dontaudit_rw_packet_sockets(mta_user_agent)
-	')
-
-	optional_policy(`
-		cron_read_system_job_tmp_files(mta_user_agent)
-	')
-')
-
-########################################
-#
-# Mailserver delivery local policy
-#
-
-allow mailserver_delivery mail_spool_t:dir list_dir_perms;
-create_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
-read_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
-append_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
-create_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
-read_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
-
-userdom_search_admin_dir(mailserver_delivery)
-read_files_pattern(mailserver_delivery, mail_home_t, mail_home_t)
-
-read_files_pattern(mailserver_delivery, system_mail_tmp_t, system_mail_tmp_t)
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(mailserver_delivery)
-	fs_manage_cifs_files(mailserver_delivery)
-	fs_manage_cifs_symlinks(mailserver_delivery)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(mailserver_delivery)
-	fs_manage_nfs_files(mailserver_delivery)
-	fs_manage_nfs_symlinks(mailserver_delivery)
-')
-
-optional_policy(`
-	dovecot_manage_spool(mailserver_delivery)
-	dovecot_domtrans_deliver(mailserver_delivery)
-')
-
-optional_policy(`
-	# so MTA can access /var/lib/mailman/mail/wrapper
-	files_search_var_lib(mailserver_delivery)
-
-	mailman_domtrans(mailserver_delivery)
-	mailman_read_data_symlinks(mailserver_delivery)
-')
-
-optional_policy(`
-	uucp_domtrans_uux(mailserver_delivery)
-')
-
-########################################
-#
-# User send mail local policy
-#
-
-
-domain_use_interactive_fds(user_mail_t)
-
-userdom_use_user_terminals(user_mail_t)
-# Write to the user domain tty. cjp: why?
-userdom_use_user_terminals(mta_user_agent)
-# Create dead.letter in user home directories.
-userdom_manage_user_home_content_files(user_mail_t)
-userdom_user_home_dir_filetrans_user_home_content(user_mail_t, file)
-# for reading .forward - maybe we need a new type for it?
-# also for delivering mail to maildir
-userdom_manage_user_home_content_dirs(mailserver_delivery)
-userdom_manage_user_home_content_files(mailserver_delivery)
-userdom_manage_user_home_content_symlinks(mailserver_delivery)
-userdom_manage_user_home_content_pipes(mailserver_delivery)
-userdom_manage_user_home_content_sockets(mailserver_delivery)
-userdom_user_home_dir_filetrans_user_home_content(mailserver_delivery, { dir file lnk_file fifo_file sock_file })
-# Read user temporary files.
-userdom_read_user_tmp_files(user_mail_t)
-userdom_dontaudit_append_user_tmp_files(user_mail_t)
-# cjp: this should probably be read all user tmp
-# files in an appropriate place for mta_user_agent
-userdom_read_user_tmp_files(mta_user_agent)
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_files(user_mail_t)
-	fs_manage_cifs_symlinks(user_mail_t)
-')
-
-optional_policy(`
-	allow user_mail_t self:capability dac_override;
-
-	# Read user temporary files.
-	# postfix seems to need write access if the file handle is opened read/write
-	userdom_rw_user_tmp_files(user_mail_t)
-
-	postfix_read_config(user_mail_t)
-	postfix_list_spool(user_mail_t)
-')
-
-########################################
-#
-# Comman user_mail_domain policy
-#
-
-allow user_mail_domain self:fifo_file rw_fifo_file_perms;
-allow user_mail_domain mta_exec_type:file entrypoint;
-
-read_files_pattern(user_mail_domain, etc_aliases_t, etc_aliases_t)
-
-can_exec(user_mail_domain, mta_exec_type)
-
-allow system_mail_t user_mail_domain:file read_file_perms;
-
-read_files_pattern(user_mail_domain, etc_mail_t, etc_mail_t)
-
-kernel_read_system_state(user_mail_domain)
-kernel_read_network_state(user_mail_domain)
-kernel_request_load_module(user_mail_domain)
-
-optional_policy(`
-	# postfix needs this for newaliases
-	files_getattr_tmp_dirs(user_mail_domain)
-
-	postfix_exec_master(user_mail_domain)
-	postfix_read_config(user_mail_domain)
-	postfix_search_spool(user_mail_domain)
-
-	ifdef(`distro_redhat',`
-		# compatability for old default main.cf
-		postfix_config_filetrans(user_mail_domain, etc_aliases_t, { dir file lnk_file sock_file fifo_file })
-	')
-')
-
-optional_policy(`
-	exim_domtrans(user_mail_domain)
-	exim_manage_log(user_mail_domain)
-')
diff --git a/policy/modules/services/munin.fc b/policy/modules/services/munin.fc
deleted file mode 100644
index bad9920..0000000
--- a/policy/modules/services/munin.fc
+++ /dev/null
@@ -1,70 +0,0 @@
-/etc/munin(/.*)?			gen_context(system_u:object_r:munin_etc_t,s0)
-/etc/rc\.d/init\.d/munin-node	--	gen_context(system_u:object_r:munin_initrc_exec_t,s0)
-
-/usr/bin/munin-.*		--	gen_context(system_u:object_r:munin_exec_t,s0)
-/usr/sbin/munin-.*		--	gen_context(system_u:object_r:munin_exec_t,s0)
-/usr/share/munin/munin-.*	--	gen_context(system_u:object_r:munin_exec_t,s0)
-/usr/share/munin/plugins/.*	--	gen_context(system_u:object_r:munin_exec_t,s0)
-
-# disk plugins
-/usr/share/munin/plugins/diskstat.* --	gen_context(system_u:object_r:disk_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/df.*	--	gen_context(system_u:object_r:disk_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/hddtemp.* --	gen_context(system_u:object_r:disk_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/smart_.* --	gen_context(system_u:object_r:disk_munin_plugin_exec_t,s0)
-
-# mail plugins
-/usr/share/munin/plugins/courier_mta_.*	-- gen_context(system_u:object_r:mail_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/exim_mail.* --	gen_context(system_u:object_r:mail_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/mailman --	gen_context(system_u:object_r:mail_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/mailscanner --	gen_context(system_u:object_r:mail_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/postfix_mail.*	-- gen_context(system_u:object_r:mail_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/sendmail_.* --	gen_context(system_u:object_r:mail_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/qmail.* --	gen_context(system_u:object_r:mail_munin_plugin_exec_t,s0)
-
-# services plugins
-/usr/share/munin/plugins/apache_.* --	gen_context(system_u:object_r:services_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/asterisk_.* --	gen_context(system_u:object_r:services_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/http_loadtime -- gen_context(system_u:object_r:services_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/fail2ban --	gen_context(system_u:object_r:services_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/lpstat	--	gen_context(system_u:object_r:services_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/mysql_.* --	gen_context(system_u:object_r:services_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/named	--	gen_context(system_u:object_r:services_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/ntp_.*	--	gen_context(system_u:object_r:services_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/nut.*	--	gen_context(system_u:object_r:services_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/openvpn --	gen_context(system_u:object_r:services_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/ping_ 	--	gen_context(system_u:object_r:services_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/postgres_.* --	gen_context(system_u:object_r:services_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/samba	--	gen_context(system_u:object_r:services_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/slapd_.* --	gen_context(system_u:object_r:services_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/snmp_.* --	gen_context(system_u:object_r:services_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/squid_.* --	gen_context(system_u:object_r:services_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/tomcat_.* --	gen_context(system_u:object_r:services_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/varnish_.* --	gen_context(system_u:object_r:services_munin_plugin_exec_t,s0)
-
-# system plugins
-/usr/share/munin/plugins/acpi	--	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/cpu.*	--	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/forks	--	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/if_.*	--	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/iostat.* --	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/interrupts --	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/irqstats --	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/load	--	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/memory	--	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/netstat --	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/nfs.*	--	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/open_files --	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/proc_pri --	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/processes --	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/swap	--	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/threads --	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/uptime	--	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/users	--	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-/usr/share/munin/plugins/yum	--	gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-
-/var/lib/munin(/.*)?			gen_context(system_u:object_r:munin_var_lib_t,s0)
-/var/lib/munin/plugin-state(/.*)?	gen_context(system_u:object_r:munin_plugin_state_t,s0)
-/var/log/munin.*			gen_context(system_u:object_r:munin_log_t,s0)
-/var/run/munin(/.*)?			gen_context(system_u:object_r:munin_var_run_t,s0)
-/var/www/html/munin(/.*)?		gen_context(system_u:object_r:httpd_munin_content_t,s0)
-/var/www/html/munin/cgi(/.*)?		gen_context(system_u:object_r:httpd_munin_script_exec_t,s0)
diff --git a/policy/modules/services/munin.if b/policy/modules/services/munin.if
deleted file mode 100644
index 92c9dca..0000000
--- a/policy/modules/services/munin.if
+++ /dev/null
@@ -1,210 +0,0 @@
-## <summary>Munin network-wide load graphing (formerly LRRD)</summary>
-
-########################################
-## <summary>
-##	Create a set of derived types for various
-##	munin plugins,
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	The name to be used for deriving type names.
-##	</summary>
-## </param>
-#
-template(`munin_plugin_template',`
-	gen_require(`
-		type munin_t;
-		attribute munin_plugin_domain;
-	')
-
-	type $1_munin_plugin_t, munin_plugin_domain;
-	type $1_munin_plugin_exec_t;
-	typealias $1_munin_plugin_t alias munin_$1_plugin_t;
-	typealias $1_munin_plugin_exec_t alias munin_$1_plugin_exec_t;
-	application_domain($1_munin_plugin_t, $1_munin_plugin_exec_t)
-	role system_r types $1_munin_plugin_t;
-
-	type $1_munin_plugin_tmp_t;
-	typealias $1_munin_plugin_tmp_t alias munin_$1_plugin_tmp_t;
-	files_tmp_file($1_munin_plugin_tmp_t)
-
-	allow $1_munin_plugin_t self:fifo_file rw_fifo_file_perms;
-
-	manage_files_pattern($1_munin_plugin_t, $1_munin_plugin_tmp_t, $1_munin_plugin_tmp_t)
-	manage_dirs_pattern($1_munin_plugin_t, $1_munin_plugin_tmp_t, $1_munin_plugin_tmp_t)
-	files_tmp_filetrans($1_munin_plugin_t, $1_munin_plugin_tmp_t, { dir file })
-
-	# automatic transition rules from munin domain
-	# to specific munin plugin domain
-	domtrans_pattern(munin_t, $1_munin_plugin_exec_t, $1_munin_plugin_t)
-	allow munin_t $1_munin_plugin_t:process signal;
-')
-
-########################################
-## <summary>
-##	Connect to munin over a unix domain
-##	stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`munin_stream_connect',`
-	gen_require(`
-		type munin_var_run_t, munin_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, munin_var_run_t, munin_var_run_t, munin_t)
-')
-
-#######################################
-## <summary>
-##	Read munin configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`munin_read_config',`
-	gen_require(`
-		type munin_etc_t;
-	')
-
-	allow $1 munin_etc_t:dir list_dir_perms;
-	allow $1 munin_etc_t:file read_file_perms;
-	allow $1 munin_etc_t:lnk_file read_lnk_file_perms;
-	files_search_etc($1)
-')
-
-######################################
-## <summary>
-##	dontaudit read and write an leaked file descriptors
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`munin_dontaudit_leaks',`
-	gen_require(`
-		type munin_t;
-	')
-
-	dontaudit $1 munin_t:tcp_socket { read write };
-')
-
-#######################################
-## <summary>
-##	Append to the munin log.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`munin_append_log',`
-	gen_require(`
-		type munin_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 munin_log_t:dir list_dir_perms;
-	append_files_pattern($1, munin_log_t, munin_log_t)
-')
-
-#######################################
-## <summary>
-##	Search munin library directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`munin_search_lib',`
-	gen_require(`
-		type munin_var_lib_t;
-	')
-
-	allow $1 munin_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-#######################################
-## <summary>
-##	Do not audit attempts to search
-##	munin library directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`munin_dontaudit_search_lib',`
-	gen_require(`
-		type munin_var_lib_t;
-	')
-
-	dontaudit $1 munin_var_lib_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an munin environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the munin domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`munin_admin',`
-	gen_require(`
-		type munin_t, munin_etc_t, munin_tmp_t;
-		type munin_log_t, munin_var_lib_t, munin_var_run_t;
-		type httpd_munin_content_t, munin_initrc_exec_t;
-	')
-
-	allow $1 munin_t:process { ptrace signal_perms };
-	ps_process_pattern($1, munin_t)
-
-	init_labeled_script_domtrans($1, munin_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 munin_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, munin_tmp_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, munin_log_t)
-
-	files_list_etc($1)
-	admin_pattern($1, munin_etc_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, munin_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, munin_var_run_t)
-
-	admin_pattern($1, httpd_munin_content_t)
-')
diff --git a/policy/modules/services/munin.te b/policy/modules/services/munin.te
deleted file mode 100644
index 6f8b0fd..0000000
--- a/policy/modules/services/munin.te
+++ /dev/null
@@ -1,345 +0,0 @@
-policy_module(munin, 1.8.0)
-
-########################################
-#
-# Declarations
-#
-
-attribute munin_plugin_domain;
-
-type munin_t alias lrrd_t;
-type munin_exec_t alias lrrd_exec_t;
-init_daemon_domain(munin_t, munin_exec_t)
-
-type munin_etc_t alias lrrd_etc_t;
-files_config_file(munin_etc_t)
-
-type munin_initrc_exec_t;
-init_script_file(munin_initrc_exec_t)
-
-type munin_log_t alias lrrd_log_t;
-logging_log_file(munin_log_t)
-
-type munin_tmp_t alias lrrd_tmp_t;
-files_tmp_file(munin_tmp_t)
-
-type munin_var_lib_t alias lrrd_var_lib_t;
-files_type(munin_var_lib_t)
-
-type munin_plugin_state_t;
-files_type(munin_plugin_state_t)
-
-type munin_var_run_t alias lrrd_var_run_t;
-files_pid_file(munin_var_run_t)
-
-munin_plugin_template(disk)
-
-munin_plugin_template(mail)
-
-munin_plugin_template(services)
-
-munin_plugin_template(system)
-
-########################################
-#
-# Local policy
-#
-
-allow munin_t self:capability { chown dac_override setgid setuid sys_rawio };
-dontaudit munin_t self:capability sys_tty_config;
-allow munin_t self:process { getsched setsched signal_perms };
-allow munin_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow munin_t self:unix_dgram_socket { create_socket_perms sendto };
-allow munin_t self:tcp_socket create_stream_socket_perms;
-allow munin_t self:udp_socket create_socket_perms;
-allow munin_t self:fifo_file manage_fifo_file_perms;
-
-allow munin_t munin_etc_t:dir list_dir_perms;
-read_files_pattern(munin_t, munin_etc_t, munin_etc_t)
-read_lnk_files_pattern(munin_t, munin_etc_t, munin_etc_t)
-files_search_etc(munin_t)
-
-can_exec(munin_t, munin_exec_t)
-
-manage_dirs_pattern(munin_t, munin_log_t, munin_log_t)
-manage_files_pattern(munin_t, munin_log_t, munin_log_t)
-logging_log_filetrans(munin_t, munin_log_t, { file dir })
-
-manage_dirs_pattern(munin_t, munin_tmp_t, munin_tmp_t)
-manage_files_pattern(munin_t, munin_tmp_t, munin_tmp_t)
-manage_sock_files_pattern(munin_t, munin_tmp_t, munin_tmp_t)
-files_tmp_filetrans(munin_t, munin_tmp_t, { file dir sock_file })
-
-# Allow access to the munin databases
-manage_dirs_pattern(munin_t, munin_var_lib_t, munin_var_lib_t)
-manage_files_pattern(munin_t, munin_var_lib_t, munin_var_lib_t)
-manage_lnk_files_pattern(munin_t, munin_var_lib_t, munin_var_lib_t)
-files_search_var_lib(munin_t)
-
-manage_dirs_pattern(munin_t, munin_var_run_t, munin_var_run_t)
-manage_files_pattern(munin_t, munin_var_run_t, munin_var_run_t)
-manage_sock_files_pattern(munin_t, munin_var_run_t, munin_var_run_t)
-files_pid_filetrans(munin_t, munin_var_run_t, { file dir })
-
-read_files_pattern(munin_t, munin_plugin_state_t, munin_plugin_state_t)
-
-kernel_read_system_state(munin_t)
-kernel_read_network_state(munin_t)
-kernel_read_all_sysctls(munin_t)
-
-corecmd_exec_bin(munin_t)
-corecmd_exec_shell(munin_t)
-
-corenet_all_recvfrom_unlabeled(munin_t)
-corenet_all_recvfrom_netlabel(munin_t)
-corenet_tcp_sendrecv_generic_if(munin_t)
-corenet_udp_sendrecv_generic_if(munin_t)
-corenet_tcp_sendrecv_generic_node(munin_t)
-corenet_udp_sendrecv_generic_node(munin_t)
-corenet_tcp_sendrecv_all_ports(munin_t)
-corenet_udp_sendrecv_all_ports(munin_t)
-corenet_tcp_bind_generic_node(munin_t)
-corenet_tcp_bind_munin_port(munin_t)
-corenet_tcp_connect_munin_port(munin_t)
-corenet_tcp_connect_http_port(munin_t)
-
-dev_read_sysfs(munin_t)
-dev_read_urand(munin_t)
-
-domain_use_interactive_fds(munin_t)
-domain_read_all_domains_state(munin_t)
-
-files_read_etc_files(munin_t)
-files_read_etc_runtime_files(munin_t)
-files_read_usr_files(munin_t)
-files_list_spool(munin_t)
-
-fs_getattr_all_fs(munin_t)
-fs_search_auto_mountpoints(munin_t)
-
-auth_use_nsswitch(munin_t)
-
-logging_send_syslog_msg(munin_t)
-logging_read_all_logs(munin_t)
-
-miscfiles_read_fonts(munin_t)
-miscfiles_read_localization(munin_t)
-miscfiles_setattr_fonts_cache_dirs(munin_t)
-
-sysnet_exec_ifconfig(munin_t)
-
-userdom_dontaudit_use_unpriv_user_fds(munin_t)
-userdom_dontaudit_search_user_home_dirs(munin_t)
-
-optional_policy(`
-	apache_content_template(munin)
-
-	manage_dirs_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
-	manage_files_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
-	apache_search_sys_content(munin_t)
-')
-
-optional_policy(`
-	cron_system_entry(munin_t, munin_exec_t)
-')
-
-optional_policy(`
-	fstools_domtrans(munin_t)
-')
-
-optional_policy(`
-	lpd_domtrans_lpr(munin_t)
-')
-
-optional_policy(`
-	mta_read_config(munin_t)
-	mta_send_mail(munin_t)
-	mta_list_queue(munin_t)
-	mta_read_queue(munin_t)
-')
-
-optional_policy(`
-	mysql_read_config(munin_t)
-	mysql_stream_connect(munin_t)
-')
-
-optional_policy(`
-	netutils_domtrans_ping(munin_t)
-')
-
-optional_policy(`
-	postfix_list_spool(munin_t)
-	postfix_getattr_spool_files(munin_t)
-')
-
-optional_policy(`
-	rpc_search_nfs_state_data(munin_t)
-')
-
-optional_policy(`
-	sendmail_read_log(munin_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(munin_t)
-')
-
-optional_policy(`
-	udev_read_db(munin_t)
-')
-
-###################################
-#
-# local policy for disk plugins
-#
-
-allow munin_disk_plugin_t self:capability { sys_admin sys_rawio };
-allow disk_munin_plugin_t self:tcp_socket create_stream_socket_perms;
-
-rw_files_pattern(disk_munin_plugin_t, munin_var_lib_t, munin_var_lib_t)
-
-corecmd_exec_shell(disk_munin_plugin_t)
-
-corenet_tcp_connect_hddtemp_port(disk_munin_plugin_t)
-
-files_read_etc_runtime_files(disk_munin_plugin_t)
-
-dev_getattr_lvm_control(disk_munin_plugin_t)
-dev_read_sysfs(disk_munin_plugin_t)
-dev_read_urand(disk_munin_plugin_t)
-
-storage_raw_read_fixed_disk(disk_munin_plugin_t)
-
-sysnet_read_config(disk_munin_plugin_t)
-
-optional_policy(`
-	hddtemp_exec(disk_munin_plugin_t)
-')
-
-optional_policy(`
-	fstools_exec(disk_munin_plugin_t)
-')
-
-####################################
-#
-# local policy for mail plugins
-#
-
-allow mail_munin_plugin_t self:capability dac_override;
-
-rw_files_pattern(mail_munin_plugin_t, munin_var_lib_t, munin_var_lib_t)
-
-dev_read_urand(mail_munin_plugin_t)
-
-logging_read_generic_logs(mail_munin_plugin_t)
-
-mta_read_config(mail_munin_plugin_t)
-mta_send_mail(mail_munin_plugin_t)
-mta_list_queue(mail_munin_plugin_t)
-mta_read_queue(mail_munin_plugin_t)
-
-optional_policy(`
-	postfix_read_config(mail_munin_plugin_t)
-	postfix_list_spool(mail_munin_plugin_t)
-	postfix_getattr_spool_files(mail_munin_plugin_t)
-')
-
-optional_policy(`
-	sendmail_read_log(mail_munin_plugin_t)
-')
-
-###################################
-#
-# local policy for service plugins
-#
-
-allow services_munin_plugin_t self:tcp_socket create_stream_socket_perms;
-allow services_munin_plugin_t self:udp_socket create_socket_perms;
-allow services_munin_plugin_t self:netlink_route_socket r_netlink_socket_perms;
-
-corenet_tcp_connect_all_ports(services_munin_plugin_t)
-corenet_tcp_connect_http_port(services_munin_plugin_t)
-
-dev_read_urand(services_munin_plugin_t)
-dev_read_rand(services_munin_plugin_t)
-
-sysnet_read_config(services_munin_plugin_t)
-
-optional_policy(`
-	cups_stream_connect(services_munin_plugin_t)
-')
-
-optional_policy(`
-	lpd_exec_lpr(services_munin_plugin_t)
-')
-
-optional_policy(`
-	mysql_read_config(services_munin_plugin_t)
-	mysql_stream_connect(services_munin_plugin_t)
-')
-
-optional_policy(`
-	netutils_domtrans_ping(services_munin_plugin_t)
-')
-
-optional_policy(`
-	postgresql_stream_connect(services_munin_plugin_t)
-')
-
-optional_policy(`
-	snmp_read_snmp_var_lib_files(services_munin_plugin_t)
-')
-
-optional_policy(`
-	varnishd_read_lib_files(services_munin_plugin_t)
-')
-
-##################################
-#
-# local policy for system plugins
-#
-
-allow system_munin_plugin_t self:udp_socket create_socket_perms;
-
-rw_files_pattern(system_munin_plugin_t, munin_var_lib_t, munin_var_lib_t)
-
-kernel_read_network_state(system_munin_plugin_t)
-kernel_read_all_sysctls(system_munin_plugin_t)
-
-dev_read_sysfs(system_munin_plugin_t)
-dev_read_urand(system_munin_plugin_t)
-
-domain_read_all_domains_state(system_munin_plugin_t)
-
-# needed by users plugin
-init_read_utmp(system_munin_plugin_t)
-
-sysnet_exec_ifconfig(system_munin_plugin_t)
-
-term_getattr_unallocated_ttys(system_munin_plugin_t)
-term_getattr_all_ptys(system_munin_plugin_t)
-
-################################
-#
-# local policy for munin plugin domains
-#
-
-allow munin_plugin_domain munin_exec_t:file read_file_perms;
-allow munin_plugin_domain munin_t:tcp_socket rw_socket_perms;
-
-# creates plugin state files
-manage_files_pattern(munin_plugin_domain, munin_plugin_state_t, munin_plugin_state_t)
-
-read_lnk_files_pattern(munin_plugin_domain, munin_etc_t, munin_etc_t)
-
-kernel_read_system_state(munin_plugin_domain)
-
-corecmd_exec_bin(munin_plugin_domain)
-corecmd_exec_shell(munin_plugin_domain)
-
-files_read_etc_files(munin_plugin_domain)
-files_read_usr_files(munin_plugin_domain)
-
-fs_getattr_all_fs(munin_plugin_domain)
-
-miscfiles_read_localization(munin_plugin_domain)
diff --git a/policy/modules/services/mysql.fc b/policy/modules/services/mysql.fc
deleted file mode 100644
index cc7192c..0000000
--- a/policy/modules/services/mysql.fc
+++ /dev/null
@@ -1,30 +0,0 @@
-# mysql database server
-
-#
-# /etc
-#
-/etc/my\.cnf		--	gen_context(system_u:object_r:mysqld_etc_t,s0)
-/etc/mysql(/.*)?		gen_context(system_u:object_r:mysqld_etc_t,s0)
-/etc/rc\.d/init\.d/mysqld --	gen_context(system_u:object_r:mysqld_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/mysqlmanager -- gen_context(system_u:object_r:mysqlmanagerd_initrc_exec_t,s0)
-
-#
-# /usr
-#
-/usr/bin/mysqld_safe	--	gen_context(system_u:object_r:mysqld_safe_exec_t,s0)
-
-/usr/libexec/mysqld	--	gen_context(system_u:object_r:mysqld_exec_t,s0)
-
-/usr/sbin/mysqld(-max)?	--	gen_context(system_u:object_r:mysqld_exec_t,s0)
-/usr/sbin/mysqlmanager	--	gen_context(system_u:object_r:mysqlmanagerd_exec_t,s0)
-
-#
-# /var
-#
-/var/lib/mysql(/.*)?		gen_context(system_u:object_r:mysqld_db_t,s0)
-/var/lib/mysql/mysql\.sock -s	gen_context(system_u:object_r:mysqld_var_run_t,s0)
-
-/var/log/mysql.*	--	gen_context(system_u:object_r:mysqld_log_t,s0)
-
-/var/run/mysqld(/.*)?		gen_context(system_u:object_r:mysqld_var_run_t,s0)
-/var/run/mysqld/mysqlmanager.* -- gen_context(system_u:object_r:mysqlmanagerd_var_run_t,s0)
diff --git a/policy/modules/services/mysql.if b/policy/modules/services/mysql.if
deleted file mode 100644
index 4d3b208..0000000
--- a/policy/modules/services/mysql.if
+++ /dev/null
@@ -1,359 +0,0 @@
-## <summary>Policy for MySQL</summary>
-
-######################################
-## <summary>
-##	Execute MySQL in the mysql domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`mysql_domtrans',`
-	gen_require(`
-		type mysqld_t, mysqld_exec_t;
-	')
-
-	domtrans_pattern($1, mysqld_exec_t, mysqld_t)
-')
-
-########################################
-## <summary>
-##	Send a generic signal to MySQL.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mysql_signal',`
-	gen_require(`
-		type mysqld_t;
-	')
-
-	allow $1 mysqld_t:process signal;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to connect to postgresql with a tcp socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mysql_tcp_connect',`
-	gen_require(`
-		type mysqld_t;
-	')
-
-	corenet_tcp_recvfrom_labeled($1, mysqld_t)
-	corenet_tcp_sendrecv_mysqld_port($1)
-	corenet_tcp_connect_mysqld_port($1)
-	corenet_sendrecv_mysqld_client_packets($1)
-')
-
-########################################
-## <summary>
-##	Connect to MySQL using a unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mysql_stream_connect',`
-	gen_require(`
-		type mysqld_t, mysqld_var_run_t, mysqld_db_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, mysqld_var_run_t, mysqld_var_run_t, mysqld_t)
-	stream_connect_pattern($1, mysqld_db_t, mysqld_var_run_t, mysqld_t)
-')
-
-########################################
-## <summary>
-##	Read MySQL configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mysql_read_config',`
-	gen_require(`
-		type mysqld_etc_t;
-	')
-
-	allow $1 mysqld_etc_t:dir list_dir_perms;
-	allow $1 mysqld_etc_t:file read_file_perms;
-	allow $1 mysqld_etc_t:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Search the directories that contain MySQL
-##	database storage.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: "_dir" in the name is added to clarify that this
-# is not searching the database itself.
-interface(`mysql_search_db',`
-	gen_require(`
-		type mysqld_db_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 mysqld_db_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read and write to the MySQL database directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mysql_rw_db_dirs',`
-	gen_require(`
-		type mysqld_db_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 mysqld_db_t:dir rw_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete MySQL database directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mysql_manage_db_dirs',`
-	gen_require(`
-		type mysqld_db_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 mysqld_db_t:dir manage_dir_perms;
-')
-
-#######################################
-## <summary>
-##	Append to the MySQL database directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mysql_append_db_files',`
-	gen_require(`
-		type mysqld_db_t;
-	')
-
-	files_search_var_lib($1)
-	append_files_pattern($1, mysqld_db_t, mysqld_db_t)
-')
-
-#######################################
-## <summary>
-##	Read and write to the MySQL database directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mysql_rw_db_files',`
-	gen_require(`
-		type mysqld_db_t;
-	')
-
-	files_search_var_lib($1)
-	rw_files_pattern($1, mysqld_db_t, mysqld_db_t)
-')
-
-#######################################
-## <summary>
-##	Create, read, write, and delete MySQL database files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mysql_manage_db_files',`
-	gen_require(`
-		type mysqld_db_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, mysqld_db_t, mysqld_db_t)
-')
-
-########################################
-## <summary>
-##	Read and write to the MySQL database
-##	named socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mysql_rw_db_sockets',`
-	gen_require(`
-		type mysqld_db_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 mysqld_db_t:dir search_dir_perms;
-	allow $1 mysqld_db_t:sock_file rw_sock_file_perms;
-')
-
-########################################
-## <summary>
-##	Write to the MySQL log.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mysql_write_log',`
-	gen_require(`
-		type mysqld_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 mysqld_log_t:file { write_file_perms setattr_file_perms };
-')
-
-######################################
-## <summary>
-##	Execute MySQL server in the mysql domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`mysql_domtrans_mysql_safe',`
-	gen_require(`
-		type mysqld_safe_t, mysqld_safe_exec_t;
-	')
-
-	domtrans_pattern($1, mysqld_safe_exec_t, mysqld_safe_t)
-')
-
-#####################################
-## <summary>
-##	Read MySQL PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mysql_read_pid_files',`
-	gen_require(`
-		type mysqld_var_run_t;
-	')
-
-	mysql_search_pid_files($1)
-	read_files_pattern($1, mysqld_var_run_t, mysqld_var_run_t)
-')
-
-#####################################
-## <summary>
-##	Search MySQL PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-##
-#
-interface(`mysql_search_pid_files',`
-	gen_require(`
-		type mysqld_var_run_t;
-	')
-
-	search_dirs_pattern($1, mysqld_var_run_t, mysqld_var_run_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate an mysql environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the mysql domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mysql_admin',`
-	gen_require(`
-		type mysqld_t, mysqld_var_run_t, mysqld_initrc_exec_t;
-		type mysqld_tmp_t, mysqld_db_t, mysqld_log_t;
-		type mysqld_etc_t;
-	')
-
-	allow $1 mysqld_t:process { ptrace signal_perms };
-	ps_process_pattern($1, mysqld_t)
-
-	init_labeled_script_domtrans($1, mysqld_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 mysqld_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_pids($1)
-	admin_pattern($1, mysqld_var_run_t)
-
-	admin_pattern($1, mysqld_db_t)
-
-	files_list_etc($1)
-	admin_pattern($1, mysqld_etc_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, mysqld_log_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, mysqld_tmp_t)
-')
diff --git a/policy/modules/services/mysql.te b/policy/modules/services/mysql.te
deleted file mode 100644
index 086df22..0000000
--- a/policy/modules/services/mysql.te
+++ /dev/null
@@ -1,242 +0,0 @@
-policy_module(mysql, 1.12.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow mysqld to connect to all ports
-##	</p>
-## </desc>
-gen_tunable(mysql_connect_any, false)
-
-type mysqld_t;
-type mysqld_exec_t;
-init_daemon_domain(mysqld_t, mysqld_exec_t)
-
-type mysqld_safe_t;
-type mysqld_safe_exec_t;
-init_daemon_domain(mysqld_safe_t, mysqld_safe_exec_t)
-
-type mysqld_var_run_t;
-files_pid_file(mysqld_var_run_t)
-
-type mysqld_db_t;
-files_type(mysqld_db_t)
-
-type mysqld_etc_t alias etc_mysqld_t;
-files_config_file(mysqld_etc_t)
-
-type mysqld_initrc_exec_t;
-init_script_file(mysqld_initrc_exec_t)
-
-type mysqld_log_t;
-logging_log_file(mysqld_log_t)
-
-type mysqld_tmp_t;
-files_tmp_file(mysqld_tmp_t)
-
-type mysqlmanagerd_t;
-type mysqlmanagerd_exec_t;
-init_daemon_domain(mysqlmanagerd_t, mysqlmanagerd_exec_t)
-
-type mysqlmanagerd_initrc_exec_t;
-init_script_file(mysqlmanagerd_initrc_exec_t)
-
-type mysqlmanagerd_var_run_t;
-files_pid_file(mysqlmanagerd_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow mysqld_t self:capability { dac_override ipc_lock setgid setuid sys_resource net_bind_service };
-dontaudit mysqld_t self:capability sys_tty_config;
-allow mysqld_t self:process { setsched getsched setrlimit signal_perms rlimitinh };
-allow mysqld_t self:fifo_file rw_fifo_file_perms;
-allow mysqld_t self:shm create_shm_perms;
-allow mysqld_t self:unix_stream_socket create_stream_socket_perms;
-allow mysqld_t self:tcp_socket create_stream_socket_perms;
-allow mysqld_t self:udp_socket create_socket_perms;
-
-manage_dirs_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
-manage_files_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
-manage_sock_files_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
-manage_lnk_files_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
-files_var_lib_filetrans(mysqld_t, mysqld_db_t, { dir file lnk_file })
-
-allow mysqld_t mysqld_etc_t:file read_file_perms;
-allow mysqld_t mysqld_etc_t:lnk_file read_lnk_file_perms;
-allow mysqld_t mysqld_etc_t:dir list_dir_perms;
-
-allow mysqld_t mysqld_log_t:file manage_file_perms;
-logging_log_filetrans(mysqld_t, mysqld_log_t, file)
-
-manage_dirs_pattern(mysqld_t, mysqld_tmp_t, mysqld_tmp_t)
-manage_files_pattern(mysqld_t, mysqld_tmp_t, mysqld_tmp_t)
-files_tmp_filetrans(mysqld_t, mysqld_tmp_t, { file dir })
-
-manage_dirs_pattern(mysqld_t, mysqld_var_run_t, mysqld_var_run_t)
-manage_files_pattern(mysqld_t, mysqld_var_run_t, mysqld_var_run_t)
-manage_sock_files_pattern(mysqld_t, mysqld_var_run_t, mysqld_var_run_t)
-files_pid_filetrans(mysqld_t, mysqld_var_run_t, { dir file sock_file })
-
-kernel_read_system_state(mysqld_t)
-kernel_read_kernel_sysctls(mysqld_t)
-
-corenet_all_recvfrom_unlabeled(mysqld_t)
-corenet_all_recvfrom_netlabel(mysqld_t)
-corenet_tcp_sendrecv_generic_if(mysqld_t)
-corenet_udp_sendrecv_generic_if(mysqld_t)
-corenet_tcp_sendrecv_generic_node(mysqld_t)
-corenet_udp_sendrecv_generic_node(mysqld_t)
-corenet_tcp_sendrecv_all_ports(mysqld_t)
-corenet_udp_sendrecv_all_ports(mysqld_t)
-corenet_tcp_bind_generic_node(mysqld_t)
-corenet_tcp_bind_mysqld_port(mysqld_t)
-corenet_tcp_connect_mysqld_port(mysqld_t)
-corenet_sendrecv_mysqld_client_packets(mysqld_t)
-corenet_sendrecv_mysqld_server_packets(mysqld_t)
-
-dev_read_sysfs(mysqld_t)
-dev_read_urand(mysqld_t)
-
-fs_getattr_all_fs(mysqld_t)
-fs_search_auto_mountpoints(mysqld_t)
-fs_rw_hugetlbfs_files(mysqld_t)
-
-domain_use_interactive_fds(mysqld_t)
-
-files_getattr_var_lib_dirs(mysqld_t)
-files_read_etc_runtime_files(mysqld_t)
-files_read_etc_files(mysqld_t)
-files_read_usr_files(mysqld_t)
-files_search_var_lib(mysqld_t)
-
-auth_use_nsswitch(mysqld_t)
-
-logging_send_syslog_msg(mysqld_t)
-
-miscfiles_read_localization(mysqld_t)
-
-sysnet_read_config(mysqld_t)
-
-userdom_dontaudit_use_unpriv_user_fds(mysqld_t)
-# for /root/.my.cnf - should not be needed:
-userdom_read_user_home_content_files(mysqld_t)
-
-ifdef(`distro_redhat',`
-	filetrans_pattern(mysqld_t, mysqld_db_t, mysqld_var_run_t, sock_file)
-')
-
-tunable_policy(`mysql_connect_any',`
-	corenet_tcp_connect_all_ports(mysqld_t)
-	corenet_sendrecv_all_client_packets(mysqld_t)
-')
-
-optional_policy(`
-	daemontools_service_domain(mysqld_t, mysqld_exec_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(mysqld_t)
-')
-
-optional_policy(`
-	udev_read_db(mysqld_t)
-')
-
-#######################################
-#
-# Local mysqld_safe policy
-#
-
-allow mysqld_safe_t self:capability { chown dac_override fowner kill };
-dontaudit mysqld_safe_t self:capability sys_ptrace;
-allow mysqld_safe_t self:process { setsched getsched setrlimit };
-allow mysqld_safe_t self:fifo_file rw_fifo_file_perms;
-
-read_lnk_files_pattern(mysqld_safe_t, mysqld_db_t, mysqld_db_t)
-
-domtrans_pattern(mysqld_safe_t, mysqld_exec_t, mysqld_t)
-
-allow mysqld_safe_t mysqld_log_t:file manage_file_perms;
-
-manage_files_pattern(mysqld_safe_t, mysqld_var_run_t, mysqld_var_run_t)
-delete_sock_files_pattern(mysqld_safe_t, mysqld_var_run_t, mysqld_var_run_t)
-
-kernel_read_system_state(mysqld_safe_t)
-kernel_read_kernel_sysctls(mysqld_safe_t)
-
-corecmd_exec_bin(mysqld_safe_t)
-
-dev_list_sysfs(mysqld_safe_t)
-
-domain_read_all_domains_state(mysqld_safe_t)
-
-files_dontaudit_search_all_mountpoints(mysqld_safe_t)
-files_read_etc_files(mysqld_safe_t)
-files_read_usr_files(mysqld_safe_t)
-files_dontaudit_getattr_all_dirs(mysqld_safe_t)
-
-logging_log_filetrans(mysqld_safe_t, mysqld_log_t, file)
-
-hostname_exec(mysqld_safe_t)
-
-miscfiles_read_localization(mysqld_safe_t)
-
-mysql_manage_db_files(mysqld_safe_t)
-mysql_read_config(mysqld_safe_t)
-mysql_search_pid_files(mysqld_safe_t)
-mysql_write_log(mysqld_safe_t)
-
-########################################
-#
-# MySQL Manager Policy
-#
-
-allow mysqlmanagerd_t self:capability { dac_override kill };
-allow mysqlmanagerd_t self:process signal;
-allow mysqlmanagerd_t self:fifo_file rw_fifo_file_perms;
-allow mysqlmanagerd_t self:tcp_socket create_stream_socket_perms;
-allow mysqlmanagerd_t self:unix_stream_socket create_stream_socket_perms;
-
-mysql_read_config(initrc_t)
-mysql_read_config(mysqlmanagerd_t)
-mysql_read_pid_files(mysqlmanagerd_t)
-mysql_search_db(mysqlmanagerd_t)
-mysql_signal(mysqlmanagerd_t)
-mysql_stream_connect(mysqlmanagerd_t)
-
-domtrans_pattern(mysqlmanagerd_t, mysqld_exec_t, mysqld_t)
-
-manage_files_pattern(mysqlmanagerd_t, mysqld_var_run_t, mysqlmanagerd_var_run_t)
-manage_sock_files_pattern(mysqlmanagerd_t, mysqld_var_run_t, mysqlmanagerd_var_run_t)
-filetrans_pattern(mysqlmanagerd_t, mysqld_var_run_t, mysqlmanagerd_var_run_t, { file sock_file })
-
-kernel_read_system_state(mysqlmanagerd_t)
-
-corecmd_exec_shell(mysqlmanagerd_t)
-
-corenet_all_recvfrom_unlabeled(mysqlmanagerd_t)
-corenet_all_recvfrom_netlabel(mysqlmanagerd_t)
-corenet_tcp_sendrecv_generic_if(mysqlmanagerd_t)
-corenet_tcp_sendrecv_generic_node(mysqlmanagerd_t)
-corenet_tcp_sendrecv_all_ports(mysqlmanagerd_t)
-corenet_tcp_bind_generic_node(mysqlmanagerd_t)
-corenet_tcp_bind_mysqlmanagerd_port(mysqlmanagerd_t)
-corenet_tcp_connect_mysqlmanagerd_port(mysqlmanagerd_t)
-corenet_sendrecv_mysqlmanagerd_server_packets(mysqlmanagerd_t)
-corenet_sendrecv_mysqlmanagerd_client_packets(mysqlmanagerd_t)
-
-dev_read_urand(mysqlmanagerd_t)
-
-files_read_etc_files(mysqlmanagerd_t)
-files_read_usr_files(mysqlmanagerd_t)
-
-miscfiles_read_localization(mysqlmanagerd_t)
-
-userdom_getattr_user_home_dirs(mysqlmanagerd_t)
diff --git a/policy/modules/services/nagios.fc b/policy/modules/services/nagios.fc
deleted file mode 100644
index 1fc9905..0000000
--- a/policy/modules/services/nagios.fc
+++ /dev/null
@@ -1,88 +0,0 @@
-/etc/nagios(/.*)?					gen_context(system_u:object_r:nagios_etc_t,s0)
-/etc/nagios/nrpe\.cfg				--	gen_context(system_u:object_r:nrpe_etc_t,s0)
-/etc/rc\.d/init\.d/nagios			--	gen_context(system_u:object_r:nagios_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/nrpe				--	gen_context(system_u:object_r:nagios_initrc_exec_t,s0)
-
-/usr/s?bin/nagios				--	gen_context(system_u:object_r:nagios_exec_t,s0)
-/usr/s?bin/nrpe					--	gen_context(system_u:object_r:nrpe_exec_t,s0)
-
-/usr/lib(64)?/cgi-bin/netsaint(/.*)?			gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
-/usr/lib(64)?/nagios/cgi(/.*)?				gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
-
-/var/log/nagios(/.*)?					gen_context(system_u:object_r:nagios_log_t,s0)
-/var/log/netsaint(/.*)?					gen_context(system_u:object_r:nagios_log_t,s0)
-
-/var/run/nagios.*					gen_context(system_u:object_r:nagios_var_run_t,s0)
-
-/var/spool/nagios(/.*)?					gen_context(system_u:object_r:nagios_spool_t,s0)
-
-ifdef(`distro_debian',`
-/usr/sbin/nagios				--	gen_context(system_u:object_r:nagios_exec_t,s0)
-')
-/usr/lib(64)?/cgi-bin/nagios(/.+)?			gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
-/usr/lib(64)?/nagios/cgi-bin(/.*)?			gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
-
-# admin plugins
-/usr/lib(64)?/nagios/plugins/check_file_age	--	gen_context(system_u:object_r:nagios_admin_plugin_exec_t,s0)
-
-# check disk plugins
-/usr/lib(64)?/nagios/plugins/check_disk		--	gen_context(system_u:object_r:nagios_checkdisk_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_disk_smb	--	gen_context(system_u:object_r:nagios_checkdisk_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_ide_smart	--	gen_context(system_u:object_r:nagios_checkdisk_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_linux_raid	--	gen_context(system_u:object_r:nagios_checkdisk_plugin_exec_t,s0)
-
-# mail plugins
-/usr/lib(64)?/nagios/plugins/check_mailq	--	gen_context(system_u:object_r:nagios_mail_plugin_exec_t,s0)
-
-# system plugins
-/usr/lib(64)?/nagios/plugins/check_breeze	--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_dummy	--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_flexlm	--	gen_context(system_u:object_r:nagios_system_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_ifoperstatus	--	gen_context(system_u:object_r:nagios_system_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_ifstatus	--	gen_context(system_u:object_r:nagios_system_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_load		--	gen_context(system_u:object_r:nagios_system_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_log		--	gen_context(system_u:object_r:nagios_system_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_mrtg		--	gen_context(system_u:object_r:nagios_system_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_mrtgtraf	--	gen_context(system_u:object_r:nagios_system_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_nagios	--	gen_context(system_u:object_r:nagios_system_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_nwstat	--	gen_context(system_u:object_r:nagios_system_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_overcr	--	gen_context(system_u:object_r:nagios_system_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_procs	--	gen_context(system_u:object_r:nagios_system_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_sensors	--	gen_context(system_u:object_r:nagios_system_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_swap		--	gen_context(system_u:object_r:nagios_system_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_users	--	gen_context(system_u:object_r:nagios_system_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_wave		--	gen_context(system_u:object_r:nagios_system_plugin_exec_t,s0)
-
-# services plugins
-/usr/lib(64)?/nagios/plugins/check_cluster	--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_dhcp		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_dig		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_dns		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_game		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_fping	--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_hpjd		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_http		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_icmp		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_ircd		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_ldap		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_mysql	--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_mysql_query 	--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_nrpe		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_nt		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_ntp.*	--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_oracle	--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_pgsql	--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_ping		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_radius	--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_real		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_rpc		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_tcp		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_time		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_sip		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_smtp		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_snmp.*	--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_ssh		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-/usr/lib(64)?/nagios/plugins/check_ups		--	gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
-
-# unconfined plugins
-/usr/lib(64)?/nagios/plugins/check_by_ssh	--	gen_context(system_u:object_r:nagios_unconfined_plugin_exec_t,s0)
diff --git a/policy/modules/services/nagios.if b/policy/modules/services/nagios.if
deleted file mode 100644
index 89e1edf..0000000
--- a/policy/modules/services/nagios.if
+++ /dev/null
@@ -1,245 +0,0 @@
-## <summary>Net Saint / NAGIOS - network monitoring server</summary>
-
-########################################
-## <summary>
-##	Create a set of derived types for various
-##	nagios plugins,
-## </summary>
-## <param name="plugins_group_name">
-##	<summary>
-##	The name to be used for deriving type names.
-##	</summary>
-## </param>
-#
-template(`nagios_plugin_template',`
-	gen_require(`
-		type nagios_t, nrpe_t, nagios_log_t;
-	')
-
-	type nagios_$1_plugin_t;
-	type nagios_$1_plugin_exec_t;
-	application_domain(nagios_$1_plugin_t, nagios_$1_plugin_exec_t)
-	role system_r types nagios_$1_plugin_t;
-
-	allow nagios_$1_plugin_t self:fifo_file rw_fifo_file_perms;
-
-	domtrans_pattern(nrpe_t, nagios_$1_plugin_exec_t, nagios_$1_plugin_t)
-	allow nrpe_t nagios_$1_plugin_t:process { signal sigkill };
-
-	# needed by command.cfg
-	domtrans_pattern(nagios_t, nagios_$1_plugin_exec_t, nagios_$1_plugin_t)
-
-	allow nagios_t nagios_$1_plugin_t:process signal_perms;
-
-	# cjp: leaked file descriptor
-	dontaudit nagios_$1_plugin_t nrpe_t:tcp_socket { read write };
-	dontaudit nagios_$1_plugin_t nagios_log_t:file { read write };
-
-	miscfiles_read_localization(nagios_$1_plugin_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write nagios
-##	unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`nagios_dontaudit_rw_pipes',`
-	gen_require(`
-		type nagios_t;
-	')
-
-	dontaudit $1 nagios_t:fifo_file rw_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	nagios configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`nagios_read_config',`
-	gen_require(`
-		type nagios_etc_t;
-	')
-
-	allow $1 nagios_etc_t:dir list_dir_perms;
-	allow $1 nagios_etc_t:file read_file_perms;
-	files_search_etc($1)
-')
-
-######################################
-## <summary>
-##	Read nagios logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nagios_read_log',`
-	gen_require(`
-		type nagios_log_t;
-	')
-
-	logging_search_logs($1)
-	read_files_pattern($1, nagios_log_t, nagios_log_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write nagios logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`nagios_dontaudit_rw_log',`
-	gen_require(`
-		type nagios_log_t;
-	')
-
-	dontaudit $1 nagios_log_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Search nagios spool directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nagios_search_spool',`
-	gen_require(`
-		type nagios_spool_t;
-	')
-
-	allow $1 nagios_spool_t:dir search_dir_perms;
-	files_search_spool($1)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	nagios temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nagios_read_tmp_files',`
-	gen_require(`
-		type nagios_tmp_t;
-	')
-
-	allow $1 nagios_tmp_t:file read_file_perms;
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	nagios temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nagios_rw_inerited_tmp_files',`
-	gen_require(`
-		type nagios_tmp_t;
-	')
-
-	allow $1 nagios_tmp_t:file rw_inherited_file_perms;
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	Execute the nagios NRPE with
-##	a domain transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`nagios_domtrans_nrpe',`
-	gen_require(`
-		type nrpe_t, nrpe_exec_t;
-	')
-
-	domtrans_pattern($1, nrpe_exec_t, nrpe_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an nagios environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the nagios domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`nagios_admin',`
-	gen_require(`
-		type nagios_t, nrpe_t, nagios_initrc_exec_t;
-		type nagios_tmp_t, nagios_log_t, nagios_var_run_t;
-		type nagios_etc_t, nrpe_etc_t, nagios_spool_t;
-	')
-
-	allow $1 nagios_t:process { ptrace signal_perms };
-	ps_process_pattern($1, nagios_t)
-
-	init_labeled_script_domtrans($1, nagios_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 nagios_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, nagios_tmp_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, nagios_log_t)
-
-	files_list_etc($1)
-	admin_pattern($1, nagios_etc_t)
-
-	files_list_spool($1)
-	admin_pattern($1, nagios_spool_t)
-
-	files_list_pids($1)
-	admin_pattern($1, nagios_var_run_t)
-
-	admin_pattern($1, nrpe_etc_t)
-')
diff --git a/policy/modules/services/nagios.te b/policy/modules/services/nagios.te
deleted file mode 100644
index 3b620e3..0000000
--- a/policy/modules/services/nagios.te
+++ /dev/null
@@ -1,390 +0,0 @@
-policy_module(nagios, 1.9.1)
-
-########################################
-#
-# Declarations
-#
-
-type nagios_t;
-type nagios_exec_t;
-init_daemon_domain(nagios_t, nagios_exec_t)
-
-type nagios_etc_t;
-files_config_file(nagios_etc_t)
-
-type nagios_initrc_exec_t;
-init_script_file(nagios_initrc_exec_t)
-
-type nagios_log_t;
-logging_log_file(nagios_log_t)
-
-type nagios_tmp_t;
-files_tmp_file(nagios_tmp_t)
-
-type nagios_var_run_t;
-files_pid_file(nagios_var_run_t)
-
-type nagios_spool_t;
-files_type(nagios_spool_t)
-
-nagios_plugin_template(admin)
-nagios_plugin_template(checkdisk)
-nagios_plugin_template(mail)
-nagios_plugin_template(services)
-nagios_plugin_template(system)
-nagios_plugin_template(unconfined)
-
-type nagios_system_plugin_tmp_t;
-files_tmp_file(nagios_system_plugin_tmp_t)
-
-type nrpe_t;
-type nrpe_exec_t;
-init_daemon_domain(nrpe_t, nrpe_exec_t)
-
-type nrpe_etc_t;
-files_config_file(nrpe_etc_t)
-
-type nrpe_var_run_t;
-files_pid_file(nrpe_var_run_t)
-
-########################################
-#
-# Nagios local policy
-#
-
-allow nagios_t self:capability { dac_override setgid setuid };
-dontaudit nagios_t self:capability sys_tty_config;
-allow nagios_t self:process { setpgid signal_perms };
-allow nagios_t self:fifo_file rw_file_perms;
-allow nagios_t self:tcp_socket create_stream_socket_perms;
-allow nagios_t self:udp_socket create_socket_perms;
-
-read_files_pattern(nagios_t, nagios_etc_t, nagios_etc_t)
-read_lnk_files_pattern(nagios_t, nagios_etc_t, nagios_etc_t)
-allow nagios_t nagios_etc_t:dir list_dir_perms;
-
-manage_files_pattern(nagios_t, nagios_log_t, nagios_log_t)
-manage_fifo_files_pattern(nagios_t, nagios_log_t, nagios_log_t)
-logging_log_filetrans(nagios_t, nagios_log_t, { file dir })
-
-manage_dirs_pattern(nagios_t, nagios_tmp_t, nagios_tmp_t)
-manage_files_pattern(nagios_t, nagios_tmp_t, nagios_tmp_t)
-files_tmp_filetrans(nagios_t, nagios_tmp_t, { file dir })
-
-manage_files_pattern(nagios_t, nagios_var_run_t, nagios_var_run_t)
-files_pid_filetrans(nagios_t, nagios_var_run_t, file)
-
-manage_fifo_files_pattern(nagios_t, nagios_spool_t, nagios_spool_t)
-files_spool_filetrans(nagios_t, nagios_spool_t, fifo_file)
-
-kernel_read_system_state(nagios_t)
-kernel_read_kernel_sysctls(nagios_t)
-
-corecmd_exec_bin(nagios_t)
-corecmd_exec_shell(nagios_t)
-
-corenet_all_recvfrom_unlabeled(nagios_t)
-corenet_all_recvfrom_netlabel(nagios_t)
-corenet_tcp_sendrecv_generic_if(nagios_t)
-corenet_udp_sendrecv_generic_if(nagios_t)
-corenet_tcp_sendrecv_generic_node(nagios_t)
-corenet_udp_sendrecv_generic_node(nagios_t)
-corenet_tcp_sendrecv_all_ports(nagios_t)
-corenet_udp_sendrecv_all_ports(nagios_t)
-corenet_tcp_connect_all_ports(nagios_t)
-
-corenet_dontaudit_tcp_bind_all_reserved_ports(nagios_t)
-corenet_dontaudit_udp_bind_all_reserved_ports(nagios_t)
-
-dev_read_sysfs(nagios_t)
-dev_read_urand(nagios_t)
-
-domain_use_interactive_fds(nagios_t)
-# for ps
-domain_read_all_domains_state(nagios_t)
-
-files_read_etc_files(nagios_t)
-files_read_etc_runtime_files(nagios_t)
-files_read_kernel_symbol_table(nagios_t)
-files_search_spool(nagios_t)
-files_read_usr_files(nagios_t)
-
-fs_getattr_all_fs(nagios_t)
-fs_search_auto_mountpoints(nagios_t)
-
-auth_use_nsswitch(nagios_t)
-
-logging_send_syslog_msg(nagios_t)
-
-miscfiles_read_localization(nagios_t)
-
-userdom_dontaudit_use_unpriv_user_fds(nagios_t)
-userdom_dontaudit_search_user_home_dirs(nagios_t)
-
-mta_send_mail(nagios_t)
-mta_signal_system_mail(nagios_t)
-mta_kill_system_mail(nagios_t)
-
-optional_policy(`
-	netutils_kill_ping(nagios_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(nagios_t)
-')
-
-optional_policy(`
-	udev_read_db(nagios_t)
-')
-
-########################################
-#
-# Nagios CGI local policy
-#
-
-optional_policy(`
-	apache_content_template(nagios)
-	typealias httpd_nagios_script_t alias nagios_cgi_t;
-	typealias httpd_nagios_script_exec_t alias nagios_cgi_exec_t;
-
-	allow httpd_nagios_script_t self:process signal_perms;
-
-	read_files_pattern(httpd_nagios_script_t, nagios_t, nagios_t)
-	read_lnk_files_pattern(httpd_nagios_script_t, nagios_t, nagios_t)
-
-	files_search_spool(httpd_nagios_script_t)
-	rw_fifo_files_pattern(httpd_nagios_script_t, nagios_spool_t, nagios_spool_t)
-
-	allow httpd_nagios_script_t nagios_etc_t:dir list_dir_perms;
-	read_files_pattern(httpd_nagios_script_t, nagios_etc_t, nagios_etc_t)
-	read_lnk_files_pattern(httpd_nagios_script_t, nagios_etc_t, nagios_etc_t)
-
-	allow httpd_nagios_script_t nagios_log_t:dir list_dir_perms;
-	read_files_pattern(httpd_nagios_script_t, nagios_etc_t, nagios_log_t)
-	read_lnk_files_pattern(httpd_nagios_script_t, nagios_etc_t, nagios_log_t)
-
-	kernel_read_system_state(httpd_nagios_script_t)
-
-	domain_dontaudit_read_all_domains_state(httpd_nagios_script_t)
-
-	files_read_etc_runtime_files(httpd_nagios_script_t)
-	files_read_kernel_symbol_table(httpd_nagios_script_t)
-
-	logging_send_syslog_msg(httpd_nagios_script_t)
-')
-
-########################################
-#
-# Nagios remote plugin executor local policy
-#
-
-allow nrpe_t self:capability { setuid setgid };
-dontaudit nrpe_t self:capability { sys_tty_config sys_resource };
-allow nrpe_t self:process { setpgid signal_perms setsched setrlimit };
-allow nrpe_t self:fifo_file rw_fifo_file_perms;
-allow nrpe_t self:tcp_socket create_stream_socket_perms;
-
-domtrans_pattern(nrpe_t, nagios_checkdisk_plugin_exec_t, nagios_checkdisk_plugin_t)
-
-read_files_pattern(nrpe_t, nagios_etc_t, nagios_etc_t)
-files_search_etc(nrpe_t)
-
-manage_files_pattern(nrpe_t, nrpe_var_run_t, nrpe_var_run_t)
-files_pid_filetrans(nrpe_t, nrpe_var_run_t, file)
-
-kernel_read_system_state(nrpe_t)
-kernel_read_kernel_sysctls(nrpe_t)
-
-corecmd_exec_bin(nrpe_t)
-corecmd_exec_shell(nrpe_t)
-
-corenet_tcp_bind_generic_node(nrpe_t)
-corenet_tcp_bind_inetd_child_port(nrpe_t)
-corenet_sendrecv_unlabeled_packets(nrpe_t)
-
-dev_read_sysfs(nrpe_t)
-dev_read_urand(nrpe_t)
-
-domain_use_interactive_fds(nrpe_t)
-domain_read_all_domains_state(nrpe_t)
-
-files_read_etc_runtime_files(nrpe_t)
-files_read_etc_files(nrpe_t)
-
-fs_getattr_all_fs(nrpe_t)
-fs_search_auto_mountpoints(nrpe_t)
-
-auth_use_nsswitch(nrpe_t)
-
-logging_send_syslog_msg(nrpe_t)
-
-miscfiles_read_localization(nrpe_t)
-
-userdom_dontaudit_use_unpriv_user_fds(nrpe_t)
-
-optional_policy(`
-	inetd_tcp_service_domain(nrpe_t, nrpe_exec_t)
-')
-
-optional_policy(`
-	mta_send_mail(nrpe_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(nrpe_t)
-')
-
-optional_policy(`
-	tcpd_wrapped_domain(nrpe_t, nrpe_exec_t)
-')
-
-optional_policy(`
-	udev_read_db(nrpe_t)
-')
-
-#####################################
-#
-# local policy for admin check plugins
-#
-
-corecmd_read_bin_files(nagios_admin_plugin_t)
-corecmd_read_bin_symlinks(nagios_admin_plugin_t)
-
-dev_read_urand(nagios_admin_plugin_t)
-dev_getattr_all_chr_files(nagios_admin_plugin_t)
-dev_getattr_all_blk_files(nagios_admin_plugin_t)
-
-files_read_etc_files(nagios_admin_plugin_t)
-# for check_file_age plugin
-files_getattr_all_dirs(nagios_admin_plugin_t)
-files_getattr_all_files(nagios_admin_plugin_t)
-files_getattr_all_symlinks(nagios_admin_plugin_t)
-files_getattr_all_pipes(nagios_admin_plugin_t)
-files_getattr_all_sockets(nagios_admin_plugin_t)
-files_getattr_all_file_type_fs(nagios_admin_plugin_t)
-
-######################################
-#
-# local policy for mail check plugins
-#
-
-allow nagios_mail_plugin_t self:capability { setuid setgid dac_override };
-allow nagios_mail_plugin_t self:netlink_route_socket r_netlink_socket_perms;
-allow nagios_mail_plugin_t self:tcp_socket create_stream_socket_perms;
-allow nagios_mail_plugin_t self:udp_socket create_socket_perms;
-
-kernel_read_system_state(nagios_mail_plugin_t)
-kernel_read_kernel_sysctls(nagios_mail_plugin_t)
-
-corecmd_read_bin_files(nagios_mail_plugin_t)
-corecmd_read_bin_symlinks(nagios_mail_plugin_t)
-
-dev_read_urand(nagios_mail_plugin_t)
-
-files_read_etc_files(nagios_mail_plugin_t)
-
-logging_send_syslog_msg(nagios_mail_plugin_t)
-
-sysnet_read_config(nagios_mail_plugin_t)
-
-optional_policy(`
-	mta_send_mail(nagios_mail_plugin_t)
-')
-
-optional_policy(`
-	nscd_dontaudit_search_pid(nagios_mail_plugin_t)
-')
-
-optional_policy(`
-	postfix_stream_connect_master(nagios_mail_plugin_t)
-	posftix_exec_postqueue(nagios_mail_plugin_t)
-')
-
-######################################
-#
-# local policy for disk check plugins
-#
-
-# needed by ioctl()
-allow nagios_checkdisk_plugin_t self:capability { sys_admin sys_rawio };
-
-files_read_etc_runtime_files(nagios_checkdisk_plugin_t)
-
-fs_getattr_all_fs(nagios_checkdisk_plugin_t)
-
-storage_raw_read_fixed_disk(nagios_checkdisk_plugin_t)
-
-#######################################
-#
-# local policy for service check plugins
-#
-
-allow nagios_services_plugin_t self:capability { net_bind_service net_raw };
-allow nagios_services_plugin_t self:process { signal sigkill };
-allow nagios_services_plugin_t self:tcp_socket create_stream_socket_perms;
-allow nagios_services_plugin_t self:udp_socket create_socket_perms;
-
-corecmd_exec_bin(nagios_services_plugin_t)
-
-corenet_tcp_connect_all_ports(nagios_services_plugin_t)
-corenet_udp_bind_dhcpc_port(nagios_services_plugin_t)
-
-auth_use_nsswitch(nagios_services_plugin_t)
-
-domain_read_all_domains_state(nagios_services_plugin_t)
-
-files_read_usr_files(nagios_services_plugin_t)
-
-optional_policy(`
-	netutils_domtrans_ping(nagios_services_plugin_t)
-	netutils_signal_ping(nagios_services_plugin_t)
-	netutils_kill_ping(nagios_services_plugin_t)
-')
-
-optional_policy(`
-	mysql_stream_connect(nagios_services_plugin_t)
-')
-
-optional_policy(`
-	snmp_read_snmp_var_lib_files(nagios_services_plugin_t)
-')
-
-######################################
-#
-# local policy for system check plugins
-#
-
-allow nagios_system_plugin_t self:capability dac_override;
-dontaudit nagios_system_plugin_t self:capability { setuid setgid };
-
-# check_log
-manage_files_pattern(nagios_system_plugin_t, nagios_system_plugin_tmp_t, nagios_system_plugin_tmp_t)
-manage_dirs_pattern(nagios_system_plugin_t, nagios_system_plugin_tmp_t, nagios_system_plugin_tmp_t)
-files_tmp_filetrans(nagios_system_plugin_t, nagios_system_plugin_tmp_t, { dir file })
-
-kernel_read_system_state(nagios_system_plugin_t)
-kernel_read_kernel_sysctls(nagios_system_plugin_t)
-
-corecmd_exec_bin(nagios_system_plugin_t)
-corecmd_exec_shell(nagios_system_plugin_t)
-
-dev_read_sysfs(nagios_system_plugin_t)
-dev_read_urand(nagios_system_plugin_t)
-
-domain_read_all_domains_state(nagios_system_plugin_t)
-
-files_read_etc_files(nagios_system_plugin_t)
-
-# needed by check_users plugin
-optional_policy(`
-	init_read_utmp(nagios_system_plugin_t)
-')
-
-########################################
-#
-# Unconfined plugin policy
-#
-
-optional_policy(`
-	unconfined_domain(nagios_unconfined_plugin_t)
-')
diff --git a/policy/modules/services/nessus.fc b/policy/modules/services/nessus.fc
deleted file mode 100644
index 74da57f..0000000
--- a/policy/modules/services/nessus.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-
-/etc/nessus/nessusd\.conf --	gen_context(system_u:object_r:nessusd_etc_t,s0)
-
-/usr/lib(64)?/nessus/plugins/.* -- gen_context(system_u:object_r:nessusd_exec_t,s0)
-
-/usr/sbin/nessusd	--	gen_context(system_u:object_r:nessusd_exec_t,s0)
-
-/var/lib/nessus(/.*)?		gen_context(system_u:object_r:nessusd_db_t,s0)
-
-/var/log/nessus(/.*)?		gen_context(system_u:object_r:nessusd_log_t,s0)
diff --git a/policy/modules/services/nessus.if b/policy/modules/services/nessus.if
deleted file mode 100644
index 6ec8003..0000000
--- a/policy/modules/services/nessus.if
+++ /dev/null
@@ -1,15 +0,0 @@
-## <summary>Nessus network scanning daemon</summary>
-
-########################################
-## <summary>
-##	Connect to nessus over a TCP socket  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nessus_tcp_connect',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
diff --git a/policy/modules/services/nessus.te b/policy/modules/services/nessus.te
deleted file mode 100644
index b16c387..0000000
--- a/policy/modules/services/nessus.te
+++ /dev/null
@@ -1,105 +0,0 @@
-policy_module(nessus, 1.7.0)
-
-########################################
-#
-# Local policy
-#
-
-type nessusd_t;
-type nessusd_exec_t;
-init_daemon_domain(nessusd_t, nessusd_exec_t)
-
-type nessusd_db_t;
-files_type(nessusd_db_t)
-
-type nessusd_etc_t;
-files_config_file(nessusd_etc_t)
-
-type nessusd_log_t;
-logging_log_file(nessusd_log_t)
-
-type nessusd_var_run_t;
-files_pid_file(nessusd_var_run_t)
-
-########################################
-#
-# Declarations
-#
-
-allow nessusd_t self:capability net_raw;
-dontaudit nessusd_t self:capability sys_tty_config;
-allow nessusd_t self:process { setsched signal_perms };
-allow nessusd_t self:fifo_file rw_fifo_file_perms;
-allow nessusd_t self:tcp_socket create_stream_socket_perms;
-allow nessusd_t self:udp_socket create_socket_perms;
-allow nessusd_t self:rawip_socket create_socket_perms;
-allow nessusd_t self:packet_socket create_socket_perms;
-
-# Allow access to the nessusd authentication database
-manage_dirs_pattern(nessusd_t, nessusd_db_t, nessusd_db_t)
-manage_files_pattern(nessusd_t, nessusd_db_t, nessusd_db_t)
-manage_lnk_files_pattern(nessusd_t, nessusd_db_t, nessusd_db_t)
-files_list_var_lib(nessusd_t)
-
-allow nessusd_t nessusd_etc_t:file read_file_perms;
-files_search_etc(nessusd_t)
-
-manage_files_pattern(nessusd_t, nessusd_log_t, nessusd_log_t)
-logging_log_filetrans(nessusd_t, nessusd_log_t, { file dir })
-
-manage_files_pattern(nessusd_t, nessusd_var_run_t, nessusd_var_run_t)
-files_pid_filetrans(nessusd_t, nessusd_var_run_t, file)
-
-kernel_read_system_state(nessusd_t)
-kernel_read_kernel_sysctls(nessusd_t)
-
-# for nmap etc
-corecmd_exec_bin(nessusd_t)
-
-corenet_all_recvfrom_unlabeled(nessusd_t)
-corenet_all_recvfrom_netlabel(nessusd_t)
-corenet_tcp_sendrecv_generic_if(nessusd_t)
-corenet_udp_sendrecv_generic_if(nessusd_t)
-corenet_raw_sendrecv_generic_if(nessusd_t)
-corenet_tcp_sendrecv_generic_node(nessusd_t)
-corenet_udp_sendrecv_generic_node(nessusd_t)
-corenet_raw_sendrecv_generic_node(nessusd_t)
-corenet_tcp_sendrecv_all_ports(nessusd_t)
-corenet_udp_sendrecv_all_ports(nessusd_t)
-corenet_tcp_bind_generic_node(nessusd_t)
-corenet_tcp_bind_nessus_port(nessusd_t)
-corenet_tcp_connect_all_ports(nessusd_t)
-corenet_sendrecv_all_client_packets(nessusd_t)
-corenet_sendrecv_nessus_server_packets(nessusd_t)
-
-dev_read_sysfs(nessusd_t)
-dev_read_urand(nessusd_t)
-
-domain_use_interactive_fds(nessusd_t)
-
-files_read_etc_files(nessusd_t)
-files_read_etc_runtime_files(nessusd_t)
-
-fs_getattr_all_fs(nessusd_t)
-fs_search_auto_mountpoints(nessusd_t)
-
-logging_send_syslog_msg(nessusd_t)
-
-miscfiles_read_localization(nessusd_t)
-
-sysnet_read_config(nessusd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(nessusd_t)
-userdom_dontaudit_search_user_home_dirs(nessusd_t)
-
-optional_policy(`
-	nis_use_ypbind(nessusd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(nessusd_t)
-')
-
-optional_policy(`
-	udev_read_db(nessusd_t)
-')
diff --git a/policy/modules/services/networkmanager.fc b/policy/modules/services/networkmanager.fc
deleted file mode 100644
index d15cc4b..0000000
--- a/policy/modules/services/networkmanager.fc
+++ /dev/null
@@ -1,30 +0,0 @@
-/etc/rc\.d/init\.d/wicd		--	gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
-
-/etc/NetworkManager/dispatcher\.d(/.*)	gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
-
-/etc/wicd/manager-settings.conf -- gen_context(system_u:object_r:NetworkManager_var_lib_t, s0)
-/etc/wicd/wireless-settings.conf -- gen_context(system_u:object_r:NetworkManager_var_lib_t, s0)
-/etc/wicd/wired-settings.conf -- gen_context(system_u:object_r:NetworkManager_var_lib_t, s0)
-
-/usr/libexec/nm-dispatcher.action --	gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
-
-/sbin/wpa_cli			--	gen_context(system_u:object_r:wpa_cli_exec_t,s0)
-/sbin/wpa_supplicant		--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
-
-/usr/s?bin/NetworkManager	--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
-/usr/s?bin/wpa_supplicant	--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
-/usr/sbin/NetworkManagerDispatcher --	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
-/usr/sbin/nm-system-settings	--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
-/usr/sbin/wicd 			--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
-
-/var/lib/wicd(/.*)?			gen_context(system_u:object_r:NetworkManager_var_lib_t,s0)
-/var/lib/NetworkManager(/.*)?		gen_context(system_u:object_r:NetworkManager_var_lib_t,s0)
-
-/var/log/wicd(/.*)? 			gen_context(system_u:object_r:NetworkManager_log_t,s0)
-/var/log/wpa_supplicant.*	--	gen_context(system_u:object_r:NetworkManager_log_t,s0)
-
-/var/run/NetworkManager\.pid	--	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-/var/run/NetworkManager(/.*)?		gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-/var/run/nm-dhclient.*			gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-/var/run/wpa_supplicant(/.*)?		gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-/var/run/wpa_supplicant-global	-s	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
diff --git a/policy/modules/services/networkmanager.if b/policy/modules/services/networkmanager.if
deleted file mode 100644
index 8069487..0000000
--- a/policy/modules/services/networkmanager.if
+++ /dev/null
@@ -1,262 +0,0 @@
-## <summary>Manager for dynamically switching between networks.</summary>
-
-########################################
-## <summary>
-##	Read and write NetworkManager UDP sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for named.
-interface(`networkmanager_rw_udp_sockets',`
-	gen_require(`
-		type NetworkManager_t;
-	')
-
-	allow $1 NetworkManager_t:udp_socket { read write };
-')
-
-########################################
-## <summary>
-##	Read and write NetworkManager packet sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for named.
-interface(`networkmanager_rw_packet_sockets',`
-	gen_require(`
-		type NetworkManager_t;
-	')
-
-	allow $1 NetworkManager_t:packet_socket { read write };
-')
-
-#######################################
-## <summary>
-## Allow caller to relabel tun_socket
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`networkmanager_attach_tun_iface',`
-	gen_require(`
-		type NetworkManager_t;
-	')
-
-	allow $1 NetworkManager_t:tun_socket relabelfrom;
-	allow $1 self:tun_socket relabelto;
-')
-
-########################################
-## <summary>
-##	Read and write NetworkManager netlink
-##	routing sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for named.
-interface(`networkmanager_rw_routing_sockets',`
-	gen_require(`
-		type NetworkManager_t;
-	')
-
-	allow $1 NetworkManager_t:netlink_route_socket { read write };
-')
-
-########################################
-## <summary>
-##	Execute NetworkManager with a domain transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`networkmanager_domtrans',`
-	gen_require(`
-		type NetworkManager_t, NetworkManager_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, NetworkManager_exec_t, NetworkManager_t)
-')
-
-########################################
-## <summary>
-##	Execute NetworkManager scripts with an automatic domain transition to initrc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`networkmanager_initrc_domtrans',`
-	gen_require(`
-		type NetworkManager_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, NetworkManager_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	NetworkManager over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`networkmanager_dbus_chat',`
-	gen_require(`
-		type NetworkManager_t;
-		class dbus send_msg;
-	')
-
-	allow $1 NetworkManager_t:dbus send_msg;
-	allow NetworkManager_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to send and
-##	receive messages from NetworkManager
-##	over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`networkmanager_dontaudit_dbus_chat',`
-	gen_require(`
-		type NetworkManager_t;
-		class dbus send_msg;
-	')
-
-	dontaudit $1 NetworkManager_t:dbus send_msg;
-	dontaudit NetworkManager_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Send a generic signal to NetworkManager
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`networkmanager_signal',`
-	gen_require(`
-		type NetworkManager_t;
-	')
-
-	allow $1 NetworkManager_t:process signal;
-')
-
-########################################
-## <summary>
-##	Read NetworkManager lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`networkmanager_read_lib_files',`
-	gen_require(`
-		type NetworkManager_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	list_dirs_pattern($1, NetworkManager_var_lib_t, NetworkManager_var_lib_t)
-	read_files_pattern($1, NetworkManager_var_lib_t, NetworkManager_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Read NetworkManager PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`networkmanager_read_pid_files',`
-	gen_require(`
-		type NetworkManager_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 NetworkManager_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute NetworkManager in the NetworkManager domain, and
-##	allow the specified role the NetworkManager domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`networkmanager_run',`
-	gen_require(`
-		type NetworkManager_t, NetworkManager_exec_t;
-	')
-
-	networkmanager_domtrans($1)
-	role $2 types NetworkManager_t;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to append
-##	to Network Manager log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`networkmanager_append_log',`
-	gen_require(`
-		type NetworkManager_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 NetworkManager_log_t:dir list_dir_perms;
-	append_files_pattern($1, NetworkManager_log_t, NetworkManager_log_t)
-')
diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te
deleted file mode 100644
index 02ae4e0..0000000
--- a/policy/modules/services/networkmanager.te
+++ /dev/null
@@ -1,310 +0,0 @@
-policy_module(networkmanager, 1.14.0)
-
-########################################
-#
-# Declarations
-#
-
-type NetworkManager_t;
-type NetworkManager_exec_t;
-init_daemon_domain(NetworkManager_t, NetworkManager_exec_t)
-
-type NetworkManager_initrc_exec_t;
-init_script_file(NetworkManager_initrc_exec_t)
-
-type NetworkManager_log_t;
-logging_log_file(NetworkManager_log_t)
-
-type NetworkManager_tmp_t;
-files_tmp_file(NetworkManager_tmp_t)
-
-type NetworkManager_var_lib_t;
-files_type(NetworkManager_var_lib_t)
-
-type NetworkManager_var_run_t;
-files_pid_file(NetworkManager_var_run_t)
-
-type wpa_cli_t;
-type wpa_cli_exec_t;
-init_system_domain(wpa_cli_t, wpa_cli_exec_t)
-
-########################################
-#
-# Local policy
-#
-
-# networkmanager will ptrace itself if gdb is installed
-# and it receives a unexpected signal (rh bug #204161)
-allow NetworkManager_t self:capability { chown fsetid kill setgid setuid sys_admin sys_nice sys_ptrace dac_override net_admin net_raw net_bind_service ipc_lock };
-dontaudit NetworkManager_t self:capability { sys_tty_config sys_ptrace };
-allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched setsched signal_perms };
-allow NetworkManager_t self:fifo_file rw_fifo_file_perms;
-allow NetworkManager_t self:unix_dgram_socket { sendto create_socket_perms };
-allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms;
-allow NetworkManager_t self:netlink_route_socket create_netlink_socket_perms;
-allow NetworkManager_t self:netlink_kobject_uevent_socket create_socket_perms;
-allow NetworkManager_t self:tcp_socket create_stream_socket_perms;
-allow NetworkManager_t self:tun_socket { create_socket_perms relabelfrom relabelto };
-allow NetworkManager_t self:udp_socket create_socket_perms;
-allow NetworkManager_t self:packet_socket create_socket_perms;
-
-allow NetworkManager_t wpa_cli_t:unix_dgram_socket sendto;
-
-can_exec(NetworkManager_t, NetworkManager_exec_t)
-
-manage_files_pattern(NetworkManager_t, NetworkManager_log_t, NetworkManager_log_t)
-logging_log_filetrans(NetworkManager_t, NetworkManager_log_t, file)
-
-can_exec(NetworkManager_t, NetworkManager_tmp_t)
-manage_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
-manage_sock_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
-files_tmp_filetrans(NetworkManager_t, NetworkManager_tmp_t, { sock_file file })
-
-manage_dirs_pattern(NetworkManager_t, NetworkManager_var_lib_t, NetworkManager_var_lib_t)
-manage_files_pattern(NetworkManager_t, NetworkManager_var_lib_t, NetworkManager_var_lib_t)
-files_var_lib_filetrans(NetworkManager_t, NetworkManager_var_lib_t, dir)
-
-manage_dirs_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
-manage_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
-manage_sock_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
-files_pid_filetrans(NetworkManager_t, NetworkManager_var_run_t, { dir file sock_file })
-
-kernel_read_system_state(NetworkManager_t)
-kernel_read_network_state(NetworkManager_t)
-kernel_read_kernel_sysctls(NetworkManager_t)
-kernel_request_load_module(NetworkManager_t)
-kernel_read_debugfs(NetworkManager_t)
-kernel_rw_net_sysctls(NetworkManager_t)
-
-corenet_all_recvfrom_unlabeled(NetworkManager_t)
-corenet_all_recvfrom_netlabel(NetworkManager_t)
-corenet_tcp_sendrecv_generic_if(NetworkManager_t)
-corenet_udp_sendrecv_generic_if(NetworkManager_t)
-corenet_raw_sendrecv_generic_if(NetworkManager_t)
-corenet_tcp_sendrecv_generic_node(NetworkManager_t)
-corenet_udp_sendrecv_generic_node(NetworkManager_t)
-corenet_raw_sendrecv_generic_node(NetworkManager_t)
-corenet_tcp_sendrecv_all_ports(NetworkManager_t)
-corenet_udp_sendrecv_all_ports(NetworkManager_t)
-corenet_udp_bind_generic_node(NetworkManager_t)
-corenet_udp_bind_isakmp_port(NetworkManager_t)
-corenet_udp_bind_dhcpc_port(NetworkManager_t)
-corenet_tcp_connect_all_ports(NetworkManager_t)
-corenet_sendrecv_isakmp_server_packets(NetworkManager_t)
-corenet_sendrecv_dhcpc_server_packets(NetworkManager_t)
-corenet_sendrecv_all_client_packets(NetworkManager_t)
-corenet_rw_tun_tap_dev(NetworkManager_t)
-corenet_getattr_ppp_dev(NetworkManager_t)
-
-dev_read_sysfs(NetworkManager_t)
-dev_read_rand(NetworkManager_t)
-dev_read_urand(NetworkManager_t)
-dev_dontaudit_getattr_generic_blk_files(NetworkManager_t)
-dev_getattr_all_chr_files(NetworkManager_t)
-
-fs_getattr_all_fs(NetworkManager_t)
-fs_search_auto_mountpoints(NetworkManager_t)
-fs_list_inotifyfs(NetworkManager_t)
-
-mls_file_read_all_levels(NetworkManager_t)
-
-selinux_dontaudit_search_fs(NetworkManager_t)
-
-corecmd_exec_shell(NetworkManager_t)
-corecmd_exec_bin(NetworkManager_t)
-
-domain_use_interactive_fds(NetworkManager_t)
-domain_read_confined_domains_state(NetworkManager_t)
-
-files_read_etc_files(NetworkManager_t)
-files_read_etc_runtime_files(NetworkManager_t)
-files_read_usr_files(NetworkManager_t)
-files_read_usr_src_files(NetworkManager_t)
-
-storage_getattr_fixed_disk_dev(NetworkManager_t)
-
-init_read_utmp(NetworkManager_t)
-init_dontaudit_write_utmp(NetworkManager_t)
-init_domtrans_script(NetworkManager_t)
-
-auth_use_nsswitch(NetworkManager_t)
-
-logging_send_syslog_msg(NetworkManager_t)
-
-miscfiles_read_localization(NetworkManager_t)
-miscfiles_read_generic_certs(NetworkManager_t)
-
-modutils_domtrans_insmod(NetworkManager_t)
-
-seutil_read_config(NetworkManager_t)
-
-sysnet_domtrans_ifconfig(NetworkManager_t)
-sysnet_domtrans_dhcpc(NetworkManager_t)
-sysnet_signal_dhcpc(NetworkManager_t)
-sysnet_read_dhcpc_pid(NetworkManager_t)
-sysnet_read_dhcp_config(NetworkManager_t)
-sysnet_delete_dhcpc_pid(NetworkManager_t)
-sysnet_kill_dhcpc(NetworkManager_t)
-sysnet_read_dhcpc_state(NetworkManager_t)
-sysnet_delete_dhcpc_state(NetworkManager_t)
-sysnet_search_dhcp_state(NetworkManager_t)
-# in /etc created by NetworkManager will be labelled net_conf_t.
-sysnet_manage_config(NetworkManager_t)
-sysnet_etc_filetrans_config(NetworkManager_t)
-
-userdom_stream_connect(NetworkManager_t)
-userdom_dontaudit_use_unpriv_user_fds(NetworkManager_t)
-userdom_dontaudit_use_user_ttys(NetworkManager_t)
-# Read gnome-keyring
-userdom_read_home_certs(NetworkManager_t)
-userdom_read_user_home_content_files(NetworkManager_t)
-userdom_dgram_send(NetworkManager_t)
-
-cron_read_system_job_lib_files(NetworkManager_t)
-
-optional_policy(`
-	avahi_domtrans(NetworkManager_t)
-	avahi_kill(NetworkManager_t)
-	avahi_signal(NetworkManager_t)
-	avahi_signull(NetworkManager_t)
-	avahi_dbus_chat(NetworkManager_t)
-')
-
-optional_policy(`
-	bind_domtrans(NetworkManager_t)
-	bind_manage_cache(NetworkManager_t)
-	bind_kill(NetworkManager_t)
-	bind_signal(NetworkManager_t)
-	bind_signull(NetworkManager_t)
-')
-
-optional_policy(`
-	bluetooth_dontaudit_read_helper_state(NetworkManager_t)
-')
-
-optional_policy(`
-	consoletype_domtrans(NetworkManager_t)
-')
-
-optional_policy(`
-	dbus_system_domain(NetworkManager_t, NetworkManager_exec_t)
-
-	init_dbus_chat(NetworkManager_t)
-
-	optional_policy(`
-		consolekit_dbus_chat(NetworkManager_t)
-	')
-')
-
-optional_policy(`
-	dnsmasq_read_pid_files(NetworkManager_t)
-	dnsmasq_delete_pid_files(NetworkManager_t)
-	dnsmasq_domtrans(NetworkManager_t)
-	dnsmasq_initrc_domtrans(NetworkManager_t)
-	dnsmasq_kill(NetworkManager_t)
-	dnsmasq_signal(NetworkManager_t)
-	dnsmasq_signull(NetworkManager_t)
-')
-
-optional_policy(`
-	hal_write_log(NetworkManager_t)
-')
-
-optional_policy(`
-	howl_signal(NetworkManager_t)
-')
-
-optional_policy(`
-	ipsec_domtrans_mgmt(NetworkManager_t)
-	ipsec_kill_mgmt(NetworkManager_t)
-	ipsec_signal_mgmt(NetworkManager_t)
-	ipsec_signull_mgmt(NetworkManager_t)
-')
-
-optional_policy(`
-	iptables_domtrans(NetworkManager_t)
-')
-
-optional_policy(`
-	nscd_domtrans(NetworkManager_t)
-	nscd_signal(NetworkManager_t)
-	nscd_signull(NetworkManager_t)
-	nscd_kill(NetworkManager_t)
-	nscd_initrc_domtrans(NetworkManager_t)
-')
-
-optional_policy(`
-	# Dispatcher starting and stoping ntp
-	ntp_initrc_domtrans(NetworkManager_t)
-')
-
-optional_policy(`
-	openvpn_domtrans(NetworkManager_t)
-	openvpn_kill(NetworkManager_t)
-	openvpn_signal(NetworkManager_t)
-	openvpn_signull(NetworkManager_t)
-')
-
-optional_policy(`
-	policykit_dbus_chat(NetworkManager_t)
-	policykit_domtrans_auth(NetworkManager_t)
-	policykit_read_lib(NetworkManager_t)
-	policykit_read_reload(NetworkManager_t)
-	userdom_read_all_users_state(NetworkManager_t)
-')
-
-optional_policy(`
-	ppp_initrc_domtrans(NetworkManager_t)
-	ppp_domtrans(NetworkManager_t)
-	ppp_manage_pid_files(NetworkManager_t)
-	ppp_kill(NetworkManager_t)
-	ppp_signal(NetworkManager_t)
-	ppp_signull(NetworkManager_t)
-	ppp_read_config(NetworkManager_t)
-')
-
-optional_policy(`
-	rpm_exec(NetworkManager_t)
-	rpm_read_db(NetworkManager_t)
-	rpm_dontaudit_manage_db(NetworkManager_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(NetworkManager_t)
-')
-
-optional_policy(`
-	udev_exec(NetworkManager_t)
-	udev_read_db(NetworkManager_t)
-')
-
-optional_policy(`
-	vpn_domtrans(NetworkManager_t)
-	vpn_kill(NetworkManager_t)
-	vpn_signal(NetworkManager_t)
-	vpn_signull(NetworkManager_t)
-	vpn_relabelfrom_tun_socket(NetworkManager_t)
-')
-
-########################################
-#
-# wpa_cli local policy
-#
-
-allow wpa_cli_t self:capability dac_override;
-allow wpa_cli_t self:unix_dgram_socket create_socket_perms;
-
-allow wpa_cli_t NetworkManager_t:unix_dgram_socket sendto;
-
-manage_sock_files_pattern(wpa_cli_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
-files_tmp_filetrans(wpa_cli_t, NetworkManager_tmp_t, sock_file)
-
-list_dirs_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
-rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
-
-init_dontaudit_use_fds(wpa_cli_t)
-init_use_script_ptys(wpa_cli_t)
-
-miscfiles_read_localization(wpa_cli_t)
-
-term_dontaudit_use_console(wpa_cli_t)
diff --git a/policy/modules/services/nis.fc b/policy/modules/services/nis.fc
deleted file mode 100644
index 0c97dab..0000000
--- a/policy/modules/services/nis.fc
+++ /dev/null
@@ -1,22 +0,0 @@
-/etc/rc\.d/init\.d/ypbind	--	gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/yppasswdd	--	gen_context(system_u:object_r:nis_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/ypserv	--	gen_context(system_u:object_r:nis_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/ypxfrd	--	gen_context(system_u:object_r:nis_initrc_exec_t,s0)
-/etc/ypserv\.conf	--	gen_context(system_u:object_r:ypserv_conf_t,s0)
-
-/sbin/ypbind		--	gen_context(system_u:object_r:ypbind_exec_t,s0)
-
-/usr/lib/yp/ypxfr	--	gen_context(system_u:object_r:ypxfr_exec_t,s0)
-/usr/lib64/yp/ypxfr	--	gen_context(system_u:object_r:ypxfr_exec_t,s0)
-
-/usr/sbin/rpc\.yppasswdd --	gen_context(system_u:object_r:yppasswdd_exec_t,s0)
-/usr/sbin/rpc\.ypxfrd	--	gen_context(system_u:object_r:ypxfr_exec_t,s0)
-/usr/sbin/ypbind	--	gen_context(system_u:object_r:ypbind_exec_t,s0)
-/usr/sbin/ypserv	--	gen_context(system_u:object_r:ypserv_exec_t,s0)
-
-/var/yp(/.*)?			gen_context(system_u:object_r:var_yp_t,s0)
-
-/var/run/ypxfrd.*	--	gen_context(system_u:object_r:ypxfr_var_run_t,s0)
-/var/run/ypbind.*	--	gen_context(system_u:object_r:ypbind_var_run_t,s0)
-/var/run/ypserv.*	--	gen_context(system_u:object_r:ypserv_var_run_t,s0)
-/var/run/yppass.*	--	gen_context(system_u:object_r:yppasswdd_var_run_t,s0)
diff --git a/policy/modules/services/nis.if b/policy/modules/services/nis.if
deleted file mode 100644
index 995a6cb..0000000
--- a/policy/modules/services/nis.if
+++ /dev/null
@@ -1,377 +0,0 @@
-## <summary>Policy for NIS (YP) servers and clients</summary>
-
-########################################
-## <summary>
-##	Use the ypbind service to access NIS services
-##	unconditionally.
-## </summary>
-## <desc>
-##	<p>
-##	Use the ypbind service to access NIS services
-##	unconditionally.
-##	</p>
-##	<p>
-##	This interface was added because of apache and
-##	spamassassin, to fix a nested conditionals problem.
-##	When that support is added, this should be removed,
-##	and the regular	interface should be used.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nis_use_ypbind_uncond',`
-	gen_require(`
-		type var_yp_t;
-	')
-
-	allow $1 self:capability net_bind_service;
-
-	allow $1 self:tcp_socket create_stream_socket_perms;
-	allow $1 self:udp_socket create_socket_perms;
-
-	allow $1 var_yp_t:dir list_dir_perms;
-	allow $1 var_yp_t:lnk_file read_lnk_file_perms;
-	allow $1 var_yp_t:file read_file_perms;
-
-	corenet_all_recvfrom_unlabeled($1)
-	corenet_all_recvfrom_netlabel($1)
-	corenet_tcp_sendrecv_generic_if($1)
-	corenet_udp_sendrecv_generic_if($1)
-	corenet_tcp_sendrecv_generic_node($1)
-	corenet_udp_sendrecv_generic_node($1)
-	corenet_tcp_sendrecv_all_ports($1)
-	corenet_udp_sendrecv_all_ports($1)
-	corenet_tcp_bind_generic_node($1)
-	corenet_udp_bind_generic_node($1)
-	corenet_tcp_bind_generic_port($1)
-	corenet_udp_bind_generic_port($1)
-	corenet_tcp_bind_all_rpc_ports($1)
-	corenet_udp_bind_all_rpc_ports($1)
-	corenet_dontaudit_tcp_bind_all_ports($1)
-	corenet_dontaudit_udp_bind_all_ports($1)
-	corenet_tcp_connect_portmap_port($1)
-	corenet_tcp_connect_all_reserved_ports($1)
-	corenet_tcp_connect_generic_port($1)
-	corenet_dontaudit_tcp_connect_all_ports($1)
-	corenet_sendrecv_portmap_client_packets($1)
-	corenet_sendrecv_generic_client_packets($1)
-	corenet_sendrecv_generic_server_packets($1)
-
-	sysnet_read_config($1)
-')
-
-########################################
-## <summary>
-##	Use the ypbind service to access NIS services.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to use the ypbind service
-##	to access Network Information Service (NIS) services.
-##	Information that can be retreived from NIS includes
-##	usernames, passwords, home directories, and groups.
-##	If the network is configured to have a single sign-on
-##	using NIS, it is likely that any program that does
-##	authentication will need this access.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-## <rolecap/>
-#
-interface(`nis_use_ypbind',`
-	tunable_policy(`allow_ypbind',`
-		nis_use_ypbind_uncond($1)
-	')
-')
-
-########################################
-## <summary>
-##	Use the nis to authenticate passwords
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`nis_authenticate',`
-	tunable_policy(`allow_ypbind',`
-		nis_use_ypbind_uncond($1)
-		corenet_tcp_bind_all_rpc_ports($1)
-		corenet_udp_bind_all_rpc_ports($1)
-	')
-')
-
-########################################
-## <summary>
-##	Execute ypbind in the ypbind domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`nis_domtrans_ypbind',`
-	gen_require(`
-		type ypbind_t, ypbind_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, ypbind_exec_t, ypbind_t)
-')
-
-########################################
-## <summary>
-##	Execute ypbind in the ypbind domain, and
-##	allow the specified role the ypbind domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`nis_run_ypbind',`
-	gen_require(`
-		type ypbind_t;
-	')
-
-	nis_domtrans_ypbind($1)
-	role $2 types ypbind_t;
-')
-
-########################################
-## <summary>
-##	Send generic signals to ypbind.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nis_signal_ypbind',`
-	gen_require(`
-		type ypbind_t;
-	')
-
-	allow $1 ypbind_t:process signal;
-')
-
-########################################
-## <summary>
-##	List the contents of the NIS data directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nis_list_var_yp',`
-	gen_require(`
-		type var_yp_t;
-	')
-
-	files_search_var($1)
-	allow $1 var_yp_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Send UDP network traffic to NIS clients.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nis_udp_send_ypbind',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Connect to ypbind over TCP.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nis_tcp_connect_ypbind',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Read ypbind pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nis_read_ypbind_pid',`
-	gen_require(`
-		type ypbind_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 ypbind_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Read ypserv configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nis_read_ypserv_config',`
-	gen_require(`
-		type ypserv_conf_t;
-	')
-
-	files_search_etc($1)
-	allow $1 ypserv_conf_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute ypxfr in the ypxfr domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`nis_domtrans_ypxfr',`
-	gen_require(`
-		type ypxfr_t, ypxfr_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, ypxfr_exec_t, ypxfr_t)
-')
-
-########################################
-## <summary>
-##	Execute nis server in the nis domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-#
-interface(`nis_initrc_domtrans',`
-	gen_require(`
-		type nis_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, nis_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute nis server in the nis domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`nis_initrc_domtrans_ypbind',`
-	gen_require(`
-		type ypbind_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, ypbind_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an nis environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`nis_admin',`
-	gen_require(`
-		type ypbind_t, yppasswdd_t, ypserv_t;
-		type ypbind_tmp_t, ypserv_tmp_t, ypserv_conf_t;
-		type ypbind_var_run_t, yppasswdd_var_run_t, ypserv_var_run_t;
-		type ypbind_initrc_exec_t, nis_initrc_exec_t, ypxfr_t;
-	')
-
-	allow $1 ypbind_t:process { ptrace signal_perms };
-	ps_process_pattern($1, ypbind_t)
-
-	allow $1 yppasswdd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, yppasswdd_t)
-
-	allow $1 ypserv_t:process { ptrace signal_perms };
-	ps_process_pattern($1, ypserv_t)
-
-	allow $1 ypxfr_t:process { ptrace signal_perms };
-	ps_process_pattern($1, ypxfr_t)
-
-	nis_initrc_domtrans($1)
-	nis_initrc_domtrans_ypbind($1)
-	domain_system_change_exemption($1)
-	role_transition $2 nis_initrc_exec_t system_r;
-	role_transition $2 ypbind_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, ypbind_tmp_t)
-
-	files_list_pids($1)
-	admin_pattern($1, ypbind_var_run_t)
-
-	admin_pattern($1, yppasswdd_var_run_t)
-
-	files_list_etc($1)
-	admin_pattern($1, ypserv_conf_t)
-
-	admin_pattern($1, ypserv_tmp_t)
-
-	admin_pattern($1, ypserv_var_run_t)
-')
diff --git a/policy/modules/services/nis.te b/policy/modules/services/nis.te
deleted file mode 100644
index 5f2ba87..0000000
--- a/policy/modules/services/nis.te
+++ /dev/null
@@ -1,348 +0,0 @@
-policy_module(nis, 1.10.0)
-
-########################################
-#
-# Declarations
-#
-
-type nis_initrc_exec_t;
-init_script_file(nis_initrc_exec_t)
-
-type var_yp_t;
-files_type(var_yp_t)
-
-type ypbind_t;
-type ypbind_exec_t;
-init_daemon_domain(ypbind_t, ypbind_exec_t)
-
-type ypbind_initrc_exec_t;
-init_script_file(ypbind_initrc_exec_t)
-
-type ypbind_tmp_t;
-files_tmp_file(ypbind_tmp_t)
-
-type ypbind_var_run_t;
-files_pid_file(ypbind_var_run_t)
-
-type yppasswdd_t;
-type yppasswdd_exec_t;
-init_daemon_domain(yppasswdd_t, yppasswdd_exec_t)
-domain_obj_id_change_exemption(yppasswdd_t)
-
-type yppasswdd_var_run_t;
-files_pid_file(yppasswdd_var_run_t)
-
-type ypserv_t;
-type ypserv_exec_t;
-init_daemon_domain(ypserv_t, ypserv_exec_t)
-
-type ypserv_conf_t;
-files_type(ypserv_conf_t)
-
-type ypserv_tmp_t;
-files_tmp_file(ypserv_tmp_t)
-
-type ypserv_var_run_t;
-files_pid_file(ypserv_var_run_t)
-
-type ypxfr_t;
-type ypxfr_exec_t;
-init_daemon_domain(ypxfr_t, ypxfr_exec_t)
-
-type ypxfr_var_run_t;
-files_pid_file(ypxfr_var_run_t)
-
-########################################
-#
-# ypbind local policy
-#
-
-dontaudit ypbind_t self:capability { net_admin sys_tty_config };
-allow ypbind_t self:process signal_perms;
-allow ypbind_t self:fifo_file rw_fifo_file_perms;
-allow ypbind_t self:{ unix_dgram_socket unix_stream_socket } create_socket_perms;
-allow ypbind_t self:netlink_route_socket r_netlink_socket_perms;
-allow ypbind_t self:tcp_socket create_stream_socket_perms;
-allow ypbind_t self:udp_socket create_socket_perms;
-
-manage_dirs_pattern(ypbind_t, ypbind_tmp_t, ypbind_tmp_t)
-manage_files_pattern(ypbind_t, ypbind_tmp_t, ypbind_tmp_t)
-files_tmp_filetrans(ypbind_t, ypbind_tmp_t, { file dir })
-
-manage_files_pattern(ypbind_t, ypbind_var_run_t, ypbind_var_run_t)
-files_pid_filetrans(ypbind_t, ypbind_var_run_t, file)
-
-manage_files_pattern(ypbind_t, var_yp_t, var_yp_t)
-
-kernel_read_system_state(ypbind_t)
-kernel_read_kernel_sysctls(ypbind_t)
-
-corenet_all_recvfrom_unlabeled(ypbind_t)
-corenet_all_recvfrom_netlabel(ypbind_t)
-corenet_tcp_sendrecv_generic_if(ypbind_t)
-corenet_udp_sendrecv_generic_if(ypbind_t)
-corenet_tcp_sendrecv_generic_node(ypbind_t)
-corenet_udp_sendrecv_generic_node(ypbind_t)
-corenet_tcp_sendrecv_all_ports(ypbind_t)
-corenet_udp_sendrecv_all_ports(ypbind_t)
-corenet_tcp_bind_generic_node(ypbind_t)
-corenet_udp_bind_generic_node(ypbind_t)
-corenet_tcp_bind_generic_port(ypbind_t)
-corenet_udp_bind_generic_port(ypbind_t)
-corenet_tcp_bind_reserved_port(ypbind_t)
-corenet_udp_bind_reserved_port(ypbind_t)
-corenet_tcp_bind_all_rpc_ports(ypbind_t)
-corenet_udp_bind_all_rpc_ports(ypbind_t)
-corenet_tcp_connect_all_ports(ypbind_t)
-corenet_dontaudit_tcp_bind_all_reserved_ports(ypbind_t)
-corenet_dontaudit_udp_bind_all_reserved_ports(ypbind_t)
-corenet_sendrecv_all_client_packets(ypbind_t)
-corenet_sendrecv_generic_server_packets(ypbind_t)
-
-dev_read_sysfs(ypbind_t)
-
-fs_getattr_all_fs(ypbind_t)
-fs_search_auto_mountpoints(ypbind_t)
-
-domain_use_interactive_fds(ypbind_t)
-
-files_read_etc_files(ypbind_t)
-files_list_var(ypbind_t)
-
-logging_send_syslog_msg(ypbind_t)
-
-miscfiles_read_localization(ypbind_t)
-
-sysnet_read_config(ypbind_t)
-
-userdom_dontaudit_use_unpriv_user_fds(ypbind_t)
-userdom_dontaudit_search_user_home_dirs(ypbind_t)
-
-optional_policy(`
-	dbus_system_bus_client(ypbind_t)
-	dbus_connect_system_bus(ypbind_t)
-	init_dbus_chat_script(ypbind_t)
-
-	optional_policy(`
-		networkmanager_dbus_chat(ypbind_t)
-	')
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(ypbind_t)
-')
-
-optional_policy(`
-	udev_read_db(ypbind_t)
-')
-
-########################################
-#
-# yppasswdd local policy
-#
-
-allow yppasswdd_t self:capability dac_override;
-dontaudit yppasswdd_t self:capability sys_tty_config;
-allow yppasswdd_t self:process { getsched setfscreate signal_perms };
-allow yppasswdd_t self:fifo_file rw_fifo_file_perms;
-allow yppasswdd_t self:unix_dgram_socket create_socket_perms;
-allow yppasswdd_t self:unix_stream_socket create_stream_socket_perms;
-allow yppasswdd_t self:netlink_route_socket r_netlink_socket_perms;
-allow yppasswdd_t self:tcp_socket create_stream_socket_perms;
-allow yppasswdd_t self:udp_socket create_socket_perms;
-
-manage_files_pattern(yppasswdd_t, yppasswdd_var_run_t, yppasswdd_var_run_t)
-files_pid_filetrans(yppasswdd_t, yppasswdd_var_run_t, file)
-
-manage_files_pattern(yppasswdd_t, var_yp_t, var_yp_t)
-manage_lnk_files_pattern(yppasswdd_t, var_yp_t, var_yp_t)
-
-kernel_list_proc(yppasswdd_t)
-kernel_read_proc_symlinks(yppasswdd_t)
-kernel_getattr_proc_files(yppasswdd_t)
-kernel_read_kernel_sysctls(yppasswdd_t)
-
-corenet_all_recvfrom_unlabeled(yppasswdd_t)
-corenet_all_recvfrom_netlabel(yppasswdd_t)
-corenet_tcp_sendrecv_generic_if(yppasswdd_t)
-corenet_udp_sendrecv_generic_if(yppasswdd_t)
-corenet_tcp_sendrecv_generic_node(yppasswdd_t)
-corenet_udp_sendrecv_generic_node(yppasswdd_t)
-corenet_tcp_sendrecv_all_ports(yppasswdd_t)
-corenet_udp_sendrecv_all_ports(yppasswdd_t)
-corenet_tcp_bind_generic_node(yppasswdd_t)
-corenet_udp_bind_generic_node(yppasswdd_t)
-corenet_tcp_bind_all_rpc_ports(yppasswdd_t)
-corenet_udp_bind_all_rpc_ports(yppasswdd_t)
-corenet_dontaudit_tcp_bind_all_reserved_ports(yppasswdd_t)
-corenet_dontaudit_udp_bind_all_reserved_ports(yppasswdd_t)
-corenet_sendrecv_generic_server_packets(yppasswdd_t)
-
-dev_read_sysfs(yppasswdd_t)
-
-fs_getattr_all_fs(yppasswdd_t)
-fs_search_auto_mountpoints(yppasswdd_t)
-
-selinux_get_fs_mount(yppasswdd_t)
-
-auth_manage_shadow(yppasswdd_t)
-auth_relabel_shadow(yppasswdd_t)
-auth_etc_filetrans_shadow(yppasswdd_t)
-
-corecmd_exec_bin(yppasswdd_t)
-corecmd_exec_shell(yppasswdd_t)
-
-domain_use_interactive_fds(yppasswdd_t)
-
-files_read_etc_files(yppasswdd_t)
-files_read_etc_runtime_files(yppasswdd_t)
-files_relabel_etc_files(yppasswdd_t)
-
-logging_send_syslog_msg(yppasswdd_t)
-
-miscfiles_read_localization(yppasswdd_t)
-
-sysnet_read_config(yppasswdd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(yppasswdd_t)
-userdom_dontaudit_search_user_home_dirs(yppasswdd_t)
-
-optional_policy(`
-	hostname_exec(yppasswdd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(yppasswdd_t)
-')
-
-optional_policy(`
-	udev_read_db(yppasswdd_t)
-')
-
-########################################
-#
-# ypserv local policy
-#
-
-dontaudit ypserv_t self:capability sys_tty_config;
-allow ypserv_t self:process signal_perms;
-allow ypserv_t self:fifo_file rw_fifo_file_perms;
-allow ypserv_t self:unix_dgram_socket create_socket_perms;
-allow ypserv_t self:unix_stream_socket create_stream_socket_perms;
-allow ypserv_t self:netlink_route_socket r_netlink_socket_perms;
-allow ypserv_t self:tcp_socket connected_stream_socket_perms;
-allow ypserv_t self:udp_socket create_socket_perms;
-
-manage_files_pattern(ypserv_t, var_yp_t, var_yp_t)
-
-allow ypserv_t ypserv_conf_t:file read_file_perms;
-
-manage_dirs_pattern(ypserv_t, ypserv_tmp_t, ypserv_tmp_t)
-manage_files_pattern(ypserv_t, ypserv_tmp_t, ypserv_tmp_t)
-files_tmp_filetrans(ypserv_t, ypserv_tmp_t, { file dir })
-
-manage_files_pattern(ypserv_t, ypserv_var_run_t, ypserv_var_run_t)
-files_pid_filetrans(ypserv_t, ypserv_var_run_t, file)
-
-kernel_read_kernel_sysctls(ypserv_t)
-kernel_list_proc(ypserv_t)
-kernel_read_proc_symlinks(ypserv_t)
-
-corenet_all_recvfrom_unlabeled(ypserv_t)
-corenet_all_recvfrom_netlabel(ypserv_t)
-corenet_tcp_sendrecv_generic_if(ypserv_t)
-corenet_udp_sendrecv_generic_if(ypserv_t)
-corenet_tcp_sendrecv_generic_node(ypserv_t)
-corenet_udp_sendrecv_generic_node(ypserv_t)
-corenet_tcp_sendrecv_all_ports(ypserv_t)
-corenet_udp_sendrecv_all_ports(ypserv_t)
-corenet_tcp_bind_generic_node(ypserv_t)
-corenet_udp_bind_generic_node(ypserv_t)
-corenet_tcp_bind_reserved_port(ypserv_t)
-corenet_udp_bind_reserved_port(ypserv_t)
-corenet_tcp_bind_all_rpc_ports(ypserv_t)
-corenet_udp_bind_all_rpc_ports(ypserv_t)
-corenet_dontaudit_tcp_bind_all_reserved_ports(ypserv_t)
-corenet_dontaudit_udp_bind_all_reserved_ports(ypserv_t)
-corenet_sendrecv_generic_server_packets(ypserv_t)
-
-dev_read_sysfs(ypserv_t)
-
-fs_getattr_all_fs(ypserv_t)
-fs_search_auto_mountpoints(ypserv_t)
-
-corecmd_exec_bin(ypserv_t)
-
-domain_use_interactive_fds(ypserv_t)
-
-files_read_var_files(ypserv_t)
-files_read_etc_files(ypserv_t)
-
-logging_send_syslog_msg(ypserv_t)
-
-miscfiles_read_localization(ypserv_t)
-
-nis_domtrans_ypxfr(ypserv_t)
-
-sysnet_read_config(ypserv_t)
-
-userdom_dontaudit_use_unpriv_user_fds(ypserv_t)
-userdom_dontaudit_search_user_home_dirs(ypserv_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(ypserv_t)
-')
-
-optional_policy(`
-	udev_read_db(ypserv_t)
-')
-
-########################################
-#
-# ypxfr local policy
-#
-
-allow ypxfr_t self:unix_stream_socket create_stream_socket_perms;
-allow ypxfr_t self:unix_dgram_socket create_stream_socket_perms;
-allow ypxfr_t self:tcp_socket create_stream_socket_perms;
-allow ypxfr_t self:udp_socket create_socket_perms;
-allow ypxfr_t self:netlink_route_socket r_netlink_socket_perms;
-
-manage_files_pattern(ypxfr_t, var_yp_t, var_yp_t)
-
-allow ypxfr_t ypserv_t:tcp_socket { read write };
-allow ypxfr_t ypserv_t:udp_socket { read write };
-
-allow ypxfr_t ypserv_conf_t:file read_file_perms;
-
-manage_files_pattern(ypxfr_t, ypxfr_var_run_t, ypxfr_var_run_t)
-files_pid_filetrans(ypxfr_t, ypxfr_var_run_t, file)
-
-corenet_all_recvfrom_unlabeled(ypxfr_t)
-corenet_all_recvfrom_netlabel(ypxfr_t)
-corenet_tcp_sendrecv_generic_if(ypxfr_t)
-corenet_udp_sendrecv_generic_if(ypxfr_t)
-corenet_tcp_sendrecv_generic_node(ypxfr_t)
-corenet_udp_sendrecv_generic_node(ypxfr_t)
-corenet_tcp_sendrecv_all_ports(ypxfr_t)
-corenet_udp_sendrecv_all_ports(ypxfr_t)
-corenet_tcp_bind_generic_node(ypxfr_t)
-corenet_udp_bind_generic_node(ypxfr_t)
-corenet_tcp_bind_reserved_port(ypxfr_t)
-corenet_udp_bind_reserved_port(ypxfr_t)
-corenet_tcp_bind_all_rpc_ports(ypxfr_t)
-corenet_udp_bind_all_rpc_ports(ypxfr_t)
-corenet_dontaudit_tcp_bind_all_reserved_ports(ypxfr_t)
-corenet_dontaudit_udp_bind_all_reserved_ports(ypxfr_t)
-corenet_tcp_connect_all_ports(ypxfr_t)
-corenet_sendrecv_generic_server_packets(ypxfr_t)
-corenet_sendrecv_all_client_packets(ypxfr_t)
-
-files_read_etc_files(ypxfr_t)
-files_search_usr(ypxfr_t)
-
-logging_send_syslog_msg(ypxfr_t)
-
-miscfiles_read_localization(ypxfr_t)
-
-sysnet_read_config(ypxfr_t)
diff --git a/policy/modules/services/nscd.fc b/policy/modules/services/nscd.fc
deleted file mode 100644
index 623b731..0000000
--- a/policy/modules/services/nscd.fc
+++ /dev/null
@@ -1,13 +0,0 @@
-/etc/rc\.d/init\.d/nscd	--	gen_context(system_u:object_r:nscd_initrc_exec_t,s0)
-
-/usr/sbin/nscd		--	gen_context(system_u:object_r:nscd_exec_t,s0)
-
-/var/db/nscd(/.*)?		gen_context(system_u:object_r:nscd_var_run_t,s0)
-/var/cache/nscd(/.*)?		gen_context(system_u:object_r:nscd_var_run_t,s0)
-
-/var/log/nscd\.log.*	--	gen_context(system_u:object_r:nscd_log_t,s0)
-
-/var/run/nscd\.pid	--	gen_context(system_u:object_r:nscd_var_run_t,s0)
-/var/run/\.nscd_socket	-s	gen_context(system_u:object_r:nscd_var_run_t,s0)
-
-/var/run/nscd(/.*)?		gen_context(system_u:object_r:nscd_var_run_t,s0)
diff --git a/policy/modules/services/nscd.if b/policy/modules/services/nscd.if
deleted file mode 100644
index 99cefb8..0000000
--- a/policy/modules/services/nscd.if
+++ /dev/null
@@ -1,313 +0,0 @@
-## <summary>Name service cache daemon</summary>
-
-########################################
-## <summary>
-##	Send generic signals to NSCD.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nscd_signal',`
-	gen_require(`
-		type nscd_t;
-	')
-
-	allow $1 nscd_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send NSCD the kill signal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nscd_kill',`
-	gen_require(`
-		type nscd_t;
-	')
-
-	allow $1 nscd_t:process sigkill;
-')
-
-########################################
-## <summary>
-##	Send signulls to NSCD.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nscd_signull',`
-	gen_require(`
-		type nscd_t;
-	')
-
-	allow $1 nscd_t:process signull;
-')
-
-########################################
-## <summary>
-##	Execute NSCD in the nscd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`nscd_domtrans',`
-	gen_require(`
-		type nscd_t, nscd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, nscd_exec_t, nscd_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to execute nscd
-##	in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nscd_exec',`
-	gen_require(`
-		type nscd_exec_t;
-	')
-
-	can_exec($1, nscd_exec_t)
-')
-
-########################################
-## <summary>
-##	Use NSCD services by connecting using
-##	a unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nscd_socket_use',`
-	gen_require(`
-		type nscd_t, nscd_var_run_t;
-		class nscd { getserv getpwd getgrp gethost shmempwd shmemgrp shmemhost shmemserv };
-	')
-
-	allow $1 self:unix_stream_socket create_socket_perms;
-
-	allow $1 nscd_t:nscd { getpwd getgrp gethost };
-	dontaudit $1 nscd_t:fd use;
-	dontaudit $1 nscd_t:nscd { getserv shmempwd shmemgrp shmemhost shmemserv };
-	files_search_pids($1)
-	stream_connect_pattern($1, nscd_var_run_t, nscd_var_run_t, nscd_t)
-	dontaudit $1 nscd_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Use nscd services
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nscd_use',`
-	tunable_policy(`nscd_use_shm',`
-		nscd_shm_use($1)
-	',`
-		nscd_socket_use($1)
-	')
-')
-
-########################################
-## <summary>
-##	Use NSCD services by mapping the database from
-##	an inherited NSCD file descriptor.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nscd_shm_use',`
-	gen_require(`
-		type nscd_t, nscd_var_run_t;
-		class nscd { getpwd getgrp gethost shmempwd shmemgrp shmemhost };
-	')
-
-	allow $1 nscd_var_run_t:dir list_dir_perms;
-	allow $1 nscd_t:nscd { shmempwd shmemgrp shmemhost };
-
-	# Receive fd from nscd and map the backing file with read access.
-	allow $1 nscd_t:fd use;
-
-	# cjp: these were originally inherited from the
-	# nscd_socket_domain macro. need to investigate
-	# if they are all actually required
-	allow $1 self:unix_stream_socket create_stream_socket_perms;
-
-	# dg: This may not be required.
-	allow $1 nscd_var_run_t:sock_file read_sock_file_perms;
-
-	stream_connect_pattern($1, nscd_var_run_t, nscd_var_run_t, nscd_t)
-	files_search_pids($1)
-	allow $1 nscd_t:nscd { getpwd getgrp gethost };
-	dontaudit $1 nscd_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search the NSCD pid directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`nscd_dontaudit_search_pid',`
-	gen_require(`
-		type nscd_var_run_t;
-	')
-
-	dontaudit $1 nscd_var_run_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read NSCD pid file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nscd_read_pid',`
-	gen_require(`
-		type nscd_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, nscd_var_run_t, nscd_var_run_t)
-')
-
-########################################
-## <summary>
-##	Unconfined access to NSCD services.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nscd_unconfined',`
-	gen_require(`
-		type nscd_t;
-		class nscd all_nscd_perms;
-	')
-
-	allow $1 nscd_t:nscd *;
-')
-
-########################################
-## <summary>
-##	Execute nscd in the nscd domain, and
-##	allow the specified role the nscd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`nscd_run',`
-	gen_require(`
-		type nscd_t;
-	')
-
-	nscd_domtrans($1)
-	role $2 types nscd_t;
-')
-
-########################################
-## <summary>
-##	Execute the nscd server init script.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`nscd_initrc_domtrans',`
-	gen_require(`
-		type nscd_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, nscd_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an nscd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the nscd domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`nscd_admin',`
-	gen_require(`
-		type nscd_t, nscd_log_t, nscd_var_run_t;
-		type nscd_initrc_exec_t;
-	')
-
-	allow $1 nscd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, nscd_t)
-
-	init_labeled_script_domtrans($1, nscd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 nscd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	logging_list_logs($1)
-	admin_pattern($1, nscd_log_t)
-
-	files_list_pids($1)
-	admin_pattern($1, nscd_var_run_t)
-')
diff --git a/policy/modules/services/nscd.te b/policy/modules/services/nscd.te
deleted file mode 100644
index 6b54db7..0000000
--- a/policy/modules/services/nscd.te
+++ /dev/null
@@ -1,156 +0,0 @@
-policy_module(nscd, 1.10.1)
-
-gen_require(`
-	class nscd all_nscd_perms;
-')
-
-## <desc>
-##	<p>
-##	Allow confined applications to use nscd shared memory.
-##	</p>
-## </desc>
-gen_tunable(nscd_use_shm, false)
-
-########################################
-#
-# Declarations
-#
-
-# cjp: this is out of order because of an
-# ordering problem with loadable modules
-type nscd_var_run_t;
-files_pid_file(nscd_var_run_t)
-
-# nscd is both the client program and the daemon.
-type nscd_t;
-type nscd_exec_t;
-init_daemon_domain(nscd_t, nscd_exec_t)
-
-type nscd_initrc_exec_t;
-init_script_file(nscd_initrc_exec_t)
-
-type nscd_log_t;
-logging_log_file(nscd_log_t)
-
-########################################
-#
-# Local policy
-#
-
-allow nscd_t self:capability { kill setgid setuid sys_ptrace };
-dontaudit nscd_t self:capability sys_tty_config;
-allow nscd_t self:process { getattr getcap setcap setsched signal_perms };
-allow nscd_t self:fifo_file read_fifo_file_perms;
-allow nscd_t self:unix_stream_socket create_stream_socket_perms;
-allow nscd_t self:unix_dgram_socket create_socket_perms;
-allow nscd_t self:netlink_selinux_socket create_socket_perms;
-allow nscd_t self:tcp_socket create_socket_perms;
-allow nscd_t self:udp_socket create_socket_perms;
-
-# For client program operation, invoked from sysadm_t.
-# Transition occurs to nscd_t due to direct_sysadm_daemon. 
-allow nscd_t self:nscd { admin getstat };
-
-allow nscd_t nscd_log_t:file manage_file_perms;
-logging_log_filetrans(nscd_t, nscd_log_t, file)
-
-manage_dirs_pattern(nscd_t, nscd_var_run_t, nscd_var_run_t)
-manage_files_pattern(nscd_t, nscd_var_run_t, nscd_var_run_t)
-manage_sock_files_pattern(nscd_t, nscd_var_run_t, nscd_var_run_t)
-files_pid_filetrans(nscd_t, nscd_var_run_t, { file sock_file dir })
-
-corecmd_search_bin(nscd_t)
-can_exec(nscd_t, nscd_exec_t)
-
-kernel_read_kernel_sysctls(nscd_t)
-kernel_list_proc(nscd_t)
-kernel_read_proc_symlinks(nscd_t)
-
-dev_read_sysfs(nscd_t)
-dev_read_rand(nscd_t)
-dev_read_urand(nscd_t)
-
-fs_getattr_all_fs(nscd_t)
-fs_search_auto_mountpoints(nscd_t)
-fs_list_inotifyfs(nscd_t)
-
-# for when /etc/passwd has just been updated and has the wrong type
-auth_getattr_shadow(nscd_t)
-auth_use_nsswitch(nscd_t)
-
-corenet_all_recvfrom_unlabeled(nscd_t)
-corenet_all_recvfrom_netlabel(nscd_t)
-corenet_tcp_sendrecv_generic_if(nscd_t)
-corenet_udp_sendrecv_generic_if(nscd_t)
-corenet_tcp_sendrecv_generic_node(nscd_t)
-corenet_udp_sendrecv_generic_node(nscd_t)
-corenet_tcp_sendrecv_all_ports(nscd_t)
-corenet_udp_sendrecv_all_ports(nscd_t)
-corenet_udp_bind_generic_node(nscd_t)
-corenet_tcp_connect_all_ports(nscd_t)
-corenet_sendrecv_all_client_packets(nscd_t)
-corenet_rw_tun_tap_dev(nscd_t)
-
-selinux_get_fs_mount(nscd_t)
-selinux_validate_context(nscd_t)
-selinux_compute_access_vector(nscd_t)
-selinux_compute_create_context(nscd_t)
-selinux_compute_relabel_context(nscd_t)
-selinux_compute_user_contexts(nscd_t)
-domain_use_interactive_fds(nscd_t)
-domain_search_all_domains_state(nscd_t)
-
-files_read_etc_files(nscd_t)
-files_read_generic_tmp_symlinks(nscd_t)
-# Needed to read files created by firstboot "/etc/hesiod.conf"
-files_read_etc_runtime_files(nscd_t)
-
-logging_send_audit_msgs(nscd_t)
-logging_send_syslog_msg(nscd_t)
-
-miscfiles_read_localization(nscd_t)
-
-seutil_read_config(nscd_t)
-seutil_read_default_contexts(nscd_t)
-seutil_sigchld_newrole(nscd_t)
-
-sysnet_read_config(nscd_t)
-
-userdom_dontaudit_use_user_terminals(nscd_t)
-userdom_dontaudit_use_unpriv_user_fds(nscd_t)
-userdom_dontaudit_search_user_home_dirs(nscd_t)
-
-optional_policy(`
-	accountsd_dontaudit_rw_fifo_file(nscd_t)
-')
-
-optional_policy(`
-	cron_read_system_job_tmp_files(nscd_t)
-')
-
-optional_policy(`
-	kerberos_use(nscd_t)
-')
-
-optional_policy(`
-	udev_read_db(nscd_t)
-')
-
-optional_policy(`
-	xen_dontaudit_rw_unix_stream_sockets(nscd_t)
-	xen_append_log(nscd_t)
-')
-
-optional_policy(`
-	tunable_policy(`samba_domain_controller',`
-		samba_append_log(nscd_t)
-		samba_dontaudit_use_fds(nscd_t)
-	')
-
-	samba_read_config(nscd_t)
-	samba_read_var_files(nscd_t)
-')
-
-optional_policy(`
-	unconfined_dontaudit_rw_packet_sockets(nscd_t)
-')
diff --git a/policy/modules/services/nsd.fc b/policy/modules/services/nsd.fc
deleted file mode 100644
index 53cc800..0000000
--- a/policy/modules/services/nsd.fc
+++ /dev/null
@@ -1,14 +0,0 @@
-
-/etc/nsd(/.*)?			gen_context(system_u:object_r:nsd_conf_t,s0)
-/etc/nsd/nsd\.db	--	gen_context(system_u:object_r:nsd_db_t,s0)
-/etc/nsd/primary(/.*)?		gen_context(system_u:object_r:nsd_zone_t,s0)
-/etc/nsd/secondary(/.*)?	gen_context(system_u:object_r:nsd_zone_t,s0)
-
-/usr/sbin/nsd		--	gen_context(system_u:object_r:nsd_exec_t,s0)
-/usr/sbin/nsdc		--	gen_context(system_u:object_r:nsd_exec_t,s0)
-/usr/sbin/nsd-notify	--	gen_context(system_u:object_r:nsd_exec_t,s0)
-/usr/sbin/zonec		--	gen_context(system_u:object_r:nsd_exec_t,s0)
-
-/var/lib/nsd(/.*)?		gen_context(system_u:object_r:nsd_zone_t,s0)
-/var/lib/nsd/nsd\.db	--	gen_context(system_u:object_r:nsd_db_t,s0)
-/var/run/nsd\.pid	--	gen_context(system_u:object_r:nsd_var_run_t,s0)
diff --git a/policy/modules/services/nsd.if b/policy/modules/services/nsd.if
deleted file mode 100644
index a1371d5..0000000
--- a/policy/modules/services/nsd.if
+++ /dev/null
@@ -1,29 +0,0 @@
-## <summary>Authoritative only name server</summary>
-
-########################################
-## <summary>
-##	Send and receive datagrams from NSD.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsd_udp_chat',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Connect to NSD over a TCP socket  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsd_tcp_connect',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
diff --git a/policy/modules/services/nsd.te b/policy/modules/services/nsd.te
deleted file mode 100644
index 4b15536..0000000
--- a/policy/modules/services/nsd.te
+++ /dev/null
@@ -1,180 +0,0 @@
-policy_module(nsd, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type nsd_t;
-type nsd_exec_t;
-init_daemon_domain(nsd_t, nsd_exec_t)
-
-# A type for configuration files of nsd
-type nsd_conf_t;
-files_type(nsd_conf_t)
-
-type nsd_crond_t;
-domain_type(nsd_crond_t)
-domain_entry_file(nsd_crond_t, nsd_exec_t)
-role system_r types nsd_crond_t;
-
-# a type for nsd.db
-type nsd_db_t;
-files_type(nsd_db_t)
-
-type nsd_var_run_t;
-files_pid_file(nsd_var_run_t)
-
-# A type for zone files
-type nsd_zone_t;
-files_type(nsd_zone_t)
-
-########################################
-#
-# NSD Local policy
-#
-
-allow nsd_t self:capability { dac_override chown setuid setgid };
-dontaudit nsd_t self:capability sys_tty_config;
-allow nsd_t self:process signal_perms;
-allow nsd_t self:tcp_socket create_stream_socket_perms;
-allow nsd_t self:udp_socket create_socket_perms;
-
-allow nsd_t nsd_conf_t:dir list_dir_perms;
-read_files_pattern(nsd_t, nsd_conf_t, nsd_conf_t)
-read_lnk_files_pattern(nsd_t, nsd_conf_t, nsd_conf_t)
-
-allow nsd_t nsd_db_t:file manage_file_perms;
-filetrans_pattern(nsd_t, nsd_zone_t, nsd_db_t, file)
-
-manage_files_pattern(nsd_t, nsd_var_run_t, nsd_var_run_t)
-files_pid_filetrans(nsd_t, nsd_var_run_t, file)
-
-allow nsd_t nsd_zone_t:dir list_dir_perms;
-read_files_pattern(nsd_t, nsd_zone_t, nsd_zone_t)
-read_lnk_files_pattern(nsd_t, nsd_zone_t, nsd_zone_t)
-
-can_exec(nsd_t, nsd_exec_t)
-
-kernel_read_system_state(nsd_t)
-kernel_read_kernel_sysctls(nsd_t)
-
-corecmd_exec_bin(nsd_t)
-
-corenet_all_recvfrom_unlabeled(nsd_t)
-corenet_all_recvfrom_netlabel(nsd_t)
-corenet_tcp_sendrecv_generic_if(nsd_t)
-corenet_udp_sendrecv_generic_if(nsd_t)
-corenet_tcp_sendrecv_generic_node(nsd_t)
-corenet_udp_sendrecv_generic_node(nsd_t)
-corenet_tcp_sendrecv_all_ports(nsd_t)
-corenet_udp_sendrecv_all_ports(nsd_t)
-corenet_tcp_bind_generic_node(nsd_t)
-corenet_udp_bind_generic_node(nsd_t)
-corenet_tcp_bind_dns_port(nsd_t)
-corenet_udp_bind_dns_port(nsd_t)
-corenet_sendrecv_dns_server_packets(nsd_t)
-
-dev_read_sysfs(nsd_t)
-
-domain_use_interactive_fds(nsd_t)
-
-files_read_etc_files(nsd_t)
-files_read_etc_runtime_files(nsd_t)
-
-fs_getattr_all_fs(nsd_t)
-fs_search_auto_mountpoints(nsd_t)
-
-logging_send_syslog_msg(nsd_t)
-
-miscfiles_read_localization(nsd_t)
-
-sysnet_read_config(nsd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(nsd_t)
-userdom_dontaudit_search_user_home_dirs(nsd_t)
-
-optional_policy(`
-	nis_use_ypbind(nsd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(nsd_t)
-')
-
-optional_policy(`
-	udev_read_db(nsd_t)
-')
-
-########################################
-#
-# Zone update cron job local policy
-#
-
-# kill capability for root cron job and non-root daemon
-allow nsd_crond_t self:capability { dac_override kill };
-dontaudit nsd_crond_t self:capability sys_nice;
-allow nsd_crond_t self:process { setsched signal_perms };
-allow nsd_crond_t self:fifo_file rw_fifo_file_perms;
-allow nsd_crond_t self:tcp_socket create_socket_perms;
-allow nsd_crond_t self:udp_socket create_socket_perms;
-
-allow nsd_crond_t nsd_conf_t:file read_file_perms;
-
-allow nsd_crond_t nsd_db_t:file manage_file_perms;
-filetrans_pattern(nsd_crond_t, nsd_zone_t, nsd_db_t, file)
-files_search_var_lib(nsd_crond_t)
-
-allow nsd_crond_t nsd_t:process signal;
-
-ps_process_pattern(nsd_crond_t, nsd_t)
-
-manage_files_pattern(nsd_crond_t, nsd_zone_t, nsd_zone_t)
-filetrans_pattern(nsd_crond_t, nsd_conf_t, nsd_zone_t, file)
-
-can_exec(nsd_crond_t, nsd_exec_t)
-
-kernel_read_system_state(nsd_crond_t)
-
-corecmd_exec_bin(nsd_crond_t)
-corecmd_exec_shell(nsd_crond_t)
-
-corenet_all_recvfrom_unlabeled(nsd_crond_t)
-corenet_all_recvfrom_netlabel(nsd_crond_t)
-corenet_tcp_sendrecv_generic_if(nsd_crond_t)
-corenet_udp_sendrecv_generic_if(nsd_crond_t)
-corenet_tcp_sendrecv_generic_node(nsd_crond_t)
-corenet_udp_sendrecv_generic_node(nsd_crond_t)
-corenet_tcp_sendrecv_all_ports(nsd_crond_t)
-corenet_udp_sendrecv_all_ports(nsd_crond_t)
-corenet_tcp_connect_all_ports(nsd_crond_t)
-corenet_sendrecv_all_client_packets(nsd_crond_t)
-
-# for SSP
-dev_read_urand(nsd_crond_t)
-
-domain_dontaudit_read_all_domains_state(nsd_crond_t)
-
-files_read_etc_files(nsd_crond_t)
-files_read_etc_runtime_files(nsd_crond_t)
-files_search_var_lib(nsd_t)
-
-logging_send_syslog_msg(nsd_crond_t)
-
-miscfiles_read_localization(nsd_crond_t)
-
-sysnet_read_config(nsd_crond_t)
-
-userdom_dontaudit_search_user_home_dirs(nsd_crond_t)
-
-optional_policy(`
-	cron_system_entry(nsd_crond_t, nsd_exec_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(nsd_crond_t)
-')
-
-optional_policy(`
-	nscd_read_pid(nsd_crond_t)
-')
diff --git a/policy/modules/services/nslcd.fc b/policy/modules/services/nslcd.fc
deleted file mode 100644
index ce913b2..0000000
--- a/policy/modules/services/nslcd.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-/etc/nss-ldapd.conf	--	gen_context(system_u:object_r:nslcd_conf_t,s0)
-/etc/rc\.d/init\.d/nslcd --	gen_context(system_u:object_r:nslcd_initrc_exec_t,s0)
-/usr/sbin/nslcd		--	gen_context(system_u:object_r:nslcd_exec_t,s0)
-/var/run/nslcd(/.*)?		gen_context(system_u:object_r:nslcd_var_run_t,s0)
diff --git a/policy/modules/services/nslcd.if b/policy/modules/services/nslcd.if
deleted file mode 100644
index be5a5b4..0000000
--- a/policy/modules/services/nslcd.if
+++ /dev/null
@@ -1,114 +0,0 @@
-## <summary>nslcd - local LDAP name service daemon.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run nslcd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`nslcd_domtrans',`
-	gen_require(`
-		type nslcd_t, nslcd_exec_t;
-	')
-
-	domtrans_pattern($1, nslcd_exec_t, nslcd_t)
-')
-
-########################################
-## <summary>
-##	Execute nslcd server in the nslcd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`nslcd_initrc_domtrans',`
-	gen_require(`
-		type nslcd_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, nslcd_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Read nslcd PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nslcd_read_pid_files',`
-	gen_require(`
-		type nslcd_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 nslcd_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Connect to nslcd over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nslcd_stream_connect',`
-	gen_require(`
-		type nslcd_t, nslcd_var_run_t;
-	')
-
-	stream_connect_pattern($1, nslcd_var_run_t, nslcd_var_run_t, nslcd_t)
-	files_search_pids($1)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an nslcd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`nslcd_admin',`
-	gen_require(`
-		type nslcd_t, nslcd_initrc_exec_t, nslcd_var_run_t;
-		type nslcd_conf_t;
-	')
-
-	ps_process_pattern($1, nslcd_t)
-	allow $1 nslcd_t:process { ptrace signal_perms };
-
-	# Allow nslcd_t to restart the apache service
-	nslcd_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 nslcd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, nslcd_conf_t)
-
-	files_list_pids($1)
-	admin_pattern($1, nslcd_var_run_t, nslcd_var_run_t)
-')
diff --git a/policy/modules/services/nslcd.te b/policy/modules/services/nslcd.te
deleted file mode 100644
index 34eee5f..0000000
--- a/policy/modules/services/nslcd.te
+++ /dev/null
@@ -1,45 +0,0 @@
-policy_module(nslcd, 1.1.1)
-
-########################################
-#
-# Declarations
-#
-
-type nslcd_t;
-type nslcd_exec_t;
-init_daemon_domain(nslcd_t, nslcd_exec_t)
-
-type nslcd_initrc_exec_t;
-init_script_file(nslcd_initrc_exec_t)
-
-type nslcd_var_run_t;
-files_pid_file(nslcd_var_run_t)
-
-type nslcd_conf_t;
-files_type(nslcd_conf_t)
-
-########################################
-#
-# nslcd local policy
-#
-
-allow nslcd_t self:capability { setgid setuid dac_override };
-allow nslcd_t self:process signal;
-allow nslcd_t self:unix_stream_socket create_stream_socket_perms;
-
-allow nslcd_t nslcd_conf_t:file read_file_perms;
-
-manage_dirs_pattern(nslcd_t, nslcd_var_run_t, nslcd_var_run_t)
-manage_files_pattern(nslcd_t, nslcd_var_run_t, nslcd_var_run_t)
-manage_sock_files_pattern(nslcd_t, nslcd_var_run_t, nslcd_var_run_t)
-files_pid_filetrans(nslcd_t, nslcd_var_run_t, { file dir })
-
-kernel_read_system_state(nslcd_t)
-
-files_read_etc_files(nslcd_t)
-
-auth_use_nsswitch(nslcd_t)
-
-logging_send_syslog_msg(nslcd_t)
-
-miscfiles_read_localization(nslcd_t)
diff --git a/policy/modules/services/ntop.fc b/policy/modules/services/ntop.fc
deleted file mode 100644
index 1838432..0000000
--- a/policy/modules/services/ntop.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-/etc/ntop(/.*)?			gen_context(system_u:object_r:ntop_etc_t,s0)
-
-/usr/bin/ntop		--	gen_context(system_u:object_r:ntop_exec_t,s0)
-
-/var/lib/ntop(/.*)?		gen_context(system_u:object_r:ntop_var_lib_t,s0)
-/var/run/ntop\.pid	--	gen_context(system_u:object_r:ntop_var_run_t,s0)
diff --git a/policy/modules/services/ntop.if b/policy/modules/services/ntop.if
deleted file mode 100644
index 4bf0a14..0000000
--- a/policy/modules/services/ntop.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>Network Top</summary>
diff --git a/policy/modules/services/ntop.te b/policy/modules/services/ntop.te
deleted file mode 100644
index 9d1e60a..0000000
--- a/policy/modules/services/ntop.te
+++ /dev/null
@@ -1,114 +0,0 @@
-policy_module(ntop, 1.9.0)
-
-########################################
-#
-# Declarations
-#
-
-type ntop_t;
-type ntop_exec_t;
-init_daemon_domain(ntop_t, ntop_exec_t)
-application_domain(ntop_t, ntop_exec_t)
-
-type ntop_initrc_exec_t;
-init_script_file(ntop_initrc_exec_t)
-
-type ntop_etc_t;
-files_config_file(ntop_etc_t)
-
-type ntop_tmp_t;
-files_tmp_file(ntop_tmp_t)
-
-type ntop_var_lib_t;
-files_type(ntop_var_lib_t)
-
-type ntop_var_run_t;
-files_pid_file(ntop_var_run_t)
-
-########################################
-#
-# Local Policy
-#
-
-allow ntop_t self:capability { net_raw setgid setuid sys_admin net_admin };
-dontaudit ntop_t self:capability sys_tty_config;
-allow ntop_t self:process signal_perms;
-allow ntop_t self:fifo_file rw_fifo_file_perms;
-allow ntop_t self:tcp_socket create_stream_socket_perms;
-allow ntop_t self:udp_socket create_socket_perms;
-allow ntop_t self:unix_dgram_socket create_socket_perms;
-allow ntop_t self:unix_stream_socket create_stream_socket_perms;
-allow ntop_t self:packet_socket create_socket_perms;
-allow ntop_t self:socket create_socket_perms;
-
-allow ntop_t ntop_etc_t:dir list_dir_perms;
-read_files_pattern(ntop_t, ntop_etc_t, ntop_etc_t)
-read_lnk_files_pattern(ntop_t, ntop_etc_t, ntop_etc_t)
-
-manage_dirs_pattern(ntop_t, ntop_tmp_t, ntop_tmp_t)
-manage_files_pattern(ntop_t, ntop_tmp_t, ntop_tmp_t)
-files_tmp_filetrans(ntop_t, ntop_tmp_t, { file dir })
-
-manage_dirs_pattern(ntop_t, ntop_var_lib_t, ntop_var_lib_t)
-manage_files_pattern(ntop_t, ntop_var_lib_t, ntop_var_lib_t)
-files_var_lib_filetrans(ntop_t, ntop_var_lib_t, { file dir })
-
-manage_files_pattern(ntop_t, ntop_var_run_t, ntop_var_run_t)
-files_pid_filetrans(ntop_t, ntop_var_run_t, file)
-
-kernel_request_load_module(ntop_t)
-kernel_read_system_state(ntop_t)
-kernel_read_network_state(ntop_t)
-kernel_read_kernel_sysctls(ntop_t)
-kernel_list_proc(ntop_t)
-kernel_read_proc_symlinks(ntop_t)
-
-corenet_all_recvfrom_unlabeled(ntop_t)
-corenet_all_recvfrom_netlabel(ntop_t)
-corenet_tcp_sendrecv_generic_if(ntop_t)
-corenet_udp_sendrecv_generic_if(ntop_t)
-corenet_raw_sendrecv_generic_if(ntop_t)
-corenet_tcp_sendrecv_generic_node(ntop_t)
-corenet_udp_sendrecv_generic_node(ntop_t)
-corenet_raw_sendrecv_generic_node(ntop_t)
-corenet_tcp_sendrecv_all_ports(ntop_t)
-corenet_udp_sendrecv_all_ports(ntop_t)
-corenet_tcp_bind_ntop_port(ntop_t)
-corenet_tcp_connect_ntop_port(ntop_t)
-corenet_tcp_connect_http_port(ntop_t)
-corenet_sendrecv_http_client_packets(ntop_t)
-corenet_sendrecv_ntop_client_packets(ntop_t)
-corenet_sendrecv_ntop_server_packets(ntop_t)
-
-dev_read_sysfs(ntop_t)
-dev_rw_generic_usb_dev(ntop_t)
-
-domain_use_interactive_fds(ntop_t)
-
-files_read_etc_files(ntop_t)
-files_read_usr_files(ntop_t)
-
-fs_getattr_all_fs(ntop_t)
-fs_search_auto_mountpoints(ntop_t)
-
-auth_use_nsswitch(ntop_t)
-
-logging_send_syslog_msg(ntop_t)
-
-miscfiles_read_localization(ntop_t)
-miscfiles_read_fonts(ntop_t)
-
-userdom_dontaudit_use_unpriv_user_fds(ntop_t)
-userdom_dontaudit_search_user_home_dirs(ntop_t)
-
-optional_policy(`
-	apache_read_sys_content(ntop_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(ntop_t)
-')
-
-optional_policy(`
-	udev_read_db(ntop_t)
-')
diff --git a/policy/modules/services/ntp.fc b/policy/modules/services/ntp.fc
deleted file mode 100644
index e79dccc..0000000
--- a/policy/modules/services/ntp.fc
+++ /dev/null
@@ -1,22 +0,0 @@
-
-/etc/cron\.(daily|weekly)/ntp-simple -- gen_context(system_u:object_r:ntpd_exec_t,s0)
-/etc/cron\.(daily|weekly)/ntp-server -- gen_context(system_u:object_r:ntpd_exec_t,s0)
-
-/etc/ntpd?\.conf.*		--	gen_context(system_u:object_r:net_conf_t,s0)
-/etc/ntp/crypto(/.*)?			gen_context(system_u:object_r:ntpd_key_t,s0)
-/etc/ntp/data(/.*)?			gen_context(system_u:object_r:ntp_drift_t,s0)
-/etc/ntp/keys			--	gen_context(system_u:object_r:ntpd_key_t,s0)
-/etc/ntp/step-tickers.*		--	gen_context(system_u:object_r:net_conf_t,s0)
-
-/etc/rc\.d/init\.d/ntpd		--	gen_context(system_u:object_r:ntpd_initrc_exec_t,s0)
-
-/usr/sbin/ntpd			--	gen_context(system_u:object_r:ntpd_exec_t,s0)
-/usr/sbin/ntpdate		--	gen_context(system_u:object_r:ntpdate_exec_t,s0)
-
-/var/lib/ntp(/.*)?			gen_context(system_u:object_r:ntp_drift_t,s0)
-
-/var/log/ntp.*			--	gen_context(system_u:object_r:ntpd_log_t,s0)
-/var/log/ntpstats(/.*)?			gen_context(system_u:object_r:ntpd_log_t,s0)
-/var/log/xntpd.*		--	gen_context(system_u:object_r:ntpd_log_t,s0)
-
-/var/run/ntpd\.pid		--	gen_context(system_u:object_r:ntpd_var_run_t,s0)
diff --git a/policy/modules/services/ntp.if b/policy/modules/services/ntp.if
deleted file mode 100644
index 694b002..0000000
--- a/policy/modules/services/ntp.if
+++ /dev/null
@@ -1,164 +0,0 @@
-## <summary>Network time protocol daemon</summary>
-
-########################################
-## <summary>
-##	NTP stub interface.  No access allowed.
-## </summary>
-## <param name="domain" unused="true">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ntp_stub',`
-	gen_require(`
-		type ntpd_t;
-	')
-')
-
-########################################
-## <summary>
-##	Execute ntp server in the ntpd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ntp_domtrans',`
-	gen_require(`
-		type ntpd_t, ntpd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, ntpd_exec_t, ntpd_t)
-')
-
-########################################
-## <summary>
-##	Execute ntp in the ntp domain, and
-##	allow the specified role the ntp domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ntp_run',`
-	gen_require(`
-		type ntpd_t;
-	')
-
-	ntp_domtrans($1)
-	role $2 types ntpd_t;
-')
-
-########################################
-## <summary>
-##	Execute ntp server in the ntpd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ntp_domtrans_ntpdate',`
-	gen_require(`
-		type ntpd_t, ntpdate_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, ntpdate_exec_t, ntpd_t)
-')
-
-########################################
-## <summary>
-##	Execute ntp server in the ntpd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ntp_initrc_domtrans',`
-	gen_require(`
-		type ntpd_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, ntpd_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Read and write ntpd shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ntp_rw_shm',`
-	gen_require(`
-		type ntpd_t, ntpd_tmpfs_t;
-	')
-
-	allow $1 ntpd_t:shm rw_shm_perms;
-	list_dirs_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
-	rw_files_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
-	read_lnk_files_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
-	fs_search_tmpfs($1)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an ntp environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the ntp domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ntp_admin',`
-	gen_require(`
-		type ntpd_t, ntpd_tmp_t, ntpd_log_t;
-		type ntpd_key_t, ntpd_var_run_t, ntpd_initrc_exec_t;
-	')
-
-	allow $1 ntpd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, ntpd_t)
-
-	init_labeled_script_domtrans($1, ntpd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 ntpd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	admin_pattern($1, ntpd_key_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, ntpd_log_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, ntpd_tmp_t)
-
-	files_list_pids($1)
-	admin_pattern($1, ntpd_var_run_t)
-')
diff --git a/policy/modules/services/ntp.te b/policy/modules/services/ntp.te
deleted file mode 100644
index b5b5992..0000000
--- a/policy/modules/services/ntp.te
+++ /dev/null
@@ -1,159 +0,0 @@
-policy_module(ntp, 1.10.0)
-
-########################################
-#
-# Declarations
-#
-
-type ntp_drift_t;
-files_type(ntp_drift_t)
-
-type ntpd_t;
-type ntpd_exec_t;
-init_daemon_domain(ntpd_t, ntpd_exec_t)
-
-type ntpd_initrc_exec_t;
-init_script_file(ntpd_initrc_exec_t)
-
-type ntpd_key_t;
-files_type(ntpd_key_t)
-
-type ntpd_log_t;
-logging_log_file(ntpd_log_t)
-
-type ntpd_tmp_t;
-files_tmp_file(ntpd_tmp_t)
-
-type ntpd_tmpfs_t;
-files_tmpfs_file(ntpd_tmpfs_t)
-
-type ntpd_var_run_t;
-files_pid_file(ntpd_var_run_t)
-
-type ntpdate_exec_t;
-init_system_domain(ntpd_t, ntpdate_exec_t)
-
-########################################
-#
-# Local policy
-#
-
-# sys_resource and setrlimit is for locking memory
-# ntpdate wants sys_nice
-allow ntpd_t self:capability { chown dac_override kill setgid setuid sys_time ipc_lock ipc_owner sys_chroot sys_nice sys_resource };
-dontaudit ntpd_t self:capability { net_admin sys_tty_config fsetid sys_nice };
-allow ntpd_t self:process { signal_perms getcap setcap setsched setrlimit };
-allow ntpd_t self:fifo_file rw_fifo_file_perms;
-allow ntpd_t self:shm create_shm_perms;
-allow ntpd_t self:unix_dgram_socket create_socket_perms;
-allow ntpd_t self:unix_stream_socket create_socket_perms;
-allow ntpd_t self:tcp_socket create_stream_socket_perms;
-allow ntpd_t self:udp_socket create_socket_perms;
-
-manage_files_pattern(ntpd_t, ntp_drift_t, ntp_drift_t)
-
-can_exec(ntpd_t, ntpd_exec_t)
-
-read_files_pattern(ntpd_t, ntpd_key_t, ntpd_key_t)
-read_lnk_files_pattern(ntpd_t, ntpd_key_t, ntpd_key_t)
-
-allow ntpd_t ntpd_log_t:dir setattr;
-manage_files_pattern(ntpd_t, ntpd_log_t, ntpd_log_t)
-logging_log_filetrans(ntpd_t, ntpd_log_t, { file dir })
-
-# for some reason it creates a file in /tmp
-manage_dirs_pattern(ntpd_t, ntpd_tmp_t, ntpd_tmp_t)
-manage_files_pattern(ntpd_t, ntpd_tmp_t, ntpd_tmp_t)
-files_tmp_filetrans(ntpd_t, ntpd_tmp_t, { file dir })
-
-manage_dirs_pattern(ntpd_t, ntpd_tmpfs_t, ntpd_tmpfs_t)
-manage_files_pattern(ntpd_t, ntpd_tmpfs_t, ntpd_tmpfs_t)
-fs_tmpfs_filetrans(ntpd_t, ntpd_tmpfs_t, { dir file })
-
-manage_files_pattern(ntpd_t, ntpd_var_run_t, ntpd_var_run_t)
-files_pid_filetrans(ntpd_t, ntpd_var_run_t, file)
-
-kernel_read_kernel_sysctls(ntpd_t)
-kernel_read_system_state(ntpd_t)
-kernel_read_network_state(ntpd_t)
-kernel_request_load_module(ntpd_t)
-
-corenet_all_recvfrom_unlabeled(ntpd_t)
-corenet_all_recvfrom_netlabel(ntpd_t)
-corenet_tcp_sendrecv_generic_if(ntpd_t)
-corenet_udp_sendrecv_generic_if(ntpd_t)
-corenet_tcp_sendrecv_generic_node(ntpd_t)
-corenet_udp_sendrecv_generic_node(ntpd_t)
-corenet_tcp_sendrecv_all_ports(ntpd_t)
-corenet_udp_sendrecv_all_ports(ntpd_t)
-corenet_tcp_bind_generic_node(ntpd_t)
-corenet_udp_bind_generic_node(ntpd_t)
-corenet_udp_bind_ntp_port(ntpd_t)
-corenet_tcp_connect_ntp_port(ntpd_t)
-corenet_sendrecv_ntp_server_packets(ntpd_t)
-corenet_sendrecv_ntp_client_packets(ntpd_t)
-
-dev_read_sysfs(ntpd_t)
-# for SSP
-dev_read_urand(ntpd_t)
-dev_rw_realtime_clock(ntpd_t)
-
-fs_getattr_all_fs(ntpd_t)
-fs_search_auto_mountpoints(ntpd_t)
-# Necessary to communicate with gpsd devices
-fs_rw_tmpfs_files(ntpd_t)
-
-term_use_ptmx(ntpd_t)
-
-auth_use_nsswitch(ntpd_t)
-
-corecmd_exec_bin(ntpd_t)
-corecmd_exec_shell(ntpd_t)
-
-domain_use_interactive_fds(ntpd_t)
-domain_dontaudit_list_all_domains_state(ntpd_t)
-
-files_read_etc_files(ntpd_t)
-files_read_etc_runtime_files(ntpd_t)
-files_read_usr_files(ntpd_t)
-files_list_var_lib(ntpd_t)
-
-init_exec_script_files(ntpd_t)
-
-logging_send_syslog_msg(ntpd_t)
-
-miscfiles_read_localization(ntpd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(ntpd_t)
-userdom_list_user_home_dirs(ntpd_t)
-
-optional_policy(`
-	# for cron jobs
-	cron_system_entry(ntpd_t, ntpdate_exec_t)
-')
-
-optional_policy(`
-	gpsd_rw_shm(ntpd_t)
-')
-
-optional_policy(`
-	firstboot_dontaudit_use_fds(ntpd_t)
-	firstboot_dontaudit_rw_pipes(ntpd_t)
-	firstboot_dontaudit_rw_stream_sockets(ntpd_t)
-')
-
-optional_policy(`
-	hal_dontaudit_write_log(ntpd_t)
-')
-
-optional_policy(`
-	logrotate_exec(ntpd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(ntpd_t)
-')
-
-optional_policy(`
-	udev_read_db(ntpd_t)
-')
diff --git a/policy/modules/services/nut.fc b/policy/modules/services/nut.fc
deleted file mode 100644
index 0a929ef..0000000
--- a/policy/modules/services/nut.fc
+++ /dev/null
@@ -1,12 +0,0 @@
-/etc/ups(/.*)?		gen_context(system_u:object_r:nut_conf_t,s0)
-
-/sbin/upsdrvctl	--	gen_context(system_u:object_r:nut_upsdrvctl_exec_t,s0)
-
-/usr/sbin/upsd	--	gen_context(system_u:object_r:nut_upsd_exec_t,s0)
-/usr/sbin/upsmon --	gen_context(system_u:object_r:nut_upsmon_exec_t,s0)
-
-/var/run/nut(/.*)?	gen_context(system_u:object_r:nut_var_run_t,s0)
-
-/var/www/nut-cgi-bin/upsimage\.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
-/var/www/nut-cgi-bin/upsset\.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
-/var/www/nut-cgi-bin/upsstats\.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
diff --git a/policy/modules/services/nut.if b/policy/modules/services/nut.if
deleted file mode 100644
index 56660c5..0000000
--- a/policy/modules/services/nut.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>nut - Network UPS Tools </summary>
diff --git a/policy/modules/services/nut.te b/policy/modules/services/nut.te
deleted file mode 100644
index b40e1e7..0000000
--- a/policy/modules/services/nut.te
+++ /dev/null
@@ -1,171 +0,0 @@
-policy_module(nut, 1.1.1)
-
-########################################
-#
-# Declarations
-#
-
-type nut_conf_t;
-files_config_file(nut_conf_t)
-
-type nut_upsd_t;
-type nut_upsd_exec_t;
-init_daemon_domain(nut_upsd_t, nut_upsd_exec_t)
-
-type nut_upsmon_t;
-type nut_upsmon_exec_t;
-init_daemon_domain(nut_upsmon_t, nut_upsmon_exec_t)
-
-type nut_upsdrvctl_t;
-type nut_upsdrvctl_exec_t;
-init_daemon_domain(nut_upsdrvctl_t, nut_upsdrvctl_exec_t)
-
-type nut_var_run_t;
-files_pid_file(nut_var_run_t)
-
-########################################
-#
-# Local policy for upsd
-#
-
-allow nut_upsd_t self:capability { setgid setuid dac_override };
-
-allow nut_upsd_t self:unix_dgram_socket { create_socket_perms sendto };
-allow nut_upsd_t self:tcp_socket connected_stream_socket_perms;
-
-allow nut_upsd_t nut_upsdrvctl_t:unix_stream_socket connectto;
-
-read_files_pattern(nut_upsd_t, nut_conf_t, nut_conf_t)
-
-# pid file
-manage_files_pattern(nut_upsd_t, nut_var_run_t, nut_var_run_t)
-manage_dirs_pattern(nut_upsd_t, nut_var_run_t, nut_var_run_t)
-manage_sock_files_pattern(nut_upsd_t, nut_var_run_t, nut_var_run_t)
-files_pid_filetrans(nut_upsd_t, nut_var_run_t, { dir file sock_file })
-
-kernel_read_kernel_sysctls(nut_upsd_t)
-
-corenet_tcp_bind_ups_port(nut_upsd_t)
-corenet_tcp_bind_generic_port(nut_upsd_t)
-corenet_tcp_bind_all_nodes(nut_upsd_t)
-
-files_read_usr_files(nut_upsd_t)
-
-auth_use_nsswitch(nut_upsd_t)
-
-logging_send_syslog_msg(nut_upsd_t)
-
-miscfiles_read_localization(nut_upsd_t)
-
-########################################
-#
-# Local policy for upsmon
-#
-
-allow nut_upsmon_t self:capability { dac_override dac_read_search setgid setuid };
-allow nut_upsmon_t self:fifo_file rw_fifo_file_perms;
-allow nut_upsmon_t self:unix_dgram_socket { create_socket_perms sendto };
-allow nut_upsmon_t self:unix_stream_socket { create_socket_perms connectto };
-allow nut_upsmon_t self:tcp_socket create_socket_perms;
-
-read_files_pattern(nut_upsmon_t, nut_conf_t, nut_conf_t)
-
-# pid file
-manage_files_pattern(nut_upsmon_t, nut_var_run_t, nut_var_run_t)
-manage_dirs_pattern(nut_upsmon_t, nut_var_run_t, nut_var_run_t)
-files_pid_filetrans(nut_upsmon_t, nut_var_run_t, file)
-
-kernel_read_kernel_sysctls(nut_upsmon_t)
-kernel_read_system_state(nut_upsmon_t)
-
-corecmd_exec_bin(nut_upsmon_t)
-corecmd_exec_shell(nut_upsmon_t)
-
-corenet_tcp_connect_ups_port(nut_upsmon_t)
-corenet_tcp_connect_generic_port(nut_upsmon_t)
-
-# Creates /etc/killpower
-files_manage_etc_runtime_files(nut_upsmon_t)
-files_etc_filetrans_etc_runtime(nut_upsmon_t, file)
-files_search_usr(nut_upsmon_t)
-
-# /usr/bin/wall
-term_write_all_terms(nut_upsmon_t)
-
-# upsmon runs shutdown, probably need a shutdown domain
-init_rw_utmp(nut_upsmon_t)
-init_telinit(nut_upsmon_t)
-
-logging_send_syslog_msg(nut_upsmon_t)
-
-auth_use_nsswitch(nut_upsmon_t)
-
-miscfiles_read_localization(nut_upsmon_t)
-
-mta_send_mail(nut_upsmon_t)
-
-optional_policy(`
-	shutdown_domtrans(nut_upsmon_t)
-')
-
-########################################
-#
-# Local policy for upsdrvctl
-#
-
-allow nut_upsdrvctl_t self:capability { dac_override kill setgid setuid };
-allow nut_upsdrvctl_t self:process { sigchld signal signull };
-allow nut_upsdrvctl_t self:fd use;
-allow nut_upsdrvctl_t self:fifo_file rw_fifo_file_perms;
-allow nut_upsdrvctl_t self:unix_dgram_socket { create_socket_perms sendto };
-allow nut_upsdrvctl_t self:udp_socket create_socket_perms;
-
-read_files_pattern(nut_upsdrvctl_t, nut_conf_t, nut_conf_t)
-
-# pid file
-manage_files_pattern(nut_upsdrvctl_t, nut_var_run_t, nut_var_run_t)
-manage_dirs_pattern(nut_upsdrvctl_t, nut_var_run_t, nut_var_run_t)
-manage_sock_files_pattern(nut_upsdrvctl_t, nut_var_run_t, nut_var_run_t)
-files_pid_filetrans(nut_upsdrvctl_t, nut_var_run_t, { file sock_file })
-
-kernel_read_kernel_sysctls(nut_upsdrvctl_t)
-
-# /sbin/upsdrvctl executes other drivers
-corecmd_exec_bin(nut_upsdrvctl_t)
-
-dev_read_urand(nut_upsdrvctl_t)
-dev_rw_generic_usb_dev(nut_upsdrvctl_t)
-
-term_use_unallocated_ttys(nut_upsdrvctl_t)
-
-auth_use_nsswitch(nut_upsdrvctl_t)
-
-init_sigchld(nut_upsdrvctl_t)
-
-logging_send_syslog_msg(nut_upsdrvctl_t)
-
-miscfiles_read_localization(nut_upsdrvctl_t)
-
-#######################################
-#
-# Local policy for upscgi scripts
-# requires httpd_enable_cgi and httpd_can_network_connect
-#
-
-optional_policy(`
-	apache_content_template(nutups_cgi)
-
-	read_files_pattern(httpd_nutups_cgi_script_t, nut_conf_t, nut_conf_t)
-
-	corenet_all_recvfrom_unlabeled(httpd_nutups_cgi_script_t)
-	corenet_all_recvfrom_netlabel(httpd_nutups_cgi_script_t)
-	corenet_tcp_sendrecv_generic_if(httpd_nutups_cgi_script_t)
-	corenet_tcp_sendrecv_generic_node(httpd_nutups_cgi_script_t)
-	corenet_tcp_sendrecv_all_ports(httpd_nutups_cgi_script_t)
-	corenet_tcp_connect_ups_port(httpd_nutups_cgi_script_t)
-	corenet_udp_sendrecv_generic_if(httpd_nutups_cgi_script_t)
-	corenet_udp_sendrecv_generic_node(httpd_nutups_cgi_script_t)
-	corenet_udp_sendrecv_all_ports(httpd_nutups_cgi_script_t)
-
-	sysnet_dns_name_resolve(httpd_nutups_cgi_script_t)
-')
diff --git a/policy/modules/services/nx.fc b/policy/modules/services/nx.fc
deleted file mode 100644
index c4d2dca..0000000
--- a/policy/modules/services/nx.fc
+++ /dev/null
@@ -1,12 +0,0 @@
-/opt/NX/bin/nxserver		--	gen_context(system_u:object_r:nx_server_exec_t,s0)
-/opt/NX/home(/.*)?			gen_context(system_u:object_r:nx_server_var_lib_t,s0)
-/opt/NX/home/nx/\.ssh(/.*)?		gen_context(system_u:object_r:nx_server_home_ssh_t,s0)
-/opt/NX/var(/.*)?			gen_context(system_u:object_r:nx_server_var_run_t,s0)
-
-/usr/libexec/nx/nxserver	--	gen_context(system_u:object_r:nx_server_exec_t,s0)
-/usr/NX/bin/nxserver		--	gen_context(system_u:object_r:nx_server_exec_t,s0)
-/usr/NX/home(/.*)?			gen_context(system_u:object_r:nx_server_var_lib_t,s0)
-/usr/NX/home/nx/\.ssh(/.*)?		gen_context(system_u:object_r:nx_server_home_ssh_t,s0)
-
-/var/lib/nxserver(/.*)?			gen_context(system_u:object_r:nx_server_var_lib_t,s0)
-/var/lib/nxserver/home/.ssh(/.*)?	gen_context(system_u:object_r:nx_server_home_ssh_t,s0)
diff --git a/policy/modules/services/nx.if b/policy/modules/services/nx.if
deleted file mode 100644
index cbb2bce..0000000
--- a/policy/modules/services/nx.if
+++ /dev/null
@@ -1,89 +0,0 @@
-## <summary>NX remote desktop</summary>
-
-########################################
-## <summary>
-##	Transition to NX server.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`nx_spec_domtrans_server',`
-	gen_require(`
-		type nx_server_t, nx_server_exec_t;
-	')
-
-	spec_domtrans_pattern($1, nx_server_exec_t, nx_server_t)
-')
-
-########################################
-## <summary>
-##	Read nx home directory content
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nx_read_home_files',`
-	gen_require(`
-		type nx_server_home_ssh_t, nx_server_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 nx_server_var_lib_t:dir search_dir_perms;
-	read_files_pattern($1, nx_server_home_ssh_t, nx_server_home_ssh_t)
-	read_lnk_files_pattern($1, nx_server_home_ssh_t, nx_server_home_ssh_t)
-')
-
-########################################
-## <summary>
-##	Read nx /var/lib content
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nx_search_var_lib',`
-	gen_require(`
-		type nx_server_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 nx_server_var_lib_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create an object in the root directory, with a private
-##	type using a type transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private type">
-##	<summary>
-##	The type of the object to be created.
-##	</summary>
-## </param>
-## <param name="object">
-##	<summary>
-##	The object class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`nx_var_lib_filetrans',`
-	gen_require(`
-		type nx_server_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	filetrans_pattern($1, nx_server_var_lib_t, $2, $3)
-')
diff --git a/policy/modules/services/nx.te b/policy/modules/services/nx.te
deleted file mode 100644
index 1c72c6e..0000000
--- a/policy/modules/services/nx.te
+++ /dev/null
@@ -1,103 +0,0 @@
-policy_module(nx, 1.5.0)
-
-########################################
-#
-# Declarations
-#
-
-type nx_server_t;
-type nx_server_exec_t;
-domain_type(nx_server_t)
-domain_entry_file(nx_server_t, nx_server_exec_t)
-domain_user_exemption_target(nx_server_t)
-# we need an extra role because nxserver is called from sshd
-# cjp: do we really need this?
-role nx_server_r types nx_server_t;
-allow system_r nx_server_r;
-
-type nx_server_devpts_t;
-term_user_pty(nx_server_t, nx_server_devpts_t)
-
-type nx_server_tmp_t;
-files_tmp_file(nx_server_tmp_t)
-
-type nx_server_var_lib_t;
-files_type(nx_server_var_lib_t)
-
-type nx_server_var_run_t;
-files_pid_file(nx_server_var_run_t)
-
-type nx_server_home_ssh_t;
-files_type(nx_server_home_ssh_t)
-
-########################################
-#
-# NX server local policy
-#
-
-allow nx_server_t self:fifo_file rw_fifo_file_perms;
-allow nx_server_t self:tcp_socket create_socket_perms;
-allow nx_server_t self:udp_socket create_socket_perms;
-
-allow nx_server_t nx_server_devpts_t:chr_file { rw_chr_file_perms setattr_chr_file_perms };
-term_create_pty(nx_server_t, nx_server_devpts_t)
-
-manage_dirs_pattern(nx_server_t, nx_server_tmp_t, nx_server_tmp_t)
-manage_files_pattern(nx_server_t, nx_server_tmp_t, nx_server_tmp_t)
-files_tmp_filetrans(nx_server_t, nx_server_tmp_t, { file dir })
-
-manage_files_pattern(nx_server_t, nx_server_var_lib_t, nx_server_var_lib_t)
-manage_dirs_pattern(nx_server_t, nx_server_var_lib_t, nx_server_var_lib_t)
-files_var_lib_filetrans(nx_server_t, nx_server_var_lib_t, { file dir })
-
-manage_files_pattern(nx_server_t, nx_server_var_run_t, nx_server_var_run_t)
-files_pid_filetrans(nx_server_t, nx_server_var_run_t, file)
-
-manage_dirs_pattern(nx_server_t, nx_server_home_ssh_t, nx_server_home_ssh_t)
-manage_files_pattern(nx_server_t, nx_server_home_ssh_t, nx_server_home_ssh_t)
-
-kernel_read_system_state(nx_server_t)
-kernel_read_kernel_sysctls(nx_server_t)
-
-# nxserver is a shell script --> call other programs
-corecmd_exec_shell(nx_server_t)
-corecmd_exec_bin(nx_server_t)
-
-corenet_all_recvfrom_unlabeled(nx_server_t)
-corenet_all_recvfrom_netlabel(nx_server_t)
-corenet_tcp_sendrecv_generic_if(nx_server_t)
-corenet_udp_sendrecv_generic_if(nx_server_t)
-corenet_tcp_sendrecv_generic_node(nx_server_t)
-corenet_udp_sendrecv_generic_node(nx_server_t)
-corenet_tcp_sendrecv_all_ports(nx_server_t)
-corenet_udp_sendrecv_all_ports(nx_server_t)
-corenet_tcp_connect_all_ports(nx_server_t)
-corenet_sendrecv_all_client_packets(nx_server_t)
-
-dev_read_urand(nx_server_t)
-
-files_read_etc_files(nx_server_t)
-files_read_etc_runtime_files(nx_server_t)
-# for reading the config files; maybe a separate type, 
-# but users need to be able to also read the config
-files_read_usr_files(nx_server_t)
-
-miscfiles_read_localization(nx_server_t)
-
-seutil_dontaudit_search_config(nx_server_t)
-
-sysnet_read_config(nx_server_t)
-
-ifdef(`TODO',`
-	# clients already have create permissions; the nxclient wants to also have unlink rights
-	allow userdomain xdm_tmp_t:sock_file delete_sock_file_perms;
-	# for a lockfile created by the client process
-	allow nx_server_t user_tmpfile:file getattr_file_perms;
-')
-
-########################################
-#
-# SSH component local policy
-#
-
-ssh_basic_client_template(nx_server, nx_server_t, nx_server_r)
diff --git a/policy/modules/services/oav.fc b/policy/modules/services/oav.fc
deleted file mode 100644
index 0a66474..0000000
--- a/policy/modules/services/oav.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-/etc/oav-update(/.*)?			gen_context(system_u:object_r:oav_update_etc_t,s0)
-/etc/scannerdaemon/scannerdaemon\.conf -- gen_context(system_u:object_r:scannerdaemon_etc_t,s0)
-
-/usr/sbin/oav-update		--	gen_context(system_u:object_r:oav_update_exec_t,s0)
-/usr/sbin/scannerdaemon		--	gen_context(system_u:object_r:scannerdaemon_exec_t,s0)
-
-/var/lib/oav-virussignatures	--	gen_context(system_u:object_r:oav_update_var_lib_t,s0)
-/var/lib/oav-update(/.*)?		gen_context(system_u:object_r:oav_update_var_lib_t,s0)
-/var/log/scannerdaemon\.log 	--	gen_context(system_u:object_r:scannerdaemon_log_t,s0)
diff --git a/policy/modules/services/oav.if b/policy/modules/services/oav.if
deleted file mode 100644
index 7f0d644..0000000
--- a/policy/modules/services/oav.if
+++ /dev/null
@@ -1,46 +0,0 @@
-## <summary>Open AntiVirus scannerdaemon and signature update</summary>
-
-########################################
-## <summary>
-##	Execute oav_update in the oav_update domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`oav_domtrans_update',`
-	gen_require(`
-		type oav_update_t, oav_update_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, oav_update_exec_t, oav_update_t)
-')
-
-########################################
-## <summary>
-##	Execute oav_update in the oav_update domain, and
-##	allow the specified role the oav_update domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`oav_run_update',`
-	gen_require(`
-		type oav_update_t;
-	')
-
-	oav_domtrans_update($1)
-	role $2 types oav_update_t;
-')
diff --git a/policy/modules/services/oav.te b/policy/modules/services/oav.te
deleted file mode 100644
index b4c5f86..0000000
--- a/policy/modules/services/oav.te
+++ /dev/null
@@ -1,146 +0,0 @@
-policy_module(oav, 1.9.0)
-
-########################################
-#
-# Declarations
-#
-
-type oav_update_t;
-type oav_update_exec_t;
-application_domain(oav_update_t, oav_update_exec_t)
-
-# cjp: may be collapsable to etc_t
-type oav_update_etc_t;
-files_config_file(oav_update_etc_t)
-
-type oav_update_var_lib_t;
-files_type(oav_update_var_lib_t)
-
-type scannerdaemon_t;
-type scannerdaemon_exec_t;
-init_daemon_domain(scannerdaemon_t, scannerdaemon_exec_t)
-
-type scannerdaemon_etc_t;
-files_config_file(scannerdaemon_etc_t)
-
-type scannerdaemon_log_t;
-logging_log_file(scannerdaemon_log_t)
-
-type scannerdaemon_var_run_t;
-files_pid_file(scannerdaemon_var_run_t)
-
-########################################
-#
-# OAV update local policy
-#
-
-allow oav_update_t self:tcp_socket create_stream_socket_perms;
-allow oav_update_t self:udp_socket create_socket_perms;
-
-# Can read /etc/oav-update/* files
-allow oav_update_t oav_update_etc_t:dir list_dir_perms;
-allow oav_update_t oav_update_etc_t:file read_file_perms;
-
-# Can read /var/lib/oav-update/current
-manage_dirs_pattern(oav_update_t, oav_update_var_lib_t, oav_update_var_lib_t)
-manage_files_pattern(oav_update_t, oav_update_var_lib_t, oav_update_var_lib_t)
-read_lnk_files_pattern(oav_update_t, oav_update_var_lib_t, oav_update_var_lib_t)
-
-corecmd_exec_all_executables(oav_update_t)
-
-corenet_all_recvfrom_unlabeled(oav_update_t)
-corenet_all_recvfrom_netlabel(oav_update_t)
-corenet_tcp_sendrecv_generic_if(oav_update_t)
-corenet_udp_sendrecv_generic_if(oav_update_t)
-corenet_tcp_sendrecv_generic_node(oav_update_t)
-corenet_udp_sendrecv_generic_node(oav_update_t)
-corenet_tcp_sendrecv_all_ports(oav_update_t)
-corenet_udp_sendrecv_all_ports(oav_update_t)
-
-files_exec_etc_files(oav_update_t)
-
-libs_exec_ld_so(oav_update_t)
-libs_exec_lib_files(oav_update_t)
-
-logging_send_syslog_msg(oav_update_t)
-
-sysnet_read_config(oav_update_t)
-
-userdom_use_user_terminals(oav_update_t)
-
-optional_policy(`
-	cron_system_entry(oav_update_t, oav_update_exec_t)
-')
-
-########################################
-#
-# Scannerdaemon local policy
-#
-
-dontaudit scannerdaemon_t self:capability sys_tty_config;
-allow scannerdaemon_t self:process signal_perms;
-allow scannerdaemon_t self:fifo_file rw_fifo_file_perms;
-allow scannerdaemon_t self:tcp_socket create_stream_socket_perms;
-allow scannerdaemon_t self:udp_socket create_socket_perms;
-
-allow scannerdaemon_t oav_update_var_lib_t:dir list_dir_perms;
-allow scannerdaemon_t oav_update_var_lib_t:file read_file_perms;
-files_search_var_lib(scannerdaemon_t)
-
-allow scannerdaemon_t scannerdaemon_etc_t:file read_file_perms;
-
-allow scannerdaemon_t scannerdaemon_log_t:file manage_file_perms;
-logging_log_filetrans(scannerdaemon_t, scannerdaemon_log_t, file)
-
-manage_files_pattern(scannerdaemon_t, scannerdaemon_var_run_t, scannerdaemon_var_run_t)
-files_pid_filetrans(scannerdaemon_t, scannerdaemon_var_run_t, file)
-
-kernel_read_system_state(scannerdaemon_t)
-kernel_read_kernel_sysctls(scannerdaemon_t)
-
-# Can run kaffe
-corecmd_exec_all_executables(scannerdaemon_t)
-
-corenet_all_recvfrom_unlabeled(scannerdaemon_t)
-corenet_all_recvfrom_netlabel(scannerdaemon_t)
-corenet_tcp_sendrecv_generic_if(scannerdaemon_t)
-corenet_udp_sendrecv_generic_if(scannerdaemon_t)
-corenet_tcp_sendrecv_generic_node(scannerdaemon_t)
-corenet_udp_sendrecv_generic_node(scannerdaemon_t)
-corenet_tcp_sendrecv_all_ports(scannerdaemon_t)
-corenet_udp_sendrecv_all_ports(scannerdaemon_t)
-
-dev_read_sysfs(scannerdaemon_t)
-
-domain_use_interactive_fds(scannerdaemon_t)
-
-files_read_etc_files(scannerdaemon_t)
-files_read_etc_runtime_files(scannerdaemon_t)
-# Can run kaffe
-files_exec_etc_files(scannerdaemon_t)
-
-fs_getattr_all_fs(scannerdaemon_t)
-fs_search_auto_mountpoints(scannerdaemon_t)
-
-auth_dontaudit_read_shadow(scannerdaemon_t)
-
-# Can run kaffe
-libs_exec_ld_so(scannerdaemon_t)
-libs_exec_lib_files(scannerdaemon_t)
-
-logging_send_syslog_msg(scannerdaemon_t)
-
-miscfiles_read_localization(scannerdaemon_t)
-
-sysnet_read_config(scannerdaemon_t)
-
-userdom_dontaudit_use_unpriv_user_fds(scannerdaemon_t)
-userdom_dontaudit_search_user_home_dirs(scannerdaemon_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(scannerdaemon_t)
-')
-
-optional_policy(`
-	udev_read_db(scannerdaemon_t)
-')
diff --git a/policy/modules/services/oddjob.fc b/policy/modules/services/oddjob.fc
deleted file mode 100644
index 5ee1598..0000000
--- a/policy/modules/services/oddjob.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-/usr/lib(64)?/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
-/usr/libexec/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
-
-/usr/sbin/oddjobd		--	gen_context(system_u:object_r:oddjob_exec_t,s0)
-
-/var/run/oddjobd\.pid			gen_context(system_u:object_r:oddjob_var_run_t,s0)
diff --git a/policy/modules/services/oddjob.if b/policy/modules/services/oddjob.if
deleted file mode 100644
index ca6517b..0000000
--- a/policy/modules/services/oddjob.if
+++ /dev/null
@@ -1,149 +0,0 @@
-## <summary>
-##	Oddjob provides a mechanism by which unprivileged applications can
-##	request that specified privileged operations be performed on their
-##	behalf.
-## </summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run oddjob.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`oddjob_domtrans',`
-	gen_require(`
-		type oddjob_t, oddjob_exec_t;
-	')
-
-	domtrans_pattern($1, oddjob_exec_t, oddjob_t)
-')
-
-#####################################
-## <summary>
-##	Do not audit attempts to read and write 
-##	oddjob fifo file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`oddjob_dontaudit_rw_fifo_file',`
-	gen_require(`
-		type oddjob_t;
-	')
-
-	dontaudit $1 oddjob_t:fifo_file rw_inherited_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Make the specified program domain accessable
-##	from the oddjob.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The type of the process to transition to.
-##	</summary>
-## </param>
-## <param name="entrypoint">
-##	<summary>
-##	The type of the file used as an entrypoint to this domain.
-##	</summary>
-## </param>
-#
-interface(`oddjob_system_entry',`
-	gen_require(`
-		type oddjob_t;
-	')
-
-	domtrans_pattern(oddjob_t, $2, $1)
-	domain_user_exemption_target($1)
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	oddjob over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`oddjob_dbus_chat',`
-	gen_require(`
-		type oddjob_t;
-		class dbus send_msg;
-	')
-
-	allow $1 oddjob_t:dbus send_msg;
-	allow oddjob_t $1:dbus send_msg;
-')
-
-######################################
-## <summary>
-##	Send a SIGCHLD signal to oddjob.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`oddjob_sigchld',`
-	gen_require(`
-		type oddjob_t;
-	')
-
-	allow $1 oddjob_t:process sigchld;
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run oddjob_mkhomedir.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`oddjob_domtrans_mkhomedir',`
-	gen_require(`
-		type oddjob_mkhomedir_t, oddjob_mkhomedir_exec_t;
-	')
-
-	domtrans_pattern($1, oddjob_mkhomedir_exec_t, oddjob_mkhomedir_t)
-')
-
-########################################
-## <summary>
-##	Execute the oddjob_mkhomedir program in the oddjob_mkhomedir domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`oddjob_run_mkhomedir',`
-	gen_require(`
-		type oddjob_mkhomedir_t;
-	')
-
-	oddjob_domtrans_mkhomedir($1)
-	role $2 types oddjob_mkhomedir_t;
-')
diff --git a/policy/modules/services/oddjob.te b/policy/modules/services/oddjob.te
deleted file mode 100644
index c8f4d64..0000000
--- a/policy/modules/services/oddjob.te
+++ /dev/null
@@ -1,102 +0,0 @@
-policy_module(oddjob, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type oddjob_t;
-type oddjob_exec_t;
-init_daemon_domain(oddjob_t, oddjob_exec_t)
-domain_obj_id_change_exemption(oddjob_t)
-domain_role_change_exemption(oddjob_t)
-domain_subj_id_change_exemption(oddjob_t)
-
-type oddjob_mkhomedir_t;
-type oddjob_mkhomedir_exec_t;
-domain_obj_id_change_exemption(oddjob_mkhomedir_t)
-init_system_domain(oddjob_mkhomedir_t, oddjob_mkhomedir_exec_t)
-oddjob_system_entry(oddjob_mkhomedir_t, oddjob_mkhomedir_exec_t)
-
-# pid files
-type oddjob_var_run_t;
-files_pid_file(oddjob_var_run_t)
-
-ifdef(`enable_mcs',`
-	init_ranged_daemon_domain(oddjob_t, oddjob_exec_t, s0 - mcs_systemhigh)
-')
-
-########################################
-#
-# oddjob local policy
-#
-
-allow oddjob_t self:capability setgid;
-allow oddjob_t self:process { setexec signal };
-allow oddjob_t self:fifo_file rw_fifo_file_perms;
-allow oddjob_t self:unix_stream_socket create_stream_socket_perms;
-
-manage_files_pattern(oddjob_t, oddjob_var_run_t, oddjob_var_run_t)
-manage_sock_files_pattern(oddjob_t, oddjob_var_run_t, oddjob_var_run_t)
-files_pid_filetrans(oddjob_t, oddjob_var_run_t, { file sock_file })
-
-kernel_read_system_state(oddjob_t)
-
-corecmd_exec_bin(oddjob_t)
-corecmd_exec_shell(oddjob_t)
-
-mcs_process_set_categories(oddjob_t)
-
-selinux_compute_create_context(oddjob_t)
-
-files_read_etc_files(oddjob_t)
-
-miscfiles_read_localization(oddjob_t)
-
-locallogin_dontaudit_use_fds(oddjob_t)
-
-optional_policy(`
-	dbus_system_bus_client(oddjob_t)
-	dbus_connect_system_bus(oddjob_t)
-')
-
-optional_policy(`
-	unconfined_domtrans(oddjob_t)
-')
-
-########################################
-#
-# oddjob_mkhomedir local policy
-#
-
-allow oddjob_mkhomedir_t self:capability { chown fowner fsetid dac_override };
-allow oddjob_mkhomedir_t self:process setfscreate;
-allow oddjob_mkhomedir_t self:fifo_file rw_fifo_file_perms;
-allow oddjob_mkhomedir_t self:unix_stream_socket create_stream_socket_perms;
-
-kernel_read_system_state(oddjob_mkhomedir_t)
-
-files_read_etc_files(oddjob_mkhomedir_t)
-
-auth_use_nsswitch(oddjob_mkhomedir_t)
-
-logging_send_syslog_msg(oddjob_mkhomedir_t)
-
-miscfiles_read_localization(oddjob_mkhomedir_t)
-
-selinux_get_fs_mount(oddjob_mkhomedir_t)
-selinux_validate_context(oddjob_mkhomedir_t)
-selinux_compute_access_vector(oddjob_mkhomedir_t)
-selinux_compute_create_context(oddjob_mkhomedir_t)
-selinux_compute_relabel_context(oddjob_mkhomedir_t)
-selinux_compute_user_contexts(oddjob_mkhomedir_t)
-
-seutil_read_config(oddjob_mkhomedir_t)
-seutil_read_file_contexts(oddjob_mkhomedir_t)
-seutil_read_default_contexts(oddjob_mkhomedir_t)
-
-# Add/remove user home directories
-userdom_home_filetrans_user_home_dir(oddjob_mkhomedir_t)
-userdom_manage_user_home_dirs(oddjob_mkhomedir_t)
-userdom_manage_user_home_content_dirs(oddjob_mkhomedir_t)
-userdom_manage_user_home_content(oddjob_mkhomedir_t)
diff --git a/policy/modules/services/oident.fc b/policy/modules/services/oident.fc
deleted file mode 100644
index 5840ea8..0000000
--- a/policy/modules/services/oident.fc
+++ /dev/null
@@ -1,8 +0,0 @@
-HOME_DIR/\.oidentd.conf			gen_context(system_u:object_r:oidentd_home_t, s0)
-
-/etc/oidentd\.conf		--	gen_context(system_u:object_r:oidentd_config_t, s0)
-/etc/oidentd_masq\.conf		--	gen_context(system_u:object_r:oidentd_config_t, s0)
-
-/etc/rc\.d/init\.d/oidentd	--	gen_context(system_u:object_r:oidentd_initrc_exec_t, s0)
-
-/usr/sbin/oidentd		--	gen_context(system_u:object_r:oidentd_exec_t, s0)
diff --git a/policy/modules/services/oident.if b/policy/modules/services/oident.if
deleted file mode 100644
index b1b5e51..0000000
--- a/policy/modules/services/oident.if
+++ /dev/null
@@ -1,102 +0,0 @@
-## <summary>SELinux policy for Oident daemon.</summary>
-## <desc>
-##	<p>
-##	Oident daemon is a server that implements the TCP/IP
-##	standard IDENT user identification protocol as
-##	specified in the RFC 1413 document.
-##	</p>
-## </desc>
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	Oidentd personal configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`oident_read_user_content',`
-	gen_require(`
-		type oidentd_home_t;
-	')
-
-	allow $1 oidentd_home_t:file read_file_perms;
-	userdom_search_user_home_dirs($1)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to create, read, write, and delete
-##	Oidentd personal configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`oident_manage_user_content',`
-	gen_require(`
-		type oidentd_home_t;
-	')
-
-	allow $1 oidentd_home_t:file manage_file_perms;
-	userdom_search_user_home_dirs($1)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to relabel
-##	Oidentd personal configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`oident_relabel_user_content',`
-	gen_require(`
-		type oidentd_home_t;
-	')
-
-	allow $1 oidentd_home_t:file relabel_file_perms;
-	userdom_search_user_home_dirs($1)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an oident environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`oident_admin',`
-	gen_require(`
-		type oidentd_t, oidentd_initrc_exec_t, oidentd_config_t;
-	')
-
-	allow $1 oidentd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, oidentd_t)
-
-	init_labeled_script_domtrans($1, oidentd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 oidentd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, oidentd_config_t)
-')
diff --git a/policy/modules/services/oident.te b/policy/modules/services/oident.te
deleted file mode 100644
index 73c1fa5..0000000
--- a/policy/modules/services/oident.te
+++ /dev/null
@@ -1,73 +0,0 @@
-policy_module(oident, 2.1.0)
-
-########################################
-#
-# Oident daemon private declarations
-#
-
-type oidentd_t;
-type oidentd_exec_t;
-init_daemon_domain(oidentd_t, oidentd_exec_t)
-
-type oidentd_home_t;
-typealias oidentd_home_t alias { oidentd_user_content_t oidentd_staff_content_t oidentd_sysadm_content_t };
-typealias oidentd_home_t alias { oidentd_secadm_content_t oidentd_auditadm_content_t };
-userdom_user_home_content(oidentd_home_t)
-
-type oidentd_initrc_exec_t;
-init_script_file(oidentd_initrc_exec_t)
-
-type oidentd_config_t;
-files_config_file(oidentd_config_t)
-
-########################################
-#
-# Oident daemon private policy
-#
-
-allow oidentd_t self:capability { setuid setgid };
-allow oidentd_t self:netlink_route_socket create_netlink_socket_perms;
-allow oidentd_t self:netlink_tcpdiag_socket create_netlink_socket_perms;
-allow oidentd_t self:tcp_socket create_stream_socket_perms;
-allow oidentd_t self:udp_socket create_socket_perms;
-allow oidentd_t self:unix_dgram_socket { create connect };
-
-allow oidentd_t oidentd_config_t:file read_file_perms;
-
-corenet_all_recvfrom_unlabeled(oidentd_t)
-corenet_all_recvfrom_netlabel(oidentd_t)
-corenet_tcp_sendrecv_generic_if(oidentd_t)
-corenet_tcp_sendrecv_generic_node(oidentd_t)
-corenet_tcp_bind_generic_node(oidentd_t)
-corenet_tcp_bind_auth_port(oidentd_t)
-corenet_sendrecv_auth_server_packets(oidentd_t)
-
-files_read_etc_files(oidentd_t)
-
-kernel_read_kernel_sysctls(oidentd_t)
-kernel_read_network_state(oidentd_t)
-kernel_read_network_state_symlinks(oidentd_t)
-kernel_read_sysctl(oidentd_t)
-kernel_request_load_module(oidentd_t)
-
-logging_send_syslog_msg(oidentd_t)
-
-miscfiles_read_localization(oidentd_t)
-
-sysnet_read_config(oidentd_t)
-
-oident_read_user_content(oidentd_t)
-
-optional_policy(`
-	nis_use_ypbind(oidentd_t)
-')
-
-tunable_policy(`use_samba_home_dirs', `
-	fs_list_cifs(oidentd_t)
- 	fs_read_cifs_files(oidentd_t)
-')
-
-tunable_policy(`use_nfs_home_dirs', `
-	fs_list_nfs(oidentd_t)
- 	fs_read_nfs_files(oidentd_t)
-')
diff --git a/policy/modules/services/openca.fc b/policy/modules/services/openca.fc
deleted file mode 100644
index 72a2db6..0000000
--- a/policy/modules/services/openca.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-/etc/openca(/.*)?			gen_context(system_u:object_r:openca_etc_t,s0)
-/etc/openca/.*\.in(/.*)?		gen_context(system_u:object_r:openca_etc_in_t,s0)
-/etc/openca/rbac(/.*)?			gen_context(system_u:object_r:openca_etc_writeable_t,s0)
-
-/usr/share/openca(/.*)?			gen_context(system_u:object_r:openca_usr_share_t,s0)
-/usr/share/openca/cgi-bin/ca/.+ --	gen_context(system_u:object_r:openca_ca_exec_t,s0)
-
-/var/lib/openca(/.*)?			gen_context(system_u:object_r:openca_var_lib_t,s0)
-/var/lib/openca/crypto/keys(/.*)?	gen_context(system_u:object_r:openca_var_lib_keys_t,s0)
diff --git a/policy/modules/services/openca.if b/policy/modules/services/openca.if
deleted file mode 100644
index a8c1eef..0000000
--- a/policy/modules/services/openca.if
+++ /dev/null
@@ -1,76 +0,0 @@
-## <summary>OpenCA - Open Certificate Authority</summary>
-
-########################################
-## <summary>
-##	Execute the OpenCA program with
-##	a domain transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`openca_domtrans',`
-	gen_require(`
-		type openca_ca_t, openca_ca_exec_t, openca_usr_share_t;
-	')
-
-	domtrans_pattern($1, openca_ca_exec_t, openca_ca_t)
-	allow $1 openca_usr_share_t:dir search_dir_perms;
-	files_search_usr($1)
-')
-
-########################################
-## <summary>
-##	Send OpenCA generic signals.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`openca_signal',`
-	gen_require(`
-		type openca_ca_t;
-	')
-
-	allow $1 openca_ca_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send OpenCA stop signals.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`openca_sigstop',`
-	gen_require(`
-		type openca_ca_t;
-	')
-
-	allow $1 openca_ca_t:process sigstop;
-')
-
-########################################
-## <summary>
-##	Kill OpenCA.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`openca_kill',`
-	gen_require(`
-		type openca_ca_t;
-	')
-
-	allow $1 openca_ca_t:process sigkill;
-')
diff --git a/policy/modules/services/openca.te b/policy/modules/services/openca.te
deleted file mode 100644
index 2df8170..0000000
--- a/policy/modules/services/openca.te
+++ /dev/null
@@ -1,82 +0,0 @@
-policy_module(openca, 1.2.0)
-
-########################################
-#
-# Declarations
-#
-
-type openca_ca_t;
-type openca_ca_exec_t;
-domain_type(openca_ca_t)
-domain_entry_file(openca_ca_t, openca_ca_exec_t)
-role system_r types openca_ca_t;
-
-# cjp: seems like some of these types
-# can be removed and replaced with generic
-# etc or usr files.
-
-# /etc/openca standard files
-type openca_etc_t;
-files_config_file(openca_etc_t)
-
-# /etc/openca template files
-type openca_etc_in_t;
-files_type(openca_etc_in_t)
-
-# /etc/openca writeable (from CGI script) files
-type openca_etc_writeable_t;
-files_type(openca_etc_writeable_t)
-
-# /usr/share/openca/crypto/keys
-type openca_usr_share_t;
-files_type(openca_usr_share_t)
-
-# /var/lib/openca
-type openca_var_lib_t;
-files_type(openca_var_lib_t)
-
-# /var/lib/openca/crypto/keys
-type openca_var_lib_keys_t;
-files_type(openca_var_lib_keys_t)
-
-########################################
-#
-# Local policy
-#
-
-# Allow access to other files under /etc/openca
-allow openca_ca_t openca_etc_t:file read_file_perms;
-allow openca_ca_t openca_etc_t:dir list_dir_perms;
-
-# Allow access to writeable files under /etc/openca
-manage_dirs_pattern(openca_ca_t, openca_etc_writeable_t, openca_etc_writeable_t)
-manage_files_pattern(openca_ca_t, openca_etc_writeable_t, openca_etc_writeable_t)
-
-# Allow access to other /var/lib/openca files
-manage_dirs_pattern(openca_ca_t, openca_var_lib_t, openca_var_lib_t)
-manage_files_pattern(openca_ca_t, openca_var_lib_t, openca_var_lib_t)
-
-# Allow access to private CA key
-manage_dirs_pattern(openca_ca_t, openca_var_lib_keys_t, openca_var_lib_keys_t)
-manage_files_pattern(openca_ca_t, openca_var_lib_keys_t, openca_var_lib_keys_t)
-
-# Allow access to other /usr/share/openca files
-read_files_pattern(openca_ca_t, openca_usr_share_t, openca_usr_share_t)
-read_lnk_files_pattern(openca_ca_t, openca_usr_share_t, openca_usr_share_t)
-allow openca_ca_t openca_usr_share_t:dir list_dir_perms;
-
-# the perl executable will be able to run a perl script
-corecmd_exec_bin(openca_ca_t)
-
-dev_read_rand(openca_ca_t)
-
-files_list_default(openca_ca_t)
-
-init_use_fds(openca_ca_t)
-init_use_script_fds(openca_ca_t)
-
-libs_exec_lib_files(openca_ca_t)
-
-apache_append_log(openca_ca_t)
-# Allow the script to return its output
-apache_rw_cache_files(openca_ca_t)
diff --git a/policy/modules/services/openct.fc b/policy/modules/services/openct.fc
deleted file mode 100644
index 58c8816..0000000
--- a/policy/modules/services/openct.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-#
-# /usr
-#
-/usr/sbin/ifdhandler		--	gen_context(system_u:object_r:openct_exec_t,s0)
-/usr/sbin/openct-control	--	gen_context(system_u:object_r:openct_exec_t,s0)
-
-#
-# /var
-#
-/var/run/openct(/.*)?		gen_context(system_u:object_r:openct_var_run_t,s0)
diff --git a/policy/modules/services/openct.if b/policy/modules/services/openct.if
deleted file mode 100644
index 9197ef0..0000000
--- a/policy/modules/services/openct.if
+++ /dev/null
@@ -1,95 +0,0 @@
-## <summary>Service for handling smart card readers.</summary>
-
-########################################
-## <summary>
-##	Send openct a null signal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`openct_signull',`
-	gen_require(`
-		type openct_t;
-	')
-
-	allow $1 openct_t:process signull;
-')
-
-########################################
-## <summary>
-##	Execute openct in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`openct_exec',`
-	gen_require(`
-		type openct_t, openct_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, openct_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run openct.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`openct_domtrans',`
-	gen_require(`
-		type openct_t, openct_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, openct_exec_t, openct_t)
-')
-
-########################################
-## <summary>
-##	Read openct PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`openct_read_pid_files',`
-	gen_require(`
-		type openct_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, openct_var_run_t, openct_var_run_t)
-')
-
-########################################
-## <summary>
-##	Connect to openct over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`openct_stream_connect',`
-	gen_require(`
-		type openct_t, openct_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, openct_var_run_t, openct_var_run_t, openct_t)
-')
diff --git a/policy/modules/services/openct.te b/policy/modules/services/openct.te
deleted file mode 100644
index 78722e7..0000000
--- a/policy/modules/services/openct.te
+++ /dev/null
@@ -1,61 +0,0 @@
-policy_module(openct, 1.4.1)
-
-########################################
-#
-# Declarations
-#
-
-type openct_t;
-type openct_exec_t;
-init_daemon_domain(openct_t, openct_exec_t)
-
-type openct_var_run_t;
-files_pid_file(openct_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-dontaudit openct_t self:capability sys_tty_config;
-allow openct_t self:process signal_perms;
-
-manage_dirs_pattern(openct_t, openct_var_run_t, openct_var_run_t)
-manage_files_pattern(openct_t, openct_var_run_t, openct_var_run_t)
-manage_sock_files_pattern(openct_t, openct_var_run_t, openct_var_run_t)
-files_pid_filetrans(openct_t, openct_var_run_t, { dir file sock_file })
-
-kernel_read_kernel_sysctls(openct_t)
-kernel_list_proc(openct_t)
-kernel_read_proc_symlinks(openct_t)
-
-dev_read_sysfs(openct_t)
-# openct asks for this
-dev_rw_usbfs(openct_t)
-dev_rw_smartcard(openct_t)
-dev_rw_generic_usb_dev(openct_t)
-
-domain_use_interactive_fds(openct_t)
-
-# openct asks for this
-files_read_etc_files(openct_t)
-
-fs_getattr_all_fs(openct_t)
-fs_search_auto_mountpoints(openct_t)
-
-logging_send_syslog_msg(openct_t)
-
-miscfiles_read_localization(openct_t)
-
-userdom_dontaudit_use_unpriv_user_fds(openct_t)
-userdom_dontaudit_search_user_home_dirs(openct_t)
-
-openct_exec(openct_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(openct_t)
-')
-
-optional_policy(`
-	udev_read_db(openct_t)
-')
diff --git a/policy/modules/services/openvpn.fc b/policy/modules/services/openvpn.fc
deleted file mode 100644
index 9c186d2..0000000
--- a/policy/modules/services/openvpn.fc
+++ /dev/null
@@ -1,17 +0,0 @@
-#
-# /etc
-#
-/etc/openvpn(/.*)?		gen_context(system_u:object_r:openvpn_etc_t,s0)
-/etc/openvpn/ipp.txt	--	gen_context(system_u:object_r:openvpn_etc_rw_t,s0)
-/etc/rc\.d/init\.d/openvpn --	gen_context(system_u:object_r:openvpn_initrc_exec_t,s0)
-
-#
-# /usr
-#
-/usr/sbin/openvpn	--	gen_context(system_u:object_r:openvpn_exec_t,s0)
-
-#
-# /var
-#
-/var/log/openvpn.*		gen_context(system_u:object_r:openvpn_var_log_t,s0)
-/var/run/openvpn(/.*)?		gen_context(system_u:object_r:openvpn_var_run_t,s0)
diff --git a/policy/modules/services/openvpn.if b/policy/modules/services/openvpn.if
deleted file mode 100644
index d883214..0000000
--- a/policy/modules/services/openvpn.if
+++ /dev/null
@@ -1,163 +0,0 @@
-## <summary>full-featured SSL VPN solution</summary>
-
-########################################
-## <summary>
-##	Execute OPENVPN clients in the openvpn domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`openvpn_domtrans',`
-	gen_require(`
-		type openvpn_t, openvpn_exec_t;
-	')
-
-	domtrans_pattern($1, openvpn_exec_t, openvpn_t)
-')
-
-########################################
-## <summary>
-##	Execute OPENVPN clients in the openvpn domain, and
-##	allow the specified role the openvpn domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`openvpn_run',`
-	gen_require(`
-		type openvpn_t;
-	')
-
-	openvpn_domtrans($1)
-	role $2 types openvpn_t;
-')
-
-########################################
-## <summary>
-##	Send OPENVPN clients the kill signal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`openvpn_kill',`
-	gen_require(`
-		type openvpn_t;
-	')
-
-	allow $1 openvpn_t:process sigkill;
-')
-
-########################################
-## <summary>
-##	Send generic signals to OPENVPN clients.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`openvpn_signal',`
-	gen_require(`
-		type openvpn_t;
-	')
-
-	allow $1 openvpn_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send signulls to OPENVPN clients.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`openvpn_signull',`
-	gen_require(`
-		type openvpn_t;
-	')
-
-	allow $1 openvpn_t:process signull;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	OpenVPN configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`openvpn_read_config',`
-	gen_require(`
-		type openvpn_etc_t;
-	')
-
-	files_search_etc($1)
-	allow $1 openvpn_etc_t:dir list_dir_perms;
-	read_files_pattern($1, openvpn_etc_t, openvpn_etc_t)
-	read_lnk_files_pattern($1, openvpn_etc_t, openvpn_etc_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an openvpn environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the openvpn domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`openvpn_admin',`
-	gen_require(`
-		type openvpn_t, openvpn_etc_t, openvpn_var_log_t;
-		type openvpn_var_run_t, openvpn_initrc_exec_t;
-	')
-
-	allow $1 openvpn_t:process { ptrace signal_perms };
-	ps_process_pattern($1, openvpn_t)
-
-	init_labeled_script_domtrans($1, openvpn_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 openvpn_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, openvpn_etc_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, openvpn_var_log_t)
-
-	files_list_pids($1)
-	admin_pattern($1, openvpn_var_run_t)
-')
diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te
deleted file mode 100644
index cb87bef..0000000
--- a/policy/modules/services/openvpn.te
+++ /dev/null
@@ -1,151 +0,0 @@
-policy_module(openvpn, 1.10.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow openvpn to read home directories
-##	</p>
-## </desc>
-gen_tunable(openvpn_enable_homedirs, false)
-
-# main openvpn domain
-type openvpn_t;
-type openvpn_exec_t;
-init_daemon_domain(openvpn_t, openvpn_exec_t)
-
-# configuration files
-type openvpn_etc_t;
-files_config_file(openvpn_etc_t)
-
-type openvpn_etc_rw_t;
-files_config_file(openvpn_etc_rw_t)
-
-type openvpn_tmp_t;
-files_tmp_file(openvpn_tmp_t)
-
-type openvpn_initrc_exec_t;
-init_script_file(openvpn_initrc_exec_t)
-
-# log files
-type openvpn_var_log_t;
-logging_log_file(openvpn_var_log_t)
-
-# pid files
-type openvpn_var_run_t;
-files_pid_file(openvpn_var_run_t)
-
-########################################
-#
-# openvpn local policy
-#
-
-allow openvpn_t self:capability { dac_read_search dac_override ipc_lock net_bind_service net_admin setgid setuid sys_chroot sys_tty_config };
-allow openvpn_t self:process { signal getsched };
-allow openvpn_t self:fifo_file rw_fifo_file_perms;
-allow openvpn_t self:unix_dgram_socket { create_socket_perms sendto };
-allow openvpn_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow openvpn_t self:udp_socket create_socket_perms;
-allow openvpn_t self:tcp_socket server_stream_socket_perms;
-allow openvpn_t self:tun_socket { create_socket_perms relabelfrom };
-allow openvpn_t self:netlink_route_socket rw_netlink_socket_perms;
-
-can_exec(openvpn_t, openvpn_etc_t)
-read_files_pattern(openvpn_t, openvpn_etc_t, openvpn_etc_t)
-read_lnk_files_pattern(openvpn_t, openvpn_etc_t, openvpn_etc_t)
-
-manage_files_pattern(openvpn_t, openvpn_etc_t, openvpn_etc_rw_t)
-filetrans_pattern(openvpn_t, openvpn_etc_t, openvpn_etc_rw_t, file)
-
-manage_files_pattern(openvpn_t, openvpn_tmp_t, openvpn_tmp_t)
-files_tmp_filetrans(openvpn_t, openvpn_tmp_t, file)
-
-allow openvpn_t openvpn_var_log_t:file manage_file_perms;
-logging_log_filetrans(openvpn_t, openvpn_var_log_t, file)
-
-manage_dirs_pattern(openvpn_t, openvpn_var_run_t, openvpn_var_run_t)
-manage_files_pattern(openvpn_t, openvpn_var_run_t, openvpn_var_run_t)
-files_pid_filetrans(openvpn_t, openvpn_var_run_t, { file dir })
-
-kernel_read_kernel_sysctls(openvpn_t)
-kernel_read_net_sysctls(openvpn_t)
-kernel_read_network_state(openvpn_t)
-kernel_read_system_state(openvpn_t)
-kernel_request_load_module(openvpn_t)
-
-corecmd_exec_bin(openvpn_t)
-corecmd_exec_shell(openvpn_t)
-
-corenet_all_recvfrom_unlabeled(openvpn_t)
-corenet_all_recvfrom_netlabel(openvpn_t)
-corenet_tcp_sendrecv_generic_if(openvpn_t)
-corenet_udp_sendrecv_generic_if(openvpn_t)
-corenet_tcp_sendrecv_generic_node(openvpn_t)
-corenet_udp_sendrecv_generic_node(openvpn_t)
-corenet_tcp_sendrecv_all_ports(openvpn_t)
-corenet_udp_sendrecv_all_ports(openvpn_t)
-corenet_tcp_bind_generic_node(openvpn_t)
-corenet_udp_bind_generic_node(openvpn_t)
-corenet_tcp_bind_openvpn_port(openvpn_t)
-corenet_udp_bind_openvpn_port(openvpn_t)
-corenet_tcp_bind_http_port(openvpn_t)
-corenet_tcp_connect_openvpn_port(openvpn_t)
-corenet_tcp_connect_http_port(openvpn_t)
-corenet_tcp_connect_http_cache_port(openvpn_t)
-corenet_rw_tun_tap_dev(openvpn_t)
-corenet_sendrecv_openvpn_server_packets(openvpn_t)
-corenet_sendrecv_openvpn_client_packets(openvpn_t)
-corenet_sendrecv_http_client_packets(openvpn_t)
-
-dev_search_sysfs(openvpn_t)
-dev_read_rand(openvpn_t)
-dev_read_urand(openvpn_t)
-
-files_read_etc_files(openvpn_t)
-files_read_etc_runtime_files(openvpn_t)
-
-auth_use_pam(openvpn_t)
-
-logging_send_syslog_msg(openvpn_t)
-
-miscfiles_read_localization(openvpn_t)
-miscfiles_read_all_certs(openvpn_t)
-
-sysnet_dns_name_resolve(openvpn_t)
-sysnet_exec_ifconfig(openvpn_t)
-sysnet_manage_config(openvpn_t)
-sysnet_etc_filetrans_config(openvpn_t)
-
-userdom_use_user_terminals(openvpn_t)
-userdom_read_home_certs(openvpn_t)
-userdom_attach_admin_tun_iface(openvpn_t)
-
-tunable_policy(`openvpn_enable_homedirs',`
-	userdom_search_user_home_dirs(openvpn_t)
-')
-
-tunable_policy(`openvpn_enable_homedirs && use_nfs_home_dirs',`
-	fs_read_nfs_files(openvpn_t)
-')
-
-tunable_policy(`openvpn_enable_homedirs && use_samba_home_dirs',`
-	fs_read_cifs_files(openvpn_t)
-')
-
-optional_policy(`
-	daemontools_service_domain(openvpn_t, openvpn_exec_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(openvpn_t)
-	dbus_connect_system_bus(openvpn_t)
-
-	networkmanager_dbus_chat(openvpn_t)
-')
-
-optional_policy(`
-	unconfined_attach_tun_iface(openvpn_t)
-')
diff --git a/policy/modules/services/pads.fc b/policy/modules/services/pads.fc
deleted file mode 100644
index 0870c56..0000000
--- a/policy/modules/services/pads.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-/etc/pads-ether-codes	--	gen_context(system_u:object_r:pads_config_t, s0)
-/etc/pads-signature-list --	gen_context(system_u:object_r:pads_config_t, s0)
-/etc/pads.conf		--	gen_context(system_u:object_r:pads_config_t, s0)
-/etc/pads-assets.csv	--	gen_context(system_u:object_r:pads_config_t, s0)
-
-/etc/rc\.d/init\.d/pads --	gen_context(system_u:object_r:pads_initrc_exec_t, s0)
-
-/usr/bin/pads		--	gen_context(system_u:object_r:pads_exec_t, s0)
-
-/var/run/pads.pid	--	gen_context(system_u:object_r:pads_var_run_t, s0)
diff --git a/policy/modules/services/pads.if b/policy/modules/services/pads.if
deleted file mode 100644
index 8235fb6..0000000
--- a/policy/modules/services/pads.if
+++ /dev/null
@@ -1,47 +0,0 @@
-## <summary>Passive Asset Detection System</summary>
-## <desc>
-##	<p>
-##	PADS is a libpcap based detection engine used to
-##	passively detect network assets.  It is designed to
-##	complement IDS technology by providing context to IDS
-##	alerts.
-##	</p>
-## </desc>
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an pads environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`pads_admin',`
-	gen_require(`
-		type pads_t, pads_config_t, pads_initrc_exec_t;
-		type pads_var_run_t;
-	')
-
-	allow $1 pads_t:process { ptrace signal_perms };
-	ps_process_pattern($1, pads_t)
-
-	init_labeled_script_domtrans($1, pads_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 pads_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_pids($1)
-	admin_pattern($1, pads_var_run_t)
-
-	files_list_etc($1)
-	admin_pattern($1, pads_config_t)
-')
diff --git a/policy/modules/services/pads.te b/policy/modules/services/pads.te
deleted file mode 100644
index f414173..0000000
--- a/policy/modules/services/pads.te
+++ /dev/null
@@ -1,62 +0,0 @@
-policy_module(pads, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type pads_t;
-type pads_exec_t;
-init_daemon_domain(pads_t, pads_exec_t)
-
-type pads_initrc_exec_t;
-init_script_file(pads_initrc_exec_t)
-
-type pads_config_t;
-files_config_file(pads_config_t)
-
-type pads_var_run_t;
-files_pid_file(pads_var_run_t)
-
-########################################
-#
-# Declarations
-#
-
-allow pads_t self:capability { dac_override net_raw };
-allow pads_t self:netlink_route_socket create_netlink_socket_perms;
-allow pads_t self:packet_socket create_socket_perms;
-allow pads_t self:udp_socket create_socket_perms;
-allow pads_t self:unix_dgram_socket create_socket_perms;
-
-allow pads_t pads_config_t:file manage_file_perms;
-files_etc_filetrans(pads_t, pads_config_t, file)
-
-allow pads_t pads_var_run_t:file manage_file_perms;
-files_pid_filetrans(pads_t, pads_var_run_t, file)
-
-kernel_read_sysctl(pads_t)
-
-corecmd_search_bin(pads_t)
-
-corenet_all_recvfrom_unlabeled(pads_t)
-corenet_all_recvfrom_netlabel(pads_t)
-corenet_tcp_sendrecv_generic_if(pads_t)
-corenet_tcp_sendrecv_generic_node(pads_t)
-corenet_tcp_connect_prelude_port(pads_t)
-
-dev_read_rand(pads_t)
-dev_read_urand(pads_t)
-
-files_read_etc_files(pads_t)
-files_search_spool(pads_t)
-
-miscfiles_read_localization(pads_t)
-
-logging_send_syslog_msg(pads_t)
-
-sysnet_dns_name_resolve(pads_t)
-
-optional_policy(`
-	prelude_manage_spool(pads_t)
-')
diff --git a/policy/modules/services/passenger.fc b/policy/modules/services/passenger.fc
deleted file mode 100644
index 8d00972..0000000
--- a/policy/modules/services/passenger.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-
-/usr/lib(64)?/ruby/gems/.*/passenger-.*/ext/apache2/ApplicationPoolServerExecutable -- gen_context(system_u:object_r:passenger_exec_t,s0)
-
-/var/lib/passenger(/.*)?           gen_context(system_u:object_r:passenger_var_lib_t,s0)
-
-/var/run/passenger(/.*)?           gen_context(system_u:object_r:passenger_var_run_t,s0)
diff --git a/policy/modules/services/passenger.if b/policy/modules/services/passenger.if
deleted file mode 100644
index 66f9799..0000000
--- a/policy/modules/services/passenger.if
+++ /dev/null
@@ -1,67 +0,0 @@
-## <summary>Passenger policy</summary>
-
-######################################
-## <summary>
-##	Execute passenger in the passenger domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`passenger_domtrans',`
-	gen_require(`
-		type passenger_t, passenger_exec_t;
-	')
-
-	allow $1 self:capability { fowner fsetid };
-
-	allow $1 passenger_t:process signal;
-
-	domtrans_pattern($1, passenger_exec_t, passenger_t)
-	allow $1 passenger_t:unix_stream_socket { read write shutdown };
-	allow passenger_t $1:unix_stream_socket { read write };
-')
-
-######################################
-## <summary>
-##	Manage passenger var_run content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`passenger_manage_pid_content',`
-	gen_require(`
-		type passenger_var_run_t;
-	')
-
-	files_search_pids($1)
-	manage_dirs_pattern($1, passenger_var_run_t, passenger_var_run_t)
-	manage_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
-	manage_fifo_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
-	manage_sock_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
-')
-
-########################################
-## <summary>
-##	Read passenger lib files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`passenger_read_lib_files',`
-	gen_require(`
-		type passenger_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
-	read_lnk_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
-')
diff --git a/policy/modules/services/passenger.te b/policy/modules/services/passenger.te
deleted file mode 100644
index ba9fdb9..0000000
--- a/policy/modules/services/passenger.te
+++ /dev/null
@@ -1,66 +0,0 @@
-policy_module(passanger, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type passenger_t;
-type passenger_exec_t;
-domain_type(passenger_t)
-domain_entry_file(passenger_t, passenger_exec_t)
-role system_r types passenger_t;
-
-type passenger_tmp_t;
-files_tmp_file(passenger_tmp_t)
-
-type passenger_var_lib_t;
-files_type(passenger_var_lib_t)
-
-type passenger_var_run_t;
-files_pid_file(passenger_var_run_t)
-
-permissive passenger_t;
-
-########################################
-#
-# passanger local policy
-#
-
-allow passenger_t self:capability { dac_override fsetid fowner chown setuid setgid };
-allow passenger_t self:process signal;
-allow passenger_t self:fifo_file rw_fifo_file_perms;
-allow passenger_t self:unix_stream_socket { create_stream_socket_perms connectto };
-
-files_search_var_lib(passenger_t)
-manage_dirs_pattern(passenger_t, passenger_var_lib_t, passenger_var_lib_t)
-manage_files_pattern(passenger_t, passenger_var_lib_t, passenger_var_lib_t)
-
-manage_dirs_pattern(passenger_t, passenger_var_run_t, passenger_var_run_t)
-manage_files_pattern(passenger_t, passenger_var_run_t, passenger_var_run_t)
-manage_fifo_files_pattern(passenger_t, passenger_var_run_t, passenger_var_run_t)
-manage_sock_files_pattern(passenger_t, passenger_var_run_t, passenger_var_run_t)
-files_pid_filetrans(passenger_t, passenger_var_run_t, { file dir sock_file })
-
-kernel_read_system_state(passenger_t)
-kernel_read_kernel_sysctls(passenger_t)
-
-corenet_tcp_connect_http_port(passenger_t)
-
-corecmd_exec_bin(passenger_t)
-corecmd_exec_shell(passenger_t)
-
-dev_read_urand(passenger_t)
-
-files_read_etc_files(passenger_t)
-
-auth_use_nsswitch(passenger_t)
-
-miscfiles_read_localization(passenger_t)
-
-userdom_dontaudit_use_user_terminals(passenger_t)
-
-optional_policy(`
-	apache_append_log(passenger_t)
-	apache_read_sys_content(passenger_t)
-')
diff --git a/policy/modules/services/pcscd.fc b/policy/modules/services/pcscd.fc
deleted file mode 100644
index 87f17e8..0000000
--- a/policy/modules/services/pcscd.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-/var/run/pcscd\.comm	-s	gen_context(system_u:object_r:pcscd_var_run_t,s0)
-/var/run/pcscd\.pid	--	gen_context(system_u:object_r:pcscd_var_run_t,s0)
-/var/run/pcscd\.pub	--	gen_context(system_u:object_r:pcscd_var_run_t,s0)
-/var/run/pcscd\.events(/.*)?	gen_context(system_u:object_r:pcscd_var_run_t,s0)
-
-/usr/sbin/pcscd		--	gen_context(system_u:object_r:pcscd_exec_t,s0)
diff --git a/policy/modules/services/pcscd.if b/policy/modules/services/pcscd.if
deleted file mode 100644
index ea5ae69..0000000
--- a/policy/modules/services/pcscd.if
+++ /dev/null
@@ -1,95 +0,0 @@
-## <summary>PCSC smart card service</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run pcscd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`pcscd_domtrans',`
-	gen_require(`
-		type pcscd_t, pcscd_exec_t;
-	')
-
-	domtrans_pattern($1, pcscd_exec_t, pcscd_t)
-')
-
-########################################
-## <summary>
-##	Read pcscd pub files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pcscd_read_pub_files',`
-	gen_require(`
-		type pcscd_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 pcscd_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Manage pcscd pub files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pcscd_manage_pub_files',`
-	gen_require(`
-		type pcscd_var_run_t;
-	')
-
-	files_search_pids($1)
-	manage_files_pattern($1, pcscd_var_run_t, pcscd_var_run_t)
-')
-
-########################################
-## <summary>
-##	Manage pcscd pub fifo files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pcscd_manage_pub_pipes',`
-	gen_require(`
-		type pcscd_var_run_t;
-	')
-
-	files_search_pids($1)
-	manage_fifo_files_pattern($1, pcscd_var_run_t, pcscd_var_run_t)
-')
-
-########################################
-## <summary>
-##	Connect to pcscd over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pcscd_stream_connect',`
-	gen_require(`
-		type pcscd_t, pcscd_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, pcscd_var_run_t, pcscd_var_run_t, pcscd_t)
-')
diff --git a/policy/modules/services/pcscd.te b/policy/modules/services/pcscd.te
deleted file mode 100644
index df751a6..0000000
--- a/policy/modules/services/pcscd.te
+++ /dev/null
@@ -1,78 +0,0 @@
-policy_module(pcscd, 1.6.1)
-
-########################################
-#
-# Declarations
-#
-
-type pcscd_t;
-type pcscd_exec_t;
-init_daemon_domain(pcscd_t, pcscd_exec_t)
-
-# pid files
-type pcscd_var_run_t;
-files_pid_file(pcscd_var_run_t)
-
-########################################
-#
-# pcscd local policy
-#
-
-allow pcscd_t self:capability { dac_override dac_read_search };
-allow pcscd_t self:process signal;
-allow pcscd_t self:fifo_file rw_fifo_file_perms;
-allow pcscd_t self:unix_stream_socket create_stream_socket_perms;
-allow pcscd_t self:unix_dgram_socket create_socket_perms;
-allow pcscd_t self:tcp_socket create_stream_socket_perms;
-
-manage_dirs_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
-manage_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
-manage_fifo_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
-manage_sock_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
-files_pid_filetrans(pcscd_t, pcscd_var_run_t, { file sock_file dir })
-
-kernel_read_system_state(pcscd_t)
-
-corenet_all_recvfrom_unlabeled(pcscd_t)
-corenet_all_recvfrom_netlabel(pcscd_t)
-corenet_tcp_sendrecv_generic_if(pcscd_t)
-corenet_tcp_sendrecv_generic_node(pcscd_t)
-corenet_tcp_sendrecv_all_ports(pcscd_t)
-corenet_tcp_connect_http_port(pcscd_t)
-
-dev_rw_generic_usb_dev(pcscd_t)
-dev_rw_smartcard(pcscd_t)
-dev_rw_usbfs(pcscd_t)
-dev_read_sysfs(pcscd_t)
-
-files_read_etc_files(pcscd_t)
-files_read_etc_runtime_files(pcscd_t)
-
-term_use_unallocated_ttys(pcscd_t)
-term_dontaudit_getattr_pty_dirs(pcscd_t)
-
-locallogin_use_fds(pcscd_t)
-
-logging_send_syslog_msg(pcscd_t)
-
-miscfiles_read_localization(pcscd_t)
-
-sysnet_dns_name_resolve(pcscd_t)
-
-optional_policy(`
-	dbus_system_bus_client(pcscd_t)
-
-	optional_policy(`
-		hal_dbus_chat(pcscd_t)
-	')
-')
-
-optional_policy(`
-	openct_stream_connect(pcscd_t)
-	openct_read_pid_files(pcscd_t)
-	openct_signull(pcscd_t)
-')
-
-optional_policy(`
-	rpm_use_script_fds(pcscd_t)
-')
diff --git a/policy/modules/services/pegasus.fc b/policy/modules/services/pegasus.fc
deleted file mode 100644
index 9515043..0000000
--- a/policy/modules/services/pegasus.fc
+++ /dev/null
@@ -1,12 +0,0 @@
-
-/etc/Pegasus(/.*)?			gen_context(system_u:object_r:pegasus_conf_t,s0)
-/etc/Pegasus/pegasus_current\.conf	gen_context(system_u:object_r:pegasus_data_t,s0)
-
-/usr/sbin/cimserver		--	gen_context(system_u:object_r:pegasus_exec_t,s0)
-/usr/sbin/init_repository	-- 	gen_context(system_u:object_r:pegasus_exec_t,s0)
-
-/var/lib/Pegasus(/.*)?			gen_context(system_u:object_r:pegasus_data_t,s0)
-
-/var/run/tog-pegasus(/.*)?		gen_context(system_u:object_r:pegasus_var_run_t,s0)
-
-/usr/share/Pegasus/mof(/.*)?/.*\.mof	gen_context(system_u:object_r:pegasus_mof_t,s0)
diff --git a/policy/modules/services/pegasus.if b/policy/modules/services/pegasus.if
deleted file mode 100644
index 920b13f..0000000
--- a/policy/modules/services/pegasus.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>The Open Group Pegasus CIM/WBEM Server.</summary>
diff --git a/policy/modules/services/pegasus.te b/policy/modules/services/pegasus.te
deleted file mode 100644
index 5322412..0000000
--- a/policy/modules/services/pegasus.te
+++ /dev/null
@@ -1,157 +0,0 @@
-policy_module(pegasus, 1.8.0)
-
-########################################
-#
-# Declarations
-#
-
-type pegasus_t;
-type pegasus_exec_t;
-init_daemon_domain(pegasus_t, pegasus_exec_t)
-
-type pegasus_data_t;
-files_type(pegasus_data_t)
-
-type pegasus_tmp_t;
-files_tmp_file(pegasus_tmp_t)
-
-type pegasus_conf_t;
-files_type(pegasus_conf_t)
-
-type pegasus_mof_t;
-files_type(pegasus_mof_t)
-
-type pegasus_var_run_t;
-files_pid_file(pegasus_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow pegasus_t self:capability { chown ipc_lock sys_nice setuid setgid dac_override net_bind_service };
-dontaudit pegasus_t self:capability sys_tty_config;
-allow pegasus_t self:process signal;
-allow pegasus_t self:fifo_file rw_fifo_file_perms;
-allow pegasus_t self:unix_dgram_socket create_socket_perms;
-allow pegasus_t self:unix_stream_socket create_stream_socket_perms;
-allow pegasus_t self:tcp_socket create_stream_socket_perms;
-
-allow pegasus_t pegasus_conf_t:dir rw_dir_perms;
-allow pegasus_t pegasus_conf_t:file { read_file_perms link delete_file_perms };
-allow pegasus_t pegasus_conf_t:lnk_file read_lnk_file_perms;
-
-manage_dirs_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
-manage_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
-manage_lnk_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
-filetrans_pattern(pegasus_t, pegasus_conf_t, pegasus_data_t, { file dir })
-
-can_exec(pegasus_t, pegasus_exec_t)
-
-allow pegasus_t pegasus_mof_t:dir list_dir_perms;
-read_files_pattern(pegasus_t, pegasus_mof_t, pegasus_mof_t)
-read_lnk_files_pattern(pegasus_t, pegasus_mof_t, pegasus_mof_t)
-
-manage_dirs_pattern(pegasus_t, pegasus_tmp_t, pegasus_tmp_t)
-manage_files_pattern(pegasus_t, pegasus_tmp_t, pegasus_tmp_t)
-files_tmp_filetrans(pegasus_t, pegasus_tmp_t, { file dir })
-
-allow pegasus_t pegasus_var_run_t:sock_file { create_sock_file_perms setattr_sock_file_perms delete_sock_file_perms };
-manage_dirs_pattern(pegasus_t, pegasus_var_run_t, pegasus_var_run_t)
-manage_files_pattern(pegasus_t, pegasus_var_run_t, pegasus_var_run_t)
-files_pid_filetrans(pegasus_t, pegasus_var_run_t, { file dir })
-
-kernel_read_kernel_sysctls(pegasus_t)
-kernel_read_fs_sysctls(pegasus_t)
-kernel_read_system_state(pegasus_t)
-kernel_search_vm_sysctl(pegasus_t)
-kernel_read_net_sysctls(pegasus_t)
-kernel_read_xen_state(pegasus_t)
-kernel_write_xen_state(pegasus_t)
-
-corenet_all_recvfrom_unlabeled(pegasus_t)
-corenet_all_recvfrom_netlabel(pegasus_t)
-corenet_tcp_sendrecv_generic_if(pegasus_t)
-corenet_tcp_sendrecv_generic_node(pegasus_t)
-corenet_tcp_sendrecv_all_ports(pegasus_t)
-corenet_tcp_bind_generic_node(pegasus_t)
-corenet_tcp_bind_pegasus_http_port(pegasus_t)
-corenet_tcp_bind_pegasus_https_port(pegasus_t)
-corenet_tcp_connect_pegasus_http_port(pegasus_t)
-corenet_tcp_connect_pegasus_https_port(pegasus_t)
-corenet_tcp_connect_generic_port(pegasus_t)
-corenet_sendrecv_generic_client_packets(pegasus_t)
-corenet_sendrecv_pegasus_http_client_packets(pegasus_t)
-corenet_sendrecv_pegasus_http_server_packets(pegasus_t)
-corenet_sendrecv_pegasus_https_client_packets(pegasus_t)
-corenet_sendrecv_pegasus_https_server_packets(pegasus_t)
-
-corecmd_exec_bin(pegasus_t)
-corecmd_exec_shell(pegasus_t)
-
-dev_read_sysfs(pegasus_t)
-dev_read_urand(pegasus_t)
-
-fs_getattr_all_fs(pegasus_t)
-fs_search_auto_mountpoints(pegasus_t)
-files_getattr_all_dirs(pegasus_t)
-
-auth_use_nsswitch(pegasus_t)
-auth_domtrans_chk_passwd(pegasus_t)
-auth_read_shadow(pegasus_t)
-
-domain_use_interactive_fds(pegasus_t)
-domain_read_all_domains_state(pegasus_t)
-
-files_read_all_files(pegasus_t)
-files_read_var_lib_symlinks(pegasus_t)
-
-hostname_exec(pegasus_t)
-
-init_rw_utmp(pegasus_t)
-init_stream_connect_script(pegasus_t)
-
-logging_send_audit_msgs(pegasus_t)
-logging_send_syslog_msg(pegasus_t)
-
-miscfiles_read_localization(pegasus_t)
-
-sysnet_domtrans_ifconfig(pegasus_t)
-
-userdom_dontaudit_use_unpriv_user_fds(pegasus_t)
-userdom_dontaudit_search_user_home_dirs(pegasus_t)
-
-optional_policy(`
-	rpm_exec(pegasus_t)
-')
-
-optional_policy(`
-	samba_manage_config(pegasus_t)
-')
-
-optional_policy(`
-	ssh_exec(pegasus_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(pegasus_t)
-	seutil_dontaudit_read_config(pegasus_t)
-')
-
-optional_policy(`
-	udev_read_db(pegasus_t)
-')
-
-optional_policy(`
-	unconfined_signull(pegasus_t)
-')
-
-optional_policy(`
-	virt_domtrans(pegasus_t)
-	virt_manage_config(pegasus_t)
-')
-
-optional_policy(`
-	xen_stream_connect(pegasus_t)
-	xen_stream_connect_xenstore(pegasus_t)
-')
diff --git a/policy/modules/services/perdition.fc b/policy/modules/services/perdition.fc
deleted file mode 100644
index bcdf89b..0000000
--- a/policy/modules/services/perdition.fc
+++ /dev/null
@@ -1,3 +0,0 @@
-/etc/perdition(/.*)?		gen_context(system_u:object_r:perdition_etc_t,s0)
-
-/usr/sbin/perdition	--	gen_context(system_u:object_r:perdition_exec_t,s0)
diff --git a/policy/modules/services/perdition.if b/policy/modules/services/perdition.if
deleted file mode 100644
index 2b0bd64..0000000
--- a/policy/modules/services/perdition.if
+++ /dev/null
@@ -1,15 +0,0 @@
-## <summary>Perdition POP and IMAP proxy</summary>
-
-########################################
-## <summary>
-##	Connect to perdition over a TCP socket  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`perdition_tcp_connect',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
diff --git a/policy/modules/services/perdition.te b/policy/modules/services/perdition.te
deleted file mode 100644
index 3636277..0000000
--- a/policy/modules/services/perdition.te
+++ /dev/null
@@ -1,75 +0,0 @@
-policy_module(perdition, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type perdition_t;
-type perdition_exec_t;
-init_daemon_domain(perdition_t, perdition_exec_t)
-
-type perdition_etc_t;
-files_config_file(perdition_etc_t)
-
-type perdition_var_run_t;
-files_pid_file(perdition_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow perdition_t self:capability { setgid setuid };
-dontaudit perdition_t self:capability sys_tty_config;
-allow perdition_t self:process signal_perms;
-allow perdition_t self:tcp_socket create_stream_socket_perms;
-allow perdition_t self:udp_socket create_socket_perms;
-
-allow perdition_t perdition_etc_t:file read_file_perms;
-files_search_etc(perdition_t)
-
-manage_files_pattern(perdition_t, perdition_var_run_t, perdition_var_run_t)
-files_pid_filetrans(perdition_t, perdition_var_run_t, file)
-
-kernel_read_kernel_sysctls(perdition_t)
-kernel_list_proc(perdition_t)
-kernel_read_proc_symlinks(perdition_t)
-
-corenet_all_recvfrom_unlabeled(perdition_t)
-corenet_all_recvfrom_netlabel(perdition_t)
-corenet_tcp_sendrecv_generic_if(perdition_t)
-corenet_udp_sendrecv_generic_if(perdition_t)
-corenet_tcp_sendrecv_generic_node(perdition_t)
-corenet_udp_sendrecv_generic_node(perdition_t)
-corenet_tcp_sendrecv_all_ports(perdition_t)
-corenet_udp_sendrecv_all_ports(perdition_t)
-corenet_tcp_bind_generic_node(perdition_t)
-corenet_tcp_bind_pop_port(perdition_t)
-corenet_sendrecv_pop_server_packets(perdition_t)
-
-dev_read_sysfs(perdition_t)
-
-domain_use_interactive_fds(perdition_t)
-
-fs_getattr_all_fs(perdition_t)
-fs_search_auto_mountpoints(perdition_t)
-
-files_read_etc_files(perdition_t)
-
-logging_send_syslog_msg(perdition_t)
-
-miscfiles_read_localization(perdition_t)
-
-sysnet_read_config(perdition_t)
-
-userdom_dontaudit_use_unpriv_user_fds(perdition_t)
-userdom_dontaudit_search_user_home_dirs(perdition_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(perdition_t)
-')
-
-optional_policy(`
-	udev_read_db(perdition_t)
-')
diff --git a/policy/modules/services/pingd.fc b/policy/modules/services/pingd.fc
deleted file mode 100644
index ea085f7..0000000
--- a/policy/modules/services/pingd.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-/etc/pingd.conf				--	gen_context(system_u:object_r:pingd_etc_t,s0)
-/etc/rc\.d/init\.d/whatsup-pingd	--	gen_context(system_u:object_r:pingd_initrc_exec_t,s0)
-
-/usr/lib/pingd(/.*)?				gen_context(system_u:object_r:pingd_modules_t,s0)
-
-/usr/sbin/pingd				--	gen_context(system_u:object_r:pingd_exec_t,s0)
diff --git a/policy/modules/services/pingd.if b/policy/modules/services/pingd.if
deleted file mode 100644
index 1bfd8d2..0000000
--- a/policy/modules/services/pingd.if
+++ /dev/null
@@ -1,96 +0,0 @@
-## <summary>Pingd of the Whatsup cluster node up/down detection utility</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run pingd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`pingd_domtrans',`
-	gen_require(`
-		type pingd_t, pingd_exec_t;
-	')
-
-	domtrans_pattern($1, pingd_exec_t, pingd_t)
-')
-
-#######################################
-## <summary>
-##	Read pingd etc configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pingd_read_config',`
-	gen_require(`
-		type pingd_etc_t;
-	')
-
-	files_search_etc($1)
-	read_files_pattern($1, pingd_etc_t, pingd_etc_t)
-')
-
-#######################################
-## <summary>
-##	Manage pingd etc configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pingd_manage_config',`
-	gen_require(`
-		type pingd_etc_t;
-	')
-
-	files_search_etc($1)
-	manage_dirs_pattern($1, pingd_etc_t, pingd_etc_t)
-	manage_files_pattern($1, pingd_etc_t, pingd_etc_t)
-')
-
-#######################################
-## <summary>
-##	All of the rules required to administrate 
-##	an pingd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the pingd domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`pingd_admin',`
-	gen_require(`
-		type pingd_t, pingd_etc_t, pingd_modules_t;
-		type pingd_initrc_exec_t;
-	')
-
-	allow $1 pingd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, pingd_t)
-
-	init_labeled_script_domtrans($1, pingd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 pingd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, pingd_etc_t)
-
-	files_list_usr($1)
-	admin_pattern($1, pingd_modules_t)
-')
diff --git a/policy/modules/services/pingd.te b/policy/modules/services/pingd.te
deleted file mode 100644
index 4a9d196..0000000
--- a/policy/modules/services/pingd.te
+++ /dev/null
@@ -1,47 +0,0 @@
-policy_module(pingd, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type pingd_t;
-type pingd_exec_t;
-init_daemon_domain(pingd_t, pingd_exec_t)
-
-# type for config
-type pingd_etc_t;
-files_type(pingd_etc_t)
-
-type pingd_initrc_exec_t;
-init_script_file(pingd_initrc_exec_t)
-
-# type for pingd modules
-type pingd_modules_t;
-files_type(pingd_modules_t)
-
-########################################
-#
-# pingd local policy
-#
-
-allow pingd_t self:capability net_raw;
-allow pingd_t self:tcp_socket create_stream_socket_perms;
-allow pingd_t self:rawip_socket create_socket_perms;
-
-read_files_pattern(pingd_t, pingd_etc_t, pingd_etc_t)
-
-read_files_pattern(pingd_t, pingd_modules_t, pingd_modules_t)
-mmap_files_pattern(pingd_t, pingd_modules_t, pingd_modules_t)
-
-corenet_raw_bind_generic_node(pingd_t)
-corenet_tcp_bind_generic_node(pingd_t)
-corenet_tcp_bind_pingd_port(pingd_t)
-
-auth_use_nsswitch(pingd_t)
-
-files_search_usr(pingd_t)
-
-logging_send_syslog_msg(pingd_t)
-
-miscfiles_read_localization(pingd_t)
diff --git a/policy/modules/services/piranha.fc b/policy/modules/services/piranha.fc
deleted file mode 100644
index 2c7e06f..0000000
--- a/policy/modules/services/piranha.fc
+++ /dev/null
@@ -1,26 +0,0 @@
-
-/etc/rc\.d/init\.d/pulse	--	gen_context(system_u:object_r:piranha_pulse_initrc_exec_t,s0)
-
-# RHEL6
-#/etc/sysconfig/ha/lvs\.cf	--	gen_context(system_u:object_r:piranha_etc_rw_t,s0)
-
-/etc/piranha/lvs\.cf		--	gen_context(system_u:object_r:piranha_etc_rw_t,s0)
-
-/usr/bin/paster         --      gen_context(system_u:object_r:piranha_web_exec_t,s0)
-
-/usr/sbin/fos               --  gen_context(system_u:object_r:piranha_fos_exec_t,s0)
-/usr/sbin/lvsd				--	gen_context(system_u:object_r:piranha_lvs_exec_t,s0)
-/usr/sbin/piranha_gui		--	gen_context(system_u:object_r:piranha_web_exec_t,s0)
-/usr/sbin/pulse       		--  gen_context(system_u:object_r:piranha_pulse_exec_t,s0)
-
-/var/lib/luci(/.*)?             gen_context(system_u:object_r:piranha_web_data_t,s0)
-/var/lib/luci/cert(/.*)?        gen_context(system_u:object_r:piranha_web_conf_t,s0)
-/var/lib/luci/etc(/.*)?         gen_context(system_u:object_r:piranha_web_conf_t,s0)
-
-/var/log/piranha(/.*)?			gen_context(system_u:object_r:piranha_log_t,s0)
-
-/var/run/fos\.pid           --  gen_context(system_u:object_r:piranha_fos_var_run_t,s0)
-/var/run/lvs\.pid			--	gen_context(system_u:object_r:piranha_lvs_var_run_t,s0)
-/var/run/piranha-httpd\.pid --	gen_context(system_u:object_r:piranha_web_var_run_t,s0)
-/var/run/pulse\.pid         --  gen_context(system_u:object_r:piranha_pulse_var_run_t,s0)
-
diff --git a/policy/modules/services/piranha.if b/policy/modules/services/piranha.if
deleted file mode 100644
index 6403c17..0000000
--- a/policy/modules/services/piranha.if
+++ /dev/null
@@ -1,173 +0,0 @@
-## <summary>policy for piranha</summary>
-
-#######################################
-## <summary>
-##	Creates types and rules for a basic
-##	cluster init daemon domain.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Prefix for the domain.
-##	</summary>
-## </param>
-#
-template(`piranha_domain_template',`
-	gen_require(`
-		attribute piranha_domain;
-	')
-
-	##############################
-	#
-	# piranha_$1_t declarations
-	#
-
-	type piranha_$1_t, piranha_domain;
-	type piranha_$1_exec_t;
-	init_daemon_domain(piranha_$1_t, piranha_$1_exec_t)
-
-	# pid files
-	type piranha_$1_var_run_t;
-	files_pid_file(piranha_$1_var_run_t)
-
-	##############################
-	#
-	# piranha_$1_t local policy
-	#
-
-	manage_files_pattern(piranha_$1_t, piranha_$1_var_run_t, piranha_$1_var_run_t)
-	manage_dirs_pattern(piranha_$1_t, piranha_$1_var_run_t, piranha_$1_var_run_t)
-	files_pid_filetrans(piranha_$1_t, piranha_$1_var_run_t, { dir file })
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run fos.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`piranha_domtrans_fos',`
-	gen_require(`
-		type piranha_fos_t, piranha_fos_exec_t;
-	')
-
-	domtrans_pattern($1, piranha_fos_exec_t, piranha_fos_t)
-')
-
-#######################################
-## <summary>
-##	Execute a domain transition to run lvsd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`piranha_domtrans_lvs',`
-	gen_require(`
-		type piranha_lvs_t, piranha_lvs_exec_t;
-	')
-
-	domtrans_pattern($1, piranha_lvs_exec_t, piranha_lvs_t)
-')
-
-#######################################
-## <summary>
-##	Execute a domain transition to run pulse.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`piranha_domtrans_pulse',`
-	gen_require(`
-		type piranha_pulse_t, piranha_pulse_exec_t;
-	')
-
-	domtrans_pattern($1, piranha_pulse_exec_t, piranha_pulse_t)
-')
-
-#######################################
-## <summary>
-##	Execute pulse server in the pulse domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`piranha_pulse_initrc_domtrans',`
-	gen_require(`
-		type piranha_pulse_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, piranha_pulse_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read piranha's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`piranha_read_log',`
-	gen_require(`
-		type piranha_log_t;
-	')
-
-	logging_search_logs($1)
-	read_files_pattern($1, piranha_log_t, piranha_log_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to append
-##	piranha log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`piranha_append_log',`
-	gen_require(`
-		type piranha_log_t;
-	')
-
-	logging_search_logs($1)
-	append_files_pattern($1, piranha_log_t, piranha_log_t)
-')
-
-########################################
-## <summary>
-##	Allow domain to manage piranha log files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`piranha_manage_log',`
-	gen_require(`
-		type piranha_log_t;
-	')
-
-	logging_search_logs($1)
-	manage_dirs_pattern($1, piranha_log_t, piranha_log_t)
-	manage_files_pattern($1, piranha_log_t, piranha_log_t)
-	manage_lnk_files_pattern($1, piranha_log_t, piranha_log_t)
-')
diff --git a/policy/modules/services/piranha.te b/policy/modules/services/piranha.te
deleted file mode 100644
index 6b69f38..0000000
--- a/policy/modules/services/piranha.te
+++ /dev/null
@@ -1,214 +0,0 @@
-policy_module(piranha, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow piranha-lvs domain to connect to the network using TCP.
-##	</p>
-## </desc>
-gen_tunable(piranha_lvs_can_network_connect, false)
-
-attribute piranha_domain;
-
-piranha_domain_template(fos)
-
-piranha_domain_template(lvs)
-
-piranha_domain_template(pulse)
-
-type piranha_pulse_initrc_exec_t;
-init_script_file(piranha_pulse_initrc_exec_t)
-
-piranha_domain_template(web)
-
-type piranha_web_tmpfs_t;
-files_tmpfs_file(piranha_web_tmpfs_t)
-
-type piranha_web_conf_t;
-files_type(piranha_web_conf_t)
-
-type piranha_web_data_t;
-files_type(piranha_web_data_t)
-
-type piranha_web_tmp_t;
-files_tmp_file(piranha_web_tmp_t)
-
-type piranha_etc_rw_t;
-files_type(piranha_etc_rw_t)
-
-type piranha_log_t;
-logging_log_file(piranha_log_t)
-
-#######################################
-#
-# piranha-fos local policy
-#
-
-kernel_read_kernel_sysctls(piranha_fos_t)
-
-domain_read_all_domains_state(piranha_fos_t)
-
-consoletype_exec(piranha_fos_t)
-
-# start and stop services
-init_domtrans_script(piranha_fos_t)
-
-########################################
-#
-# piranha-gui local policy
-#
-
-allow piranha_web_t self:capability { setuid sys_nice kill setgid };
-allow piranha_web_t self:process { getsched setsched signal signull ptrace };
-allow piranha_web_t self:rawip_socket create_socket_perms;
-allow piranha_web_t self:netlink_route_socket r_netlink_socket_perms;
-allow piranha_web_t self:sem create_sem_perms;
-allow piranha_web_t self:shm create_shm_perms;
-
-manage_files_pattern(piranha_web_t, piranha_web_data_t, piranha_web_data_t)
-manage_dirs_pattern(piranha_web_t, piranha_web_data_t, piranha_web_data_t)
-files_var_lib_filetrans(piranha_web_t, piranha_web_data_t, file)
-
-read_files_pattern(piranha_web_t, piranha_web_conf_t, piranha_web_conf_t)
-
-rw_files_pattern(piranha_web_t, piranha_etc_rw_t, piranha_etc_rw_t)
-
-manage_dirs_pattern(piranha_web_t, piranha_log_t, piranha_log_t)
-manage_files_pattern(piranha_web_t, piranha_log_t, piranha_log_t)
-logging_log_filetrans(piranha_web_t, piranha_log_t, { dir file })
-
-can_exec(piranha_web_t, piranha_web_tmp_t)
-manage_dirs_pattern(piranha_web_t, piranha_web_tmp_t, piranha_web_tmp_t)
-manage_files_pattern(piranha_web_t, piranha_web_tmp_t, piranha_web_tmp_t)
-files_tmp_filetrans(piranha_web_t, piranha_web_tmp_t, { file dir })
-
-manage_dirs_pattern(piranha_web_t, piranha_web_tmpfs_t, piranha_web_tmpfs_t)
-manage_files_pattern(piranha_web_t, piranha_web_tmpfs_t, piranha_web_tmpfs_t)
-fs_tmpfs_filetrans(piranha_web_t, piranha_web_tmpfs_t, { dir file })
-
-piranha_pulse_initrc_domtrans(piranha_web_t)
-
-kernel_read_kernel_sysctls(piranha_web_t)
-
-corenet_tcp_bind_http_cache_port(piranha_web_t)
-corenet_tcp_bind_luci_port(piranha_web_t)
-corenet_tcp_bind_piranha_port(piranha_web_t)
-corenet_tcp_connect_ricci_port(piranha_web_t)
-
-dev_read_urand(piranha_web_t)
-
-domain_read_all_domains_state(piranha_web_t)
-
-files_read_usr_files(piranha_web_t)
-
-consoletype_exec(piranha_web_t)
-
-optional_policy(`
-	apache_read_config(piranha_web_t)
-	apache_exec_modules(piranha_web_t)
-	apache_exec(piranha_web_t)
-')
-
-optional_policy(`
-	gnome_dontaudit_search_config(piranha_web_t)
-')
-
-optional_policy(`
-	sasl_connect(piranha_web_t)
-')
-
-######################################
-#
-# piranha-lvs local policy
-#
-
-# neede by nanny
-allow piranha_lvs_t self:capability { net_raw sys_nice };
-allow piranha_lvs_t self:process signal;
-allow piranha_lvs_t self:unix_dgram_socket create_socket_perms;
-allow piranha_lvs_t self:rawip_socket create_socket_perms;
-
-kernel_read_kernel_sysctls(piranha_lvs_t)
-
-# needed by nanny
-corenet_tcp_connect_ftp_port(piranha_lvs_t)
-corenet_tcp_connect_http_port(piranha_lvs_t)
-
-sysnet_dns_name_resolve(piranha_lvs_t)
-
-# needed by nanny
-tunable_policy(`piranha_lvs_can_network_connect',`
-	corenet_tcp_connect_all_ports(piranha_lvs_t)
-')
-
-# needed by ipvsadm
-optional_policy(`
-	iptables_domtrans(piranha_lvs_t)
-')
-
-#######################################
-#
-# piranha-pulse local policy
-#
-
-allow piranha_pulse_t self:packet_socket create_socket_perms;
-
-# pulse starts fos and lvs daemon
-domtrans_pattern(piranha_fos_t, piranha_fos_exec_t, piranha_fos_t)
-allow piranha_pulse_t piranha_fos_t:process signal;
-
-domtrans_pattern(piranha_pulse_t, piranha_lvs_exec_t, piranha_lvs_t)
-allow piranha_pulse_t piranha_lvs_t:process signal;
-
-corenet_udp_bind_apertus_ldp_port(piranha_pulse_t)
-
-sysnet_dns_name_resolve(piranha_pulse_t)
-
-optional_policy(`
-	netutils_domtrans_ping(piranha_pulse_t)
-')
-
-optional_policy(`
-	sysnet_domtrans_ifconfig(piranha_pulse_t)
-')
-
-####################################
-#
-# piranha domains common policy
-#
-
-allow piranha_domain self:fifo_file rw_fifo_file_perms;
-allow piranha_domain self:tcp_socket create_stream_socket_perms;
-allow piranha_domain self:udp_socket create_socket_perms;
-allow piranha_domain self:unix_stream_socket create_stream_socket_perms;
-
-read_files_pattern(piranha_domain, piranha_etc_rw_t, piranha_etc_rw_t)
-
-kernel_read_system_state(piranha_domain)
-kernel_read_network_state(piranha_domain)
-
-corenet_all_recvfrom_unlabeled(piranha_domain)
-corenet_all_recvfrom_netlabel(piranha_domain)
-corenet_tcp_sendrecv_generic_if(piranha_domain)
-corenet_udp_sendrecv_generic_if(piranha_domain)
-corenet_tcp_sendrecv_generic_node(piranha_domain)
-corenet_udp_sendrecv_generic_node(piranha_domain)
-corenet_tcp_sendrecv_all_ports(piranha_domain)
-corenet_udp_sendrecv_all_ports(piranha_domain)
-corenet_tcp_bind_generic_node(piranha_domain)
-corenet_udp_bind_generic_node(piranha_domain)
-
-files_read_etc_files(piranha_domain)
-
-corecmd_exec_bin(piranha_domain)
-corecmd_exec_shell(piranha_domain)
-
-logging_send_syslog_msg(piranha_domain)
-
-miscfiles_read_localization(piranha_domain)
-
-sysnet_read_config(piranha_domain)
diff --git a/policy/modules/services/plymouthd.fc b/policy/modules/services/plymouthd.fc
deleted file mode 100644
index 5702ca4..0000000
--- a/policy/modules/services/plymouthd.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-/bin/plymouth			--	gen_context(system_u:object_r:plymouth_exec_t,s0)
-
-/sbin/plymouthd			--	gen_context(system_u:object_r:plymouthd_exec_t,s0)
-
-/var/lib/plymouth(/.*)?			gen_context(system_u:object_r:plymouthd_var_lib_t,s0)
-/var/run/plymouth(/.*)?			gen_context(system_u:object_r:plymouthd_var_run_t,s0)
-/var/spool/plymouth(/.*)?		gen_context(system_u:object_r:plymouthd_spool_t,s0)
diff --git a/policy/modules/services/plymouthd.if b/policy/modules/services/plymouthd.if
deleted file mode 100644
index 07dd3ff..0000000
--- a/policy/modules/services/plymouthd.if
+++ /dev/null
@@ -1,262 +0,0 @@
-## <summary>Plymouth graphical boot</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run plymouthd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`plymouthd_domtrans',`
-	gen_require(`
-		type plymouthd_t, plymouthd_exec_t;
-	')
-
-	domtrans_pattern($1, plymouthd_exec_t, plymouthd_t)
-')
-
-########################################
-## <summary>
-##	Execute the plymoth daemon in the current domain
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`plymouthd_exec',`
-	gen_require(`
-		type plymouthd_exec_t;
-	')
-
-	can_exec($1, plymouthd_exec_t)
-')
-
-########################################
-## <summary>
-##	Allow domain to Stream socket connect
-##	to Plymouth daemon.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`plymouthd_stream_connect',`
-	gen_require(`
-		type plymouthd_t;
-	')
-
-	allow $1 plymouthd_t:unix_stream_socket connectto;
-')
-
-########################################
-## <summary>
-##	Execute the plymoth command in the current domain
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`plymouthd_exec_plymouth',`
-	gen_require(`
-		type plymouth_exec_t;
-	')
-
-	can_exec($1, plymouth_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run plymouthd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`plymouthd_domtrans_plymouth',`
-	gen_require(`
-		type plymouth_t, plymouth_exec_t;
-	')
-
-	domtrans_pattern($1, plymouth_exec_t, plymouth_t)
-')
-
-########################################
-## <summary>
-##	Search plymouthd spool directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`plymouthd_search_spool',`
-	gen_require(`
-		type plymouthd_spool_t;
-	')
-
-	allow $1 plymouthd_spool_t:dir search_dir_perms;
-	files_search_spool($1)
-')
-
-########################################
-## <summary>
-##	Read plymouthd spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`plymouthd_read_spool_files',`
-	gen_require(`
-		type plymouthd_spool_t;
-	')
-
-	files_search_spool($1)
-	read_files_pattern($1, plymouthd_spool_t, plymouthd_spool_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	plymouthd spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`plymouthd_manage_spool_files',`
-	gen_require(`
-		type plymouthd_spool_t;
-	')
-
-	files_search_spool($1)
-	manage_files_pattern($1, plymouthd_spool_t, plymouthd_spool_t)
-')
-
-########################################
-## <summary>
-##	Search plymouthd lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`plymouthd_search_lib',`
-	gen_require(`
-		type plymouthd_var_lib_t;
-	')
-
-	allow $1 plymouthd_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Read plymouthd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`plymouthd_read_lib_files',`
-	gen_require(`
-		type plymouthd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, plymouthd_var_lib_t, plymouthd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	plymouthd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`plymouthd_manage_lib_files',`
-	gen_require(`
-		type plymouthd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, plymouthd_var_lib_t, plymouthd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Read plymouthd PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`plymouthd_read_pid_files',`
-	gen_require(`
-		type plymouthd_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 plymouthd_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an plymouthd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`plymouthd_admin',`
-	gen_require(`
-		type plymouthd_t, plymouthd_spool_t, plymouthd_var_lib_t;
-		type plymouthd_var_run_t;
-	')
-
-	allow $1 plymouthd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, plymouthd_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, plymouthd_spool_t)
-
-	admin_pattern($1, plymouthd_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, plymouthd_var_run_t)
-')
diff --git a/policy/modules/services/plymouthd.te b/policy/modules/services/plymouthd.te
deleted file mode 100644
index 836e2e2..0000000
--- a/policy/modules/services/plymouthd.te
+++ /dev/null
@@ -1,104 +0,0 @@
-policy_module(plymouthd, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type plymouth_t;
-type plymouth_exec_t;
-application_domain(plymouth_t, plymouth_exec_t)
-
-type plymouthd_t;
-type plymouthd_exec_t;
-init_daemon_domain(plymouthd_t, plymouthd_exec_t)
-
-type plymouthd_spool_t;
-files_type(plymouthd_spool_t)
-
-type plymouthd_var_lib_t;
-files_type(plymouthd_var_lib_t)
-
-type plymouthd_var_run_t;
-files_pid_file(plymouthd_var_run_t)
-
-########################################
-#
-# Plymouthd private policy
-#
-
-allow plymouthd_t self:capability { sys_admin sys_tty_config };
-dontaudit plymouthd_t self:capability dac_override;
-allow plymouthd_t self:process signal;
-allow plymouthd_t self:fifo_file rw_fifo_file_perms;
-allow plymouthd_t self:unix_stream_socket create_stream_socket_perms;
-
-manage_dirs_pattern(plymouthd_t, plymouthd_spool_t, plymouthd_spool_t)
-manage_files_pattern(plymouthd_t, plymouthd_spool_t, plymouthd_spool_t)
-manage_sock_files_pattern(plymouthd_t, plymouthd_spool_t, plymouthd_spool_t)
-files_spool_filetrans(plymouthd_t, plymouthd_spool_t, { file dir sock_file })
-
-manage_dirs_pattern(plymouthd_t, plymouthd_var_lib_t, plymouthd_var_lib_t)
-manage_files_pattern(plymouthd_t, plymouthd_var_lib_t, plymouthd_var_lib_t)
-files_var_lib_filetrans(plymouthd_t, plymouthd_var_lib_t, { file dir })
-
-manage_dirs_pattern(plymouthd_t, plymouthd_var_run_t, plymouthd_var_run_t)
-manage_files_pattern(plymouthd_t, plymouthd_var_run_t, plymouthd_var_run_t)
-files_pid_filetrans(plymouthd_t, plymouthd_var_run_t, { file dir })
-
-kernel_read_system_state(plymouthd_t)
-kernel_request_load_module(plymouthd_t)
-kernel_change_ring_buffer_level(plymouthd_t)
-
-dev_rw_dri(plymouthd_t)
-dev_read_sysfs(plymouthd_t)
-dev_read_framebuffer(plymouthd_t)
-dev_write_framebuffer(plymouthd_t)
-
-domain_use_interactive_fds(plymouthd_t)
-
-files_read_etc_files(plymouthd_t)
-files_read_usr_files(plymouthd_t)
-
-term_use_unallocated_ttys(plymouthd_t)
-
-miscfiles_read_localization(plymouthd_t)
-miscfiles_read_fonts(plymouthd_t)
-miscfiles_manage_fonts_cache(plymouthd_t)
-
-userdom_read_admin_home_files(plymouthd_t)
-
-########################################
-#
-# Plymouth private policy
-#
-
-allow plymouth_t self:process signal;
-allow plymouth_t self:fifo_file rw_file_perms;
-allow plymouth_t self:unix_stream_socket create_stream_socket_perms;
-
-kernel_read_system_state(plymouth_t)
-kernel_stream_connect(plymouth_t)
-
-domain_use_interactive_fds(plymouth_t)
-
-files_read_etc_files(plymouth_t)
-
-term_use_ptmx(plymouth_t)
-
-miscfiles_read_localization(plymouth_t)
-
-sysnet_read_config(plymouth_t)
-
-plymouthd_stream_connect(plymouth_t)
-
-ifdef(`hide_broken_symptoms',`
-	optional_policy(`
-		hal_dontaudit_write_log(plymouth_t)
-		hal_dontaudit_rw_pipes(plymouth_t)
-	')
-')
-
-optional_policy(`
-	lvm_domtrans(plymouth_t)
-')
diff --git a/policy/modules/services/policykit.fc b/policy/modules/services/policykit.fc
deleted file mode 100644
index c65d18f..0000000
--- a/policy/modules/services/policykit.fc
+++ /dev/null
@@ -1,18 +0,0 @@
-/usr/lib/policykit/polkit-read-auth-helper --	gen_context(system_u:object_r:policykit_auth_exec_t,s0)
-/usr/lib/policykit/polkit-grant-helper.*   --	gen_context(system_u:object_r:policykit_grant_exec_t,s0)
-/usr/lib/policykit/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
-/usr/lib/policykit/polkitd		--	gen_context(system_u:object_r:policykit_exec_t,s0)
-
-/usr/libexec/polkit-read-auth-helper	--	gen_context(system_u:object_r:policykit_auth_exec_t,s0)
-/usr/libexec/polkit-grant-helper.*	--	gen_context(system_u:object_r:policykit_grant_exec_t,s0)
-/usr/libexec/polkit-resolve-exe-helper.* --	gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
-/usr/libexec/polkitd.*			--	gen_context(system_u:object_r:policykit_exec_t,s0)
-/usr/libexec/polkit-1/polkit-agent-helper-1 --	gen_context(system_u:object_r:policykit_auth_exec_t,s0)
-/usr/libexec/polkit-1/polkitd.*		--	gen_context(system_u:object_r:policykit_exec_t,s0)
-
-/var/lib/misc/PolicyKit.reload			gen_context(system_u:object_r:policykit_reload_t,s0)
-/var/lib/PolicyKit(/.*)?			gen_context(system_u:object_r:policykit_var_lib_t,s0)
-/var/lib/polkit-1(/.*)?			gen_context(system_u:object_r:policykit_var_lib_t,s0)
-/var/lib/PolicyKit-public(/.*)?			gen_context(system_u:object_r:policykit_var_lib_t,s0)
-/var/run/PolicyKit(/.*)?			gen_context(system_u:object_r:policykit_var_run_t,s0)
-
diff --git a/policy/modules/services/policykit.if b/policy/modules/services/policykit.if
deleted file mode 100644
index 13cdc77..0000000
--- a/policy/modules/services/policykit.if
+++ /dev/null
@@ -1,282 +0,0 @@
-## <summary>Policy framework for controlling privileges for system-wide services.</summary>
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	policykit over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`policykit_dbus_chat',`
-	gen_require(`
-		type policykit_t;
-		class dbus send_msg;
-	')
-
-	ps_process_pattern(policykit_t, $1)
-
-	allow $1 policykit_t:dbus send_msg;
-	allow policykit_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	policykit over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`policykit_dbus_chat_auth',`
-	gen_require(`
-		type policykit_auth_t;
-		class dbus send_msg;
-	')
-
-	ps_process_pattern(policykit_auth_t, $1)
-
-	allow $1 policykit_auth_t:dbus send_msg;
-	allow policykit_auth_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run polkit_auth.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`policykit_domtrans_auth',`
-	gen_require(`
-		type policykit_auth_t, policykit_auth_exec_t;
-	')
-
-	domtrans_pattern($1, policykit_auth_exec_t, policykit_auth_t)
-')
-
-########################################
-## <summary>
-##	Execute a policy_auth in the policy_auth domain, and
-##	allow the specified role the policy_auth domain,
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`policykit_run_auth',`
-	gen_require(`
-		type policykit_auth_t;
-	')
-
-	policykit_domtrans_auth($1)
-	role $2 types policykit_auth_t;
-
-	allow $1 policykit_auth_t:process signal;
-	ps_process_pattern(policykit_auth_t, $1)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run polkit_grant.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`policykit_domtrans_grant',`
-	gen_require(`
-		type policykit_grant_t, policykit_grant_exec_t;
-	')
-
-	domtrans_pattern($1, policykit_grant_exec_t, policykit_grant_t)
-')
-
-########################################
-## <summary>
-##	Execute a policy_grant in the policy_grant domain, and
-##	allow the specified role the policy_grant domain,
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`policykit_run_grant',`
-	gen_require(`
-		type policykit_grant_t;
-	')
-
-	policykit_domtrans_grant($1)
-	role $2 types policykit_grant_t;
-
-	allow $1 policykit_grant_t:process signal;
-
-	ps_process_pattern(policykit_grant_t, $1)
-')
-
-########################################
-## <summary>
-##	read policykit reload files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`policykit_read_reload',`
-	gen_require(`
-		type policykit_reload_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, policykit_reload_t, policykit_reload_t)
-')
-
-########################################
-## <summary>
-##	rw policykit reload files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`policykit_rw_reload',`
-	gen_require(`
-		type policykit_reload_t;
-	')
-
-	files_search_var_lib($1)
-	rw_files_pattern($1, policykit_reload_t, policykit_reload_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run polkit_resolve.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`policykit_domtrans_resolve',`
-	gen_require(`
-		type policykit_resolve_t, policykit_resolve_exec_t;
-	')
-
-	domtrans_pattern($1, policykit_resolve_exec_t, policykit_resolve_t)
-
-	ps_process_pattern(policykit_resolve_t, $1)
-')
-
-########################################
-## <summary>
-##	Search policykit lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`policykit_search_lib',`
-	gen_require(`
-		type policykit_var_lib_t;
-	')
-
-	allow $1 policykit_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	read policykit lib files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`policykit_read_lib',`
-	gen_require(`
-		type policykit_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, policykit_var_lib_t, policykit_var_lib_t)
-
-	# Broken placement
-	cron_read_system_job_lib_files($1)
-')
-
-#######################################
-## <summary>
-##	The per role template for the policykit module.
-## </summary>
-## <param name="user_role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-template(`policykit_role',`
-	policykit_run_auth($2, $1)
-	policykit_run_grant($2, $1)
-	policykit_read_lib($2)
-	policykit_read_reload($2)
-	policykit_dbus_chat($2)
-')
-
-########################################
-## <summary>
-##	Send generic signal to policy_auth
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`policykit_signal_auth',`
-	gen_require(`
-		type policykit_auth_t;
-	')
-
-	allow $1 policykit_auth_t:process signal;
-')
diff --git a/policy/modules/services/policykit.te b/policy/modules/services/policykit.te
deleted file mode 100644
index 7385ecf..0000000
--- a/policy/modules/services/policykit.te
+++ /dev/null
@@ -1,276 +0,0 @@
-policy_module(policykit, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type policykit_t alias polkit_t;
-type policykit_exec_t alias polkit_exec_t;
-init_daemon_domain(policykit_t, policykit_exec_t)
-
-type policykit_auth_t alias polkit_auth_t;
-type policykit_auth_exec_t alias polkit_auth_exec_t;
-init_daemon_domain(policykit_auth_t, policykit_auth_exec_t)
-
-type policykit_grant_t alias polkit_grant_t;
-type policykit_grant_exec_t alias polkit_grant_exec_t;
-init_system_domain(policykit_grant_t, policykit_grant_exec_t)
-
-type policykit_resolve_t alias polkit_resolve_t;
-type policykit_resolve_exec_t alias polkit_resolve_exec_t;
-init_system_domain(policykit_resolve_t, policykit_resolve_exec_t)
-
-type policykit_reload_t alias polkit_reload_t;
-files_type(policykit_reload_t)
-
-type policykit_tmp_t;
-files_tmp_file(policykit_tmp_t)
-
-type policykit_var_lib_t alias polkit_var_lib_t;
-files_type(policykit_var_lib_t)
-
-type policykit_var_run_t alias polkit_var_run_t;
-files_pid_file(policykit_var_run_t)
-
-########################################
-#
-# policykit local policy
-#
-
-allow policykit_t self:capability { dac_override dac_read_search setgid setuid sys_ptrace };
-allow policykit_t self:process { getsched getattr signal };
-allow policykit_t self:fifo_file rw_fifo_file_perms;
-allow policykit_t self:unix_dgram_socket create_socket_perms;
-allow policykit_t self:unix_stream_socket { create_stream_socket_perms connectto };
-
-policykit_domtrans_auth(policykit_t)
-
-can_exec(policykit_t, policykit_exec_t)
-corecmd_exec_bin(policykit_t)
-
-rw_files_pattern(policykit_t, policykit_reload_t, policykit_reload_t)
-
-policykit_domtrans_resolve(policykit_t)
-
-manage_files_pattern(policykit_t, policykit_var_lib_t, policykit_var_lib_t)
-
-manage_dirs_pattern(policykit_t, policykit_var_run_t, policykit_var_run_t)
-manage_files_pattern(policykit_t, policykit_var_run_t, policykit_var_run_t)
-files_pid_filetrans(policykit_t, policykit_var_run_t, { file dir })
-
-kernel_read_system_state(policykit_t)
-kernel_read_kernel_sysctls(policykit_t)
-
-domain_read_all_domains_state(policykit_t)
-
-files_read_etc_files(policykit_t)
-files_read_usr_files(policykit_t)
-files_dontaudit_search_all_mountpoints(policykit_t)
-
-fs_list_inotifyfs(policykit_t)
-
-auth_use_nsswitch(policykit_t)
-
-logging_send_syslog_msg(policykit_t)
-
-miscfiles_read_localization(policykit_t)
-
-userdom_getattr_all_users(policykit_t)
-userdom_read_all_users_state(policykit_t)
-userdom_dontaudit_search_admin_dir(policykit_t)
-
-optional_policy(`
-	dbus_system_domain(policykit_t, policykit_exec_t)
-
-	optional_policy(`
-		consolekit_dbus_chat(policykit_t)
-	')
-
-	optional_policy(`
-		rpm_dbus_chat(policykit_t)
-	')
-')
-
-optional_policy(`
-	consolekit_list_pid_files(policykit_t)
-	consolekit_read_pid_files(policykit_t)
-')
-
-optional_policy(`
-	gnome_read_config(policykit_t)
-')
-
-########################################
-#
-# polkit_auth local policy
-#
-
-allow policykit_auth_t self:capability { ipc_lock setgid setuid };
-dontaudit policykit_auth_t self:capability sys_tty_config;
-allow policykit_auth_t self:process { getattr getsched signal };
-allow policykit_auth_t self:fifo_file rw_fifo_file_perms;
-
-allow policykit_auth_t self:unix_dgram_socket create_socket_perms;
-allow policykit_auth_t self:unix_stream_socket create_stream_socket_perms;
-
-policykit_dbus_chat(policykit_auth_t)
-
-kernel_read_system_state(policykit_auth_t)
-
-can_exec(policykit_auth_t, policykit_auth_exec_t)
-corecmd_exec_bin(policykit_auth_t)
-
-rw_files_pattern(policykit_auth_t, policykit_reload_t, policykit_reload_t)
-
-manage_dirs_pattern(policykit_auth_t, policykit_tmp_t, policykit_tmp_t)
-manage_files_pattern(policykit_auth_t, policykit_tmp_t, policykit_tmp_t)
-files_tmp_filetrans(policykit_auth_t, policykit_tmp_t, { file dir })
-
-manage_files_pattern(policykit_auth_t, policykit_var_lib_t, policykit_var_lib_t)
-
-manage_dirs_pattern(policykit_auth_t, policykit_var_run_t, policykit_var_run_t)
-manage_files_pattern(policykit_auth_t, policykit_var_run_t, policykit_var_run_t)
-files_pid_filetrans(policykit_auth_t, policykit_var_run_t, { file dir })
-
-kernel_dontaudit_search_kernel_sysctl(policykit_auth_t)
-
-dev_read_video_dev(policykit_auth_t)
-
-files_read_etc_files(policykit_auth_t)
-files_read_usr_files(policykit_auth_t)
-files_search_home(policykit_auth_t)
-
-fs_getattr_all_fs(polkit_auth_t)
-fs_search_tmpfs(polkit_auth_t)
-
-auth_use_nsswitch(policykit_auth_t)
-auth_read_var_auth(policykit_auth_t)
-auth_domtrans_chk_passwd(policykit_auth_t)
-
-logging_send_syslog_msg(policykit_auth_t)
-
-miscfiles_read_localization(policykit_auth_t)
-miscfiles_read_fonts(policykit_auth_t)
-miscfiles_setattr_fonts_cache_dirs(policykit_auth_t)
-
-userdom_dontaudit_read_user_home_content_files(policykit_auth_t)
-userdom_dontaudit_write_user_tmp_files(policykit_auth_t)
-userdom_read_admin_home_files(policykit_auth_t)
-
-optional_policy(`
-	dbus_system_domain( policykit_auth_t, policykit_auth_exec_t)
-	dbus_session_bus_client(policykit_auth_t)
-
-	optional_policy(`
-		consolekit_dbus_chat(policykit_auth_t)
-	')
-')
-
-optional_policy(`
-	kernel_search_proc(policykit_auth_t)
-	hal_read_state(policykit_auth_t)
-')
-
-optional_policy(`
-	xserver_stream_connect(policykit_auth_t)
-	xserver_xdm_append_log(policykit_auth_t)
-	xserver_read_xdm_pid(policykit_auth_t)
-	xserver_search_xdm_lib(policykit_auth_t)
-	xserver_create_xdm_tmp_sockets(policykit_auth_t)
-')
-
-########################################
-#
-# polkit_grant local policy
-#
-
-allow policykit_grant_t self:capability setuid;
-allow policykit_grant_t self:process getattr;
-allow policykit_grant_t self:fifo_file rw_fifo_file_perms;
-
-allow policykit_grant_t self:unix_dgram_socket create_socket_perms;
-allow policykit_grant_t self:unix_stream_socket create_stream_socket_perms;
-
-policykit_domtrans_auth(policykit_grant_t)
-
-policykit_domtrans_resolve(policykit_grant_t)
-
-can_exec(policykit_grant_t, policykit_grant_exec_t)
-corecmd_search_bin(policykit_grant_t)
-
-rw_files_pattern(policykit_grant_t, policykit_reload_t, policykit_reload_t)
-
-manage_files_pattern(policykit_grant_t, policykit_var_run_t, policykit_var_run_t)
-
-manage_files_pattern(policykit_grant_t, policykit_var_lib_t, policykit_var_lib_t)
-
-files_read_etc_files(policykit_grant_t)
-files_read_usr_files(policykit_grant_t)
-
-auth_use_nsswitch(policykit_grant_t)
-auth_domtrans_chk_passwd(policykit_grant_t)
-
-logging_send_syslog_msg(policykit_grant_t)
-
-miscfiles_read_localization(policykit_grant_t)
-
-userdom_read_all_users_state(policykit_grant_t)
-
-optional_policy(`
-	cron_manage_system_job_lib_files(policykit_grant_t)
-')
-
-	optional_policy(`
-	dbus_system_bus_client(policykit_grant_t)
-	optional_policy(`
-		consolekit_dbus_chat(policykit_grant_t)
-	')
-')
-
-########################################
-#
-# polkit_resolve local policy
-#
-
-allow policykit_resolve_t self:capability { setuid sys_nice sys_ptrace };
-allow policykit_resolve_t self:process getattr;
-allow policykit_resolve_t self:fifo_file rw_fifo_file_perms;
-
-allow policykit_resolve_t self:unix_dgram_socket create_socket_perms;
-allow policykit_resolve_t self:unix_stream_socket create_stream_socket_perms;
-
-policykit_domtrans_auth(policykit_resolve_t)
-
-read_files_pattern(policykit_resolve_t, policykit_reload_t, policykit_reload_t)
-
-read_files_pattern(policykit_resolve_t, policykit_var_lib_t, policykit_var_lib_t)
-
-can_exec(policykit_resolve_t, policykit_resolve_exec_t)
-corecmd_search_bin(policykit_resolve_t)
-
-files_read_etc_files(policykit_resolve_t)
-files_read_usr_files(policykit_resolve_t)
-
-mcs_ptrace_all(policykit_resolve_t)
-
-auth_use_nsswitch(policykit_resolve_t)
-
-logging_send_syslog_msg(policykit_resolve_t)
-
-miscfiles_read_localization(policykit_resolve_t)
-
-userdom_read_all_users_state(policykit_resolve_t)
-
-optional_policy(`
-	dbus_system_bus_client(policykit_resolve_t)
-
-	optional_policy(`
-		consolekit_dbus_chat(policykit_resolve_t)
-	')
-')
-
-optional_policy(`
-	kernel_search_proc(policykit_resolve_t)
-	hal_read_state(policykit_resolve_t)
-')
diff --git a/policy/modules/services/portmap.fc b/policy/modules/services/portmap.fc
deleted file mode 100644
index 76f5834..0000000
--- a/policy/modules/services/portmap.fc
+++ /dev/null
@@ -1,12 +0,0 @@
-
-/sbin/portmap		--	gen_context(system_u:object_r:portmap_exec_t,s0)
-
-ifdef(`distro_debian',`
-/sbin/pmap_dump		--	gen_context(system_u:object_r:portmap_helper_exec_t,s0)
-/sbin/pmap_set		--	gen_context(system_u:object_r:portmap_helper_exec_t,s0)
-', `
-/usr/sbin/pmap_dump	--	gen_context(system_u:object_r:portmap_helper_exec_t,s0)
-/usr/sbin/pmap_set	--	gen_context(system_u:object_r:portmap_helper_exec_t,s0)
-')
-
-/var/run/portmap\.upgrade-state -- gen_context(system_u:object_r:portmap_var_run_t,s0)
diff --git a/policy/modules/services/portmap.if b/policy/modules/services/portmap.if
deleted file mode 100644
index 374afcf..0000000
--- a/policy/modules/services/portmap.if
+++ /dev/null
@@ -1,89 +0,0 @@
-## <summary>RPC port mapping service.</summary>
-
-########################################
-## <summary>
-##	Execute portmap_helper in the helper domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`portmap_domtrans_helper',`
-	gen_require(`
-		type portmap_helper_t, portmap_helper_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, portmap_helper_exec_t, portmap_helper_t)
-')
-
-########################################
-## <summary>
-##	Execute portmap helper in the helper domain, and
-##	allow the specified role the helper domain.
-##	Communicate with portmap.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`portmap_run_helper',`
-	gen_require(`
-		type portmap_t, portmap_helper_t;
-	')
-
-	portmap_domtrans_helper($1)
-	role $2 types portmap_helper_t;
-')
-
-########################################
-## <summary>
-##	Send UDP network traffic to portmap.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`portmap_udp_send',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Send and receive UDP network traffic from portmap.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`portmap_udp_chat',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Connect to portmap over a TCP socket  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`portmap_tcp_connect',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
diff --git a/policy/modules/services/portmap.te b/policy/modules/services/portmap.te
deleted file mode 100644
index d1cf513..0000000
--- a/policy/modules/services/portmap.te
+++ /dev/null
@@ -1,149 +0,0 @@
-policy_module(portmap, 1.9.0)
-
-########################################
-#
-# Declarations
-#
-
-type portmap_t;
-type portmap_exec_t;
-init_daemon_domain(portmap_t, portmap_exec_t)
-
-type portmap_helper_t;
-type portmap_helper_exec_t;
-init_system_domain(portmap_helper_t, portmap_helper_exec_t)
-
-type portmap_tmp_t;
-files_tmp_file(portmap_tmp_t)
-
-type portmap_var_run_t;
-files_pid_file(portmap_var_run_t)
-
-########################################
-#
-# Portmap local policy
-#
-
-allow portmap_t self:capability { setuid setgid };
-dontaudit portmap_t self:capability sys_tty_config;
-allow portmap_t self:netlink_route_socket r_netlink_socket_perms;
-allow portmap_t self:unix_dgram_socket create_socket_perms;
-allow portmap_t self:unix_stream_socket create_stream_socket_perms;
-allow portmap_t self:tcp_socket create_stream_socket_perms;
-allow portmap_t self:udp_socket create_socket_perms;
-
-manage_dirs_pattern(portmap_t, portmap_tmp_t, portmap_tmp_t)
-manage_files_pattern(portmap_t, portmap_tmp_t, portmap_tmp_t)
-files_tmp_filetrans(portmap_t, portmap_tmp_t, { file dir })
-
-manage_files_pattern(portmap_t, portmap_var_run_t, portmap_var_run_t)
-files_pid_filetrans(portmap_t, portmap_var_run_t, file)
-
-kernel_read_system_state(portmap_t)
-kernel_read_kernel_sysctls(portmap_t)
-
-corenet_all_recvfrom_unlabeled(portmap_t)
-corenet_all_recvfrom_netlabel(portmap_t)
-corenet_tcp_sendrecv_generic_if(portmap_t)
-corenet_udp_sendrecv_generic_if(portmap_t)
-corenet_tcp_sendrecv_generic_node(portmap_t)
-corenet_udp_sendrecv_generic_node(portmap_t)
-corenet_tcp_sendrecv_all_ports(portmap_t)
-corenet_udp_sendrecv_all_ports(portmap_t)
-corenet_tcp_bind_generic_node(portmap_t)
-corenet_udp_bind_generic_node(portmap_t)
-corenet_tcp_bind_portmap_port(portmap_t)
-corenet_udp_bind_portmap_port(portmap_t)
-corenet_tcp_connect_all_ports(portmap_t)
-corenet_sendrecv_portmap_client_packets(portmap_t)
-corenet_sendrecv_portmap_server_packets(portmap_t)
-# portmap binds to arbitary ports
-corenet_tcp_bind_generic_port(portmap_t)
-corenet_udp_bind_generic_port(portmap_t)
-corenet_tcp_bind_reserved_port(portmap_t)
-corenet_udp_bind_reserved_port(portmap_t)
-corenet_dontaudit_tcp_bind_all_reserved_ports(portmap_t)
-corenet_dontaudit_udp_bind_all_ports(portmap_t)
-
-dev_read_sysfs(portmap_t)
-
-fs_getattr_all_fs(portmap_t)
-fs_search_auto_mountpoints(portmap_t)
-
-domain_use_interactive_fds(portmap_t)
-
-files_read_etc_files(portmap_t)
-
-logging_send_syslog_msg(portmap_t)
-
-miscfiles_read_localization(portmap_t)
-
-sysnet_read_config(portmap_t)
-
-userdom_dontaudit_use_unpriv_user_fds(portmap_t)
-userdom_dontaudit_search_user_home_dirs(portmap_t)
-
-optional_policy(`
-	nis_use_ypbind(portmap_t)
-')
-
-optional_policy(`
-	nscd_socket_use(portmap_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(portmap_t)
-')
-
-optional_policy(`
-	udev_read_db(portmap_t)
-')
-
-########################################
-#
-# Portmap helper local policy
-#
-
-dontaudit portmap_helper_t self:capability net_admin;
-allow portmap_helper_t self:netlink_route_socket r_netlink_socket_perms;
-allow portmap_helper_t self:tcp_socket create_stream_socket_perms;
-allow portmap_helper_t self:udp_socket create_socket_perms;
-
-allow portmap_helper_t portmap_var_run_t:file manage_file_perms;
-files_pid_filetrans(portmap_helper_t, portmap_var_run_t, file)
-
-corenet_all_recvfrom_unlabeled(portmap_helper_t)
-corenet_all_recvfrom_netlabel(portmap_helper_t)
-corenet_tcp_sendrecv_generic_if(portmap_helper_t)
-corenet_udp_sendrecv_generic_if(portmap_helper_t)
-corenet_raw_sendrecv_generic_if(portmap_helper_t)
-corenet_tcp_sendrecv_generic_node(portmap_helper_t)
-corenet_udp_sendrecv_generic_node(portmap_helper_t)
-corenet_raw_sendrecv_generic_node(portmap_helper_t)
-corenet_tcp_sendrecv_all_ports(portmap_helper_t)
-corenet_udp_sendrecv_all_ports(portmap_helper_t)
-corenet_tcp_bind_generic_node(portmap_helper_t)
-corenet_udp_bind_generic_node(portmap_helper_t)
-corenet_tcp_bind_reserved_port(portmap_helper_t)
-corenet_udp_bind_reserved_port(portmap_helper_t)
-corenet_dontaudit_tcp_bind_all_reserved_ports(portmap_helper_t)
-corenet_dontaudit_udp_bind_all_reserved_ports(portmap_helper_t)
-corenet_tcp_connect_all_ports(portmap_helper_t)
-
-domain_dontaudit_use_interactive_fds(portmap_helper_t)
-
-files_read_etc_files(portmap_helper_t)
-files_rw_generic_pids(portmap_helper_t)
-
-init_rw_utmp(portmap_helper_t)
-
-logging_send_syslog_msg(portmap_helper_t)
-
-sysnet_read_config(portmap_helper_t)
-
-userdom_use_user_terminals(portmap_helper_t)
-userdom_dontaudit_use_all_users_fds(portmap_helper_t)
-
-optional_policy(`
-	nis_use_ypbind(portmap_helper_t)
-')
diff --git a/policy/modules/services/portreserve.fc b/policy/modules/services/portreserve.fc
deleted file mode 100644
index 1d9fa76..0000000
--- a/policy/modules/services/portreserve.fc
+++ /dev/null
@@ -1,8 +0,0 @@
-
-/etc/rc\.d/init\.d/portreserve    --  gen_context(system_u:object_r:portreserve_initrc_exec_t,s0)
-
-/etc/portreserve(/.*)?			gen_context(system_u:object_r:portreserve_etc_t,s0)
-
-/sbin/portreserve		--	gen_context(system_u:object_r:portreserve_exec_t,s0)
-
-/var/run/portreserve(/.*)? 		gen_context(system_u:object_r:portreserve_var_run_t,s0)
diff --git a/policy/modules/services/portreserve.if b/policy/modules/services/portreserve.if
deleted file mode 100644
index 7385056..0000000
--- a/policy/modules/services/portreserve.if
+++ /dev/null
@@ -1,120 +0,0 @@
-## <summary>Reserve well-known ports in the RPC port range.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run portreserve.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`portreserve_domtrans',`
-	gen_require(`
-		type portreserve_t, portreserve_exec_t;
-	')
-
-	domtrans_pattern($1, portreserve_exec_t, portreserve_t)
-')
-
-########################################
-## <summary>
-##	Execute portreserve in the portreserve domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`portreserve_initrc_domtrans',`
-	gen_require(`
-		type portreserve_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, portreserve_initrc_exec_t)
-')
-
-#######################################
-## <summary>
-##	Allow the specified domain to read
-##	portreserve etcuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`portreserve_read_config',`
-	gen_require(`
-		type portreserve_etc_t;
-	')
-
-	files_search_etc($1)
-	allow $1 portreserve_etc_t:dir list_dir_perms;
-	read_files_pattern($1, portreserve_etc_t, portreserve_etc_t)
-	read_lnk_files_pattern($1, portreserve_etc_t, portreserve_etc_t)
-')
-
-#######################################
-## <summary>
-##	Allow the specified domain to manage
-##	portreserve etcuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`portreserve_manage_config',`
-	gen_require(`
-		type portreserve_etc_t;
-	')
-
-	files_search_etc($1)
-	manage_dirs_pattern($1, portreserve_etc_t, portreserve_etc_t)
-	manage_files_pattern($1, portreserve_etc_t, portreserve_etc_t)
-	read_lnk_files_pattern($1, portreserve_etc_t, portreserve_etc_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an portreserve environment.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`portreserve_admin',`
-	gen_require(`
-		type portreserve_t, portreserve_etc_t, portreserve_var_run_t;
-		type portreserve_initrc_exec_t;
-	')
-
-	allow $1 portreserve_t:process { ptrace signal_perms };
-	ps_process_pattern($1, portreserve_t)
-
-	portreserve_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 portreserve_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, portreserve_etc_t)
-
-	files_list_pids($1)
-	admin_pattern($1, portreserve_var_run_t)
-')
diff --git a/policy/modules/services/portreserve.te b/policy/modules/services/portreserve.te
deleted file mode 100644
index e091aba..0000000
--- a/policy/modules/services/portreserve.te
+++ /dev/null
@@ -1,54 +0,0 @@
-policy_module(portreserve, 1.2.0)
-
-########################################
-#
-# Declarations
-#
-
-type portreserve_t;
-type portreserve_exec_t;
-init_daemon_domain(portreserve_t, portreserve_exec_t)
-
-type portreserve_initrc_exec_t;
-init_script_file(portreserve_initrc_exec_t)
-
-type portreserve_etc_t;
-files_type(portreserve_etc_t)
-
-type portreserve_var_run_t;
-files_pid_file(portreserve_var_run_t)
-
-########################################
-#
-# Portreserve local policy
-#
-
-allow portreserve_t self:capability { dac_read_search dac_override };
-allow portreserve_t self:fifo_file rw_fifo_file_perms;
-allow portreserve_t self:unix_stream_socket create_stream_socket_perms;
-allow portreserve_t self:unix_dgram_socket { create_socket_perms sendto };
-allow portreserve_t self:tcp_socket create_socket_perms;
-allow portreserve_t self:udp_socket create_socket_perms;
-
-# Read etc files
-list_dirs_pattern(portreserve_t, portreserve_etc_t, portreserve_etc_t)
-read_files_pattern(portreserve_t, portreserve_etc_t, portreserve_etc_t)
-
-# Manage /var/run/portreserve/*
-manage_dirs_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
-manage_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
-manage_sock_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
-files_pid_filetrans(portreserve_t, portreserve_var_run_t, { file sock_file dir })
-
-corecmd_getattr_bin_files(portreserve_t)
-
-corenet_all_recvfrom_unlabeled(portreserve_t)
-corenet_all_recvfrom_netlabel(portreserve_t)
-corenet_tcp_bind_generic_node(portreserve_t)
-corenet_udp_bind_generic_node(portreserve_t)
-corenet_tcp_bind_all_ports(portreserve_t)
-corenet_udp_bind_all_ports(portreserve_t)
-
-files_read_etc_files(portreserve_t)
-
-userdom_dontaudit_search_user_home_content(portreserve_t)
diff --git a/policy/modules/services/portslave.fc b/policy/modules/services/portslave.fc
deleted file mode 100644
index 2dd7786..0000000
--- a/policy/modules/services/portslave.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-/etc/portslave(/.*)?		gen_context(system_u:object_r:portslave_etc_t,s0)
-
-/usr/sbin/ctlportslave	--	gen_context(system_u:object_r:portslave_exec_t,s0)
-/usr/sbin/portslave	--	gen_context(system_u:object_r:portslave_exec_t,s0)
diff --git a/policy/modules/services/portslave.if b/policy/modules/services/portslave.if
deleted file mode 100644
index b53ff77..0000000
--- a/policy/modules/services/portslave.if
+++ /dev/null
@@ -1,19 +0,0 @@
-## <summary>Portslave terminal server software</summary>
-
-########################################
-## <summary>
-##	Execute portslave with a domain transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`portslave_domtrans',`
-	gen_require(`
-		type portslave_t, portslave_exec_t;
-	')
-
-	domtrans_pattern($1, portslave_exec_t, portslave_t)
-')
diff --git a/policy/modules/services/portslave.te b/policy/modules/services/portslave.te
deleted file mode 100644
index 69c331e..0000000
--- a/policy/modules/services/portslave.te
+++ /dev/null
@@ -1,125 +0,0 @@
-policy_module(portslave, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type portslave_t;
-type portslave_exec_t;
-init_domain(portslave_t, portslave_exec_t)
-init_daemon_domain(portslave_t, portslave_exec_t)
-
-type portslave_etc_t;
-files_config_file(portslave_etc_t)
-
-type portslave_lock_t;
-files_lock_file(portslave_lock_t)
-
-########################################
-#
-# Local policy
-#
-
-# setuid setgid net_admin fsetid for pppd
-# sys_admin for ctlportslave
-# net_bind_service for rlogin
-allow portslave_t self:capability { setuid setgid net_admin fsetid net_bind_service sys_tty_config };
-dontaudit portslave_t self:capability sys_admin;
-allow portslave_t self:process signal_perms;
-allow portslave_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow portslave_t self:fd use;
-allow portslave_t self:fifo_file rw_fifo_file_perms;
-allow portslave_t self:unix_dgram_socket create_socket_perms;
-allow portslave_t self:unix_stream_socket create_stream_socket_perms;
-allow portslave_t self:unix_dgram_socket sendto;
-allow portslave_t self:unix_stream_socket connectto;
-allow portslave_t self:shm create_shm_perms;
-allow portslave_t self:sem create_sem_perms;
-allow portslave_t self:msgq create_msgq_perms;
-allow portslave_t self:msg { send receive };
-allow portslave_t self:tcp_socket create_stream_socket_perms;
-allow portslave_t self:udp_socket create_socket_perms;
-
-allow portslave_t portslave_etc_t:dir list_dir_perms;
-read_files_pattern(portslave_t, portslave_etc_t, portslave_etc_t)
-read_lnk_files_pattern(portslave_t, portslave_etc_t, portslave_etc_t)
-
-allow portslave_t portslave_lock_t:file manage_file_perms;
-files_lock_filetrans(portslave_t, portslave_lock_t, file)
-
-kernel_read_system_state(portslave_t)
-kernel_read_kernel_sysctls(portslave_t)
-
-corecmd_exec_bin(portslave_t)
-corecmd_exec_shell(portslave_t)
-
-corenet_all_recvfrom_unlabeled(portslave_t)
-corenet_all_recvfrom_netlabel(portslave_t)
-corenet_tcp_sendrecv_generic_if(portslave_t)
-corenet_udp_sendrecv_generic_if(portslave_t)
-corenet_tcp_sendrecv_generic_node(portslave_t)
-corenet_udp_sendrecv_generic_node(portslave_t)
-corenet_tcp_sendrecv_all_ports(portslave_t)
-corenet_udp_sendrecv_all_ports(portslave_t)
-corenet_rw_ppp_dev(portslave_t)
-
-dev_read_sysfs(portslave_t)
-# for ssh
-dev_read_urand(portslave_t)
-
-domain_use_interactive_fds(portslave_t)
-
-files_read_etc_files(portslave_t)
-files_read_etc_runtime_files(portslave_t)
-files_exec_etc_files(portslave_t)
-
-fs_search_auto_mountpoints(portslave_t)
-fs_getattr_xattr_fs(portslave_t)
-
-term_use_unallocated_ttys(portslave_t)
-term_setattr_unallocated_ttys(portslave_t)
-term_use_all_ttys(portslave_t)
-term_search_ptys(portslave_t)
-
-auth_rw_login_records(portslave_t)
-auth_domtrans_chk_passwd(portslave_t)
-
-init_rw_utmp(portslave_t)
-
-logging_send_syslog_msg(portslave_t)
-logging_search_logs(portslave_t)
-
-sysnet_read_config(portslave_t)
-
-userdom_use_unpriv_users_fds(portslave_t)
-# for ~/.ppprc - if it actually exists then you need some policy to read it
-userdom_search_user_home_dirs(portslave_t)
-
-mta_send_mail(portslave_t)
-
-# this should probably be a domtrans to pppd
-# instead of exec.
-ppp_read_rw_config(portslave_t)
-ppp_exec(portslave_t)
-ppp_read_secrets(portslave_t)
-ppp_manage_pid_files(portslave_t)
-ppp_pid_filetrans(portslave_t)
-
-ssh_exec(portslave_t)
-
-optional_policy(`
-	inetd_tcp_service_domain(portslave_t, portslave_exec_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(portslave_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(portslave_t)
-')
-
-optional_policy(`
-	udev_read_db(portslave_t)
-')
diff --git a/policy/modules/services/postfix.fc b/policy/modules/services/postfix.fc
deleted file mode 100644
index c114a40..0000000
--- a/policy/modules/services/postfix.fc
+++ /dev/null
@@ -1,54 +0,0 @@
-# postfix
-/etc/rc\.d/init\.d/postfix    --  gen_context(system_u:object_r:postfix_initrc_exec_t,s0)
-/etc/postfix(/.*)?		gen_context(system_u:object_r:postfix_etc_t,s0)
-ifdef(`distro_redhat', `
-/usr/libexec/postfix/.*	--	gen_context(system_u:object_r:postfix_exec_t,s0)
-/usr/libexec/postfix/cleanup --	gen_context(system_u:object_r:postfix_cleanup_exec_t,s0)
-/usr/libexec/postfix/lmtp --	gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
-/usr/libexec/postfix/local --	gen_context(system_u:object_r:postfix_local_exec_t,s0)
-/usr/libexec/postfix/master --	gen_context(system_u:object_r:postfix_master_exec_t,s0)
-/usr/libexec/postfix/pickup --	gen_context(system_u:object_r:postfix_pickup_exec_t,s0)
-/usr/libexec/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t,s0)
-/usr/libexec/postfix/showq --	gen_context(system_u:object_r:postfix_showq_exec_t,s0)
-/usr/libexec/postfix/smtp --	gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
-/usr/libexec/postfix/scache --	gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
-/usr/libexec/postfix/smtpd --	gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
-/usr/libexec/postfix/bounce --	gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
-/usr/libexec/postfix/pipe --	gen_context(system_u:object_r:postfix_pipe_exec_t,s0)
-/usr/libexec/postfix/virtual --	gen_context(system_u:object_r:postfix_virtual_exec_t,s0)
-', `
-/usr/lib/postfix/.*	--	gen_context(system_u:object_r:postfix_exec_t,s0)
-/usr/lib/postfix/cleanup --	gen_context(system_u:object_r:postfix_cleanup_exec_t,s0)
-/usr/lib/postfix/local	--	gen_context(system_u:object_r:postfix_local_exec_t,s0)
-/usr/lib/postfix/master	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
-/usr/lib/postfix/pickup	--	gen_context(system_u:object_r:postfix_pickup_exec_t,s0)
-/usr/lib/postfix/(n)?qmgr --	gen_context(system_u:object_r:postfix_qmgr_exec_t,s0)
-/usr/lib/postfix/showq	--	gen_context(system_u:object_r:postfix_showq_exec_t,s0)
-/usr/lib/postfix/smtp	--	gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
-/usr/lib/postfix/lmtp	--	gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
-/usr/lib/postfix/scache	--	gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
-/usr/lib/postfix/smtpd	--	gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
-/usr/lib/postfix/bounce	--	gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
-/usr/lib/postfix/pipe	--	gen_context(system_u:object_r:postfix_pipe_exec_t,s0)
-')
-/etc/postfix/postfix-script.* -- gen_context(system_u:object_r:postfix_exec_t,s0)
-/etc/postfix/prng_exch	--	gen_context(system_u:object_r:postfix_prng_t,s0)
-/usr/sbin/postalias	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
-/usr/sbin/postdrop	--	gen_context(system_u:object_r:postfix_postdrop_exec_t,s0)
-/usr/sbin/postfix	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
-/usr/sbin/postkick	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
-/usr/sbin/postlock	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
-/usr/sbin/postlog	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
-/usr/sbin/postmap	--	gen_context(system_u:object_r:postfix_map_exec_t,s0)
-/usr/sbin/postqueue	--	gen_context(system_u:object_r:postfix_postqueue_exec_t,s0)
-/usr/sbin/postsuper	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
-
-/var/lib/postfix(/.*)?		gen_context(system_u:object_r:postfix_data_t,s0)
-
-/var/spool/postfix(/.*)?		gen_context(system_u:object_r:postfix_spool_t,s0)
-/var/spool/postfix/maildrop(/.*)? gen_context(system_u:object_r:postfix_spool_maildrop_t,s0)
-/var/spool/postfix/pid/.*	gen_context(system_u:object_r:postfix_var_run_t,s0)
-/var/spool/postfix/private(/.*)? gen_context(system_u:object_r:postfix_private_t,s0)
-/var/spool/postfix/public(/.*)? gen_context(system_u:object_r:postfix_public_t,s0)
-/var/spool/postfix/bounce(/.*)? gen_context(system_u:object_r:postfix_spool_bounce_t,s0)
-/var/spool/postfix/flush(/.*)?	gen_context(system_u:object_r:postfix_spool_flush_t,s0)
diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if
deleted file mode 100644
index 7391f7e..0000000
--- a/policy/modules/services/postfix.if
+++ /dev/null
@@ -1,758 +0,0 @@
-## <summary>Postfix email server</summary>
-
-########################################
-## <summary>
-##	Postfix stub interface.  No access allowed.
-## </summary>
-## <param name="domain" unused="true">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postfix_stub',`
-	gen_require(`
-		type postfix_master_t;
-	')
-')
-
-########################################
-## <summary>
-##	Creates types and rules for a basic
-##	postfix process domain.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Prefix for the domain.
-##	</summary>
-## </param>
-#
-template(`postfix_domain_template',`
-	type postfix_$1_t;
-	type postfix_$1_exec_t;
-	domain_type(postfix_$1_t)
-	domain_entry_file(postfix_$1_t, postfix_$1_exec_t)
-	role system_r types postfix_$1_t;
-
-	dontaudit postfix_$1_t self:capability sys_tty_config;
-	allow postfix_$1_t self:process { signal_perms setpgid };
-	allow postfix_$1_t self:unix_dgram_socket create_socket_perms;
-	allow postfix_$1_t self:unix_stream_socket create_stream_socket_perms;
-	allow postfix_$1_t self:unix_stream_socket connectto;
-
-	allow postfix_master_t postfix_$1_t:process signal;
-	#https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244456
-	allow postfix_$1_t postfix_master_t:file read;
-
-	allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
-	read_files_pattern(postfix_$1_t, postfix_etc_t, postfix_etc_t)
-	read_lnk_files_pattern(postfix_$1_t, postfix_etc_t, postfix_etc_t)
-
-	can_exec(postfix_$1_t, postfix_$1_exec_t)
-
-	allow postfix_$1_t postfix_exec_t:file { mmap_file_perms lock };
-
-	allow postfix_$1_t postfix_master_t:process sigchld;
-
-	allow postfix_$1_t postfix_spool_t:dir list_dir_perms;
-
-	allow postfix_$1_t postfix_var_run_t:file manage_file_perms;
-	files_pid_filetrans(postfix_$1_t, postfix_var_run_t, file)
-
-	kernel_read_system_state(postfix_$1_t)
-	kernel_read_network_state(postfix_$1_t)
-	kernel_read_all_sysctls(postfix_$1_t)
-
-	dev_read_sysfs(postfix_$1_t)
-	dev_read_rand(postfix_$1_t)
-	dev_read_urand(postfix_$1_t)
-
-	fs_search_auto_mountpoints(postfix_$1_t)
-	fs_getattr_xattr_fs(postfix_$1_t)
-	fs_rw_anon_inodefs_files(postfix_$1_t)
-
-	term_dontaudit_use_console(postfix_$1_t)
-
-	corecmd_exec_shell(postfix_$1_t)
-
-	files_read_etc_files(postfix_$1_t)
-	files_read_etc_runtime_files(postfix_$1_t)
-	files_read_usr_files(postfix_$1_t)
-	files_read_usr_symlinks(postfix_$1_t)
-	files_search_spool(postfix_$1_t)
-	files_getattr_tmp_dirs(postfix_$1_t)
-	files_search_all_mountpoints(postfix_$1_t)
-
-	init_dontaudit_use_fds(postfix_$1_t)
-	init_sigchld(postfix_$1_t)
-
-	auth_use_nsswitch(postfix_$1_t)
-
-	logging_send_syslog_msg(postfix_$1_t)
-
-	miscfiles_read_localization(postfix_$1_t)
-	miscfiles_read_generic_certs(postfix_$1_t)
-
-	userdom_dontaudit_use_unpriv_user_fds(postfix_$1_t)
-
-	optional_policy(`
-		udev_read_db(postfix_$1_t)
-	')
-')
-
-########################################
-## <summary>
-##	Creates a postfix server process domain.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Prefix of the domain.
-##	</summary>
-## </param>
-#
-template(`postfix_server_domain_template',`
-	postfix_domain_template($1)
-
-	type postfix_$1_tmp_t;
-	files_tmp_file(postfix_$1_tmp_t)
-
-	allow postfix_$1_t self:capability { setuid setgid dac_override };
-	allow postfix_$1_t postfix_master_t:unix_stream_socket { connectto rw_stream_socket_perms };
-	allow postfix_$1_t self:tcp_socket create_socket_perms;
-	allow postfix_$1_t self:udp_socket create_socket_perms;
-
-	manage_dirs_pattern(postfix_$1_t, postfix_$1_tmp_t, postfix_$1_tmp_t)
-	manage_files_pattern(postfix_$1_t, postfix_$1_tmp_t, postfix_$1_tmp_t)
-	files_tmp_filetrans(postfix_$1_t, postfix_$1_tmp_t, { file dir })
-
-	domtrans_pattern(postfix_master_t, postfix_$1_exec_t, postfix_$1_t)
-
-	corenet_all_recvfrom_unlabeled(postfix_$1_t)
-	corenet_all_recvfrom_netlabel(postfix_$1_t)
-	corenet_tcp_sendrecv_generic_if(postfix_$1_t)
-	corenet_udp_sendrecv_generic_if(postfix_$1_t)
-	corenet_tcp_sendrecv_generic_node(postfix_$1_t)
-	corenet_udp_sendrecv_generic_node(postfix_$1_t)
-	corenet_tcp_sendrecv_all_ports(postfix_$1_t)
-	corenet_udp_sendrecv_all_ports(postfix_$1_t)
-	corenet_tcp_bind_generic_node(postfix_$1_t)
-	corenet_udp_bind_generic_node(postfix_$1_t)
-	corenet_tcp_connect_all_ports(postfix_$1_t)
-	corenet_sendrecv_all_client_packets(postfix_$1_t)
-')
-
-########################################
-## <summary>
-##	Creates a process domain for programs
-##	that are ran by users.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Prefix of the domain.
-##	</summary>
-## </param>
-#
-template(`postfix_user_domain_template',`
-	gen_require(`
-		attribute postfix_user_domains, postfix_user_domtrans;
-	')
-
-	postfix_domain_template($1)
-
-	typeattribute postfix_$1_t postfix_user_domains;
-
-	allow postfix_$1_t self:capability dac_override;
-
-	domtrans_pattern(postfix_user_domtrans, postfix_$1_exec_t, postfix_$1_t)
-
-	domain_use_interactive_fds(postfix_$1_t)
-')
-
-########################################
-## <summary>
-##	Read postfix configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`postfix_read_config',`
-	gen_require(`
-		type postfix_etc_t;
-	')
-
-	read_files_pattern($1, postfix_etc_t, postfix_etc_t)
-	read_lnk_files_pattern($1, postfix_etc_t, postfix_etc_t)
-	files_search_etc($1)
-')
-
-########################################
-## <summary>
-##	Create files with the specified type in
-##	the postfix configuration directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private type">
-##	<summary>
-##	The type of the object to be created.
-##	</summary>
-## </param>
-## <param name="object">
-##	<summary>
-##	The object class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`postfix_config_filetrans',`
-	gen_require(`
-		type postfix_etc_t;
-	')
-
-	files_search_etc($1)
-	filetrans_pattern($1, postfix_etc_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and
-##	write postfix local delivery
-##	TCP sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`postfix_dontaudit_rw_local_tcp_sockets',`
-	gen_require(`
-		type postfix_local_t;
-	')
-
-	dontaudit $1 postfix_local_t:tcp_socket { read write };
-')
-
-########################################
-## <summary>
-##	Allow read/write postfix local pipes
-##	TCP sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postfix_rw_local_pipes',`
-	gen_require(`
-		type postfix_local_t;
-	')
-
-	allow $1 postfix_local_t:fifo_file rw_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow domain to read postfix local process state
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postfix_read_local_state',`
-	gen_require(`
-		type postfix_local_t;
-	')
-
-	kernel_search_proc($1)
-	ps_process_pattern($1, postfix_local_t)
-')
-
-########################################
-## <summary>
-##	Allow domain to read postfix master process state
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postfix_read_master_state',`
-	gen_require(`
-		type postfix_master_t;
-	')
-
-	kernel_search_proc($1)
-	ps_process_pattern($1, postfix_master_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to use
-##	postfix master process file
-##	file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`postfix_dontaudit_use_fds',`
-	gen_require(`
-		type postfix_master_t;
-	')
-
-	dontaudit $1 postfix_master_t:fd use;
-')
-
-########################################
-## <summary>
-##	Execute postfix_map in the postfix_map domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`postfix_domtrans_map',`
-	gen_require(`
-		type postfix_map_t, postfix_map_exec_t;
-	')
-
-	domtrans_pattern($1, postfix_map_exec_t, postfix_map_t)
-')
-
-########################################
-## <summary>
-##	Execute postfix_map in the postfix_map domain, and
-##	allow the specified role the postfix_map domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`postfix_run_map',`
-	gen_require(`
-		type postfix_map_t;
-	')
-
-	postfix_domtrans_map($1)
-	role $2 types postfix_map_t;
-')
-
-########################################
-## <summary>
-##	Execute the master postfix program in the
-##	postfix_master domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`postfix_domtrans_master',`
-	gen_require(`
-		type postfix_master_t, postfix_master_exec_t;
-	')
-
-	domtrans_pattern($1, postfix_master_exec_t, postfix_master_t)
-')
-
-
-########################################
-## <summary>
-##	Execute the master postfix in the postfix master domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postfix_initrc_domtrans',`
-	gen_require(`
-		type postfix_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, postfix_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute the master postfix program in the
-##	caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postfix_exec_master',`
-	gen_require(`
-		type postfix_master_exec_t;
-	')
-
-	can_exec($1, postfix_master_exec_t)
-')
-
-#######################################
-## <summary>
-##	Connect to postfix master process using a unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postfix_stream_connect_master',`
-	gen_require(`
-		type postfix_master_t, postfix_public_t;
-	')
-
-	stream_connect_pattern($1, postfix_public_t, postfix_public_t, postfix_master_t)
-')
-
-########################################
-## <summary>
-##	Execute the master postdrop in the
-##	postfix_postdrop domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`postfix_domtrans_postdrop',`
-	gen_require(`
-		type postfix_postdrop_t, postfix_postdrop_exec_t;
-	')
-
-	domtrans_pattern($1, postfix_postdrop_exec_t, postfix_postdrop_t)
-')
-
-########################################
-## <summary>
-##	Execute the master postqueue in the
-##	postfix_postqueue domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`postfix_domtrans_postqueue',`
-	gen_require(`
-		type postfix_postqueue_t, postfix_postqueue_exec_t;
-	')
-
-	domtrans_pattern($1, postfix_postqueue_exec_t, postfix_postqueue_t)
-')
-
-#######################################
-## <summary>
-##	Execute the master postqueue in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`posftix_exec_postqueue',`
-	gen_require(`
-		type postfix_postqueue_exec_t;
-	')
-
-	can_exec($1, postfix_postqueue_exec_t)
-')
-
-########################################
-## <summary>
-##	Create a named socket in a postfix private directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postfix_create_private_sockets',`
-	gen_require(`
-		type postfix_private_t;
-	')
-
-	allow $1 postfix_private_t:dir list_dir_perms;
-	create_sock_files_pattern($1, postfix_private_t, postfix_private_t)
-')
-
-########################################
-## <summary>
-##	manage named socket in a postfix private directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postfix_manage_private_sockets',`
-	gen_require(`
-		type postfix_private_t;
-	')
-
-	allow $1 postfix_private_t:dir list_dir_perms;
-	manage_sock_files_pattern($1, postfix_private_t, postfix_private_t)
-')
-
-########################################
-## <summary>
-##	Execute the master postfix program in the
-##	postfix_master domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`postfix_domtrans_smtp',`
-	gen_require(`
-		type postfix_smtp_t, postfix_smtp_exec_t;
-	')
-
-	domtrans_pattern($1, postfix_smtp_exec_t, postfix_smtp_t)
-')
-
-########################################
-## <summary>
-##	Getattr postfix mail spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postfix_getattr_spool_files',`
-	gen_require(`
-		attribute postfix_spool_type;
-	')
-
-	files_search_spool($1)
-	getattr_files_pattern($1, postfix_spool_type, postfix_spool_type)
-')
-
-########################################
-## <summary>
-##	Search postfix mail spool directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postfix_search_spool',`
-	gen_require(`
-		attribute postfix_spool_type;
-	')
-
-	allow $1 postfix_spool_type:dir search_dir_perms;
-	files_search_spool($1)
-')
-
-########################################
-## <summary>
-##	List postfix mail spool directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postfix_list_spool',`
-	gen_require(`
-		attribute postfix_spool_type;
-	')
-
-	allow $1 postfix_spool_type:dir list_dir_perms;
-	files_search_spool($1)
-')
-
-########################################
-## <summary>
-##	Read postfix mail spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postfix_read_spool_files',`
-	gen_require(`
-		attribute postfix_spool_type;
-	')
-
-	files_search_spool($1)
-	read_files_pattern($1, postfix_spool_type, postfix_spool_type)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete postfix mail spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postfix_manage_spool_files',`
-	gen_require(`
-		attribute postfix_spool_type;
-	')
-
-	files_search_spool($1)
-	manage_files_pattern($1, postfix_spool_type, postfix_spool_type)
-')
-
-########################################
-## <summary>
-##	Execute postfix user mail programs
-##	in their respective domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postfix_domtrans_user_mail_handler',`
-	gen_require(`
-		attribute postfix_user_domtrans;
-	')
-
-	typeattribute $1 postfix_user_domtrans;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an postfix environment.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`postfix_admin',`
-	gen_require(`
-		attribute postfix_spool_type;
-		type postfix_bounce_t, postfix_cleanup_t, postfix_local_t;
-		type postfix_master_t, postfix_pickup_t, postfix_qmgr_t;
-		type postfix_initrc_exec_t, postfix_data_t, postfix_etc_t;
-		type postfix_map_tmp_t, postfix_prng_t, postfix_public_t;
-		type postfix_smtpd_t, postfix_var_run_t;
-	')
-
-	allow $1 postfix_bounce_t:process { ptrace signal_perms };
-	ps_process_pattern($1, postfix_bounce_t)
-
-	allow $1 postfix_cleanup_t:process { ptrace signal_perms };
-	ps_process_pattern($1, postfix_cleanup_t)
-
-	allow $1 postfix_local_t:process { ptrace signal_perms };
-	ps_process_pattern($1, postfix_local_t)
-
-	allow $1 postfix_master_t:process { ptrace signal_perms };
-	ps_process_pattern($1, postfix_master_t)
-
-	allow $1 postfix_pickup_t:process { ptrace signal_perms };
-	ps_process_pattern($1, postfix_pickup_t)
-
-	allow $1 postfix_qmgr_t:process { ptrace signal_perms };
-	ps_process_pattern($1, postfix_qmgr_t)
-
-	allow $1 postfix_smtpd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, postfix_smtpd_t)
-
-	postfix_run_map($1, $2)
-	postfix_run_postdrop($1, $2)
-
-	postfix_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 postfix_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	admin_pattern($1, postfix_data_t) 
-
-	files_list_etc($1)
-	admin_pattern($1, postfix_etc_t)
-
-	files_list_spool($1)
-	admin_pattern($1, postfix_spool_type)
-
-	admin_pattern($1, postfix_var_run_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, postfix_map_tmp_t)
-	
-	admin_pattern($1, postfix_prng_t)
-
-	admin_pattern($1, postfix_public_t)
-')
-
-########################################
-## <summary>
-##	Execute the master postdrop in the
-##	postfix_postdrop domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`postfix_run_postdrop',`
-	gen_require(`
-		type postfix_postdrop_t;
-	')
-
-	postfix_domtrans_postdrop($1)
-	role $2 types postfix_postdrop_t;
-')
diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te
deleted file mode 100644
index 628fcda..0000000
--- a/policy/modules/services/postfix.te
+++ /dev/null
@@ -1,681 +0,0 @@
-policy_module(postfix, 1.12.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow postfix_local domain full write access to mail_spool directories
-##	</p>
-## </desc>
-gen_tunable(allow_postfix_local_write_mail_spool, false)
-
-attribute postfix_spool_type;
-attribute postfix_user_domains;
-# domains that transition to the
-# postfix user domains
-attribute postfix_user_domtrans;
-
-postfix_server_domain_template(bounce)
-
-type postfix_spool_bounce_t, postfix_spool_type;
-files_type(postfix_spool_bounce_t)
-
-postfix_server_domain_template(cleanup)
-
-type postfix_etc_t;
-files_config_file(postfix_etc_t)
-
-type postfix_exec_t;
-application_executable_file(postfix_exec_t)
-
-postfix_server_domain_template(local)
-mta_mailserver_delivery(postfix_local_t)
-
-# Program for creating database files
-type postfix_map_t;
-type postfix_map_exec_t;
-application_domain(postfix_map_t, postfix_map_exec_t)
-role system_r types postfix_map_t;
-
-type postfix_map_tmp_t;
-files_tmp_file(postfix_map_tmp_t)
-
-postfix_domain_template(master)
-typealias postfix_master_t alias postfix_t;
-# alias is a hack to make the disable trans bool
-# generation macro work
-mta_mailserver(postfix_t, postfix_master_exec_t)
-
-type postfix_initrc_exec_t;
-init_script_file(postfix_initrc_exec_t)
-
-postfix_server_domain_template(pickup)
-
-postfix_server_domain_template(pipe)
-
-postfix_user_domain_template(postdrop)
-mta_mailserver_user_agent(postfix_postdrop_t)
-
-postfix_user_domain_template(postqueue)
-mta_mailserver_user_agent(postfix_postqueue_t)
-
-type postfix_private_t;
-files_type(postfix_private_t)
-
-type postfix_prng_t;
-files_type(postfix_prng_t)
-
-postfix_server_domain_template(qmgr)
-
-postfix_user_domain_template(showq)
-
-postfix_server_domain_template(smtp)
-mta_mailserver_sender(postfix_smtp_t)
-
-postfix_server_domain_template(smtpd)
-
-type postfix_spool_t, postfix_spool_type;
-files_type(postfix_spool_t)
-
-type postfix_spool_maildrop_t, postfix_spool_type;
-files_type(postfix_spool_maildrop_t)
-
-type postfix_spool_flush_t, postfix_spool_type;
-files_type(postfix_spool_flush_t)
-
-type postfix_public_t;
-files_type(postfix_public_t)
-
-type postfix_var_run_t;
-files_pid_file(postfix_var_run_t)
-
-# the data_directory config parameter
-type postfix_data_t;
-files_type(postfix_data_t)
-
-postfix_server_domain_template(virtual)
-mta_mailserver_delivery(postfix_virtual_t)
-
-########################################
-#
-# Postfix master process local policy
-#
-
-# chown is to set the correct ownership of queue dirs
-allow postfix_master_t self:capability { chown dac_override kill setgid setuid net_bind_service sys_tty_config };
-allow postfix_master_t self:process setrlimit;
-allow postfix_master_t self:fifo_file rw_fifo_file_perms;
-allow postfix_master_t self:tcp_socket create_stream_socket_perms;
-allow postfix_master_t self:udp_socket create_socket_perms;
-
-allow postfix_master_t postfix_etc_t:dir rw_dir_perms;
-allow postfix_master_t postfix_etc_t:file rw_file_perms;
-mta_filetrans_aliases(postfix_master_t, postfix_etc_t)
-
-can_exec(postfix_master_t, postfix_exec_t)
-
-allow postfix_master_t postfix_data_t:dir manage_dir_perms;
-allow postfix_master_t postfix_data_t:file manage_file_perms;
-
-allow postfix_master_t postfix_map_exec_t:file { mmap_file_perms lock };
-
-allow postfix_master_t postfix_postdrop_exec_t:file getattr_file_perms;
-
-allow postfix_master_t postfix_postqueue_exec_t:file getattr_file_perms;
-
-manage_fifo_files_pattern(postfix_master_t, postfix_private_t, postfix_private_t)
-manage_sock_files_pattern(postfix_master_t, postfix_private_t, postfix_private_t)
-
-domtrans_pattern(postfix_master_t, postfix_postqueue_exec_t, postfix_postqueue_t)
-
-allow postfix_master_t postfix_prng_t:file rw_file_perms;
-
-manage_fifo_files_pattern(postfix_master_t, postfix_public_t, postfix_public_t)
-manage_sock_files_pattern(postfix_master_t, postfix_public_t, postfix_public_t)
-
-domtrans_pattern(postfix_master_t, postfix_showq_exec_t, postfix_showq_t)
-
-# allow access to deferred queue and allow removing bogus incoming entries
-manage_dirs_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t)
-manage_files_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t)
-files_spool_filetrans(postfix_master_t, postfix_spool_t, dir)
-
-allow postfix_master_t postfix_spool_bounce_t:dir manage_dir_perms;
-allow postfix_master_t postfix_spool_bounce_t:file getattr_file_perms;
-
-manage_dirs_pattern(postfix_master_t, postfix_spool_flush_t, postfix_spool_flush_t)
-manage_files_pattern(postfix_master_t, postfix_spool_flush_t, postfix_spool_flush_t)
-manage_lnk_files_pattern(postfix_master_t, postfix_spool_flush_t, postfix_spool_flush_t)
-
-delete_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
-rename_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
-setattr_dirs_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
-
-kernel_read_all_sysctls(postfix_master_t)
-
-corenet_all_recvfrom_unlabeled(postfix_master_t)
-corenet_all_recvfrom_netlabel(postfix_master_t)
-corenet_tcp_sendrecv_generic_if(postfix_master_t)
-corenet_udp_sendrecv_generic_if(postfix_master_t)
-corenet_tcp_sendrecv_generic_node(postfix_master_t)
-corenet_udp_sendrecv_generic_node(postfix_master_t)
-corenet_tcp_sendrecv_all_ports(postfix_master_t)
-corenet_udp_sendrecv_all_ports(postfix_master_t)
-corenet_udp_bind_generic_node(postfix_master_t)
-corenet_udp_bind_all_unreserved_ports(postfix_master_t)
-corenet_dontaudit_udp_bind_all_ports(postfix_master_t)
-corenet_tcp_bind_generic_node(postfix_master_t)
-corenet_tcp_bind_amavisd_send_port(postfix_master_t)
-corenet_tcp_bind_smtp_port(postfix_master_t)
-corenet_tcp_connect_all_ports(postfix_master_t)
-corenet_sendrecv_amavisd_send_server_packets(postfix_master_t)
-corenet_sendrecv_smtp_server_packets(postfix_master_t)
-corenet_sendrecv_all_client_packets(postfix_master_t)
-
-# for a find command
-selinux_dontaudit_search_fs(postfix_master_t)
-
-corecmd_exec_shell(postfix_master_t)
-corecmd_exec_bin(postfix_master_t)
-
-domain_use_interactive_fds(postfix_master_t)
-
-files_read_usr_files(postfix_master_t)
-files_search_var_lib(postfix_master_t)
-files_search_tmp(postfix_master_t)
-
-term_dontaudit_search_ptys(postfix_master_t)
-
-miscfiles_read_man_pages(postfix_master_t)
-
-seutil_sigchld_newrole(postfix_master_t)
-# postfix does a "find" on startup for some reason - keep it quiet
-seutil_dontaudit_search_config(postfix_master_t)
-
-mta_rw_aliases(postfix_master_t)
-mta_read_sendmail_bin(postfix_master_t)
-mta_getattr_spool(postfix_master_t)
-
-ifdef(`distro_redhat',`
-	# for newer main.cf that uses /etc/aliases
-	mta_manage_aliases(postfix_master_t)
-	mta_etc_filetrans_aliases(postfix_master_t)
-')
-
-optional_policy(`
-	cyrus_stream_connect(postfix_master_t)
-')
-
-optional_policy(`
-	kerberos_keytab_template(postfix, postfix_t)
-')
-
-optional_policy(`
-#	for postalias
-	mailman_manage_data_files(postfix_master_t)
-')
-
-optional_policy(`
-	mysql_stream_connect(postfix_master_t)
-')
-
-optional_policy(`
-	postgrey_search_spool(postfix_master_t)
-')
-
-optional_policy(`
-	sendmail_signal(postfix_master_t)
-')
-
-########################################
-#
-# Postfix bounce local policy
-#
-
-allow postfix_bounce_t self:capability dac_read_search;
-allow postfix_bounce_t self:tcp_socket create_socket_perms;
-
-allow postfix_bounce_t postfix_public_t:sock_file write;
-allow postfix_bounce_t postfix_public_t:dir search_dir_perms;
-
-manage_dirs_pattern(postfix_bounce_t, postfix_spool_t, postfix_spool_t)
-manage_files_pattern(postfix_bounce_t, postfix_spool_t, postfix_spool_t)
-manage_lnk_files_pattern(postfix_bounce_t, postfix_spool_t, postfix_spool_t)
-files_spool_filetrans(postfix_bounce_t, postfix_spool_t, dir)
-
-manage_dirs_pattern(postfix_bounce_t, postfix_spool_bounce_t, postfix_spool_bounce_t)
-manage_files_pattern(postfix_bounce_t, postfix_spool_bounce_t, postfix_spool_bounce_t)
-manage_lnk_files_pattern(postfix_bounce_t, postfix_spool_bounce_t, postfix_spool_bounce_t)
-
-########################################
-#
-# Postfix cleanup local policy
-#
-
-allow postfix_cleanup_t self:process setrlimit;
-
-# connect to master process
-stream_connect_pattern(postfix_cleanup_t, postfix_private_t, postfix_private_t, postfix_master_t)
-
-rw_fifo_files_pattern(postfix_cleanup_t, postfix_public_t, postfix_public_t)
-write_sock_files_pattern(postfix_cleanup_t, postfix_public_t, postfix_public_t)
-
-manage_dirs_pattern(postfix_cleanup_t, postfix_spool_t, postfix_spool_t)
-manage_files_pattern(postfix_cleanup_t, postfix_spool_t, postfix_spool_t)
-manage_lnk_files_pattern(postfix_cleanup_t, postfix_spool_t, postfix_spool_t)
-files_spool_filetrans(postfix_cleanup_t, postfix_spool_t, dir)
-
-allow postfix_cleanup_t postfix_spool_bounce_t:dir list_dir_perms;
-
-corecmd_exec_bin(postfix_cleanup_t)
-
-mta_read_aliases(postfix_cleanup_t)
-
-optional_policy(`
-	mailman_read_data_files(postfix_cleanup_t)
-')
-
-########################################
-#
-# Postfix local local policy
-#
-
-allow postfix_local_t self:process { setsched setrlimit };
-allow postfix_local_t self:fifo_file rw_fifo_file_perms;
-
-# connect to master process
-stream_connect_pattern(postfix_local_t, postfix_public_t, postfix_public_t, postfix_master_t)
-
-# for .forward - maybe we need a new type for it?
-rw_sock_files_pattern(postfix_local_t, postfix_private_t, postfix_private_t)
-
-domtrans_pattern(postfix_local_t, postfix_postdrop_exec_t, postfix_postdrop_t)
-
-allow postfix_local_t postfix_spool_t:file rw_file_perms;
-
-corecmd_exec_shell(postfix_local_t)
-corecmd_exec_bin(postfix_local_t)
-
-files_read_etc_files(postfix_local_t)
-
-logging_dontaudit_search_logs(postfix_local_t)
-
-mta_read_aliases(postfix_local_t)
-mta_delete_spool(postfix_local_t)
-# For reading spamassasin
-mta_read_config(postfix_local_t)
-# Handle vacation script
-mta_send_mail(postfix_local_t)
-
-userdom_read_user_home_content_files(postfix_local_t)
-
-tunable_policy(`allow_postfix_local_write_mail_spool',`
-	mta_manage_spool(postfix_local_t)
-')
-
-optional_policy(`
-	clamav_search_lib(postfix_local_t)
-	clamav_exec_clamscan(postfix_local_t)
-')
-
-optional_policy(`
-#	for postalias
-	mailman_manage_data_files(postfix_local_t)
-	mailman_append_log(postfix_local_t)
-	mailman_read_log(postfix_local_t)
-')
-
-optional_policy(`
-	nagios_search_spool(postfix_local_t)
-')
-
-optional_policy(`
-	procmail_domtrans(postfix_local_t)
-')
-
-optional_policy(`
-	zarafa_deliver_domtrans(postfix_local_t)
-')
-
-########################################
-#
-# Postfix map local policy
-#
-allow postfix_map_t self:capability { dac_override setgid setuid };
-allow postfix_map_t self:unix_stream_socket create_stream_socket_perms;
-allow postfix_map_t self:unix_dgram_socket create_socket_perms;
-allow postfix_map_t self:tcp_socket create_stream_socket_perms;
-allow postfix_map_t self:udp_socket create_socket_perms;
-
-manage_dirs_pattern(postfix_map_t, postfix_etc_t, postfix_etc_t)
-manage_files_pattern(postfix_map_t, postfix_etc_t, postfix_etc_t)
-manage_lnk_files_pattern(postfix_map_t, postfix_etc_t, postfix_etc_t)
-
-manage_dirs_pattern(postfix_map_t, postfix_map_tmp_t, postfix_map_tmp_t)
-manage_files_pattern(postfix_map_t, postfix_map_tmp_t, postfix_map_tmp_t)
-files_tmp_filetrans(postfix_map_t, postfix_map_tmp_t, { file dir })
-
-kernel_read_kernel_sysctls(postfix_map_t)
-kernel_dontaudit_list_proc(postfix_map_t)
-kernel_dontaudit_read_system_state(postfix_map_t)
-
-corenet_all_recvfrom_unlabeled(postfix_map_t)
-corenet_all_recvfrom_netlabel(postfix_map_t)
-corenet_tcp_sendrecv_generic_if(postfix_map_t)
-corenet_udp_sendrecv_generic_if(postfix_map_t)
-corenet_tcp_sendrecv_generic_node(postfix_map_t)
-corenet_udp_sendrecv_generic_node(postfix_map_t)
-corenet_tcp_sendrecv_all_ports(postfix_map_t)
-corenet_udp_sendrecv_all_ports(postfix_map_t)
-corenet_tcp_connect_all_ports(postfix_map_t)
-corenet_sendrecv_all_client_packets(postfix_map_t)
-
-corecmd_list_bin(postfix_map_t)
-corecmd_read_bin_symlinks(postfix_map_t)
-corecmd_read_bin_files(postfix_map_t)
-corecmd_read_bin_pipes(postfix_map_t)
-corecmd_read_bin_sockets(postfix_map_t)
-
-files_list_home(postfix_map_t)
-files_read_usr_files(postfix_map_t)
-files_read_etc_files(postfix_map_t)
-files_read_etc_runtime_files(postfix_map_t)
-files_dontaudit_search_var(postfix_map_t)
-
-auth_use_nsswitch(postfix_map_t)
-
-logging_send_syslog_msg(postfix_map_t)
-
-miscfiles_read_localization(postfix_map_t)
-
-optional_policy(`
-	locallogin_dontaudit_use_fds(postfix_map_t)
-')
-
-optional_policy(`
-#	for postalias
-	mailman_manage_data_files(postfix_map_t)
-')
-
-########################################
-#
-# Postfix pickup local policy
-#
-
-allow postfix_pickup_t self:tcp_socket create_socket_perms;
-
-stream_connect_pattern(postfix_pickup_t, postfix_private_t, postfix_private_t, postfix_master_t)
-
-rw_fifo_files_pattern(postfix_pickup_t, postfix_public_t, postfix_public_t)
-rw_sock_files_pattern(postfix_pickup_t, postfix_public_t, postfix_public_t)
-
-postfix_list_spool(postfix_pickup_t)
-
-allow postfix_pickup_t postfix_spool_maildrop_t:dir list_dir_perms;
-read_files_pattern(postfix_pickup_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
-delete_files_pattern(postfix_pickup_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
-
-########################################
-#
-# Postfix pipe local policy
-#
-
-allow postfix_pipe_t self:process setrlimit;
-allow postfix_pipe_t self:fifo_file rw_fifo_file_perms;
-
-write_sock_files_pattern(postfix_pipe_t, postfix_private_t, postfix_private_t)
-
-write_fifo_files_pattern(postfix_pipe_t, postfix_public_t, postfix_public_t)
-
-rw_files_pattern(postfix_pipe_t, postfix_spool_t, postfix_spool_t)
-
-domtrans_pattern(postfix_pipe_t, postfix_postdrop_exec_t, postfix_postdrop_t)
-
-corecmd_exec_bin(postfix_pipe_t)
-
-optional_policy(`
-	dovecot_domtrans_deliver(postfix_pipe_t)
-')
-
-optional_policy(`
-	procmail_domtrans(postfix_pipe_t)
-')
-
-optional_policy(`
-	mailman_domtrans_queue(postfix_pipe_t)
-')
-
-optional_policy(`
-	mta_manage_spool(postfix_pipe_t)
-	mta_send_mail(postfix_pipe_t)
-')
-
-optional_policy(`
-	spamassassin_domtrans_client(postfix_pipe_t)
-	spamassassin_kill_client(postfix_pipe_t)
-')
-
-optional_policy(`
-	uucp_domtrans_uux(postfix_pipe_t)
-')
-
-########################################
-#
-# Postfix postdrop local policy
-#
-
-# usually it does not need a UDP socket
-allow postfix_postdrop_t self:capability sys_resource;
-allow postfix_postdrop_t self:tcp_socket create;
-allow postfix_postdrop_t self:udp_socket create_socket_perms;
-
-# Might be a leak, but I need a postfix expert to explain
-allow postfix_postdrop_t postfix_local_t:unix_stream_socket { read write };
-
-rw_fifo_files_pattern(postfix_postdrop_t, postfix_public_t, postfix_public_t)
-
-postfix_list_spool(postfix_postdrop_t)
-manage_files_pattern(postfix_postdrop_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
-
-corenet_udp_sendrecv_generic_if(postfix_postdrop_t)
-corenet_udp_sendrecv_generic_node(postfix_postdrop_t)
-
-term_dontaudit_use_all_ptys(postfix_postdrop_t)
-term_dontaudit_use_all_ttys(postfix_postdrop_t)
-
-mta_rw_user_mail_stream_sockets(postfix_postdrop_t)
-
-optional_policy(`
-	apache_dontaudit_rw_fifo_file(postfix_postdrop_t)
-')
-
-optional_policy(`
-	cron_system_entry(postfix_postdrop_t, postfix_postdrop_exec_t)
-')
-
-# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239951
-optional_policy(`
-	fstools_read_pipes(postfix_postdrop_t)
-')
-
-optional_policy(`
-	sendmail_rw_unix_stream_sockets(postfix_postdrop_t)
-')
-
-optional_policy(`
-	uucp_manage_spool(postfix_postdrop_t)
-')
-
-#######################################
-#
-# Postfix postqueue local policy
-#
-
-allow postfix_postqueue_t self:tcp_socket create;
-allow postfix_postqueue_t self:udp_socket { create ioctl };
-
-# wants to write to /var/spool/postfix/public/showq
-stream_connect_pattern(postfix_postqueue_t, postfix_public_t, postfix_public_t, postfix_master_t)
-
-# write to /var/spool/postfix/public/qmgr
-write_fifo_files_pattern(postfix_postqueue_t, postfix_public_t, postfix_public_t)
-
-domtrans_pattern(postfix_postqueue_t, postfix_showq_exec_t, postfix_showq_t)
-
-# to write the mailq output, it really should not need read access!
-term_use_all_ptys(postfix_postqueue_t)
-term_use_all_ttys(postfix_postqueue_t)
-
-init_sigchld_script(postfix_postqueue_t)
-init_use_script_fds(postfix_postqueue_t)
-
-optional_policy(`
-	cron_system_entry(postfix_postqueue_t, postfix_postqueue_exec_t)
-')
-
-optional_policy(`
-	ppp_use_fds(postfix_postqueue_t)
-	ppp_sigchld(postfix_postqueue_t)
-')
-
-########################################
-#
-# Postfix qmgr local policy
-#
-
-stream_connect_pattern(postfix_qmgr_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t }, postfix_master_t)
-
-rw_fifo_files_pattern(postfix_qmgr_t, postfix_public_t, postfix_public_t)
-
-# for /var/spool/postfix/active
-manage_dirs_pattern(postfix_qmgr_t, postfix_spool_t, postfix_spool_t)
-manage_files_pattern(postfix_qmgr_t, postfix_spool_t, postfix_spool_t)
-manage_lnk_files_pattern(postfix_qmgr_t, postfix_spool_t, postfix_spool_t)
-files_spool_filetrans(postfix_qmgr_t, postfix_spool_t, dir)
-
-allow postfix_qmgr_t postfix_spool_bounce_t:dir list_dir_perms;
-allow postfix_qmgr_t postfix_spool_bounce_t:file read_file_perms;
-allow postfix_qmgr_t postfix_spool_bounce_t:lnk_file read_lnk_file_perms;
-
-corecmd_exec_bin(postfix_qmgr_t)
-
-########################################
-#
-# Postfix showq local policy
-#
-
-allow postfix_showq_t self:capability { setuid setgid };
-allow postfix_showq_t self:tcp_socket create_socket_perms;
-
-allow postfix_showq_t postfix_master_t:unix_stream_socket { accept rw_socket_perms };
-
-allow postfix_showq_t postfix_spool_t:file read_file_perms;
-
-postfix_list_spool(postfix_showq_t)
-
-allow postfix_showq_t postfix_spool_maildrop_t:dir list_dir_perms;
-allow postfix_showq_t postfix_spool_maildrop_t:file read_file_perms;
-allow postfix_showq_t postfix_spool_maildrop_t:lnk_file read_lnk_file_perms;
-
-# to write the mailq output, it really should not need read access!
-term_use_all_ptys(postfix_showq_t)
-term_use_all_ttys(postfix_showq_t)
-
-########################################
-#
-# Postfix smtp delivery local policy
-#
-
-# connect to master process
-allow postfix_smtp_t self:capability sys_chroot;
-stream_connect_pattern(postfix_smtp_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t }, postfix_master_t)
-
-allow postfix_smtp_t postfix_prng_t:file rw_file_perms;
-
-allow postfix_smtp_t postfix_spool_t:file rw_file_perms;
-
-files_search_all_mountpoints(postfix_smtp_t)
-
-optional_policy(`
-	cyrus_stream_connect(postfix_smtp_t)
-')
-
-optional_policy(`
-	milter_stream_connect_all(postfix_smtp_t)
-')
-
-########################################
-#
-# Postfix smtpd local policy
-#
-allow postfix_smtpd_t postfix_master_t:tcp_socket rw_stream_socket_perms;
-
-# connect to master process
-stream_connect_pattern(postfix_smtpd_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t }, postfix_master_t)
-
-# Connect to policy server
-corenet_tcp_connect_postfix_policyd_port(postfix_smtpd_t)
-
-# for prng_exch
-allow postfix_smtpd_t postfix_spool_t:file rw_file_perms;
-allow postfix_smtpd_t postfix_prng_t:file rw_file_perms;
-
-corecmd_exec_bin(postfix_smtpd_t)
-
-# for OpenSSL certificates
-files_read_usr_files(postfix_smtpd_t)
-
-# postfix checks the size of all mounted file systems
-fs_getattr_all_dirs(postfix_smtpd_t)
-fs_getattr_all_fs(postfix_smtpd_t)
-
-mta_read_aliases(postfix_smtpd_t)
-
-optional_policy(`
-	dovecot_stream_connect_auth(postfix_smtpd_t)
-')
-
-optional_policy(`
-	mailman_read_data_files(postfix_smtpd_t)
-')
-
-optional_policy(`
-	postgrey_stream_connect(postfix_smtpd_t)
-')
-
-optional_policy(`
-	sasl_connect(postfix_smtpd_t)
-')
-
-########################################
-#
-# Postfix virtual local policy
-#
-
-allow postfix_virtual_t self:process { setsched setrlimit };
-allow postfix_virtual_t self:fifo_file rw_fifo_file_perms;
-
-allow postfix_virtual_t postfix_spool_t:file rw_file_perms;
-
-# connect to master process
-stream_connect_pattern(postfix_virtual_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t }, postfix_master_t)
-
-corecmd_exec_shell(postfix_virtual_t)
-corecmd_exec_bin(postfix_virtual_t)
-
-files_read_etc_files(postfix_virtual_t)
-files_read_usr_files(postfix_virtual_t)
-
-mta_read_aliases(postfix_virtual_t)
-mta_delete_spool(postfix_virtual_t)
-# For reading spamassasin
-mta_read_config(postfix_virtual_t)
-mta_manage_spool(postfix_virtual_t)
-
-userdom_manage_user_home_dirs(postfix_virtual_t)
-userdom_manage_user_home_content(postfix_virtual_t)
-userdom_home_filetrans_user_home_dir(postfix_virtual_t)
-userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, {file dir })
diff --git a/policy/modules/services/postfixpolicyd.fc b/policy/modules/services/postfixpolicyd.fc
deleted file mode 100644
index 4361cb6..0000000
--- a/policy/modules/services/postfixpolicyd.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-/etc/policyd.conf		--	gen_context(system_u:object_r:postfix_policyd_conf_t, s0)
-/etc/rc\.d/init\.d/postfixpolicyd --	gen_context(system_u:object_r:postfix_policyd_initrc_exec_t,s0)
-
-/usr/sbin/policyd		--	gen_context(system_u:object_r:postfix_policyd_exec_t, s0)
-
-/var/run/policyd\.pid		--	gen_context(system_u:object_r:postfix_policyd_var_run_t, s0)
diff --git a/policy/modules/services/postfixpolicyd.if b/policy/modules/services/postfixpolicyd.if
deleted file mode 100644
index d960d3f..0000000
--- a/policy/modules/services/postfixpolicyd.if
+++ /dev/null
@@ -1,39 +0,0 @@
-## <summary>Postfix policy server</summary>
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an postfixpolicyd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the postfixpolicyd domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`postfixpolicyd_admin',`
-	gen_require(`
-		type postfix_policyd_t, postfix_policyd_conf_t;
-		type postfix_policyd_var_run_t, postfix_policyd_initrc_exec_t;
-	')
-
-	allow $1 postfix_policyd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, postfix_policyd_t)
-
-	init_labeled_script_domtrans($1, postfix_policyd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 postfix_policyd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, postfix_policyd_conf_t)
-
-	files_list_pids($1)
-	admin_pattern($1, postfix_policyd_var_run_t)
-')
diff --git a/policy/modules/services/postfixpolicyd.te b/policy/modules/services/postfixpolicyd.te
deleted file mode 100644
index 7d73656..0000000
--- a/policy/modules/services/postfixpolicyd.te
+++ /dev/null
@@ -1,53 +0,0 @@
-policy_module(postfixpolicyd, 1.2.0)
-
-########################################
-#
-# Declarations
-#
-
-type postfix_policyd_t;
-type postfix_policyd_exec_t;
-init_daemon_domain(postfix_policyd_t, postfix_policyd_exec_t)
-
-type postfix_policyd_conf_t;
-files_config_file(postfix_policyd_conf_t)
-
-type postfix_policyd_initrc_exec_t;
-init_script_file(postfix_policyd_initrc_exec_t)
-
-type postfix_policyd_var_run_t;
-files_pid_file(postfix_policyd_var_run_t)
-
-########################################
-#
-# Local Policy
-#
-
-allow postfix_policyd_t self:capability { sys_resource sys_chroot setgid setuid };
-allow postfix_policyd_t self:process setrlimit;
-allow postfix_policyd_t self:tcp_socket create_stream_socket_perms;
-allow postfix_policyd_t self:unix_dgram_socket create_socket_perms;
-
-allow postfix_policyd_t postfix_policyd_conf_t:dir list_dir_perms;
-allow postfix_policyd_t postfix_policyd_conf_t:file read_file_perms;
-allow postfix_policyd_t postfix_policyd_conf_t:lnk_file read_lnk_file_perms;
-
-manage_files_pattern(postfix_policyd_t, postfix_policyd_var_run_t, postfix_policyd_var_run_t)
-files_pid_filetrans(postfix_policyd_t, postfix_policyd_var_run_t, file)
-
-corenet_all_recvfrom_unlabeled(postfix_policyd_t)
-corenet_tcp_sendrecv_generic_if(postfix_policyd_t)
-corenet_tcp_sendrecv_generic_node(postfix_policyd_t)
-corenet_tcp_sendrecv_all_ports(postfix_policyd_t)
-corenet_tcp_bind_generic_node(postfix_policyd_t)
-corenet_tcp_bind_postfix_policyd_port(postfix_policyd_t)
-corenet_tcp_bind_mysqld_port(postfix_policyd_t)
-
-files_read_etc_files(postfix_policyd_t)
-files_read_usr_files(postfix_policyd_t)
-
-logging_send_syslog_msg(postfix_policyd_t)
-
-miscfiles_read_localization(postfix_policyd_t)
-
-sysnet_dns_name_resolve(postfix_policyd_t)
diff --git a/policy/modules/services/postgresql.fc b/policy/modules/services/postgresql.fc
deleted file mode 100644
index f03fad4..0000000
--- a/policy/modules/services/postgresql.fc
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# /etc
-#
-/etc/postgresql(/.*)?			gen_context(system_u:object_r:postgresql_etc_t,s0)
-/etc/rc\.d/init\.d/(se)?postgresql --	gen_context(system_u:object_r:postgresql_initrc_exec_t,s0)
-/etc/sysconfig/pgsql(/.*)? 		gen_context(system_u:object_r:postgresql_etc_t,s0)
-
-#
-# /usr
-#
-/usr/bin/initdb(\.sepgsql)?	--	gen_context(system_u:object_r:postgresql_exec_t,s0)
-/usr/bin/(se)?postgres		--	gen_context(system_u:object_r:postgresql_exec_t,s0)
-
-/usr/lib(64)?/pgsql/test/regress(/.*)?	gen_context(system_u:object_r:postgresql_db_t,s0)
-/usr/lib(64)?/pgsql/test/regress/pg_regress -- gen_context(system_u:object_r:postgresql_exec_t,s0)
-/usr/lib(64)?/postgresql/bin/.* --	gen_context(system_u:object_r:postgresql_exec_t,s0)
-
-ifdef(`distro_debian', `
-/usr/lib/postgresql/.*/bin/.*	--	gen_context(system_u:object_r:postgresql_exec_t,s0)
-')
-
-ifdef(`distro_redhat', `
-/usr/share/jonas/pgsql(/.*)?		gen_context(system_u:object_r:postgresql_db_t,s0)
-')
-
-#
-# /var
-#
-/var/lib/postgres(ql)?(/.*)? 		gen_context(system_u:object_r:postgresql_db_t,s0)
-
-/var/lib/pgsql/data(/.*)?		gen_context(system_u:object_r:postgresql_db_t,s0)
-/var/lib/pgsql/logfile(/.*)?		gen_context(system_u:object_r:postgresql_log_t,s0)
-/var/lib/pgsql/pgstartup\.log		gen_context(system_u:object_r:postgresql_log_t,s0)
-
-/var/lib/sepgsql(/.*)?			gen_context(system_u:object_r:postgresql_db_t,s0)
-/var/lib/sepgsql/pgstartup\.log	--	gen_context(system_u:object_r:postgresql_log_t,s0)
-
-/var/log/postgres\.log.* 	--	gen_context(system_u:object_r:postgresql_log_t,s0)
-/var/log/postgresql(/.*)?		gen_context(system_u:object_r:postgresql_log_t,s0)
-/var/log/sepostgresql\.log.*	--	gen_context(system_u:object_r:postgresql_log_t,s0)
-
-ifdef(`distro_redhat', `
-/var/log/rhdb/rhdb(/.*)?		gen_context(system_u:object_r:postgresql_log_t,s0)
-')
-
-/var/run/postgresql(/.*)?		gen_context(system_u:object_r:postgresql_var_run_t,s0)
-
-/var/run/postmaster.*			gen_context(system_u:object_r:postgresql_var_run_t,s0)
diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if
deleted file mode 100644
index 4782bdb..0000000
--- a/policy/modules/services/postgresql.if
+++ /dev/null
@@ -1,454 +0,0 @@
-## <summary>PostgreSQL relational database</summary>
-
-#######################################
-## <summary>
-##	Role access for SE-PostgreSQL.
-## </summary>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-interface(`postgresql_role',`
-	gen_require(`
-		class db_database all_db_database_perms;
-		class db_table all_db_table_perms;
-		class db_procedure all_db_procedure_perms;
-		class db_column all_db_column_perms;
-		class db_tuple all_db_tuple_perms;
-		class db_blob all_db_blob_perms;
-
-		attribute sepgsql_client_type, sepgsql_database_type;
-		attribute sepgsql_sysobj_table_type;
-
-		type sepgsql_trusted_proc_exec_t, sepgsql_trusted_proc_t;
-		type user_sepgsql_blob_t, user_sepgsql_proc_exec_t;
-		type user_sepgsql_sysobj_t, user_sepgsql_table_t;
-	')
-
-	########################################
-	#
-	# Declarations
-	#
-
-	typeattribute $2 sepgsql_client_type;
-	role $1 types sepgsql_trusted_proc_t;
-
-	##############################
-	#
-	# Client local policy
-	#
-
-	allow $2 user_sepgsql_table_t:db_table	{ getattr use select update insert delete lock };
-	allow $2 user_sepgsql_table_t:db_column { getattr use select update insert };
-	allow $2 user_sepgsql_table_t:db_tuple	{ use select update insert delete };
-	type_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t;
-
-	allow $2 user_sepgsql_sysobj_t:db_tuple	{ use select };
-	type_transition $2 sepgsql_sysobj_table_type:db_tuple user_sepgsql_sysobj_t;
-
-	allow $2 user_sepgsql_proc_exec_t:db_procedure { getattr execute };
-	type_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t;
-
-	allow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };
-	type_transition $2 sepgsql_database_type:db_blob user_sepgsql_blob_t;
-
-	allow $2 sepgsql_trusted_proc_t:process transition;
-	type_transition $2 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
-
-	tunable_policy(`sepgsql_enable_users_ddl',`
-		allow $2 user_sepgsql_table_t:db_table { create drop setattr };
-		allow $2 user_sepgsql_table_t:db_column { create drop setattr };
-
-		allow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete };
-		allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr };
-	')
-')
-
-########################################
-## <summary>
-##	Marks as a SE-PostgreSQL loadable shared library module
-## </summary>
-## <param name="type">
-##	<summary>
-##	Type marked as a database object type.
-##	</summary>
-## </param>
-#
-interface(`postgresql_loadable_module',`
-	gen_require(`
-		attribute sepgsql_module_type;
-	')
-
-	typeattribute $1 sepgsql_module_type;
-')
-
-########################################
-## <summary>
-##	Marks as a SE-PostgreSQL database object type
-## </summary>
-## <param name="type">
-##	<summary>
-##	Type marked as a database object type.
-##	</summary>
-## </param>
-#
-interface(`postgresql_database_object',`
-	gen_require(`
-		attribute sepgsql_database_type;
-	')
-
-	typeattribute $1 sepgsql_database_type;
-')
-
-########################################
-## <summary>
-##	Marks as a SE-PostgreSQL table/column/tuple object type
-## </summary>
-## <param name="type">
-##	<summary>
-##	Type marked as a table/column/tuple object type.
-##	</summary>
-## </param>
-#
-interface(`postgresql_table_object',`
-	gen_require(`
-		attribute sepgsql_table_type;
-	')
-
-	typeattribute $1 sepgsql_table_type;
-')
-
-########################################
-## <summary>
-##	Marks as a SE-PostgreSQL system table/column/tuple object type
-## </summary>
-## <param name="type">
-##	<summary>
-##	Type marked as a table/column/tuple object type.
-##	</summary>
-## </param>
-#
-interface(`postgresql_system_table_object',`
-	gen_require(`
-		attribute sepgsql_table_type, sepgsql_sysobj_table_type;
-	')
-
-	typeattribute $1 sepgsql_table_type;
-	typeattribute $1 sepgsql_sysobj_table_type;
-')
-
-########################################
-## <summary>
-##	Marks as a SE-PostgreSQL procedure object type
-## </summary>
-## <param name="type">
-##	<summary>
-##	Type marked as a database object type.
-##	</summary>
-## </param>
-#
-interface(`postgresql_procedure_object',`
-	gen_require(`
-		attribute sepgsql_procedure_type;
-	')
-
-	typeattribute $1 sepgsql_procedure_type;
-')
-
-########################################
-## <summary>
-##	Marks as a SE-PostgreSQL binary large object type
-## </summary>
-## <param name="type">
-##	<summary>
-##	Type marked as a database binary large object type.
-##	</summary>
-## </param>
-#
-interface(`postgresql_blob_object',`
-	gen_require(`
-		attribute sepgsql_blob_type;
-	')
-
-	typeattribute $1 sepgsql_blob_type;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to search postgresql's database directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postgresql_search_db',`
-	gen_require(`
-		type postgresql_db_t;
-	')
-
-	allow $1 postgresql_db_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to manage postgresql's database.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postgresql_manage_db',`
-	gen_require(`
-		type postgresql_db_t;
-	')
-
-	allow $1 postgresql_db_t:dir rw_dir_perms;
-	allow $1 postgresql_db_t:file rw_file_perms;
-	allow $1 postgresql_db_t:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute postgresql in the postgresql domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`postgresql_domtrans',`
-	gen_require(`
-		type postgresql_t, postgresql_exec_t;
-	')
-
-	domtrans_pattern($1, postgresql_exec_t, postgresql_t)
-')
-
-######################################
-## <summary>
-##	Allow domain to signal postgresql
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postgresql_signal',`
-	gen_require(`
-		type postgresql_t;
-	')
-	allow $1 postgresql_t:process signal;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read postgresql's etc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`postgresql_read_config',`
-	gen_require(`
-		type postgresql_etc_t;
-	')
-
-	files_search_etc($1)
-	allow $1 postgresql_etc_t:dir list_dir_perms;
-	allow $1 postgresql_etc_t:file read_file_perms;
-	allow $1 postgresql_etc_t:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to connect to postgresql with a tcp socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postgresql_tcp_connect',`
-	gen_require(`
-		type postgresql_t;
-	')
-
-	corenet_tcp_recvfrom_labeled($1, postgresql_t)
-	corenet_tcp_sendrecv_postgresql_port($1)
-	corenet_tcp_connect_postgresql_port($1)
-	corenet_sendrecv_postgresql_client_packets($1)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to connect to postgresql with a unix socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postgresql_stream_connect',`
-	gen_require(`
-		type postgresql_t, postgresql_var_run_t, postgresql_tmp_t;
-	')
-
-	files_search_pids($1)
-	files_search_tmp($1)
-	stream_connect_pattern($1, { postgresql_var_run_t postgresql_tmp_t }, { postgresql_var_run_t postgresql_tmp_t }, postgresql_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain unprivileged accesses to unifined database objects
-##	managed by SE-PostgreSQL,
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postgresql_unpriv_client',`
-	gen_require(`
-		class db_database all_db_database_perms;
-		class db_table all_db_table_perms;
-		class db_procedure all_db_procedure_perms;
-		class db_column all_db_column_perms;
-		class db_tuple all_db_tuple_perms;
-		class db_blob all_db_blob_perms;
-
-		attribute sepgsql_client_type;
-		attribute sepgsql_database_type, sepgsql_sysobj_table_type;
-
-		type sepgsql_trusted_proc_t, sepgsql_trusted_proc_exec_t;
-		type unpriv_sepgsql_blob_t, unpriv_sepgsql_proc_exec_t;
-		type unpriv_sepgsql_sysobj_t, unpriv_sepgsql_table_t;
-	')
-
-	########################################
-	#
-	# Declarations
-	#
-
-	typeattribute $1 sepgsql_client_type;
-
-	########################################
-	#
-	# Client local policy
-	#
-
-	type_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
-	allow $1 sepgsql_trusted_proc_t:process transition;
-
-	allow $1 unpriv_sepgsql_table_t:db_table { getattr use select update insert delete lock };
-	allow $1 unpriv_sepgsql_table_t:db_column { getattr use select update insert };
-	allow $1 unpriv_sepgsql_table_t:db_tuple { use select update insert delete };
-	type_transition $1 sepgsql_database_type:db_table unpriv_sepgsql_table_t;
-
-	allow $1 unpriv_sepgsql_sysobj_t:db_tuple { use select };
-	type_transition $1 sepgsql_sysobj_table_type:db_tuple unpriv_sepgsql_sysobj_t;
-
-	allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { getattr execute };
-	type_transition $1 sepgsql_database_type:db_procedure unpriv_sepgsql_proc_exec_t;
-
-	allow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };
-	type_transition $1 sepgsql_database_type:db_blob unpriv_sepgsql_blob_t;
-
-	tunable_policy(`sepgsql_enable_users_ddl',`
-		allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };
-		allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr };
-		allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete };
-		allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr };
-	')
-')
-
-########################################
-## <summary>
-##	Allow the specified domain unconfined accesses to any database objects
-##	managed by SE-PostgreSQL,
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postgresql_unconfined',`
-	gen_require(`
-		attribute sepgsql_unconfined_type;
-	')
-
-	typeattribute $1 sepgsql_unconfined_type;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate an postgresql environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the postgresql domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`postgresql_admin',`
-	gen_require(`
-		attribute sepgsql_admin_type, sepgsql_client_type;
-		type postgresql_t, postgresql_var_run_t, postgresql_initrc_exec_t;
-		type postgresql_tmp_t, postgresql_db_t, postgresql_log_t;
-		type postgresql_etc_t;
-	')
-
-	typeattribute $1 sepgsql_admin_type;
-
-	allow $1 postgresql_t:process { ptrace signal_perms };
-	ps_process_pattern($1, postgresql_t)
-
-	init_labeled_script_domtrans($1, postgresql_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 postgresql_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_pids($1)
-	admin_pattern($1, postgresql_var_run_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, postgresql_db_t)
-
-	files_list_etc($1)
-	admin_pattern($1, postgresql_etc_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, postgresql_log_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, postgresql_tmp_t)
-
-	postgresql_tcp_connect($1)
-	postgresql_stream_connect($1)
-')
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
deleted file mode 100644
index b4101fa..0000000
--- a/policy/modules/services/postgresql.te
+++ /dev/null
@@ -1,418 +0,0 @@
-policy_module(postgresql, 1.11.1)
-
-gen_require(`
-	class db_database all_db_database_perms;
-	class db_table all_db_table_perms;
-	class db_procedure all_db_procedure_perms;
-	class db_column all_db_column_perms;
-	class db_tuple all_db_tuple_perms;
-	class db_blob all_db_blob_perms;
-')
-
-#################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow unprived users to execute DDL statement
-##	</p>
-## </desc>
-gen_tunable(sepgsql_enable_users_ddl, true)
-
-## <desc>
-##	<p>
-##	Allow database admins to execute DML statement
-##	</p>
-## </desc>
-gen_tunable(sepgsql_unconfined_dbadm, true)
-
-type postgresql_t;
-type postgresql_exec_t;
-init_daemon_domain(postgresql_t, postgresql_exec_t)
-
-type postgresql_db_t;
-files_type(postgresql_db_t)
-
-type postgresql_etc_t;
-files_config_file(postgresql_etc_t)
-
-type postgresql_initrc_exec_t;
-init_script_file(postgresql_initrc_exec_t)
-
-type postgresql_lock_t;
-files_lock_file(postgresql_lock_t)
-
-type postgresql_log_t;
-logging_log_file(postgresql_log_t)
-
-type postgresql_tmp_t;
-files_tmp_file(postgresql_tmp_t)
-
-type postgresql_var_run_t;
-files_pid_file(postgresql_var_run_t)
-
-# database clients attribute
-attribute sepgsql_admin_type;
-attribute sepgsql_client_type;
-attribute sepgsql_unconfined_type;
-
-# database objects attribute
-attribute sepgsql_database_type;
-attribute sepgsql_table_type;
-attribute sepgsql_sysobj_table_type;
-attribute sepgsql_procedure_type;
-attribute sepgsql_blob_type;
-attribute sepgsql_module_type;
-
-# database object types
-type sepgsql_blob_t;
-postgresql_blob_object(sepgsql_blob_t)
-
-type sepgsql_db_t;
-postgresql_database_object(sepgsql_db_t)
-
-type sepgsql_fixed_table_t;
-postgresql_table_object(sepgsql_fixed_table_t)
-
-type sepgsql_proc_exec_t;
-typealias sepgsql_proc_exec_t alias sepgsql_proc_t;
-postgresql_procedure_object(sepgsql_proc_exec_t)
-
-type sepgsql_ro_blob_t;
-postgresql_blob_object(sepgsql_ro_blob_t)
-
-type sepgsql_ro_table_t;
-postgresql_table_object(sepgsql_ro_table_t)
-
-type sepgsql_secret_blob_t;
-postgresql_blob_object(sepgsql_secret_blob_t)
-
-type sepgsql_secret_table_t;
-postgresql_table_object(sepgsql_secret_table_t)
-
-type sepgsql_sysobj_t;
-postgresql_system_table_object(sepgsql_sysobj_t)
-
-type sepgsql_table_t;
-postgresql_table_object(sepgsql_table_t)
-
-type sepgsql_trusted_proc_exec_t;
-postgresql_procedure_object(sepgsql_trusted_proc_exec_t)
-
-# Trusted Procedure Domain
-type sepgsql_trusted_proc_t;
-domain_type(sepgsql_trusted_proc_t)
-postgresql_unconfined(sepgsql_trusted_proc_t)
-role system_r types sepgsql_trusted_proc_t;
-
-# Types for unprivileged client
-type unpriv_sepgsql_blob_t;
-postgresql_blob_object(unpriv_sepgsql_blob_t)
-
-type unpriv_sepgsql_proc_exec_t;
-postgresql_procedure_object(unpriv_sepgsql_proc_exec_t)
-
-type unpriv_sepgsql_sysobj_t;
-postgresql_system_table_object(unpriv_sepgsql_sysobj_t)
-
-type unpriv_sepgsql_table_t;
-postgresql_table_object(unpriv_sepgsql_table_t)
-
-# Types for UBAC
-type user_sepgsql_blob_t;
-typealias user_sepgsql_blob_t alias { staff_sepgsql_blob_t sysadm_sepgsql_blob_t };
-typealias user_sepgsql_blob_t alias { auditadm_sepgsql_blob_t secadm_sepgsql_blob_t };
-postgresql_blob_object(user_sepgsql_blob_t)
-
-type user_sepgsql_proc_exec_t;
-typealias user_sepgsql_proc_exec_t alias { staff_sepgsql_proc_exec_t sysadm_sepgsql_proc_exec_t };
-typealias user_sepgsql_proc_exec_t alias { auditadm_sepgsql_proc_exec_t secadm_sepgsql_proc_exec_t };
-postgresql_procedure_object(user_sepgsql_proc_exec_t)
-
-type user_sepgsql_sysobj_t;
-typealias user_sepgsql_sysobj_t alias { staff_sepgsql_sysobj_t sysadm_sepgsql_sysobj_t };
-typealias user_sepgsql_sysobj_t alias { auditadm_sepgsql_sysobj_t secadm_sepgsql_sysobj_t };
-postgresql_system_table_object(user_sepgsql_sysobj_t)
-
-type user_sepgsql_table_t;
-typealias user_sepgsql_table_t alias { staff_sepgsql_table_t sysadm_sepgsql_table_t };
-typealias user_sepgsql_table_t alias { auditadm_sepgsql_table_t secadm_sepgsql_table_t };
-postgresql_table_object(user_sepgsql_table_t)
-
-########################################
-#
-# postgresql Local policy
-#
-allow postgresql_t self:capability { kill dac_override dac_read_search chown fowner fsetid setuid setgid sys_nice sys_tty_config sys_admin };
-dontaudit postgresql_t self:capability { sys_tty_config sys_admin };
-allow postgresql_t self:process signal_perms;
-allow postgresql_t self:fifo_file rw_fifo_file_perms;
-allow postgresql_t self:file { getattr read };
-allow postgresql_t self:sem create_sem_perms;
-allow postgresql_t self:shm create_shm_perms;
-allow postgresql_t self:tcp_socket create_stream_socket_perms;
-allow postgresql_t self:udp_socket create_stream_socket_perms;
-allow postgresql_t self:unix_dgram_socket create_socket_perms;
-allow postgresql_t self:unix_stream_socket create_stream_socket_perms;
-allow postgresql_t self:netlink_selinux_socket create_socket_perms;
-
-allow postgresql_t sepgsql_database_type:db_database *;
-type_transition postgresql_t postgresql_t:db_database sepgsql_db_t;
-
-allow postgresql_t sepgsql_module_type:db_database install_module;
-# Database/Loadable module
-allow sepgsql_database_type sepgsql_module_type:db_database load_module;
-
-allow postgresql_t sepgsql_table_type:{ db_table db_column db_tuple } *;
-type_transition postgresql_t sepgsql_database_type:db_table sepgsql_sysobj_t;
-
-allow postgresql_t sepgsql_procedure_type:db_procedure *;
-type_transition postgresql_t sepgsql_database_type:db_procedure sepgsql_proc_exec_t;
-
-allow postgresql_t sepgsql_blob_type:db_blob *;
-type_transition postgresql_t sepgsql_database_type:db_blob sepgsql_blob_t;
-
-manage_dirs_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
-manage_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
-manage_lnk_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
-manage_fifo_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
-manage_sock_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
-files_var_lib_filetrans(postgresql_t, postgresql_db_t, { dir file lnk_file sock_file fifo_file })
-
-allow postgresql_t postgresql_etc_t:dir list_dir_perms;
-read_files_pattern(postgresql_t, postgresql_etc_t, postgresql_etc_t)
-read_lnk_files_pattern(postgresql_t, postgresql_etc_t, postgresql_etc_t)
-
-allow postgresql_t postgresql_exec_t:lnk_file read_lnk_file_perms;
-can_exec(postgresql_t, postgresql_exec_t )
-
-allow postgresql_t postgresql_lock_t:file manage_file_perms;
-files_lock_filetrans(postgresql_t, postgresql_lock_t, file)
-
-manage_files_pattern(postgresql_t, postgresql_log_t, postgresql_log_t)
-logging_log_filetrans(postgresql_t, postgresql_log_t, { file dir })
-
-manage_dirs_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
-manage_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
-manage_lnk_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
-manage_fifo_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
-manage_sock_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
-files_tmp_filetrans(postgresql_t, postgresql_tmp_t, { dir file sock_file })
-fs_tmpfs_filetrans(postgresql_t, postgresql_tmp_t, { dir file lnk_file sock_file fifo_file })
-
-manage_dirs_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
-manage_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
-manage_sock_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
-files_pid_filetrans(postgresql_t, postgresql_var_run_t, { dir file })
-
-kernel_read_kernel_sysctls(postgresql_t)
-kernel_read_system_state(postgresql_t)
-kernel_list_proc(postgresql_t)
-kernel_read_all_sysctls(postgresql_t)
-kernel_read_proc_symlinks(postgresql_t)
-
-corenet_all_recvfrom_unlabeled(postgresql_t)
-corenet_all_recvfrom_netlabel(postgresql_t)
-corenet_tcp_sendrecv_generic_if(postgresql_t)
-corenet_udp_sendrecv_generic_if(postgresql_t)
-corenet_tcp_sendrecv_generic_node(postgresql_t)
-corenet_udp_sendrecv_generic_node(postgresql_t)
-corenet_tcp_sendrecv_all_ports(postgresql_t)
-corenet_udp_sendrecv_all_ports(postgresql_t)
-corenet_udp_bind_generic_node(postgresql_t)
-corenet_tcp_bind_generic_node(postgresql_t)
-corenet_tcp_bind_postgresql_port(postgresql_t)
-corenet_tcp_connect_auth_port(postgresql_t)
-corenet_tcp_connect_postgresql_port(postgresql_t)
-corenet_sendrecv_postgresql_server_packets(postgresql_t)
-corenet_sendrecv_auth_client_packets(postgresql_t)
-
-dev_read_sysfs(postgresql_t)
-dev_read_urand(postgresql_t)
-
-fs_getattr_all_fs(postgresql_t)
-fs_search_auto_mountpoints(postgresql_t)
-fs_rw_hugetlbfs_files(postgresql_t)
-
-selinux_get_enforce_mode(postgresql_t)
-selinux_validate_context(postgresql_t)
-selinux_compute_access_vector(postgresql_t)
-selinux_compute_create_context(postgresql_t)
-selinux_compute_relabel_context(postgresql_t)
-
-term_use_controlling_term(postgresql_t)
-
-corecmd_exec_bin(postgresql_t)
-corecmd_exec_shell(postgresql_t)
-
-domain_dontaudit_list_all_domains_state(postgresql_t)
-domain_use_interactive_fds(postgresql_t)
-
-files_dontaudit_search_home(postgresql_t)
-files_read_etc_files(postgresql_t)
-files_read_etc_runtime_files(postgresql_t)
-files_read_usr_files(postgresql_t)
-
-auth_use_pam(postgresql_t)
-
-init_read_utmp(postgresql_t)
-
-logging_send_syslog_msg(postgresql_t)
-logging_send_audit_msgs(postgresql_t)
-
-miscfiles_read_localization(postgresql_t)
-
-seutil_libselinux_linked(postgresql_t)
-
-userdom_dontaudit_use_unpriv_user_fds(postgresql_t)
-userdom_dontaudit_search_user_home_dirs(postgresql_t)
-userdom_dontaudit_use_user_terminals(postgresql_t)
-
-mta_getattr_spool(postgresql_t)
-
-tunable_policy(`allow_execmem',`
-	allow postgresql_t self:process execmem;
-')
-
-optional_policy(`
-	consoletype_exec(postgresql_t)
-')
-
-optional_policy(`
-	cron_search_spool(postgresql_t)
-	cron_system_entry(postgresql_t, postgresql_exec_t)
-')
-
-optional_policy(`
-	hostname_exec(postgresql_t)
-')
-
-optional_policy(`
-	ipsec_match_default_spd(postgresql_t)
-')
-
-optional_policy(`
-	kerberos_use(postgresql_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(postgresql_t)
-')
-
-optional_policy(`
-	udev_read_db(postgresql_t)
-')
-
-########################################
-#
-# Rules common to all clients
-#
-
-allow sepgsql_client_type sepgsql_db_t:db_database { getattr access get_param set_param };
-type_transition sepgsql_client_type sepgsql_client_type:db_database sepgsql_db_t;
-
-allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr use select insert lock };
-allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr use select insert };
-allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { use select insert };
-
-allow sepgsql_client_type sepgsql_table_t:db_table { getattr use select update insert delete lock };
-allow sepgsql_client_type sepgsql_table_t:db_column { getattr use select update insert };
-allow sepgsql_client_type sepgsql_table_t:db_tuple { use select update insert delete };
-
-allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr use select lock };
-allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr use select };
-allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { use select };
-
-allow sepgsql_client_type sepgsql_secret_table_t:db_table getattr;
-allow sepgsql_client_type sepgsql_secret_table_t:db_column getattr;
-
-allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr use select lock };
-allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select };
-allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select };
-
-allow sepgsql_client_type sepgsql_proc_exec_t:db_procedure { getattr execute install };
-allow sepgsql_client_type sepgsql_trusted_proc_exec_t:db_procedure { getattr execute entrypoint };
-
-allow sepgsql_client_type sepgsql_blob_t:db_blob { create drop getattr setattr read write };
-allow sepgsql_client_type sepgsql_ro_blob_t:db_blob { getattr read };
-allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr;
-
-# The purpose of the dontaudit rule in row-level access control is to prevent a flood of logs.
-# If a client tries to SELECT a table including violated tuples, these are filtered from
-# the result set as if not exist, but its access denied longs can be recorded within log files.
-# In generally, the number of tuples are much larger than the number of columns, tables and so on.
-# So, it makes a flood of logs when many tuples are violated.
-#
-# The default policy does not prevent anything for sepgsql_client_type sepgsql_unconfined_type,
-# so we don't need "dontaudit" rules in Type-Enforcement. However, MLS/MCS can prevent them
-# to access classified tuples and can make a audit record.
-#
-# Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.
-dontaudit { postgresql_t sepgsql_admin_type sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };
-
-########################################
-#
-# Rules common to administrator clients
-#
-
-allow sepgsql_admin_type sepgsql_database_type:db_database { create drop getattr setattr relabelfrom relabelto access };
-type_transition sepgsql_admin_type sepgsql_admin_type:db_database sepgsql_db_t;
-
-allow sepgsql_admin_type sepgsql_table_type:db_table { create drop getattr setattr relabelfrom relabelto lock };
-allow sepgsql_admin_type sepgsql_table_type:db_column { create drop getattr setattr relabelfrom relabelto };
-allow sepgsql_admin_type sepgsql_sysobj_table_type:db_tuple { relabelfrom relabelto select update insert delete };
-
-type_transition sepgsql_admin_type sepgsql_database_type:db_table sepgsql_table_t;
-
-allow sepgsql_admin_type sepgsql_procedure_type:db_procedure { create drop getattr relabelfrom relabelto };
-allow sepgsql_admin_type sepgsql_proc_exec_t:db_procedure execute;
-
-type_transition sepgsql_admin_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t;
-
-allow sepgsql_admin_type sepgsql_blob_type:db_blob { create drop getattr setattr relabelfrom relabelto };
-
-type_transition sepgsql_admin_type sepgsql_database_type:db_blob sepgsql_blob_t;
-
-allow sepgsql_admin_type sepgsql_module_type:db_database install_module;
-
-kernel_relabelfrom_unlabeled_database(sepgsql_admin_type)
-
-tunable_policy(`sepgsql_unconfined_dbadm',`
-	allow sepgsql_admin_type sepgsql_database_type:db_database *;
-
-	allow sepgsql_admin_type sepgsql_table_type:{ db_table db_column db_tuple } *;
-
-	allow sepgsql_admin_type sepgsql_proc_exec_t:db_procedure *;
-	allow sepgsql_admin_type sepgsql_trusted_proc_exec_t:db_procedure ~install;
-	allow sepgsql_admin_type sepgsql_procedure_type:db_procedure ~{ execute install };
-
-	allow sepgsql_admin_type sepgsql_blob_type:db_blob *;
-')
-
-########################################
-#
-# Unconfined access to this module
-#
-
-allow sepgsql_unconfined_type sepgsql_database_type:db_database *;
-type_transition sepgsql_unconfined_type sepgsql_unconfined_type:db_database sepgsql_db_t;
-
-type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t;
-type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t;
-type_transition sepgsql_unconfined_type sepgsql_database_type:db_blob sepgsql_blob_t;
-
-allow sepgsql_unconfined_type sepgsql_table_type:{ db_table db_column db_tuple } *;
-
-# unconfined domain is not allowed to invoke user defined procedure directly.
-# They have to confirm and relabel it at first.
-allow sepgsql_unconfined_type sepgsql_proc_exec_t:db_procedure *;
-allow sepgsql_unconfined_type sepgsql_trusted_proc_exec_t:db_procedure ~install;
-allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure ~{ execute install };
-
-allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;
-
-allow sepgsql_unconfined_type sepgsql_module_type:db_database install_module;
-
-kernel_relabelfrom_unlabeled_database(sepgsql_unconfined_type)
diff --git a/policy/modules/services/postgrey.fc b/policy/modules/services/postgrey.fc
deleted file mode 100644
index e731841..0000000
--- a/policy/modules/services/postgrey.fc
+++ /dev/null
@@ -1,12 +0,0 @@
-
-/etc/postgrey(/.*)?		gen_context(system_u:object_r:postgrey_etc_t,s0)
-/etc/rc\.d/init\.d/postgrey --	gen_context(system_u:object_r:postgrey_initrc_exec_t,s0)
-
-/usr/sbin/postgrey	--	gen_context(system_u:object_r:postgrey_exec_t,s0)
-
-/var/lib/postgrey(/.*)?		gen_context(system_u:object_r:postgrey_var_lib_t,s0)
-
-/var/run/postgrey(/.*)?		gen_context(system_u:object_r:postgrey_var_run_t,s0)
-/var/run/postgrey\.pid	--	gen_context(system_u:object_r:postgrey_var_run_t,s0)
-
-/var/spool/postfix/postgrey(/.*)? gen_context(system_u:object_r:postgrey_spool_t,s0)
diff --git a/policy/modules/services/postgrey.if b/policy/modules/services/postgrey.if
deleted file mode 100644
index 6f55445..0000000
--- a/policy/modules/services/postgrey.if
+++ /dev/null
@@ -1,81 +0,0 @@
-## <summary>Postfix grey-listing server</summary>
-
-########################################
-## <summary>
-##	Write to postgrey socket
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postgrey_stream_connect',`
-	gen_require(`
-		type postgrey_var_run_t, postgrey_t, postgrey_spool_t;
-	')
-
-	stream_connect_pattern($1, { postgrey_spool_t postgrey_var_run_t }, { postgrey_spool_t postgrey_var_run_t }, postgrey_t)
-	files_search_pids($1)
-	files_search_spool($1)
-')
-
-########################################
-## <summary>
-##	Search the spool directory
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`postgrey_search_spool',`
-	gen_require(`
-		type postgrey_spool_t;
-	')
-
-	files_search_spool($1)
-	allow $1 postgrey_spool_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an postgrey environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the postgrey domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`postgrey_admin',`
-	gen_require(`
-		type postgrey_t, postgrey_etc_t, postgrey_initrc_exec_t;
-		type postgrey_var_lib_t, postgrey_var_run_t;
-	')
-
-	allow $1 postgrey_t:process { ptrace signal_perms };
-	ps_process_pattern($1, postgrey_t)
-
-	init_labeled_script_domtrans($1, postgrey_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 postgrey_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, postgrey_etc_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, postgrey_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, postgrey_var_run_t)
-')
diff --git a/policy/modules/services/postgrey.te b/policy/modules/services/postgrey.te
deleted file mode 100644
index 6e8c3c8..0000000
--- a/policy/modules/services/postgrey.te
+++ /dev/null
@@ -1,107 +0,0 @@
-policy_module(postgrey, 1.7.1)
-
-########################################
-#
-# Declarations
-#
-
-type postgrey_t;
-type postgrey_exec_t;
-init_daemon_domain(postgrey_t, postgrey_exec_t)
-
-type postgrey_etc_t;
-files_config_file(postgrey_etc_t)
-
-type postgrey_initrc_exec_t;
-init_script_file(postgrey_initrc_exec_t)
-
-type postgrey_spool_t;
-files_type(postgrey_spool_t)
-
-type postgrey_var_lib_t;
-files_type(postgrey_var_lib_t)
-
-type postgrey_var_run_t;
-files_pid_file(postgrey_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow postgrey_t self:capability { chown dac_override setgid setuid };
-dontaudit postgrey_t self:capability sys_tty_config;
-allow postgrey_t self:process signal_perms;
-allow postgrey_t self:tcp_socket create_stream_socket_perms;
-allow postgrey_t self:fifo_file create_fifo_file_perms;
-
-allow postgrey_t postgrey_etc_t:dir list_dir_perms;
-read_files_pattern(postgrey_t, postgrey_etc_t, postgrey_etc_t)
-read_lnk_files_pattern(postgrey_t, postgrey_etc_t, postgrey_etc_t)
-
-manage_dirs_pattern(postgrey_t, postgrey_spool_t, postgrey_spool_t)
-manage_files_pattern(postgrey_t, postgrey_spool_t, postgrey_spool_t)
-manage_fifo_files_pattern(postgrey_t, postgrey_spool_t, postgrey_spool_t)
-manage_sock_files_pattern(postgrey_t, postgrey_spool_t, postgrey_spool_t)
-
-manage_files_pattern(postgrey_t, postgrey_var_lib_t, postgrey_var_lib_t)
-files_var_lib_filetrans(postgrey_t, postgrey_var_lib_t, file)
-
-manage_dirs_pattern(postgrey_t, postgrey_var_run_t, postgrey_var_run_t)
-manage_files_pattern(postgrey_t, postgrey_var_run_t, postgrey_var_run_t)
-manage_sock_files_pattern(postgrey_t, postgrey_var_run_t, postgrey_var_run_t)
-files_pid_filetrans(postgrey_t, postgrey_var_run_t, { dir file sock_file })
-
-kernel_read_system_state(postgrey_t)
-kernel_read_kernel_sysctls(postgrey_t)
-
-# for perl
-corecmd_search_bin(postgrey_t)
-
-corenet_all_recvfrom_unlabeled(postgrey_t)
-corenet_all_recvfrom_netlabel(postgrey_t)
-corenet_tcp_sendrecv_generic_if(postgrey_t)
-corenet_tcp_sendrecv_generic_node(postgrey_t)
-corenet_tcp_sendrecv_all_ports(postgrey_t)
-corenet_tcp_bind_generic_node(postgrey_t)
-corenet_tcp_bind_postgrey_port(postgrey_t)
-corenet_sendrecv_postgrey_server_packets(postgrey_t)
-
-dev_read_urand(postgrey_t)
-dev_read_sysfs(postgrey_t)
-
-domain_use_interactive_fds(postgrey_t)
-
-files_read_etc_files(postgrey_t)
-files_read_etc_runtime_files(postgrey_t)
-files_read_usr_files(postgrey_t)
-files_getattr_tmp_dirs(postgrey_t)
-
-fs_getattr_all_fs(postgrey_t)
-fs_search_auto_mountpoints(postgrey_t)
-
-logging_send_syslog_msg(postgrey_t)
-
-miscfiles_read_localization(postgrey_t)
-
-sysnet_read_config(postgrey_t)
-
-userdom_dontaudit_use_unpriv_user_fds(postgrey_t)
-userdom_dontaudit_search_user_home_dirs(postgrey_t)
-
-optional_policy(`
-	nis_use_ypbind(postgrey_t)
-')
-
-optional_policy(`
-	postfix_read_config(postgrey_t)
-	postfix_manage_spool_files(postgrey_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(postgrey_t)
-')
-
-optional_policy(`
-	udev_read_db(postgrey_t)
-')
diff --git a/policy/modules/services/ppp.fc b/policy/modules/services/ppp.fc
deleted file mode 100644
index 2d82c6d..0000000
--- a/policy/modules/services/ppp.fc
+++ /dev/null
@@ -1,38 +0,0 @@
-#
-# /etc
-#
-/etc/rc\.d/init\.d/ppp		--	gen_context(system_u:object_r:pppd_initrc_exec_t,s0)
-
-/etc/ppp			-d	gen_context(system_u:object_r:pppd_etc_t,s0)
-/etc/ppp(/.*)?			--	gen_context(system_u:object_r:pppd_etc_rw_t,s0)
-/etc/ppp/peers(/.*)?			gen_context(system_u:object_r:pppd_etc_rw_t,s0)
-/etc/ppp/.*secrets		--	gen_context(system_u:object_r:pppd_secret_t,s0)
-/etc/ppp/resolv\.conf 		--	gen_context(system_u:object_r:pppd_etc_rw_t,s0)
-# Fix /etc/ppp {up,down} family scripts (see man pppd)
-/etc/ppp/(auth|ip(v6|x)?)-(up|down) --	gen_context(system_u:object_r:pppd_initrc_exec_t,s0)
-
-/root/.ppprc			--	gen_context(system_u:object_r:pppd_etc_t,s0)
-
-#
-# /sbin
-#
-/sbin/ppp-watch			--	gen_context(system_u:object_r:pppd_exec_t,s0)
-
-#
-# /usr
-#
-/usr/sbin/pppd			--	gen_context(system_u:object_r:pppd_exec_t,s0)
-/usr/sbin/pptp 			--	gen_context(system_u:object_r:pptp_exec_t,s0)
-/usr/sbin/ipppd			--	gen_context(system_u:object_r:pppd_exec_t,s0)
-
-#
-# /var
-#
-/var/run/(i)?ppp.*pid[^/]*	--	gen_context(system_u:object_r:pppd_var_run_t,s0)
-/var/run/pppd[0-9]*\.tdb	--	gen_context(system_u:object_r:pppd_var_run_t,s0)
-/var/run/ppp(/.*)?			gen_context(system_u:object_r:pppd_var_run_t,s0)
-# Fix pptp sockets
-/var/run/pptp(/.*)?			gen_context(system_u:object_r:pptp_var_run_t,s0)
-
-/var/log/ppp-connect-errors.*	--	gen_context(system_u:object_r:pppd_log_t,s0)
-/var/log/ppp/.*			--	gen_context(system_u:object_r:pppd_log_t,s0)
diff --git a/policy/modules/services/ppp.if b/policy/modules/services/ppp.if
deleted file mode 100644
index 09699d1..0000000
--- a/policy/modules/services/ppp.if
+++ /dev/null
@@ -1,394 +0,0 @@
-## <summary>Point to Point Protocol daemon creates links in ppp networks</summary>
-
-########################################
-## <summary>
-##	Use PPP file discriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ppp_use_fds',`
-	gen_require(`
-		type pppd_t;
-	')
-
-	allow $1 pppd_t:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to inherit
-##	and use PPP file discriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`ppp_dontaudit_use_fds',`
-	gen_require(`
-		type pppd_t;
-	')
-
-	dontaudit $1 pppd_t:fd use;
-')
-
-########################################
-## <summary>
-##	Send a SIGCHLD signal to PPP.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ppp_sigchld',`
-	gen_require(`
-		type pppd_t;
-
-	')
-
-	allow $1 pppd_t:process sigchld;
-')
-
-########################################
-## <summary>
-##	Send ppp a kill signal
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ppp_kill',`
-	gen_require(`
-		type pppd_t;
-	')
-
-	allow $1 pppd_t:process sigkill;
-')
-
-########################################
-## <summary>
-##	Send a generic signal to PPP.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ppp_signal',`
-	gen_require(`
-		type pppd_t;
-	')
-
-	allow $1 pppd_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send a generic signull to PPP.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ppp_signull',`
-	gen_require(`
-		type pppd_t;
-	')
-
-	allow $1 pppd_t:process signull;
-')
-
-########################################
-## <summary>
-##	 Execute domain in the ppp domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	 Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ppp_domtrans',`
-	gen_require(`
-		type pppd_t, pppd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, pppd_exec_t, pppd_t)
-')
-
-########################################
-## <summary>
-##	 Conditionally execute ppp daemon on behalf of a user or staff type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	 Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the ppp domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ppp_run_cond',`
-	gen_require(`
-		type pppd_t;
-	')
-
-	role $2 types pppd_t;
-
-	tunable_policy(`pppd_for_user',`
-		ppp_domtrans($1)
-	')
-')
-
-########################################
-## <summary>
-##	 Unconditionally execute ppp daemon on behalf of a user or staff type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	 Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the ppp domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ppp_run',`
-	gen_require(`
-		type pppd_t, pptp_t;
-	')
-
-	ppp_domtrans($1)
-	role $2 types { pppd_t pptp_t };
-
-	optional_policy(`
-		ddclient_run(pppd_t, $2)
-	')
-')
-
-########################################
-## <summary>
-##	 Execute domain in the ppp caller.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	 Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ppp_exec',`
-	gen_require(`
-		type pppd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, pppd_exec_t)
-')
-
-########################################
-## <summary>
-##	Read ppp configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ppp_read_config',`
-	gen_require(`
-		type pppd_etc_t;
-	')
-
-	read_files_pattern($1, pppd_etc_t, pppd_etc_t)
-	files_search_etc($1)
-')
-
-########################################
-## <summary>
-##	Read PPP-writable configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ppp_read_rw_config',`
-	gen_require(`
-		type pppd_etc_t, pppd_etc_rw_t;
-	')
-
-	allow $1 pppd_etc_t:dir list_dir_perms;
-	allow $1 pppd_etc_rw_t:file read_file_perms;
-	files_search_etc($1)
-')
-
-########################################
-## <summary>
-##	Read PPP secrets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ppp_read_secrets',`
-	gen_require(`
-		type pppd_etc_t, pppd_secret_t;
-	')
-
-	allow $1 pppd_etc_t:dir list_dir_perms;
-	allow $1 pppd_secret_t:file read_file_perms;
-	files_search_etc($1)
-')
-
-########################################
-## <summary>
-##	Read PPP pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ppp_read_pid_files',`
-	gen_require(`
-		type pppd_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 pppd_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete PPP pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ppp_manage_pid_files',`
-	gen_require(`
-		type pppd_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 pppd_var_run_t:file manage_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete PPP pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ppp_pid_filetrans',`
-	gen_require(`
-		type pppd_var_run_t;
-	')
-
-	files_pid_filetrans($1, pppd_var_run_t, file)
-')
-
-########################################
-## <summary>
-##	Execute ppp server in the ntpd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ppp_initrc_domtrans',`
-	gen_require(`
-		type pppd_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, pppd_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an ppp environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ppp_admin',`
-	gen_require(`
-		type pppd_t, pppd_tmp_t, pppd_log_t, pppd_lock_t;
-		type pppd_etc_t, pppd_secret_t, pppd_var_run_t;
-		type pptp_t, pptp_log_t, pptp_var_run_t;
-		type pppd_initrc_exec_t, pppd_etc_rw_t;
-	')
-
-	allow $1 pppd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, pppd_t)
-
-	allow $1 pptp_t:process { ptrace signal_perms };
-	ps_process_pattern($1, pptp_t)
-
-	ppp_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 pppd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, pppd_tmp_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, pppd_log_t)
-
-	files_list_locks($1)
-	admin_pattern($1, pppd_lock_t)
-
-	files_list_etc($1)
-	admin_pattern($1, pppd_etc_t)
-
-	admin_pattern($1, pppd_etc_rw_t)
-
-	admin_pattern($1, pppd_secret_t)
-
-	files_list_pids($1)
-	admin_pattern($1, pppd_var_run_t)
-
-	admin_pattern($1, pptp_log_t)
-
-	admin_pattern($1, pptp_var_run_t)
-')
diff --git a/policy/modules/services/ppp.te b/policy/modules/services/ppp.te
deleted file mode 100644
index d32a0d2..0000000
--- a/policy/modules/services/ppp.te
+++ /dev/null
@@ -1,325 +0,0 @@
-policy_module(ppp, 1.12.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow pppd to load kernel modules for certain modems
-##	</p>
-## </desc>
-gen_tunable(pppd_can_insmod, false)
-
-## <desc>
-##	<p>
-##	Allow pppd to be run for a regular user
-##	</p>
-## </desc>
-gen_tunable(pppd_for_user, false)
-
-# pppd_t is the domain for the pppd program.
-# pppd_exec_t is the type of the pppd executable.
-type pppd_t;
-type pppd_exec_t;
-init_daemon_domain(pppd_t, pppd_exec_t)
-
-type pppd_devpts_t;
-term_pty(pppd_devpts_t)
-
-# Define a separate type for /etc/ppp
-type pppd_etc_t;
-files_config_file(pppd_etc_t)
-
-# Define a separate type for writable files under /etc/ppp
-type pppd_etc_rw_t;
-files_type(pppd_etc_rw_t)
-
-type pppd_initrc_exec_t alias pppd_script_exec_t;
-init_script_file(pppd_initrc_exec_t)
-
-# pppd_secret_t is the type of the pap and chap password files
-type pppd_secret_t;
-files_type(pppd_secret_t)
-
-type pppd_log_t;
-logging_log_file(pppd_log_t)
-
-type pppd_lock_t;
-files_lock_file(pppd_lock_t)
-
-type pppd_tmp_t;
-files_tmp_file(pppd_tmp_t)
-
-type pppd_var_run_t;
-files_pid_file(pppd_var_run_t)
-
-type pptp_t;
-type pptp_exec_t;
-init_daemon_domain(pptp_t, pptp_exec_t)
-
-type pptp_log_t;
-logging_log_file(pptp_log_t)
-
-type pptp_var_run_t;
-files_pid_file(pptp_var_run_t)
-
-########################################
-#
-# PPPD Local policy
-#
-
-allow pppd_t self:capability { kill net_admin setuid setgid sys_admin fsetid fowner net_raw dac_override };
-dontaudit pppd_t self:capability sys_tty_config;
-allow pppd_t self:process { getsched signal };
-allow pppd_t self:fifo_file rw_fifo_file_perms;
-allow pppd_t self:socket create_socket_perms;
-allow pppd_t self:unix_dgram_socket create_socket_perms;
-allow pppd_t self:unix_stream_socket create_socket_perms;
-allow pppd_t self:netlink_route_socket rw_netlink_socket_perms;
-allow pppd_t self:tcp_socket create_stream_socket_perms;
-allow pppd_t self:udp_socket { connect connected_socket_perms };
-allow pppd_t self:packet_socket create_socket_perms;
-
-domtrans_pattern(pppd_t, pptp_exec_t, pptp_t)
-
-allow pppd_t pppd_devpts_t:chr_file { rw_chr_file_perms setattr_chr_file_perms };
-
-allow pppd_t pppd_etc_t:dir rw_dir_perms;
-allow pppd_t pppd_etc_t:file read_file_perms;
-allow pppd_t pppd_etc_t:lnk_file read_lnk_file_perms;
-
-manage_files_pattern(pppd_t, pppd_etc_rw_t, pppd_etc_rw_t)
-# Automatically label newly created files under /etc/ppp with this type
-filetrans_pattern(pppd_t, pppd_etc_t, pppd_etc_rw_t, file)
-
-allow pppd_t pppd_lock_t:file manage_file_perms;
-files_lock_filetrans(pppd_t, pppd_lock_t, file)
-
-allow pppd_t pppd_log_t:file manage_file_perms;
-logging_log_filetrans(pppd_t, pppd_log_t, file)
-
-manage_dirs_pattern(pppd_t, pppd_tmp_t, pppd_tmp_t)
-manage_files_pattern(pppd_t, pppd_tmp_t, pppd_tmp_t)
-files_tmp_filetrans(pppd_t, pppd_tmp_t, { file dir })
-
-manage_dirs_pattern(pppd_t, pppd_var_run_t, pppd_var_run_t)
-manage_files_pattern(pppd_t, pppd_var_run_t, pppd_var_run_t)
-files_pid_filetrans(pppd_t, pppd_var_run_t, { dir file })
-
-allow pppd_t pptp_t:process signal;
-
-# for SSP
-# Access secret files
-allow pppd_t pppd_secret_t:file read_file_perms;
-
-ppp_initrc_domtrans(pppd_t)
-
-kernel_read_kernel_sysctls(pppd_t)
-kernel_read_system_state(pppd_t)
-kernel_rw_net_sysctls(pppd_t)
-kernel_read_network_state(pppd_t)
-kernel_request_load_module(pppd_t)
-
-dev_read_urand(pppd_t)
-dev_search_sysfs(pppd_t)
-dev_read_sysfs(pppd_t)
-dev_rw_modem(pppd_t)
-
-corenet_all_recvfrom_unlabeled(pppd_t)
-corenet_all_recvfrom_netlabel(pppd_t)
-corenet_tcp_sendrecv_generic_if(pppd_t)
-corenet_raw_sendrecv_generic_if(pppd_t)
-corenet_udp_sendrecv_generic_if(pppd_t)
-corenet_tcp_sendrecv_generic_node(pppd_t)
-corenet_raw_sendrecv_generic_node(pppd_t)
-corenet_udp_sendrecv_generic_node(pppd_t)
-corenet_tcp_sendrecv_all_ports(pppd_t)
-corenet_udp_sendrecv_all_ports(pppd_t)
-# Access /dev/ppp.
-corenet_rw_ppp_dev(pppd_t)
-
-fs_getattr_all_fs(pppd_t)
-fs_search_auto_mountpoints(pppd_t)
-
-term_use_unallocated_ttys(pppd_t)
-term_setattr_unallocated_ttys(pppd_t)
-term_ioctl_generic_ptys(pppd_t)
-# for pppoe
-term_create_pty(pppd_t, pppd_devpts_t)
-
-# allow running ip-up and ip-down scripts and running chat.
-corecmd_exec_bin(pppd_t)
-corecmd_exec_shell(pppd_t)
-
-domain_use_interactive_fds(pppd_t)
-
-files_exec_etc_files(pppd_t)
-files_manage_etc_runtime_files(pppd_t)
-files_dontaudit_write_etc_files(pppd_t)
-
-# for scripts
-files_read_etc_files(pppd_t)
-
-init_read_utmp(pppd_t)
-init_dontaudit_write_utmp(pppd_t)
-init_signal_script(pppd_t)
-
-auth_use_nsswitch(pppd_t)
-
-logging_send_syslog_msg(pppd_t)
-logging_send_audit_msgs(pppd_t)
-
-miscfiles_read_localization(pppd_t)
-
-sysnet_exec_ifconfig(pppd_t)
-sysnet_manage_config(pppd_t)
-sysnet_etc_filetrans_config(pppd_t)
-
-userdom_use_user_terminals(pppd_t)
-userdom_dontaudit_use_unpriv_user_fds(pppd_t)
-userdom_search_user_home_dirs(pppd_t)
-
-ppp_exec(pppd_t)
-
-optional_policy(`
-	ddclient_domtrans(pppd_t)
-')
-
-optional_policy(`
-	tunable_policy(`pppd_can_insmod && ! secure_mode_insmod',`
-		modutils_domtrans_insmod_uncond(pppd_t)
-	')
-')
-
-optional_policy(`
-	mta_send_mail(pppd_t)
-	mta_system_content(pppd_etc_t)
-	mta_system_content(pppd_etc_rw_t)
-')
-
-optional_policy(`
-	networkmanager_signal(pppd_t)
-')
-
-optional_policy(`
-	postfix_domtrans_master(pppd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(pppd_t)
-')
-
-optional_policy(`
-	udev_read_db(pppd_t)
-')
-
-########################################
-#
-# PPTP Local policy
-#
-
-allow pptp_t self:capability { dac_override dac_read_search net_raw net_admin };
-dontaudit pptp_t self:capability sys_tty_config;
-allow pptp_t self:process signal;
-allow pptp_t self:fifo_file rw_fifo_file_perms;
-allow pptp_t self:unix_dgram_socket create_socket_perms;
-allow pptp_t self:unix_stream_socket { connectto create_stream_socket_perms };
-allow pptp_t self:rawip_socket create_socket_perms;
-allow pptp_t self:tcp_socket create_socket_perms;
-allow pptp_t self:udp_socket create_socket_perms;
-allow pptp_t self:netlink_route_socket rw_netlink_socket_perms;
-
-allow pptp_t pppd_etc_t:dir list_dir_perms;
-allow pptp_t pppd_etc_t:file read_file_perms;
-allow pptp_t pppd_etc_t:lnk_file read_lnk_file_perms;
-
-allow pptp_t pppd_etc_rw_t:dir list_dir_perms;
-allow pptp_t pppd_etc_rw_t:file read_file_perms;
-allow pptp_t pppd_etc_rw_t:lnk_file read_lnk_file_perms;
-can_exec(pptp_t, pppd_etc_rw_t)
-
-# Allow pptp to append to pppd log files
-allow pptp_t pppd_log_t:file append_file_perms;
-
-allow pptp_t pptp_log_t:file manage_file_perms;
-logging_log_filetrans(pptp_t, pptp_log_t, file)
-
-manage_dirs_pattern(pptp_t, pptp_var_run_t, pptp_var_run_t)
-manage_files_pattern(pptp_t, pptp_var_run_t, pptp_var_run_t)
-manage_sock_files_pattern(pptp_t, pptp_var_run_t, pptp_var_run_t)
-files_pid_filetrans(pptp_t, pptp_var_run_t, { file dir })
-
-kernel_list_proc(pptp_t)
-kernel_read_kernel_sysctls(pptp_t)
-kernel_read_proc_symlinks(pptp_t)
-kernel_read_system_state(pptp_t)
-
-dev_read_sysfs(pptp_t)
-
-corecmd_exec_shell(pptp_t)
-corecmd_read_bin_symlinks(pptp_t)
-
-corenet_all_recvfrom_unlabeled(pptp_t)
-corenet_all_recvfrom_netlabel(pptp_t)
-corenet_tcp_sendrecv_generic_if(pptp_t)
-corenet_raw_sendrecv_generic_if(pptp_t)
-corenet_tcp_sendrecv_generic_node(pptp_t)
-corenet_raw_sendrecv_generic_node(pptp_t)
-corenet_tcp_sendrecv_all_ports(pptp_t)
-corenet_tcp_bind_generic_node(pptp_t)
-corenet_tcp_connect_generic_port(pptp_t)
-corenet_tcp_connect_all_reserved_ports(pptp_t)
-corenet_sendrecv_generic_client_packets(pptp_t)
-
-files_read_etc_files(pptp_t)
-
-fs_getattr_all_fs(pptp_t)
-fs_search_auto_mountpoints(pptp_t)
-
-term_ioctl_generic_ptys(pptp_t)
-term_search_ptys(pptp_t)
-term_use_ptmx(pptp_t)
-
-domain_use_interactive_fds(pptp_t)
-
-auth_use_nsswitch(pptp_t)
-
-logging_send_syslog_msg(pptp_t)
-
-miscfiles_read_localization(pptp_t)
-
-sysnet_exec_ifconfig(pptp_t)
-
-userdom_dontaudit_use_unpriv_user_fds(pptp_t)
-userdom_dontaudit_search_user_home_dirs(pptp_t)
-userdom_signal_unpriv_users(pptp_t)
-
-optional_policy(`
-	consoletype_exec(pppd_t)
-')
-
-optional_policy(`
-	dbus_system_domain(pppd_t, pppd_exec_t)
-
-	optional_policy(`
-		networkmanager_dbus_chat(pppd_t)
-	')
-')
-
-optional_policy(`
-	hostname_exec(pptp_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(pptp_t)
-')
-
-optional_policy(`
-	udev_read_db(pptp_t)
-')
-
-optional_policy(`
-	postfix_read_config(pppd_t)
-')
diff --git a/policy/modules/services/prelude.fc b/policy/modules/services/prelude.fc
deleted file mode 100644
index 3bd847a..0000000
--- a/policy/modules/services/prelude.fc
+++ /dev/null
@@ -1,18 +0,0 @@
-/etc/prelude-correlator(/.*)?		gen_context(system_u:object_r:prelude_correlator_config_t, s0)
-/etc/rc\.d/init\.d/prelude-correlator -- gen_context(system_u:object_r:prelude_initrc_exec_t, s0)
-/etc/rc\.d/init\.d/prelude-lml --	gen_context(system_u:object_r:prelude_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/prelude-manager --	gen_context(system_u:object_r:prelude_initrc_exec_t,s0)
-
-/sbin/audisp-prelude		--	gen_context(system_u:object_r:prelude_audisp_exec_t,s0)
-
-/usr/bin/prelude-correlator	--	gen_context(system_u:object_r:prelude_correlator_exec_t, s0)
-/usr/bin/prelude-lml		--	gen_context(system_u:object_r:prelude_lml_exec_t,s0)
-/usr/bin/prelude-manager	--	gen_context(system_u:object_r:prelude_exec_t,s0)
-/usr/share/prewikka/cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_prewikka_script_exec_t,s0)
-
-/var/lib/prelude-lml(/.*)?		gen_context(system_u:object_r:prelude_var_lib_t,s0)
-/var/log/prelude.*			gen_context(system_u:object_r:prelude_log_t,s0)
-/var/run/prelude-lml.pid	--	gen_context(system_u:object_r:prelude_lml_var_run_t,s0)
-/var/run/prelude-manager(/.*)?		gen_context(system_u:object_r:prelude_var_run_t,s0)
-/var/spool/prelude-manager(/.*)?	gen_context(system_u:object_r:prelude_spool_t,s0)
-/var/spool/prelude(/.*)?		gen_context(system_u:object_r:prelude_spool_t,s0)
diff --git a/policy/modules/services/prelude.if b/policy/modules/services/prelude.if
deleted file mode 100644
index 77ef768..0000000
--- a/policy/modules/services/prelude.if
+++ /dev/null
@@ -1,148 +0,0 @@
-## <summary>Prelude hybrid intrusion detection system</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run prelude.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`prelude_domtrans',`
-	gen_require(`
-		type prelude_t, prelude_exec_t;
-	')
-
-	domtrans_pattern($1, prelude_exec_t, prelude_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run prelude_audisp.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`prelude_domtrans_audisp',`
-	gen_require(`
-		type prelude_audisp_t, prelude_audisp_exec_t;
-	')
-
-	domtrans_pattern($1, prelude_audisp_exec_t, prelude_audisp_t)
-')
-
-########################################
-## <summary>
-##	Signal the prelude_audisp domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed acccess.
-##	</summary>
-## </param>
-#
-interface(`prelude_signal_audisp',`
-	gen_require(`
-		type prelude_audisp_t;
-	')
-
-	allow $1 prelude_audisp_t:process signal;
-')
-
-########################################
-## <summary>
-##	Read the prelude spool files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`prelude_read_spool',`
-	gen_require(`
-		type prelude_spool_t;
-	')
-
-	files_search_spool($1)
-	read_files_pattern($1, prelude_spool_t, prelude_spool_t)
-')
-
-########################################
-## <summary>
-##	Manage to prelude-manager spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`prelude_manage_spool',`
-	gen_require(`
-		type prelude_spool_t;
-	')
-
-	files_search_spool($1)
-	manage_dirs_pattern($1, prelude_spool_t, prelude_spool_t)
-	manage_files_pattern($1, prelude_spool_t, prelude_spool_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an prelude environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`prelude_admin',`
-	gen_require(`
-		type prelude_t, prelude_spool_t, prelude_initrc_exec_t;
-		type prelude_var_run_t, prelude_var_lib_t, prelude_lml_var_run_t;
-		type prelude_audisp_t, prelude_audisp_var_run_t, prelude_lml_tmp_t;
-		type prelude_lml_t;
-	')
-
-	allow $1 prelude_t:process { ptrace signal_perms };
-	ps_process_pattern($1, prelude_t)
-
-	allow $1 prelude_audisp_t:process { ptrace signal_perms };
-	ps_process_pattern($1, prelude_audisp_t)
-
-	allow $1 prelude_lml_t:process { ptrace signal_perms };
-	ps_process_pattern($1, prelude_lml_t)
-
-	init_labeled_script_domtrans($1, prelude_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 prelude_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_spool($1)
-	admin_pattern($1, prelude_spool_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, prelude_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, prelude_var_run_t)
-	admin_pattern($1, prelude_audisp_var_run_t)
-	admin_pattern($1, prelude_lml_var_run_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, prelude_lml_tmp_t)
-')
diff --git a/policy/modules/services/prelude.te b/policy/modules/services/prelude.te
deleted file mode 100644
index 7a7310d..0000000
--- a/policy/modules/services/prelude.te
+++ /dev/null
@@ -1,307 +0,0 @@
-policy_module(prelude, 1.2.1)
-
-########################################
-#
-# Declarations
-#
-
-type prelude_t;
-type prelude_exec_t;
-init_daemon_domain(prelude_t, prelude_exec_t)
-
-type prelude_initrc_exec_t;
-init_script_file(prelude_initrc_exec_t)
-
-type prelude_spool_t;
-files_type(prelude_spool_t)
-
-type prelude_log_t;
-logging_log_file(prelude_log_t)
-
-type prelude_var_run_t;
-files_pid_file(prelude_var_run_t)
-
-type prelude_var_lib_t;
-files_type(prelude_var_lib_t)
-
-type prelude_audisp_t;
-type prelude_audisp_exec_t;
-init_daemon_domain(prelude_audisp_t, prelude_audisp_exec_t)
-logging_dispatcher_domain(prelude_audisp_t, prelude_audisp_exec_t)
-
-type prelude_audisp_var_run_t;
-files_pid_file(prelude_audisp_var_run_t)
-
-type prelude_correlator_t;
-type prelude_correlator_exec_t;
-init_daemon_domain(prelude_correlator_t, prelude_correlator_exec_t)
-
-type prelude_correlator_config_t;
-files_config_file(prelude_correlator_config_t)
-
-type prelude_lml_t;
-type prelude_lml_exec_t;
-init_daemon_domain(prelude_lml_t, prelude_lml_exec_t)
-
-type prelude_lml_tmp_t;
-files_tmp_file(prelude_lml_tmp_t)
-
-type prelude_lml_var_run_t;
-files_pid_file(prelude_lml_var_run_t)
-
-########################################
-#
-# prelude local policy
-#
-
-allow prelude_t self:capability { dac_override sys_tty_config };
-allow prelude_t self:fifo_file rw_file_perms;
-allow prelude_t self:unix_stream_socket create_stream_socket_perms;
-allow prelude_t self:netlink_route_socket r_netlink_socket_perms;
-allow prelude_t self:tcp_socket create_stream_socket_perms;
-
-manage_files_pattern(prelude_t, prelude_log_t, prelude_log_t)
-logging_log_filetrans(prelude_t, prelude_log_t, file)
-
-manage_dirs_pattern(prelude_t, prelude_spool_t, prelude_spool_t)
-manage_files_pattern(prelude_t, prelude_spool_t, prelude_spool_t)
-files_search_spool(prelude_t)
-
-manage_dirs_pattern(prelude_t, prelude_var_lib_t, prelude_var_lib_t)
-manage_files_pattern(prelude_t, prelude_var_lib_t, prelude_var_lib_t)
-files_search_var_lib(prelude_t)
-
-manage_dirs_pattern(prelude_t, prelude_var_run_t, prelude_var_run_t)
-manage_files_pattern(prelude_t, prelude_var_run_t, prelude_var_run_t)
-manage_sock_files_pattern(prelude_t, prelude_var_run_t, prelude_var_run_t)
-files_pid_filetrans(prelude_t, prelude_var_run_t, { dir file })
-
-kernel_read_system_state(prelude_t)
-kernel_read_sysctl(prelude_t)
-
-corecmd_search_bin(prelude_t)
-
-corenet_all_recvfrom_unlabeled(prelude_t)
-corenet_all_recvfrom_netlabel(prelude_t)
-corenet_tcp_sendrecv_generic_if(prelude_t)
-corenet_tcp_sendrecv_generic_node(prelude_t)
-corenet_tcp_bind_generic_node(prelude_t)
-corenet_tcp_bind_prelude_port(prelude_t)
-corenet_tcp_connect_prelude_port(prelude_t)
-corenet_tcp_connect_postgresql_port(prelude_t)
-corenet_tcp_connect_mysqld_port(prelude_t)
-
-dev_read_rand(prelude_t)
-dev_read_urand(prelude_t)
-
-files_read_etc_files(prelude_t)
-files_read_etc_runtime_files(prelude_t)
-files_read_usr_files(prelude_t)
-files_search_tmp(prelude_t)
-
-fs_rw_anon_inodefs_files(prelude_t)
-
-auth_use_nsswitch(prelude_t)
-
-logging_send_audit_msgs(prelude_t)
-logging_send_syslog_msg(prelude_t)
-
-miscfiles_read_localization(prelude_t)
-
-optional_policy(`
-	mysql_search_db(prelude_t)
-	mysql_stream_connect(prelude_t)
-')
-
-optional_policy(`
-	postgresql_stream_connect(prelude_t)
-')
-
-########################################
-#
-# prelude_audisp local policy
-#
-
-allow prelude_audisp_t self:capability { dac_override ipc_lock setpcap };
-allow prelude_audisp_t self:process { getcap setcap };
-allow prelude_audisp_t self:fifo_file rw_file_perms;
-allow prelude_audisp_t self:unix_stream_socket create_stream_socket_perms;
-allow prelude_audisp_t self:unix_dgram_socket create_socket_perms;
-allow prelude_audisp_t self:netlink_route_socket r_netlink_socket_perms;
-allow prelude_audisp_t self:tcp_socket create_socket_perms;
-
-manage_dirs_pattern(prelude_audisp_t, prelude_spool_t, prelude_spool_t)
-manage_files_pattern(prelude_audisp_t, prelude_spool_t, prelude_spool_t)
-files_search_spool(prelude_audisp_t)
-
-manage_sock_files_pattern(prelude_audisp_t, prelude_audisp_var_run_t, prelude_audisp_var_run_t)
-files_pid_filetrans(prelude_audisp_t, prelude_audisp_var_run_t, sock_file)
-
-kernel_read_sysctl(prelude_audisp_t)
-kernel_read_system_state(prelude_audisp_t)
-
-corecmd_search_bin(prelude_audisp_t)
-
-corenet_all_recvfrom_unlabeled(prelude_audisp_t)
-corenet_all_recvfrom_netlabel(prelude_audisp_t)
-corenet_tcp_sendrecv_generic_if(prelude_audisp_t)
-corenet_tcp_sendrecv_generic_node(prelude_audisp_t)
-corenet_tcp_bind_generic_node(prelude_audisp_t)
-corenet_tcp_connect_prelude_port(prelude_audisp_t)
-
-dev_read_rand(prelude_audisp_t)
-dev_read_urand(prelude_audisp_t)
-
-# Init script handling
-domain_use_interactive_fds(prelude_audisp_t)
-
-files_read_etc_files(prelude_audisp_t)
-files_read_etc_runtime_files(prelude_audisp_t)
-files_search_tmp(prelude_audisp_t)
-
-logging_send_syslog_msg(prelude_audisp_t)
-
-miscfiles_read_localization(prelude_audisp_t)
-
-sysnet_dns_name_resolve(prelude_audisp_t)
-
-########################################
-#
-# prelude_correlator local policy
-#
-
-allow prelude_correlator_t self:capability dac_override;
-allow prelude_correlator_t self:netlink_route_socket r_netlink_socket_perms;
-allow prelude_correlator_t self:tcp_socket create_stream_socket_perms;
-allow prelude_correlator_t self:unix_dgram_socket create_socket_perms;
-
-allow prelude_correlator_t prelude_correlator_config_t:dir list_dir_perms;
-read_files_pattern(prelude_correlator_t, prelude_correlator_config_t, prelude_correlator_config_t)
-
-kernel_read_sysctl(prelude_correlator_t)
-
-corecmd_search_bin(prelude_correlator_t)
-
-corenet_all_recvfrom_unlabeled(prelude_correlator_t)
-corenet_all_recvfrom_netlabel(prelude_correlator_t)
-corenet_tcp_sendrecv_generic_if(prelude_correlator_t)
-corenet_tcp_sendrecv_generic_node(prelude_correlator_t)
-corenet_tcp_connect_prelude_port(prelude_correlator_t)
-
-dev_read_rand(prelude_correlator_t)
-dev_read_urand(prelude_correlator_t)
-
-files_read_etc_files(prelude_correlator_t)
-files_read_usr_files(prelude_correlator_t)
-files_search_spool(prelude_correlator_t)
-
-logging_send_syslog_msg(prelude_correlator_t)
-
-miscfiles_read_localization(prelude_correlator_t)
-
-sysnet_dns_name_resolve(prelude_correlator_t)
-
-prelude_manage_spool(prelude_correlator_t)
-
-########################################
-#
-# prelude_lml local declarations
-#
-
-allow prelude_lml_t self:capability dac_override;
-allow prelude_lml_t self:tcp_socket { setopt create_socket_perms };
-allow prelude_lml_t self:unix_dgram_socket create_socket_perms;
-allow prelude_lml_t self:fifo_file rw_fifo_file_perms;
-allow prelude_lml_t self:unix_stream_socket connectto;
-
-manage_dirs_pattern(prelude_lml_t, prelude_lml_tmp_t, prelude_lml_tmp_t)
-manage_files_pattern(prelude_lml_t, prelude_lml_tmp_t, prelude_lml_tmp_t)
-files_tmp_filetrans(prelude_lml_t, prelude_lml_tmp_t, { file dir })
-files_list_tmp(prelude_lml_t)
-
-manage_dirs_pattern(prelude_lml_t, prelude_spool_t, prelude_spool_t)
-manage_files_pattern(prelude_lml_t, prelude_spool_t, prelude_spool_t)
-files_search_spool(prelude_lml_t)
-
-manage_dirs_pattern(prelude_lml_t, prelude_var_lib_t, prelude_var_lib_t)
-manage_files_pattern(prelude_lml_t, prelude_var_lib_t, prelude_var_lib_t)
-files_search_var_lib(prelude_lml_t)
-
-manage_files_pattern(prelude_lml_t, prelude_lml_var_run_t, prelude_lml_var_run_t)
-files_pid_filetrans(prelude_lml_t, prelude_lml_var_run_t, file)
-
-kernel_read_system_state(prelude_lml_t)
-kernel_read_sysctl(prelude_lml_t)
-
-corecmd_exec_bin(prelude_lml_t)
-
-corenet_tcp_sendrecv_generic_if(prelude_lml_t)
-corenet_tcp_sendrecv_generic_node(prelude_lml_t)
-corenet_tcp_recvfrom_netlabel(prelude_lml_t)
-corenet_tcp_recvfrom_unlabeled(prelude_lml_t)
-corenet_sendrecv_unlabeled_packets(prelude_lml_t)
-corenet_tcp_connect_prelude_port(prelude_lml_t)
-
-dev_read_rand(prelude_lml_t)
-dev_read_urand(prelude_lml_t)
-
-files_list_etc(prelude_lml_t)
-files_read_etc_files(prelude_lml_t)
-files_read_etc_runtime_files(prelude_lml_t)
-
-fs_getattr_all_fs(prelude_lml_t)
-fs_list_inotifyfs(prelude_lml_t)
-fs_rw_anon_inodefs_files(prelude_lml_t)
-
-auth_use_nsswitch(prelude_lml_t)
-
-libs_exec_lib_files(prelude_lml_t)
-libs_read_lib_files(prelude_lml_t)
-
-logging_send_syslog_msg(prelude_lml_t)
-logging_read_generic_logs(prelude_lml_t)
-
-miscfiles_read_localization(prelude_lml_t)
-
-sysnet_dns_name_resolve(prelude_lml_t)
-
-userdom_read_all_users_state(prelude_lml_t)
-
-optional_policy(`
-	apache_search_sys_content(prelude_lml_t)
-	apache_read_log(prelude_lml_t)
-')
-
-########################################
-#
-# prewikka_cgi Declarations
-#
-
-optional_policy(`
-	apache_content_template(prewikka)
-
-	can_exec(httpd_prewikka_script_t, httpd_prewikka_script_exec_t)
-
-	files_read_etc_files(httpd_prewikka_script_t)
-	files_search_tmp(httpd_prewikka_script_t)
-
-	kernel_read_sysctl(httpd_prewikka_script_t)
-	kernel_search_network_sysctl(httpd_prewikka_script_t)
-
-	corenet_tcp_connect_postgresql_port(httpd_prewikka_script_t)
-
-	auth_use_nsswitch(httpd_prewikka_script_t)
-
-	logging_send_syslog_msg(httpd_prewikka_script_t)
-
-	apache_search_sys_content(httpd_prewikka_script_t)
-
-	optional_policy(`
-		mysql_search_db(httpd_prewikka_script_t)
-		mysql_stream_connect(httpd_prewikka_script_t)
-	')
-
-	optional_policy(`
-		postgresql_stream_connect(httpd_prewikka_script_t)
-	')
-')
diff --git a/policy/modules/services/privoxy.fc b/policy/modules/services/privoxy.fc
deleted file mode 100644
index be4998a..0000000
--- a/policy/modules/services/privoxy.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-/etc/privoxy/[^/]*\.action --	gen_context(system_u:object_r:privoxy_etc_rw_t,s0)
-/etc/rc\.d/init\.d/privoxy --	gen_context(system_u:object_r:privoxy_initrc_exec_t,s0)
-
-/usr/sbin/privoxy	--	gen_context(system_u:object_r:privoxy_exec_t,s0)
-
-/var/log/privoxy(/.*)?		gen_context(system_u:object_r:privoxy_log_t,s0)
diff --git a/policy/modules/services/privoxy.if b/policy/modules/services/privoxy.if
deleted file mode 100644
index 7221526..0000000
--- a/policy/modules/services/privoxy.if
+++ /dev/null
@@ -1,42 +0,0 @@
-## <summary>Privacy enhancing web proxy.</summary>
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an privoxy environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`privoxy_admin',`
-	gen_require(`
-		type privoxy_t, privoxy_log_t, privoxy_initrc_exec_t;
-		type privoxy_etc_rw_t, privoxy_var_run_t;
-	')
-
-	allow $1 privoxy_t:process { ptrace signal_perms };
-	ps_process_pattern($1, privoxy_t)
-
-	init_labeled_script_domtrans($1, privoxy_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 privoxy_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	logging_list_logs($1)
-	admin_pattern($1, privoxy_log_t)
-
-	files_list_etc($1)
-	admin_pattern($1, privoxy_etc_rw_t)
-
-	files_list_pids($1)
-	admin_pattern($1, privoxy_var_run_t)
-')
diff --git a/policy/modules/services/privoxy.te b/policy/modules/services/privoxy.te
deleted file mode 100644
index 2404ddc..0000000
--- a/policy/modules/services/privoxy.te
+++ /dev/null
@@ -1,103 +0,0 @@
-policy_module(privoxy, 1.10.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow privoxy to connect to all ports, not just
-##	HTTP, FTP, and Gopher ports.
-##	</p>
-## </desc>
-gen_tunable(privoxy_connect_any, false)
-
-type privoxy_t; # web_client_domain
-type privoxy_exec_t;
-init_daemon_domain(privoxy_t, privoxy_exec_t)
-
-type privoxy_initrc_exec_t;
-init_script_file(privoxy_initrc_exec_t)
-
-type privoxy_etc_rw_t;
-files_type(privoxy_etc_rw_t)
-
-type privoxy_log_t;
-logging_log_file(privoxy_log_t)
-
-type privoxy_var_run_t;
-files_pid_file(privoxy_var_run_t)
-
-########################################
-#
-# Local Policy
-#
-
-allow privoxy_t self:capability { setgid setuid };
-dontaudit privoxy_t self:capability sys_tty_config;
-allow privoxy_t self:tcp_socket create_stream_socket_perms;
-
-allow privoxy_t privoxy_etc_rw_t:file rw_file_perms;
-
-manage_files_pattern(privoxy_t, privoxy_log_t, privoxy_log_t)
-logging_log_filetrans(privoxy_t, privoxy_log_t, file)
-
-manage_files_pattern(privoxy_t, privoxy_var_run_t, privoxy_var_run_t)
-files_pid_filetrans(privoxy_t, privoxy_var_run_t, file)
-
-kernel_read_system_state(privoxy_t)
-kernel_read_kernel_sysctls(privoxy_t)
-
-corenet_all_recvfrom_unlabeled(privoxy_t)
-corenet_all_recvfrom_netlabel(privoxy_t)
-corenet_tcp_sendrecv_generic_if(privoxy_t)
-corenet_tcp_sendrecv_generic_node(privoxy_t)
-corenet_tcp_sendrecv_all_ports(privoxy_t)
-corenet_tcp_bind_generic_node(privoxy_t)
-corenet_tcp_bind_http_cache_port(privoxy_t)
-corenet_tcp_connect_http_port(privoxy_t)
-corenet_tcp_connect_http_cache_port(privoxy_t)
-corenet_tcp_connect_squid_port(privoxy_t)
-corenet_tcp_connect_ftp_port(privoxy_t)
-corenet_tcp_connect_pgpkeyserver_port(privoxy_t)
-corenet_tcp_connect_tor_port(privoxy_t)
-corenet_sendrecv_http_cache_client_packets(privoxy_t)
-corenet_sendrecv_squid_client_packets(privoxy_t)
-corenet_sendrecv_http_cache_server_packets(privoxy_t)
-corenet_sendrecv_http_client_packets(privoxy_t)
-corenet_sendrecv_ftp_client_packets(privoxy_t)
-corenet_sendrecv_tor_client_packets(privoxy_t)
-
-dev_read_sysfs(privoxy_t)
-
-fs_getattr_all_fs(privoxy_t)
-fs_search_auto_mountpoints(privoxy_t)
-
-domain_use_interactive_fds(privoxy_t)
-
-files_read_etc_files(privoxy_t)
-
-auth_use_nsswitch(privoxy_t)
-
-logging_send_syslog_msg(privoxy_t)
-
-miscfiles_read_localization(privoxy_t)
-
-userdom_dontaudit_use_unpriv_user_fds(privoxy_t)
-userdom_dontaudit_search_user_home_dirs(privoxy_t)
-# cjp: this should really not be needed
-userdom_use_user_terminals(privoxy_t)
-
-tunable_policy(`privoxy_connect_any',`
-	corenet_tcp_connect_all_ports(privoxy_t)
-	corenet_sendrecv_all_client_packets(privoxy_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(privoxy_t)
-')
-
-optional_policy(`
-	udev_read_db(privoxy_t)
-')
diff --git a/policy/modules/services/procmail.fc b/policy/modules/services/procmail.fc
deleted file mode 100644
index 4b36a13..0000000
--- a/policy/modules/services/procmail.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-HOME_DIR/\.procmailrc -- gen_context(system_u:object_r:procmail_home_t, s0)
-/root/\.procmailrc -- gen_context(system_u:object_r:procmail_home_t, s0)
-
-/usr/bin/procmail	--	gen_context(system_u:object_r:procmail_exec_t,s0)
-
-/var/log/procmail\.log.* --	gen_context(system_u:object_r:procmail_log_t,s0)
-/var/log/procmail(/.*)?		gen_context(system_u:object_r:procmail_log_t,s0) 
diff --git a/policy/modules/services/procmail.if b/policy/modules/services/procmail.if
deleted file mode 100644
index 166e9c3..0000000
--- a/policy/modules/services/procmail.if
+++ /dev/null
@@ -1,98 +0,0 @@
-## <summary>Procmail mail delivery agent</summary>
-
-########################################
-## <summary>
-##	Execute procmail with a domain transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`procmail_domtrans',`
-	gen_require(`
-		type procmail_exec_t, procmail_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, procmail_exec_t, procmail_t)
-')
-
-########################################
-## <summary>
-##	Execute procmail in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`procmail_exec',`
-	gen_require(`
-		type procmail_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	can_exec($1, procmail_exec_t)
-')
-
-########################################
-## <summary>
-##	Read procmail tmp files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`procmail_read_tmp_files',`
-	gen_require(`
-		type procmail_tmp_t;
-	')
-
-	files_search_tmp($1)
-	allow $1 procmail_tmp_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Read/write procmail tmp files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`procmail_rw_tmp_files',`
-	gen_require(`
-		type procmail_tmp_t;
-	')
-
-	files_search_tmp($1)
-	rw_files_pattern($1, procmail_tmp_t, procmail_tmp_t)
-')
-
-########################################
-## <summary>
-##	Read procmail home directory content
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`procmail_read_home_files',`
-	gen_require(`
-		type procmail_home_t;
-	')
-
-	userdom_search_user_home_dirs($1)
-	read_files_pattern($1, procmail_home_t, procmail_home_t)
-')
diff --git a/policy/modules/services/procmail.te b/policy/modules/services/procmail.te
deleted file mode 100644
index 2a70dd1..0000000
--- a/policy/modules/services/procmail.te
+++ /dev/null
@@ -1,163 +0,0 @@
-policy_module(procmail, 1.12.0)
-
-########################################
-#
-# Declarations
-#
-
-type procmail_t;
-type procmail_exec_t;
-application_domain(procmail_t, procmail_exec_t)
-role system_r types procmail_t;
-
-type procmail_home_t;
-userdom_user_home_content(procmail_home_t)
-
-type procmail_log_t;
-logging_log_file(procmail_log_t) 
-
-type procmail_tmp_t;
-files_tmp_file(procmail_tmp_t)
-
-########################################
-#
-# Local policy
-#
-
-allow procmail_t self:capability { sys_nice chown fsetid setuid setgid dac_override };
-allow procmail_t self:process { setsched signal signull };
-allow procmail_t self:fifo_file rw_fifo_file_perms;
-allow procmail_t self:unix_stream_socket create_socket_perms;
-allow procmail_t self:unix_dgram_socket create_socket_perms;
-allow procmail_t self:tcp_socket create_stream_socket_perms;
-allow procmail_t self:udp_socket create_socket_perms;
-
-can_exec(procmail_t, procmail_exec_t)
-
-# Write log to /var/log/procmail.log or /var/log/procmail/.*
-allow procmail_t procmail_log_t:dir setattr_dir_perms;
-create_files_pattern(procmail_t, procmail_log_t, procmail_log_t)
-append_files_pattern(procmail_t, procmail_log_t, procmail_log_t)
-read_lnk_files_pattern(procmail_t, procmail_log_t, procmail_log_t)
-logging_log_filetrans(procmail_t, procmail_log_t, { file dir })
-
-allow procmail_t procmail_tmp_t:file manage_file_perms;
-files_tmp_filetrans(procmail_t, procmail_tmp_t, file)
-
-kernel_read_system_state(procmail_t)
-kernel_read_kernel_sysctls(procmail_t)
-
-corenet_all_recvfrom_unlabeled(procmail_t)
-corenet_all_recvfrom_netlabel(procmail_t)
-corenet_tcp_sendrecv_generic_if(procmail_t)
-corenet_udp_sendrecv_generic_if(procmail_t)
-corenet_tcp_sendrecv_generic_node(procmail_t)
-corenet_udp_sendrecv_generic_node(procmail_t)
-corenet_tcp_sendrecv_all_ports(procmail_t)
-corenet_udp_sendrecv_all_ports(procmail_t)
-corenet_udp_bind_generic_node(procmail_t)
-corenet_tcp_connect_spamd_port(procmail_t)
-corenet_sendrecv_spamd_client_packets(procmail_t)
-corenet_sendrecv_comsat_client_packets(procmail_t)
-
-dev_read_urand(procmail_t)
-
-fs_getattr_xattr_fs(procmail_t)
-fs_search_auto_mountpoints(procmail_t)
-fs_rw_anon_inodefs_files(procmail_t)
-
-auth_use_nsswitch(procmail_t)
-
-corecmd_exec_bin(procmail_t)
-corecmd_exec_shell(procmail_t)
-corecmd_read_bin_symlinks(procmail_t)
-
-files_read_etc_files(procmail_t)
-files_read_etc_runtime_files(procmail_t)
-files_search_pids(procmail_t)
-# for spamassasin
-files_read_usr_files(procmail_t)
-
-logging_send_syslog_msg(procmail_t)
-logging_append_all_logs(procmail_t)
-
-miscfiles_read_localization(procmail_t)
-
-list_dirs_pattern(procmail_t, procmail_home_t, procmail_home_t)
-read_files_pattern(procmail_t, procmail_home_t, procmail_home_t)
-userdom_search_user_home_dirs(procmail_t)
-userdom_search_admin_dir(procmail_t)
-
-# only works until we define a different type for maildir
-userdom_manage_user_home_content_dirs(procmail_t)
-userdom_manage_user_home_content_files(procmail_t)
-userdom_manage_user_home_content_symlinks(procmail_t)
-userdom_manage_user_home_content_pipes(procmail_t)
-userdom_manage_user_home_content_sockets(procmail_t)
-userdom_user_home_dir_filetrans_user_home_content(procmail_t, { dir file lnk_file fifo_file sock_file })
-
-# Execute user executables
-userdom_exec_user_bin_files(procmail_t)
-
-mta_manage_spool(procmail_t)
-mta_read_queue(procmail_t)
-
-ifdef(`hide_broken_symptoms',`
-	mta_dontaudit_rw_queue(procmail_t)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(procmail_t)
-	fs_manage_nfs_files(procmail_t)
-	fs_manage_nfs_symlinks(procmail_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(procmail_t)
-	fs_manage_cifs_files(procmail_t)
-	fs_manage_cifs_symlinks(procmail_t)
-')
-
-optional_policy(`
-	clamav_domtrans_clamscan(procmail_t)
-	clamav_search_lib(procmail_t)
-')
-
-optional_policy(`
-	munin_dontaudit_search_lib(procmail_t)
-')
-
-optional_policy(`
-	# for a bug in the postfix local program
-	postfix_dontaudit_rw_local_tcp_sockets(procmail_t)
-	postfix_dontaudit_use_fds(procmail_t)
-	postfix_read_spool_files(procmail_t)
-	postfix_read_local_state(procmail_t)
-	postfix_read_master_state(procmail_t)
-')
-
-optional_policy(`
-	nagios_search_spool(procmail_t)
-')
-
-optional_policy(`
-	pyzor_domtrans(procmail_t)
-	pyzor_signal(procmail_t)
-')
-
-optional_policy(`
-	mta_read_config(procmail_t)
-	sendmail_domtrans(procmail_t)
-	sendmail_signal(procmail_t)
-	sendmail_dontaudit_rw_tcp_sockets(procmail_t)
-	sendmail_dontaudit_rw_unix_stream_sockets(procmail_t)
-')
-
-optional_policy(`
-	corenet_udp_bind_generic_port(procmail_t)
-	corenet_dontaudit_udp_bind_all_ports(procmail_t)
-
-	spamassassin_domtrans_local_client(procmail_t)
-	spamassassin_domtrans_client(procmail_t)
-	spamassassin_read_lib_files(procmail_t)
-')
diff --git a/policy/modules/services/psad.fc b/policy/modules/services/psad.fc
deleted file mode 100644
index 6c66d44..0000000
--- a/policy/modules/services/psad.fc
+++ /dev/null
@@ -1,8 +0,0 @@
-/etc/rc\.d/init\.d/psad --		gen_context(system_u:object_r:psad_initrc_exec_t,s0)
-/etc/psad(/.*)?				gen_context(system_u:object_r:psad_etc_t,s0)
-
-/usr/sbin/psad		--		gen_context(system_u:object_r:psad_exec_t,s0)
-
-/var/lib/psad(/.*)?			gen_context(system_u:object_r:psad_var_lib_t,s0)
-/var/log/psad(/.*)?			gen_context(system_u:object_r:psad_var_log_t,s0)
-/var/run/psad(/.*)?			gen_context(system_u:object_r:psad_var_run_t,s0)
diff --git a/policy/modules/services/psad.if b/policy/modules/services/psad.if
deleted file mode 100644
index d1a3745..0000000
--- a/policy/modules/services/psad.if
+++ /dev/null
@@ -1,281 +0,0 @@
-## <summary>Intrusion Detection and Log Analysis with iptables</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run psad.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`psad_domtrans',`
-	gen_require(`
-		type psad_t, psad_exec_t;
-	')
-
-	domtrans_pattern($1, psad_exec_t, psad_t)
-')
-
-########################################
-## <summary>
-##	Send a generic signal to psad
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`psad_signal',`
-	gen_require(`
-		type psad_t;
-	')
-
-	allow $1 psad_t:process signal;
-')
-
-#######################################
-## <summary>
-##	Send a null signal to psad.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`psad_signull',`
-	gen_require(`
-		type psad_t;
-	')
-
-	allow $1 psad_t:process signull;
-')
-
-########################################
-## <summary>
-##	Read psad etc configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`psad_read_config',`
-	gen_require(`
-		type psad_etc_t;
-	')
-
-	files_search_etc($1)
-	read_files_pattern($1, psad_etc_t, psad_etc_t)
-')
-
-########################################
-## <summary>
-##	Manage psad etc configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`psad_manage_config',`
-	gen_require(`
-		type psad_etc_t;
-	')
-
-	files_search_etc($1)
-	manage_dirs_pattern($1, psad_etc_t, psad_etc_t)
-	manage_files_pattern($1, psad_etc_t, psad_etc_t)
-')
-
-########################################
-## <summary>
-##	Read psad PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`psad_read_pid_files',`
-	gen_require(`
-		type psad_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, psad_var_run_t, psad_var_run_t)
-')
-
-########################################
-## <summary>
-##	Read and write psad PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`psad_rw_pid_files',`
-	gen_require(`
-		type psad_var_run_t;
-	')
-
-	files_search_pids($1)
-	rw_files_pattern($1, psad_var_run_t, psad_var_run_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read psad's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`psad_read_log',`
-	gen_require(`
-		type psad_var_log_t;
-	')
-
-	logging_search_logs($1)
-	list_dirs_pattern($1, psad_var_log_t, psad_var_log_t)
-	read_files_pattern($1, psad_var_log_t, psad_var_log_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to append to psad's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`psad_append_log',`
-	gen_require(`
-		type psad_var_log_t;
-	')
-
-	logging_search_logs($1)
-	list_dirs_pattern($1, psad_var_log_t, psad_var_log_t)
-	append_files_pattern($1, psad_var_log_t, psad_var_log_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to write to psad's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`psad_write_log',`
-	gen_require(`
-		type psad_var_log_t;
-	')
-
-	logging_search_logs($1)
-	write_files_pattern($1, psad_var_log_t, psad_var_log_t)
-')
-
-########################################
-## <summary>
-##	Read and write psad fifo files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`psad_rw_fifo_file',`
-	gen_require(`
-		type psad_t;
-	')
-
-	files_search_var_lib($1)
-	search_dirs_pattern($1, psad_var_lib_t, psad_var_lib_t)
-	rw_fifo_files_pattern($1, psad_var_lib_t, psad_var_lib_t)
-')
-
-#######################################
-## <summary>
-##	Read and write psad tmp files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`psad_rw_tmp_files',`
-	gen_require(`
-		type psad_tmp_t;
-	')
-
-	files_search_tmp($1)
-	rw_files_pattern($1, psad_tmp_t, psad_tmp_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an psad environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the syslog domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`psad_admin',`
-	gen_require(`
-		type psad_t, psad_var_run_t, psad_var_log_t;
-		type psad_initrc_exec_t, psad_var_lib_t, psad_etc_t;
-		type psad_tmp_t;
-	')
-
-	allow $1 psad_t:process { ptrace signal_perms };
-	ps_process_pattern($1, psad_t)
-
-	init_labeled_script_domtrans($1, psad_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 psad_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, psad_etc_t)
-
-	files_list_pids($1)
-	admin_pattern($1, psad_var_run_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, psad_var_log_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, psad_var_lib_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, psad_tmp_t)
-')
diff --git a/policy/modules/services/psad.te b/policy/modules/services/psad.te
deleted file mode 100644
index c23cd14..0000000
--- a/policy/modules/services/psad.te
+++ /dev/null
@@ -1,108 +0,0 @@
-policy_module(psad, 1.0.0) 
-
-########################################
-#
-# Declarations
-#
-
-type psad_t;
-type psad_exec_t;
-init_daemon_domain(psad_t, psad_exec_t)
-
-# config files
-type psad_etc_t;
-files_type(psad_etc_t)
-
-type psad_initrc_exec_t;
-init_script_file(psad_initrc_exec_t)
-
-# var/lib files
-type psad_var_lib_t;
-files_type(psad_var_lib_t)
-
-# log files
-type psad_var_log_t;
-logging_log_file(psad_var_log_t)
-
-# pid files
-type psad_var_run_t;
-files_pid_file(psad_var_run_t)
-
-# tmp files
-type psad_tmp_t;
-files_tmp_file(psad_tmp_t)
-
-########################################
-#
-# psad local policy
-#
-
-allow psad_t self:capability { net_admin net_raw setuid setgid dac_override };
-dontaudit psad_t self:capability sys_tty_config;
-allow psad_t self:process signull;
-allow psad_t self:fifo_file rw_fifo_file_perms;
-allow psad_t self:rawip_socket create_socket_perms;
-
-# config files
-read_files_pattern(psad_t, psad_etc_t, psad_etc_t)
-list_dirs_pattern(psad_t, psad_etc_t, psad_etc_t)
-
-# log files
-manage_files_pattern(psad_t, psad_var_log_t, psad_var_log_t)
-manage_dirs_pattern(psad_t, psad_var_log_t, psad_var_log_t)
-logging_log_filetrans(psad_t, psad_var_log_t, { file dir })
-
-# pid file
-manage_dirs_pattern(psad_t, psad_var_run_t, psad_var_run_t)
-manage_files_pattern(psad_t, psad_var_run_t, psad_var_run_t)
-manage_sock_files_pattern(psad_t, psad_var_run_t, psad_var_run_t)
-files_pid_filetrans(psad_t, psad_var_run_t, { dir file sock_file })
-
-# tmp files
-manage_dirs_pattern(psad_t, psad_tmp_t, psad_tmp_t)
-manage_files_pattern(psad_t, psad_tmp_t, psad_tmp_t)
-files_tmp_filetrans(psad_t, psad_tmp_t, { file dir })
-
-# /var/lib files
-search_dirs_pattern(psad_t, psad_var_lib_t, psad_var_lib_t)
-manage_fifo_files_pattern(psad_t, psad_var_lib_t, psad_var_lib_t)
-
-kernel_read_system_state(psad_t)
-kernel_read_network_state(psad_t)
-kernel_read_net_sysctls(psad_t)
-
-corecmd_exec_shell(psad_t)
-corecmd_exec_bin(psad_t)
-
-corenet_all_recvfrom_unlabeled(psad_t)
-corenet_all_recvfrom_netlabel(psad_t)
-corenet_tcp_sendrecv_generic_if(psad_t)
-corenet_tcp_sendrecv_generic_node(psad_t)
-corenet_tcp_bind_generic_node(psad_t)
-corenet_tcp_sendrecv_all_ports(psad_t)
-corenet_tcp_connect_whois_port(psad_t)
-corenet_sendrecv_whois_client_packets(psad_t)
-
-dev_read_urand(psad_t)
-
-files_read_etc_runtime_files(psad_t)
-files_read_usr_files(psad_t)
-
-fs_getattr_all_fs(psad_t)
-
-auth_use_nsswitch(psad_t)
-
-iptables_domtrans(psad_t)
-
-logging_read_generic_logs(psad_t)
-logging_read_syslog_config(psad_t)
-logging_send_syslog_msg(psad_t)
-
-miscfiles_read_localization(psad_t)
-
-sysnet_exec_ifconfig(psad_t)
-
-optional_policy(`
-	mta_send_mail(psad_t)
-	mta_read_queue(psad_t)
-')
diff --git a/policy/modules/services/publicfile.fc b/policy/modules/services/publicfile.fc
deleted file mode 100644
index 5b20b68..0000000
--- a/policy/modules/services/publicfile.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-
-/usr/bin/ftpd		--	gen_context(system_u:object_r:publicfile_exec_t,s0)
-/usr/bin/httpd		--	gen_context(system_u:object_r:publicfile_exec_t,s0)
-
-# this is the place where online content located
-# set this to suit your needs
-#/var/www(/.*)?			gen_context(system_u:object_r:publicfile_content_t,s0)
diff --git a/policy/modules/services/publicfile.if b/policy/modules/services/publicfile.if
deleted file mode 100644
index 5b07592..0000000
--- a/policy/modules/services/publicfile.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>publicfile supplies files to the public through HTTP and FTP</summary>
diff --git a/policy/modules/services/publicfile.te b/policy/modules/services/publicfile.te
deleted file mode 100644
index 32edb73..0000000
--- a/policy/modules/services/publicfile.te
+++ /dev/null
@@ -1,34 +0,0 @@
-policy_module(publicfile, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type publicfile_t;
-type publicfile_exec_t;
-init_daemon_domain(publicfile_t, publicfile_exec_t)
-
-type publicfile_content_t;
-files_type(publicfile_content_t)
-
-########################################
-#
-# Local policy
-#
-
-allow publicfile_t self:capability { dac_override setgid setuid sys_chroot };
-allow publicfile_t publicfile_content_t:dir list_dir_perms;
-allow publicfile_t publicfile_content_t:file read_file_perms;
-
-files_search_var(publicfile_t)
-
-optional_policy(`
-	daemontools_ipc_domain(publicfile_t)
-')
-
-optional_policy(`
-	ucspitcp_service_domain(publicfile_t, publicfile_exec_t)
-')
-
-#allow publicfile_t initrc_t:tcp_socket { read write };
diff --git a/policy/modules/services/puppet.fc b/policy/modules/services/puppet.fc
deleted file mode 100644
index 2f1e529..0000000
--- a/policy/modules/services/puppet.fc
+++ /dev/null
@@ -1,11 +0,0 @@
-/etc/puppet(/.*)?			gen_context(system_u:object_r:puppet_etc_t,s0)
-
-/etc/rc\.d/init\.d/puppet	--	gen_context(system_u:object_r:puppet_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/puppetmaster --	gen_context(system_u:object_r:puppetmaster_initrc_exec_t,s0)
-
-/usr/sbin/puppetd		--	gen_context(system_u:object_r:puppet_exec_t,s0)
-/usr/sbin/puppetmasterd		--	gen_context(system_u:object_r:puppetmaster_exec_t,s0)
-
-/var/lib/puppet(/.*)?			gen_context(system_u:object_r:puppet_var_lib_t,s0)
-/var/log/puppet(/.*)?			gen_context(system_u:object_r:puppet_log_t,s0)
-/var/run/puppet(/.*)?			gen_context(system_u:object_r:puppet_var_run_t,s0)
diff --git a/policy/modules/services/puppet.if b/policy/modules/services/puppet.if
deleted file mode 100644
index 0456b11..0000000
--- a/policy/modules/services/puppet.if
+++ /dev/null
@@ -1,31 +0,0 @@
-## <summary>Puppet client daemon</summary>
-## <desc>
-##	<p>
-##	Puppet is a configuration management system written in Ruby.
-##	The client daemon is responsible for periodically requesting the
-##	desired system state from the server and ensuring the state of
-##	the client system matches.
-##	</p>
-## </desc>
-
-################################################
-## <summary>
-##	Read / Write to Puppet temp files.  Puppet uses
-##	some system binaries (groupadd, etc) that run in
-##	a non-puppet domain and redirects output into temp
-##	files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`puppet_rw_tmp',`
-	gen_require(`
-		type puppet_tmp_t;
-	')
-
-	allow $1 puppet_tmp_t:file rw_file_perms;
-	files_search_tmp($1)
-')
diff --git a/policy/modules/services/puppet.te b/policy/modules/services/puppet.te
deleted file mode 100644
index 80c1f5d..0000000
--- a/policy/modules/services/puppet.te
+++ /dev/null
@@ -1,244 +0,0 @@
-policy_module(puppet, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow Puppet client to manage all file
-##	types.
-##	</p>
-## </desc>
-gen_tunable(puppet_manage_all_files, false)
-
-type puppet_t;
-type puppet_exec_t;
-init_daemon_domain(puppet_t, puppet_exec_t)
-
-type puppet_etc_t;
-files_config_file(puppet_etc_t)
-
-type puppet_initrc_exec_t;
-init_script_file(puppet_initrc_exec_t)
-
-type puppet_log_t;
-logging_log_file(puppet_log_t)
-
-type puppet_tmp_t;
-files_tmp_file(puppet_tmp_t)
-
-type puppet_var_lib_t;
-files_type(puppet_var_lib_t)
-
-type puppet_var_run_t;
-files_pid_file(puppet_var_run_t)
-
-type puppetmaster_t;
-type puppetmaster_exec_t;
-init_daemon_domain(puppetmaster_t, puppetmaster_exec_t)
-
-type puppetmaster_initrc_exec_t;
-init_script_file(puppetmaster_initrc_exec_t)
-
-type puppetmaster_tmp_t;
-files_tmp_file(puppetmaster_tmp_t)
-
-########################################
-#
-# Puppet personal policy
-#
-
-allow puppet_t self:capability { fowner fsetid setuid setgid dac_override sys_nice sys_ptrace sys_tty_config };
-allow puppet_t self:process { signal signull getsched setsched };
-allow puppet_t self:fifo_file rw_fifo_file_perms;
-allow puppet_t self:netlink_route_socket create_netlink_socket_perms;
-allow puppet_t self:tcp_socket create_stream_socket_perms;
-allow puppet_t self:udp_socket create_socket_perms;
-
-read_files_pattern(puppet_t, puppet_etc_t, puppet_etc_t)
-
-manage_dirs_pattern(puppet_t, puppet_var_lib_t, puppet_var_lib_t)
-manage_files_pattern(puppet_t, puppet_var_lib_t, puppet_var_lib_t)
-files_search_var_lib(puppet_t)
-
-manage_dirs_pattern(puppet_t, puppet_var_run_t, puppet_var_run_t)
-manage_files_pattern(puppet_t, puppet_var_run_t, puppet_var_run_t)
-files_pid_filetrans(puppet_t, puppet_var_run_t, { file dir })
-
-create_dirs_pattern(puppet_t, var_log_t, puppet_log_t)
-create_files_pattern(puppet_t, puppet_log_t, puppet_log_t)
-append_files_pattern(puppet_t, puppet_log_t, puppet_log_t)
-logging_log_filetrans(puppet_t, puppet_log_t, { file dir })
-
-manage_dirs_pattern(puppet_t, puppet_tmp_t, puppet_tmp_t)
-manage_files_pattern(puppet_t, puppet_tmp_t, puppet_tmp_t)
-files_tmp_filetrans(puppet_t, puppet_tmp_t, { file dir })
-
-kernel_dontaudit_search_sysctl(puppet_t)
-kernel_dontaudit_search_kernel_sysctl(puppet_t)
-kernel_read_system_state(puppet_t)
-kernel_read_crypto_sysctls(puppet_t)
-
-corecmd_exec_bin(puppet_t)
-corecmd_exec_shell(puppet_t)
-
-corenet_all_recvfrom_netlabel(puppet_t)
-corenet_all_recvfrom_unlabeled(puppet_t)
-corenet_tcp_sendrecv_generic_if(puppet_t)
-corenet_tcp_sendrecv_generic_node(puppet_t)
-corenet_tcp_bind_generic_node(puppet_t)
-corenet_tcp_connect_puppet_port(puppet_t)
-corenet_sendrecv_puppet_client_packets(puppet_t)
-
-dev_read_rand(puppet_t)
-dev_read_sysfs(puppet_t)
-dev_read_urand(puppet_t)
-
-domain_read_all_domains_state(puppet_t)
-domain_interactive_fd(puppet_t)
-
-files_manage_config_files(puppet_t)
-files_manage_config_dirs(puppet_t)
-files_manage_etc_dirs(puppet_t)
-files_manage_etc_files(puppet_t)
-files_read_usr_symlinks(puppet_t)
-files_relabel_config_dirs(puppet_t)
-files_relabel_config_files(puppet_t)
-
-selinux_search_fs(puppet_t)
-selinux_set_all_booleans(puppet_t)
-selinux_set_generic_booleans(puppet_t)
-selinux_validate_context(puppet_t)
-
-term_dontaudit_getattr_unallocated_ttys(puppet_t)
-term_dontaudit_getattr_all_ttys(puppet_t)
-
-init_all_labeled_script_domtrans(puppet_t)
-init_domtrans_script(puppet_t)
-init_read_utmp(puppet_t)
-init_signull_script(puppet_t)
-
-logging_send_syslog_msg(puppet_t)
-
-miscfiles_read_hwdata(puppet_t)
-miscfiles_read_localization(puppet_t)
-
-seutil_domtrans_setfiles(puppet_t)
-seutil_domtrans_semanage(puppet_t)
-
-sysnet_dns_name_resolve(puppet_t)
-sysnet_run_ifconfig(puppet_t, system_r)
-
-tunable_policy(`puppet_manage_all_files',`
-	auth_manage_all_files_except_shadow(puppet_t)
-')
-
-optional_policy(`
-	consoletype_domtrans(puppet_t)
-')
-
-optional_policy(`
-	hostname_exec(puppet_t)
-')
-
-optional_policy(`
-	files_rw_var_files(puppet_t)
-
-	rpm_domtrans(puppet_t)
-	rpm_manage_db(puppet_t)
-	rpm_manage_log(puppet_t)
-')
-
-optional_policy(`
-	unconfined_domain(puppet_t)
-')
-
-optional_policy(`
-	usermanage_domtrans_groupadd(puppet_t)
-	usermanage_domtrans_useradd(puppet_t)
-')
-
-########################################
-#
-# Pupper master personal policy
-#
-
-allow puppetmaster_t self:capability { dac_read_search dac_override setuid setgid fowner chown fsetid sys_tty_config };
-allow puppetmaster_t self:process { signal_perms getsched setsched };
-allow puppetmaster_t self:fifo_file rw_fifo_file_perms;
-allow puppetmaster_t self:netlink_route_socket create_netlink_socket_perms;
-allow puppetmaster_t self:socket create;
-allow puppetmaster_t self:tcp_socket create_stream_socket_perms;
-allow puppetmaster_t self:udp_socket create_socket_perms;
-
-list_dirs_pattern(puppetmaster_t, puppet_etc_t, puppet_etc_t)
-read_files_pattern(puppetmaster_t, puppet_etc_t, puppet_etc_t)
-
-allow puppetmaster_t puppet_log_t:dir { rw_dir_perms setattr_dir_perms };
-allow puppetmaster_t puppet_log_t:file { rw_file_perms create_file_perms setattr_file_perms };
-logging_log_filetrans(puppetmaster_t, puppet_log_t, { file dir })
-allow puppetmaster_t puppet_log_t:file relabel_file_perms;
-
-manage_dirs_pattern(puppetmaster_t, puppet_var_lib_t, puppet_var_lib_t)
-manage_files_pattern(puppetmaster_t, puppet_var_lib_t, puppet_var_lib_t)
-allow puppetmaster_t puppet_var_lib_t:dir relabel_dir_perms;
-
-setattr_dirs_pattern(puppetmaster_t, puppet_var_run_t, puppet_var_run_t)
-manage_files_pattern(puppetmaster_t, puppet_var_run_t, puppet_var_run_t)
-files_pid_filetrans(puppetmaster_t, puppet_var_run_t, { file dir })
-allow puppetmaster_t puppet_var_run_t:dir relabel_dir_perms;
-
-manage_dirs_pattern(puppetmaster_t, puppetmaster_tmp_t, puppetmaster_tmp_t)
-manage_files_pattern(puppetmaster_t, puppetmaster_tmp_t, puppetmaster_tmp_t)
-files_tmp_filetrans(puppetmaster_t, puppetmaster_tmp_t, { file dir })
-allow puppetmaster_t puppet_tmp_t:dir relabel_dir_perms;
-
-kernel_dontaudit_search_kernel_sysctl(puppetmaster_t)
-kernel_read_system_state(puppetmaster_t)
-kernel_read_crypto_sysctls(puppetmaster_t)
-kernel_read_kernel_sysctls(puppetmaster_t)
-
-corecmd_exec_bin(puppetmaster_t)
-corecmd_exec_shell(puppetmaster_t)
-
-corenet_all_recvfrom_netlabel(puppetmaster_t)
-corenet_all_recvfrom_unlabeled(puppetmaster_t)
-corenet_tcp_sendrecv_generic_if(puppetmaster_t)
-corenet_tcp_sendrecv_generic_node(puppetmaster_t)
-corenet_tcp_bind_generic_node(puppetmaster_t)
-corenet_tcp_bind_puppet_port(puppetmaster_t)
-corenet_sendrecv_puppet_server_packets(puppetmaster_t)
-
-dev_read_rand(puppetmaster_t)
-dev_read_urand(puppetmaster_t)
-
-domain_read_all_domains_state(puppetmaster_t)
-
-files_read_etc_files(puppetmaster_t)
-files_search_var_lib(puppetmaster_t)
-
-selinux_validate_context(puppetmaster_t)
-
-logging_send_syslog_msg(puppetmaster_t)
-
-miscfiles_read_localization(puppetmaster_t)
-
-seutil_read_file_contexts(puppetmaster_t)
-
-sysnet_dns_name_resolve(puppetmaster_t)
-sysnet_run_ifconfig(puppetmaster_t, system_r)
-
-mta_send_mail(puppetmaster_t)
-
-optional_policy(`
-	hostname_exec(puppetmaster_t)
-')
-
-optional_policy(`
-	files_read_usr_symlinks(puppetmaster_t)
-
-	rpm_exec(puppetmaster_t)
-	rpm_read_db(puppetmaster_t)
-')
diff --git a/policy/modules/services/pxe.fc b/policy/modules/services/pxe.fc
deleted file mode 100644
index 44b3a0c..0000000
--- a/policy/modules/services/pxe.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-
-/usr/sbin/pxe		--	gen_context(system_u:object_r:pxe_exec_t,s0)
-
-/var/log/pxe\.log	--	gen_context(system_u:object_r:pxe_log_t,s0)
-
-/var/run/pxe\.pid	--	gen_context(system_u:object_r:pxe_var_run_t,s0)
diff --git a/policy/modules/services/pxe.if b/policy/modules/services/pxe.if
deleted file mode 100644
index d3d6a6b..0000000
--- a/policy/modules/services/pxe.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>Server for the PXE network boot protocol</summary>
diff --git a/policy/modules/services/pxe.te b/policy/modules/services/pxe.te
deleted file mode 100644
index fec69eb..0000000
--- a/policy/modules/services/pxe.te
+++ /dev/null
@@ -1,63 +0,0 @@
-policy_module(pxe, 1.4.0)
-
-# cjp: policy seems incomplete
-
-########################################
-#
-# Declarations
-#
-
-type pxe_t;
-type pxe_exec_t;
-init_daemon_domain(pxe_t, pxe_exec_t)
-
-type pxe_log_t;
-logging_log_file(pxe_log_t)
-
-type pxe_var_run_t;
-files_pid_file(pxe_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow pxe_t self:capability { chown setgid setuid };
-dontaudit pxe_t self:capability sys_tty_config;
-allow pxe_t self:process signal_perms;
-
-allow pxe_t pxe_log_t:file manage_file_perms;
-logging_log_filetrans(pxe_t, pxe_log_t, file)
-
-manage_files_pattern(pxe_t, pxe_var_run_t, pxe_var_run_t)
-files_pid_filetrans(pxe_t, pxe_var_run_t, file)
-
-kernel_read_kernel_sysctls(pxe_t)
-kernel_list_proc(pxe_t)
-kernel_read_proc_symlinks(pxe_t)
-
-corenet_udp_bind_pxe_port(pxe_t)
-
-dev_read_sysfs(pxe_t)
-
-domain_use_interactive_fds(pxe_t)
-
-files_read_etc_files(pxe_t)
-
-fs_getattr_all_fs(pxe_t)
-fs_search_auto_mountpoints(pxe_t)
-
-logging_send_syslog_msg(pxe_t)
-
-miscfiles_read_localization(pxe_t)
-
-userdom_dontaudit_use_unpriv_user_fds(pxe_t)
-userdom_dontaudit_search_user_home_dirs(pxe_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(pxe_t)
-')
-
-optional_policy(`
-	udev_read_db(pxe_t)
-')
diff --git a/policy/modules/services/pyicqt.fc b/policy/modules/services/pyicqt.fc
deleted file mode 100644
index 491fe8f..0000000
--- a/policy/modules/services/pyicqt.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-/etc/pyicq-t(/.*)?			gen_context(system_u:object_r:pyicqt_conf_t,s0)
-
-/usr/share/pyicq-t/PyICQt\.py	--	gen_context(system_u:object_r:pyicqt_exec_t,s0)
-
-/var/run/pyicq-t(/.*)?			gen_context(system_u:object_r:pyicqt_var_run_t,s0)
-
-/var/spool/pyicq-t(/.*)?		gen_context(system_u:object_r:pyicqt_spool_t,s0)
diff --git a/policy/modules/services/pyicqt.if b/policy/modules/services/pyicqt.if
deleted file mode 100644
index 9604b6a..0000000
--- a/policy/modules/services/pyicqt.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>PyICQt is an ICQ transport for XMPP server.</summary>
diff --git a/policy/modules/services/pyicqt.te b/policy/modules/services/pyicqt.te
deleted file mode 100644
index a841221..0000000
--- a/policy/modules/services/pyicqt.te
+++ /dev/null
@@ -1,59 +0,0 @@
-policy_module(pyicqt, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type pyicqt_t;
-type pyicqt_exec_t;
-init_daemon_domain(pyicqt_t, pyicqt_exec_t)
-
-type pyicqt_conf_t;
-files_config_file(pyicqt_conf_t)
-
-type pyicqt_spool_t;
-files_type(pyicqt_spool_t)
-
-type pyicqt_var_run_t;
-files_pid_file(pyicqt_var_run_t)
-
-########################################
-#
-# PyICQt policy
-#
-
-allow pyicqt_t self:fifo_file rw_fifo_file_perms;
-allow pyicqt_t self:tcp_socket create_socket_perms;
-allow pyicqt_t self:udp_socket create_socket_perms;
-
-read_files_pattern(pyicqt_t, pyicqt_conf_t, pyicqt_conf_t)
-
-manage_dirs_pattern(pyicqt_t, pyicqt_spool_t, pyicqt_spool_t)
-manage_files_pattern(pyicqt_t, pyicqt_spool_t, pyicqt_spool_t)
-files_spool_filetrans(pyicqt_t, pyicqt_spool_t, { dir file })
-
-manage_files_pattern(pyicqt_t, pyicqt_var_run_t, pyicqt_var_run_t)
-files_pid_filetrans(pyicqt_t, pyicqt_var_run_t, file)
-
-kernel_read_system_state(pyicqt_t)
-
-corecmd_exec_bin(pyicqt_t)
-
-corenet_all_recvfrom_unlabeled(pyicqt_t)
-corenet_all_recvfrom_netlabel(pyicqt_t)
-corenet_tcp_sendrecv_generic_if(pyicqt_t)
-corenet_tcp_sendrecv_generic_node(pyicqt_t)
-corenet_tcp_connect_generic_port(pyicqt_t)
-corenet_sendrecv_generic_client_packets(pyicqt_t)
-
-dev_read_urand(pyicqt_t)
-
-files_read_etc_files(pyicqt_t)
-files_read_usr_files(pyicqt_t)
-
-libs_read_lib_files(pyicqt_t)
-
-miscfiles_read_localization(pyicqt_t)
-
-sysnet_read_config(pyicqt_t)
diff --git a/policy/modules/services/pyzor.fc b/policy/modules/services/pyzor.fc
deleted file mode 100644
index 705196e..0000000
--- a/policy/modules/services/pyzor.fc
+++ /dev/null
@@ -1,13 +0,0 @@
-/etc/pyzor(/.*)?		gen_context(system_u:object_r:pyzor_etc_t, s0)
-/etc/rc\.d/init\.d/pyzord	--	gen_context(system_u:object_r:pyzord_initrc_exec_t,s0)
-
-HOME_DIR/\.pyzor(/.*)?		gen_context(system_u:object_r:pyzor_home_t,s0)
-HOME_DIR/\.spamd(/.*)?		gen_context(system_u:object_r:pyzor_home_t,s0)
-/root/\.pyzor(/.*)?		gen_context(system_u:object_r:pyzor_home_t,s0)
-/root/\.spamd(/.*)?		gen_context(system_u:object_r:pyzor_home_t,s0)
-
-/usr/bin/pyzor		--	gen_context(system_u:object_r:pyzor_exec_t,s0)
-/usr/bin/pyzord		--	gen_context(system_u:object_r:pyzord_exec_t,s0)
-
-/var/lib/pyzord(/.*)?		gen_context(system_u:object_r:pyzor_var_lib_t,s0)
-/var/log/pyzord\.log	--	gen_context(system_u:object_r:pyzord_log_t,s0)
diff --git a/policy/modules/services/pyzor.if b/policy/modules/services/pyzor.if
deleted file mode 100644
index aa3d0b4..0000000
--- a/policy/modules/services/pyzor.if
+++ /dev/null
@@ -1,135 +0,0 @@
-## <summary>Pyzor is a distributed, collaborative spam detection and filtering network.</summary>
-
-########################################
-## <summary>
-##	Role access for pyzor
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`pyzor_role',`
-	gen_require(`
-		type pyzor_t, pyzor_exec_t;
-		type pyzor_home_t, pyzor_var_lib_t, pyzor_tmp_t;
-	')
-
-	role $1 types pyzor_t;
-
-	# Transition from the user domain to the derived domain.
-	domtrans_pattern($2, pyzor_exec_t, pyzor_t)
-
-	# allow ps to show pyzor and allow the user to kill it 
-	ps_process_pattern($2, pyzor_t)
-	allow $2 pyzor_t:process { ptrace signal_perms };
-')
-
-########################################
-## <summary>
-##	Send generic signals to pyzor
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pyzor_signal',`
-	gen_require(`
-		type pyzor_t;
-	')
-
-	allow $1 pyzor_t:process signal;
-')
-
-########################################
-## <summary>
-##	Execute pyzor with a domain transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`pyzor_domtrans',`
-	gen_require(`
-		type pyzor_exec_t, pyzor_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, pyzor_exec_t, pyzor_t)
-')
-
-########################################
-## <summary>
-##	Execute pyzor in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pyzor_exec',`
-	gen_require(`
-		type pyzor_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	can_exec($1, pyzor_exec_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an pyzor environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the pyzor domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`pyzor_admin',`
-	gen_require(`
-		type pyzord_t, pyzor_tmp_t, pyzord_log_t;
-		type pyzor_etc_t, pyzor_var_lib_t, pyzord_initrc_exec_t;
-	')
-
-	allow $1 pyzord_t:process { ptrace signal_perms };
-	ps_process_pattern($1, pyzord_t)
-
-	init_labeled_script_domtrans($1, pyzord_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 pyzord_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, pyzor_tmp_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, pyzord_log_t)
-
-	files_list_etc($1)
-	admin_pattern($1, pyzor_etc_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, pyzor_var_lib_t)
-')
diff --git a/policy/modules/services/pyzor.te b/policy/modules/services/pyzor.te
deleted file mode 100644
index d455637..0000000
--- a/policy/modules/services/pyzor.te
+++ /dev/null
@@ -1,174 +0,0 @@
-policy_module(pyzor, 2.1.0)
-
-########################################
-#
-# Declarations
-#
-
-ifdef(`distro_redhat',`
-	gen_require(`
-		type spamc_t, spamc_exec_t, spamd_t;
-		type spamd_initrc_exec_t, spamd_exec_t, spamc_tmp_t;
-		type spamd_log_t, spamd_var_lib_t, spamd_etc_t;
-		type spamc_tmp_t, spamc_home_t;
-	')
-
-	typealias spamc_t alias pyzor_t;
-	typealias spamc_exec_t alias pyzor_exec_t;
-	typealias spamd_t alias pyzord_t;
-	typealias spamd_initrc_exec_t alias pyzord_initrc_exec_t;
-	typealias spamd_exec_t alias pyzord_exec_t;
-	typealias spamc_tmp_t alias pyzor_tmp_t;
-	typealias spamd_log_t alias pyzor_log_t;
-	typealias spamd_log_t alias pyzord_log_t;
-	typealias spamd_var_lib_t alias pyzor_var_lib_t;
-	typealias spamd_etc_t alias pyzor_etc_t;
-	typealias spamc_home_t alias pyzor_home_t;
-	typealias spamc_home_t alias user_pyzor_home_t;
-',`
-	type pyzor_t;
-	type pyzor_exec_t;
-	typealias pyzor_t alias { user_pyzor_t staff_pyzor_t sysadm_pyzor_t };
-	typealias pyzor_t alias { auditadm_pyzor_t secadm_pyzor_t };
-	application_domain(pyzor_t, pyzor_exec_t)
-	ubac_constrained(pyzor_t)
-	role system_r types pyzor_t;
-
-	type pyzor_etc_t;
-	files_type(pyzor_etc_t)
-
-	type pyzor_home_t;
-	typealias pyzor_home_t alias { user_pyzor_home_t staff_pyzor_home_t sysadm_pyzor_home_t };
-	typealias pyzor_home_t alias { auditadm_pyzor_home_t secadm_pyzor_home_t };
-	userdom_user_home_content(pyzor_home_t)
-
-	type pyzor_tmp_t;
-	typealias pyzor_tmp_t alias { user_pyzor_tmp_t staff_pyzor_tmp_t sysadm_pyzor_tmp_t };
-	typealias pyzor_tmp_t alias { auditadm_pyzor_tmp_t secadm_pyzor_tmp_t };
-	files_tmp_file(pyzor_tmp_t)
-	ubac_constrained(pyzor_tmp_t)
-
-	type pyzor_var_lib_t;
-	typealias pyzor_var_lib_t alias { user_pyzor_var_lib_t staff_pyzor_var_lib_t sysadm_pyzor_var_lib_t };
-	typealias pyzor_var_lib_t alias { auditadm_pyzor_var_lib_t secadm_pyzor_var_lib_t };
-	files_type(pyzor_var_lib_t)
-	ubac_constrained(pyzor_var_lib_t)
-
-	type pyzord_t;
-	type pyzord_exec_t;
-	init_daemon_domain(pyzord_t, pyzord_exec_t)
-
-	type pyzord_log_t;
-	logging_log_file(pyzord_log_t)
-')
-
-########################################
-#
-# Pyzor client local policy
-#
-
-allow pyzor_t self:udp_socket create_socket_perms;
-
-manage_dirs_pattern(pyzor_t, pyzor_home_t, pyzor_home_t)
-manage_files_pattern(pyzor_t, pyzor_home_t, pyzor_home_t)
-manage_lnk_files_pattern(pyzor_t, pyzor_home_t, pyzor_home_t)
-userdom_user_home_dir_filetrans(pyzor_t, pyzor_home_t, { dir file lnk_file })
-
-allow pyzor_t pyzor_var_lib_t:dir list_dir_perms;
-read_files_pattern(pyzor_t, pyzor_var_lib_t, pyzor_var_lib_t)
-files_search_var_lib(pyzor_t)
-
-manage_files_pattern(pyzor_t, pyzor_tmp_t, pyzor_tmp_t)
-manage_dirs_pattern(pyzor_t, pyzor_tmp_t, pyzor_tmp_t)
-files_tmp_filetrans(pyzor_t, pyzor_tmp_t, { file dir })
-
-kernel_read_kernel_sysctls(pyzor_t)	
-kernel_read_system_state(pyzor_t)
-
-corecmd_list_bin(pyzor_t)
-corecmd_getattr_bin_files(pyzor_t)
-
-corenet_tcp_sendrecv_generic_if(pyzor_t)
-corenet_udp_sendrecv_generic_if(pyzor_t)
-corenet_tcp_sendrecv_generic_node(pyzor_t)
-corenet_udp_sendrecv_generic_node(pyzor_t)
-corenet_tcp_sendrecv_all_ports(pyzor_t)
-corenet_udp_sendrecv_all_ports(pyzor_t)
-corenet_tcp_connect_http_port(pyzor_t)
-
-dev_read_urand(pyzor_t)
-
-fs_getattr_xattr_fs(pyzor_t)
-
-files_read_etc_files(pyzor_t)
-
-auth_use_nsswitch(pyzor_t)
-
-miscfiles_read_localization(pyzor_t)
-
-mta_read_queue(pyzor_t)
-
-userdom_dontaudit_search_user_home_dirs(pyzor_t)
-
-optional_policy(`
-	amavis_manage_lib_files(pyzor_t)
-	amavis_manage_spool_files(pyzor_t)
-')
-
-optional_policy(`
-	spamassassin_signal_spamd(pyzor_t)
-	spamassassin_read_spamd_tmp_files(pyzor_t)
-')
-
-########################################
-#
-# Pyzor server local policy
-#
-
-allow pyzord_t self:udp_socket create_socket_perms;
-
-manage_files_pattern(pyzord_t, pyzor_var_lib_t, pyzor_var_lib_t)
-allow pyzord_t pyzor_var_lib_t:dir setattr;
-files_var_lib_filetrans(pyzord_t, pyzor_var_lib_t, { file dir })
-
-read_files_pattern(pyzord_t, pyzor_etc_t, pyzor_etc_t)
-allow pyzord_t pyzor_etc_t:dir list_dir_perms;
-
-can_exec(pyzord_t, pyzor_exec_t)
-
-manage_files_pattern(pyzord_t, pyzord_log_t, pyzord_log_t)
-allow pyzord_t pyzord_log_t:dir setattr_dir_perms;
-logging_log_filetrans(pyzord_t, pyzord_log_t, { file dir })
-
-kernel_read_kernel_sysctls(pyzord_t)
-kernel_read_system_state(pyzord_t)
-
-dev_read_urand(pyzord_t)
-
-corecmd_exec_bin(pyzord_t)
-
-corenet_all_recvfrom_unlabeled(pyzord_t)
-corenet_all_recvfrom_netlabel(pyzord_t)
-corenet_udp_sendrecv_generic_if(pyzord_t)
-corenet_udp_sendrecv_generic_node(pyzord_t)
-corenet_udp_sendrecv_all_ports(pyzord_t)
-corenet_udp_bind_generic_node(pyzord_t)
-corenet_udp_bind_pyzor_port(pyzord_t)
-corenet_sendrecv_pyzor_server_packets(pyzord_t)
-
-files_read_etc_files(pyzord_t)
-
-auth_use_nsswitch(pyzord_t)
-
-locallogin_dontaudit_use_fds(pyzord_t)
-
-miscfiles_read_localization(pyzord_t)
-
-# Do not audit attempts to access /root.
-userdom_dontaudit_search_user_home_dirs(pyzord_t)
-
-mta_manage_spool(pyzord_t)
-
-optional_policy(`
-	logging_send_syslog_msg(pyzord_t)
-')
diff --git a/policy/modules/services/qmail.fc b/policy/modules/services/qmail.fc
deleted file mode 100644
index 0055e54..0000000
--- a/policy/modules/services/qmail.fc
+++ /dev/null
@@ -1,47 +0,0 @@
-
-/var/qmail/alias		-d	gen_context(system_u:object_r:qmail_alias_home_t,s0)
-/var/qmail/alias(/.*)?			gen_context(system_u:object_r:qmail_alias_home_t,s0)
-
-/var/qmail/bin/qmail-clean	--	gen_context(system_u:object_r:qmail_clean_exec_t,s0)
-/var/qmail/bin/qmail-getpw	--	gen_context(system_u:object_r:qmail_exec_t,s0)
-/var/qmail/bin/qmail-inject	--	gen_context(system_u:object_r:qmail_inject_exec_t,s0)
-/var/qmail/bin/qmail-local	--	gen_context(system_u:object_r:qmail_local_exec_t,s0)
-/var/qmail/bin/qmail-lspawn	--	gen_context(system_u:object_r:qmail_lspawn_exec_t,s0)
-/var/qmail/bin/qmail-queue	--	gen_context(system_u:object_r:qmail_queue_exec_t,s0)
-/var/qmail/bin/qmail-remote	--	gen_context(system_u:object_r:qmail_remote_exec_t,s0)
-/var/qmail/bin/qmail-rspawn	--	gen_context(system_u:object_r:qmail_rspawn_exec_t,s0)
-/var/qmail/bin/qmail-send	--	gen_context(system_u:object_r:qmail_send_exec_t,s0)
-/var/qmail/bin/qmail-smtpd	--	gen_context(system_u:object_r:qmail_smtpd_exec_t,s0)
-/var/qmail/bin/qmail-start	--	gen_context(system_u:object_r:qmail_start_exec_t,s0)
-/var/qmail/bin/splogger		--	gen_context(system_u:object_r:qmail_splogger_exec_t,s0)
-/var/qmail/bin/tcp-env		--	gen_context(system_u:object_r:qmail_tcp_env_exec_t,s0)
-
-/var/qmail/control(/.*)?		gen_context(system_u:object_r:qmail_etc_t,s0)
-
-/var/qmail/queue(/.*)?			gen_context(system_u:object_r:qmail_spool_t,s0)
-
-ifdef(`distro_debian', `
-/etc/qmail(/.*)?			gen_context(system_u:object_r:qmail_etc_t,s0)
-
-/usr/bin/tcp-env		--	gen_context(system_u:object_r:qmail_tcp_env_exec_t,s0)
-
-#/usr/local/bin/serialmail/.*	--	gen_context(system_u:object_r:qmail_serialmail_exec_t,s0)
-
-/usr/sbin/qmail-clean		--	gen_context(system_u:object_r:qmail_clean_exec_t,s0)
-/usr/sbin/qmail-getpw		--	gen_context(system_u:object_r:qmail_exec_t,s0)
-/usr/sbin/qmail-inject		--	gen_context(system_u:object_r:qmail_inject_exec_t,s0)
-/usr/sbin/qmail-local		--	gen_context(system_u:object_r:qmail_local_exec_t,s0)
-/usr/sbin/qmail-lspawn		--	gen_context(system_u:object_r:qmail_lspawn_exec_t,s0)
-/usr/sbin/qmail-queue		--	gen_context(system_u:object_r:qmail_queue_exec_t,s0)
-/usr/sbin/qmail-remote		--	gen_context(system_u:object_r:qmail_remote_exec_t,s0)
-/usr/sbin/qmail-rspawn		--	gen_context(system_u:object_r:qmail_rspawn_exec_t,s0)
-/usr/sbin/qmail-send		--	gen_context(system_u:object_r:qmail_send_exec_t,s0)
-/usr/sbin/qmail-smtpd		--	gen_context(system_u:object_r:qmail_smtpd_exec_t,s0)
-/usr/sbin/qmail-start		--	gen_context(system_u:object_r:qmail_start_exec_t,s0)
-/usr/sbin/splogger		--	gen_context(system_u:object_r:qmail_splogger_exec_t,s0)
-
-/var/qmail(/.*)?			gen_context(system_u:object_r:qmail_etc_t,s0)
-
-/var/spool/qmail(/.*)?			gen_context(system_u:object_r:qmail_spool_t,s0)
-')
-
diff --git a/policy/modules/services/qmail.if b/policy/modules/services/qmail.if
deleted file mode 100644
index 77a25f5..0000000
--- a/policy/modules/services/qmail.if
+++ /dev/null
@@ -1,149 +0,0 @@
-## <summary>Qmail Mail Server</summary>
-
-########################################
-## <summary>
-##	Template for qmail parent/sub-domain pairs
-## </summary>
-## <param name="child_prefix">
-##	<summary>
-##	The prefix of the child domain
-##	</summary>
-## </param>
-## <param name="parent_domain">
-##	<summary>
-##	The name of the parent domain.
-##	</summary>
-## </param>
-#
-template(`qmail_child_domain_template',`
-	type $1_t;
-	domain_type($1_t)
-	type $1_exec_t;
-	domain_entry_file($1_t, $1_exec_t)
-	domain_auto_trans($2, $1_exec_t, $1_t)
-	role system_r types $1_t;
-
-	allow $1_t self:process signal_perms;
-
-	allow $1_t $2:fd use;
-	allow $1_t $2:fifo_file rw_file_perms;
-	allow $1_t $2:process sigchld;
-
-	allow $1_t qmail_etc_t:dir list_dir_perms;
-	allow $1_t qmail_etc_t:file read_file_perms;
-	allow $1_t qmail_etc_t:lnk_file read_lnk_file_perms;
-
-	allow $1_t qmail_start_t:fd use;
-
-	kernel_list_proc($2)
-	kernel_read_proc_symlinks($2)
-
-	corecmd_search_bin($1_t)
-
-	files_search_var($1_t)
-
-	fs_getattr_xattr_fs($1_t)
-
-	miscfiles_read_localization($1_t)
-')
-
-########################################
-## <summary>
-##	Transition to qmail_inject_t
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`qmail_domtrans_inject',`
-	gen_require(`
-		type qmail_inject_t, qmail_inject_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, qmail_inject_exec_t, qmail_inject_t)
-
-	ifdef(`distro_debian',`
-		files_search_usr($1)
-	',`
-		files_search_var($1)
-	')
-')
-
-########################################
-## <summary>
-##	Transition to qmail_queue_t
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`qmail_domtrans_queue',`
-	gen_require(`
-		type qmail_queue_t, qmail_queue_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, qmail_queue_exec_t, qmail_queue_t)
-
-	ifdef(`distro_debian',`
-		files_search_usr($1)
-	',`
-		files_search_var($1)
-	')
-')
-
-########################################
-## <summary>
-##	Read qmail configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`qmail_read_config',`
-	gen_require(`
-		type qmail_etc_t;
-	')
-
-	allow $1 qmail_etc_t:dir list_dir_perms;
-	allow $1 qmail_etc_t:file read_file_perms;
-	allow $1 qmail_etc_t:lnk_file read_lnk_file_perms;
-	files_search_var($1)
-
-	ifdef(`distro_debian',`
-		# handle /etc/qmail
-		files_search_etc($1)
-	')
-')
-
-########################################
-## <summary>
-##	Define the specified domain as a qmail-smtp service. 
-##	Needed by antivirus/antispam filters.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-## <param name="entrypoint">
-##	<summary>
-##	The type associated with the process program.
-##	</summary>
-## </param>
-#
-interface(`qmail_smtpd_service_domain',`
-	gen_require(`
-		type qmail_smtpd_t;
-	')
-
-	domtrans_pattern(qmail_smtpd_t, $2, $1)
-')
diff --git a/policy/modules/services/qmail.te b/policy/modules/services/qmail.te
deleted file mode 100644
index 54329f9..0000000
--- a/policy/modules/services/qmail.te
+++ /dev/null
@@ -1,325 +0,0 @@
-policy_module(qmail, 1.5.0)
-
-########################################
-#
-# Declarations
-#
-
-attribute qmail_user_domains;
-
-type qmail_alias_home_t;
-files_type(qmail_alias_home_t)
-
-qmail_child_domain_template(qmail_clean, qmail_start_t)
-
-type qmail_etc_t;
-files_config_file(qmail_etc_t)
-
-type qmail_exec_t;
-files_type(qmail_exec_t)
-
-type qmail_inject_t, qmail_user_domains;
-type qmail_inject_exec_t;
-domain_type(qmail_inject_t)
-domain_entry_file(qmail_inject_t, qmail_inject_exec_t)
-mta_mailserver_user_agent(qmail_inject_t)
-role system_r types qmail_inject_t;
-
-qmail_child_domain_template(qmail_local, qmail_lspawn_t)
-mta_mailserver_delivery(qmail_local_t)
-
-qmail_child_domain_template(qmail_lspawn, qmail_start_t)
-mta_mailserver_delivery(qmail_lspawn_t)
-
-qmail_child_domain_template(qmail_queue, qmail_inject_t)
-typeattribute qmail_queue_t qmail_user_domains;
-mta_mailserver_user_agent(qmail_queue_t)
-
-qmail_child_domain_template(qmail_remote, qmail_rspawn_t)
-mta_mailserver_sender(qmail_remote_t)
-
-qmail_child_domain_template(qmail_rspawn, qmail_start_t)
-
-qmail_child_domain_template(qmail_send, qmail_start_t)
-
-qmail_child_domain_template(qmail_smtpd, qmail_tcp_env_t)
-
-qmail_child_domain_template(qmail_splogger, qmail_start_t)
-
-type qmail_spool_t;
-files_type(qmail_spool_t)
-
-type qmail_start_t;
-type qmail_start_exec_t;
-init_daemon_domain(qmail_start_t, qmail_start_exec_t)
-
-type qmail_tcp_env_t;
-type qmail_tcp_env_exec_t;
-application_domain(qmail_tcp_env_t, qmail_tcp_env_exec_t)
-
-########################################
-#
-# qmail-clean local policy
-#	this component cleans up the queue directory
-#
-
-read_files_pattern(qmail_clean_t, qmail_spool_t, qmail_spool_t)
-delete_files_pattern(qmail_clean_t, qmail_spool_t, qmail_spool_t)
-
-########################################
-#
-# qmail-inject local policy
-#	this component preprocesses mail from stdin and invokes qmail-queue
-#
-
-allow qmail_inject_t self:process signal_perms;
-allow qmail_inject_t self:fifo_file write_fifo_file_perms;
-
-allow qmail_inject_t qmail_queue_exec_t:file read_file_perms;
-
-corecmd_search_bin(qmail_inject_t)
-
-files_search_var(qmail_inject_t)
-
-miscfiles_read_localization(qmail_inject_t)
-
-qmail_read_config(qmail_inject_t)
-
-########################################
-#
-# qmail-local local policy
-#	this component delivers a mail message
-#
-
-allow qmail_local_t self:process signal_perms;
-allow qmail_local_t self:fifo_file write_file_perms;
-allow qmail_local_t self:unix_stream_socket create_stream_socket_perms;
-
-manage_dirs_pattern(qmail_local_t, qmail_alias_home_t, qmail_alias_home_t)
-manage_files_pattern(qmail_local_t, qmail_alias_home_t, qmail_alias_home_t)
-
-can_exec(qmail_local_t, qmail_local_exec_t)
-
-allow qmail_local_t qmail_queue_exec_t:file read_file_perms;
-
-allow qmail_local_t qmail_spool_t:file read_file_perms;
-
-kernel_read_system_state(qmail_local_t)
-
-corecmd_exec_bin(qmail_local_t)
-corecmd_exec_shell(qmail_local_t)
-
-files_read_etc_files(qmail_local_t)
-files_read_etc_runtime_files(qmail_local_t)
-
-auth_use_nsswitch(qmail_local_t)
-
-logging_send_syslog_msg(qmail_local_t)
-
-mta_append_spool(qmail_local_t)
-
-qmail_domtrans_queue(qmail_local_t)
-
-optional_policy(`
-	uucp_domtrans(qmail_local_t)
-')
-
-optional_policy(`
-	spamassassin_domtrans_client(qmail_local_t)
-')
-
-########################################
-#
-# qmail-lspawn local policy
-#	this component schedules local deliveries
-#
-
-allow qmail_lspawn_t self:capability { setuid setgid };
-allow qmail_lspawn_t self:process signal_perms;
-allow qmail_lspawn_t self:fifo_file rw_fifo_file_perms;
-allow qmail_lspawn_t self:unix_stream_socket create_socket_perms;
-
-can_exec(qmail_lspawn_t, qmail_exec_t)
-
-allow qmail_lspawn_t qmail_local_exec_t:file read_file_perms;
-
-read_files_pattern(qmail_lspawn_t, qmail_spool_t, qmail_spool_t)
-
-corecmd_search_bin(qmail_lspawn_t)
-
-files_read_etc_files(qmail_lspawn_t)
-files_search_pids(qmail_lspawn_t)
-files_search_tmp(qmail_lspawn_t)
-
-########################################
-#
-# qmail-queue local policy
-#	this component places a mail in a delivery queue, later to be processed by qmail-send
-#
-
-allow qmail_queue_t qmail_lspawn_t:fd use;
-allow qmail_queue_t qmail_lspawn_t:fifo_file write_fifo_file_perms;
-
-allow qmail_queue_t qmail_smtpd_t:process sigchld;
-allow qmail_queue_t qmail_smtpd_t:fd use;
-allow qmail_queue_t qmail_smtpd_t:fifo_file read_fifo_file_perms;
-
-manage_dirs_pattern(qmail_queue_t, qmail_spool_t, qmail_spool_t)
-manage_files_pattern(qmail_queue_t, qmail_spool_t, qmail_spool_t)
-rw_fifo_files_pattern(qmail_queue_t, qmail_spool_t, qmail_spool_t)
-
-corecmd_exec_bin(qmail_queue_t)
-
-logging_send_syslog_msg(qmail_queue_t)
-
-optional_policy(`
-	daemontools_ipc_domain(qmail_queue_t)
-')
-
-########################################
-#
-# qmail-remote local policy
-#	this component sends mail via SMTP
-#
-
-allow qmail_remote_t self:tcp_socket create_socket_perms;
-allow qmail_remote_t self:udp_socket create_socket_perms;
-
-rw_files_pattern(qmail_remote_t, qmail_spool_t, qmail_spool_t)
-
-corenet_all_recvfrom_unlabeled(qmail_remote_t)
-corenet_all_recvfrom_netlabel(qmail_remote_t)
-corenet_tcp_sendrecv_generic_if(qmail_remote_t)
-corenet_udp_sendrecv_generic_if(qmail_remote_t)
-corenet_tcp_sendrecv_generic_node(qmail_remote_t)
-corenet_udp_sendrecv_generic_node(qmail_remote_t)
-corenet_tcp_sendrecv_smtp_port(qmail_remote_t)
-corenet_udp_sendrecv_dns_port(qmail_remote_t)
-corenet_tcp_connect_smtp_port(qmail_remote_t)
-corenet_sendrecv_smtp_client_packets(qmail_remote_t)
-
-dev_read_rand(qmail_remote_t)
-dev_read_urand(qmail_remote_t)
-
-sysnet_read_config(qmail_remote_t)
-
-########################################
-#
-# qmail-rspawn local policy
-#	this component scedules remote deliveries
-#
-
-allow qmail_rspawn_t self:process signal_perms;
-allow qmail_rspawn_t self:fifo_file read_fifo_file_perms;
-
-allow qmail_rspawn_t qmail_remote_exec_t:file read_file_perms;
-
-rw_files_pattern(qmail_rspawn_t, qmail_spool_t, qmail_spool_t)
-
-corecmd_search_bin(qmail_rspawn_t)
-
-########################################
-#
-# qmail-send local policy
-#	this component delivers mail messages from the queue
-#
-
-allow qmail_send_t self:process signal_perms;
-allow qmail_send_t self:fifo_file write_fifo_file_perms;
-
-manage_dirs_pattern(qmail_send_t, qmail_spool_t, qmail_spool_t)
-manage_files_pattern(qmail_send_t, qmail_spool_t, qmail_spool_t)
-read_fifo_files_pattern(qmail_send_t, qmail_spool_t, qmail_spool_t)
-
-qmail_domtrans_queue(qmail_send_t)
-
-optional_policy(`
-	daemontools_ipc_domain(qmail_send_t)
-')
-
-########################################
-#
-# qmail-smtpd local policy
-#	this component receives mails via SMTP
-#
-
-allow qmail_smtpd_t self:process signal_perms;
-allow qmail_smtpd_t self:fifo_file write_fifo_file_perms;
-allow qmail_smtpd_t self:tcp_socket create_socket_perms;
-
-allow qmail_smtpd_t qmail_queue_exec_t:file read_file_perms;
-
-dev_read_rand(qmail_smtpd_t)
-dev_read_urand(qmail_smtpd_t)
-
-qmail_domtrans_queue(qmail_smtpd_t)
-
-optional_policy(`
-	daemontools_ipc_domain(qmail_smtpd_t)
-')
-
-optional_policy(`
-	kerberos_keytab_template(qmail, qmail_smtpd_t)
-')
-
-optional_policy(`
-	ucspitcp_service_domain(qmail_smtpd_t, qmail_smtpd_exec_t)
-')
-
-########################################
-#
-# splogger local policy
-#	this component creates entries in syslog
-#
-
-allow qmail_splogger_t self:unix_dgram_socket create_socket_perms;
-
-files_read_etc_files(qmail_splogger_t)
-
-init_dontaudit_use_script_fds(qmail_splogger_t)
-
-miscfiles_read_localization(qmail_splogger_t)
-
-########################################
-#
-# qmail-start local policy
-#	this component starts up the mail delivery component
-#
-
-allow qmail_start_t self:capability { setgid setuid };
-dontaudit qmail_start_t self:capability sys_tty_config;
-allow qmail_start_t self:process signal_perms;
-allow qmail_start_t self:fifo_file rw_fifo_file_perms;
-
-can_exec(qmail_start_t, qmail_start_exec_t)
-
-corecmd_search_bin(qmail_start_t)
-
-files_search_var(qmail_start_t)
-
-qmail_read_config(qmail_start_t)
-
-optional_policy(`
-	daemontools_service_domain(qmail_start_t, qmail_start_exec_t)
-	daemontools_ipc_domain(qmail_start_t)
-')
-
-########################################
-#
-# tcp-env local policy
-#	this component sets up TCP-related environment variables
-#
-
-allow qmail_tcp_env_t qmail_smtpd_exec_t:file read_file_perms;
-
-corecmd_search_bin(qmail_tcp_env_t)
-
-sysnet_read_config(qmail_tcp_env_t)
-
-optional_policy(`
-	inetd_tcp_service_domain(qmail_tcp_env_t, qmail_tcp_env_exec_t)
-')
-
-optional_policy(`
-	ucspitcp_service_domain(qmail_tcp_env_t, qmail_tcp_env_exec_t)
-')
diff --git a/policy/modules/services/qpidd.fc b/policy/modules/services/qpidd.fc
deleted file mode 100644
index f3b89e4..0000000
--- a/policy/modules/services/qpidd.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-
-/usr/sbin/qpidd	--	gen_context(system_u:object_r:qpidd_exec_t,s0)
-
-/etc/rc\.d/init\.d/qpidd	--	gen_context(system_u:object_r:qpidd_initrc_exec_t,s0)
-
-/var/lib/qpidd(/.*)?			gen_context(system_u:object_r:qpidd_var_lib_t,s0)
-
-/var/run/qpidd(/.*)?			gen_context(system_u:object_r:qpidd_var_run_t,s0)
-/var/run/qpidd\.pid			gen_context(system_u:object_r:qpidd_var_run_t,s0)
diff --git a/policy/modules/services/qpidd.if b/policy/modules/services/qpidd.if
deleted file mode 100644
index c403abc..0000000
--- a/policy/modules/services/qpidd.if
+++ /dev/null
@@ -1,228 +0,0 @@
-## <summary>policy for qpidd</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run qpidd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`qpidd_domtrans',`
-	gen_require(`
-		type qpidd_t, qpidd_exec_t;
-	')
-
-	domtrans_pattern($1, qpidd_exec_t, qpidd_t)
-')
-
-########################################
-## <summary>
-##	Execute qpidd server in the qpidd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`qpidd_initrc_domtrans',`
-	gen_require(`
-		type qpidd_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, qpidd_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Read qpidd PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`qpidd_read_pid_files',`
-	gen_require(`
-		type qpidd_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 qpidd_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Manage qpidd var_run files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`qpidd_manage_var_run',`
-	gen_require(`
-		type qpidd_var_run_t;
-	')
-
-	files_search_pids($1)
-	manage_dirs_pattern($1, qpidd_var_run_t, qpidd_var_run_t)
-	manage_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t)
-	manage_lnk_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t)
-')
-
-########################################
-## <summary>
-##	Search qpidd lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`qpidd_search_lib',`
-	gen_require(`
-		type qpidd_var_lib_t;
-	')
-
-	allow $1 qpidd_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Read qpidd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`qpidd_read_lib_files',`
-	gen_require(`
-		type qpidd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	qpidd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`qpidd_manage_lib_files',`
-	gen_require(`
-		type qpidd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Manage qpidd var_lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`qpidd_manage_var_lib',`
-	gen_require(`
-		type qpidd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_dirs_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
-	manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
-	manage_lnk_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an qpidd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`qpidd_admin',`
-	gen_require(`
-		type qpidd_t, qpidd_initrc_exec_t;
-	')
-
-	allow $1 qpidd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, qpidd_t)
-
-	# Allow qpidd_t to restart the apache service
-	qpidd_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 qpidd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	qpidd_manage_var_run($1)
-
-	qpidd_manage_var_lib($1)
-')
-
-#####################################
-## <summary>
-##	Allow read and write access to qpidd semaphores.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`qpidd_rw_semaphores',`
-	gen_require(`
-		type qpidd_t;
-	')
-
-	allow $1 qpidd_t:sem rw_sem_perms;
-')
-
-########################################
-## <summary>
-##	Read and write to qpidd shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`qpidd_rw_shm',`
-	gen_require(`
-		type qpidd_t;
-	')
-
-	allow $1 qpidd_t:shm rw_shm_perms;
-')
diff --git a/policy/modules/services/qpidd.te b/policy/modules/services/qpidd.te
deleted file mode 100644
index 43639a0..0000000
--- a/policy/modules/services/qpidd.te
+++ /dev/null
@@ -1,59 +0,0 @@
-policy_module(qpidd, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type qpidd_t;
-type qpidd_exec_t;
-init_daemon_domain(qpidd_t, qpidd_exec_t)
-
-type qpidd_initrc_exec_t;
-init_script_file(qpidd_initrc_exec_t)
-
-type qpidd_var_run_t;
-files_pid_file(qpidd_var_run_t)
-
-type qpidd_var_lib_t;
-files_type(qpidd_var_lib_t)
-
-########################################
-#
-# qpidd local policy
-#
-
-allow qpidd_t self:process { setsched signull };
-allow qpidd_t self:fifo_file rw_fifo_file_perms;
-allow qpidd_t self:sem create_sem_perms;
-allow qpidd_t self:shm create_shm_perms;
-allow qpidd_t self:tcp_socket create_stream_socket_perms;
-allow qpidd_t self:unix_stream_socket create_stream_socket_perms;
-
-manage_dirs_pattern(qpidd_t, qpidd_var_lib_t,  qpidd_var_lib_t)
-manage_files_pattern(qpidd_t, qpidd_var_lib_t,  qpidd_var_lib_t)
-files_var_lib_filetrans(qpidd_t, qpidd_var_lib_t, { file dir })
-
-manage_dirs_pattern(qpidd_t, qpidd_var_run_t,  qpidd_var_run_t)
-manage_files_pattern(qpidd_t, qpidd_var_run_t,  qpidd_var_run_t)
-files_pid_filetrans(qpidd_t, qpidd_var_run_t, { file dir })
-
-kernel_read_system_state(qpidd_t)
-
-corenet_all_recvfrom_unlabeled(qpidd_t)
-corenet_all_recvfrom_netlabel(qpidd_t)
-corenet_tcp_bind_generic_node(qpidd_t)
-corenet_tcp_sendrecv_generic_if(qpidd_t)
-corenet_tcp_sendrecv_generic_node(qpidd_t)
-corenet_tcp_sendrecv_all_ports(qpidd_t)
-corenet_tcp_bind_amqp_port(qpidd_t)
-
-dev_read_urand(qpidd_t)
-
-files_read_etc_files(qpidd_t)
-
-logging_send_syslog_msg(qpidd_t)
-
-miscfiles_read_localization(qpidd_t)
-
-sysnet_dns_name_resolve(qpidd_t)
diff --git a/policy/modules/services/radius.fc b/policy/modules/services/radius.fc
deleted file mode 100644
index 09f7b50..0000000
--- a/policy/modules/services/radius.fc
+++ /dev/null
@@ -1,23 +0,0 @@
-
-/etc/cron\.(daily|monthly)/radiusd -- gen_context(system_u:object_r:radiusd_exec_t,s0)
-/etc/cron\.(daily|weekly|monthly)/freeradius -- gen_context(system_u:object_r:radiusd_exec_t,s0)
-/etc/rc\.d/init\.d/radiusd --	gen_context(system_u:object_r:radiusd_initrc_exec_t,s0)
-
-/etc/raddb(/.*)?		gen_context(system_u:object_r:radiusd_etc_t,s0)
-/etc/raddb/db\.daily	--	gen_context(system_u:object_r:radiusd_etc_rw_t,s0)
-
-/usr/sbin/radiusd	--	gen_context(system_u:object_r:radiusd_exec_t,s0)
-/usr/sbin/freeradius	--	gen_context(system_u:object_r:radiusd_exec_t,s0)
-
-/var/lib/radiousd(/.*)?		gen_context(system_u:object_r:radiusd_var_lib_t,s0)
-
-/var/log/freeradius(/.*)?	gen_context(system_u:object_r:radiusd_log_t,s0)
-/var/log/radacct(/.*)?		gen_context(system_u:object_r:radiusd_log_t,s0)
-/var/log/radius(/.*)?		gen_context(system_u:object_r:radiusd_log_t,s0)
-/var/log/radius\.log.*	--	gen_context(system_u:object_r:radiusd_log_t,s0)
-/var/log/radiusd-freeradius(/.*)? gen_context(system_u:object_r:radiusd_log_t,s0)
-/var/log/radutmp	--	gen_context(system_u:object_r:radiusd_log_t,s0)
-/var/log/radwtmp.*	--	gen_context(system_u:object_r:radiusd_log_t,s0)
-
-/var/run/radiusd(/.*)?		gen_context(system_u:object_r:radiusd_var_run_t,s0)
-/var/run/radiusd\.pid	--	gen_context(system_u:object_r:radiusd_var_run_t,s0)
diff --git a/policy/modules/services/radius.if b/policy/modules/services/radius.if
deleted file mode 100644
index 8f132e7..0000000
--- a/policy/modules/services/radius.if
+++ /dev/null
@@ -1,62 +0,0 @@
-## <summary>RADIUS authentication and accounting server.</summary>
-
-########################################
-## <summary>
-##	Use radius over a UDP connection.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`radius_use',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an radius environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`radius_admin',`
-	gen_require(`
-		type radiusd_t, radiusd_etc_t, radiusd_log_t;
-		type radiusd_etc_rw_t, radiusd_var_lib_t, radiusd_var_run_t;
-		type radiusd_initrc_exec_t;
-	')
-
-	allow $1 radiusd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, radiusd_t)
-
-	init_labeled_script_domtrans($1, radiusd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 radiusd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, radiusd_etc_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, radiusd_log_t)
-
-	admin_pattern($1, radiusd_etc_rw_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, radiusd_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, radiusd_var_run_t)
-')
diff --git a/policy/modules/services/radius.te b/policy/modules/services/radius.te
deleted file mode 100644
index b3f1fd3..0000000
--- a/policy/modules/services/radius.te
+++ /dev/null
@@ -1,143 +0,0 @@
-policy_module(radius, 1.11.0)
-
-########################################
-#
-# Declarations
-#
-
-type radiusd_t;
-type radiusd_exec_t;
-init_daemon_domain(radiusd_t, radiusd_exec_t)
-
-type radiusd_etc_t;
-files_config_file(radiusd_etc_t)
-
-type radiusd_etc_rw_t;
-files_type(radiusd_etc_rw_t)
-
-type radiusd_initrc_exec_t;
-init_script_file(radiusd_initrc_exec_t)
-
-type radiusd_log_t;
-logging_log_file(radiusd_log_t)
-
-type radiusd_var_lib_t;
-files_type(radiusd_var_lib_t)
-
-type radiusd_var_run_t;
-files_pid_file(radiusd_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-# fsetid is for gzip which needs it when run from scripts
-# gzip also needs chown access to preserve GID for radwtmp files
-allow radiusd_t self:capability { chown dac_override fsetid kill setgid setuid sys_resource sys_tty_config };
-dontaudit radiusd_t self:capability sys_tty_config;
-allow radiusd_t self:process { getsched setrlimit setsched sigkill signal };
-allow radiusd_t self:fifo_file rw_fifo_file_perms;
-allow radiusd_t self:unix_stream_socket create_stream_socket_perms;
-allow radiusd_t self:tcp_socket create_stream_socket_perms;
-allow radiusd_t self:udp_socket create_socket_perms;
-
-allow radiusd_t radiusd_etc_t:dir list_dir_perms;
-read_files_pattern(radiusd_t, radiusd_etc_t, radiusd_etc_t)
-read_lnk_files_pattern(radiusd_t, radiusd_etc_t, radiusd_etc_t)
-files_search_etc(radiusd_t)
-
-manage_dirs_pattern(radiusd_t, radiusd_etc_rw_t, radiusd_etc_rw_t)
-manage_files_pattern(radiusd_t, radiusd_etc_rw_t, radiusd_etc_rw_t)
-manage_lnk_files_pattern(radiusd_t, radiusd_etc_rw_t, radiusd_etc_rw_t)
-filetrans_pattern(radiusd_t, radiusd_etc_t, radiusd_etc_rw_t, { dir file lnk_file })
-
-manage_dirs_pattern(radiusd_t, radiusd_log_t, radiusd_log_t)
-manage_files_pattern(radiusd_t, radiusd_log_t, radiusd_log_t)
-logging_log_filetrans(radiusd_t, radiusd_log_t,{ file dir })
-
-manage_files_pattern(radiusd_t, radiusd_var_lib_t, radiusd_var_lib_t)
-
-manage_sock_files_pattern(radiusd_t, radiusd_var_run_t, radiusd_var_run_t)
-manage_dirs_pattern(radiusd_t, radiusd_var_run_t, radiusd_var_run_t)
-manage_files_pattern(radiusd_t, radiusd_var_run_t, radiusd_var_run_t)
-files_pid_filetrans(radiusd_t, radiusd_var_run_t, { file sock_file dir })
-
-kernel_read_kernel_sysctls(radiusd_t)
-kernel_read_system_state(radiusd_t)
-
-corenet_all_recvfrom_unlabeled(radiusd_t)
-corenet_all_recvfrom_netlabel(radiusd_t)
-corenet_tcp_sendrecv_generic_if(radiusd_t)
-corenet_udp_sendrecv_generic_if(radiusd_t)
-corenet_tcp_sendrecv_generic_node(radiusd_t)
-corenet_udp_sendrecv_generic_node(radiusd_t)
-corenet_tcp_sendrecv_all_ports(radiusd_t)
-corenet_udp_sendrecv_all_ports(radiusd_t)
-corenet_udp_bind_generic_node(radiusd_t)
-corenet_udp_bind_radacct_port(radiusd_t)
-corenet_udp_bind_radius_port(radiusd_t)
-corenet_tcp_connect_mysqld_port(radiusd_t)
-corenet_tcp_connect_snmp_port(radiusd_t)
-corenet_sendrecv_radius_server_packets(radiusd_t)
-corenet_sendrecv_radacct_server_packets(radiusd_t)
-corenet_sendrecv_mysqld_client_packets(radiusd_t)
-corenet_sendrecv_snmp_client_packets(radiusd_t)
-# for RADIUS proxy port
-corenet_udp_bind_generic_port(radiusd_t)
-corenet_dontaudit_udp_bind_all_ports(radiusd_t)
-corenet_sendrecv_generic_server_packets(radiusd_t)
-
-dev_read_sysfs(radiusd_t)
-
-fs_getattr_all_fs(radiusd_t)
-fs_search_auto_mountpoints(radiusd_t)
-
-corecmd_exec_bin(radiusd_t)
-corecmd_exec_shell(radiusd_t)
-
-domain_use_interactive_fds(radiusd_t)
-
-files_read_usr_files(radiusd_t)
-files_read_etc_files(radiusd_t)
-files_read_etc_runtime_files(radiusd_t)
-
-auth_use_nsswitch(radiusd_t)
-auth_read_shadow(radiusd_t)
-auth_domtrans_chk_passwd(radiusd_t)
-
-libs_exec_lib_files(radiusd_t)
-
-logging_send_syslog_msg(radiusd_t)
-
-miscfiles_read_localization(radiusd_t)
-miscfiles_read_generic_certs(radiusd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(radiusd_t)
-userdom_dontaudit_search_user_home_dirs(radiusd_t)
-
-optional_policy(`
-	cron_system_entry(radiusd_t, radiusd_exec_t)
-')
-
-optional_policy(`
-	logrotate_exec(radiusd_t)
-')
-
-optional_policy(`
-	mysql_read_config(radiusd_t)
-	mysql_stream_connect(radiusd_t)
-')
-
-optional_policy(`
-	samba_domtrans_winbind_helper(radiusd_t)
-	samba_read_var_files(radiusd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(radiusd_t)
-')
-
-optional_policy(`
-	udev_read_db(radiusd_t)
-')
diff --git a/policy/modules/services/radvd.fc b/policy/modules/services/radvd.fc
deleted file mode 100644
index cc98d83..0000000
--- a/policy/modules/services/radvd.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-/etc/radvd\.conf	--	gen_context(system_u:object_r:radvd_etc_t,s0)
-/etc/rc\.d/init\.d/radvd --	gen_context(system_u:object_r:radvd_initrc_exec_t,s0)
-
-/usr/sbin/radvd		--	gen_context(system_u:object_r:radvd_exec_t,s0)
-
-/var/run/radvd\.pid	--	gen_context(system_u:object_r:radvd_var_run_t,s0)
-/var/run/radvd(/.*)?		gen_context(system_u:object_r:radvd_var_run_t,s0)
diff --git a/policy/modules/services/radvd.if b/policy/modules/services/radvd.if
deleted file mode 100644
index 2bd662a..0000000
--- a/policy/modules/services/radvd.if
+++ /dev/null
@@ -1,39 +0,0 @@
-## <summary>IPv6 router advertisement daemon</summary>
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an radvd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`radvd_admin',`
-	gen_require(`
-		type radvd_t, radvd_etc_t, radvd_initrc_exec_t;
-		type radvd_var_run_t;
-	')
-
-	allow $1 radvd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, radvd_t)
-
-	init_labeled_script_domtrans($1, radvd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 radvd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, radvd_etc_t)
-
-	files_list_pids($1)
-	admin_pattern($1, radvd_var_run_t)
-')
diff --git a/policy/modules/services/radvd.te b/policy/modules/services/radvd.te
deleted file mode 100644
index 54b3cd3..0000000
--- a/policy/modules/services/radvd.te
+++ /dev/null
@@ -1,82 +0,0 @@
-policy_module(radvd, 1.12.1)
-
-########################################
-#
-# Declarations
-#
-type radvd_t;
-type radvd_exec_t;
-init_daemon_domain(radvd_t, radvd_exec_t)
-
-type radvd_initrc_exec_t;
-init_script_file(radvd_initrc_exec_t)
-
-type radvd_var_run_t;
-files_pid_file(radvd_var_run_t)
-
-type radvd_etc_t;
-files_config_file(radvd_etc_t)
-
-########################################
-#
-# Local policy
-#
-allow radvd_t self:capability { kill setgid setuid net_raw net_admin };
-dontaudit radvd_t self:capability sys_tty_config;
-allow radvd_t self:process { fork signal_perms };
-allow radvd_t self:unix_dgram_socket create_socket_perms;
-allow radvd_t self:unix_stream_socket create_socket_perms;
-allow radvd_t self:rawip_socket create_socket_perms;
-allow radvd_t self:tcp_socket create_stream_socket_perms;
-allow radvd_t self:udp_socket create_socket_perms;
-allow radvd_t self:fifo_file rw_file_perms;
-
-allow radvd_t radvd_etc_t:file read_file_perms;
-
-manage_dirs_pattern(radvd_t, radvd_var_run_t, radvd_var_run_t)
-manage_files_pattern(radvd_t, radvd_var_run_t, radvd_var_run_t)
-files_pid_filetrans(radvd_t, radvd_var_run_t, { dir file })
-
-kernel_read_kernel_sysctls(radvd_t)
-kernel_rw_net_sysctls(radvd_t)
-kernel_read_network_state(radvd_t)
-kernel_read_system_state(radvd_t)
-kernel_request_load_module(radvd_t)
-
-corenet_all_recvfrom_unlabeled(radvd_t)
-corenet_all_recvfrom_netlabel(radvd_t)
-corenet_tcp_sendrecv_generic_if(radvd_t)
-corenet_udp_sendrecv_generic_if(radvd_t)
-corenet_raw_sendrecv_generic_if(radvd_t)
-corenet_tcp_sendrecv_generic_node(radvd_t)
-corenet_udp_sendrecv_generic_node(radvd_t)
-corenet_raw_sendrecv_generic_node(radvd_t)
-corenet_tcp_sendrecv_all_ports(radvd_t)
-corenet_udp_sendrecv_all_ports(radvd_t)
-
-dev_read_sysfs(radvd_t)
-
-fs_getattr_all_fs(radvd_t)
-fs_search_auto_mountpoints(radvd_t)
-
-domain_use_interactive_fds(radvd_t)
-
-files_read_etc_files(radvd_t)
-files_list_usr(radvd_t)
-
-auth_use_nsswitch(radvd_t)
-
-logging_send_syslog_msg(radvd_t)
-
-miscfiles_read_localization(radvd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(radvd_t)
-userdom_dontaudit_search_user_home_dirs(radvd_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(radvd_t)
-')
-
-optional_policy(`
-	udev_read_db(radvd_t)
-')
diff --git a/policy/modules/services/razor.fc b/policy/modules/services/razor.fc
deleted file mode 100644
index 71d657c..0000000
--- a/policy/modules/services/razor.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-/root/\.razor(/.*)?		gen_context(system_u:object_r:razor_home_t,s0)
-HOME_DIR/\.razor(/.*)?		gen_context(system_u:object_r:razor_home_t,s0)
-
-/etc/razor(/.*)?		gen_context(system_u:object_r:razor_etc_t,s0)
-
-/usr/bin/razor.*	--	gen_context(system_u:object_r:razor_exec_t,s0)
-
-/var/lib/razor(/.*)?		gen_context(system_u:object_r:razor_var_lib_t,s0)
-/var/log/razor-agent\.log --	gen_context(system_u:object_r:razor_log_t,s0)
diff --git a/policy/modules/services/razor.if b/policy/modules/services/razor.if
deleted file mode 100644
index 3203212..0000000
--- a/policy/modules/services/razor.if
+++ /dev/null
@@ -1,201 +0,0 @@
-## <summary>A distributed, collaborative, spam detection and filtering network.</summary>
-## <desc>
-##	<p>
-##	A distributed, collaborative, spam detection and filtering network.
-##	</p>
-##	<p>
-##	This policy will work with either the ATrpms provided config
-##	file in /etc/razor, or with the default of dumping everything into
-##	$HOME/.razor.
-##	</p>
-## </desc>
-
-#######################################
-## <summary>
-##	Template to create types and rules common to
-##	all razor domains.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	The prefix of the domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-#
-template(`razor_common_domain_template',`
-	gen_require(`
-		type razor_exec_t, razor_etc_t, razor_log_t, razor_var_lib_t;
-	')
-
-	type $1_t;
-	domain_type($1_t)
-	domain_entry_file($1_t, razor_exec_t)
-
-	allow $1_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-	allow $1_t self:fd use;
-	allow $1_t self:fifo_file rw_fifo_file_perms;
-	allow $1_t self:unix_dgram_socket create_socket_perms;
-	allow $1_t self:unix_stream_socket create_stream_socket_perms;
-	allow $1_t self:unix_dgram_socket sendto;
-	allow $1_t self:unix_stream_socket connectto;
-	allow $1_t self:shm create_shm_perms;
-	allow $1_t self:sem create_sem_perms;
-	allow $1_t self:msgq create_msgq_perms;
-	allow $1_t self:msg { send receive };
-	allow $1_t self:tcp_socket create_socket_perms;
-
-	# Read system config file
-	allow $1_t razor_etc_t:dir list_dir_perms;
-	allow $1_t razor_etc_t:file read_file_perms;
-	allow $1_t razor_etc_t:lnk_file read_lnk_file_perms;
-
-	manage_dirs_pattern($1_t, razor_log_t, razor_log_t)
-	manage_files_pattern($1_t, razor_log_t, razor_log_t)
-	manage_lnk_files_pattern($1_t, razor_log_t, razor_log_t)
-	logging_log_filetrans($1_t, razor_log_t, file)
-
-	manage_dirs_pattern($1_t, razor_var_lib_t, razor_var_lib_t)
-	manage_files_pattern($1_t, razor_var_lib_t, razor_var_lib_t)
-	manage_lnk_files_pattern($1_t, razor_var_lib_t, razor_var_lib_t)
-	files_search_var_lib($1_t)
-
-	# Razor is one executable and several symlinks
-	allow $1_t razor_exec_t:file read_file_perms;
-	allow $1_t razor_exec_t:lnk_file read_lnk_file_perms;
-
-	kernel_read_system_state($1_t)
-	kernel_read_network_state($1_t)
-	kernel_read_software_raid_state($1_t)
-	kernel_getattr_core_if($1_t)
-	kernel_getattr_message_if($1_t)
-	kernel_read_kernel_sysctls($1_t)
-
-	corecmd_exec_bin($1_t)
-
-	corenet_all_recvfrom_unlabeled($1_t)
-	corenet_all_recvfrom_netlabel($1_t)
-	corenet_tcp_sendrecv_generic_if($1_t)
-	corenet_raw_sendrecv_generic_if($1_t)
-	corenet_tcp_sendrecv_generic_node($1_t)
-	corenet_raw_sendrecv_generic_node($1_t)
-	corenet_tcp_sendrecv_razor_port($1_t)
-
-	# mktemp and other randoms
-	dev_read_rand($1_t)
-	dev_read_urand($1_t)
-
-	files_search_pids($1_t)
-	# Allow access to various files in the /etc/directory including mtab
-	# and nsswitch
-	files_read_etc_files($1_t)
-	files_read_etc_runtime_files($1_t)
-
-	fs_search_auto_mountpoints($1_t)
-
-	libs_read_lib_files($1_t)
-
-	miscfiles_read_localization($1_t)
-
-	sysnet_read_config($1_t)
-	sysnet_dns_name_resolve($1_t)
-
-	optional_policy(`
-		nis_use_ypbind($1_t)
-	')
-')
-
-########################################
-## <summary>
-##	Role access for razor
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`razor_role',`
-	gen_require(`
-		type razor_t, razor_exec_t, razor_home_t;
-	')
-
-	role $1 types razor_t;
-
-	# Transition from the user domain to the derived domain.
-	domtrans_pattern($2, razor_exec_t, razor_t)
-
-	# allow ps to show razor and allow the user to kill it 
-	ps_process_pattern($2, razor_t)
-	allow $2 razor_t:process { ptrace signal_perms };
-
-	manage_dirs_pattern($2, razor_home_t, razor_home_t)
-	manage_files_pattern($2, razor_home_t, razor_home_t)
-	manage_lnk_files_pattern($2, razor_home_t, razor_home_t)
-	relabel_dirs_pattern($2, razor_home_t, razor_home_t)
-	relabel_files_pattern($2, razor_home_t, razor_home_t)
-	relabel_lnk_files_pattern($2, razor_home_t, razor_home_t)
-')
-
-########################################
-## <summary>
-##	Execute razor in the system razor domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`razor_domtrans',`
-	gen_require(`
-		type razor_t, razor_exec_t;
-	')
-
-	domtrans_pattern($1, razor_exec_t, razor_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete razor files
-##	in a user home subdirectory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`razor_manage_user_home_files',`
-	gen_require(`
-		type razor_home_t;
-	')
-
-	userdom_search_user_home_dirs($1)
-	manage_files_pattern($1, razor_home_t, razor_home_t)
-	read_lnk_files_pattern($1, razor_home_t, razor_home_t)
-')
-
-########################################
-## <summary>
-##	read razor lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`razor_read_lib_files',`
-	gen_require(`
-		type razor_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, razor_var_lib_t, razor_var_lib_t)
-')
diff --git a/policy/modules/services/razor.te b/policy/modules/services/razor.te
deleted file mode 100644
index f24c52e..0000000
--- a/policy/modules/services/razor.te
+++ /dev/null
@@ -1,143 +0,0 @@
-policy_module(razor, 2.1.1)
-
-########################################
-#
-# Declarations
-#
-
-ifdef(`distro_redhat',`
-	gen_require(`
-		type spamc_t, spamc_exec_t, spamd_log_t;
-		type spamd_spool_t, spamd_var_lib_t, spamd_etc_t;
-		type spamc_home_t, spamc_tmp_t;
-	')
-
-	typealias spamc_t alias razor_t;
-	typealias spamc_exec_t alias razor_exec_t;
-	typealias spamd_log_t alias razor_log_t;
-	typealias spamd_var_lib_t alias razor_var_lib_t;
-	typealias spamd_etc_t alias razor_etc_t;
-	typealias spamc_home_t alias razor_home_t;
-	typealias spamc_home_t alias { user_razor_home_t staff_razor_home_t sysadm_razor_home_t };
-	typealias spamc_home_t alias { auditadm_razor_home_t secadm_razor_home_t };
-	typealias spamc_tmp_t alias { user_razor_tmp_t staff_razor_tmp_t sysadm_razor_tmp_t };
-	typealias spamc_tmp_t alias { auditadm_razor_tmp_t secadm_razor_tmp_t };
-',`
-	type razor_exec_t;
-	corecmd_executable_file(razor_exec_t)
-
-	type razor_etc_t;
-	files_config_file(razor_etc_t)
-
-	type razor_home_t;
-	typealias razor_home_t alias { user_razor_home_t staff_razor_home_t sysadm_razor_home_t };
-	typealias razor_home_t alias { auditadm_razor_home_t secadm_razor_home_t };
-	userdom_user_home_content(razor_home_t)
-
-	type razor_log_t;
-	logging_log_file(razor_log_t)
-
-	type razor_tmp_t;
-	typealias razor_tmp_t alias { user_razor_tmp_t staff_razor_tmp_t sysadm_razor_tmp_t };
-	typealias razor_tmp_t alias { auditadm_razor_tmp_t secadm_razor_tmp_t };
-	files_tmp_file(razor_tmp_t)
-	ubac_constrained(razor_tmp_t)
-
-	type razor_var_lib_t;
-	files_type(razor_var_lib_t)
-
-	# these are here due to ordering issues:
-	razor_common_domain_template(razor)
-	typealias razor_t alias { user_razor_t staff_razor_t sysadm_razor_t };
-	typealias razor_t alias { auditadm_razor_t secadm_razor_t };
-	ubac_constrained(razor_t)
-
-	razor_common_domain_template(system_razor)
-	role system_r types system_razor_t;
-
-	########################################
-	#
-	# System razor local policy
-	#
-
-	# this version of razor is invoked typically
-	# via the system spam filter
-
-	allow system_razor_t self:tcp_socket create_socket_perms;
-
-	manage_dirs_pattern(system_razor_t, razor_etc_t, razor_etc_t)
-	manage_files_pattern(system_razor_t, razor_etc_t, razor_etc_t)
-	manage_lnk_files_pattern(system_razor_t, razor_etc_t, razor_etc_t)
-	files_search_etc(system_razor_t)
-
-	allow system_razor_t razor_log_t:file manage_file_perms;
-	logging_log_filetrans(system_razor_t, razor_log_t, file)
-
-	manage_files_pattern(system_razor_t, razor_var_lib_t, razor_var_lib_t)
-	files_var_lib_filetrans(system_razor_t, razor_var_lib_t, file)
-
-	corenet_all_recvfrom_unlabeled(system_razor_t)
-	corenet_all_recvfrom_netlabel(system_razor_t)
-	corenet_tcp_sendrecv_generic_if(system_razor_t)
-	corenet_raw_sendrecv_generic_if(system_razor_t)
-	corenet_tcp_sendrecv_generic_node(system_razor_t)
-	corenet_raw_sendrecv_generic_node(system_razor_t)
-	corenet_tcp_sendrecv_razor_port(system_razor_t)
-	corenet_tcp_connect_razor_port(system_razor_t)
-	corenet_sendrecv_razor_client_packets(system_razor_t)
-
-	sysnet_read_config(system_razor_t)
-
-	# cjp: this shouldn't be needed
-	userdom_use_unpriv_users_fds(system_razor_t)
-
-	optional_policy(`
-		logging_send_syslog_msg(system_razor_t)
-	')
-
-	optional_policy(`
-		nscd_socket_use(system_razor_t)
-	')
-
-	########################################
-	#
-	# User razor local policy
-	#
-
-	# Allow razor to be run by hand.  Needed by any action other than
-	# invocation from a spam filter.
-
-	allow razor_t self:unix_stream_socket create_stream_socket_perms;
-
-	manage_dirs_pattern(razor_t, razor_home_t, razor_home_t)
-	manage_files_pattern(razor_t, razor_home_t, razor_home_t)
-	manage_lnk_files_pattern(razor_t, razor_home_t, razor_home_t)
-	userdom_user_home_dir_filetrans(razor_t, razor_home_t, dir)
-
-	manage_dirs_pattern(razor_t, razor_tmp_t, razor_tmp_t)
-	manage_files_pattern(razor_t, razor_tmp_t, razor_tmp_t)
-	files_tmp_filetrans(razor_t, razor_tmp_t, { file dir })
-
-	auth_use_nsswitch(razor_t)
-
-	logging_send_syslog_msg(razor_t)
-
-	userdom_search_user_home_dirs(razor_t)
-	userdom_use_user_terminals(razor_t)
-
-	tunable_policy(`use_nfs_home_dirs',`
-		fs_manage_nfs_dirs(razor_t)
-		fs_manage_nfs_files(razor_t)
-		fs_manage_nfs_symlinks(razor_t)
-	')
-
-	tunable_policy(`use_samba_home_dirs',`
-		fs_manage_cifs_dirs(razor_t)
-		fs_manage_cifs_files(razor_t)
-		fs_manage_cifs_symlinks(razor_t)
-	')
-
-	optional_policy(`
-		milter_manage_spamass_state(razor_t)
-	')
-')
diff --git a/policy/modules/services/rdisc.fc b/policy/modules/services/rdisc.fc
deleted file mode 100644
index dee4adc..0000000
--- a/policy/modules/services/rdisc.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-
-/sbin/rdisc	--	gen_context(system_u:object_r:rdisc_exec_t,s0)
diff --git a/policy/modules/services/rdisc.if b/policy/modules/services/rdisc.if
deleted file mode 100644
index fe24d25..0000000
--- a/policy/modules/services/rdisc.if
+++ /dev/null
@@ -1,20 +0,0 @@
-## <summary>Network router discovery daemon</summary>
-
-######################################
-## <summary>
-##	Execute rdisc in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rdisc_exec',`
-	gen_require(`
-		type rdisc_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, rdisc_exec_t)
-')
diff --git a/policy/modules/services/rdisc.te b/policy/modules/services/rdisc.te
deleted file mode 100644
index 0f07685..0000000
--- a/policy/modules/services/rdisc.te
+++ /dev/null
@@ -1,58 +0,0 @@
-policy_module(rdisc, 1.8.0)
-
-########################################
-#
-# Declarations
-#
-
-type rdisc_t;
-type rdisc_exec_t;
-init_daemon_domain(rdisc_t, rdisc_exec_t)
-
-########################################
-#
-# Local policy
-#
-
-allow rdisc_t self:capability net_raw;
-dontaudit rdisc_t self:capability sys_tty_config;
-allow rdisc_t self:process signal_perms;
-allow rdisc_t self:unix_stream_socket create_stream_socket_perms;
-allow rdisc_t self:udp_socket create_socket_perms;
-allow rdisc_t self:rawip_socket create_socket_perms;
-
-kernel_list_proc(rdisc_t)
-kernel_read_proc_symlinks(rdisc_t)
-kernel_read_kernel_sysctls(rdisc_t)
-
-corenet_all_recvfrom_unlabeled(rdisc_t)
-corenet_all_recvfrom_netlabel(rdisc_t)
-corenet_udp_sendrecv_generic_if(rdisc_t)
-corenet_raw_sendrecv_generic_if(rdisc_t)
-corenet_udp_sendrecv_generic_node(rdisc_t)
-corenet_raw_sendrecv_generic_node(rdisc_t)
-corenet_udp_sendrecv_all_ports(rdisc_t)
-
-dev_read_sysfs(rdisc_t)
-
-fs_search_auto_mountpoints(rdisc_t)
-
-domain_use_interactive_fds(rdisc_t)
-
-files_read_etc_files(rdisc_t)
-
-logging_send_syslog_msg(rdisc_t)
-
-miscfiles_read_localization(rdisc_t)
-
-sysnet_read_config(rdisc_t)
-
-userdom_dontaudit_use_unpriv_user_fds(rdisc_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(rdisc_t)
-')
-
-optional_policy(`
-	udev_read_db(rdisc_t)
-')
diff --git a/policy/modules/services/remotelogin.fc b/policy/modules/services/remotelogin.fc
deleted file mode 100644
index d8691bd..0000000
--- a/policy/modules/services/remotelogin.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-
-# Remote login currently has no file contexts.
diff --git a/policy/modules/services/remotelogin.if b/policy/modules/services/remotelogin.if
deleted file mode 100644
index 31be971..0000000
--- a/policy/modules/services/remotelogin.if
+++ /dev/null
@@ -1,37 +0,0 @@
-## <summary>Policy for rshd, rlogind, and telnetd.</summary>
-
-########################################
-## <summary>
-##	Domain transition to the remote login domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`remotelogin_domtrans',`
-	gen_require(`
-		type remote_login_t;
-	')
-
-	auth_domtrans_login_program($1, remote_login_t)
-')
-
-########################################
-## <summary>
-##	allow Domain to signal remote login domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`remotelogin_signal',`
-	gen_require(`
-		type remote_login_t;
-	')
-
-	allow $1 remote_login_t:process signal;
-')
diff --git a/policy/modules/services/remotelogin.te b/policy/modules/services/remotelogin.te
deleted file mode 100644
index cdd0542..0000000
--- a/policy/modules/services/remotelogin.te
+++ /dev/null
@@ -1,122 +0,0 @@
-policy_module(remotelogin, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type remote_login_t;
-domain_interactive_fd(remote_login_t)
-auth_login_pgm_domain(remote_login_t)
-auth_login_entry_type(remote_login_t)
-
-type remote_login_tmp_t;
-files_tmp_file(remote_login_tmp_t)
-
-########################################
-#
-# Remote login remote policy
-#
-
-allow remote_login_t self:capability { dac_override chown fowner fsetid kill setgid setuid net_bind_service sys_nice sys_resource sys_tty_config };
-allow remote_login_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow remote_login_t self:process { setrlimit setexec };
-allow remote_login_t self:fd use;
-allow remote_login_t self:fifo_file rw_fifo_file_perms;
-allow remote_login_t self:sock_file read_sock_file_perms;
-allow remote_login_t self:unix_dgram_socket create_socket_perms;
-allow remote_login_t self:unix_stream_socket create_stream_socket_perms;
-allow remote_login_t self:unix_dgram_socket sendto;
-allow remote_login_t self:unix_stream_socket connectto;
-allow remote_login_t self:shm create_shm_perms;
-allow remote_login_t self:sem create_sem_perms;
-allow remote_login_t self:msgq create_msgq_perms;
-allow remote_login_t self:msg { send receive };
-allow remote_login_t self:key write;
-
-manage_dirs_pattern(remote_login_t, remote_login_tmp_t, remote_login_tmp_t)
-manage_files_pattern(remote_login_t, remote_login_tmp_t, remote_login_tmp_t)
-files_tmp_filetrans(remote_login_t, remote_login_tmp_t, { file dir })
-
-kernel_read_system_state(remote_login_t)
-kernel_read_kernel_sysctls(remote_login_t)
-
-dev_getattr_mouse_dev(remote_login_t)
-dev_setattr_mouse_dev(remote_login_t)
-dev_dontaudit_search_sysfs(remote_login_t)
-
-fs_getattr_xattr_fs(remote_login_t)
-fs_search_auto_mountpoints(remote_login_t)
-
-term_relabel_all_ptys(remote_login_t)
-
-auth_rw_login_records(remote_login_t)
-auth_rw_faillog(remote_login_t)
-auth_manage_pam_console_data(remote_login_t)
-auth_domtrans_pam_console(remote_login_t)
-
-corecmd_list_bin(remote_login_t)
-corecmd_read_bin_symlinks(remote_login_t)
-# cjp: these are probably not needed:
-corecmd_read_bin_files(remote_login_t)
-corecmd_read_bin_pipes(remote_login_t)
-corecmd_read_bin_sockets(remote_login_t)
-
-domain_read_all_entry_files(remote_login_t)
-
-files_read_etc_files(remote_login_t)
-files_read_etc_runtime_files(remote_login_t)
-files_list_home(remote_login_t)
-files_read_usr_files(remote_login_t)
-files_list_world_readable(remote_login_t)
-files_read_world_readable_files(remote_login_t)
-files_read_world_readable_symlinks(remote_login_t)
-files_read_world_readable_pipes(remote_login_t)
-files_read_world_readable_sockets(remote_login_t)
-files_list_mnt(remote_login_t)
-# for when /var/mail is a sym-link
-files_read_var_symlinks(remote_login_t)
-
-sysnet_dns_name_resolve(remote_login_t)
-
-miscfiles_read_localization(remote_login_t)
-
-userdom_use_unpriv_users_fds(remote_login_t)
-userdom_search_user_home_content(remote_login_t)
-# Only permit unprivileged user domains to be entered via rlogin,
-# since very weak authentication is used.
-userdom_signal_unpriv_users(remote_login_t)
-userdom_spec_domtrans_unpriv_users(remote_login_t)
-
-# Search for mail spool file.
-mta_getattr_spool(remote_login_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_read_nfs_files(remote_login_t)
-	fs_read_nfs_symlinks(remote_login_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_read_cifs_files(remote_login_t)
-	fs_read_cifs_symlinks(remote_login_t)
-')
-
-optional_policy(`
-	alsa_domtrans(remote_login_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(remote_login_t)
-')
-
-optional_policy(`
-	nscd_socket_use(remote_login_t)
-')
-
-optional_policy(`
-	unconfined_shell_domtrans(remote_login_t)
-')
-
-optional_policy(`
-	usermanage_read_crack_db(remote_login_t)
-')
diff --git a/policy/modules/services/resmgr.fc b/policy/modules/services/resmgr.fc
deleted file mode 100644
index af810b9..0000000
--- a/policy/modules/services/resmgr.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-
-/etc/resmgr\.conf	--	gen_context(system_u:object_r:resmgrd_etc_t,s0)
-
-/sbin/resmgrd		--	gen_context(system_u:object_r:resmgrd_exec_t,s0)
-
-/var/run/\.resmgr_socket -s	gen_context(system_u:object_r:resmgrd_var_run_t,s0)
-/var/run/resmgr\.pid	--	gen_context(system_u:object_r:resmgrd_var_run_t,s0)
diff --git a/policy/modules/services/resmgr.if b/policy/modules/services/resmgr.if
deleted file mode 100644
index eabdd78..0000000
--- a/policy/modules/services/resmgr.if
+++ /dev/null
@@ -1,21 +0,0 @@
-## <summary>Resource management daemon</summary>
-
-########################################
-## <summary>
-##	Connect to resmgrd over a unix domain
-##	stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`resmgr_stream_connect',`
-	gen_require(`
-		type resmgrd_var_run_t, resmgrd_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, resmgrd_var_run_t, resmgrd_var_run_t, resmgrd_t)
-')
diff --git a/policy/modules/services/resmgr.te b/policy/modules/services/resmgr.te
deleted file mode 100644
index bf5efbf..0000000
--- a/policy/modules/services/resmgr.te
+++ /dev/null
@@ -1,66 +0,0 @@
-policy_module(resmgr, 1.2.0)
-
-########################################
-#
-# Declarations
-#
-
-type resmgrd_t;
-type resmgrd_exec_t;
-init_daemon_domain(resmgrd_t, resmgrd_exec_t)
-
-type resmgrd_etc_t;
-files_config_file(resmgrd_etc_t)
-
-type resmgrd_var_run_t;
-files_pid_file(resmgrd_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow resmgrd_t self:capability { dac_override sys_admin sys_rawio };
-dontaudit resmgrd_t self:capability sys_tty_config;
-allow resmgrd_t self:process signal_perms;
-
-allow resmgrd_t resmgrd_etc_t:file read_file_perms;
-files_search_etc(resmgrd_t)
-
-allow resmgrd_t resmgrd_var_run_t:file manage_file_perms;
-allow resmgrd_t resmgrd_var_run_t:sock_file manage_sock_file_perms;
-files_pid_filetrans(resmgrd_t, resmgrd_var_run_t, { file sock_file })
-
-kernel_list_proc(resmgrd_t)
-kernel_read_proc_symlinks(resmgrd_t)
-kernel_read_kernel_sysctls(resmgrd_t)
-
-dev_read_sysfs(resmgrd_t)
-dev_getattr_scanner_dev(resmgrd_t)
-
-domain_use_interactive_fds(resmgrd_t)
-
-files_read_etc_files(resmgrd_t)
-
-fs_search_auto_mountpoints(resmgrd_t)
-
-storage_dontaudit_read_fixed_disk(resmgrd_t)
-storage_read_scsi_generic(resmgrd_t)
-storage_raw_read_removable_device(resmgrd_t)
-# not sure if it needs write access, needs to be investigated further...
-storage_write_scsi_generic(resmgrd_t)
-storage_raw_write_removable_device(resmgrd_t)
-
-logging_send_syslog_msg(resmgrd_t)
-
-miscfiles_read_localization(resmgrd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(resmgrd_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(resmgrd_t)
-')
-
-optional_policy(`
-	udev_read_db(resmgrd_t)
-')
diff --git a/policy/modules/services/rgmanager.fc b/policy/modules/services/rgmanager.fc
deleted file mode 100644
index c025d59..0000000
--- a/policy/modules/services/rgmanager.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-/etc/rc\.d/init\.d/rgmanager          --  gen_context(system_u:object_r:rgmanager_initrc_exec_t,s0)
-
-/usr/sbin/rgmanager			--	gen_context(system_u:object_r:rgmanager_exec_t,s0)
-
-/var/log/cluster/rgmanager\.log		--	gen_context(system_u:object_r:rgmanager_var_log_t,s0)
-
-/var/run/cluster/rgmanager\.sk		-s	gen_context(system_u:object_r:rgmanager_var_run_t,s0)
-
-/var/run/rgmanager\.pid			--	gen_context(system_u:object_r:rgmanager_var_run_t,s0)
diff --git a/policy/modules/services/rgmanager.if b/policy/modules/services/rgmanager.if
deleted file mode 100644
index 9c2c963..0000000
--- a/policy/modules/services/rgmanager.if
+++ /dev/null
@@ -1,138 +0,0 @@
-## <summary>rgmanager - Resource Group Manager</summary>
-
-#######################################
-## <summary>
-##	Execute a domain transition to run rgmanager.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`rgmanager_domtrans',`
-	gen_require(`
-		type rgmanager_t, rgmanager_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, rgmanager_exec_t, rgmanager_t)
-')
-
-########################################
-## <summary>
-##	Connect to rgmanager over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rgmanager_stream_connect',`
-	gen_require(`
-		type rgmanager_t, rgmanager_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, rgmanager_var_run_t, rgmanager_var_run_t, rgmanager_t)
-')
-
-######################################
-## <summary>
-##	Allow manage rgmanager tmp files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rgmanager_manage_tmp_files',`
-	gen_require(`
-		type rgmanager_tmp_t;
-	')
-
-	files_search_tmp($1)
-	manage_files_pattern($1, rgmanager_tmp_t, rgmanager_tmp_t)
-')
-
-######################################
-## <summary>
-##	Allow manage rgmanager tmpfs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rgmanager_manage_tmpfs_files',`
-	gen_require(`
-		type rgmanager_tmpfs_t;
-	')
-
-	fs_search_tmpfs($1)
-	manage_files_pattern($1, rgmanager_tmpfs_t, rgmanager_tmpfs_t)
-')
-
-#######################################
-## <summary>
-##	Allow read and write access to rgmanager semaphores.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rgmanager_rw_semaphores',`
-	gen_require(`
-		type rgmanager_t;
-	')
-
-	allow $1 rgmanager_t:sem rw_sem_perms;
-')
-
-######################################
-## <summary>
-##	All of the rules required to administrate
-##	an rgmanager environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the rgmanager domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`rgmanager_admin',`
-	gen_require(`
-		type rgmanager_t, rgmanager_initrc_exec_t, rgmanager_tmp_t; 
-		type rgmanager_tmpfs_t, rgmanager_var_log_t, rgmanager_var_run_t;
-	')
-
-	allow $1 rgmanager_t:process { ptrace signal_perms };
-	ps_process_pattern($1, rgmanager_t)
-
-	init_labeled_script_domtrans($1, rgmanager_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 rgmanager_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, rgmanager_tmp_t)
-
-	admin_pattern($1, rgmanager_tmpfs_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, rgmanager_var_log_t)
-
-	files_list_pids($1)
-	admin_pattern($1, rgmanager_var_run_t)
-')
diff --git a/policy/modules/services/rgmanager.te b/policy/modules/services/rgmanager.te
deleted file mode 100644
index 612e4e4..0000000
--- a/policy/modules/services/rgmanager.te
+++ /dev/null
@@ -1,217 +0,0 @@
-policy_module(rgmanager, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow rgmanager domain to connect to the network using TCP.
-##	</p>
-## </desc>
-gen_tunable(rgmanager_can_network_connect, false)
-
-type rgmanager_t;
-type rgmanager_exec_t;
-init_daemon_domain(rgmanager_t, rgmanager_exec_t)
-
-type rgmanager_initrc_exec_t;
-init_script_file(rgmanager_initrc_exec_t)
-
-type rgmanager_tmp_t;
-files_tmp_file(rgmanager_tmp_t)
-
-type rgmanager_tmpfs_t;
-files_tmpfs_file(rgmanager_tmpfs_t)
-
-type rgmanager_var_log_t;
-logging_log_file(rgmanager_var_log_t)
-
-type rgmanager_var_run_t;
-files_pid_file(rgmanager_var_run_t)
-
-########################################
-#
-# rgmanager local policy
-#
-
-allow rgmanager_t self:capability { dac_override net_raw sys_resource sys_admin sys_nice ipc_lock };
-dontaudit rgmanager_t self:capability { sys_ptrace };
-allow rgmanager_t self:process { setsched signal };
-dontaudit rgmanager_t self:process ptrace;
-
-allow rgmanager_t self:fifo_file rw_fifo_file_perms;
-allow rgmanager_t self:unix_stream_socket { create_stream_socket_perms };
-allow rgmanager_t self:unix_dgram_socket create_socket_perms;
-allow rgmanager_t self:tcp_socket create_stream_socket_perms;
-
-manage_dirs_pattern(rgmanager_t, rgmanager_tmp_t, rgmanager_tmp_t)
-manage_files_pattern(rgmanager_t, rgmanager_tmp_t, rgmanager_tmp_t)
-files_tmp_filetrans(rgmanager_t, rgmanager_tmp_t, { file dir })
-
-manage_dirs_pattern(rgmanager_t, rgmanager_tmpfs_t, rgmanager_tmpfs_t)
-manage_files_pattern(rgmanager_t, rgmanager_tmpfs_t, rgmanager_tmpfs_t)
-fs_tmpfs_filetrans(rgmanager_t, rgmanager_tmpfs_t, { dir file })
-
-manage_files_pattern(rgmanager_t, rgmanager_var_log_t, rgmanager_var_log_t)
-logging_log_filetrans(rgmanager_t, rgmanager_var_log_t, { file })
-
-manage_dirs_pattern(rgmanager_t, rgmanager_var_run_t, rgmanager_var_run_t)
-manage_files_pattern(rgmanager_t, rgmanager_var_run_t, rgmanager_var_run_t)
-manage_sock_files_pattern(rgmanager_t, rgmanager_var_run_t, rgmanager_var_run_t)
-files_pid_filetrans(rgmanager_t, rgmanager_var_run_t, { file sock_file dir })
-
-kernel_kill(rgmanager_t)
-kernel_read_kernel_sysctls(rgmanager_t)
-kernel_read_rpc_sysctls(rgmanager_t)
-kernel_read_system_state(rgmanager_t)
-kernel_rw_rpc_sysctls(rgmanager_t)
-kernel_search_debugfs(rgmanager_t)
-kernel_search_network_state(rgmanager_t)
-
-corecmd_exec_bin(rgmanager_t)
-corecmd_exec_shell(rgmanager_t)
-consoletype_exec(rgmanager_t)
-
-# need to write to /dev/misc/dlm-control
-dev_rw_dlm_control(rgmanager_t)
-dev_setattr_dlm_control(rgmanager_t)
-dev_search_sysfs(rgmanager_t)
-
-domain_read_all_domains_state(rgmanager_t)
-domain_getattr_all_domains(rgmanager_t)
-domain_dontaudit_ptrace_all_domains(rgmanager_t)
-
-files_create_var_run_dirs(rgmanager_t)
-files_getattr_all_symlinks(rgmanager_t)
-files_list_all(rgmanager_t)
-files_manage_mnt_dirs(rgmanager_t)
-files_manage_mnt_files(rgmanager_t)
-files_manage_mnt_symlinks(rgmanager_t)
-files_manage_isid_type_files(rgmanager_t)
-files_manage_isid_type_dirs(rgmanager_t)
-
-fs_getattr_xattr_fs(rgmanager_t)
-fs_getattr_all_fs(rgmanager_t)
-
-storage_raw_read_fixed_disk(rgmanager_t)
-storage_getattr_fixed_disk_dev(rgmanager_t)
-
-term_getattr_pty_fs(rgmanager_t)
-#term_use_ptmx(rgmanager_t)
-
-# needed by resources scripts
-auth_read_all_files_except_shadow(rgmanager_t)
-auth_dontaudit_getattr_shadow(rgmanager_t)
-auth_use_nsswitch(rgmanager_t)
-
-logging_send_syslog_msg(rgmanager_t)
-
-miscfiles_read_localization(rgmanager_t)
-
-mount_domtrans(rgmanager_t)
-
-tunable_policy(`rgmanager_can_network_connect',`
-	corenet_tcp_connect_all_ports(rgmanager_t)
-')
-
-# rgmanager can run resource scripts
-optional_policy(`
-	aisexec_stream_connect(rgmanager_t)
-	corosync_stream_connect(rgmanager_t)
-')
-
-optional_policy(`
-	apache_domtrans(rgmanager_t)
-	apache_signal(rgmanager_t)
-')
-
-optional_policy(`
-	fstools_domtrans(rgmanager_t)
-')
-
-optional_policy(`
-	rhcs_stream_connect_groupd(rgmanager_t)
-')
-
-optional_policy(`
-	hostname_exec(rgmanager_t)
-')
-
-optional_policy(`
-	ccs_manage_config(rgmanager_t)
-	ccs_stream_connect(rgmanager_t)
-	rhcs_stream_connect_gfs_controld(rgmanager_t)
-')
-
-optional_policy(`
-	lvm_domtrans(rgmanager_t)
-')
-
-optional_policy(`
-	ldap_initrc_domtrans(rgmanager_t)
-	ldap_domtrans(rgmanager_t)
-')
-
-optional_policy(`
-	mysql_domtrans_mysql_safe(rgmanager_t)
-	mysql_stream_connect(rgmanager_t)
-')
-
-optional_policy(`
-	netutils_domtrans(rgmanager_t)
-	netutils_domtrans_ping(rgmanager_t)
-')
-
-optional_policy(`
-	postgresql_domtrans(rgmanager_t)
-	postgresql_signal(rgmanager_t)
-')
-
-optional_policy(`
-	rdisc_exec(rgmanager_t)
-')
-
-optional_policy(`
-	ricci_dontaudit_rw_modcluster_pipes(rgmanager_t)
-')
-
-optional_policy(`
-	rpc_initrc_domtrans_nfsd(rgmanager_t)
-	rpc_initrc_domtrans_rpcd(rgmanager_t)
-
-	rpc_domtrans_nfsd(rgmanager_t)
-	rpc_domtrans_rpcd(rgmanager_t)
-	rpc_manage_nfs_state_data(rgmanager_t)
-')
-
-optional_policy(`
-	samba_initrc_domtrans(rgmanager_t)
-	samba_domtrans_smbd(rgmanager_t)
-	samba_domtrans_nmbd(rgmanager_t)
-	samba_manage_var_files(rgmanager_t)
-	samba_rw_config(rgmanager_t)
-	samba_signal_smbd(rgmanager_t)
-	samba_signal_nmbd(rgmanager_t)
-')
-
-optional_policy(`
-	sysnet_domtrans_ifconfig(rgmanager_t)
-')
-
-optional_policy(`
-	udev_read_db(rgmanager_t)
-')
-
-optional_policy(`
-	virt_stream_connect(rgmanager_t)
-')
-
-optional_policy(`
-	unconfined_domain(rgmanager_t)
-')
-
-optional_policy(`
-	xen_domtrans_xm(rgmanager_t)
-')
diff --git a/policy/modules/services/rhcs.fc b/policy/modules/services/rhcs.fc
deleted file mode 100644
index d862e7e..0000000
--- a/policy/modules/services/rhcs.fc
+++ /dev/null
@@ -1,25 +0,0 @@
-/usr/sbin/dlm_controld			--	gen_context(system_u:object_r:dlm_controld_exec_t,s0)
-/usr/sbin/fenced			--	gen_context(system_u:object_r:fenced_exec_t,s0)
-/usr/sbin/fence_node			--	gen_context(system_u:object_r:fenced_exec_t,s0)
-/usr/sbin/fence_tool                    --      gen_context(system_u:object_r:fenced_exec_t,s0) 
-/usr/sbin/gfs_controld			--	gen_context(system_u:object_r:gfs_controld_exec_t,s0)
-/usr/sbin/groupd			--	gen_context(system_u:object_r:groupd_exec_t,s0)
-/usr/sbin/qdiskd			--	gen_context(system_u:object_r:qdiskd_exec_t,s0)
-
-/var/lock/fence_manual\.lock		--	gen_context(system_u:object_r:fenced_lock_t,s0)
-
-/var/lib/cluster(/.*)?				gen_context(system_u:object_r:cluster_var_lib_t,s0)
-/var/lib/qdiskd(/.*)?				gen_context(system_u:object_r:qdiskd_var_lib_t,s0)
-
-/var/log/cluster/.*\.*log			<<none>>
-/var/log/cluster/dlm_controld\.log.*	--	gen_context(system_u:object_r:dlm_controld_var_log_t,s0)
-/var/log/cluster/fenced\.log.*		--	gen_context(system_u:object_r:fenced_var_log_t,s0)
-/var/log/cluster/gfs_controld\.log.*	--	gen_context(system_u:object_r:gfs_controld_var_log_t,s0)
-/var/log/cluster/qdiskd\.log.*		--	gen_context(system_u:object_r:qdiskd_var_log_t,s0)
-
-/var/run/cluster/fenced_override	--	gen_context(system_u:object_r:fenced_var_run_t,s0)
-/var/run/dlm_controld\.pid		--	gen_context(system_u:object_r:dlm_controld_var_run_t,s0)
-/var/run/fenced\.pid			--	gen_context(system_u:object_r:fenced_var_run_t,s0)
-/var/run/gfs_controld\.pid		--	gen_context(system_u:object_r:gfs_controld_var_run_t,s0)
-/var/run/groupd\.pid			--	gen_context(system_u:object_r:groupd_var_run_t,s0)
-/var/run/qdiskd\.pid			--	gen_context(system_u:object_r:qdiskd_var_run_t,s0)
diff --git a/policy/modules/services/rhcs.if b/policy/modules/services/rhcs.if
deleted file mode 100644
index 229a3c7..0000000
--- a/policy/modules/services/rhcs.if
+++ /dev/null
@@ -1,450 +0,0 @@
-## <summary>RHCS - Red Hat Cluster Suite</summary>
-
-#######################################
-## <summary>
-##	Creates types and rules for a basic
-##	rhcs init daemon domain.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Prefix for the domain.
-##	</summary>
-## </param>
-#
-template(`rhcs_domain_template',`
-	gen_require(`
-		attribute cluster_domain, cluster_tmpfs, cluster_pid;
-	')
-
-	##############################
-	#
-	# Declarations
-	#
-
-	type $1_t, cluster_domain;
-	type $1_exec_t;
-	init_daemon_domain($1_t, $1_exec_t)
-
-	type $1_tmpfs_t, cluster_tmpfs;
-	files_tmpfs_file($1_tmpfs_t)
-
-	type $1_var_log_t;
-	logging_log_file($1_var_log_t)
-
-	type $1_var_run_t, cluster_pid;
-	files_pid_file($1_var_run_t)
-
-	##############################
-	#
-	# Local policy
-	#
-
-	manage_dirs_pattern($1_t, $1_tmpfs_t, $1_tmpfs_t)
-	manage_files_pattern($1_t, $1_tmpfs_t, $1_tmpfs_t)
-	fs_tmpfs_filetrans($1_t, $1_tmpfs_t, { dir file })
-
-	manage_files_pattern($1_t, $1_var_log_t, $1_var_log_t)
-	manage_sock_files_pattern($1_t, $1_var_log_t, $1_var_log_t)
-	logging_log_filetrans($1_t, $1_var_log_t, { file sock_file })
-
-	manage_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
-	manage_fifo_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
-	manage_sock_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
-	files_pid_filetrans($1_t, $1_var_run_t, { file fifo_file })
-')
-
-######################################
-## <summary>
-##	Execute a domain transition to run dlm_controld.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`rhcs_domtrans_dlm_controld',`
-	gen_require(`
-	type dlm_controld_t, dlm_controld_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, dlm_controld_exec_t, dlm_controld_t)
-')
-
-#####################################
-## <summary>
-##	Connect to dlm_controld over a unix domain
-##	stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhcs_stream_connect_dlm_controld',`
-	gen_require(`
-		type dlm_controld_t, dlm_controld_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, dlm_controld_var_run_t, dlm_controld_var_run_t, dlm_controld_t)
-')
-
-#####################################
-## <summary>
-##	Allow read and write access to dlm_controld semaphores.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhcs_rw_dlm_controld_semaphores',`
-	gen_require(`
-		type dlm_controld_t, dlm_controld_tmpfs_t;
-	')
-
-	allow $1 dlm_controld_t:sem { rw_sem_perms destroy };
-
-	fs_search_tmpfs($1)
-	manage_files_pattern($1, dlm_controld_tmpfs_t, dlm_controld_tmpfs_t)
-')
-
-######################################
-## <summary>
-##	Execute a domain transition to run fenced.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`rhcs_domtrans_fenced',`
-	gen_require(`
-		type fenced_t, fenced_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, fenced_exec_t, fenced_t)
-')
-
-######################################
-## <summary>
-##	Allow read and write access to fenced semaphores.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhcs_rw_fenced_semaphores',`
-	gen_require(`
-		type fenced_t, fenced_tmpfs_t;
-	')
-
-	allow $1 fenced_t:sem { rw_sem_perms destroy };
-
-	fs_search_tmpfs($1)
-	manage_files_pattern($1, fenced_tmpfs_t, fenced_tmpfs_t)
-')
-
-######################################
-## <summary>
-##	Connect to fenced over an unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhcs_stream_connect_fenced',`
-	gen_require(`
-		type fenced_var_run_t, fenced_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, fenced_var_run_t, fenced_var_run_t, fenced_t)
-')
-
-#####################################
-## <summary>
-##	Execute a domain transition to run gfs_controld.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`rhcs_domtrans_gfs_controld',`
-	gen_require(`
-	type gfs_controld_t, gfs_controld_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, gfs_controld_exec_t, gfs_controld_t)
-')
-
-####################################
-## <summary>
-##	Allow read and write access to gfs_controld semaphores.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhcs_rw_gfs_controld_semaphores',`
-	gen_require(`
-		type gfs_controld_t, gfs_controld_tmpfs_t;
-	')
-
-	allow $1 gfs_controld_t:sem { rw_sem_perms destroy };
-
-	fs_search_tmpfs($1)
-	manage_files_pattern($1, gfs_controld_tmpfs_t, gfs_controld_tmpfs_t)
-')
-
-########################################
-## <summary>
-##	Read and write to gfs_controld_t shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhcs_rw_gfs_controld_shm',`
-	gen_require(`
-		type gfs_controld_t, gfs_controld_tmpfs_t;
-	')
-
-	allow $1 gfs_controld_t:shm { rw_shm_perms destroy };
-
-	fs_search_tmpfs($1)
-	manage_files_pattern($1, gfs_controld_tmpfs_t, gfs_controld_tmpfs_t)
-')
-
-#####################################
-## <summary>
-##	Connect to gfs_controld_t over an unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhcs_stream_connect_gfs_controld',`
-	gen_require(`
-		type gfs_controld_t, gfs_controld_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, gfs_controld_var_run_t, gfs_controld_var_run_t, gfs_controld_t)
-')
-
-######################################
-## <summary>
-##	Execute a domain transition to run groupd.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`rhcs_domtrans_groupd',`
-	gen_require(`
-		type groupd_t, groupd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, groupd_exec_t, groupd_t)
-')
-
-#####################################
-## <summary>
-##	Connect to groupd over a unix domain
-##	stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhcs_stream_connect_groupd',`
-	gen_require(`
-		type groupd_t, groupd_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, groupd_var_run_t, groupd_var_run_t, groupd_t)
-')
-
-#####################################
-## <summary>
-##	Allow read and write access to groupd semaphores.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhcs_rw_groupd_semaphores',`
-	gen_require(`
-		type groupd_t, groupd_tmpfs_t;
-	')
-
-	allow $1 groupd_t:sem { rw_sem_perms destroy };
-
-	fs_search_tmpfs($1)
-	manage_files_pattern($1, groupd_tmpfs_t, groupd_tmpfs_t)
-')
-
-########################################
-## <summary>
-##	Read and write to group shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhcs_rw_groupd_shm',`
-	gen_require(`
-		type groupd_t, groupd_tmpfs_t;
-	')
-
-	allow $1 groupd_t:shm { rw_shm_perms destroy };
-
-	fs_search_tmpfs($1)
-	manage_files_pattern($1, groupd_tmpfs_t, groupd_tmpfs_t)
-')
-
-########################################
-## <summary>
-##	Read and write to group shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhcs_rw_cluster_shm',`
-	gen_require(`
-		attribute cluster_domain, cluster_tmpfs;
-	')
-
-	allow $1 cluster_domain:shm { rw_shm_perms destroy };
-
-	fs_search_tmpfs($1)
-	manage_files_pattern($1, cluster_tmpfs, cluster_tmpfs)
-')
-
-####################################
-## <summary>
-##	Read and write access to cluster domains semaphores.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhcs_rw_cluster_semaphores',`
-	gen_require(`
-		attribute cluster_domain;
-	')
-
-	allow $1 cluster_domain:sem { rw_sem_perms destroy };
-')
-
-####################################
-## <summary>
-##	Connect to cluster domains over a unix domain
-##	stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhcs_stream_connect_cluster',`
-	gen_require(`
-		attribute cluster_domain, cluster_pid;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, cluster_pid, cluster_pid, cluster_domain)
-')
-
-######################################
-## <summary>
-##	Execute a domain transition to run qdiskd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`rhcs_domtrans_qdiskd',`
-	gen_require(`
-		type qdiskd_t, qdiskd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, qdiskd_exec_t, qdiskd_t)
-')
-
-########################################
-## <summary>
-##	Allow domain to read qdiskd tmpfs files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhcs_read_qdiskd_tmpfs_files',`
-	gen_require(`
-		type qdiskd_tmpfs_t;
-	')
-
-	fs_search_tmpfs($1)
-	allow $1 qdiskd_tmpfs_t:file read_file_perms;
-')
-
-######################################
-## <summary>
-##	Allow domain to read cluster lib files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhcs_read_cluster_lib_files',`
-	gen_require(`
-		type cluster_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, cluster_var_lib_t, cluster_var_lib_t)
-')
diff --git a/policy/modules/services/rhcs.te b/policy/modules/services/rhcs.te
deleted file mode 100644
index 8d40ec9..0000000
--- a/policy/modules/services/rhcs.te
+++ /dev/null
@@ -1,244 +0,0 @@
-policy_module(rhcs, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow fenced domain to connect to the network using TCP.
-##	</p>
-## </desc>
-gen_tunable(fenced_can_network_connect, false)
-
-attribute cluster_domain;
-attribute cluster_tmpfs;
-attribute cluster_pid;
-
-rhcs_domain_template(dlm_controld)
-
-rhcs_domain_template(fenced)
-
-type fenced_lock_t;
-files_lock_file(fenced_lock_t)
-
-type fenced_tmp_t;
-files_tmp_file(fenced_tmp_t)
-
-rhcs_domain_template(gfs_controld)
-
-rhcs_domain_template(groupd)
-
-rhcs_domain_template(qdiskd)
-
-type qdiskd_var_lib_t;
-files_type(qdiskd_var_lib_t)
-
-# type for cluster lib files
-type cluster_var_lib_t;
-files_type(cluster_var_lib_t)
-
-#####################################
-#
-# dlm_controld local policy
-#
-
-allow dlm_controld_t self:capability { net_admin sys_admin sys_resource };
-
-allow dlm_controld_t self:netlink_kobject_uevent_socket create_socket_perms;
-
-stream_connect_pattern(dlm_controld_t, fenced_var_run_t, fenced_var_run_t, fenced_t)
-stream_connect_pattern(dlm_controld_t, groupd_var_run_t, groupd_var_run_t, groupd_t)
-
-kernel_read_system_state(dlm_controld_t)
-
-dev_rw_dlm_control(dlm_controld_t)
-dev_rw_sysfs(dlm_controld_t)
-
-fs_manage_configfs_files(dlm_controld_t)
-fs_manage_configfs_dirs(dlm_controld_t)
-
-init_rw_script_tmp_files(dlm_controld_t)
-
-#######################################
-#
-# fenced local policy
-#
-
-allow fenced_t self:capability { sys_rawio sys_resource };
-allow fenced_t self:process { getsched signal_perms };
-
-allow fenced_t self:tcp_socket create_stream_socket_perms;
-allow fenced_t self:udp_socket create_socket_perms;
-
-can_exec(fenced_t, fenced_exec_t)
-
-manage_files_pattern(fenced_t, fenced_lock_t, fenced_lock_t)
-files_lock_filetrans(fenced_t, fenced_lock_t, file)
-
-manage_dirs_pattern(fenced_t, fenced_tmp_t, fenced_tmp_t)
-manage_files_pattern(fenced_t, fenced_tmp_t, fenced_tmp_t)
-manage_fifo_files_pattern(fenced_t, fenced_tmp_t, fenced_tmp_t)
-files_tmp_filetrans(fenced_t, fenced_tmp_t, { file fifo_file dir })
-
-stream_connect_pattern(fenced_t, groupd_var_run_t, groupd_var_run_t, groupd_t)
-
-kernel_read_system_state(fenced_t)
-
-corecmd_exec_bin(fenced_t)
-corecmd_exec_shell(fenced_t)
-
-corenet_tcp_connect_http_port(fenced_t)
-
-dev_read_sysfs(fenced_t)
-dev_read_urand(fenced_t)
-
-files_read_usr_symlinks(fenced_t)
-
-storage_raw_read_fixed_disk(fenced_t)
-storage_raw_write_fixed_disk(fenced_t)
-storage_raw_read_removable_device(fenced_t)
-
-term_getattr_pty_fs(fenced_t)
-term_use_ptmx(fenced_t)
-
-auth_use_nsswitch(fenced_t)
-
-tunable_policy(`fenced_can_network_connect',`
-	corenet_tcp_connect_all_ports(fenced_t)
-')
-
-# needed by fence_scsi
-optional_policy(`
-	corosync_exec(fenced_t)
-')
-
-optional_policy(`
-	ccs_read_config(fenced_t)
-')
-
-optional_policy(`
-	lvm_domtrans(fenced_t)
-	lvm_read_config(fenced_t)
-')
-
-######################################
-#
-# gfs_controld local policy
-#
-
-allow gfs_controld_t self:capability { net_admin sys_resource };
-allow gfs_controld_t self:shm create_shm_perms;
-allow gfs_controld_t self:netlink_kobject_uevent_socket create_socket_perms;
-
-stream_connect_pattern(gfs_controld_t, dlm_controld_var_run_t, dlm_controld_var_run_t, dlm_controld_t)
-stream_connect_pattern(gfs_controld_t, fenced_var_run_t, fenced_var_run_t, fenced_t)
-stream_connect_pattern(gfs_controld_t, groupd_var_run_t, groupd_var_run_t, groupd_t)
-
-kernel_read_system_state(gfs_controld_t)
-
-dev_rw_dlm_control(gfs_controld_t)
-dev_setattr_dlm_control(gfs_controld_t)
-dev_rw_sysfs(gfs_controld_t)
-
-storage_getattr_removable_dev(gfs_controld_t)
-
-init_rw_script_tmp_files(gfs_controld_t)
-
-optional_policy(`
-	lvm_exec(gfs_controld_t)
-	dev_rw_lvm_control(gfs_controld_t)
-')
-
-#######################################
-#
-# groupd local policy
-#
-
-allow groupd_t self:capability { sys_nice sys_resource };
-allow groupd_t self:process setsched;
-allow groupd_t self:shm create_shm_perms;
-
-dev_list_sysfs(groupd_t)
-
-files_read_etc_files(groupd_t)
-
-init_rw_script_tmp_files(groupd_t)
-
-######################################
-#
-# qdiskd local policy
-#
-
-allow qdiskd_t self:capability { ipc_lock sys_boot };
-allow qdiskd_t self:tcp_socket create_stream_socket_perms;
-allow qdiskd_t self:udp_socket create_socket_perms;
-
-manage_files_pattern(qdiskd_t, qdiskd_var_lib_t, qdiskd_var_lib_t)
-manage_dirs_pattern(qdiskd_t, qdiskd_var_lib_t, qdiskd_var_lib_t)
-manage_sock_files_pattern(qdiskd_t, qdiskd_var_lib_t, qdiskd_var_lib_t)
-files_var_lib_filetrans(qdiskd_t, qdiskd_var_lib_t, { file dir sock_file })
-
-kernel_read_system_state(qdiskd_t)
-kernel_read_software_raid_state(qdiskd_t)
-kernel_getattr_core_if(qdiskd_t)
-
-corecmd_getattr_bin_files(qdiskd_t)
-corecmd_exec_shell(qdiskd_t)
-
-dev_read_sysfs(qdiskd_t)
-dev_list_all_dev_nodes(qdiskd_t)
-dev_getattr_all_blk_files(qdiskd_t)
-dev_getattr_all_chr_files(qdiskd_t)
-dev_manage_generic_blk_files(qdiskd_t)
-dev_manage_generic_chr_files(qdiskd_t)
-
-domain_dontaudit_getattr_all_pipes(qdiskd_t)
-domain_dontaudit_getattr_all_sockets(qdiskd_t)
-
-files_dontaudit_getattr_all_sockets(qdiskd_t)
-files_dontaudit_getattr_all_pipes(qdiskd_t)
-files_read_etc_files(qdiskd_t)
-
-storage_raw_read_removable_device(qdiskd_t)
-storage_raw_write_removable_device(qdiskd_t)
-storage_raw_read_fixed_disk(qdiskd_t)
-storage_raw_write_fixed_disk(qdiskd_t)
-
-auth_use_nsswitch(qdiskd_t)
-
-optional_policy(`
-	netutils_domtrans_ping(qdiskd_t)
-')
-
-optional_policy(`
-	udev_read_db(qdiskd_t)
-')
-
-#####################################
-#
-# rhcs domains common policy
-#
-
-allow cluster_domain self:capability sys_nice;
-allow cluster_domain self:process setsched;
-allow cluster_domain self:sem create_sem_perms;
-allow cluster_domain self:fifo_file rw_fifo_file_perms;
-allow cluster_domain self:unix_stream_socket create_stream_socket_perms;
-allow cluster_domain self:unix_dgram_socket create_socket_perms;
-
-manage_files_pattern(cluster_domain, cluster_var_lib_t, cluster_var_lib_t)
-manage_dirs_pattern(cluster_domain, cluster_var_lib_t, cluster_var_lib_t)
-
-logging_send_syslog_msg(cluster_domain)
-
-miscfiles_read_localization(cluster_domain)
-
-optional_policy(`
-	ccs_stream_connect(cluster_domain)
-')
-
-optional_policy(`
-	corosync_stream_connect(cluster_domain)
-')
diff --git a/policy/modules/services/rhgb.fc b/policy/modules/services/rhgb.fc
deleted file mode 100644
index 9e5d31b..0000000
--- a/policy/modules/services/rhgb.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-#
-# /usr
-#
-/usr/bin/rhgb		--	gen_context(system_u:object_r:rhgb_exec_t,s0)
diff --git a/policy/modules/services/rhgb.if b/policy/modules/services/rhgb.if
deleted file mode 100644
index 793a29f..0000000
--- a/policy/modules/services/rhgb.if
+++ /dev/null
@@ -1,199 +0,0 @@
-## <summary> Red Hat Graphical Boot </summary>
-
-########################################
-## <summary>
-##	RHGB stub interface.  No access allowed.
-## </summary>
-## <param name="domain" unused="true">
-##	<summary>
-##	N/A
-##	</summary>
-## </param>
-#
-interface(`rhgb_stub',`
-	gen_require(`
-		type rhgb_t;
-	')
-')
-
-########################################
-## <summary>
-##	Use a rhgb file descriptor.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhgb_use_fds',`
-	gen_require(`
-		type rhgb_t;
-	')
-
-	allow $1 rhgb_t:fd use;
-')
-
-########################################
-## <summary>
-##	Get the process group of rhgb.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhgb_getpgid',`
-	gen_require(`
-		type rhgb_t;
-	')
-
-	allow $1 rhgb_t:process getpgid;
-')
-
-########################################
-## <summary>
-##	Send a signal to rhgb.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhgb_signal',`
-	gen_require(`
-		type rhgb_t;
-	')
-
-	allow $1 rhgb_t:process signal;
-')
-
-########################################
-## <summary>
-##	Read and write to unix stream sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhgb_rw_stream_sockets',`
-	gen_require(`
-		type rhgb_t;
-	')
-
-	allow $1 rhgb_t:unix_stream_socket { read write };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write
-##	rhgb unix domain stream sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`rhgb_dontaudit_rw_stream_sockets',`
-	gen_require(`
-		type rhgb_t;
-	')
-
-	dontaudit $1 rhgb_t:unix_stream_socket { read write };
-')
-
-########################################
-## <summary>
-##	Connected to rhgb unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhgb_stream_connect',`
-	gen_require(`
-		type rhgb_t;
-	')
-
-	allow $1 rhgb_t:unix_stream_socket connectto;
-')
-
-########################################
-## <summary>
-##	Read and write to rhgb shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhgb_rw_shm',`
-	gen_require(`
-		type rhgb_t;
-	')
-
-	allow $1 rhgb_t:shm rw_shm_perms;
-')
-
-########################################
-## <summary>
-##	Read from and write to the rhgb devpts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhgb_use_ptys',`
-	gen_require(`
-		type rhgb_devpts_t;
-	')
-
-	allow $1 rhgb_devpts_t:chr_file rw_term_perms;
-')
-
-########################################
-## <summary>
-##	dontaudit Read from and write to the rhgb devpts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`rhgb_dontaudit_use_ptys',`
-	gen_require(`
-		type rhgb_devpts_t;
-	')
-
-	dontaudit $1 rhgb_devpts_t:chr_file rw_term_perms;
-')
-
-########################################
-## <summary>
-##	Read and write to rhgb temporary file system.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rhgb_rw_tmpfs_files',`
-	gen_require(`
-		type rhgb_tmpfs_t;
-	')
-
-	fs_search_tmpfs($1)
-	allow $1 rhgb_tmpfs_t:file rw_file_perms;
-')
diff --git a/policy/modules/services/rhgb.te b/policy/modules/services/rhgb.te
deleted file mode 100644
index 4d10897..0000000
--- a/policy/modules/services/rhgb.te
+++ /dev/null
@@ -1,142 +0,0 @@
-policy_module(rhgb, 1.9.0)
-
-########################################
-#
-# Declarations
-#
-
-type rhgb_t;
-type rhgb_exec_t;
-init_daemon_domain(rhgb_t, rhgb_exec_t)
-
-type rhgb_tmpfs_t;
-files_tmpfs_file(rhgb_tmpfs_t)
-
-type rhgb_devpts_t;
-term_pty(rhgb_devpts_t)
-
-########################################
-#
-# Local policy
-#
-
-allow rhgb_t self:capability { fsetid setgid setuid sys_admin sys_tty_config };
-dontaudit rhgb_t self:capability sys_tty_config;
-allow rhgb_t self:process { setpgid signal_perms };
-allow rhgb_t self:shm create_shm_perms;
-allow rhgb_t self:unix_stream_socket create_stream_socket_perms;
-allow rhgb_t self:fifo_file rw_fifo_file_perms;
-allow rhgb_t self:tcp_socket create_socket_perms;
-allow rhgb_t self:udp_socket create_socket_perms;
-allow rhgb_t self:netlink_route_socket r_netlink_socket_perms;
-
-allow rhgb_t rhgb_devpts_t:chr_file { rw_chr_file_perms setattr_chr_file_perms };
-term_create_pty(rhgb_t, rhgb_devpts_t)
-
-manage_dirs_pattern(rhgb_t, rhgb_tmpfs_t, rhgb_tmpfs_t)
-manage_files_pattern(rhgb_t, rhgb_tmpfs_t, rhgb_tmpfs_t)
-manage_lnk_files_pattern(rhgb_t, rhgb_tmpfs_t, rhgb_tmpfs_t)
-manage_fifo_files_pattern(rhgb_t, rhgb_tmpfs_t, rhgb_tmpfs_t)
-manage_sock_files_pattern(rhgb_t, rhgb_tmpfs_t, rhgb_tmpfs_t)
-fs_tmpfs_filetrans(rhgb_t, rhgb_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-kernel_read_kernel_sysctls(rhgb_t)
-kernel_read_system_state(rhgb_t)
-
-corecmd_exec_bin(rhgb_t)
-corecmd_exec_shell(rhgb_t)
-
-corenet_all_recvfrom_unlabeled(rhgb_t)
-corenet_all_recvfrom_netlabel(rhgb_t)
-corenet_tcp_sendrecv_generic_if(rhgb_t)
-corenet_udp_sendrecv_generic_if(rhgb_t)
-corenet_tcp_sendrecv_generic_node(rhgb_t)
-corenet_udp_sendrecv_generic_node(rhgb_t)
-corenet_tcp_sendrecv_all_ports(rhgb_t)
-corenet_udp_sendrecv_all_ports(rhgb_t)
-corenet_tcp_connect_all_ports(rhgb_t)
-corenet_sendrecv_all_client_packets(rhgb_t)
-
-dev_read_sysfs(rhgb_t)
-dev_read_urand(rhgb_t)
-
-domain_use_interactive_fds(rhgb_t)
-
-files_read_etc_files(rhgb_t)
-files_read_var_files(rhgb_t)
-files_read_etc_runtime_files(rhgb_t)
-files_search_tmp(rhgb_t)
-files_read_usr_files(rhgb_t)
-files_mounton_mnt(rhgb_t)
-files_dontaudit_rw_root_dir(rhgb_t)
-files_dontaudit_read_default_files(rhgb_t)
-files_dontaudit_search_pids(rhgb_t)
-# for nscd
-files_dontaudit_search_var(rhgb_t)
-
-fs_search_auto_mountpoints(rhgb_t)
-fs_mount_ramfs(rhgb_t)
-fs_unmount_ramfs(rhgb_t)
-fs_getattr_tmpfs(rhgb_t)
-# for ramfs file systems
-fs_manage_ramfs_dirs(rhgb_t)
-fs_manage_ramfs_files(rhgb_t)
-fs_manage_ramfs_pipes(rhgb_t)
-fs_manage_ramfs_sockets(rhgb_t)
-
-selinux_dontaudit_read_fs(rhgb_t)
-
-term_use_unallocated_ttys(rhgb_t)
-term_use_ptmx(rhgb_t)
-term_getattr_pty_fs(rhgb_t)
-
-init_write_initctl(rhgb_t)
-
-# for localization
-libs_read_lib_files(rhgb_t)
-
-logging_send_syslog_msg(rhgb_t)
-
-miscfiles_read_localization(rhgb_t)
-miscfiles_read_fonts(rhgb_t)
-miscfiles_dontaudit_write_fonts(rhgb_t)
-
-seutil_search_default_contexts(rhgb_t)
-seutil_read_config(rhgb_t)
-
-sysnet_read_config(rhgb_t)
-sysnet_domtrans_ifconfig(rhgb_t)
-
-userdom_dontaudit_use_unpriv_user_fds(rhgb_t)
-userdom_dontaudit_search_user_home_content(rhgb_t)
-
-xserver_read_tmp_files(rhgb_t)
-xserver_kill(rhgb_t)
-# for running setxkbmap
-xserver_read_xkb_libs(rhgb_t)
-xserver_domtrans(rhgb_t)
-xserver_signal(rhgb_t)
-xserver_read_xdm_tmp_files(rhgb_t)
-xserver_stream_connect(rhgb_t)
-
-optional_policy(`
-	consoletype_exec(rhgb_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(rhgb_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(rhgb_t)
-')
-
-optional_policy(`
-	udev_read_db(rhgb_t)
-')
-
-ifdef(`TODO',`
-	#this seems a bit much
-	allow domain rhgb_devpts_t:chr_file { read write };
-	allow initrc_t rhgb_gph_t:fd use;
-')
diff --git a/policy/modules/services/ricci.fc b/policy/modules/services/ricci.fc
deleted file mode 100644
index ed5dc05..0000000
--- a/policy/modules/services/ricci.fc
+++ /dev/null
@@ -1,19 +0,0 @@
-
-/etc/rc\.d/init\.d/ricci    --  gen_context(system_u:object_r:ricci_initrc_exec_t,s0)
-
-/usr/libexec/modcluster		--	gen_context(system_u:object_r:ricci_modcluster_exec_t,s0)
-/usr/libexec/ricci-modlog	--	gen_context(system_u:object_r:ricci_modlog_exec_t,s0)
-/usr/libexec/ricci-modrpm	--	gen_context(system_u:object_r:ricci_modrpm_exec_t,s0)
-/usr/libexec/ricci-modservice	--	gen_context(system_u:object_r:ricci_modservice_exec_t,s0)
-/usr/libexec/ricci-modstorage	--	gen_context(system_u:object_r:ricci_modstorage_exec_t,s0)
-
-/usr/sbin/modclusterd		--	gen_context(system_u:object_r:ricci_modclusterd_exec_t,s0)
-/usr/sbin/ricci			--	gen_context(system_u:object_r:ricci_exec_t,s0)
-
-/var/lib/ricci(/.*)?			gen_context(system_u:object_r:ricci_var_lib_t,s0)
-
-/var/log/clumond\.log 		--	gen_context(system_u:object_r:ricci_modcluster_var_log_t,s0)
-
-/var/run/clumond\.sock 		-s	gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0)
-/var/run/modclusterd\.pid	--	gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0)
-/var/run/ricci\.pid		--	gen_context(system_u:object_r:ricci_var_run_t,s0)
diff --git a/policy/modules/services/ricci.if b/policy/modules/services/ricci.if
deleted file mode 100644
index 3128dd8..0000000
--- a/policy/modules/services/ricci.if
+++ /dev/null
@@ -1,267 +0,0 @@
-## <summary>Ricci cluster management agent</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run ricci.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ricci_domtrans',`
-	gen_require(`
-		type ricci_t, ricci_exec_t;
-	')
-
-	domtrans_pattern($1, ricci_exec_t, ricci_t)
-')
-
-#######################################
-## <summary>
-##	Execute ricci server in the ricci domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ricci_initrc_domtrans',`
-	gen_require(`
-		type ricci_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, ricci_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run ricci_modcluster.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ricci_domtrans_modcluster',`
-	gen_require(`
-		type ricci_modcluster_t, ricci_modcluster_exec_t;
-	')
-
-	domtrans_pattern($1, ricci_modcluster_exec_t, ricci_modcluster_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to use
-##	ricci_modcluster file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`ricci_dontaudit_use_modcluster_fds',`
-	gen_require(`
-		type ricci_modcluster_t;
-	')
-
-	dontaudit $1 ricci_modcluster_t:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read write
-##	ricci_modcluster unamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`ricci_dontaudit_rw_modcluster_pipes',`
-	gen_require(`
-		type ricci_modcluster_t;
-	')
-
-	dontaudit $1 ricci_modcluster_t:fifo_file rw_inherited_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Connect to ricci_modclusterd over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ricci_stream_connect_modclusterd',`
-	gen_require(`
-		type ricci_modclusterd_t, ricci_modcluster_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, ricci_modcluster_var_run_t, ricci_modcluster_var_run_t, ricci_modclusterd_t)
-')
-
-########################################
-## <summary>
-##	Read and write to ricci_modcluserd temporary file system.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ricci_rw_modclusterd_tmpfs_files',`
-	gen_require(`
-		type ricci_modcluserd_tmpfs_t;
-	')
-
-	fs_search_tmpfs($1)
-	allow $1 ricci_modcluserd_tmpfs_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run ricci_modlog.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ricci_domtrans_modlog',`
-	gen_require(`
-		type ricci_modlog_t, ricci_modlog_exec_t;
-	')
-
-	domtrans_pattern($1, ricci_modlog_exec_t, ricci_modlog_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run ricci_modrpm.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ricci_domtrans_modrpm',`
-	gen_require(`
-		type ricci_modrpm_t, ricci_modrpm_exec_t;
-	')
-
-	domtrans_pattern($1, ricci_modrpm_exec_t, ricci_modrpm_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run ricci_modservice.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ricci_domtrans_modservice',`
-	gen_require(`
-		type ricci_modservice_t, ricci_modservice_exec_t;
-	')
-
-	domtrans_pattern($1, ricci_modservice_exec_t, ricci_modservice_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run ricci_modstorage.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ricci_domtrans_modstorage',`
-	gen_require(`
-		type ricci_modstorage_t, ricci_modstorage_exec_t;
-	')
-
-	domtrans_pattern($1, ricci_modstorage_exec_t, ricci_modstorage_t)
-')
-
-####################################
-## <summary>
-##	Allow the specified domain to manage ricci's lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ricci_manage_lib_files',`
-	gen_require(`
-		type ricci_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_dirs_pattern($1, ricci_var_lib_t, ricci_var_lib_t)
-	manage_files_pattern($1, ricci_var_lib_t, ricci_var_lib_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an ricci environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ricci_admin',`
-	gen_require(`
-		type ricci_t, ricci_initrc_exec_t, ricci_tmp_t;
-		type ricci_var_lib_t, ricci_var_log_t, ricci_var_run_t;
-	')
-
-	allow $1 ricci_t:process { ptrace signal_perms };
-	ps_process_pattern($1, ricci_t)
-
-	ricci_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 ricci_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, ricci_tmp_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, ricci_var_lib_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, ricci_var_log_t)
-
-	files_list_pids($1)
-	admin_pattern($1, ricci_var_run_t)
-')
diff --git a/policy/modules/services/ricci.te b/policy/modules/services/ricci.te
deleted file mode 100644
index 29e7311..0000000
--- a/policy/modules/services/ricci.te
+++ /dev/null
@@ -1,507 +0,0 @@
-policy_module(ricci, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type ricci_t;
-type ricci_exec_t;
-init_daemon_domain(ricci_t, ricci_exec_t)
-
-type ricci_initrc_exec_t;
-init_script_file(ricci_initrc_exec_t)
-
-type ricci_tmp_t;
-files_tmp_file(ricci_tmp_t)
-
-type ricci_var_lib_t;
-files_type(ricci_var_lib_t)
-
-type ricci_var_log_t;
-logging_log_file(ricci_var_log_t)
-
-type ricci_var_run_t;
-files_pid_file(ricci_var_run_t)
-
-type ricci_modcluster_t;
-type ricci_modcluster_exec_t;
-domain_type(ricci_modcluster_t)
-domain_entry_file(ricci_modcluster_t, ricci_modcluster_exec_t)
-role system_r types ricci_modcluster_t;
-
-type ricci_modcluster_var_lib_t;
-files_type(ricci_modcluster_var_lib_t)
-
-type ricci_modcluster_var_log_t;
-logging_log_file(ricci_modcluster_var_log_t)
-
-type ricci_modcluster_var_run_t;
-files_pid_file(ricci_modcluster_var_run_t)
-
-type ricci_modclusterd_t;
-type ricci_modclusterd_exec_t;
-init_daemon_domain(ricci_modclusterd_t, ricci_modclusterd_exec_t)
-
-type ricci_modclusterd_tmpfs_t;
-files_tmpfs_file(ricci_modclusterd_tmpfs_t)
-
-type ricci_modlog_t;
-type ricci_modlog_exec_t;
-domain_type(ricci_modlog_t)
-domain_entry_file(ricci_modlog_t, ricci_modlog_exec_t)
-role system_r types ricci_modlog_t;
-
-type ricci_modrpm_t;
-type ricci_modrpm_exec_t;
-domain_type(ricci_modrpm_t)
-domain_entry_file(ricci_modrpm_t, ricci_modrpm_exec_t)
-role system_r types ricci_modrpm_t;
-
-type ricci_modservice_t;
-type ricci_modservice_exec_t;
-domain_type(ricci_modservice_t)
-domain_entry_file(ricci_modservice_t, ricci_modservice_exec_t)
-role system_r types ricci_modservice_t;
-
-type ricci_modstorage_t;
-type ricci_modstorage_exec_t;
-domain_type(ricci_modstorage_t)
-domain_entry_file(ricci_modstorage_t, ricci_modstorage_exec_t)
-role system_r types ricci_modstorage_t;
-
-type ricci_modstorage_lock_t;
-files_lock_file(ricci_modstorage_lock_t)
-
-########################################
-#
-# ricci local policy
-#
-
-allow ricci_t self:capability { setuid sys_nice sys_boot };
-allow ricci_t self:process setsched;
-allow ricci_t self:fifo_file rw_fifo_file_perms;
-allow ricci_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow ricci_t self:tcp_socket create_stream_socket_perms;
-
-domain_auto_trans(ricci_t, ricci_modcluster_exec_t, ricci_modcluster_t)
-domain_auto_trans(ricci_t, ricci_modlog_exec_t, ricci_modlog_t)
-domain_auto_trans(ricci_t, ricci_modrpm_exec_t, ricci_modrpm_t)
-domain_auto_trans(ricci_t, ricci_modservice_exec_t, ricci_modservice_t)
-domain_auto_trans(ricci_t, ricci_modstorage_exec_t, ricci_modstorage_t)
-
-manage_dirs_pattern(ricci_t, ricci_tmp_t, ricci_tmp_t)
-manage_files_pattern(ricci_t, ricci_tmp_t, ricci_tmp_t)
-files_tmp_filetrans(ricci_t, ricci_tmp_t, { file dir })
-
-manage_dirs_pattern(ricci_t, ricci_var_lib_t, ricci_var_lib_t)
-manage_files_pattern(ricci_t, ricci_var_lib_t, ricci_var_lib_t)
-manage_sock_files_pattern(ricci_t, ricci_var_lib_t, ricci_var_lib_t)
-files_var_lib_filetrans(ricci_t, ricci_var_lib_t, { file dir sock_file })
-
-allow ricci_t ricci_var_log_t:dir setattr_dir_perms;
-manage_files_pattern(ricci_t, ricci_var_log_t, ricci_var_log_t)
-manage_sock_files_pattern(ricci_t, ricci_var_log_t, ricci_var_log_t)
-logging_log_filetrans(ricci_t, ricci_var_log_t, { sock_file file dir })
-
-manage_files_pattern(ricci_t, ricci_var_run_t, ricci_var_run_t)
-manage_sock_files_pattern(ricci_t, ricci_var_run_t, ricci_var_run_t)
-files_pid_filetrans(ricci_t, ricci_var_run_t, { file sock_file })
-
-kernel_read_kernel_sysctls(ricci_t)
-kernel_read_system_state(ricci_t)
-
-corecmd_exec_bin(ricci_t)
-
-corenet_all_recvfrom_unlabeled(ricci_t)
-corenet_all_recvfrom_netlabel(ricci_t)
-corenet_tcp_sendrecv_generic_if(ricci_t)
-corenet_tcp_sendrecv_generic_node(ricci_t)
-corenet_tcp_sendrecv_all_ports(ricci_t)
-corenet_tcp_bind_generic_node(ricci_t)
-corenet_udp_bind_generic_node(ricci_t)
-corenet_tcp_bind_ricci_port(ricci_t)
-corenet_udp_bind_ricci_port(ricci_t)
-corenet_tcp_connect_http_port(ricci_t)
-
-dev_read_urand(ricci_t)
-
-domain_read_all_domains_state(ricci_t)
-
-files_read_etc_files(ricci_t)
-files_read_etc_runtime_files(ricci_t)
-files_create_boot_flag(ricci_t)
-
-auth_domtrans_chk_passwd(ricci_t)
-auth_append_login_records(ricci_t)
-
-init_stream_connect_script(ricci_t)
-
-locallogin_dontaudit_use_fds(ricci_t)
-
-logging_send_syslog_msg(ricci_t)
-
-miscfiles_read_localization(ricci_t)
-
-sysnet_dns_name_resolve(ricci_t)
-
-optional_policy(`
-	ccs_read_config(ricci_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(ricci_t)
-
-	oddjob_dbus_chat(ricci_t)
-')
-
-optional_policy(`
-	# Needed so oddjob can run halt/reboot on behalf of ricci
-	corecmd_bin_entry_type(ricci_t)
-	term_dontaudit_search_ptys(ricci_t)
-	init_exec(ricci_t)
-	init_telinit(ricci_t)
-	init_rw_utmp(ricci_t)
-
-	oddjob_system_entry(ricci_t, ricci_exec_t)
-')
-
-optional_policy(`
-	rpm_use_script_fds(ricci_t)
-')
-
-optional_policy(`
-	sasl_connect(ricci_t)
-')
-
-optional_policy(`
-	shutdown_domtrans(ricci_t)
-')
-
-optional_policy(`
-	unconfined_use_fds(ricci_t)
-')
-
-optional_policy(`
-	xen_domtrans_xm(ricci_t)
-')
-
-########################################
-#
-# ricci_modcluster local policy
-#
-
-allow ricci_modcluster_t self:capability { net_bind_service sys_nice };
-allow ricci_modcluster_t self:process setsched;
-allow ricci_modcluster_t self:fifo_file rw_fifo_file_perms;
-
-kernel_read_kernel_sysctls(ricci_modcluster_t)
-kernel_read_system_state(ricci_modcluster_t)
-
-corecmd_exec_shell(ricci_modcluster_t)
-corecmd_exec_bin(ricci_modcluster_t)
-
-corenet_tcp_bind_cluster_port(ricci_modclusterd_t)
-corenet_tcp_bind_reserved_port(ricci_modclusterd_t)
-
-domain_read_all_domains_state(ricci_modcluster_t)
-
-files_search_locks(ricci_modcluster_t)
-files_read_etc_runtime_files(ricci_modcluster_t)
-files_read_etc_files(ricci_modcluster_t)
-files_search_usr(ricci_modcluster_t)
-
-init_exec(ricci_modcluster_t)
-init_domtrans_script(ricci_modcluster_t)
-
-logging_send_syslog_msg(ricci_modcluster_t)
-
-miscfiles_read_localization(ricci_modcluster_t)
-
-modutils_domtrans_insmod(ricci_modcluster_t)
-
-mount_domtrans(ricci_modcluster_t)
-
-consoletype_exec(ricci_modcluster_t)
-
-ricci_stream_connect_modclusterd(ricci_modcluster_t)
-
-optional_policy(`
-	aisexec_stream_connect(ricci_modcluster_t)
-	corosync_stream_connect(ricci_modcluster_t)
-')
-
-optional_policy(`
-	ccs_stream_connect(ricci_modcluster_t)
-	ccs_domtrans(ricci_modcluster_t)
-	ccs_manage_config(ricci_modcluster_t)
-')
-
-optional_policy(`
-	lvm_domtrans(ricci_modcluster_t)
-')
-
-optional_policy(`
-	nscd_socket_use(ricci_modcluster_t)
-')
-
-optional_policy(`
-	oddjob_system_entry(ricci_modcluster_t, ricci_modcluster_exec_t)
-')
-
-optional_policy(`
-	rgmanager_stream_connect(ricci_modclusterd_t)
-')
-
-########################################
-#
-# ricci_modclusterd local policy
-#
-
-allow ricci_modclusterd_t self:capability { sys_nice sys_tty_config };
-allow ricci_modclusterd_t self:process { signal sigkill setsched };
-allow ricci_modclusterd_t self:fifo_file rw_fifo_file_perms;
-allow ricci_modclusterd_t self:unix_stream_socket create_stream_socket_perms;
-allow ricci_modclusterd_t self:tcp_socket create_stream_socket_perms;
-# cjp: this needs to be fixed for a specific socket type:
-allow ricci_modclusterd_t self:socket create_socket_perms;
-
-allow ricci_modclusterd_t ricci_modcluster_t:unix_stream_socket connectto;
-allow ricci_modclusterd_t ricci_modcluster_t:fifo_file rw_file_perms;
-
-manage_dirs_pattern(ricci_modclusterd_t, ricci_modclusterd_tmpfs_t, ricci_modclusterd_tmpfs_t)
-manage_files_pattern(ricci_modclusterd_t, ricci_modclusterd_tmpfs_t, ricci_modclusterd_tmpfs_t)
-fs_tmpfs_filetrans(ricci_modclusterd_t, ricci_modclusterd_tmpfs_t, { dir file })
-
-allow ricci_modclusterd_t ricci_modcluster_var_log_t:dir setattr;
-manage_files_pattern(ricci_modclusterd_t, ricci_modcluster_var_log_t, ricci_modcluster_var_log_t)
-manage_sock_files_pattern(ricci_modclusterd_t, ricci_modcluster_var_log_t, ricci_modcluster_var_log_t)
-logging_log_filetrans(ricci_modclusterd_t, ricci_modcluster_var_log_t, { sock_file file dir })
-
-manage_files_pattern(ricci_modclusterd_t, ricci_modcluster_var_run_t, ricci_modcluster_var_run_t)
-manage_sock_files_pattern(ricci_modclusterd_t, ricci_modcluster_var_run_t, ricci_modcluster_var_run_t)
-files_pid_filetrans(ricci_modclusterd_t, ricci_modcluster_var_run_t, { file sock_file })
-
-kernel_read_kernel_sysctls(ricci_modclusterd_t)
-kernel_read_system_state(ricci_modclusterd_t)
-kernel_request_load_module(ricci_modclusterd_t)
-
-corecmd_exec_bin(ricci_modclusterd_t)
-
-corenet_tcp_sendrecv_generic_if(ricci_modclusterd_t)
-corenet_tcp_sendrecv_all_ports(ricci_modclusterd_t)
-corenet_tcp_bind_generic_node(ricci_modclusterd_t)
-corenet_tcp_bind_ricci_modcluster_port(ricci_modclusterd_t)
-corenet_tcp_connect_ricci_modcluster_port(ricci_modclusterd_t)
-
-domain_read_all_domains_state(ricci_modclusterd_t)
-
-files_read_etc_files(ricci_modclusterd_t)
-files_read_etc_runtime_files(ricci_modclusterd_t)
-
-fs_getattr_xattr_fs(ricci_modclusterd_t)
-
-auth_use_nsswitch(ricci_modclusterd_t)
-
-init_stream_connect_script(ricci_modclusterd_t)
-
-locallogin_dontaudit_use_fds(ricci_modclusterd_t)
-
-logging_send_syslog_msg(ricci_modclusterd_t)
-
-miscfiles_read_localization(ricci_modclusterd_t)
-
-sysnet_domtrans_ifconfig(ricci_modclusterd_t)
-
-optional_policy(`
-	aisexec_stream_connect(ricci_modclusterd_t)
-	corosync_stream_connect(ricci_modclusterd_t)
-')
-
-optional_policy(`
-	ccs_domtrans(ricci_modclusterd_t)
-	ccs_stream_connect(ricci_modclusterd_t)
-	ccs_read_config(ricci_modclusterd_t)
-')
-
-optional_policy(`
-	rgmanager_stream_connect(ricci_modclusterd_t)
-')
-
-optional_policy(`
-	unconfined_use_fds(ricci_modclusterd_t)
-')
-
-########################################
-#
-# ricci_modlog local policy
-#
-
-allow ricci_modlog_t self:capability sys_nice;
-allow ricci_modlog_t self:process setsched;
-
-kernel_read_kernel_sysctls(ricci_modlog_t)
-kernel_read_system_state(ricci_modlog_t)
-
-corecmd_exec_bin(ricci_modlog_t)
-
-domain_read_all_domains_state(ricci_modlog_t)
-
-files_read_etc_files(ricci_modlog_t)
-files_search_usr(ricci_modlog_t)
-
-logging_read_generic_logs(ricci_modlog_t)
-
-miscfiles_read_localization(ricci_modlog_t)
-
-optional_policy(`
-	nscd_dontaudit_search_pid(ricci_modlog_t)
-')
-
-optional_policy(`
-	oddjob_system_entry(ricci_modlog_t, ricci_modlog_exec_t)
-')
-
-########################################
-#
-# ricci_modrpm local policy
-#
-
-allow ricci_modrpm_t self:fifo_file read_fifo_file_perms;
-
-kernel_read_kernel_sysctls(ricci_modrpm_t)
-
-corecmd_exec_bin(ricci_modrpm_t)
-
-files_search_usr(ricci_modrpm_t)
-files_read_etc_files(ricci_modrpm_t)
-
-miscfiles_read_localization(ricci_modrpm_t)
-
-optional_policy(`
-	oddjob_system_entry(ricci_modrpm_t, ricci_modrpm_exec_t)
-')
-
-optional_policy(`
-	rpm_domtrans(ricci_modrpm_t)
-')
-
-########################################
-#
-# ricci_modservice local policy
-#
-
-allow ricci_modservice_t self:capability { dac_override sys_nice };
-allow ricci_modservice_t self:fifo_file rw_fifo_file_perms;
-allow ricci_modservice_t self:process setsched;
-
-kernel_read_kernel_sysctls(ricci_modservice_t)
-kernel_read_system_state(ricci_modservice_t)
-
-corecmd_exec_bin(ricci_modservice_t)
-corecmd_exec_shell(ricci_modservice_t)
-
-files_read_etc_files(ricci_modservice_t)
-files_read_etc_runtime_files(ricci_modservice_t)
-files_search_usr(ricci_modservice_t)
-# Needed for running chkconfig
-files_manage_etc_symlinks(ricci_modservice_t)
-
-consoletype_exec(ricci_modservice_t)
-
-init_domtrans_script(ricci_modservice_t)
-
-miscfiles_read_localization(ricci_modservice_t)
-
-optional_policy(`
-	ccs_read_config(ricci_modservice_t)
-')
-
-optional_policy(`
-	nscd_dontaudit_search_pid(ricci_modservice_t)
-')
-
-optional_policy(`
-	oddjob_system_entry(ricci_modservice_t, ricci_modservice_exec_t)
-')
-
-########################################
-#
-# ricci_modstorage local policy
-#
-
-allow ricci_modstorage_t self:process { setsched signal };
-dontaudit ricci_modstorage_t self:process ptrace;
-allow ricci_modstorage_t self:capability { mknod sys_nice };
-allow ricci_modstorage_t self:fifo_file rw_fifo_file_perms;
-allow ricci_modstorage_t self:unix_dgram_socket create_socket_perms;
-
-kernel_read_kernel_sysctls(ricci_modstorage_t)
-kernel_read_system_state(ricci_modstorage_t)
-
-create_files_pattern(ricci_modstorage_t, ricci_modstorage_lock_t, ricci_modstorage_lock_t)
-files_lock_filetrans(ricci_modstorage_t, ricci_modstorage_lock_t, file)
-
-corecmd_exec_shell(ricci_modstorage_t)
-corecmd_exec_bin(ricci_modstorage_t)
-
-dev_read_sysfs(ricci_modstorage_t)
-dev_read_urand(ricci_modstorage_t)
-dev_manage_generic_blk_files(ricci_modstorage_t)
-
-domain_read_all_domains_state(ricci_modstorage_t)
-
-#Needed for editing /etc/fstab
-files_manage_etc_files(ricci_modstorage_t)
-files_read_etc_runtime_files(ricci_modstorage_t)
-files_read_usr_files(ricci_modstorage_t)
-files_read_kernel_modules(ricci_modstorage_t)
-
-files_create_default_dir(ricci_modstorage_t)
-files_root_filetrans_default(ricci_modstorage_t, dir)
-files_mounton_default(ricci_modstorage_t)
-files_manage_default_dirs(ricci_modstorage_t)
-files_manage_default_files(ricci_modstorage_t)
-
-storage_raw_read_fixed_disk(ricci_modstorage_t)
-
-term_dontaudit_use_console(ricci_modstorage_t)
-
-fstools_domtrans(ricci_modstorage_t)
-
-logging_send_syslog_msg(ricci_modstorage_t)
-
-miscfiles_read_localization(ricci_modstorage_t)
-
-modutils_read_module_deps(ricci_modstorage_t)
-
-consoletype_exec(ricci_modstorage_t)
-
-mount_domtrans(ricci_modstorage_t)
-
-optional_policy(`
-	aisexec_stream_connect(ricci_modstorage_t)
-	corosync_stream_connect(ricci_modstorage_t)
-')
-
-optional_policy(`
-	ccs_stream_connect(ricci_modstorage_t)
-	ccs_read_config(ricci_modstorage_t)
-')
-
-optional_policy(`
-	lvm_domtrans(ricci_modstorage_t)
-	lvm_manage_config(ricci_modstorage_t)
-')
-
-optional_policy(`
-	nscd_socket_use(ricci_modstorage_t)
-')
-
-optional_policy(`
-	oddjob_system_entry(ricci_modstorage_t, ricci_modstorage_exec_t)
-')
-
-optional_policy(`
-	raid_domtrans_mdadm(ricci_modstorage_t)
-')
diff --git a/policy/modules/services/rlogin.fc b/policy/modules/services/rlogin.fc
deleted file mode 100644
index c3c2775..0000000
--- a/policy/modules/services/rlogin.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-HOME_DIR/\.rlogin		--	gen_context(system_u:object_r:rlogind_home_t,s0)
-HOME_DIR/\.rhosts		--	gen_context(system_u:object_r:rlogind_home_t,s0)
-/root/\.rlogin			--	gen_context(system_u:object_r:rlogind_home_t,s0)
-/root/\.rhosts		--	gen_context(system_u:object_r:rlogind_home_t,s0)
-
-/usr/kerberos/sbin/klogind	--	gen_context(system_u:object_r:rlogind_exec_t,s0)
-
-/usr/lib(64)?/telnetlogin	--	gen_context(system_u:object_r:rlogind_exec_t,s0)
-
-/usr/sbin/in\.rlogind		--	gen_context(system_u:object_r:rlogind_exec_t,s0)
diff --git a/policy/modules/services/rlogin.if b/policy/modules/services/rlogin.if
deleted file mode 100644
index 63e78c6..0000000
--- a/policy/modules/services/rlogin.if
+++ /dev/null
@@ -1,47 +0,0 @@
-## <summary>Remote login daemon</summary>
-
-########################################
-## <summary>
-##	Execute rlogind in the rlogin domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`rlogin_domtrans',`
-	gen_require(`
-		type rlogind_t, rlogind_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, rlogind_exec_t, rlogind_t)
-')
-
-########################################
-## <summary>
-##	read rlogin homedir content (.config)
-## </summary>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-template(`rlogin_read_home_content',`
-	gen_require(`
-		type rlogind_home_t;
-	')
-
-	userdom_search_user_home_dirs($1)
-	list_dirs_pattern($1, rlogind_home_t, rlogind_home_t)
-	read_files_pattern($1, rlogind_home_t, rlogind_home_t)
-	read_lnk_files_pattern($1, rlogind_home_t, rlogind_home_t)
-')
diff --git a/policy/modules/services/rlogin.te b/policy/modules/services/rlogin.te
deleted file mode 100644
index 0155ca7..0000000
--- a/policy/modules/services/rlogin.te
+++ /dev/null
@@ -1,118 +0,0 @@
-policy_module(rlogin, 1.9.0)
-
-########################################
-#
-# Declarations
-#
-
-type rlogind_t;
-type rlogind_exec_t;
-inetd_service_domain(rlogind_t, rlogind_exec_t)
-role system_r types rlogind_t;
-
-type rlogind_devpts_t; #, userpty_type;
-term_login_pty(rlogind_devpts_t)
-
-type rlogind_home_t;
-userdom_user_home_content(rlogind_home_t)
-
-type rlogind_tmp_t;
-files_tmp_file(rlogind_tmp_t)
-
-type rlogind_var_run_t;
-files_pid_file(rlogind_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow rlogind_t self:capability { fsetid chown fowner setuid setgid sys_tty_config dac_override };
-allow rlogind_t self:process signal_perms;
-allow rlogind_t self:fifo_file rw_fifo_file_perms;
-allow rlogind_t self:tcp_socket connected_stream_socket_perms;
-# for identd; cjp: this should probably only be inetd_child rules?
-allow rlogind_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-
-allow rlogind_t rlogind_devpts_t:chr_file { rw_chr_file_perms setattr_chr_file_perms };
-term_create_pty(rlogind_t, rlogind_devpts_t)
-
-# for /usr/lib/telnetlogin
-can_exec(rlogind_t, rlogind_exec_t)
-
-manage_dirs_pattern(rlogind_t, rlogind_tmp_t, rlogind_tmp_t)
-manage_files_pattern(rlogind_t, rlogind_tmp_t, rlogind_tmp_t)
-
-manage_files_pattern(rlogind_t, rlogind_var_run_t, rlogind_var_run_t)
-files_pid_filetrans(rlogind_t, rlogind_var_run_t, file)
-
-kernel_read_kernel_sysctls(rlogind_t)
-kernel_read_system_state(rlogind_t)
-kernel_read_network_state(rlogind_t)
-
-corenet_all_recvfrom_unlabeled(rlogind_t)
-corenet_all_recvfrom_netlabel(rlogind_t)
-corenet_tcp_sendrecv_generic_if(rlogind_t)
-corenet_udp_sendrecv_generic_if(rlogind_t)
-corenet_tcp_sendrecv_generic_node(rlogind_t)
-corenet_udp_sendrecv_generic_node(rlogind_t)
-corenet_tcp_sendrecv_all_ports(rlogind_t)
-corenet_udp_sendrecv_all_ports(rlogind_t)
-
-dev_read_urand(rlogind_t)
-
-domain_interactive_fd(rlogind_t)
-
-fs_getattr_xattr_fs(rlogind_t)
-fs_search_auto_mountpoints(rlogind_t)
-
-auth_domtrans_chk_passwd(rlogind_t)
-auth_rw_login_records(rlogind_t)
-auth_use_nsswitch(rlogind_t)
-auth_login_pgm_domain(rlogind_t)
-
-files_read_etc_files(rlogind_t)
-files_read_etc_runtime_files(rlogind_t)
-files_search_home(rlogind_t)
-files_search_default(rlogind_t)
-
-init_rw_utmp(rlogind_t)
-
-logging_send_syslog_msg(rlogind_t)
-
-miscfiles_read_localization(rlogind_t)
-
-seutil_read_config(rlogind_t)
-
-userdom_setattr_user_ptys(rlogind_t)
-# cjp: this is egregious
-userdom_read_user_home_content_files(rlogind_t)
-userdom_search_admin_dir(rlogind_t)
-userdom_manage_user_tmp_files(rlogind_t)
-userdom_tmp_filetrans_user_tmp(rlogind_t, file)
-
-remotelogin_domtrans(rlogind_t)
-remotelogin_signal(rlogind_t)
-
-rlogin_read_home_content(rlogind_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_list_nfs(rlogind_t)
-	fs_read_nfs_files(rlogind_t)
-	fs_read_nfs_symlinks(rlogind_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_list_cifs(rlogind_t)
-	fs_read_cifs_files(rlogind_t)
-	fs_read_cifs_symlinks(rlogind_t)
-')
-
-optional_policy(`
-	kerberos_keytab_template(rlogind, rlogind_t)
-	kerberos_manage_host_rcache(rlogind_t)
-')
-
-optional_policy(`
-	tcpd_wrapped_domain(rlogind_t, rlogind_exec_t)
-')
diff --git a/policy/modules/services/roundup.fc b/policy/modules/services/roundup.fc
deleted file mode 100644
index e4110e6..0000000
--- a/policy/modules/services/roundup.fc
+++ /dev/null
@@ -1,11 +0,0 @@
-/etc/rc\.d/init\.d/roundup --	gen_context(system_u:object_r:roundup_initrc_exec_t,s0)
-
-#
-# /usr
-#
-/usr/bin/roundup-server	 --	gen_context(system_u:object_r:roundup_exec_t,s0)
-
-#
-# /var
-#
-/var/lib/roundup(/.*)?	--	gen_context(system_u:object_r:roundup_var_lib_t,s0)
diff --git a/policy/modules/services/roundup.if b/policy/modules/services/roundup.if
deleted file mode 100644
index 30c4b75..0000000
--- a/policy/modules/services/roundup.if
+++ /dev/null
@@ -1,39 +0,0 @@
-## <summary>Roundup Issue Tracking System policy</summary>
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an roundup environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the roundup domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`roundup_admin',`
-	gen_require(`
-		type roundup_t, roundup_var_lib_t, roundup_var_run_t;
-		type roundup_initrc_exec_t;
-	')
-
-	allow $1 roundup_t:process { ptrace signal_perms };
-	ps_process_pattern($1, roundup_t)
-
-	init_labeled_script_domtrans($1, roundup_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 roundup_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_var_lib($1)
-	admin_pattern($1, roundup_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, roundup_var_run_t)
-')
diff --git a/policy/modules/services/roundup.te b/policy/modules/services/roundup.te
deleted file mode 100644
index 57f839f..0000000
--- a/policy/modules/services/roundup.te
+++ /dev/null
@@ -1,96 +0,0 @@
-policy_module(roundup, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type roundup_t;
-type roundup_exec_t;
-init_daemon_domain(roundup_t, roundup_exec_t)
-
-type roundup_initrc_exec_t;
-init_script_file(roundup_initrc_exec_t)
-
-type roundup_var_run_t;
-files_pid_file(roundup_var_run_t)
-
-type roundup_var_lib_t;
-files_type(roundup_var_lib_t)
-
-########################################
-#
-# Local policy
-#
-
-allow roundup_t self:capability { setgid setuid };
-dontaudit roundup_t self:capability sys_tty_config;
-allow roundup_t self:process signal_perms;
-allow roundup_t self:unix_stream_socket create_stream_socket_perms;
-allow roundup_t self:tcp_socket create_stream_socket_perms;
-allow roundup_t self:udp_socket create_socket_perms;
-
-manage_files_pattern(roundup_t, roundup_var_lib_t, roundup_var_lib_t)
-files_var_lib_filetrans(roundup_t, roundup_var_lib_t, file)
-
-manage_files_pattern(roundup_t, roundup_var_run_t, roundup_var_run_t)
-files_pid_filetrans(roundup_t, roundup_var_run_t, file)
-
-kernel_read_kernel_sysctls(roundup_t)
-kernel_list_proc(roundup_t)
-kernel_read_proc_symlinks(roundup_t)
-
-dev_read_sysfs(roundup_t)
-
-# execute python
-corecmd_exec_bin(roundup_t)
-
-corenet_all_recvfrom_unlabeled(roundup_t)
-corenet_all_recvfrom_netlabel(roundup_t)
-corenet_tcp_sendrecv_generic_if(roundup_t)
-corenet_udp_sendrecv_generic_if(roundup_t)
-corenet_raw_sendrecv_generic_if(roundup_t)
-corenet_tcp_sendrecv_generic_node(roundup_t)
-corenet_udp_sendrecv_generic_node(roundup_t)
-corenet_raw_sendrecv_generic_node(roundup_t)
-corenet_tcp_sendrecv_all_ports(roundup_t)
-corenet_udp_sendrecv_all_ports(roundup_t)
-corenet_tcp_bind_generic_node(roundup_t)
-corenet_tcp_bind_http_cache_port(roundup_t)
-corenet_tcp_connect_smtp_port(roundup_t)
-corenet_sendrecv_http_cache_server_packets(roundup_t)
-corenet_sendrecv_smtp_client_packets(roundup_t)
-
-# /usr/share/mysql/charsets/Index.xml
-dev_read_urand(roundup_t)
-
-domain_use_interactive_fds(roundup_t)
-
-# /usr/share/mysql/charsets/Index.xml
-files_read_usr_files(roundup_t)
-files_read_etc_files(roundup_t)
-
-fs_getattr_all_fs(roundup_t)
-fs_search_auto_mountpoints(roundup_t)
-
-logging_send_syslog_msg(roundup_t)
-
-miscfiles_read_localization(roundup_t)
-
-sysnet_read_config(roundup_t)
-
-userdom_dontaudit_use_unpriv_user_fds(roundup_t)
-userdom_dontaudit_search_user_home_dirs(roundup_t)
-
-optional_policy(`
-	mysql_stream_connect(roundup_t)
-	mysql_search_db(roundup_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(roundup_t)
-')
-
-optional_policy(`
-	udev_read_db(roundup_t)
-')
diff --git a/policy/modules/services/rpc.fc b/policy/modules/services/rpc.fc
deleted file mode 100644
index 5c70c0c..0000000
--- a/policy/modules/services/rpc.fc
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-# /etc
-#
-/etc/exports		--	gen_context(system_u:object_r:exports_t,s0)
-/etc/rc\.d/init\.d/nfs	 --	gen_context(system_u:object_r:nfsd_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/nfslock --	gen_context(system_u:object_r:rpcd_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/rpcidmapd --	gen_context(system_u:object_r:rpcd_initrc_exec_t,s0)
-
-#
-# /sbin
-#
-/sbin/rpc\..*		--	gen_context(system_u:object_r:rpcd_exec_t,s0)
-/sbin/sm-notify		--	gen_context(system_u:object_r:rpcd_exec_t,s0)
-
-#
-# /usr
-#
-/usr/sbin/rpc\.idmapd	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
-/usr/sbin/rpc\.gssd	--	gen_context(system_u:object_r:gssd_exec_t,s0)
-/usr/sbin/rpc\.mountd	--	gen_context(system_u:object_r:nfsd_exec_t,s0)
-/usr/sbin/rpc\.nfsd	--	gen_context(system_u:object_r:nfsd_exec_t,s0)
-/usr/sbin/rpc\.rquotad	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
-/usr/sbin/rpc\.svcgssd	--	gen_context(system_u:object_r:gssd_exec_t,s0)
-
-#
-# /var
-#
-/var/lib/nfs(/.*)?		gen_context(system_u:object_r:var_lib_nfs_t,s0)
-
-/var/run/rpc\.statd(/.*)?	gen_context(system_u:object_r:rpcd_var_run_t,s0)
-/var/run/rpc\.statd\.pid --	gen_context(system_u:object_r:rpcd_var_run_t,s0)
diff --git a/policy/modules/services/rpc.if b/policy/modules/services/rpc.if
deleted file mode 100644
index 28e7576..0000000
--- a/policy/modules/services/rpc.if
+++ /dev/null
@@ -1,442 +0,0 @@
-## <summary>Remote Procedure Call Daemon for managment of network based process communication</summary>
-
-########################################
-## <summary>
-##	RPC stub interface.  No access allowed.
-## </summary>
-## <param name="domain" unused="true">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpc_stub',`
-	gen_require(`
-		type exports_t;
-	')
-')
-
-#######################################
-## <summary>
-##	The template to define a rpc domain.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a domain to be used for
-##	a new rpc daemon.
-##	</p>
-## </desc>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The type of daemon to be used.
-##	</summary>
-## </param>
-#
-template(`rpc_domain_template',`
-	gen_require(`
-		type var_lib_nfs_t;
-	')
-
-	########################################
-	#
-	# Declarations
-	#
-
-	type $1_t;
-	type $1_exec_t;
-	init_daemon_domain($1_t, $1_exec_t)
-	domain_use_interactive_fds($1_t)
-
-	####################################
-	#
-	# Local Policy
-	#
-
-	dontaudit $1_t self:capability { net_admin sys_tty_config };
-	allow $1_t self:capability net_bind_service;
-	allow $1_t self:process signal_perms;
-	allow $1_t self:unix_dgram_socket create_socket_perms;
-	allow $1_t self:unix_stream_socket create_stream_socket_perms;
-	allow $1_t self:tcp_socket create_stream_socket_perms;
-	allow $1_t self:udp_socket create_socket_perms;
-
-	manage_dirs_pattern($1_t, var_lib_nfs_t, var_lib_nfs_t)
-	manage_files_pattern($1_t, var_lib_nfs_t, var_lib_nfs_t)
-
-	kernel_list_proc($1_t)
-	kernel_read_proc_symlinks($1_t)
-	kernel_read_kernel_sysctls($1_t)
-	# bind to arbitary unused ports
-	kernel_rw_rpc_sysctls($1_t)
-
-	dev_read_sysfs($1_t)
-	dev_read_urand($1_t)
-	dev_read_rand($1_t)
-
-	corenet_all_recvfrom_unlabeled($1_t)
-	corenet_all_recvfrom_netlabel($1_t)
-	corenet_tcp_sendrecv_generic_if($1_t)
-	corenet_udp_sendrecv_generic_if($1_t)
-	corenet_tcp_sendrecv_generic_node($1_t)
-	corenet_udp_sendrecv_generic_node($1_t)
-	corenet_tcp_sendrecv_all_ports($1_t)
-	corenet_udp_sendrecv_all_ports($1_t)
-	corenet_tcp_bind_generic_node($1_t)
-	corenet_udp_bind_generic_node($1_t)
-	corenet_tcp_bind_reserved_port($1_t)
-	corenet_tcp_connect_all_ports($1_t)
-	corenet_sendrecv_portmap_client_packets($1_t)
-	# do not log when it tries to bind to a port belonging to another domain
-	corenet_dontaudit_tcp_bind_all_ports($1_t)
-	corenet_dontaudit_udp_bind_all_ports($1_t)
-	# bind to arbitary unused ports
-	corenet_tcp_bind_generic_port($1_t)
-	corenet_udp_bind_generic_port($1_t)
-	corenet_tcp_bind_all_rpc_ports($1_t)
-	corenet_udp_bind_all_rpc_ports($1_t)
-	corenet_sendrecv_generic_server_packets($1_t)
-
-	fs_rw_rpc_named_pipes($1_t)
-	fs_search_auto_mountpoints($1_t)
-
-	files_read_etc_files($1_t)
-	files_read_etc_runtime_files($1_t)
-	files_search_var($1_t)
-	files_search_var_lib($1_t)
-	files_list_home($1_t)
-
-	auth_use_nsswitch($1_t)
-
-	logging_send_syslog_msg($1_t)
-
-	miscfiles_read_localization($1_t)
-
-	userdom_dontaudit_use_unpriv_user_fds($1_t)
-
-	optional_policy(`
-		rpcbind_stream_connect($1_t)
-	')
-
-	optional_policy(`
-		seutil_sigchld_newrole($1_t)
-	')
-
-	optional_policy(`
-		udev_read_db($1_t)
-	')
-')
-
-########################################
-## <summary>
-##	Send UDP network traffic to rpc and recieve UDP traffic from rpc.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpc_udp_send',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of the NFS export file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`rpc_dontaudit_getattr_exports',`
-	gen_require(`
-		type exports_t;
-	')
-
-	dontaudit $1 exports_t:file getattr_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow read access to exports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpc_read_exports',`
-	gen_require(`
-		type exports_t;
-	')
-
-	allow $1 exports_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow write access to exports.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpc_write_exports',`
-	gen_require(`
-		type exports_t;
-	')
-
-	allow $1 exports_t:file write_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute domain in nfsd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`rpc_domtrans_nfsd',`
-	gen_require(`
-		type nfsd_t, nfsd_exec_t;
-	')
-
-	domtrans_pattern($1, nfsd_exec_t, nfsd_t)
-')
-
-#######################################
-## <summary>
-##	Execute domain in nfsd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`rpc_initrc_domtrans_nfsd',`
-	gen_require(`
-		type nfsd_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, nfsd_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute domain in rpcd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`rpc_domtrans_rpcd',`
-	gen_require(`
-		type rpcd_t, rpcd_exec_t;
-	')
-
-	domtrans_pattern($1, rpcd_exec_t, rpcd_t)
-	allow rpcd_t $1:process signal;
-')
-
-########################################
-## <summary>
-##	Execute rpcd in the rcpd domain, and
-##	allow the specified role the rpcd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The role to be allowed the rpcd domain.
-##	</summary>
-## </param>
-#
-interface(`rpc_run_rpcd',`
-	gen_require(`
-		type rpcd_t;
-	')
-
-	rpc_domtrans_rpcd($1)
-	role $2 types rpcd_t;
-')
-
-#######################################
-## <summary>
-##	Execute domain in rpcd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`rpc_initrc_domtrans_rpcd',`
-	gen_require(`
-		type rpcd_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, rpcd_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Read NFS exported content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`rpc_read_nfs_content',`
-	gen_require(`
-		type nfsd_ro_t, nfsd_rw_t;
-	')
-
-	allow $1 { nfsd_ro_t nfsd_rw_t }:dir list_dir_perms;
-	allow $1 { nfsd_ro_t nfsd_rw_t }:file read_file_perms;
-	allow $1 { nfsd_ro_t nfsd_rw_t }:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow domain to create read and write NFS directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`rpc_manage_nfs_rw_content',`
-	gen_require(`
-		type nfsd_rw_t;
-	')
-
-	manage_dirs_pattern($1, nfsd_rw_t, nfsd_rw_t)
-	manage_files_pattern($1, nfsd_rw_t, nfsd_rw_t)
-	manage_lnk_files_pattern($1, nfsd_rw_t, nfsd_rw_t)
-')
-
-########################################
-## <summary>
-##	Allow domain to create read and write NFS directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`rpc_manage_nfs_ro_content',`
-	gen_require(`
-		type nfsd_ro_t;
-	')
-
-	manage_dirs_pattern($1, nfsd_ro_t, nfsd_ro_t)
-	manage_files_pattern($1, nfsd_ro_t, nfsd_ro_t)
-	manage_lnk_files_pattern($1, nfsd_ro_t, nfsd_ro_t)
-')
-
-########################################
-## <summary>
-##	Allow domain to read and write to an NFS UDP socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpc_udp_rw_nfs_sockets',`
-	gen_require(`
-		type nfsd_t;
-	')
-
-	allow $1 nfsd_t:udp_socket rw_socket_perms;
-')
-
-########################################
-## <summary>
-##	Send UDP traffic to NFSd.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpc_udp_send_nfs',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Search NFS state data in /var/lib/nfs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpc_search_nfs_state_data',`
-	gen_require(`
-		type var_lib_nfs_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 var_lib_nfs_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read NFS state data in /var/lib/nfs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpc_read_nfs_state_data',`
-	gen_require(`
-		type var_lib_nfs_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, var_lib_nfs_t, var_lib_nfs_t)
-')
-
-########################################
-## <summary>
-##	Manage NFS state data in /var/lib/nfs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpc_manage_nfs_state_data',`
-	gen_require(`
-		type var_lib_nfs_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, var_lib_nfs_t, var_lib_nfs_t)
-	allow $1 var_lib_nfs_t:file relabel_file_perms;
-')
diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te
deleted file mode 100644
index 288e6cc..0000000
--- a/policy/modules/services/rpc.te
+++ /dev/null
@@ -1,255 +0,0 @@
-policy_module(rpc, 1.12.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow gssd to read temp directory.  For access to kerberos tgt.
-##	</p>
-## </desc>
-gen_tunable(allow_gssd_read_tmp, true)
-
-## <desc>
-##	<p>
-##	Allow nfs servers to modify public files
-##	used for public file transfer services.  Files/Directories must be
-##	labeled public_content_rw_t.
-##	</p>
-## </desc>
-gen_tunable(allow_nfsd_anon_write, false)
-
-type exports_t;
-files_config_file(exports_t)
-
-rpc_domain_template(gssd)
-
-type gssd_tmp_t;
-files_tmp_file(gssd_tmp_t)
-
-type rpcd_var_run_t;
-files_pid_file(rpcd_var_run_t)
-
-# rpcd_t is the domain of rpc daemons.
-# rpc_exec_t is the type of rpc daemon programs.
-rpc_domain_template(rpcd)
-
-type rpcd_initrc_exec_t;
-init_script_file(rpcd_initrc_exec_t);
-
-rpc_domain_template(nfsd)
-
-type nfsd_initrc_exec_t;
-init_script_file(nfsd_initrc_exec_t);
-
-type nfsd_rw_t;
-files_type(nfsd_rw_t)
-
-type nfsd_ro_t;
-files_type(nfsd_ro_t)
-
-type var_lib_nfs_t;
-files_mountpoint(var_lib_nfs_t)
-
-########################################
-#
-# RPC local policy
-#
-
-allow rpcd_t self:capability { sys_admin chown dac_override setgid setuid };
-allow rpcd_t self:process { getcap setcap };
-allow rpcd_t self:fifo_file rw_fifo_file_perms;
-
-allow rpcd_t rpcd_var_run_t:dir setattr_dir_perms;
-manage_dirs_pattern(rpcd_t, rpcd_var_run_t, rpcd_var_run_t)
-manage_files_pattern(rpcd_t, rpcd_var_run_t, rpcd_var_run_t)
-files_pid_filetrans(rpcd_t, rpcd_var_run_t, { file dir })
-
-# rpc.statd executes sm-notify
-can_exec(rpcd_t, rpcd_exec_t)
-
-kernel_read_system_state(rpcd_t)
-kernel_read_network_state(rpcd_t)
-# for rpc.rquotad
-kernel_read_sysctl(rpcd_t)
-kernel_rw_fs_sysctls(rpcd_t)
-kernel_dontaudit_getattr_core_if(rpcd_t)
-kernel_signal(rpcd_t)
-
-corecmd_exec_bin(rpcd_t)
-
-files_manage_mounttab(rpcd_t)
-files_getattr_all_dirs(rpcd_t)
-
-fs_list_rpc(rpcd_t)
-fs_read_rpc_files(rpcd_t)
-fs_read_rpc_symlinks(rpcd_t)
-fs_rw_rpc_sockets(rpcd_t)
-fs_get_all_fs_quotas(rpcd_t)
-fs_set_xattr_fs_quotas(rpcd_t)
-fs_getattr_all_fs(rpcd_t)
-
-storage_getattr_fixed_disk_dev(rpcd_t)
-
-selinux_dontaudit_read_fs(rpcd_t)
-
-miscfiles_read_generic_certs(rpcd_t)
-
-seutil_dontaudit_search_config(rpcd_t)
-
-userdom_signal_unpriv_users(rpcd_t)
-userdom_read_user_home_content_files(rpcd_t)
-
-optional_policy(`
-	automount_signal(rpcd_t)
-	automount_dontaudit_write_pipes(rpcd_t)
-')
-
-optional_policy(`
-	domain_unconfined_signal(rpcd_t)
-')
-
-optional_policy(`
-	nis_read_ypserv_config(rpcd_t)
-')
-
-optional_policy(`
-	rgmanager_manage_tmp_files(rpcd_t)
-')
-
-########################################
-#
-# NFSD local policy
-#
-
-allow nfsd_t self:capability { dac_override dac_read_search sys_admin sys_resource };
-
-allow nfsd_t exports_t:file read_file_perms;
-allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir list_dir_perms;
-
-# for /proc/fs/nfs/exports - should we have a new type?
-kernel_read_system_state(nfsd_t)
-kernel_read_network_state(nfsd_t)
-kernel_dontaudit_getattr_core_if(nfsd_t)
-kernel_setsched(nfsd_t)
-
-corenet_tcp_bind_all_rpc_ports(nfsd_t)
-corenet_udp_bind_all_rpc_ports(nfsd_t)
-
-dev_dontaudit_getattr_all_blk_files(nfsd_t)
-dev_dontaudit_getattr_all_chr_files(nfsd_t)
-dev_rw_lvm_control(nfsd_t)
-
-# does not really need this, but it is easier to just allow it
-files_search_pids(nfsd_t)
-# for exportfs and rpc.mountd
-files_getattr_tmp_dirs(nfsd_t)
-# cjp: this should really have its own type
-files_manage_mounttab(nfsd_t)
-files_read_etc_runtime_files(nfsd_t)
-
-fs_mount_nfsd_fs(nfsd_t)
-fs_search_nfsd_fs(nfsd_t)
-fs_getattr_all_fs(nfsd_t)
-fs_getattr_all_dirs(nfsd_t)
-fs_rw_nfsd_fs(nfsd_t)
-
-storage_dontaudit_read_fixed_disk(nfsd_t)
-storage_raw_read_removable_device(nfsd_t)
-
-# Read access to public_content_t and public_content_rw_t
-miscfiles_read_public_files(nfsd_t)
-
-userdom_user_home_dir_filetrans_user_home_content(nfsd_t, { file dir })
-
-# Write access to public_content_t and public_content_rw_t
-tunable_policy(`allow_nfsd_anon_write',`
-	miscfiles_manage_public_files(nfsd_t)
-')
-
-tunable_policy(`nfs_export_all_rw',`
-	dev_getattr_all_blk_files(nfsd_t)
-	dev_getattr_all_chr_files(nfsd_t)
-
-	fs_read_noxattr_fs_files(nfsd_t)
-	auth_manage_all_files_except_shadow(nfsd_t)
-')
-
-tunable_policy(`nfs_export_all_ro',`
-	dev_getattr_all_blk_files(nfsd_t)
-	dev_getattr_all_chr_files(nfsd_t)
-
-	files_getattr_all_pipes(nfsd_t)
-	files_getattr_all_sockets(nfsd_t)
-
-	fs_read_noxattr_fs_files(nfsd_t)
-
-	auth_read_all_dirs_except_shadow(nfsd_t)
-	auth_read_all_files_except_shadow(nfsd_t)
-')
-
-########################################
-#
-# GSSD local policy
-#
-
-allow gssd_t self:capability { dac_override dac_read_search setuid sys_nice };
-allow gssd_t self:process { getsched setsched };
-allow gssd_t self:fifo_file rw_fifo_file_perms;
-
-manage_dirs_pattern(gssd_t, gssd_tmp_t, gssd_tmp_t)
-manage_files_pattern(gssd_t, gssd_tmp_t, gssd_tmp_t)
-files_tmp_filetrans(gssd_t, gssd_tmp_t, { file dir })
-
-kernel_read_system_state(gssd_t)
-kernel_read_network_state(gssd_t)
-kernel_read_network_state_symlinks(gssd_t)
-kernel_request_load_module(gssd_t)
-kernel_search_network_sysctl(gssd_t)
-kernel_signal(gssd_t)
-
-corecmd_exec_bin(gssd_t)
-
-fs_list_rpc(gssd_t)
-fs_rw_rpc_sockets(gssd_t)
-fs_read_rpc_files(gssd_t)
-
-fs_list_inotifyfs(gssd_t)
-files_list_tmp(gssd_t)
-files_read_usr_symlinks(gssd_t)
-files_dontaudit_write_var_dirs(gssd_t)
-
-auth_use_nsswitch(gssd_t)
-auth_manage_cache(gssd_t)
-
-miscfiles_read_generic_certs(gssd_t)
-
-mount_signal(gssd_t)
-
-userdom_signal_all_users(gssd_t)
-
-tunable_policy(`allow_gssd_read_tmp',`
-	userdom_list_user_tmp(gssd_t)
-	userdom_read_user_tmp_files(gssd_t)
-	userdom_read_user_tmp_symlinks(gssd_t)
-	userdom_write_user_tmp_files(gssd_t)
-	files_read_generic_tmp_files(gssd_t)
-')
-
-optional_policy(`
-	automount_signal(gssd_t)
-')
-
-optional_policy(`
-	kerberos_keytab_template(gssd, gssd_t)
-')
-
-optional_policy(`
-	pcscd_read_pub_files(gssd_t)
-')
-
-optional_policy(`
-	xserver_rw_xdm_tmp_files(gssd_t)
-')
diff --git a/policy/modules/services/rpcbind.fc b/policy/modules/services/rpcbind.fc
deleted file mode 100644
index 5a965e9..0000000
--- a/policy/modules/services/rpcbind.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-/etc/rc\.d/init\.d/rpcbind	--	gen_context(system_u:object_r:rpcbind_initrc_exec_t,s0)
-
-/sbin/rpcbind		--	gen_context(system_u:object_r:rpcbind_exec_t,s0)
-
-/var/cache/rpcbind(/.*)?	gen_context(system_u:object_r:rpcbind_var_lib_t,s0)
-/var/lib/rpcbind(/.*)?		gen_context(system_u:object_r:rpcbind_var_lib_t,s0)
-
-/var/run/rpc.statd\.pid	--	gen_context(system_u:object_r:rpcbind_var_run_t,s0)
-/var/run/rpcbind\.lock	--	gen_context(system_u:object_r:rpcbind_var_run_t,s0)
-/var/run/rpcbind\.sock	-s	gen_context(system_u:object_r:rpcbind_var_run_t,s0)
diff --git a/policy/modules/services/rpcbind.if b/policy/modules/services/rpcbind.if
deleted file mode 100644
index 0458ba7..0000000
--- a/policy/modules/services/rpcbind.if
+++ /dev/null
@@ -1,153 +0,0 @@
-## <summary>Universal Addresses to RPC Program Number Mapper</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run rpcbind.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`rpcbind_domtrans',`
-	gen_require(`
-		type rpcbind_t, rpcbind_exec_t;
-	')
-
-	domtrans_pattern($1, rpcbind_exec_t, rpcbind_t)
-')
-
-########################################
-## <summary>
-##	Connect to rpcbindd over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpcbind_stream_connect',`
-	gen_require(`
-		type rpcbind_t, rpcbind_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, rpcbind_var_run_t, rpcbind_var_run_t, rpcbind_t)
-')
-
-########################################
-## <summary>
-##	Read rpcbind PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpcbind_read_pid_files',`
-	gen_require(`
-		type rpcbind_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 rpcbind_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Search rpcbind lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpcbind_search_lib',`
-	gen_require(`
-		type rpcbind_var_lib_t;
-	')
-
-	allow $1 rpcbind_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Read rpcbind lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpcbind_read_lib_files',`
-	gen_require(`
-		type rpcbind_var_lib_t;
-	')
-
-	read_files_pattern($1, rpcbind_var_lib_t, rpcbind_var_lib_t)
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	rpcbind lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rpcbind_manage_lib_files',`
-	gen_require(`
-		type rpcbind_var_lib_t;
-	')
-
-	manage_files_pattern($1, rpcbind_var_lib_t, rpcbind_var_lib_t)
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an rpcbind environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the rpcbind domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`rpcbind_admin',`
-	gen_require(`
-		type rpcbind_t, rpcbind_var_lib_t, rpcbind_var_run_t;
-		type rpcbind_initrc_exec_t;
-	')
-
-	allow $1 rpcbind_t:process { ptrace signal_perms };
-	ps_process_pattern($1, rpcbind_t)
-
-	init_labeled_script_domtrans($1, rpcbind_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 rpcbind_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_var_lib($1)
-	admin_pattern($1, rpcbind_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, rpcbind_var_run_t)
-')
diff --git a/policy/modules/services/rpcbind.te b/policy/modules/services/rpcbind.te
deleted file mode 100644
index 9cb5e25..0000000
--- a/policy/modules/services/rpcbind.te
+++ /dev/null
@@ -1,79 +0,0 @@
-policy_module(rpcbind, 1.5.0)
-
-########################################
-#
-# Declarations
-#
-
-type rpcbind_t;
-type rpcbind_exec_t;
-init_daemon_domain(rpcbind_t, rpcbind_exec_t)
-
-type rpcbind_initrc_exec_t;
-init_script_file(rpcbind_initrc_exec_t)
-
-type rpcbind_var_run_t;
-files_pid_file(rpcbind_var_run_t)
-
-type rpcbind_var_lib_t;
-files_type(rpcbind_var_lib_t)
-
-########################################
-#
-# rpcbind local policy
-#
-
-allow rpcbind_t self:capability { dac_override setgid setuid sys_tty_config };
-allow rpcbind_t self:fifo_file rw_file_perms;
-allow rpcbind_t self:unix_stream_socket create_stream_socket_perms;
-allow rpcbind_t self:netlink_route_socket r_netlink_socket_perms;
-allow rpcbind_t self:udp_socket create_socket_perms;
-allow rpcbind_t self:tcp_socket create_stream_socket_perms;
-
-manage_files_pattern(rpcbind_t, rpcbind_var_run_t, rpcbind_var_run_t)
-manage_sock_files_pattern(rpcbind_t, rpcbind_var_run_t, rpcbind_var_run_t)
-files_pid_filetrans(rpcbind_t, rpcbind_var_run_t, { file sock_file })
-
-manage_dirs_pattern(rpcbind_t, rpcbind_var_lib_t, rpcbind_var_lib_t)
-manage_files_pattern(rpcbind_t, rpcbind_var_lib_t, rpcbind_var_lib_t)
-manage_sock_files_pattern(rpcbind_t, rpcbind_var_lib_t, rpcbind_var_lib_t)
-files_var_lib_filetrans(rpcbind_t, rpcbind_var_lib_t, { file dir sock_file })
-
-kernel_read_system_state(rpcbind_t)
-kernel_read_network_state(rpcbind_t)
-kernel_request_load_module(rpcbind_t)
-
-corecmd_exec_shell(rpcbind_t)
-
-corenet_all_recvfrom_unlabeled(rpcbind_t)
-corenet_all_recvfrom_netlabel(rpcbind_t)
-corenet_tcp_sendrecv_generic_if(rpcbind_t)
-corenet_udp_sendrecv_generic_if(rpcbind_t)
-corenet_tcp_sendrecv_generic_node(rpcbind_t)
-corenet_udp_sendrecv_generic_node(rpcbind_t)
-corenet_tcp_sendrecv_all_ports(rpcbind_t)
-corenet_udp_sendrecv_all_ports(rpcbind_t)
-corenet_tcp_bind_generic_node(rpcbind_t)
-corenet_udp_bind_generic_node(rpcbind_t)
-corenet_tcp_bind_portmap_port(rpcbind_t)
-corenet_udp_bind_portmap_port(rpcbind_t)
-corenet_udp_bind_all_rpc_ports(rpcbind_t)
-
-domain_use_interactive_fds(rpcbind_t)
-
-files_read_etc_files(rpcbind_t)
-files_read_etc_runtime_files(rpcbind_t)
-
-logging_send_syslog_msg(rpcbind_t)
-
-miscfiles_read_localization(rpcbind_t)
-
-sysnet_dns_name_resolve(rpcbind_t)
-
-ifdef(`hide_broken_symptoms',`
-	dontaudit rpcbind_t self:udp_socket listen;
-')
-
-optional_policy(`
-	nis_use_ypbind(rpcbind_t)
-')
diff --git a/policy/modules/services/rshd.fc b/policy/modules/services/rshd.fc
deleted file mode 100644
index 6a4db03..0000000
--- a/policy/modules/services/rshd.fc
+++ /dev/null
@@ -1,5 +0,0 @@
-
-/usr/kerberos/sbin/kshd	--	gen_context(system_u:object_r:rshd_exec_t,s0)
-
-/usr/sbin/in\.rexecd	--	gen_context(system_u:object_r:rshd_exec_t,s0)
-/usr/sbin/in\.rshd	--	gen_context(system_u:object_r:rshd_exec_t,s0)
diff --git a/policy/modules/services/rshd.if b/policy/modules/services/rshd.if
deleted file mode 100644
index 2e87d76..0000000
--- a/policy/modules/services/rshd.if
+++ /dev/null
@@ -1,21 +0,0 @@
-## <summary>Remote shell service.</summary>
-
-########################################
-## <summary>
-##	Domain transition to rshd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`rshd_domtrans',`
-	gen_require(`
-		type rshd_exec_t, rshd_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, rshd_exec_t, rshd_t)
-')
diff --git a/policy/modules/services/rshd.te b/policy/modules/services/rshd.te
deleted file mode 100644
index 49a4283..0000000
--- a/policy/modules/services/rshd.te
+++ /dev/null
@@ -1,97 +0,0 @@
-policy_module(rshd, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-type rshd_t;
-type rshd_exec_t;
-inetd_tcp_service_domain(rshd_t, rshd_exec_t)
-domain_subj_id_change_exemption(rshd_t)
-domain_role_change_exemption(rshd_t)
-role system_r types rshd_t;
-
-########################################
-#
-# Local policy
-#
-allow rshd_t self:capability { kill setuid setgid fowner fsetid chown dac_override };
-allow rshd_t self:process { signal_perms fork setsched setpgid setexec };
-allow rshd_t self:fifo_file rw_fifo_file_perms;
-allow rshd_t self:tcp_socket create_stream_socket_perms;
-
-kernel_read_kernel_sysctls(rshd_t)
-
-corenet_all_recvfrom_unlabeled(rshd_t)
-corenet_all_recvfrom_netlabel(rshd_t)
-corenet_tcp_sendrecv_generic_if(rshd_t)
-corenet_udp_sendrecv_generic_if(rshd_t)
-corenet_tcp_sendrecv_generic_node(rshd_t)
-corenet_udp_sendrecv_generic_node(rshd_t)
-corenet_tcp_sendrecv_all_ports(rshd_t)
-corenet_udp_sendrecv_all_ports(rshd_t)
-corenet_tcp_bind_generic_node(rshd_t)
-corenet_tcp_bind_rsh_port(rshd_t)
-corenet_tcp_bind_all_rpc_ports(rshd_t)
-corenet_tcp_connect_all_ports(rshd_t)
-corenet_tcp_connect_all_rpc_ports(rshd_t)
-corenet_sendrecv_rsh_server_packets(rshd_t)
-
-dev_read_urand(rshd_t)
-
-selinux_get_fs_mount(rshd_t)
-selinux_validate_context(rshd_t)
-selinux_compute_access_vector(rshd_t)
-selinux_compute_create_context(rshd_t)
-selinux_compute_relabel_context(rshd_t)
-selinux_compute_user_contexts(rshd_t)
-
-corecmd_read_bin_symlinks(rshd_t)
-
-files_list_home(rshd_t)
-files_read_etc_files(rshd_t)
-files_search_tmp(rshd_t)
-
-auth_login_pgm_domain(rshd_t)
-auth_write_login_records(rshd_t)
-
-init_rw_utmp(rshd_t)
-
-logging_send_syslog_msg(rshd_t)
-logging_search_logs(rshd_t)
-
-miscfiles_read_localization(rshd_t)
-
-seutil_read_config(rshd_t)
-seutil_read_default_contexts(rshd_t)
-
-userdom_search_user_home_content(rshd_t)
-userdom_manage_tmp_role(system_r, rshd_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_read_nfs_files(rshd_t)
-	fs_read_nfs_symlinks(rshd_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_read_cifs_files(rshd_t)
-	fs_read_cifs_symlinks(rshd_t)
-')
-
-optional_policy(`
-	kerberos_keytab_template(rshd, rshd_t)
-	kerberos_manage_host_rcache(rshd_t)
-')
-
-optional_policy(`
-	rlogin_read_home_content(rshd_t)
-')
-
-optional_policy(`
-	tcpd_wrapped_domain(rshd_t, rshd_exec_t)
-')
-
-optional_policy(`
-	unconfined_shell_domtrans(rshd_t)
-	unconfined_signal(rshd_t)
-')
diff --git a/policy/modules/services/rsync.fc b/policy/modules/services/rsync.fc
deleted file mode 100644
index 479615b..0000000
--- a/policy/modules/services/rsync.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-/etc/rsyncd\.conf	--	gen_context(system_u:object_r:rsync_etc_t, s0)
-
-/usr/bin/rsync		--	gen_context(system_u:object_r:rsync_exec_t,s0)
-
-/var/log/rsync\.log	--	gen_context(system_u:object_r:rsync_log_t,s0)
-
-/var/run/rsyncd\.lock	--	gen_context(system_u:object_r:rsync_var_run_t,s0)
diff --git a/policy/modules/services/rsync.if b/policy/modules/services/rsync.if
deleted file mode 100644
index b28cae5..0000000
--- a/policy/modules/services/rsync.if
+++ /dev/null
@@ -1,186 +0,0 @@
-## <summary>Fast incremental file transfer for synchronization</summary>
-
-########################################
-## <summary>
-##	Make rsync an entry point for
-##	the specified domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The domain for which init scripts are an entrypoint.
-##	</summary>
-## </param>
-# cjp: added for portage
-interface(`rsync_entry_type',`
-	gen_require(`
-		type rsync_exec_t;
-	')
-
-	domain_entry_file($1, rsync_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute a rsync in a specified domain.
-## </summary>
-## <desc>
-##	<p>
-##	Execute a rsync in a specified domain.
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-## </desc>
-## <param name="source_domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	Domain to transition to.
-##	</summary>
-## </param>
-# cjp: added for portage
-interface(`rsync_entry_spec_domtrans',`
-	gen_require(`
-		type rsync_exec_t;
-	')
-
-	domain_trans($1, rsync_exec_t, $2)
-')
-
-########################################
-## <summary>
-##	Execute a rsync in a specified domain.
-## </summary>
-## <desc>
-##	<p>
-##	Execute a rsync in a specified domain.
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-## </desc>
-## <param name="source_domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	Domain to transition to.
-##	</summary>
-## </param>
-# cjp: added for portage
-interface(`rsync_entry_domtrans',`
-	gen_require(`
-		type rsync_exec_t;
-	')
-
-	domain_auto_trans($1, rsync_exec_t, $2)
-')
-
-########################################
-## <summary>
-##	Execute rsync in the caller domain domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`rsync_exec',`
-	gen_require(`
-		type rsync_exec_t;
-	')
-
-	can_exec($1, rsync_exec_t)
-')
-
-########################################
-## <summary>
-##	Read rsync config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rsync_read_config',`
-	gen_require(`
-		type rsync_etc_t;
-	')
-
-	read_files_pattern($1, rsync_etc_t, rsync_etc_t)
-	files_search_etc($1)
-')
-
-########################################
-## <summary>
-##	Write to rsync config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rsync_write_config',`
-	gen_require(`
-		type rsync_etc_t;
-	')
-
-	write_files_pattern($1, rsync_etc_t, rsync_etc_t)
-	files_search_etc($1)
-')
-
-########################################
-## <summary>
-##	Manage rsync config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rsync_manage_config',`
-	gen_require(`
-		type rsync_etc_t;
-	')
-
-	manage_files_pattern($1, rsync_etc_t, rsync_etc_t)
-	files_search_etc($1)
-')
-
-########################################
-## <summary>
-##	Create objects in etc directories
-##	with rsync etc type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	Class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`rsync_filetrans_config',`
-	gen_require(`
-		type rsync_etc_t;
-	')
-
-	files_etc_filetrans($1, rsync_etc_t, $2)
-')
diff --git a/policy/modules/services/rsync.te b/policy/modules/services/rsync.te
deleted file mode 100644
index 5e7b7cf..0000000
--- a/policy/modules/services/rsync.te
+++ /dev/null
@@ -1,155 +0,0 @@
-policy_module(rsync, 1.10.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Allow rsync to run as a client
-## </p>
-## </desc>
-gen_tunable(rsync_client, false)
-
-## <desc>
-## <p>
-## Allow rsync to export any files/directories read only.
-## </p>
-## </desc>
-gen_tunable(rsync_export_all_ro, false)
-
-## <desc>
-## <p>
-## Allow rsync to modify public files
-## used for public file transfer services.  Files/Directories must be
-## labeled public_content_rw_t.
-## </p>
-## </desc>
-gen_tunable(allow_rsync_anon_write, false)
-
-type rsync_t;
-type rsync_exec_t;
-application_executable_file(rsync_exec_t)
-role system_r types rsync_t;
-
-type rsync_etc_t;
-files_config_file(rsync_etc_t)
-
-type rsync_data_t;
-files_type(rsync_data_t)
-
-type rsync_log_t;
-logging_log_file(rsync_log_t)
-
-type rsync_tmp_t;
-files_tmp_file(rsync_tmp_t)
-
-type rsync_var_run_t;
-files_pid_file(rsync_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow rsync_t self:capability { chown dac_read_search dac_override fowner fsetid setuid setgid sys_chroot };
-allow rsync_t self:process signal_perms;
-allow rsync_t self:fifo_file rw_fifo_file_perms;
-allow rsync_t self:tcp_socket create_stream_socket_perms;
-allow rsync_t self:udp_socket connected_socket_perms;
-
-# for identd
-# cjp: this should probably only be inetd_child_t rules?
-# search home and kerberos also.
-allow rsync_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-#end for identd
-
-read_files_pattern(rsync_t, rsync_etc_t, rsync_etc_t)
-
-allow rsync_t rsync_data_t:dir list_dir_perms;
-read_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
-read_lnk_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
-
-manage_files_pattern(rsync_t, rsync_log_t, rsync_log_t)
-logging_log_filetrans(rsync_t, rsync_log_t, file)
-
-manage_dirs_pattern(rsync_t, rsync_tmp_t, rsync_tmp_t)
-manage_files_pattern(rsync_t, rsync_tmp_t, rsync_tmp_t)
-files_tmp_filetrans(rsync_t, rsync_tmp_t, { file dir })
-
-manage_files_pattern(rsync_t, rsync_var_run_t, rsync_var_run_t)
-files_pid_filetrans(rsync_t, rsync_var_run_t, file)
-
-kernel_read_kernel_sysctls(rsync_t)
-kernel_read_system_state(rsync_t)
-kernel_read_network_state(rsync_t)
-
-corenet_all_recvfrom_unlabeled(rsync_t)
-corenet_all_recvfrom_netlabel(rsync_t)
-corenet_tcp_sendrecv_generic_if(rsync_t)
-corenet_udp_sendrecv_generic_if(rsync_t)
-corenet_tcp_sendrecv_generic_node(rsync_t)
-corenet_udp_sendrecv_generic_node(rsync_t)
-corenet_tcp_sendrecv_all_ports(rsync_t)
-corenet_udp_sendrecv_all_ports(rsync_t)
-corenet_tcp_bind_generic_node(rsync_t)
-corenet_tcp_bind_rsync_port(rsync_t)
-corenet_sendrecv_rsync_server_packets(rsync_t)
-
-dev_read_urand(rsync_t)
-
-fs_getattr_xattr_fs(rsync_t)
-
-files_read_etc_files(rsync_t)
-files_search_home(rsync_t)
-
-auth_use_nsswitch(rsync_t)
-
-logging_send_syslog_msg(rsync_t)
-
-miscfiles_read_localization(rsync_t)
-miscfiles_read_public_files(rsync_t)
-
-tunable_policy(`allow_rsync_anon_write',`
-	miscfiles_manage_public_files(rsync_t)
-')
-
-optional_policy(`
-	daemontools_service_domain(rsync_t, rsync_exec_t)
-')
-
-optional_policy(`
-	kerberos_use(rsync_t)
-')
-
-optional_policy(`
-	inetd_service_domain(rsync_t, rsync_exec_t)
-')
-
-tunable_policy(`rsync_export_all_ro',`
-	files_getattr_all_pipes(rsync_t)
-	fs_read_noxattr_fs_files(rsync_t) 
-	fs_read_nfs_files(rsync_t)
-	fs_read_cifs_files(rsync_t)
-	auth_read_all_dirs_except_shadow(rsync_t)
-	auth_read_all_files_except_shadow(rsync_t)
-	auth_read_all_symlinks_except_shadow(rsync_t)
-	auth_tunable_read_shadow(rsync_t)
-')
-
-tunable_policy(`rsync_client',`
-	corenet_tcp_connect_rsync_port(rsync_t)
-	corenet_tcp_connect_ssh_port(rsync_t)
-	manage_dirs_pattern(rsync_t, rsync_data_t, rsync_data_t)
-	manage_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
-	manage_lnk_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
-')
-
-optional_policy(`
-	tunable_policy(`rsync_client',`
-		ssh_exec(rsync_t) 
-	')
-')
-
-auth_can_read_shadow_passwords(rsync_t)
diff --git a/policy/modules/services/rtkit.fc b/policy/modules/services/rtkit.fc
deleted file mode 100644
index 52c441e..0000000
--- a/policy/modules/services/rtkit.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/libexec/rtkit-daemon	--	gen_context(system_u:object_r:rtkit_daemon_exec_t,s0)
diff --git a/policy/modules/services/rtkit.if b/policy/modules/services/rtkit.if
deleted file mode 100644
index d632bc0..0000000
--- a/policy/modules/services/rtkit.if
+++ /dev/null
@@ -1,82 +0,0 @@
-## <summary>Realtime scheduling for user processes.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run rtkit_daemon.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`rtkit_daemon_domtrans',`
-	gen_require(`
-		type rtkit_daemon_t, rtkit_daemon_exec_t;
-	')
-
-	domtrans_pattern($1, rtkit_daemon_exec_t, rtkit_daemon_t)
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	rtkit_daemon over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rtkit_daemon_dbus_chat',`
-	gen_require(`
-		type rtkit_daemon_t;
-		class dbus send_msg;
-	')
-
-	allow $1 rtkit_daemon_t:dbus send_msg;
-	allow rtkit_daemon_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Do not audit send and receive messages from
-##	rtkit_daemon over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`rtkit_daemon_dontaudit_dbus_chat',`
-	gen_require(`
-		type rtkit_daemon_t;
-		class dbus send_msg;
-	')
-
-	dontaudit $1 rtkit_daemon_t:dbus send_msg;
-	dontaudit rtkit_daemon_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Allow rtkit to control scheduling for your process
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rtkit_scheduled',`
-	gen_require(`
-		type rtkit_daemon_t;
-	')
-
-	kernel_search_proc($1)
-	ps_process_pattern(rtkit_daemon_t, $1)
-	allow rtkit_daemon_t $1:process { getsched setsched };
-	rtkit_daemon_dbus_chat($1)
-')
diff --git a/policy/modules/services/rtkit.te b/policy/modules/services/rtkit.te
deleted file mode 100644
index 7d64285..0000000
--- a/policy/modules/services/rtkit.te
+++ /dev/null
@@ -1,36 +0,0 @@
-policy_module(rtkit, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type rtkit_daemon_t;
-type rtkit_daemon_exec_t;
-dbus_system_domain(rtkit_daemon_t, rtkit_daemon_exec_t)
-init_system_domain(rtkit_daemon_t, rtkit_daemon_exec_t)
-
-########################################
-#
-# rtkit_daemon local policy
-#
-
-allow rtkit_daemon_t self:capability { dac_read_search setuid sys_chroot setgid sys_nice sys_ptrace };
-allow rtkit_daemon_t self:process { setsched getcap setcap setrlimit };
-
-kernel_read_system_state(rtkit_daemon_t)
-
-domain_getsched_all_domains(rtkit_daemon_t)
-domain_read_all_domains_state(rtkit_daemon_t)
-
-fs_rw_anon_inodefs_files(rtkit_daemon_t)
-
-auth_use_nsswitch(rtkit_daemon_t)
-
-logging_send_syslog_msg(rtkit_daemon_t)
-
-miscfiles_read_localization(rtkit_daemon_t)
-
-optional_policy(`
-	policykit_dbus_chat(rtkit_daemon_t)
-')
diff --git a/policy/modules/services/rwho.fc b/policy/modules/services/rwho.fc
deleted file mode 100644
index bc048ce..0000000
--- a/policy/modules/services/rwho.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-/etc/rc\.d/init\.d/rwhod --	gen_context(system_u:object_r:rwho_initrc_exec_t,s0)
-
-/usr/sbin/rwhod		--	gen_context(system_u:object_r:rwho_exec_t,s0)
-
-/var/spool/rwho(/.*)?		gen_context(system_u:object_r:rwho_spool_t,s0)
-
-/var/log/rwhod(/.*)?		gen_context(system_u:object_r:rwho_log_t,s0)
diff --git a/policy/modules/services/rwho.if b/policy/modules/services/rwho.if
deleted file mode 100644
index 664e68e..0000000
--- a/policy/modules/services/rwho.if
+++ /dev/null
@@ -1,154 +0,0 @@
-## <summary>Who is logged in on other machines?</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run rwho.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`rwho_domtrans',`
-	gen_require(`
-		type rwho_t, rwho_exec_t;
-	')
-
-	domtrans_pattern($1, rwho_exec_t, rwho_t)
-')
-
-########################################
-## <summary>
-##	Search rwho log directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rwho_search_log',`
-	gen_require(`
-		type rwho_log_t;
-	')
-
-	allow $1 rwho_log_t:dir search_dir_perms;
-	logging_search_logs($1)
-')
-
-########################################
-## <summary>
-##	Read rwho log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rwho_read_log_files',`
-	gen_require(`
-		type rwho_log_t;
-	')
-
-	allow $1 rwho_log_t:file read_file_perms;
-	allow $1 rwho_log_t:dir list_dir_perms;
-	logging_search_logs($1)
-')
-
-########################################
-## <summary>
-##	Search rwho spool directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rwho_search_spool',`
-	gen_require(`
-		type rwho_spool_t;
-	')
-
-	allow $1 rwho_spool_t:dir search_dir_perms;
-	files_search_spool($1)
-')
-
-########################################
-## <summary>
-##	Read rwho spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rwho_read_spool_files',`
-	gen_require(`
-		type rwho_spool_t;
-	')
-
-	read_files_pattern($1, rwho_spool_t, rwho_spool_t)
-	files_search_spool($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	rwho spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`rwho_manage_spool_files',`
-	gen_require(`
-		type rwho_spool_t;
-	')
-
-	manage_files_pattern($1, rwho_spool_t, rwho_spool_t)
-	files_search_spool($1)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an rwho environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`rwho_admin',`
-	gen_require(`
-		type rwho_t, rwho_log_t, rwho_spool_t;
-		type rwho_initrc_exec_t;
-	')
-
-	allow $1 rwho_t:process { ptrace signal_perms };
-	ps_process_pattern($1, rwho_t)
-
-	init_labeled_script_domtrans($1, rwho_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 rwho_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	logging_list_logs($1)
-	admin_pattern($1, rwho_log_t)
-
-	files_list_spool($1)
-	admin_pattern($1, rwho_spool_t)
-')
diff --git a/policy/modules/services/rwho.te b/policy/modules/services/rwho.te
deleted file mode 100644
index d78daf4..0000000
--- a/policy/modules/services/rwho.te
+++ /dev/null
@@ -1,63 +0,0 @@
-policy_module(rwho, 1.6.0)
-
-########################################
-#
-# Declarations
-#
-
-type rwho_t;
-type rwho_exec_t;
-init_daemon_domain(rwho_t, rwho_exec_t)
-
-type rwho_initrc_exec_t;
-init_script_file(rwho_initrc_exec_t)
-
-type rwho_log_t;
-files_type(rwho_log_t)
-
-type rwho_spool_t;
-files_type(rwho_spool_t)
-
-########################################
-#
-# rwho local policy
-#
-
-allow rwho_t self:capability sys_chroot;
-allow rwho_t self:unix_dgram_socket create;
-allow rwho_t self:fifo_file rw_file_perms;
-allow rwho_t self:unix_stream_socket create_stream_socket_perms;
-allow rwho_t self:udp_socket create_socket_perms;
-
-allow rwho_t rwho_log_t:dir manage_dir_perms;
-allow rwho_t rwho_log_t:file manage_file_perms;
-logging_log_filetrans(rwho_t, rwho_log_t, { file dir })
-
-allow rwho_t rwho_spool_t:dir manage_dir_perms;
-allow rwho_t rwho_spool_t:file manage_file_perms;
-files_spool_filetrans(rwho_t, rwho_spool_t, { file dir })
-
-kernel_read_system_state(rwho_t)
-
-corenet_all_recvfrom_unlabeled(rwho_t)
-corenet_all_recvfrom_netlabel(rwho_t)
-corenet_udp_sendrecv_generic_if(rwho_t)
-corenet_udp_sendrecv_generic_node(rwho_t)
-corenet_udp_sendrecv_all_ports(rwho_t)
-corenet_udp_bind_generic_node(rwho_t)
-corenet_udp_bind_rwho_port(rwho_t)
-corenet_sendrecv_rwho_server_packets(rwho_t)
-
-domain_use_interactive_fds(rwho_t)
-
-files_read_etc_files(rwho_t)
-
-init_read_utmp(rwho_t)
-init_dontaudit_write_utmp(rwho_t)
-
-logging_send_syslog_msg(rwho_t)
-
-miscfiles_read_localization(rwho_t)
-
-sysnet_dns_name_resolve(rwho_t)
-
diff --git a/policy/modules/services/samba.fc b/policy/modules/services/samba.fc
deleted file mode 100644
index 73db5ba..0000000
--- a/policy/modules/services/samba.fc
+++ /dev/null
@@ -1,57 +0,0 @@
-
-#
-# /etc
-#
-/etc/rc\.d/init\.d/nmb		--	gen_context(system_u:object_r:samba_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/smb		--	gen_context(system_u:object_r:samba_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/winbind	--	gen_context(system_u:object_r:samba_initrc_exec_t,s0)
-/etc/samba/MACHINE\.SID		--	gen_context(system_u:object_r:samba_secrets_t,s0)
-/etc/samba/passdb\.tdb		--	gen_context(system_u:object_r:samba_secrets_t,s0)
-/etc/samba/secrets\.tdb		--	gen_context(system_u:object_r:samba_secrets_t,s0)
-/etc/samba/smbpasswd		--	gen_context(system_u:object_r:samba_secrets_t,s0)
-/etc/samba(/.*)?			gen_context(system_u:object_r:samba_etc_t,s0)
-
-#
-# /usr
-#
-/usr/bin/net			--	gen_context(system_u:object_r:samba_net_exec_t,s0)
-/usr/bin/ntlm_auth		--	gen_context(system_u:object_r:winbind_helper_exec_t,s0)
-/usr/bin/smbcontrol		--	gen_context(system_u:object_r:smbcontrol_exec_t,s0)
-/usr/bin/smbmount		--	gen_context(system_u:object_r:smbmount_exec_t,s0)
-/usr/bin/smbmnt			--	gen_context(system_u:object_r:smbmount_exec_t,s0)
-
-/usr/sbin/swat			--	gen_context(system_u:object_r:swat_exec_t,s0)
-/usr/sbin/nmbd			--	gen_context(system_u:object_r:nmbd_exec_t,s0)
-/usr/sbin/smbd			--	gen_context(system_u:object_r:smbd_exec_t,s0)
-/usr/sbin/winbindd		--	gen_context(system_u:object_r:winbind_exec_t,s0)
-
-#
-# /var
-#
-/var/cache/samba(/.*)?			gen_context(system_u:object_r:samba_var_t,s0)
-/var/cache/samba/winbindd_privileged(/.*)? gen_context(system_u:object_r:winbind_var_run_t,s0)
-
-/var/lib/samba(/.*)?			gen_context(system_u:object_r:samba_var_t,s0)
-/var/lib/samba/winbindd_privileged(/.*)? gen_context(system_u:object_r:winbind_var_run_t,s0)
-
-/var/log/samba(/.*)?			gen_context(system_u:object_r:samba_log_t,s0)
-
-/var/run/samba/brlock\.tdb	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-/var/run/samba/connections\.tdb	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-/var/run/samba/gencache\.tdb	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-/var/run/samba/locking\.tdb 	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-/var/run/samba/messages\.tdb	--	gen_context(system_u:object_r:nmbd_var_run_t,s0)
-/var/run/samba/namelist\.debug	--	gen_context(system_u:object_r:nmbd_var_run_t,s0)
-/var/run/samba/nmbd\.pid	--	gen_context(system_u:object_r:nmbd_var_run_t,s0)
-/var/run/samba/sessionid\.tdb	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-/var/run/samba/share_info\.tdb	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-/var/run/samba/smbd\.pid	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-/var/run/samba/unexpected\.tdb	--	gen_context(system_u:object_r:nmbd_var_run_t,s0)
-
-/var/run/winbindd(/.*)?			gen_context(system_u:object_r:winbind_var_run_t,s0)
-
-/var/spool/samba(/.*)?			gen_context(system_u:object_r:samba_var_t,s0)
-
-ifndef(`enable_mls',`
-/var/lib/samba/scripts(/.*)?		gen_context(system_u:object_r:samba_unconfined_script_exec_t,s0)
-')
diff --git a/policy/modules/services/samba.if b/policy/modules/services/samba.if
deleted file mode 100644
index 9e72970..0000000
--- a/policy/modules/services/samba.if
+++ /dev/null
@@ -1,814 +0,0 @@
-## <summary>
-##	SMB and CIFS client/server programs for UNIX and
-##	name  Service  Switch  daemon for resolving names
-##	from Windows NT servers.
-## </summary>
-
-########################################
-## <summary>
-##	Execute nmbd net in the nmbd_t domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`samba_domtrans_nmbd',`
-	gen_require(`
-		type nmbd_t, nmbd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, nmbd_exec_t, nmbd_t)
-')
-
-#######################################
-## <summary>
-##	Allow domain to signal samba
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`samba_signal_nmbd',`
-	gen_require(`
-		type nmbd_t;
-	')
-	allow $1 nmbd_t:process signal;
-')
-
-########################################
-## <summary>
-##	Execute samba server in the samba domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`samba_initrc_domtrans',`
-	gen_require(`
-		type samba_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, samba_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute samba net in the samba_net domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`samba_domtrans_net',`
-	gen_require(`
-		type samba_net_t, samba_net_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, samba_net_exec_t, samba_net_t)
-')
-
-########################################
-## <summary>
-##	Execute samba net in the samba_unconfined_net domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`samba_domtrans_unconfined_net',`
-	gen_require(`
-		type samba_unconfined_net_t, samba_net_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, samba_net_exec_t, samba_unconfined_net_t)
-')
-
-########################################
-## <summary>
-##	Execute samba net in the samba_net domain, and
-##	allow the specified role the samba_net domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`samba_run_net',`
-	gen_require(`
-		type samba_net_t;
-	')
-
-	samba_domtrans_net($1)
-	role $2 types samba_net_t;
-')
-
-#######################################
-## <summary>
-##	The role for the samba module.
-## </summary>
-## <param name="role">
-##	<summary>
-##	The role to be allowed the samba_net domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`samba_role_notrans',`
-	gen_require(`
-		type smbd_t;
-	')
-
-	role $1 types smbd_t;
-')
-
-########################################
-## <summary>
-##	Execute samba net in the samba_unconfined_net domain, and
-##	allow the specified role the samba_unconfined_net domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed the samba_unconfined_net domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`samba_run_unconfined_net',`
-	gen_require(`
-		type samba_unconfined_net_t;
-	')
-
-	samba_domtrans_unconfined_net($1)
-	role $2 types samba_unconfined_net_t;
-')
-
-########################################
-## <summary>
-##	Execute smbmount in the smbmount domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`samba_domtrans_smbmount',`
-	gen_require(`
-		type smbmount_t, smbmount_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, smbmount_exec_t, smbmount_t)
-')
-
-########################################
-## <summary>
-##	Execute smbmount interactively and do
-##	a domain transition to the smbmount domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`samba_run_smbmount',`
-	gen_require(`
-		type smbmount_t;
-	')
-
-	samba_domtrans_smbmount($1)
-	role $2 types smbmount_t;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	samba configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`samba_read_config',`
-	gen_require(`
-		type samba_etc_t;
-	')
-
-	files_search_etc($1)
-	read_files_pattern($1, samba_etc_t, samba_etc_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	and write samba configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`samba_rw_config',`
-	gen_require(`
-		type samba_etc_t;
-	')
-
-	files_search_etc($1)
-	rw_files_pattern($1, samba_etc_t, samba_etc_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	and write samba configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`samba_manage_config',`
-	gen_require(`
-		type samba_etc_t;
-	')
-
-	files_search_etc($1)
-	manage_dirs_pattern($1, samba_etc_t, samba_etc_t)
-	manage_files_pattern($1, samba_etc_t, samba_etc_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read samba's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`samba_read_log',`
-	gen_require(`
-		type samba_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 samba_log_t:dir list_dir_perms;
-	read_files_pattern($1, samba_log_t, samba_log_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to append to samba's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`samba_append_log',`
-	gen_require(`
-		type samba_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 samba_log_t:dir list_dir_perms;
-	allow $1 samba_log_t:file append_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute samba log in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`samba_exec_log',`
-	gen_require(`
-		type samba_log_t;
-	')
-
-	logging_search_logs($1)
-	can_exec($1, samba_log_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read samba's secrets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`samba_read_secrets',`
-	gen_require(`
-		type samba_secrets_t;
-	')
-
-	files_search_etc($1)
-	allow $1 samba_secrets_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read samba's shares
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`samba_read_share_files',`
-	gen_require(`
-		type samba_share_t;
-	')
-
-	allow $1 samba_share_t:filesystem getattr;
-	read_files_pattern($1, samba_share_t, samba_share_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to search
-##	samba /var directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`samba_search_var',`
-	gen_require(`
-		type samba_var_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 samba_var_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to
-##	read samba /var files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`samba_read_var_files',`
-	gen_require(`
-		type samba_var_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, samba_var_t, samba_var_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write samba
-##	/var files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`samba_dontaudit_write_var_files',`
-	gen_require(`
-		type samba_var_t;
-	')
-
-	dontaudit $1 samba_var_t:file write;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to
-##	read and write samba /var files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`samba_rw_var_files',`
-	gen_require(`
-		type samba_var_t;
-	')
-
-	files_search_var_lib($1)
-	rw_files_pattern($1, samba_var_t, samba_var_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to
-##	read and write samba /var files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`samba_manage_var_files',`
-	gen_require(`
-		type samba_var_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, samba_var_t, samba_var_t)
-	manage_lnk_files_pattern($1, samba_var_t, samba_var_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run smbcontrol.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`samba_domtrans_smbcontrol',`
-	gen_require(`
-		type smbcontrol_t, smbcontrol_exec_t;
-	')
-
-	domtrans_pattern($1, smbcontrol_exec_t, smbcontrol_t)
-')
-
-########################################
-## <summary>
-##	Execute smbcontrol in the smbcontrol domain, and
-##	allow the specified role the smbcontrol domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`samba_run_smbcontrol',`
-	gen_require(`
-		type smbcontrol_t;
-	')
-
-	samba_domtrans_smbcontrol($1)
-	role $2 types smbcontrol_t;
-')
-
-########################################
-## <summary>
-##	Execute smbd in the smbd_t domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`samba_domtrans_smbd',`
-	gen_require(`
-		type smbd_t, smbd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, smbd_exec_t, smbd_t)
-')
-
-######################################
-## <summary>
-##	Allow domain to signal samba
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`samba_signal_smbd',`
-	gen_require(`
-		type smbd_t;
-	')
-	allow $1 smbd_t:process signal;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to use file descriptors from samba.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`samba_dontaudit_use_fds',`
-	gen_require(`
-		type smbd_t;
-	')
-
-	dontaudit $1 smbd_t:fd use; 
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to write to smbmount tcp sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`samba_write_smbmount_tcp_sockets',`
-	gen_require(`
-		type smbmount_t;
-	')
-
-	allow $1 smbmount_t:tcp_socket write;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read and write to smbmount tcp sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`samba_rw_smbmount_tcp_sockets',`
-	gen_require(`
-		type smbmount_t;
-	')
-
-	allow $1 smbmount_t:tcp_socket { read write };
-')
-
-########################################
-## <summary>
-##	Execute winbind_helper in the winbind_helper domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`samba_domtrans_winbind_helper',`
-	gen_require(`
-		type winbind_helper_t, winbind_helper_exec_t;
-	')
-
-	domtrans_pattern($1, winbind_helper_exec_t, winbind_helper_t)
-	allow $1 winbind_helper_t:process signal;
-')
-
-########################################
-## <summary>
-##	Execute winbind_helper in the winbind_helper domain, and
-##	allow the specified role the winbind_helper domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`samba_run_winbind_helper',`
-	gen_require(`
-		type winbind_helper_t;
-	')
-
-	samba_domtrans_winbind_helper($1)
-	role $2 types winbind_helper_t;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read the winbind pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`samba_read_winbind_pid',`
-	gen_require(`
-		type winbind_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 winbind_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Connect to winbind.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`samba_stream_connect_winbind',`
-	gen_require(`
-		type samba_var_t, winbind_t, winbind_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 samba_var_t:dir search_dir_perms;
-	stream_connect_pattern($1, winbind_var_run_t, winbind_var_run_t, winbind_t)
-
-	ifndef(`distro_redhat',`
-		gen_require(`
-			type winbind_tmp_t;
-		')
-
-		# the default for the socket is (poorly named):
-		# /tmp/.winbindd/pipe
-		files_search_tmp($1)
-		stream_connect_pattern($1, winbind_tmp_t, winbind_tmp_t, winbind_t)
-	')
-')
-
-########################################
-## <summary>
-##	Create a set of derived types for apache
-##	web content.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	The prefix to be used for deriving type names.
-##	</summary>
-## </param>
-#
-template(`samba_helper_template',`
-	gen_require(`
-		type smbd_t;
-		role system_r;
-	')
-
-	#This type is for samba helper scripts
-	type samba_$1_script_t;
-	domain_type(samba_$1_script_t)
-	role system_r types samba_$1_script_t;
-
-	# This type is used for executable scripts files
-	type samba_$1_script_exec_t;
-	corecmd_shell_entry_type(samba_$1_script_t)
-	domain_entry_file(samba_$1_script_t, samba_$1_script_exec_t)
-
-	domtrans_pattern(smbd_t, samba_$1_script_exec_t, samba_$1_script_t)
-	allow smbd_t samba_$1_script_exec_t:file ioctl;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an samba environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the samba domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`samba_admin',`
-	gen_require(`
-		type nmbd_t, nmbd_var_run_t, smbd_var_run_t;
-		type smbd_t, smbd_tmp_t, samba_secrets_t;
-		type samba_initrc_exec_t, samba_log_t, samba_var_t;
-		type samba_etc_t, samba_share_t, winbind_log_t;
-		type swat_var_run_t, swat_tmp_t, samba_unconfined_script_exec_t;
-		type winbind_var_run_t, winbind_tmp_t, samba_unconfined_script_t;
-	')
-
-	allow $1 smbd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, smbd_t)
-
-	allow $1 nmbd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, nmbd_t)
-
-	allow $1 samba_unconfined_script_t:process { ptrace signal_perms };
-	ps_process_pattern($1, samba_unconfined_script_t)
-
-	samba_run_smbcontrol($1, $2, $3)
-	samba_run_winbind_helper($1, $2, $3)
-	samba_run_smbmount($1, $2, $3)
-	samba_run_net($1, $2, $3)
-
-	init_labeled_script_domtrans($1, samba_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 samba_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	admin_pattern($1, nmbd_var_run_t)
-
-	admin_pattern($1, samba_etc_t)
-	files_list_etc($1)
-
-	admin_pattern($1, samba_log_t)
-	logging_list_logs($1)
-
-	admin_pattern($1, samba_secrets_t)
-
-	admin_pattern($1, samba_share_t)
-
-	admin_pattern($1, samba_var_t)
-	files_list_var($1)
-
-	admin_pattern($1, smbd_var_run_t)
-	files_list_pids($1)
-
-	admin_pattern($1, smbd_tmp_t)
-	files_list_tmp($1)
-
-	admin_pattern($1, swat_var_run_t)
-
-	admin_pattern($1, swat_tmp_t)
-
-	admin_pattern($1, winbind_log_t)
-
-	admin_pattern($1, winbind_tmp_t)
-
-	admin_pattern($1, winbind_var_run_t)
-	admin_pattern($1, samba_unconfined_script_exec_t)
-')
diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te
deleted file mode 100644
index 6e627d6..0000000
--- a/policy/modules/services/samba.te
+++ /dev/null
@@ -1,957 +0,0 @@
-policy_module(samba, 1.13.0)
-
-#################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Allow samba to modify public files used for public file
-## transfer services.  Files/Directories must be labeled
-## public_content_rw_t.
-## </p>
-## </desc>
-gen_tunable(allow_smbd_anon_write, false)
-
-## <desc>
-## <p>
-## Allow samba to create new home directories (e.g. via PAM)
-## </p>
-## </desc>
-gen_tunable(samba_create_home_dirs, false)
-
-## <desc>
-## <p>
-## Allow samba to act as the domain controller, add users,
-## groups and change passwords.
-## 
-## </p>
-## </desc>
-gen_tunable(samba_domain_controller, false)
-
-## <desc>
-## <p>
-## Allow samba to share users home directories.
-## </p>
-## </desc>
-gen_tunable(samba_enable_home_dirs, false)
-
-## <desc>
-## <p>
-## Allow samba to share any file/directory read only.
-## </p>
-## </desc>
-gen_tunable(samba_export_all_ro, false)
-
-## <desc>
-## <p>
-## Allow samba to share any file/directory read/write.
-## </p>
-## </desc>
-gen_tunable(samba_export_all_rw, false)
-
-## <desc>
-## <p>
-## Allow samba to run unconfined scripts
-## </p>
-## </desc>
-gen_tunable(samba_run_unconfined, false)
-
-## <desc>
-## <p>
-## Allow samba to export NFS volumes.
-## </p>
-## </desc>
-gen_tunable(samba_share_nfs, false)
-
-## <desc>
-## <p>
-## Allow samba to export ntfs/fusefs volumes.
-## </p>
-## </desc>
-gen_tunable(samba_share_fusefs, false)
-
-type nmbd_t;
-type nmbd_exec_t;
-init_daemon_domain(nmbd_t, nmbd_exec_t)
-
-type nmbd_var_run_t;
-files_pid_file(nmbd_var_run_t)
-
-type samba_etc_t;
-files_config_file(samba_etc_t)
-
-type samba_initrc_exec_t;
-init_script_file(samba_initrc_exec_t)
-
-type samba_log_t;
-logging_log_file(samba_log_t)
-
-type samba_net_t;
-type samba_net_exec_t;
-application_domain(samba_net_t, samba_net_exec_t)
-role system_r types samba_net_t;
-
-type samba_net_tmp_t;
-files_tmp_file(samba_net_tmp_t)
-
-type samba_secrets_t;
-files_type(samba_secrets_t)
-
-type samba_share_t; # customizable
-files_type(samba_share_t)
-
-type samba_var_t;
-files_type(samba_var_t)
-
-type smbcontrol_t;
-type smbcontrol_exec_t;
-application_domain(smbcontrol_t, smbcontrol_exec_t)
-role system_r types smbcontrol_t;
-
-type smbd_t;
-type smbd_exec_t;
-init_daemon_domain(smbd_t, smbd_exec_t)
-
-type smbd_tmp_t;
-files_tmp_file(smbd_tmp_t)
-
-type smbd_var_run_t;
-files_pid_file(smbd_var_run_t)
-
-type smbmount_t;
-domain_type(smbmount_t)
-
-type smbmount_exec_t;
-domain_entry_file(smbmount_t, smbmount_exec_t)
-
-type swat_t;
-type swat_exec_t;
-domain_type(swat_t)
-domain_entry_file(swat_t, swat_exec_t)
-role system_r types swat_t;
-
-type swat_tmp_t;
-files_tmp_file(swat_tmp_t)
-
-type swat_var_run_t;
-files_pid_file(swat_var_run_t)
-
-type winbind_t;
-type winbind_exec_t;
-init_daemon_domain(winbind_t, winbind_exec_t)
-
-type winbind_helper_t;
-domain_type(winbind_helper_t)
-role system_r types winbind_helper_t;
-
-type winbind_helper_exec_t;
-domain_entry_file(winbind_helper_t, winbind_helper_exec_t)
-
-type winbind_log_t;
-logging_log_file(winbind_log_t)
-
-type winbind_var_run_t;
-files_pid_file(winbind_var_run_t)
-
-########################################
-#
-# Samba net local policy
-#
-allow samba_net_t self:capability { sys_chroot sys_nice dac_read_search dac_override };
-allow samba_net_t self:process { getsched setsched };
-allow samba_net_t self:unix_dgram_socket create_socket_perms;
-allow samba_net_t self:unix_stream_socket create_stream_socket_perms;
-allow samba_net_t self:udp_socket create_socket_perms;
-allow samba_net_t self:tcp_socket create_socket_perms;
-
-allow samba_net_t samba_etc_t:file read_file_perms;
-
-manage_files_pattern(samba_net_t, samba_etc_t, samba_secrets_t)
-filetrans_pattern(samba_net_t, samba_etc_t, samba_secrets_t, file)
-
-manage_dirs_pattern(samba_net_t, samba_net_tmp_t, samba_net_tmp_t)
-manage_files_pattern(samba_net_t, samba_net_tmp_t, samba_net_tmp_t)
-files_tmp_filetrans(samba_net_t, samba_net_tmp_t, { file dir })
-
-manage_dirs_pattern(samba_net_t, samba_var_t, samba_var_t)
-manage_files_pattern(samba_net_t, samba_var_t, samba_var_t)
-manage_lnk_files_pattern(samba_net_t, samba_var_t, samba_var_t)
-
-kernel_read_proc_symlinks(samba_net_t)
-kernel_read_system_state(samba_net_t)
-
-corenet_all_recvfrom_unlabeled(samba_net_t)
-corenet_all_recvfrom_netlabel(samba_net_t)
-corenet_tcp_sendrecv_generic_if(samba_net_t)
-corenet_udp_sendrecv_generic_if(samba_net_t)
-corenet_raw_sendrecv_generic_if(samba_net_t)
-corenet_tcp_sendrecv_generic_node(samba_net_t)
-corenet_udp_sendrecv_generic_node(samba_net_t)
-corenet_raw_sendrecv_generic_node(samba_net_t)
-corenet_tcp_sendrecv_all_ports(samba_net_t)
-corenet_udp_sendrecv_all_ports(samba_net_t)
-corenet_tcp_bind_generic_node(samba_net_t)
-corenet_udp_bind_generic_node(samba_net_t)
-corenet_tcp_connect_smbd_port(samba_net_t)
-
-dev_read_urand(samba_net_t)
-
-domain_use_interactive_fds(samba_net_t)
-
-files_read_etc_files(samba_net_t)
-files_read_usr_symlinks(samba_net_t)
-
-auth_use_nsswitch(samba_net_t)
-auth_manage_cache(samba_net_t)
-
-logging_send_syslog_msg(samba_net_t)
-
-miscfiles_read_localization(samba_net_t) 
-
-samba_read_var_files(samba_net_t)
-
-userdom_use_user_terminals(samba_net_t)
-userdom_list_user_home_dirs(samba_net_t)
-
-optional_policy(`
-	pcscd_read_pub_files(samba_net_t)
-')
-
-optional_policy(`
-	kerberos_use(samba_net_t)
-')
-
-########################################
-#
-# smbd Local policy
-#
-allow smbd_t self:capability { chown fowner kill setgid setuid sys_nice sys_admin sys_resource lease dac_override dac_read_search };
-dontaudit smbd_t self:capability sys_tty_config;
-allow smbd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow smbd_t self:process setrlimit;
-allow smbd_t self:fd use;
-allow smbd_t self:fifo_file rw_fifo_file_perms;
-allow smbd_t self:msg { send receive };
-allow smbd_t self:msgq create_msgq_perms;
-allow smbd_t self:sem create_sem_perms;
-allow smbd_t self:shm create_shm_perms;
-allow smbd_t self:sock_file read_sock_file_perms;
-allow smbd_t self:tcp_socket create_stream_socket_perms;
-allow smbd_t self:udp_socket create_socket_perms;
-allow smbd_t self:unix_dgram_socket { create_socket_perms sendto };
-allow smbd_t self:unix_stream_socket { create_stream_socket_perms connectto };
-
-allow smbd_t nmbd_t:process { signal signull };
-
-allow smbd_t nmbd_var_run_t:file rw_file_perms;
-
-allow smbd_t samba_etc_t:file { rw_file_perms setattr };
-
-manage_dirs_pattern(smbd_t, samba_log_t, samba_log_t)
-manage_files_pattern(smbd_t, samba_log_t, samba_log_t)
-
-allow smbd_t samba_net_tmp_t:file getattr;
-
-manage_files_pattern(smbd_t, samba_secrets_t, samba_secrets_t)
-filetrans_pattern(smbd_t, samba_etc_t, samba_secrets_t, file)
-
-manage_dirs_pattern(smbd_t, samba_share_t, samba_share_t)
-manage_files_pattern(smbd_t, samba_share_t, samba_share_t)
-manage_lnk_files_pattern(smbd_t, samba_share_t, samba_share_t)
-allow smbd_t samba_share_t:filesystem { getattr quotaget };
-
-manage_dirs_pattern(smbd_t, samba_var_t, samba_var_t)
-manage_files_pattern(smbd_t, samba_var_t, samba_var_t)
-manage_lnk_files_pattern(smbd_t, samba_var_t, samba_var_t)
-manage_sock_files_pattern(smbd_t, samba_var_t, samba_var_t)
-
-allow smbd_t smbcontrol_t:process { signal signull };
-
-manage_dirs_pattern(smbd_t, smbd_tmp_t, smbd_tmp_t)
-manage_files_pattern(smbd_t, smbd_tmp_t, smbd_tmp_t)
-files_tmp_filetrans(smbd_t, smbd_tmp_t, { file dir })
-
-manage_dirs_pattern(smbd_t, smbd_var_run_t, smbd_var_run_t)
-manage_files_pattern(smbd_t, smbd_var_run_t, smbd_var_run_t)
-manage_sock_files_pattern(smbd_t, smbd_var_run_t, smbd_var_run_t)
-files_pid_filetrans(smbd_t, smbd_var_run_t, { dir file })
-
-allow smbd_t swat_t:process signal;
-
-allow smbd_t winbind_var_run_t:sock_file rw_sock_file_perms;
-
-allow smbd_t winbind_t:process { signal signull };
-
-kernel_getattr_core_if(smbd_t)
-kernel_getattr_message_if(smbd_t)
-kernel_read_network_state(smbd_t)
-kernel_read_fs_sysctls(smbd_t)
-kernel_read_kernel_sysctls(smbd_t)
-kernel_read_software_raid_state(smbd_t)
-kernel_read_system_state(smbd_t)
-
-corecmd_exec_shell(smbd_t)
-corecmd_exec_bin(smbd_t)
-
-corenet_all_recvfrom_unlabeled(smbd_t)
-corenet_all_recvfrom_netlabel(smbd_t)
-corenet_tcp_sendrecv_generic_if(smbd_t)
-corenet_udp_sendrecv_generic_if(smbd_t)
-corenet_raw_sendrecv_generic_if(smbd_t)
-corenet_tcp_sendrecv_generic_node(smbd_t)
-corenet_udp_sendrecv_generic_node(smbd_t)
-corenet_raw_sendrecv_generic_node(smbd_t)
-corenet_tcp_sendrecv_all_ports(smbd_t)
-corenet_udp_sendrecv_all_ports(smbd_t)
-corenet_tcp_bind_generic_node(smbd_t)
-corenet_udp_bind_generic_node(smbd_t)
-corenet_tcp_bind_smbd_port(smbd_t)
-corenet_tcp_connect_ipp_port(smbd_t)
-corenet_tcp_connect_smbd_port(smbd_t)
-
-dev_read_sysfs(smbd_t)
-dev_read_urand(smbd_t)
-dev_getattr_mtrr_dev(smbd_t)
-dev_dontaudit_getattr_usbfs_dirs(smbd_t)
-# For redhat bug 566984
-dev_getattr_all_blk_files(smbd_t)
-dev_getattr_all_chr_files(smbd_t)
-
-fs_getattr_all_fs(smbd_t)
-fs_getattr_all_dirs(smbd_t)
-fs_get_xattr_fs_quotas(smbd_t)
-fs_search_auto_mountpoints(smbd_t)
-fs_getattr_rpc_dirs(smbd_t)
-fs_list_inotifyfs(smbd_t)
-fs_get_all_fs_quotas(smbd_t)
-
-auth_use_nsswitch(smbd_t)
-auth_domtrans_chk_passwd(smbd_t)
-auth_domtrans_upd_passwd(smbd_t)
-auth_manage_cache(smbd_t)
-
-domain_use_interactive_fds(smbd_t)
-domain_dontaudit_list_all_domains_state(smbd_t)
-
-files_list_var_lib(smbd_t)
-files_read_etc_files(smbd_t)
-files_read_etc_runtime_files(smbd_t)
-files_read_usr_files(smbd_t)
-files_search_spool(smbd_t)
-# smbd seems to getattr all mountpoints
-files_dontaudit_getattr_all_dirs(smbd_t)
-files_dontaudit_list_all_mountpoints(smbd_t)
-# Allow samba to list mnt_t for potential mounted dirs
-files_list_mnt(smbd_t)
-
-init_rw_utmp(smbd_t)
-
-logging_search_logs(smbd_t)
-logging_send_syslog_msg(smbd_t)
-
-miscfiles_read_localization(smbd_t)
-miscfiles_read_public_files(smbd_t)
-
-userdom_use_unpriv_users_fds(smbd_t)
-userdom_search_user_home_content(smbd_t)
-userdom_signal_all_users(smbd_t)
-
-usermanage_read_crack_db(smbd_t)
-
-term_use_ptmx(smbd_t)
-
-ifdef(`hide_broken_symptoms', `
-	files_dontaudit_getattr_default_dirs(smbd_t)
-	files_dontaudit_getattr_boot_dirs(smbd_t)
-	fs_dontaudit_getattr_tmpfs_dirs(smbd_t)
-')
-
-tunable_policy(`allow_smbd_anon_write',`
-	miscfiles_manage_public_files(smbd_t)
-') 
-
-tunable_policy(`samba_domain_controller',`
-	gen_require(`
-		class passwd passwd;
-	')
-
-	usermanage_domtrans_passwd(smbd_t)
-	usermanage_kill_passwd(smbd_t)
-	usermanage_domtrans_useradd(smbd_t)
-	usermanage_domtrans_groupadd(smbd_t)
-	allow smbd_t self:passwd passwd;
-')
-
-tunable_policy(`samba_enable_home_dirs',`
-	userdom_manage_user_home_content(smbd_t)
-')
-
-# Support Samba sharing of NFS mount points
-tunable_policy(`samba_share_nfs',`
-	fs_manage_nfs_dirs(smbd_t)
-	fs_manage_nfs_files(smbd_t)
-	fs_manage_nfs_symlinks(smbd_t)
-	fs_manage_nfs_named_pipes(smbd_t)
-	fs_manage_nfs_named_sockets(smbd_t)
-')
-
-# Support Samba sharing of ntfs/fusefs mount points
-tunable_policy(`samba_share_fusefs',`
-	fs_manage_fusefs_dirs(smbd_t)
-	fs_manage_fusefs_files(smbd_t)
-',`
-	fs_search_fusefs(smbd_t)
-')
-
-
-optional_policy(`
-	cups_read_rw_config(smbd_t)
-	cups_stream_connect(smbd_t)
-')
-
-optional_policy(`
-	kerberos_use(smbd_t)
-	kerberos_keytab_template(smbd, smbd_t)
-')
-
-optional_policy(`
-	lpd_exec_lpr(smbd_t)
-')
-
-optional_policy(`
-	qemu_manage_tmp_dirs(smbd_t)
-	qemu_manage_tmp_files(smbd_t)
-')
-
-optional_policy(`
-	rpc_search_nfs_state_data(smbd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(smbd_t)
-')
-
-optional_policy(`
-	udev_read_db(smbd_t)
-')
-
-tunable_policy(`samba_create_home_dirs',`
-	allow smbd_t self:capability chown;
-	userdom_create_user_home_dirs(smbd_t)
-')
-userdom_home_filetrans_user_home_dir(smbd_t)
-
-tunable_policy(`samba_export_all_ro',`
-	fs_read_noxattr_fs_files(smbd_t) 
-	auth_read_all_dirs_except_shadow(smbd_t)
-	auth_read_all_files_except_shadow(smbd_t)
-	fs_read_noxattr_fs_files(nmbd_t) 
-	auth_read_all_dirs_except_shadow(nmbd_t)
-	auth_read_all_files_except_shadow(nmbd_t)
-')
-
-tunable_policy(`samba_export_all_rw',`
-	fs_read_noxattr_fs_files(smbd_t) 
-	auth_manage_all_files_except_shadow(smbd_t)
-	fs_read_noxattr_fs_files(nmbd_t) 
-	auth_manage_all_files_except_shadow(nmbd_t)
-')
-userdom_user_home_dir_filetrans_user_home_content(nmbd_t, { file dir })
-
-########################################
-#
-# nmbd Local policy
-#
-
-dontaudit nmbd_t self:capability sys_tty_config;
-allow nmbd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow nmbd_t self:fd use;
-allow nmbd_t self:fifo_file rw_fifo_file_perms;
-allow nmbd_t self:msg { send receive };
-allow nmbd_t self:msgq create_msgq_perms;
-allow nmbd_t self:sem create_sem_perms;
-allow nmbd_t self:shm create_shm_perms;
-allow nmbd_t self:sock_file read_sock_file_perms;
-allow nmbd_t self:tcp_socket create_stream_socket_perms;
-allow nmbd_t self:udp_socket create_socket_perms;
-allow nmbd_t self:unix_dgram_socket { create_socket_perms sendto };
-allow nmbd_t self:unix_stream_socket { create_stream_socket_perms connectto };
-
-manage_dirs_pattern(nmbd_t, nmbd_var_run_t, nmbd_var_run_t)
-manage_files_pattern(nmbd_t, nmbd_var_run_t, nmbd_var_run_t)
-files_pid_filetrans(nmbd_t, nmbd_var_run_t, { dir file })
-
-read_files_pattern(nmbd_t, samba_etc_t, samba_etc_t)
-read_lnk_files_pattern(nmbd_t, samba_etc_t, samba_etc_t)
-
-manage_dirs_pattern(nmbd_t, samba_log_t, samba_log_t)
-manage_files_pattern(nmbd_t, samba_log_t, samba_log_t)
-
-manage_files_pattern(nmbd_t, samba_var_t, samba_var_t)
-
-allow nmbd_t smbcontrol_t:process signal;
-
-allow nmbd_t smbd_var_run_t:dir rw_dir_perms;
-
-kernel_getattr_core_if(nmbd_t)
-kernel_getattr_message_if(nmbd_t)
-kernel_read_kernel_sysctls(nmbd_t)
-kernel_read_network_state(nmbd_t)
-kernel_read_software_raid_state(nmbd_t)
-kernel_read_system_state(nmbd_t)
-
-corenet_all_recvfrom_unlabeled(nmbd_t)
-corenet_all_recvfrom_netlabel(nmbd_t)
-corenet_tcp_sendrecv_generic_if(nmbd_t)
-corenet_udp_sendrecv_generic_if(nmbd_t)
-corenet_tcp_sendrecv_generic_node(nmbd_t)
-corenet_udp_sendrecv_generic_node(nmbd_t)
-corenet_tcp_sendrecv_all_ports(nmbd_t)
-corenet_udp_sendrecv_all_ports(nmbd_t)
-corenet_udp_bind_generic_node(nmbd_t)
-corenet_udp_bind_nmbd_port(nmbd_t)
-corenet_sendrecv_nmbd_server_packets(nmbd_t)
-corenet_sendrecv_nmbd_client_packets(nmbd_t)
-corenet_tcp_connect_smbd_port(nmbd_t)
-
-dev_read_sysfs(nmbd_t)
-dev_getattr_mtrr_dev(nmbd_t)
-
-fs_getattr_all_fs(nmbd_t)
-fs_search_auto_mountpoints(nmbd_t)
-
-domain_use_interactive_fds(nmbd_t)
-
-files_read_usr_files(nmbd_t)
-files_read_etc_files(nmbd_t)
-files_list_var_lib(nmbd_t)
-
-auth_use_nsswitch(nmbd_t)
-
-logging_search_logs(nmbd_t)
-logging_send_syslog_msg(nmbd_t)
-
-miscfiles_read_localization(nmbd_t)
-
-userdom_use_unpriv_users_fds(nmbd_t)
-userdom_dontaudit_search_user_home_dirs(nmbd_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(nmbd_t)
-')
-
-optional_policy(`
-	udev_read_db(nmbd_t)
-')
-
-########################################
-#
-# smbcontrol local policy
-#
-
-# internal communication is often done using fifo and unix sockets.
-allow smbcontrol_t self:fifo_file rw_file_perms;
-allow smbcontrol_t self:unix_stream_socket create_stream_socket_perms;
-
-allow smbcontrol_t nmbd_t:process { signal signull };
-read_files_pattern(smbcontrol_t, nmbd_var_run_t, nmbd_var_run_t)
-
-allow smbcontrol_t smbd_t:process { signal signull };
-read_files_pattern(smbcontrol_t, smbd_var_run_t, smbd_var_run_t)
-allow smbcontrol_t winbind_t:process { signal signull };
-
-files_search_var_lib(smbcontrol_t)
-samba_read_config(smbcontrol_t)
-samba_rw_var_files(smbcontrol_t)
-samba_search_var(smbcontrol_t)
-samba_read_winbind_pid(smbcontrol_t)
-
-domain_use_interactive_fds(smbcontrol_t)
-
-files_read_etc_files(smbcontrol_t)
-
-miscfiles_read_localization(smbcontrol_t)
-
-userdom_use_user_terminals(smbcontrol_t)
-
-########################################
-#
-# smbmount Local policy
-#
-
-allow smbmount_t self:capability { sys_rawio sys_admin dac_override chown }; # FIXME: is all of this really necessary?
-allow smbmount_t self:process { fork signal_perms };
-allow smbmount_t self:tcp_socket create_stream_socket_perms;
-allow smbmount_t self:udp_socket connect;
-allow smbmount_t self:unix_dgram_socket create_socket_perms;
-allow smbmount_t self:unix_stream_socket create_socket_perms;
-
-allow smbmount_t samba_etc_t:dir list_dir_perms;
-allow smbmount_t samba_etc_t:file read_file_perms;
-
-can_exec(smbmount_t, smbmount_exec_t)
-
-allow smbmount_t samba_log_t:dir list_dir_perms; 
-allow smbmount_t samba_log_t:file manage_file_perms;
-
-allow smbmount_t samba_secrets_t:file manage_file_perms;
-
-manage_files_pattern(smbmount_t, samba_var_t, samba_var_t)
-manage_lnk_files_pattern(smbmount_t, samba_var_t, samba_var_t)
-files_list_var_lib(smbmount_t)
-
-kernel_read_system_state(smbmount_t)
-
-corenet_all_recvfrom_unlabeled(smbmount_t)
-corenet_all_recvfrom_netlabel(smbmount_t)
-corenet_tcp_sendrecv_generic_if(smbmount_t)
-corenet_raw_sendrecv_generic_if(smbmount_t)
-corenet_udp_sendrecv_generic_if(smbmount_t)
-corenet_tcp_sendrecv_generic_node(smbmount_t)
-corenet_raw_sendrecv_generic_node(smbmount_t)
-corenet_udp_sendrecv_generic_node(smbmount_t)
-corenet_tcp_sendrecv_all_ports(smbmount_t)
-corenet_udp_sendrecv_all_ports(smbmount_t)
-corenet_tcp_bind_generic_node(smbmount_t)
-corenet_udp_bind_generic_node(smbmount_t)
-corenet_tcp_connect_all_ports(smbmount_t)
-
-fs_getattr_cifs(smbmount_t)
-fs_mount_cifs(smbmount_t)
-fs_remount_cifs(smbmount_t)
-fs_unmount_cifs(smbmount_t)
-fs_list_cifs(smbmount_t)
-fs_read_cifs_files(smbmount_t)
-
-storage_raw_read_fixed_disk(smbmount_t)
-storage_raw_write_fixed_disk(smbmount_t)
-
-corecmd_list_bin(smbmount_t)
-
-files_list_mnt(smbmount_t)
-files_mounton_mnt(smbmount_t)
-files_manage_etc_runtime_files(smbmount_t)
-files_etc_filetrans_etc_runtime(smbmount_t, file)
-files_read_etc_files(smbmount_t)
-
-auth_use_nsswitch(smbmount_t)
-
-miscfiles_read_localization(smbmount_t)
-
-mount_use_fds(smbmount_t)
-
-locallogin_use_fds(smbmount_t)
-
-logging_search_logs(smbmount_t)
-
-userdom_use_user_terminals(smbmount_t)
-userdom_use_all_users_fds(smbmount_t)
-
-optional_policy(`
-	cups_read_rw_config(smbmount_t)
-')
-
-########################################
-#
-# SWAT Local policy
-#
-
-allow swat_t self:capability { dac_override setuid setgid sys_resource };
-allow swat_t self:process { setrlimit signal_perms };
-allow swat_t self:fifo_file rw_fifo_file_perms;
-allow swat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-allow swat_t self:tcp_socket create_stream_socket_perms;
-allow swat_t self:udp_socket create_socket_perms;
-allow swat_t self:unix_stream_socket connectto;
-
-samba_domtrans_smbd(swat_t)
-allow swat_t smbd_t:process { signal signull };
-
-samba_domtrans_nmbd(swat_t)
-allow swat_t nmbd_t:process { signal signull };
-allow nmbd_t swat_t:process signal;
-
-allow swat_t nmbd_var_run_t:file read_file_perms;
-
-allow swat_t smbd_port_t:tcp_socket name_bind;
-
-allow swat_t nmbd_port_t:udp_socket name_bind;
-
-rw_files_pattern(swat_t, samba_etc_t, samba_etc_t)
-read_lnk_files_pattern(swat_t, samba_etc_t, samba_etc_t)
-
-manage_dirs_pattern(swat_t, samba_log_t, samba_log_t)
-manage_files_pattern(swat_t, samba_log_t, samba_log_t)
-
-manage_files_pattern(swat_t, samba_etc_t, samba_secrets_t)
-
-manage_files_pattern(swat_t, samba_var_t, samba_var_t)
-files_list_var_lib(swat_t)
-
-allow swat_t smbd_exec_t:file mmap_file_perms ;
-
-allow swat_t smbd_t:process signull;
-
-allow swat_t smbd_var_run_t:file read_file_perms;
-allow swat_t smbd_var_run_t:file { lock unlink };
-
-manage_dirs_pattern(swat_t, swat_tmp_t, swat_tmp_t)
-manage_files_pattern(swat_t, swat_tmp_t, swat_tmp_t)
-files_tmp_filetrans(swat_t, swat_tmp_t, { file dir })
-
-manage_files_pattern(swat_t, swat_var_run_t, swat_var_run_t)
-files_pid_filetrans(swat_t, swat_var_run_t, file)
-
-allow swat_t winbind_exec_t:file mmap_file_perms;
-domtrans_pattern(swat_t, winbind_exec_t, winbind_t)
-allow swat_t winbind_t:process { signal signull };
-
-read_files_pattern(swat_t, winbind_var_run_t, winbind_var_run_t)
-allow swat_t winbind_var_run_t:dir { write add_name remove_name };
-allow swat_t winbind_var_run_t:sock_file { create unlink };
-
-kernel_read_kernel_sysctls(swat_t)
-kernel_read_system_state(swat_t)
-kernel_read_network_state(swat_t)
-
-corecmd_search_bin(swat_t)
-
-corenet_all_recvfrom_unlabeled(swat_t)
-corenet_all_recvfrom_netlabel(swat_t)
-corenet_tcp_sendrecv_generic_if(swat_t)
-corenet_udp_sendrecv_generic_if(swat_t)
-corenet_raw_sendrecv_generic_if(swat_t)
-corenet_tcp_sendrecv_generic_node(swat_t)
-corenet_udp_sendrecv_generic_node(swat_t)
-corenet_raw_sendrecv_generic_node(swat_t)
-corenet_tcp_sendrecv_all_ports(swat_t)
-corenet_udp_sendrecv_all_ports(swat_t)
-corenet_tcp_connect_smbd_port(swat_t)
-corenet_tcp_connect_ipp_port(swat_t)
-corenet_sendrecv_smbd_client_packets(swat_t)
-corenet_sendrecv_ipp_client_packets(swat_t)
-
-dev_read_urand(swat_t)
-
-files_list_var_lib(swat_t)
-files_read_etc_files(swat_t)
-files_search_home(swat_t)
-files_read_usr_files(swat_t)
-fs_getattr_xattr_fs(swat_t)
-
-auth_domtrans_chk_passwd(swat_t)
-auth_use_nsswitch(swat_t)
-
-init_read_utmp(swat_t)
-init_dontaudit_write_utmp(swat_t)
-
-logging_send_syslog_msg(swat_t)
-logging_send_audit_msgs(swat_t)
-logging_search_logs(swat_t)
-
-miscfiles_read_localization(swat_t)
-
-userdom_dontaudit_search_admin_dir(swat_t)
-
-optional_policy(`
-	cups_read_rw_config(swat_t)
-	cups_stream_connect(swat_t)
-')
-
-optional_policy(`
-	inetd_service_domain(swat_t, swat_exec_t)
-')
-
-optional_policy(`
-	kerberos_use(swat_t)
-')
-
-########################################
-#
-# Winbind local policy
-#
-
-allow winbind_t self:capability { dac_override ipc_lock setuid sys_nice };
-dontaudit winbind_t self:capability sys_tty_config;
-allow winbind_t self:process { signal_perms getsched setsched };
-allow winbind_t self:fifo_file rw_fifo_file_perms;
-allow winbind_t self:unix_dgram_socket create_socket_perms;
-allow winbind_t self:unix_stream_socket create_stream_socket_perms;
-allow winbind_t self:tcp_socket create_stream_socket_perms;
-allow winbind_t self:udp_socket create_socket_perms;
-
-allow winbind_t nmbd_t:process { signal signull };
-
-allow winbind_t nmbd_var_run_t:file read_file_perms;
-
-allow winbind_t samba_etc_t:dir list_dir_perms;
-read_files_pattern(winbind_t, samba_etc_t, samba_etc_t)
-read_lnk_files_pattern(winbind_t, samba_etc_t, samba_etc_t)
-
-manage_files_pattern(winbind_t, samba_etc_t, samba_secrets_t)
-filetrans_pattern(winbind_t, samba_etc_t, samba_secrets_t, file)
-
-manage_dirs_pattern(winbind_t, samba_log_t, samba_log_t)
-manage_files_pattern(winbind_t, samba_log_t, samba_log_t)
-manage_lnk_files_pattern(winbind_t, samba_log_t, samba_log_t)
-
-manage_dirs_pattern(winbind_t, samba_var_t, samba_var_t)
-manage_files_pattern(winbind_t, samba_var_t, samba_var_t)
-manage_lnk_files_pattern(winbind_t, samba_var_t, samba_var_t)
-files_list_var_lib(winbind_t)
-
-rw_files_pattern(winbind_t, smbd_tmp_t, smbd_tmp_t)
-
-allow winbind_t winbind_log_t:file manage_file_perms;
-logging_log_filetrans(winbind_t, winbind_log_t, file)
-
-userdom_manage_user_tmp_dirs(winbind_t)
-userdom_manage_user_tmp_files(winbind_t)
-userdom_tmp_filetrans_user_tmp(winbind_t, { file dir })
-
-manage_dirs_pattern(winbind_t, winbind_var_run_t, winbind_var_run_t)
-manage_files_pattern(winbind_t, winbind_var_run_t, winbind_var_run_t)
-manage_sock_files_pattern(winbind_t, winbind_var_run_t, winbind_var_run_t)
-files_pid_filetrans(winbind_t, winbind_var_run_t, { file dir })
-
-kernel_read_kernel_sysctls(winbind_t)
-kernel_read_system_state(winbind_t)
-
-corecmd_exec_bin(winbind_t)
-
-corenet_all_recvfrom_unlabeled(winbind_t)
-corenet_all_recvfrom_netlabel(winbind_t)
-corenet_tcp_sendrecv_generic_if(winbind_t)
-corenet_udp_sendrecv_generic_if(winbind_t)
-corenet_raw_sendrecv_generic_if(winbind_t)
-corenet_tcp_sendrecv_generic_node(winbind_t)
-corenet_udp_sendrecv_generic_node(winbind_t)
-corenet_raw_sendrecv_generic_node(winbind_t)
-corenet_tcp_sendrecv_all_ports(winbind_t)
-corenet_udp_sendrecv_all_ports(winbind_t)
-corenet_tcp_bind_generic_node(winbind_t)
-corenet_udp_bind_generic_node(winbind_t)
-corenet_tcp_connect_smbd_port(winbind_t)
-corenet_tcp_connect_smbd_port(winbind_t)
-corenet_tcp_connect_epmap_port(winbind_t)
-corenet_tcp_connect_all_unreserved_ports(winbind_t)
-
-dev_read_sysfs(winbind_t)
-dev_read_urand(winbind_t)
-
-fs_getattr_all_fs(winbind_t)
-fs_search_auto_mountpoints(winbind_t)
-
-auth_domtrans_chk_passwd(winbind_t)
-auth_use_nsswitch(winbind_t)
-auth_manage_cache(winbind_t)
-
-domain_use_interactive_fds(winbind_t)
-
-files_read_etc_files(winbind_t)
-files_read_usr_symlinks(winbind_t)
-
-logging_send_syslog_msg(winbind_t)
-
-miscfiles_read_localization(winbind_t)
-
-userdom_dontaudit_use_unpriv_user_fds(winbind_t)
-userdom_manage_user_home_content_dirs(winbind_t)
-userdom_manage_user_home_content_files(winbind_t)
-userdom_manage_user_home_content_symlinks(winbind_t)
-userdom_manage_user_home_content_pipes(winbind_t)
-userdom_manage_user_home_content_sockets(winbind_t)
-userdom_user_home_dir_filetrans_user_home_content(winbind_t, { dir file lnk_file fifo_file sock_file })
-
-optional_policy(`
-	kerberos_use(winbind_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(winbind_t)
-')
-
-optional_policy(`
-	udev_read_db(winbind_t)
-')
-
-########################################
-#
-# Winbind helper local policy
-#
-
-allow winbind_helper_t self:unix_dgram_socket create_socket_perms;
-allow winbind_helper_t self:unix_stream_socket create_stream_socket_perms;
-
-allow winbind_helper_t samba_etc_t:dir list_dir_perms;
-read_files_pattern(winbind_helper_t, samba_etc_t, samba_etc_t)
-read_lnk_files_pattern(winbind_helper_t, samba_etc_t, samba_etc_t)
-
-allow winbind_helper_t samba_var_t:dir search_dir_perms;
-files_list_var_lib(winbind_helper_t)
-
-allow winbind_t smbcontrol_t:process signal;
-
-stream_connect_pattern(winbind_helper_t, winbind_var_run_t, winbind_var_run_t, winbind_t)
-
-term_list_ptys(winbind_helper_t)
-
-domain_use_interactive_fds(winbind_helper_t)
-
-auth_use_nsswitch(winbind_helper_t)
-
-logging_send_syslog_msg(winbind_helper_t)
-
-miscfiles_read_localization(winbind_helper_t) 
-
-userdom_use_user_terminals(winbind_helper_t)
-
-optional_policy(`
-	apache_append_log(winbind_helper_t)
-')
-
-optional_policy(`
-	squid_read_log(winbind_helper_t)
-	squid_append_log(winbind_helper_t)
-	squid_rw_stream_sockets(winbind_helper_t)
-')
-
-########################################
-#
-# samba_unconfined_script_t local policy
-#
-
-optional_policy(`
-	type samba_unconfined_net_t;
-	domain_type(samba_unconfined_net_t)
-	domain_entry_file(samba_unconfined_net_t, samba_net_exec_t)
-	role system_r types samba_unconfined_net_t;
-
-	unconfined_domain(samba_unconfined_net_t)
-
-	manage_files_pattern(samba_unconfined_net_t, samba_etc_t, samba_secrets_t)
-	filetrans_pattern(samba_unconfined_net_t, samba_etc_t, samba_secrets_t, file)
-	userdom_use_user_terminals(samba_unconfined_net_t)
-')
-
-	type samba_unconfined_script_t;
-	type samba_unconfined_script_exec_t;
-	domain_type(samba_unconfined_script_t)
-	domain_entry_file(samba_unconfined_script_t, samba_unconfined_script_exec_t)
-	corecmd_shell_entry_type(samba_unconfined_script_t)
-	role system_r types samba_unconfined_script_t;
-
-	allow smbd_t samba_unconfined_script_exec_t:dir search_dir_perms;
-	allow smbd_t samba_unconfined_script_exec_t:file ioctl;
-
-optional_policy(`
-	unconfined_domain(samba_unconfined_script_t)
-')
-
-	tunable_policy(`samba_run_unconfined',`
-		domtrans_pattern(smbd_t, samba_unconfined_script_exec_t, samba_unconfined_script_t)
-',`
-	can_exec(smbd_t, samba_unconfined_script_exec_t)
-')
diff --git a/policy/modules/services/sasl.fc b/policy/modules/services/sasl.fc
deleted file mode 100644
index ff0ce69..0000000
--- a/policy/modules/services/sasl.fc
+++ /dev/null
@@ -1,11 +0,0 @@
-/etc/rc\.d/init\.d/sasl	--	gen_context(system_u:object_r:saslauthd_initrc_exec_t,s0)
-
-#
-# /usr
-#
-/usr/sbin/saslauthd	--	gen_context(system_u:object_r:saslauthd_exec_t,s0)
-
-#
-# /var
-#
-/var/run/saslauthd(/.*)?	gen_context(system_u:object_r:saslauthd_var_run_t,s0)
diff --git a/policy/modules/services/sasl.if b/policy/modules/services/sasl.if
deleted file mode 100644
index c3ffa9d..0000000
--- a/policy/modules/services/sasl.if
+++ /dev/null
@@ -1,58 +0,0 @@
-## <summary>SASL authentication server</summary>
-
-########################################
-## <summary>
-##	Connect to SASL.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sasl_connect',`
-	gen_require(`
-		type saslauthd_t, saslauthd_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, saslauthd_var_run_t, saslauthd_var_run_t, saslauthd_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an sasl environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`sasl_admin',`
-	gen_require(`
-		type saslauthd_t, saslauthd_tmp_t, saslauthd_var_run_t;
-		type saslauthd_initrc_exec_t;
-	')
-
-	allow $1 saslauthd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, saslauthd_t)
-
-	init_labeled_script_domtrans($1, saslauthd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 saslauthd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, saslauthd_tmp_t)
-
-	files_list_pids($1)
-	admin_pattern($1, saslauthd_var_run_t)
-')
diff --git a/policy/modules/services/sasl.te b/policy/modules/services/sasl.te
deleted file mode 100644
index 87810ec..0000000
--- a/policy/modules/services/sasl.te
+++ /dev/null
@@ -1,114 +0,0 @@
-policy_module(sasl, 1.13.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Allow sasl to read shadow
-## </p>
-## </desc>
-gen_tunable(allow_saslauthd_read_shadow, false)
-
-type saslauthd_t;
-type saslauthd_exec_t;
-init_daemon_domain(saslauthd_t, saslauthd_exec_t)
-
-type saslauthd_initrc_exec_t;
-init_script_file(saslauthd_initrc_exec_t)
-
-type saslauthd_tmp_t;
-files_tmp_file(saslauthd_tmp_t)
-
-type saslauthd_var_run_t;
-files_pid_file(saslauthd_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow saslauthd_t self:capability { setgid setuid };
-dontaudit saslauthd_t self:capability sys_tty_config;
-allow saslauthd_t self:process signal_perms;
-allow saslauthd_t self:fifo_file rw_fifo_file_perms;
-allow saslauthd_t self:unix_dgram_socket create_socket_perms;
-allow saslauthd_t self:unix_stream_socket create_stream_socket_perms;
-allow saslauthd_t self:tcp_socket create_socket_perms;
-
-allow saslauthd_t saslauthd_tmp_t:dir setattr;
-manage_files_pattern(saslauthd_t, saslauthd_tmp_t, saslauthd_tmp_t)
-files_tmp_filetrans(saslauthd_t, saslauthd_tmp_t, file)
-
-manage_dirs_pattern(saslauthd_t, saslauthd_var_run_t, saslauthd_var_run_t)
-manage_files_pattern(saslauthd_t, saslauthd_var_run_t, saslauthd_var_run_t)
-manage_sock_files_pattern(saslauthd_t, saslauthd_var_run_t, saslauthd_var_run_t)
-files_pid_filetrans(saslauthd_t, saslauthd_var_run_t, { file dir })
-
-kernel_read_kernel_sysctls(saslauthd_t)
-kernel_read_system_state(saslauthd_t)
-
-#577519
-corecmd_exec_bin(saslauthd_t)
-
-corenet_all_recvfrom_unlabeled(saslauthd_t)
-corenet_all_recvfrom_netlabel(saslauthd_t)
-corenet_tcp_sendrecv_generic_if(saslauthd_t)
-corenet_tcp_sendrecv_generic_node(saslauthd_t)
-corenet_tcp_sendrecv_all_ports(saslauthd_t)
-corenet_tcp_connect_pop_port(saslauthd_t)
-corenet_sendrecv_pop_client_packets(saslauthd_t)
-
-dev_read_urand(saslauthd_t)
-
-fs_getattr_all_fs(saslauthd_t)
-fs_search_auto_mountpoints(saslauthd_t)
-
-selinux_compute_access_vector(saslauthd_t)
-
-auth_use_pam(saslauthd_t)
-
-domain_use_interactive_fds(saslauthd_t)
-
-files_read_etc_files(saslauthd_t)
-files_dontaudit_read_etc_runtime_files(saslauthd_t)
-files_search_var_lib(saslauthd_t)
-files_dontaudit_getattr_home_dir(saslauthd_t)
-files_dontaudit_getattr_tmp_dirs(saslauthd_t)
-
-init_dontaudit_stream_connect_script(saslauthd_t)
-
-logging_send_syslog_msg(saslauthd_t)
-
-miscfiles_read_localization(saslauthd_t)
-miscfiles_read_generic_certs(saslauthd_t)
-
-seutil_dontaudit_read_config(saslauthd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(saslauthd_t)
-userdom_dontaudit_search_user_home_dirs(saslauthd_t)
-
-# cjp: typeattribute doesnt work in conditionals
-auth_can_read_shadow_passwords(saslauthd_t)
-tunable_policy(`allow_saslauthd_read_shadow',`
-	auth_tunable_read_shadow(saslauthd_t) 
-')
-
-optional_policy(`
-	kerberos_keytab_template(saslauthd, saslauthd_t)
-')
-
-optional_policy(`
-	mysql_search_db(saslauthd_t)
-	mysql_stream_connect(saslauthd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(saslauthd_t)
-')
-
-optional_policy(`
-	udev_read_db(saslauthd_t)
-')
diff --git a/policy/modules/services/sendmail.fc b/policy/modules/services/sendmail.fc
deleted file mode 100644
index ef4199b..0000000
--- a/policy/modules/services/sendmail.fc
+++ /dev/null
@@ -1,8 +0,0 @@
-
-/etc/rc\.d/init\.d/sendmail --  gen_context(system_u:object_r:sendmail_initrc_exec_t,s0)
-
-/var/log/sendmail\.st		--	gen_context(system_u:object_r:sendmail_log_t,s0)
-/var/log/mail(/.*)?			gen_context(system_u:object_r:sendmail_log_t,s0)
-
-/var/run/sendmail\.pid		--	gen_context(system_u:object_r:sendmail_var_run_t,s0)
-/var/run/sm-client\.pid		--	gen_context(system_u:object_r:sendmail_var_run_t,s0)
diff --git a/policy/modules/services/sendmail.if b/policy/modules/services/sendmail.if
deleted file mode 100644
index 5700fb8..0000000
--- a/policy/modules/services/sendmail.if
+++ /dev/null
@@ -1,358 +0,0 @@
-## <summary>Policy for sendmail.</summary>
-
-########################################
-## <summary>
-##	Sendmail stub interface.  No access allowed.
-## </summary>
-## <param name="domain" unused="true">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sendmail_stub',`
-	gen_require(`
-		type sendmail_t;
-	')
-')
-
-########################################
-## <summary>
-##	Allow attempts to read and write to
-##	sendmail unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sendmail_rw_pipes',`
-	gen_require(`
-		type sendmail_t;
-	')
-
-	allow $1 sendmail_t:fifo_file rw_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Domain transition to sendmail.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`sendmail_domtrans',`
-	gen_require(`
-		type sendmail_t;
-	')
-
-	mta_sendmail_domtrans($1, sendmail_t)
-')
-
-#######################################
-## <summary>
-##  Execute sendmail in the sendmail domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sendmail_initrc_domtrans',`
-	gen_require(`
-		type sendmail_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, sendmail_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute the sendmail program in the sendmail domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the sendmail domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`sendmail_run',`
-	gen_require(`
-		type sendmail_t;
-	')
-
-	sendmail_domtrans($1)
-	role $2 types sendmail_t;
-')
-
-########################################
-## <summary>
-##	Send generic signals to sendmail.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sendmail_signal',`
-	gen_require(`
-		type sendmail_t;
-	')
-
-	allow $1 sendmail_t:process signal;
-')
-
-########################################
-## <summary>
-##	Read and write sendmail TCP sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sendmail_rw_tcp_sockets',`
-	gen_require(`
-		type sendmail_t;
-	')
-
-	allow $1 sendmail_t:tcp_socket { read write };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write
-##	sendmail TCP sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`sendmail_dontaudit_rw_tcp_sockets',`
-	gen_require(`
-		type sendmail_t;
-	')
-
-	dontaudit $1 sendmail_t:tcp_socket { read write };
-')
-
-########################################
-## <summary>
-##	Read and write sendmail unix_stream_sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sendmail_rw_unix_stream_sockets',`
-	gen_require(`
-		type sendmail_t;
-	')
-
-	allow $1 sendmail_t:unix_stream_socket rw_socket_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write
-##	sendmail unix_stream_sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`sendmail_dontaudit_rw_unix_stream_sockets',`
-	gen_require(`
-		type sendmail_t;
-	')
-
-	dontaudit $1 sendmail_t:unix_stream_socket rw_socket_perms;
-')
-
-########################################
-## <summary>
-##	Read sendmail logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`sendmail_read_log',`
-	gen_require(`
-		type sendmail_log_t;
-	')
-
-	logging_search_logs($1)
-	read_files_pattern($1, sendmail_log_t, sendmail_log_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete sendmail logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`sendmail_manage_log',`
-	gen_require(`
-		type sendmail_log_t;
-	')
-
-	logging_search_logs($1)
-	manage_files_pattern($1, sendmail_log_t, sendmail_log_t)
-')
-
-########################################
-## <summary>
-##	Create sendmail logs with the correct type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sendmail_create_log',`
-	gen_require(`
-		type sendmail_log_t;
-	')
-
-	logging_log_filetrans($1, sendmail_log_t, file)
-')
-
-########################################
-## <summary>
-##	Manage sendmail tmp files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sendmail_manage_tmp_files',`
-	gen_require(`
-		type sendmail_tmp_t;
-	')
-
-	files_search_tmp($1)
-	manage_files_pattern($1, sendmail_tmp_t, sendmail_tmp_t)
-')
-
-########################################
-## <summary>
-##	Execute sendmail in the unconfined sendmail domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`sendmail_domtrans_unconfined',`
-	gen_require(`
-		type unconfined_sendmail_t;
-	')
-
-	mta_sendmail_domtrans($1, unconfined_sendmail_t)
-')
-
-########################################
-## <summary>
-##	Execute sendmail in the unconfined sendmail domain, and
-##	allow the specified role the unconfined sendmail domain,
-##	and use the caller's terminal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`sendmail_run_unconfined',`
-	gen_require(`
-		type unconfined_sendmail_t;
-	')
-
-	sendmail_domtrans_unconfined($1)
-	role $2 types unconfined_sendmail_t;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an sendmail environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`sendmail_admin',`
-	gen_require(`
-		type sendmail_t, sendmail_initrc_exec_t, sendmail_log_t;
-		type sendmail_tmp_t, sendmail_var_run_t, unconfined_sendmail_t;
-		type mail_spool_t;
-	')
-
-	allow $1 sendmail_t:process { ptrace signal_perms };
-	ps_process_pattern($1, sendmail_t)
-
-	allow $1 unconfined_sendmail_t:process { ptrace signal_perms };
-	ps_process_pattern($1, unconfined_sendmail_t)
-
-	sendmail_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 sendmail_initrc_exec_t system_r;
-
-	logging_list_logs($1)
-	admin_pattern($1, sendmail_log_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, sendmail_tmp_t)
-
-	files_list_pids($1)
-	admin_pattern($1, sendmail_var_run_t)
-
-	files_list_spool($1)
-	admin_pattern($1, mail_spool_t)
-')
diff --git a/policy/modules/services/sendmail.te b/policy/modules/services/sendmail.te
deleted file mode 100644
index b6781d5..0000000
--- a/policy/modules/services/sendmail.te
+++ /dev/null
@@ -1,198 +0,0 @@
-policy_module(sendmail, 1.11.0)
-
-########################################
-#
-# Declarations
-#
-
-type sendmail_log_t;
-logging_log_file(sendmail_log_t)
-
-type sendmail_tmp_t;
-files_tmp_file(sendmail_tmp_t)
-
-type sendmail_var_run_t;
-files_pid_file(sendmail_var_run_t)
-
-type sendmail_t;
-mta_sendmail_mailserver(sendmail_t)
-mta_mailserver_delivery(sendmail_t)
-mta_mailserver_sender(sendmail_t)
-
-type sendmail_initrc_exec_t;
-init_script_file(sendmail_initrc_exec_t)
-
-type unconfined_sendmail_t;
-application_domain(unconfined_sendmail_t, sendmail_exec_t)
-role system_r types unconfined_sendmail_t;
-
-########################################
-#
-# Sendmail local policy
-#
-
-allow sendmail_t self:capability { dac_override setuid setgid net_bind_service sys_nice chown sys_tty_config };
-allow sendmail_t self:process { setsched setpgid setrlimit signal signull };
-allow sendmail_t self:fifo_file rw_fifo_file_perms;
-allow sendmail_t self:unix_stream_socket create_stream_socket_perms;
-allow sendmail_t self:unix_dgram_socket create_socket_perms;
-allow sendmail_t self:tcp_socket create_stream_socket_perms;
-allow sendmail_t self:udp_socket create_socket_perms;
-
-allow sendmail_t sendmail_log_t:dir setattr;
-manage_files_pattern(sendmail_t, sendmail_log_t, sendmail_log_t)
-logging_log_filetrans(sendmail_t, sendmail_log_t, { file dir })
-
-manage_dirs_pattern(sendmail_t, sendmail_tmp_t, sendmail_tmp_t)
-manage_files_pattern(sendmail_t, sendmail_tmp_t, sendmail_tmp_t)
-files_tmp_filetrans(sendmail_t, sendmail_tmp_t, { file dir })
-
-allow sendmail_t sendmail_var_run_t:file manage_file_perms;
-files_pid_filetrans(sendmail_t, sendmail_var_run_t, file)
-
-kernel_read_network_state(sendmail_t)
-kernel_read_kernel_sysctls(sendmail_t)
-# for piping mail to a command
-kernel_read_system_state(sendmail_t)
-
-corenet_all_recvfrom_unlabeled(sendmail_t)
-corenet_all_recvfrom_netlabel(sendmail_t)
-corenet_tcp_sendrecv_generic_if(sendmail_t)
-corenet_tcp_sendrecv_generic_node(sendmail_t)
-corenet_tcp_sendrecv_all_ports(sendmail_t)
-corenet_tcp_bind_generic_node(sendmail_t)
-corenet_tcp_bind_smtp_port(sendmail_t)
-corenet_tcp_connect_all_ports(sendmail_t)
-corenet_sendrecv_smtp_server_packets(sendmail_t)
-corenet_sendrecv_smtp_client_packets(sendmail_t)
-
-dev_read_urand(sendmail_t)
-dev_read_sysfs(sendmail_t)
-
-fs_getattr_all_fs(sendmail_t)
-fs_search_auto_mountpoints(sendmail_t)
-fs_rw_anon_inodefs_files(sendmail_t)
-
-term_dontaudit_use_console(sendmail_t)
-term_dontaudit_use_generic_ptys(sendmail_t)
-
-# for piping mail to a command
-corecmd_exec_shell(sendmail_t)
-corecmd_exec_bin(sendmail_t)
-
-domain_use_interactive_fds(sendmail_t)
-
-files_read_etc_files(sendmail_t)
-files_read_usr_files(sendmail_t)
-files_search_spool(sendmail_t)
-# for piping mail to a command
-files_read_etc_runtime_files(sendmail_t)
-files_read_all_tmp_files(sendmail_t)
-
-init_use_fds(sendmail_t)
-init_use_script_ptys(sendmail_t)
-# sendmail wants to read /var/run/utmp if the controlling tty is /dev/console
-init_read_utmp(sendmail_t)
-init_dontaudit_write_utmp(sendmail_t)
-init_rw_script_tmp_files(sendmail_t)
-
-auth_use_nsswitch(sendmail_t)
-
-# Read /usr/lib/sasl2/.*
-libs_read_lib_files(sendmail_t)
-
-logging_send_syslog_msg(sendmail_t)
-logging_dontaudit_write_generic_logs(sendmail_t)
-
-miscfiles_read_generic_certs(sendmail_t)
-miscfiles_read_localization(sendmail_t)
-
-userdom_dontaudit_use_unpriv_user_fds(sendmail_t)
-userdom_read_user_home_content_files(sendmail_t)
-
-mta_read_config(sendmail_t)
-mta_etc_filetrans_aliases(sendmail_t)
-# Write to /etc/aliases and /etc/mail.
-mta_manage_aliases(sendmail_t)
-# Write to /var/spool/mail and /var/spool/mqueue.
-mta_manage_queue(sendmail_t)
-mta_manage_spool(sendmail_t)
-mta_sendmail_exec(sendmail_t)
-
-optional_policy(`
-	cron_read_pipes(sendmail_t)
-')
-
-optional_policy(`
-	clamav_search_lib(sendmail_t)
-	clamav_stream_connect(sendmail_t)
-')
-
-optional_policy(`
-	cyrus_stream_connect(sendmail_t)
-')
-
-optional_policy(`
-	exim_domtrans(sendmail_t)
-')
-
-optional_policy(`
-	fail2ban_read_lib_files(sendmail_t)
-	fail2ban_rw_stream_sockets(sendmail_t)
-')
-
-optional_policy(`
-	kerberos_keytab_template(sendmail, sendmail_t)
-')
-
-optional_policy(`
-	milter_stream_connect_all(sendmail_t)
-')
-
-optional_policy(`
-	munin_dontaudit_search_lib(sendmail_t)
-')
-
-optional_policy(`
-	postfix_domtrans_postdrop(sendmail_t)
-	postfix_domtrans_master(sendmail_t)
-	postfix_domtrans_postqueue(sendmail_t)
-	postfix_read_config(sendmail_t)
-	postfix_search_spool(sendmail_t)
-')
-
-optional_policy(`
-	procmail_domtrans(sendmail_t)
-	procmail_rw_tmp_files(sendmail_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(sendmail_t)
-')
-
-optional_policy(`
-	sasl_connect(sendmail_t)
-')
-
-optional_policy(`
-	spamd_stream_connect(sendmail_t)
-')
-
-optional_policy(`
-	udev_read_db(sendmail_t)
-')
-
-optional_policy(`
-	uucp_domtrans_uux(sendmail_t)
-')
-
-########################################
-#
-# Unconfined sendmail local policy
-# Allow unconfined domain to run newalias and have transitions work
-#
-
-optional_policy(`
-	mta_etc_filetrans_aliases(unconfined_sendmail_t)
-	unconfined_domain_noaudit(unconfined_sendmail_t)
-')
diff --git a/policy/modules/services/setroubleshoot.fc b/policy/modules/services/setroubleshoot.fc
deleted file mode 100644
index 397a522..0000000
--- a/policy/modules/services/setroubleshoot.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-/usr/sbin/setroubleshootd	--	gen_context(system_u:object_r:setroubleshootd_exec_t,s0)
-
-/usr/share/setroubleshoot/SetroubleshootFixit\.py* -- gen_context(system_u:object_r:setroubleshoot_fixit_exec_t,s0)
-
-/var/run/setroubleshoot(/.*)?		gen_context(system_u:object_r:setroubleshoot_var_run_t,s0)
-
-/var/log/setroubleshoot(/.*)?		gen_context(system_u:object_r:setroubleshoot_var_log_t,s0)
-
-/var/lib/setroubleshoot(/.*)?		gen_context(system_u:object_r:setroubleshoot_var_lib_t,s0)
diff --git a/policy/modules/services/setroubleshoot.if b/policy/modules/services/setroubleshoot.if
deleted file mode 100644
index d9f5dbc..0000000
--- a/policy/modules/services/setroubleshoot.if
+++ /dev/null
@@ -1,154 +0,0 @@
-## <summary>SELinux troubleshooting service</summary>
-
-########################################
-## <summary>
-##	Connect to setroubleshootd over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`setroubleshoot_stream_connect',`
-	gen_require(`
-		type setroubleshootd_t, setroubleshoot_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, setroubleshoot_var_run_t, setroubleshoot_var_run_t, setroubleshootd_t)
-	allow $1 setroubleshoot_var_run_t:sock_file read;
-')
-
-########################################
-## <summary>
-##	Dontaudit attempts to connect to setroubleshootd
-##	over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`setroubleshoot_dontaudit_stream_connect',`
-	gen_require(`
-		type setroubleshootd_t, setroubleshoot_var_run_t;
-	')
-
-	dontaudit $1 setroubleshoot_var_run_t:sock_file rw_sock_file_perms;
-	dontaudit $1 setroubleshootd_t:unix_stream_socket connectto;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	setroubleshoot over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`setroubleshoot_dbus_chat',`
-	gen_require(`
-		type setroubleshootd_t;
-		class dbus send_msg;
-	')
-
-	allow $1 setroubleshootd_t:dbus send_msg;
-	allow setroubleshootd_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Do not audit send and receive messages from
-##	setroubleshoot over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`setroubleshoot_dontaudit_dbus_chat',`
-	gen_require(`
-		type setroubleshootd_t;
-		class dbus send_msg;
-	')
-
-	dontaudit $1 setroubleshootd_t:dbus send_msg;
-	dontaudit setroubleshootd_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	setroubleshoot over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`setroubleshoot_dbus_chat_fixit',`
-	gen_require(`
-		type setroubleshoot_fixit_t;
-		class dbus send_msg;
-	')
-
-	allow $1 setroubleshoot_fixit_t:dbus send_msg;
-	allow setroubleshoot_fixit_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Dontaudit read/write to a setroubleshoot leaked sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`setroubleshoot_fixit_dontaudit_leaks',`
-	gen_require(`
-		type setroubleshoot_fixit_t;
-	')
-
-	dontaudit $1 setroubleshoot_fixit_t:unix_dgram_socket { read write };
-	dontaudit $1 setroubleshoot_fixit_t:unix_stream_socket { read write };
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an setroubleshoot environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`setroubleshoot_admin',`
-	gen_require(`
-		type setroubleshootd_t, setroubleshoot_var_log_t, setroubleshoot_var_run_t;
-		type setroubleshoot_var_lib_t;
-	')
-
-	allow $1 setroubleshootd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, setroubleshootd_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, setroubleshoot_var_log_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, setroubleshoot_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, setroubleshoot_var_run_t)
-')
diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
deleted file mode 100644
index 679558c..0000000
--- a/policy/modules/services/setroubleshoot.te
+++ /dev/null
@@ -1,194 +0,0 @@
-policy_module(setroubleshoot, 1.11.0)
-
-########################################
-#
-# Declarations
-#
-
-type setroubleshootd_t alias setroubleshoot_t;
-type setroubleshootd_exec_t;
-domain_type(setroubleshootd_t)
-init_daemon_domain(setroubleshootd_t, setroubleshootd_exec_t)
-
-type setroubleshoot_fixit_t;
-type setroubleshoot_fixit_exec_t;
-dbus_system_domain(setroubleshoot_fixit_t, setroubleshoot_fixit_exec_t)
-
-type setroubleshoot_var_lib_t;
-files_type(setroubleshoot_var_lib_t)
-
-# log files
-type setroubleshoot_var_log_t;
-logging_log_file(setroubleshoot_var_log_t)
-
-# pid files
-type setroubleshoot_var_run_t;
-files_pid_file(setroubleshoot_var_run_t)
-
-########################################
-#
-# setroubleshootd local policy
-#
-
-allow setroubleshootd_t self:capability { dac_override sys_nice sys_tty_config };
-allow setroubleshootd_t self:process { getattr getsched setsched sigkill signull signal };
-# if bad library causes setroubleshoot to require these, we want to give it so setroubleshoot can continue to run
-allow setroubleshootd_t self:process { execmem execstack };
-allow setroubleshootd_t self:fifo_file rw_fifo_file_perms;
-allow setroubleshootd_t self:tcp_socket create_stream_socket_perms;
-allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow setroubleshootd_t self:unix_dgram_socket create_socket_perms;
-
-# database files
-allow setroubleshootd_t setroubleshoot_var_lib_t:dir setattr;
-manage_files_pattern(setroubleshootd_t, setroubleshoot_var_lib_t, setroubleshoot_var_lib_t)
-files_var_lib_filetrans(setroubleshootd_t, setroubleshoot_var_lib_t, { file dir })
-
-# log files
-allow setroubleshootd_t setroubleshoot_var_log_t:dir setattr;
-manage_files_pattern(setroubleshootd_t, setroubleshoot_var_log_t, setroubleshoot_var_log_t)
-manage_sock_files_pattern(setroubleshootd_t, setroubleshoot_var_log_t, setroubleshoot_var_log_t)
-logging_log_filetrans(setroubleshootd_t, setroubleshoot_var_log_t, { file dir })
-
-# pid file
-manage_dirs_pattern(setroubleshootd_t, setroubleshoot_var_run_t, setroubleshoot_var_run_t)
-manage_files_pattern(setroubleshootd_t, setroubleshoot_var_run_t, setroubleshoot_var_run_t)
-manage_sock_files_pattern(setroubleshootd_t, setroubleshoot_var_run_t, setroubleshoot_var_run_t)
-files_pid_filetrans(setroubleshootd_t, setroubleshoot_var_run_t, { file sock_file dir })
-
-kernel_read_kernel_sysctls(setroubleshootd_t)
-kernel_read_system_state(setroubleshootd_t)
-kernel_read_net_sysctls(setroubleshootd_t)
-kernel_read_network_state(setroubleshootd_t)
-kernel_dontaudit_list_all_proc(setroubleshootd_t)
-kernel_read_unlabeled_state(setroubleshootd_t)
-
-corecmd_exec_bin(setroubleshootd_t)
-corecmd_exec_shell(setroubleshootd_t)
-
-corenet_all_recvfrom_unlabeled(setroubleshootd_t)
-corenet_all_recvfrom_netlabel(setroubleshootd_t)
-corenet_tcp_sendrecv_generic_if(setroubleshootd_t)
-corenet_tcp_sendrecv_generic_node(setroubleshootd_t)
-corenet_tcp_sendrecv_all_ports(setroubleshootd_t)
-corenet_tcp_bind_generic_node(setroubleshootd_t)
-corenet_tcp_connect_smtp_port(setroubleshootd_t)
-corenet_sendrecv_smtp_client_packets(setroubleshootd_t)
-
-dev_read_urand(setroubleshootd_t)
-dev_read_sysfs(setroubleshootd_t)
-dev_getattr_all_blk_files(setroubleshootd_t)
-dev_getattr_all_chr_files(setroubleshootd_t)
-
-domain_dontaudit_search_all_domains_state(setroubleshootd_t)
-domain_signull_all_domains(setroubleshootd_t)
-
-files_read_usr_files(setroubleshootd_t)
-files_read_etc_files(setroubleshootd_t)
-files_list_all(setroubleshootd_t)
-files_getattr_all_files(setroubleshootd_t)
-files_getattr_all_pipes(setroubleshootd_t)
-files_getattr_all_sockets(setroubleshootd_t)
-files_read_all_symlinks(setroubleshootd_t)
-
-fs_getattr_all_dirs(setroubleshootd_t)
-fs_getattr_all_files(setroubleshootd_t)
-fs_read_fusefs_symlinks(setroubleshootd_t)
-fs_list_inotifyfs(setroubleshootd_t)
-fs_dontaudit_read_nfs_files(setroubleshootd_t)
-fs_dontaudit_read_cifs_files(setroubleshootd_t)
-
-selinux_get_enforce_mode(setroubleshootd_t)
-selinux_validate_context(setroubleshootd_t)
-
-term_dontaudit_use_all_ptys(setroubleshootd_t)
-term_dontaudit_use_all_ttys(setroubleshootd_t)
-
-auth_use_nsswitch(setroubleshootd_t)
-
-init_read_utmp(setroubleshootd_t)
-init_dontaudit_write_utmp(setroubleshootd_t)
-
-miscfiles_read_localization(setroubleshootd_t)
-
-locallogin_dontaudit_use_fds(setroubleshootd_t)
-
-logging_send_audit_msgs(setroubleshootd_t)
-logging_send_syslog_msg(setroubleshootd_t)
-logging_stream_connect_dispatcher(setroubleshootd_t)
-
-modutils_read_module_config(setroubleshootd_t)
-
-seutil_read_config(setroubleshootd_t)
-seutil_read_file_contexts(setroubleshootd_t)
-seutil_read_bin_policy(setroubleshootd_t)
-
-userdom_dontaudit_read_user_home_content_files(setroubleshootd_t)
-
-optional_policy(`
-	locate_read_lib_files(setroubleshootd_t)
-')
-
-optional_policy(`
-	dbus_system_domain(setroubleshootd_t, setroubleshootd_exec_t)
-')
-
-optional_policy(`
-	rpm_signull(setroubleshootd_t)
-	rpm_read_db(setroubleshootd_t)
-	rpm_dontaudit_manage_db(setroubleshootd_t)
-	rpm_use_script_fds(setroubleshootd_t)
-')
-
-########################################
-#
-# setroubleshoot_fixit local policy
-#
-
-allow setroubleshoot_fixit_t self:capability sys_nice;
-allow setroubleshoot_fixit_t self:process { setsched getsched };
-allow setroubleshoot_fixit_t self:fifo_file rw_fifo_file_perms;
-allow setroubleshoot_fixit_t self:unix_dgram_socket create_socket_perms;
-
-allow setroubleshoot_fixit_t setroubleshootd_t:process signull;
-
-setroubleshoot_dbus_chat(setroubleshoot_fixit_t)
-setroubleshoot_stream_connect(setroubleshoot_fixit_t)
-
-kernel_read_system_state(setroubleshoot_fixit_t)
-
-corecmd_exec_bin(setroubleshoot_fixit_t)
-corecmd_exec_shell(setroubleshoot_fixit_t)
-
-seutil_domtrans_setfiles(setroubleshoot_fixit_t)
-seutil_domtrans_setsebool(setroubleshoot_fixit_t)
-
-files_read_usr_files(setroubleshoot_fixit_t)
-files_read_etc_files(setroubleshoot_fixit_t)
-files_list_tmp(setroubleshoot_fixit_t)
-
-auth_use_nsswitch(setroubleshoot_fixit_t)
-
-logging_send_audit_msgs(setroubleshoot_fixit_t)
-logging_send_syslog_msg(setroubleshoot_fixit_t)
-
-miscfiles_read_localization(setroubleshoot_fixit_t)
-
-userdom_dontaudit_search_admin_dir(setroubleshoot_fixit_t)
-userdom_signull_unpriv_users(setroubleshoot_fixit_t)
-
-optional_policy(`
-	gnome_dontaudit_search_config(setroubleshoot_fixit_t)
-')
-
-optional_policy(`
-	rpm_signull(setroubleshoot_fixit_t)
-	rpm_read_db(setroubleshoot_fixit_t)
-	rpm_dontaudit_manage_db(setroubleshoot_fixit_t)
-	rpm_use_script_fds(setroubleshoot_fixit_t)
-')
-
-optional_policy(`
-	policykit_dbus_chat(setroubleshoot_fixit_t)
-	userdom_read_all_users_state(setroubleshoot_fixit_t)
-')
diff --git a/policy/modules/services/slrnpull.fc b/policy/modules/services/slrnpull.fc
deleted file mode 100644
index 1714ce0..0000000
--- a/policy/modules/services/slrnpull.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-#
-# /usr
-#
-
-/usr/bin/slrnpull	--	gen_context(system_u:object_r:slrnpull_exec_t,s0)
-
-#
-# /var
-#
-/var/spool/slrnpull(/.*)?	gen_context(system_u:object_r:slrnpull_spool_t,s0)
diff --git a/policy/modules/services/slrnpull.if b/policy/modules/services/slrnpull.if
deleted file mode 100644
index d7e8289..0000000
--- a/policy/modules/services/slrnpull.if
+++ /dev/null
@@ -1,42 +0,0 @@
-## <summary>Service for downloading news feeds the slrn newsreader.</summary>
-
-########################################
-## <summary>
-##	Allow the domain to search slrnpull spools.
-## </summary>
-## <param name="pty_type">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`slrnpull_search_spool',`
-	gen_require(`
-		type slrnpull_spool_t;
-	')
-
-	files_search_spool($1)
-	allow $1 slrnpull_spool_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Allow the domain to create, read,
-##	write, and delete slrnpull spools.
-## </summary>
-## <param name="pty_type">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`slrnpull_manage_spool',`
-	gen_require(`
-		type slrnpull_spool_t;
-	')
-
-	files_search_spool($1)
-	manage_dirs_pattern($1, slrnpull_spool_t, slrnpull_spool_t)
-	manage_files_pattern($1, slrnpull_spool_t, slrnpull_spool_t)
-	manage_lnk_files_pattern($1, slrnpull_spool_t, slrnpull_spool_t)
-')
diff --git a/policy/modules/services/slrnpull.te b/policy/modules/services/slrnpull.te
deleted file mode 100644
index e5e72fd..0000000
--- a/policy/modules/services/slrnpull.te
+++ /dev/null
@@ -1,70 +0,0 @@
-policy_module(slrnpull, 1.4.0)
-
-########################################
-#
-# Declarations
-#
-
-type slrnpull_t;
-type slrnpull_exec_t;
-init_daemon_domain(slrnpull_t, slrnpull_exec_t)
-
-type slrnpull_var_run_t;
-files_pid_file(slrnpull_var_run_t)
-
-type slrnpull_spool_t;
-files_type(slrnpull_spool_t)
-
-type slrnpull_log_t;
-logging_log_file(slrnpull_log_t)
-
-########################################
-#
-# Local policy
-#
-
-dontaudit slrnpull_t self:capability sys_tty_config;
-allow slrnpull_t self:process signal_perms;
-
-allow slrnpull_t slrnpull_log_t:file manage_file_perms;
-logging_log_filetrans(slrnpull_t, slrnpull_log_t, file)
-
-manage_dirs_pattern(slrnpull_t, slrnpull_spool_t, slrnpull_spool_t)
-manage_files_pattern(slrnpull_t, slrnpull_spool_t, slrnpull_spool_t)
-manage_lnk_files_pattern(slrnpull_t, slrnpull_spool_t, slrnpull_spool_t)
-files_search_spool(slrnpull_t)
-
-manage_files_pattern(slrnpull_t, slrnpull_var_run_t, slrnpull_var_run_t)
-files_pid_filetrans(slrnpull_t, slrnpull_var_run_t, file)
-
-kernel_list_proc(slrnpull_t)
-kernel_read_kernel_sysctls(slrnpull_t)
-kernel_read_proc_symlinks(slrnpull_t)
-
-dev_read_sysfs(slrnpull_t)
-
-domain_use_interactive_fds(slrnpull_t)
-
-files_read_etc_files(slrnpull_t)
-
-fs_getattr_all_fs(slrnpull_t)
-fs_search_auto_mountpoints(slrnpull_t)
-
-logging_send_syslog_msg(slrnpull_t)
-
-miscfiles_read_localization(slrnpull_t)
-
-userdom_dontaudit_use_unpriv_user_fds(slrnpull_t)
-userdom_dontaudit_search_user_home_dirs(slrnpull_t)
-
-optional_policy(`
-	cron_system_entry(slrnpull_t, slrnpull_exec_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(slrnpull_t)
-')
-
-optional_policy(`
-	udev_read_db(slrnpull_t)
-')
diff --git a/policy/modules/services/smartmon.fc b/policy/modules/services/smartmon.fc
deleted file mode 100644
index 268ae3d..0000000
--- a/policy/modules/services/smartmon.fc
+++ /dev/null
@@ -1,12 +0,0 @@
-/etc/rc\.d/init\.d/smartd --	gen_context(system_u:object_r:fsdaemon_initrc_exec_t,s0)
-
-#
-# /usr
-#
-/usr/sbin/smartd	--	gen_context(system_u:object_r:fsdaemon_exec_t,s0)
-
-#
-# /var
-#
-/var/run/smartd\.pid	--	gen_context(system_u:object_r:fsdaemon_var_run_t,s0)
-
diff --git a/policy/modules/services/smartmon.if b/policy/modules/services/smartmon.if
deleted file mode 100644
index d5b2d93..0000000
--- a/policy/modules/services/smartmon.if
+++ /dev/null
@@ -1,58 +0,0 @@
-## <summary>Smart disk monitoring daemon policy</summary>
-
-#######################################
-## <summary>
-##	Allow caller to read smartmon temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`smartmon_read_tmp_files',`
-	gen_require(`
-		type fsdaemon_tmp_t;
-	')
-
-	files_search_tmp($1)
-	allow $1 fsdaemon_tmp_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an smartmon environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`smartmon_admin',`
-	gen_require(`
-		type fsdaemon_t, fsdaemon_tmp_t, fsdaemon_var_run_t;
-		type fsdaemon_initrc_exec_t;
-	')
-
-	allow $1 fsdaemon_t:process { ptrace signal_perms };
-	ps_process_pattern($1, fsdaemon_t)
-
-	init_labeled_script_domtrans($1, fsdaemon_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 fsdaemon_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, fsdaemon_tmp_t)
-
-	files_list_pids($1)
-	admin_pattern($1, fsdaemon_var_run_t)
-')
diff --git a/policy/modules/services/smartmon.te b/policy/modules/services/smartmon.te
deleted file mode 100644
index 6f49778..0000000
--- a/policy/modules/services/smartmon.te
+++ /dev/null
@@ -1,123 +0,0 @@
-policy_module(smartmon, 1.10.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Enable additional permissions needed to support
-## devices on 3ware controllers.
-## </p>
-## </desc>
-gen_tunable(smartmon_3ware, false)
-
-type fsdaemon_t;
-type fsdaemon_exec_t;
-init_daemon_domain(fsdaemon_t, fsdaemon_exec_t)
-
-type fsdaemon_initrc_exec_t;
-init_script_file(fsdaemon_initrc_exec_t)
-
-type fsdaemon_var_run_t;
-files_pid_file(fsdaemon_var_run_t)
-
-type fsdaemon_tmp_t;
-files_tmp_file(fsdaemon_tmp_t)
-
-ifdef(`enable_mls',`
-	init_ranged_daemon_domain(fsdaemon_t, fsdaemon_exec_t, mls_systemhigh)
-')
-
-########################################
-#
-# Local policy
-#
-
-allow fsdaemon_t self:capability { setpcap setgid sys_rawio sys_admin };
-dontaudit fsdaemon_t self:capability sys_tty_config;
-allow fsdaemon_t self:process { getcap setcap signal_perms };
-allow fsdaemon_t self:fifo_file rw_fifo_file_perms;
-allow fsdaemon_t self:unix_dgram_socket create_socket_perms;
-allow fsdaemon_t self:unix_stream_socket create_stream_socket_perms;
-allow fsdaemon_t self:udp_socket create_socket_perms;
-allow fsdaemon_t self:netlink_route_socket r_netlink_socket_perms;
-
-manage_dirs_pattern(fsdaemon_t, fsdaemon_tmp_t, fsdaemon_tmp_t)
-manage_files_pattern(fsdaemon_t, fsdaemon_tmp_t, fsdaemon_tmp_t)
-files_tmp_filetrans(fsdaemon_t, fsdaemon_tmp_t, { file dir })
-
-manage_files_pattern(fsdaemon_t, fsdaemon_var_run_t, fsdaemon_var_run_t)
-files_pid_filetrans(fsdaemon_t, fsdaemon_var_run_t, file)
-
-kernel_read_kernel_sysctls(fsdaemon_t)
-kernel_read_software_raid_state(fsdaemon_t)
-kernel_read_system_state(fsdaemon_t)
-
-corecmd_exec_all_executables(fsdaemon_t)
-
-corenet_all_recvfrom_unlabeled(fsdaemon_t)
-corenet_all_recvfrom_netlabel(fsdaemon_t)
-corenet_udp_sendrecv_generic_if(fsdaemon_t)
-corenet_udp_sendrecv_generic_node(fsdaemon_t)
-corenet_udp_sendrecv_all_ports(fsdaemon_t)
-
-dev_read_sysfs(fsdaemon_t)
-dev_read_urand(fsdaemon_t)
-
-domain_use_interactive_fds(fsdaemon_t)
-
-files_exec_etc_files(fsdaemon_t)
-files_read_etc_runtime_files(fsdaemon_t)
-# for config
-files_read_etc_files(fsdaemon_t)
-files_read_usr_files(fsdaemon_t)
-
-fs_getattr_all_fs(fsdaemon_t)
-fs_search_auto_mountpoints(fsdaemon_t)
-
-mls_file_read_all_levels(fsdaemon_t)
-#mls_rangetrans_target(fsdaemon_t)
-
-storage_raw_read_fixed_disk(fsdaemon_t)
-storage_raw_write_fixed_disk(fsdaemon_t)
-storage_raw_read_removable_device(fsdaemon_t)
-storage_read_scsi_generic(fsdaemon_t)
-storage_write_scsi_generic(fsdaemon_t)
-
-term_dontaudit_search_ptys(fsdaemon_t)
-
-libs_exec_ld_so(fsdaemon_t)
-libs_exec_lib_files(fsdaemon_t)
-
-logging_send_syslog_msg(fsdaemon_t)
-
-miscfiles_read_localization(fsdaemon_t)
-
-seutil_sigchld_newrole(fsdaemon_t)
-
-sysnet_dns_name_resolve(fsdaemon_t)
-
-userdom_dontaudit_use_unpriv_user_fds(fsdaemon_t)
-userdom_dontaudit_search_user_home_dirs(fsdaemon_t)
-
-tunable_policy(`smartmon_3ware',`
-	allow fsdaemon_t self:process setfscreate;
-
-	storage_create_fixed_disk_dev(fsdaemon_t)
-	storage_delete_fixed_disk_dev(fsdaemon_t)
-	storage_dev_filetrans_fixed_disk(fsdaemon_t)
-
-	selinux_validate_context(fsdaemon_t)
-
-	seutil_read_file_contexts(fsdaemon_t)
-')
-
-optional_policy(`
-	mta_send_mail(fsdaemon_t)
-')
-
-optional_policy(`
-	udev_read_db(fsdaemon_t)
-')
diff --git a/policy/modules/services/smokeping.fc b/policy/modules/services/smokeping.fc
deleted file mode 100644
index 9ff2d99..0000000
--- a/policy/modules/services/smokeping.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-/etc/rc\.d/init\.d/smokeping	--	gen_context(system_u:object_r:smokeping_initrc_exec_t,s0)
-
-/usr/sbin/smokeping		--	gen_context(system_u:object_r:smokeping_exec_t,s0)
-
-/usr/share/smokeping/cgi(/.*)?		gen_context(system_u:object_r:httpd_smokeping_cgi_script_exec_t,s0)
-
-/var/lib/smokeping(/.*)?		gen_context(system_u:object_r:smokeping_var_lib_t,s0)
-
-/var/run/smokeping(/.*)?		gen_context(system_u:object_r:smokeping_var_run_t,s0)
diff --git a/policy/modules/services/smokeping.if b/policy/modules/services/smokeping.if
deleted file mode 100644
index 8265278..0000000
--- a/policy/modules/services/smokeping.if
+++ /dev/null
@@ -1,167 +0,0 @@
-## <summary>Smokeping network latency measurement.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run smokeping.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`smokeping_domtrans',`
-	gen_require(`
-		type smokeping_t, smokeping_exec_t;
-	')
-
-	domtrans_pattern($1, smokeping_exec_t, smokeping_t)
-')
-
-########################################
-## <summary>
-##	Execute smokeping server in the smokeping domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`smokeping_initrc_domtrans',`
-	gen_require(`
-		type smokeping_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, smokeping_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Read smokeping PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`smokeping_read_pid_files',`
-	gen_require(`
-		type smokeping_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 smokeping_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Manage smokeping PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`smokeping_manage_pid_files',`
-	gen_require(`
-		type smokeping_var_run_t;
-	')
-
-	files_search_pids($1)
-	manage_files_pattern($1, smokeping_var_run_t, smokeping_var_run_t)
-')
-
-########################################
-## <summary>
-##	Get attributes of smokeping lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`smokeping_getattr_lib_files',`
-	gen_require(`
-		type smokeping_var_lib_t;
-	')
-
-	getattr_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Read smokeping lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`smokeping_read_lib_files',`
-	gen_require(`
-		type smokeping_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Manage smokeping lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`smokeping_manage_lib_files',`
-	gen_require(`
-		type smokeping_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	a smokeping environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`smokeping_admin',`
-	gen_require(`
-		type smokeping_t, smokeping_initrc_exec_t;
-	')
-
-	allow $1 smokeping_t:process { ptrace signal_perms };
-	ps_process_pattern($1, smokeping_t)
-
-	smokeping_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 smokeping_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	smokeping_manage_pid_files($1)
-
-	smokeping_manage_lib_files($1)
-')
diff --git a/policy/modules/services/smokeping.te b/policy/modules/services/smokeping.te
deleted file mode 100644
index 247beaf..0000000
--- a/policy/modules/services/smokeping.te
+++ /dev/null
@@ -1,77 +0,0 @@
-policy_module(smokeping, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type smokeping_t;
-type smokeping_exec_t;
-init_daemon_domain(smokeping_t, smokeping_exec_t)
-
-type smokeping_initrc_exec_t;
-init_script_file(smokeping_initrc_exec_t)
-
-type smokeping_var_run_t;
-files_pid_file(smokeping_var_run_t)
-
-type smokeping_var_lib_t;
-files_type(smokeping_var_lib_t)
-
-########################################
-#
-# smokeping local policy
-#
-
-dontaudit smokeping_t self:capability { dac_read_search dac_override };    
-allow smokeping_t self:fifo_file rw_fifo_file_perms;
-allow smokeping_t self:udp_socket create_socket_perms;
-allow smokeping_t self:unix_stream_socket create_stream_socket_perms;
-
-manage_dirs_pattern(smokeping_t, smokeping_var_run_t, smokeping_var_run_t)
-manage_files_pattern(smokeping_t, smokeping_var_run_t, smokeping_var_run_t)
-files_pid_filetrans(smokeping_t, smokeping_var_run_t, { file dir })
-
-manage_dirs_pattern(smokeping_t, smokeping_var_lib_t, smokeping_var_lib_t)
-manage_files_pattern(smokeping_t, smokeping_var_lib_t, smokeping_var_lib_t)
-files_var_lib_filetrans(smokeping_t, smokeping_var_lib_t, { file dir } )
-
-corecmd_read_bin_symlinks(smokeping_t)
-
-dev_read_urand(smokeping_t)
-
-files_read_etc_files(smokeping_t)
-files_read_usr_files(smokeping_t)
-files_search_tmp(smokeping_t)
-
-auth_use_nsswitch(smokeping_t)
-auth_dontaudit_read_shadow(smokeping_t)
-
-logging_send_syslog_msg(smokeping_t)
-
-miscfiles_read_localization(smokeping_t)
-
-mta_send_mail(smokeping_t)
-
-netutils_domtrans_ping(smokeping_t)
-
-#######################################
-#
-# local policy for smokeping cgi scripts
-#
-
-optional_policy(`
-	apache_content_template(smokeping_cgi)
-
-	allow httpd_smokeping_cgi_script_t self:udp_socket create_socket_perms;
-
-	manage_dirs_pattern(httpd_smokeping_cgi_script_t, smokeping_var_lib_t, smokeping_var_lib_t)
-	manage_files_pattern(httpd_smokeping_cgi_script_t, smokeping_var_lib_t, smokeping_var_lib_t)
-
-	getattr_files_pattern(httpd_smokeping_cgi_script_t, smokeping_var_run_t, smokeping_var_run_t)
-
-	files_search_tmp(httpd_smokeping_cgi_script_t)
-	files_search_var_lib(httpd_smokeping_cgi_script_t)
-
-	sysnet_dns_name_resolve(httpd_smokeping_cgi_script_t)
-')
diff --git a/policy/modules/services/snmp.fc b/policy/modules/services/snmp.fc
deleted file mode 100644
index ac10740..0000000
--- a/policy/modules/services/snmp.fc
+++ /dev/null
@@ -1,24 +0,0 @@
-/etc/rc\.d/init\.d/snmpd --	gen_context(system_u:object_r:snmpd_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/snmptrapd --	gen_context(system_u:object_r:snmpd_initrc_exec_t,s0)
-
-#
-# /usr
-#
-/usr/sbin/snmp(trap)?d	--	gen_context(system_u:object_r:snmpd_exec_t,s0)
-
-/usr/share/snmp/mibs/\.index -- gen_context(system_u:object_r:snmpd_var_lib_t,s0)
-
-#
-# /var
-#
-/var/agentx(/.*)?		gen_context(system_u:object_r:snmpd_var_lib_t,s0)
-
-/var/lib/net-snmp(/.*)?		gen_context(system_u:object_r:snmpd_var_lib_t,s0)
-/var/lib/snmp(/.*)?		gen_context(system_u:object_r:snmpd_var_lib_t,s0)
-
-/var/log/snmpd\.log	--	gen_context(system_u:object_r:snmpd_log_t,s0)
-
-/var/net-snmp(/.*)?		gen_context(system_u:object_r:snmpd_var_lib_t,s0)
-
-/var/run/snmpd(/.*)?		gen_context(system_u:object_r:snmpd_var_run_t,s0)
-/var/run/snmpd\.pid	--	gen_context(system_u:object_r:snmpd_var_run_t,s0)
diff --git a/policy/modules/services/snmp.if b/policy/modules/services/snmp.if
deleted file mode 100644
index bfdf197..0000000
--- a/policy/modules/services/snmp.if
+++ /dev/null
@@ -1,148 +0,0 @@
-## <summary>Simple network management protocol services</summary>
-
-########################################
-## <summary>
-##	Connect to snmpd using a unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`snmp_stream_connect',`
-	gen_require(`
-		type snmpd_t, snmpd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	stream_connect_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t, snmpd_t)
-')
-
-########################################
-## <summary>
-##	Use snmp over a TCP connection.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`snmp_tcp_connect',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Send and receive UDP traffic to SNMP  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`snmp_udp_chat',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Read snmpd libraries.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`snmp_read_snmp_var_lib_files',`
-	gen_require(`
-		type snmpd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 snmpd_var_lib_t:dir list_dir_perms;
-	read_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
-	read_lnk_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	dontaudit Read snmpd libraries.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`snmp_dontaudit_read_snmp_var_lib_files',`
-	gen_require(`
-		type snmpd_var_lib_t;
-	')
-
-	dontaudit $1 snmpd_var_lib_t:dir list_dir_perms;
-	dontaudit $1 snmpd_var_lib_t:file read_file_perms;
-	dontaudit $1 snmpd_var_lib_t:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	dontaudit write snmpd libraries files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`snmp_dontaudit_write_snmp_var_lib_files',`
-	gen_require(`
-		type snmpd_var_lib_t;
-	')
-
-	dontaudit $1 snmpd_var_lib_t:file write;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an snmp environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the snmp domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`snmp_admin',`
-	gen_require(`
-		type snmpd_t, snmpd_log_t, snmpd_initrc_exec_t;
-		type snmpd_var_lib_t, snmpd_var_run_t;
-	')
-
-	allow $1 snmpd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, snmpd_t)
-
-	init_labeled_script_domtrans($1, snmpd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 snmpd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	logging_list_logs($1)
-	admin_pattern($1, snmpd_log_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, snmpd_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, snmpd_var_run_t)
-')
diff --git a/policy/modules/services/snmp.te b/policy/modules/services/snmp.te
deleted file mode 100644
index 0927db4..0000000
--- a/policy/modules/services/snmp.te
+++ /dev/null
@@ -1,176 +0,0 @@
-policy_module(snmp, 1.11.0)
-
-########################################
-#
-# Declarations
-#
-
-type snmpd_t;
-type snmpd_exec_t;
-init_daemon_domain(snmpd_t, snmpd_exec_t)
-
-type snmpd_initrc_exec_t;
-init_script_file(snmpd_initrc_exec_t)
-
-type snmpd_log_t;
-logging_log_file(snmpd_log_t)
-
-type snmpd_var_run_t;
-files_pid_file(snmpd_var_run_t)
-
-type snmpd_var_lib_t;
-files_type(snmpd_var_lib_t)
-
-########################################
-#
-# Local policy
-#
-
-allow snmpd_t self:capability { chown dac_override kill ipc_lock setgid setuid sys_ptrace net_admin sys_nice sys_tty_config };
-dontaudit snmpd_t self:capability { sys_module sys_tty_config };
-allow snmpd_t self:process { signal_perms getsched setsched };
-allow snmpd_t self:fifo_file rw_fifo_file_perms;
-allow snmpd_t self:unix_dgram_socket create_socket_perms;
-allow snmpd_t self:unix_stream_socket create_stream_socket_perms;
-allow snmpd_t self:tcp_socket create_stream_socket_perms;
-allow snmpd_t self:udp_socket connected_stream_socket_perms;
-
-allow snmpd_t snmpd_log_t:file manage_file_perms;
-logging_log_filetrans(snmpd_t, snmpd_log_t, file)
-
-manage_dirs_pattern(snmpd_t, snmpd_var_lib_t, snmpd_var_lib_t)
-manage_files_pattern(snmpd_t, snmpd_var_lib_t, snmpd_var_lib_t)
-manage_sock_files_pattern(snmpd_t, snmpd_var_lib_t, snmpd_var_lib_t)
-files_usr_filetrans(snmpd_t, snmpd_var_lib_t, file)
-files_var_filetrans(snmpd_t, snmpd_var_lib_t, { file dir sock_file })
-files_var_lib_filetrans(snmpd_t, snmpd_var_lib_t, file)
-
-manage_dirs_pattern(snmpd_t, snmpd_var_run_t, snmpd_var_run_t)
-manage_files_pattern(snmpd_t, snmpd_var_run_t, snmpd_var_run_t)
-files_pid_filetrans(snmpd_t, snmpd_var_run_t, { file dir })
-
-kernel_read_device_sysctls(snmpd_t)
-kernel_read_kernel_sysctls(snmpd_t)
-kernel_read_fs_sysctls(snmpd_t)
-kernel_read_net_sysctls(snmpd_t)
-kernel_read_proc_symlinks(snmpd_t)
-kernel_read_system_state(snmpd_t)
-kernel_read_network_state(snmpd_t)
-
-corecmd_exec_bin(snmpd_t)
-corecmd_exec_shell(snmpd_t)
-
-corenet_all_recvfrom_unlabeled(snmpd_t)
-corenet_all_recvfrom_netlabel(snmpd_t)
-corenet_tcp_sendrecv_generic_if(snmpd_t)
-corenet_udp_sendrecv_generic_if(snmpd_t)
-corenet_tcp_sendrecv_generic_node(snmpd_t)
-corenet_udp_sendrecv_generic_node(snmpd_t)
-corenet_tcp_sendrecv_all_ports(snmpd_t)
-corenet_udp_sendrecv_all_ports(snmpd_t)
-corenet_tcp_bind_generic_node(snmpd_t)
-corenet_udp_bind_generic_node(snmpd_t)
-corenet_tcp_bind_snmp_port(snmpd_t)
-corenet_udp_bind_snmp_port(snmpd_t)
-corenet_sendrecv_snmp_server_packets(snmpd_t)
-corenet_tcp_connect_agentx_port(snmpd_t)
-corenet_tcp_bind_agentx_port(snmpd_t)
-corenet_udp_bind_agentx_port(snmpd_t)
-
-dev_list_sysfs(snmpd_t)
-dev_read_sysfs(snmpd_t)
-dev_read_urand(snmpd_t)
-dev_read_rand(snmpd_t)
-dev_getattr_usbfs_dirs(snmpd_t)
-
-domain_use_interactive_fds(snmpd_t)
-domain_signull_all_domains(snmpd_t)
-domain_read_all_domains_state(snmpd_t)
-domain_dontaudit_ptrace_all_domains(snmpd_t)
-domain_exec_all_entry_files(snmpd_t)
-
-files_read_etc_files(snmpd_t)
-files_read_usr_files(snmpd_t)
-files_read_etc_runtime_files(snmpd_t)
-files_search_home(snmpd_t)
-
-fs_getattr_all_dirs(snmpd_t)
-fs_getattr_all_fs(snmpd_t)
-fs_search_auto_mountpoints(snmpd_t)
-
-storage_dontaudit_read_fixed_disk(snmpd_t)
-storage_dontaudit_read_removable_device(snmpd_t)
-storage_dontaudit_write_removable_device(snmpd_t)
-
-auth_use_nsswitch(snmpd_t)
-auth_read_all_dirs_except_shadow(snmpd_t)
-
-init_read_utmp(snmpd_t)
-init_dontaudit_write_utmp(snmpd_t)
-
-logging_send_syslog_msg(snmpd_t)
-
-miscfiles_read_localization(snmpd_t)
-
-seutil_dontaudit_search_config(snmpd_t)
-
-sysnet_read_config(snmpd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(snmpd_t)
-userdom_dontaudit_search_user_home_dirs(snmpd_t)
-
-ifdef(`distro_redhat',`
-	optional_policy(`
-		rpm_read_db(snmpd_t)
-		rpm_dontaudit_manage_db(snmpd_t)
-	')
-')
-
-optional_policy(`
-	amanda_dontaudit_read_dumpdates(snmpd_t)
-')
-
-optional_policy(`
-	consoletype_exec(snmpd_t)
-')
-
-optional_policy(`
-	cups_read_rw_config(snmpd_t)
-')
-
-optional_policy(`
-	mta_read_config(snmpd_t)
-	mta_search_queue(snmpd_t)
-')
-
-optional_policy(`
-	rpc_search_nfs_state_data(snmpd_t)
-')
-
-optional_policy(`
-	sendmail_read_log(snmpd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(snmpd_t)
-')
-
-optional_policy(`
-	squid_read_config(snmpd_t)
-')
-
-optional_policy(`
-	udev_read_db(snmpd_t)
-')
-
-optional_policy(`
-	virt_stream_connect(snmpd_t)
-')
-
-optional_policy(`
-	kernel_read_xen_state(snmpd_t)
-	kernel_write_xen_state(snmpd_t)
-
-	xen_stream_connect(snmpd_t)
-	xen_stream_connect_xenstore(snmpd_t)
-')
diff --git a/policy/modules/services/snort.fc b/policy/modules/services/snort.fc
deleted file mode 100644
index 7bedd2f..0000000
--- a/policy/modules/services/snort.fc
+++ /dev/null
@@ -1,9 +0,0 @@
-/etc/rc\.d/init\.d/snortd --	gen_context(system_u:object_r:snort_initrc_exec_t,s0)
-/etc/snort(/.*)?		gen_context(system_u:object_r:snort_etc_t,s0)
-
-/usr/s?bin/snort	--	gen_context(system_u:object_r:snort_exec_t,s0)
-/usr/sbin/snort-plain	--	gen_context(system_u:object_r:snort_exec_t,s0)
-
-/var/log/snort(/.*)?		gen_context(system_u:object_r:snort_log_t,s0)
-
-/var/run/snort.*	--	gen_context(system_u:object_r:snort_var_run_t,s0)
diff --git a/policy/modules/services/snort.if b/policy/modules/services/snort.if
deleted file mode 100644
index 88ebedb..0000000
--- a/policy/modules/services/snort.if
+++ /dev/null
@@ -1,60 +0,0 @@
-## <summary>Snort network intrusion detection system</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run snort.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`snort_domtrans',`
-	gen_require(`
-		type snort_t, snort_exec_t;
-	')
-
-	domtrans_pattern($1, snort_exec_t, snort_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an snort environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the snort domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`snort_admin',`
-	gen_require(`
-		type snort_t, snort_var_run_t, snort_log_t;
-		type snort_etc_t, snort_initrc_exec_t;
-	')
-
-	allow $1 snort_t:process { ptrace signal_perms };
-	ps_process_pattern($1, snort_t)
-
-	init_labeled_script_domtrans($1, snort_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 snort_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	admin_pattern($1, snort_etc_t)
-	files_list_etc($1)
-
-	admin_pattern($1, snort_log_t)
-	logging_list_logs($1)
-
-	admin_pattern($1, snort_var_run_t)
-	files_list_pids($1)
-')
diff --git a/policy/modules/services/snort.te b/policy/modules/services/snort.te
deleted file mode 100644
index 012723c..0000000
--- a/policy/modules/services/snort.te
+++ /dev/null
@@ -1,117 +0,0 @@
-policy_module(snort, 1.9.1)
-
-########################################
-#
-# Declarations
-#
-
-type snort_t;
-type snort_exec_t;
-init_daemon_domain(snort_t, snort_exec_t)
-
-type snort_etc_t;
-files_config_file(snort_etc_t)
-
-type snort_initrc_exec_t;
-init_script_file(snort_initrc_exec_t)
-
-type snort_log_t;
-logging_log_file(snort_log_t)
-
-type snort_tmp_t;
-files_tmp_file(snort_tmp_t)
-
-type snort_var_run_t;
-files_pid_file(snort_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow snort_t self:capability { setgid setuid net_admin net_raw dac_override };
-dontaudit snort_t self:capability sys_tty_config;
-allow snort_t self:process signal_perms;
-allow snort_t self:netlink_route_socket create_netlink_socket_perms;
-allow snort_t self:tcp_socket create_stream_socket_perms;
-allow snort_t self:udp_socket create_socket_perms;
-allow snort_t self:packet_socket create_socket_perms;
-allow snort_t self:socket create_socket_perms;
-# Snort IPS node. unverified.
-allow snort_t self:netlink_firewall_socket create_socket_perms;
-
-allow snort_t snort_etc_t:dir list_dir_perms;
-allow snort_t snort_etc_t:file read_file_perms;
-allow snort_t snort_etc_t:lnk_file read_lnk_file_perms;
-
-manage_files_pattern(snort_t, snort_log_t, snort_log_t)
-create_dirs_pattern(snort_t, snort_log_t, snort_log_t)
-logging_log_filetrans(snort_t, snort_log_t, { file dir })
-
-manage_dirs_pattern(snort_t, snort_tmp_t, snort_tmp_t)
-manage_files_pattern(snort_t, snort_tmp_t, snort_tmp_t)
-files_tmp_filetrans(snort_t, snort_tmp_t, { file dir })
-
-manage_files_pattern(snort_t, snort_var_run_t, snort_var_run_t)
-files_pid_filetrans(snort_t, snort_var_run_t, file)
-
-kernel_read_kernel_sysctls(snort_t)
-kernel_read_sysctl(snort_t)
-kernel_list_proc(snort_t)
-kernel_read_proc_symlinks(snort_t)
-kernel_request_load_module(snort_t)
-kernel_dontaudit_read_system_state(snort_t)
-kernel_read_network_state(snort_t)
-
-corenet_all_recvfrom_unlabeled(snort_t)
-corenet_all_recvfrom_netlabel(snort_t)
-corenet_tcp_sendrecv_generic_if(snort_t)
-corenet_udp_sendrecv_generic_if(snort_t)
-corenet_raw_sendrecv_generic_if(snort_t)
-corenet_tcp_sendrecv_generic_node(snort_t)
-corenet_udp_sendrecv_generic_node(snort_t)
-corenet_raw_sendrecv_generic_node(snort_t)
-corenet_tcp_sendrecv_all_ports(snort_t)
-corenet_udp_sendrecv_all_ports(snort_t)
-corenet_tcp_connect_prelude_port(snort_t)
-
-dev_read_sysfs(snort_t)
-dev_read_rand(snort_t)
-dev_read_urand(snort_t)
-dev_read_usbmon_dev(snort_t)
-# Red Hat bug 559861: Snort wants read, write, and ioctl on /dev/usbmon
-# Snort uses libpcap, which can also monitor USB traffic. Maybe this is a side effect?
-dev_rw_generic_usb_dev(snort_t)
-
-domain_use_interactive_fds(snort_t)
-
-files_read_etc_files(snort_t)
-files_dontaudit_read_etc_runtime_files(snort_t)
-
-fs_getattr_all_fs(snort_t)
-fs_search_auto_mountpoints(snort_t)
-
-init_read_utmp(snort_t)
-
-logging_send_syslog_msg(snort_t)
-
-miscfiles_read_localization(snort_t)
-
-sysnet_read_config(snort_t)
-# snorts must be able to resolve dns in case it wants to relay to a remote prelude-manager
-sysnet_dns_name_resolve(snort_t)
-
-userdom_dontaudit_use_unpriv_user_fds(snort_t)
-userdom_dontaudit_search_user_home_dirs(snort_t)
-
-optional_policy(`
-	prelude_manage_spool(snort_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(snort_t)
-')
-
-optional_policy(`
-	udev_read_db(snort_t)
-')
diff --git a/policy/modules/services/soundserver.fc b/policy/modules/services/soundserver.fc
deleted file mode 100644
index d89b2cb..0000000
--- a/policy/modules/services/soundserver.fc
+++ /dev/null
@@ -1,13 +0,0 @@
-/etc/nas(/.*)?			gen_context(system_u:object_r:soundd_etc_t,s0)
-/etc/rc\.d/init\.d/nasd	--	gen_context(system_u:object_r:soundd_initrc_exec_t,s0)
-/etc/yiff(/.*)?			gen_context(system_u:object_r:soundd_etc_t,s0)
-
-/usr/bin/nasd		--	gen_context(system_u:object_r:soundd_exec_t,s0)
-/usr/bin/gpe-soundserver --	gen_context(system_u:object_r:soundd_exec_t,s0)
-
-/usr/sbin/yiff		--	gen_context(system_u:object_r:soundd_exec_t,s0)
-
-/var/run/nasd(/.*)?		gen_context(system_u:object_r:soundd_var_run_t,s0)
-/var/run/yiff-[0-9]+\.pid --	gen_context(system_u:object_r:soundd_var_run_t,s0)
-
-/var/state/yiff(/.*)?		gen_context(system_u:object_r:soundd_state_t,s0)
diff --git a/policy/modules/services/soundserver.if b/policy/modules/services/soundserver.if
deleted file mode 100644
index 4a15633..0000000
--- a/policy/modules/services/soundserver.if
+++ /dev/null
@@ -1,56 +0,0 @@
-## <summary>sound server for network audio server programs, nasd, yiff, etc</summary>
-
-########################################
-## <summary>
-##	Connect to the sound server over a TCP socket  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`soundserver_tcp_connect',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an soundd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the soundd domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`soundserver_admin',`
-	gen_require(`
-		type soundd_t, soundd_etc_t, soundd_initrc_exec_t;
-		type soundd_tmp_t, soundd_var_run_t;
-	')
-
-	allow $1 soundd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, soundd_t)
-
-	init_labeled_script_domtrans($1, soundd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 soundd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, soundd_etc_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, soundd_tmp_t)
-
-	files_list_pids($1)
-	admin_pattern($1, soundd_var_run_t)
-')
diff --git a/policy/modules/services/soundserver.te b/policy/modules/services/soundserver.te
deleted file mode 100644
index 3217605..0000000
--- a/policy/modules/services/soundserver.te
+++ /dev/null
@@ -1,114 +0,0 @@
-policy_module(soundserver, 1.8.0)
-
-########################################
-#
-# Declarations
-#
-
-type soundd_t;
-type soundd_exec_t;
-init_daemon_domain(soundd_t, soundd_exec_t)
-
-type soundd_etc_t alias etc_soundd_t;
-files_config_file(soundd_etc_t)
-
-type soundd_initrc_exec_t;
-init_script_file(soundd_initrc_exec_t)
-
-type soundd_state_t;
-files_type(soundd_state_t)
-
-type soundd_tmp_t;
-files_tmp_file(soundd_tmp_t)
-
-# for yiff - probably need some rules for the client support too
-type soundd_tmpfs_t;
-files_tmpfs_file(soundd_tmpfs_t)
-
-type soundd_var_run_t;
-files_pid_file(soundd_var_run_t)
-
-########################################
-#
-# Declarations
-#
-
-allow soundd_t self:capability dac_override;
-dontaudit soundd_t self:capability sys_tty_config;
-allow soundd_t self:process { setpgid signal_perms };
-allow soundd_t self:tcp_socket create_stream_socket_perms;
-allow soundd_t self:udp_socket create_socket_perms;
-allow soundd_t self:unix_stream_socket { connectto create_stream_socket_perms };
-
-# for yiff
-allow soundd_t self:shm create_shm_perms;
-
-read_files_pattern(soundd_t, soundd_etc_t, soundd_etc_t)
-read_lnk_files_pattern(soundd_t, soundd_etc_t, soundd_etc_t)
-
-manage_files_pattern(soundd_t, soundd_state_t, soundd_state_t)
-manage_lnk_files_pattern(soundd_t, soundd_state_t, soundd_state_t)
-
-manage_dirs_pattern(soundd_t, soundd_tmp_t, soundd_tmp_t)
-manage_files_pattern(soundd_t, soundd_tmp_t, soundd_tmp_t)
-files_tmp_filetrans(soundd_t, soundd_tmp_t, { file dir })
-
-manage_files_pattern(soundd_t, soundd_tmpfs_t, soundd_tmpfs_t)
-manage_lnk_files_pattern(soundd_t, soundd_tmpfs_t, soundd_tmpfs_t)
-manage_fifo_files_pattern(soundd_t, soundd_tmpfs_t, soundd_tmpfs_t)
-manage_sock_files_pattern(soundd_t, soundd_tmpfs_t, soundd_tmpfs_t)
-fs_tmpfs_filetrans(soundd_t, soundd_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-manage_sock_files_pattern(soundd_t, soundd_var_run_t, soundd_var_run_t)
-manage_files_pattern(soundd_t, soundd_var_run_t, soundd_var_run_t)
-manage_dirs_pattern(soundd_t, soundd_var_run_t, soundd_var_run_t)
-files_pid_filetrans(soundd_t, soundd_var_run_t, { file dir })
-
-kernel_read_kernel_sysctls(soundd_t)
-kernel_list_proc(soundd_t)
-kernel_read_proc_symlinks(soundd_t)
-
-corenet_all_recvfrom_unlabeled(soundd_t)
-corenet_all_recvfrom_netlabel(soundd_t)
-corenet_tcp_sendrecv_generic_if(soundd_t)
-corenet_udp_sendrecv_generic_if(soundd_t)
-corenet_tcp_sendrecv_generic_node(soundd_t)
-corenet_udp_sendrecv_generic_node(soundd_t)
-corenet_tcp_sendrecv_all_ports(soundd_t)
-corenet_udp_sendrecv_all_ports(soundd_t)
-corenet_tcp_bind_generic_node(soundd_t)
-corenet_tcp_bind_soundd_port(soundd_t)
-corenet_sendrecv_soundd_server_packets(soundd_t)
-
-dev_read_sysfs(soundd_t)
-dev_read_sound(soundd_t)
-dev_write_sound(soundd_t)
-
-domain_use_interactive_fds(soundd_t)
-
-files_read_etc_files(soundd_t)
-files_read_etc_runtime_files(soundd_t)
-
-fs_getattr_all_fs(soundd_t)
-fs_search_auto_mountpoints(soundd_t)
-
-logging_send_syslog_msg(soundd_t)
-
-miscfiles_read_localization(soundd_t)
-
-sysnet_read_config(soundd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(soundd_t)
-userdom_dontaudit_search_user_home_dirs(soundd_t)
-
-optional_policy(`
-	alsa_domtrans(soundd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(soundd_t)
-')
-
-optional_policy(`
-	udev_read_db(soundd_t)
-')
diff --git a/policy/modules/services/spamassassin.fc b/policy/modules/services/spamassassin.fc
deleted file mode 100644
index 540981f..0000000
--- a/policy/modules/services/spamassassin.fc
+++ /dev/null
@@ -1,26 +0,0 @@
-HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamc_home_t,s0)
-/root/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamc_home_t,s0)
-
-/etc/rc\.d/init\.d/spamd	--	gen_context(system_u:object_r:spamd_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/mimedefang.*	--	gen_context(system_u:object_r:spamd_initrc_exec_t,s0)
-
-/usr/bin/sa-learn	--	gen_context(system_u:object_r:spamc_exec_t,s0)
-/usr/bin/spamassassin	--	gen_context(system_u:object_r:spamc_exec_t,s0)
-/usr/bin/spamc		--	gen_context(system_u:object_r:spamc_exec_t,s0)
-/usr/bin/spamd		--	gen_context(system_u:object_r:spamd_exec_t,s0)
-
-/usr/sbin/spamd		--	gen_context(system_u:object_r:spamd_exec_t,s0)
-/usr/bin/mimedefang-multiplexor --	gen_context(system_u:object_r:spamd_exec_t,s0)
-
-/var/lib/spamassassin(/.*)?	gen_context(system_u:object_r:spamd_var_lib_t,s0)
-/var/lib/spamassassin/compiled(/.*)?	gen_context(system_u:object_r:spamd_compiled_t,s0)
-
-/var/log/spamd\.log	--	gen_context(system_u:object_r:spamd_log_t,s0)
-/var/log/mimedefang	--	gen_context(system_u:object_r:spamd_log_t,s0)
-
-/var/run/spamassassin(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
-
-/var/spool/spamassassin(/.*)?	gen_context(system_u:object_r:spamd_spool_t,s0)
-/var/spool/spamd(/.*)?		gen_context(system_u:object_r:spamd_spool_t,s0)
-/var/spool/MD-Quarantine(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
-/var/spool/MIMEDefang(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
diff --git a/policy/modules/services/spamassassin.if b/policy/modules/services/spamassassin.if
deleted file mode 100644
index 7f57f22..0000000
--- a/policy/modules/services/spamassassin.if
+++ /dev/null
@@ -1,341 +0,0 @@
-## <summary>Filter used for removing unsolicited email.</summary>
-
-########################################
-## <summary>
-##	Role access for spamassassin
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`spamassassin_role',`
-	gen_require(`
-		type spamc_t, spamc_exec_t, spamc_tmp_t;
-		type spamassassin_t, spamassassin_exec_t;
-		type spamassassin_home_t, spamassassin_tmp_t;
-	')
-
-	role $1 types { spamc_t spamassassin_t };
-
-	domtrans_pattern($2, spamassassin_exec_t, spamassassin_t)
-
-	allow $2 spamassassin_t:process { ptrace signal_perms };
-	ps_process_pattern($2, spamassassin_t)
-
-	domtrans_pattern($2, spamc_exec_t, spamc_t)
-
-	allow $2 spamc_t:process { ptrace signal_perms };
-	ps_process_pattern($2, spamc_t)
-
-	manage_dirs_pattern($2, spamassassin_home_t, spamassassin_home_t)
-	manage_files_pattern($2, spamassassin_home_t, spamassassin_home_t)
-	manage_lnk_files_pattern($2, spamassassin_home_t, spamassassin_home_t)
-	relabel_dirs_pattern($2, spamassassin_home_t, spamassassin_home_t)
-	relabel_files_pattern($2, spamassassin_home_t, spamassassin_home_t)
-	relabel_lnk_files_pattern($2, spamassassin_home_t, spamassassin_home_t)
-')
-
-########################################
-## <summary>
-##	Execute the standalone spamassassin
-##	program in the caller directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_exec',`
-	gen_require(`
-		type spamassassin_exec_t;
-	')
-
-	can_exec($1, spamassassin_exec_t)
-')
-
-########################################
-## <summary>
-##	Singnal the spam assassin daemon
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_signal_spamd',`
-	gen_require(`
-		type spamd_t;
-	')
-
-	allow $1 spamd_t:process signal;
-')
-
-########################################
-## <summary>
-##	Execute the spamassassin daemon
-##	program in the caller directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_exec_spamd',`
-	gen_require(`
-		type spamd_exec_t;
-	')
-
-	can_exec($1, spamd_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute spamassassin client in the spamassassin client domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_domtrans_client',`
-	gen_require(`
-		type spamc_t, spamc_exec_t;
-	')
-
-	domtrans_pattern($1, spamc_exec_t, spamc_t)
-	allow $1 spamc_exec_t:file ioctl;
-')
-
-########################################
-## <summary>
-##	Send kill signal to spamassassin client
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_kill_client',`
-	gen_require(`
-		type spamc_t;
-	')
-
-	allow $1 spamc_t:process sigkill;
-')
-
-########################################
-## <summary>
-##	Manage spamc home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_manage_home_client',`
-	gen_require(`
-		type spamc_home_t;
-	')
-
-	userdom_search_user_home_dirs($1)
-	manage_dirs_pattern($1, spamc_home_t, spamc_home_t)
-	manage_files_pattern($1, spamc_home_t, spamc_home_t)
-	manage_lnk_files_pattern($1, spamc_home_t, spamc_home_t)
-')
-
-########################################
-## <summary>
-##	Execute the spamassassin client
-##	program in the caller directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_exec_client',`
-	gen_require(`
-		type spamc_exec_t;
-	')
-
-	can_exec($1, spamc_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute spamassassin standalone client in the user spamassassin domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_domtrans_local_client',`
-	gen_require(`
-		type spamassassin_t, spamassassin_exec_t;
-	')
-
-	domtrans_pattern($1, spamassassin_exec_t, spamassassin_t)
-')
-
-########################################
-## <summary>
-##	read spamd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_read_lib_files',`
-	gen_require(`
-		type spamd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	list_dirs_pattern($1, spamd_var_lib_t, spamd_var_lib_t)
-	read_files_pattern($1, spamd_var_lib_t, spamd_var_lib_t)
-	read_lnk_files_pattern($1, spamd_var_lib_t, spamd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	spamd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_manage_lib_files',`
-	gen_require(`
-		type spamd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, spamd_var_lib_t, spamd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Read temporary spamd file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_read_spamd_tmp_files',`
-	gen_require(`
-		type spamd_tmp_t;
-	')
-
-	files_search_tmp($1)
-	allow $1 spamd_tmp_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get attributes of temporary
-##	spamd sockets/
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_dontaudit_getattr_spamd_tmp_sockets',`
-	gen_require(`
-		type spamd_tmp_t;
-	')
-
-	dontaudit $1 spamd_tmp_t:sock_file getattr_sock_file_perms;
-')
-
-########################################
-## <summary>
-##	Connect to run spamd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to connect.
-##	</summary>
-## </param>
-#
-interface(`spamd_stream_connect',`
-	gen_require(`
-		type spamd_t, spamd_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, spamd_var_run_t, spamd_var_run_t, spamd_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an spamassassin environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the spamassassin domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`spamassassin_spamd_admin',`
-	gen_require(`
-		type spamd_t, spamd_tmp_t, spamd_log_t;
-		type spamd_spool_t, spamd_var_lib_t, spamd_var_run_t;
-		type spamd_initrc_exec_t;
-	')
-
-	allow $1 spamd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, spamd_t)
-
-	init_labeled_script_domtrans($1, spamd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 spamd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_tmp($1)
-	admin_pattern($1, spamd_tmp_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, spamd_log_t)
-
-	files_list_spool($1)
-	admin_pattern($1, spamd_spool_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, spamd_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, spamd_var_run_t)
-')
diff --git a/policy/modules/services/spamassassin.te b/policy/modules/services/spamassassin.te
deleted file mode 100644
index 56e4c2e..0000000
--- a/policy/modules/services/spamassassin.te
+++ /dev/null
@@ -1,546 +0,0 @@
-policy_module(spamassassin, 2.3.1)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow user spamassassin clients to use the network.
-##	</p>
-## </desc>
-gen_tunable(spamassassin_can_network, false)
-
-## <desc>
-##	<p>
-##	Allow spamd to read/write user home directories.
-##	</p>
-## </desc>
-gen_tunable(spamd_enable_home_dirs, true)
-
-ifdef(`distro_redhat',`
-	# spamassassin client executable
-	type spamc_t;
-	type spamc_exec_t;
-	application_domain(spamc_t, spamc_exec_t)
-	role system_r types spamc_t;
-
-	type spamd_etc_t;
-	files_config_file(spamd_etc_t)
-
-	typealias spamc_exec_t  alias spamassassin_exec_t;
-	typealias spamc_t alias spamassassin_t;
-
-	type spamc_home_t;
-	userdom_user_home_content(spamc_home_t)
-	typealias spamc_home_t alias { spamassassin_home_t user_spamassassin_home_t staff_spamassassin_home_t sysadm_spamassassin_home_t };
-	typealias spamc_home_t alias { auditadm_spamassassin_home_t secadm_spamassassin_home_t };
-	typealias spamc_home_t alias { user_spamc_home_t staff_spamc_home_t sysadm_spamc_home_t };
-	typealias spamc_home_t alias { auditadm_spamc_home_t secadm_spamc_home_t };
-
-	type spamc_tmp_t;
-	files_tmp_file(spamc_tmp_t)
-	typealias spamc_tmp_t alias spamassassin_tmp_t;
-	typealias spamc_tmp_t alias { user_spamassassin_tmp_t staff_spamassassin_tmp_t sysadm_spamassassin_tmp_t };
-	typealias spamc_tmp_t alias { auditadm_spamassassin_tmp_t secadm_spamassassin_tmp_t };
-
-	typealias spamc_tmp_t alias { user_spamc_tmp_t staff_spamc_tmp_t sysadm_spamc_tmp_t };
-	typealias spamc_tmp_t alias { auditadm_spamc_tmp_t secadm_spamc_tmp_t };
-',`
-	type spamassassin_t;
-	type spamassassin_exec_t;
-	typealias spamassassin_t alias { user_spamassassin_t staff_spamassassin_t sysadm_spamassassin_t };
-	typealias spamassassin_t alias { auditadm_spamassassin_t secadm_spamassassin_t };
-	application_domain(spamassassin_t, spamassassin_exec_t)
-	ubac_constrained(spamassassin_t)
-
-	type spamassassin_home_t;
-	typealias spamassassin_home_t alias { user_spamassassin_home_t staff_spamassassin_home_t sysadm_spamassassin_home_t };
-	typealias spamassassin_home_t alias { auditadm_spamassassin_home_t secadm_spamassassin_home_t };
-	userdom_user_home_content(spamassassin_home_t)
-
-	type spamassassin_tmp_t;
-	typealias spamassassin_tmp_t alias { user_spamassassin_tmp_t staff_spamassassin_tmp_t sysadm_spamassassin_tmp_t };
-	typealias spamassassin_tmp_t alias { auditadm_spamassassin_tmp_t secadm_spamassassin_tmp_t };
-	files_tmp_file(spamassassin_tmp_t)
-	ubac_constrained(spamassassin_tmp_t)
-
-	type spamc_t;
-	type spamc_exec_t;
-	typealias spamc_t alias { user_spamc_t staff_spamc_t sysadm_spamc_t };
-	typealias spamc_t alias { auditadm_spamc_t secadm_spamc_t };
-	application_domain(spamc_t, spamc_exec_t)
-	ubac_constrained(spamc_t)
-
-	type spamc_tmp_t;
-	typealias spamc_tmp_t alias { user_spamc_tmp_t staff_spamc_tmp_t sysadm_spamc_tmp_t };
-	typealias spamc_tmp_t alias { auditadm_spamc_tmp_t secadm_spamc_tmp_t };
-	files_tmp_file(spamc_tmp_t)
-	ubac_constrained(spamc_tmp_t)
-')
-
-type spamd_t;
-type spamd_exec_t;
-init_daemon_domain(spamd_t, spamd_exec_t)
-
-type spamd_compiled_t;
-files_type(spamd_compiled_t)
-
-type spamd_initrc_exec_t;
-init_script_file(spamd_initrc_exec_t)
-
-type spamd_log_t;
-logging_log_file(spamd_log_t)
-
-type spamd_spool_t;
-files_type(spamd_spool_t)
-
-type spamd_tmp_t;
-files_tmp_file(spamd_tmp_t)
-
-# var/lib files
-type spamd_var_lib_t;
-files_type(spamd_var_lib_t)
-
-type spamd_var_run_t;
-files_pid_file(spamd_var_run_t)
-
-##############################
-#
-# Standalone program local policy
-#
-
-allow spamassassin_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow spamassassin_t self:fd use;
-allow spamassassin_t self:fifo_file rw_fifo_file_perms;
-allow spamassassin_t self:sock_file read_sock_file_perms;
-allow spamassassin_t self:unix_dgram_socket create_socket_perms;
-allow spamassassin_t self:unix_stream_socket create_stream_socket_perms;
-allow spamassassin_t self:unix_dgram_socket sendto;
-allow spamassassin_t self:unix_stream_socket connectto;
-allow spamassassin_t self:shm create_shm_perms;
-allow spamassassin_t self:sem create_sem_perms;
-allow spamassassin_t self:msgq create_msgq_perms;
-allow spamassassin_t self:msg { send receive };
-
-manage_dirs_pattern(spamassassin_t, spamassassin_home_t, spamassassin_home_t)
-manage_files_pattern(spamassassin_t, spamassassin_home_t, spamassassin_home_t)
-manage_lnk_files_pattern(spamassassin_t, spamassassin_home_t, spamassassin_home_t)
-manage_fifo_files_pattern(spamassassin_t, spamassassin_home_t, spamassassin_home_t)
-manage_sock_files_pattern(spamassassin_t, spamassassin_home_t, spamassassin_home_t)
-userdom_user_home_dir_filetrans(spamassassin_t, spamassassin_home_t, { dir file lnk_file sock_file fifo_file })
-
-manage_dirs_pattern(spamassassin_t, spamassassin_tmp_t, spamassassin_tmp_t)
-manage_files_pattern(spamassassin_t, spamassassin_tmp_t, spamassassin_tmp_t)
-files_tmp_filetrans(spamassassin_t, spamassassin_tmp_t, { file dir })
-
-manage_dirs_pattern(spamd_t, spamassassin_home_t, spamassassin_home_t)
-manage_files_pattern(spamd_t, spamassassin_home_t, spamassassin_home_t)
-manage_lnk_files_pattern(spamd_t, spamassassin_home_t, spamassassin_home_t)
-manage_fifo_files_pattern(spamd_t, spamassassin_home_t, spamassassin_home_t)
-manage_sock_files_pattern(spamd_t, spamassassin_home_t, spamassassin_home_t)
-userdom_user_home_dir_filetrans(spamd_t, spamassassin_home_t, { dir file lnk_file sock_file fifo_file })
-
-kernel_read_kernel_sysctls(spamassassin_t)
-
-dev_read_urand(spamassassin_t)
-
-fs_search_auto_mountpoints(spamassassin_t)
-fs_getattr_all_fs(spamassassin_t)
-
-# this should probably be removed
-corecmd_list_bin(spamassassin_t)
-corecmd_read_bin_symlinks(spamassassin_t)
-corecmd_read_bin_files(spamassassin_t)
-corecmd_read_bin_pipes(spamassassin_t)
-corecmd_read_bin_sockets(spamassassin_t)
-
-domain_use_interactive_fds(spamassassin_t)
-
-files_read_etc_files(spamassassin_t)
-files_read_etc_runtime_files(spamassassin_t)
-files_list_home(spamassassin_t)
-files_read_usr_files(spamassassin_t)
-files_dontaudit_search_var(spamassassin_t)
-
-logging_send_syslog_msg(spamassassin_t)
-
-miscfiles_read_localization(spamassassin_t)
-
-# cjp: this could probably be removed
-seutil_read_config(spamassassin_t)
-
-sysnet_dns_name_resolve(spamassassin_t)
-
-# set tunable if you have spamassassin do DNS lookups
-tunable_policy(`spamassassin_can_network',`
-	allow spamassassin_t self:tcp_socket create_stream_socket_perms;
-	allow spamassassin_t self:udp_socket create_socket_perms;
-
-	corenet_all_recvfrom_unlabeled(spamassassin_t)
-	corenet_all_recvfrom_netlabel(spamassassin_t)
-	corenet_tcp_sendrecv_generic_if(spamassassin_t)
-	corenet_udp_sendrecv_generic_if(spamassassin_t)
-	corenet_tcp_sendrecv_generic_node(spamassassin_t)
-	corenet_udp_sendrecv_generic_node(spamassassin_t)
-	corenet_tcp_sendrecv_all_ports(spamassassin_t)
-	corenet_udp_sendrecv_all_ports(spamassassin_t)
-	corenet_tcp_connect_all_ports(spamassassin_t)
-	corenet_sendrecv_all_client_packets(spamassassin_t)
-	corenet_udp_bind_generic_node(spamassassin_t)
-	corenet_udp_bind_generic_port(spamassassin_t)
-	corenet_dontaudit_udp_bind_all_ports(spamassassin_t)
-
-	sysnet_read_config(spamassassin_t)
-')
-
-tunable_policy(`spamd_enable_home_dirs',`
-	userdom_manage_user_home_content_dirs(spamd_t)
-	userdom_manage_user_home_content_files(spamd_t)
-	userdom_manage_user_home_content_symlinks(spamd_t)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(spamassassin_t)
-	fs_manage_nfs_files(spamassassin_t)
-	fs_manage_nfs_symlinks(spamassassin_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(spamassassin_t)
-	fs_manage_cifs_files(spamassassin_t)
-	fs_manage_cifs_symlinks(spamassassin_t)
-')
-
-optional_policy(`
-	# Write pid file and socket in ~/.evolution/cache/tmp
-	evolution_home_filetrans(spamd_t, spamd_tmp_t, { file sock_file })
-')
-
-optional_policy(`
-	tunable_policy(`spamassassin_can_network && allow_ypbind',`
-		nis_use_ypbind_uncond(spamassassin_t)
-	')
-')
-
-optional_policy(`
-	mta_read_config(spamassassin_t)
-	sendmail_stub(spamassassin_t)
-	sendmail_dontaudit_rw_unix_stream_sockets(spamassassin_t)
-	sendmail_dontaudit_rw_tcp_sockets(spamassassin_t)
-')
-
-########################################
-#
-# Client local policy
-#
-
-allow spamc_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow spamc_t self:fd use;
-allow spamc_t self:fifo_file rw_fifo_file_perms;
-allow spamc_t self:sock_file read_sock_file_perms;
-allow spamc_t self:shm create_shm_perms;
-allow spamc_t self:sem create_sem_perms;
-allow spamc_t self:msgq create_msgq_perms;
-allow spamc_t self:msg { send receive };
-allow spamc_t self:unix_dgram_socket create_socket_perms;
-allow spamc_t self:unix_stream_socket create_stream_socket_perms;
-allow spamc_t self:unix_dgram_socket sendto;
-allow spamc_t self:unix_stream_socket connectto;
-allow spamc_t self:tcp_socket create_stream_socket_perms;
-allow spamc_t self:udp_socket create_socket_perms;
-
-can_exec(spamc_t, spamc_exec_t)
-
-manage_dirs_pattern(spamc_t, spamc_tmp_t, spamc_tmp_t)
-manage_files_pattern(spamc_t, spamc_tmp_t, spamc_tmp_t)
-files_tmp_filetrans(spamc_t, spamc_tmp_t, { file dir })
-
-manage_dirs_pattern(spamc_t, spamc_home_t, spamc_home_t)
-manage_files_pattern(spamc_t, spamc_home_t, spamc_home_t)
-manage_lnk_files_pattern(spamc_t, spamc_home_t, spamc_home_t)
-manage_fifo_files_pattern(spamc_t, spamc_home_t, spamc_home_t)
-manage_sock_files_pattern(spamc_t, spamc_home_t, spamc_home_t)
-userdom_user_home_dir_filetrans(spamc_t, spamc_home_t, { dir file lnk_file sock_file fifo_file })
-userdom_append_user_home_content_files(spamc_t)
-
-list_dirs_pattern(spamc_t, spamd_var_lib_t, spamd_var_lib_t)
-read_files_pattern(spamc_t, spamd_var_lib_t, spamd_var_lib_t)
-
-# Allow connecting to a local spamd
-allow spamc_t spamd_t:unix_stream_socket connectto;
-allow spamc_t spamd_tmp_t:sock_file rw_sock_file_perms;
-spamd_stream_connect(spamc_t)
-
-kernel_read_kernel_sysctls(spamc_t)
-kernel_read_system_state(spamc_t)
-
-corenet_all_recvfrom_unlabeled(spamc_t)
-corenet_all_recvfrom_netlabel(spamc_t)
-corenet_tcp_sendrecv_generic_if(spamc_t)
-corenet_udp_sendrecv_generic_if(spamc_t)
-corenet_tcp_sendrecv_generic_node(spamc_t)
-corenet_udp_sendrecv_generic_node(spamc_t)
-corenet_tcp_sendrecv_all_ports(spamc_t)
-corenet_udp_sendrecv_all_ports(spamc_t)
-corenet_tcp_connect_all_ports(spamc_t)
-corenet_sendrecv_all_client_packets(spamc_t)
-corenet_tcp_connect_spamd_port(spamc_t)
-
-fs_search_auto_mountpoints(spamc_t)
-
-# cjp: these should probably be removed:
-corecmd_list_bin(spamc_t)
-corecmd_read_bin_symlinks(spamc_t)
-corecmd_read_bin_files(spamc_t)
-corecmd_read_bin_pipes(spamc_t)
-corecmd_read_bin_sockets(spamc_t)
-
-domain_use_interactive_fds(spamc_t)
-
-files_read_etc_files(spamc_t)
-files_read_etc_runtime_files(spamc_t)
-files_read_usr_files(spamc_t)
-files_dontaudit_search_var(spamc_t)
-# cjp: this may be removable:
-files_list_home(spamc_t)
-files_list_var_lib(spamc_t)
-
-fs_search_auto_mountpoints(spamc_t)
-
-logging_send_syslog_msg(spamc_t)
-
-auth_use_nsswitch(spamc_t)
-
-miscfiles_read_localization(spamc_t)
-
-# cjp: this should probably be removed:
-seutil_read_config(spamc_t)
-
-sysnet_read_config(spamc_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(spamc_t)
-	fs_manage_nfs_files(spamc_t)
-	fs_manage_nfs_symlinks(spamc_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(spamc_t)
-	fs_manage_cifs_files(spamc_t)
-	fs_manage_cifs_symlinks(spamc_t)
-')
-
-optional_policy(`
-	# Allow connection to spamd socket above
-	evolution_stream_connect(spamc_t)
-')
-
-optional_policy(`
-	milter_manage_spamass_state(spamc_t)
-')
-
-optional_policy(`
-	postfix_domtrans_postdrop(spamc_t)
-	postfix_search_spool(spamc_t)
-	postfix_rw_local_pipes(spamc_t)
-')
-
-optional_policy(`
-	mta_send_mail(spamc_t)
-	mta_read_config(spamc_t)
-	mta_read_queue(spamc_t)
-	sendmail_stub(spamc_t)
-	sendmail_rw_pipes(spamc_t)
-	sendmail_dontaudit_rw_tcp_sockets(spamc_t)
-')
-
-########################################
-#
-# Server local policy
-#
-
-# Spamassassin, when run as root and using per-user config files,
-# setuids to the user running spamc.  Comment this if you are not
-# using this ability.
-
-allow spamd_t self:capability { kill setuid setgid dac_override sys_tty_config };
-dontaudit spamd_t self:capability sys_tty_config;
-allow spamd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow spamd_t self:fd use;
-allow spamd_t self:fifo_file rw_fifo_file_perms;
-allow spamd_t self:sock_file read_sock_file_perms;
-allow spamd_t self:shm create_shm_perms;
-allow spamd_t self:sem create_sem_perms;
-allow spamd_t self:msgq create_msgq_perms;
-allow spamd_t self:msg { send receive };
-allow spamd_t self:unix_dgram_socket create_socket_perms;
-allow spamd_t self:unix_stream_socket create_stream_socket_perms;
-allow spamd_t self:unix_dgram_socket sendto;
-allow spamd_t self:unix_stream_socket connectto;
-allow spamd_t self:tcp_socket create_stream_socket_perms;
-allow spamd_t self:udp_socket create_socket_perms;
-
-can_exec(spamd_t, spamd_compiled_t)
-manage_dirs_pattern(spamd_t, spamd_compiled_t, spamd_compiled_t)
-manage_files_pattern(spamd_t, spamd_compiled_t, spamd_compiled_t)
-
-manage_files_pattern(spamd_t, spamd_log_t, spamd_log_t)
-logging_log_filetrans(spamd_t, spamd_log_t, file)
-
-manage_dirs_pattern(spamd_t, spamd_spool_t, spamd_spool_t)
-manage_files_pattern(spamd_t, spamd_spool_t, spamd_spool_t)
-manage_sock_files_pattern(spamd_t, spamd_spool_t, spamd_spool_t)
-files_spool_filetrans(spamd_t, spamd_spool_t, { file dir })
-
-manage_dirs_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t)
-manage_files_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t)
-files_tmp_filetrans(spamd_t, spamd_tmp_t, { file dir })
-
-# var/lib files for spamd
-allow spamd_t spamd_var_lib_t:dir list_dir_perms;
-manage_files_pattern(spamd_t, spamd_var_lib_t, spamd_var_lib_t)
-manage_lnk_files_pattern(spamd_t, spamd_var_lib_t, spamd_var_lib_t)
-
-manage_dirs_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
-manage_files_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
-manage_sock_files_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
-files_pid_filetrans(spamd_t, spamd_var_run_t, { file dir })
-
-can_exec(spamd_t, spamd_exec_t)
-
-kernel_read_all_sysctls(spamd_t)
-kernel_read_system_state(spamd_t)
-
-corenet_all_recvfrom_unlabeled(spamd_t)
-corenet_all_recvfrom_netlabel(spamd_t)
-corenet_tcp_sendrecv_generic_if(spamd_t)
-corenet_udp_sendrecv_generic_if(spamd_t)
-corenet_tcp_sendrecv_generic_node(spamd_t)
-corenet_udp_sendrecv_generic_node(spamd_t)
-corenet_tcp_sendrecv_all_ports(spamd_t)
-corenet_udp_sendrecv_all_ports(spamd_t)
-corenet_tcp_bind_generic_node(spamd_t)
-corenet_tcp_bind_spamd_port(spamd_t)
-corenet_tcp_connect_razor_port(spamd_t)
-corenet_tcp_connect_smtp_port(spamd_t)
-corenet_sendrecv_razor_client_packets(spamd_t)
-corenet_sendrecv_spamd_server_packets(spamd_t)
-# spamassassin 3.1 needs this for its
-# DnsResolver.pm module which binds to
-# random ports >= 1024.
-corenet_udp_bind_generic_node(spamd_t)
-corenet_udp_bind_generic_port(spamd_t)
-corenet_udp_bind_imaze_port(spamd_t)
-corenet_dontaudit_udp_bind_all_ports(spamd_t)
-corenet_sendrecv_imaze_server_packets(spamd_t)
-corenet_sendrecv_generic_server_packets(spamd_t)
-
-dev_read_sysfs(spamd_t)
-dev_read_urand(spamd_t)
-
-fs_getattr_all_fs(spamd_t)
-fs_search_auto_mountpoints(spamd_t)
-
-auth_dontaudit_read_shadow(spamd_t)
-
-corecmd_exec_bin(spamd_t)
-
-domain_use_interactive_fds(spamd_t)
-
-files_read_usr_files(spamd_t)
-files_read_etc_files(spamd_t)
-files_read_etc_runtime_files(spamd_t)
-# /var/lib/spamassin
-files_read_var_lib_files(spamd_t)
-
-init_dontaudit_rw_utmp(spamd_t)
-
-auth_use_nsswitch(spamd_t)
-
-logging_send_syslog_msg(spamd_t)
-
-miscfiles_read_localization(spamd_t)
-
-userdom_use_unpriv_users_fds(spamd_t)
-userdom_search_user_home_dirs(spamd_t)
-
-optional_policy(`
-	exim_manage_spool_dirs(spamd_t)
-	exim_manage_spool_files(spamd_t)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(spamd_t)
-	fs_manage_nfs_files(spamd_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(spamd_t)
-	fs_manage_cifs_files(spamd_t)
-')
-
-optional_policy(`
-	amavis_manage_lib_files(spamd_t)
-')
-
-optional_policy(`
-	cron_system_entry(spamd_t, spamd_exec_t)
-')
-
-optional_policy(`
-	daemontools_service_domain(spamd_t, spamd_exec_t)
-')
-
-optional_policy(`
-	dcc_domtrans_cdcc(spamd_t)
-	dcc_domtrans_client(spamd_t)
-	dcc_signal_client(spamd_t)
-	dcc_stream_connect_dccifd(spamd_t)
-')
-
-optional_policy(`
-	milter_manage_spamass_state(spamd_t)
-')
-
-optional_policy(`
-	mysql_tcp_connect(spamd_t)
-	mysql_search_db(spamd_t)
-	mysql_stream_connect(spamd_t)
-')
-
-optional_policy(`
-	postfix_read_config(spamd_t)
-')
-
-optional_policy(`
-	postgresql_tcp_connect(spamd_t)
-	postgresql_stream_connect(spamd_t)
-')
-
-optional_policy(`
-	pyzor_domtrans(spamd_t)
-	pyzor_signal(spamd_t)
-')
-
-optional_policy(`
-	razor_domtrans(spamd_t)
-	razor_read_lib_files(spamd_t)
-	tunable_policy(`spamd_enable_home_dirs',`
-		razor_manage_user_home_files(spamd_t)
-	')
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(spamd_t)
-')
-
-optional_policy(`
-	sendmail_stub(spamd_t)
-	mta_read_config(spamd_t)
-')
-
-optional_policy(`
-	udev_read_db(spamd_t)
-')
diff --git a/policy/modules/services/speedtouch.fc b/policy/modules/services/speedtouch.fc
deleted file mode 100644
index 9760d15..0000000
--- a/policy/modules/services/speedtouch.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-/usr/sbin/speedmgmt	--	gen_context(system_u:object_r:speedmgmt_exec_t,s0)
-
diff --git a/policy/modules/services/speedtouch.if b/policy/modules/services/speedtouch.if
deleted file mode 100644
index 826e2db..0000000
--- a/policy/modules/services/speedtouch.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>Alcatel speedtouch USB ADSL modem</summary>
diff --git a/policy/modules/services/speedtouch.te b/policy/modules/services/speedtouch.te
deleted file mode 100644
index ade10f5..0000000
--- a/policy/modules/services/speedtouch.te
+++ /dev/null
@@ -1,61 +0,0 @@
-policy_module(speedtouch, 1.4.0)
-
-#######################################
-#
-# Rules for the speedmgmt_t domain.
-#
-
-type speedmgmt_t;
-type speedmgmt_exec_t;
-init_daemon_domain(speedmgmt_t, speedmgmt_exec_t)
-
-type speedmgmt_tmp_t;
-files_tmp_file(speedmgmt_tmp_t)
-
-type speedmgmt_var_run_t;
-files_pid_file(speedmgmt_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-dontaudit speedmgmt_t self:capability sys_tty_config;
-allow speedmgmt_t self:process signal_perms;
-
-manage_dirs_pattern(speedmgmt_t, speedmgmt_tmp_t, speedmgmt_tmp_t)
-manage_files_pattern(speedmgmt_t, speedmgmt_tmp_t, speedmgmt_tmp_t)
-files_tmp_filetrans(speedmgmt_t, speedmgmt_tmp_t, { file dir })
-
-manage_files_pattern(speedmgmt_t, speedmgmt_var_run_t, speedmgmt_var_run_t)
-files_pid_filetrans(speedmgmt_t, speedmgmt_var_run_t, file)
-
-kernel_read_kernel_sysctls(speedmgmt_t)
-kernel_list_proc(speedmgmt_t)
-kernel_read_proc_symlinks(speedmgmt_t)
-
-dev_read_sysfs(speedmgmt_t)
-dev_read_usbfs(speedmgmt_t)
-
-domain_use_interactive_fds(speedmgmt_t)
-
-files_read_etc_files(speedmgmt_t)
-files_read_usr_files(speedmgmt_t)
-
-fs_getattr_all_fs(speedmgmt_t)
-fs_search_auto_mountpoints(speedmgmt_t)
-
-logging_send_syslog_msg(speedmgmt_t)
-
-miscfiles_read_localization(speedmgmt_t)
-
-userdom_dontaudit_use_unpriv_user_fds(speedmgmt_t)
-userdom_dontaudit_search_user_home_dirs(speedmgmt_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(speedmgmt_t)
-')
-
-optional_policy(`
-	udev_read_db(speedmgmt_t)
-')
diff --git a/policy/modules/services/squid.fc b/policy/modules/services/squid.fc
deleted file mode 100644
index 6cc4a90..0000000
--- a/policy/modules/services/squid.fc
+++ /dev/null
@@ -1,14 +0,0 @@
-/etc/rc\.d/init\.d/squid --	gen_context(system_u:object_r:squid_initrc_exec_t,s0)
-/etc/squid(/.*)?		gen_context(system_u:object_r:squid_conf_t,s0)
-
-/usr/lib/squid/cachemgr\.cgi -- gen_context(system_u:object_r:httpd_squid_script_exec_t,s0)
-/usr/lib64/squid/cachemgr\.cgi -- gen_context(system_u:object_r:httpd_squid_script_exec_t,s0)
-/usr/sbin/squid		--	gen_context(system_u:object_r:squid_exec_t,s0)
-/usr/share/squid(/.*)?		gen_context(system_u:object_r:squid_conf_t,s0)
-
-/var/cache/squid(/.*)?		gen_context(system_u:object_r:squid_cache_t,s0)
-/var/log/squid(/.*)?		gen_context(system_u:object_r:squid_log_t,s0)
-/var/log/squidGuard(/.*)?	gen_context(system_u:object_r:squid_log_t,s0)
-/var/run/squid\.pid	--	gen_context(system_u:object_r:squid_var_run_t,s0)
-/var/spool/squid(/.*)?		gen_context(system_u:object_r:squid_cache_t,s0)
-/var/squidGuard(/.*)?		gen_context(system_u:object_r:squid_cache_t,s0)
diff --git a/policy/modules/services/squid.if b/policy/modules/services/squid.if
deleted file mode 100644
index 1d0c078..0000000
--- a/policy/modules/services/squid.if
+++ /dev/null
@@ -1,231 +0,0 @@
-## <summary>Squid caching http proxy server</summary>
-
-########################################
-## <summary>
-##	Execute squid in the squid domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`squid_domtrans',`
-	gen_require(`
-		type squid_t, squid_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, squid_exec_t, squid_t)
-')
-
-########################################
-## <summary>
-##	Execute squid 
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`squid_exec',`
-	gen_require(`
-		type squid_exec_t;
-	')
-
-	can_exec($1, squid_exec_t)
-')
-
-########################################
-## <summary>
-##	Send generic signals to squid.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`squid_signal',`
-	gen_require(`
-		type squid_t;
-	')
-
-	allow $1 squid_t:process signal;
-')
-
-########################################
-## <summary>
-##	Allow read and write squid
-##	unix domain stream sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`squid_rw_stream_sockets',`
-	gen_require(`
-		type squid_t;
-	')
-
-	allow $1 squid_t:unix_stream_socket rw_socket_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search squid cache dirs
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`squid_dontaudit_search_cache',`
-	gen_require(`
-		type squid_cache_t;
-	')
-
-	dontaudit $1 squid_cache_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read squid configuration file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`squid_read_config',`
-	gen_require(`
-		type squid_conf_t;
-	')
-
-	files_search_etc($1)
-	read_files_pattern($1, squid_conf_t, squid_conf_t)
-')
-
-########################################
-## <summary>
-##	Append squid logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`squid_read_log',`
-	gen_require(`
-		type squid_log_t;
-	')
-
-	logging_search_logs($1)
-	read_files_pattern($1, squid_log_t, squid_log_t)
-')
-
-########################################
-## <summary>
-##	Append squid logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`squid_append_log',`
-	gen_require(`
-		type squid_log_t;
-	')
-
-	logging_search_logs($1)
-	append_files_pattern($1, squid_log_t, squid_log_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	squid logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`squid_manage_logs',`
-	gen_require(`
-		type squid_log_t;
-	')
-
-	logging_search_logs($1)
-	manage_files_pattern($1, squid_log_t, squid_log_t)
-')
-
-########################################
-## <summary>
-##	Use squid services by connecting over TCP.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`squid_use',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an squid environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the squid domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`squid_admin',`
-	gen_require(`
-		type squid_t, squid_cache_t, squid_conf_t;
-		type squid_log_t, squid_var_run_t, squid_initrc_exec_t;
-	')
-
-	allow $1 squid_t:process { ptrace signal_perms };
-	ps_process_pattern($1, squid_t)
-
-	init_labeled_script_domtrans($1, squid_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 squid_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_var($1)
-	admin_pattern($1, squid_cache_t)
-
-	files_list_etc($1)
-	admin_pattern($1, squid_conf_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, squid_log_t)
-
-	files_list_pids($1)
-	admin_pattern($1, squid_var_run_t)
-')
diff --git a/policy/modules/services/squid.te b/policy/modules/services/squid.te
deleted file mode 100644
index 744b172..0000000
--- a/policy/modules/services/squid.te
+++ /dev/null
@@ -1,208 +0,0 @@
-policy_module(squid, 1.10.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow squid to connect to all ports, not just
-##	HTTP, FTP, and Gopher ports.
-##	</p>
-## </desc>
-gen_tunable(squid_connect_any, false)
-
-## <desc>
-##	<p>
-##	Allow squid to run as a transparent proxy (TPROXY)
-##	</p>
-## </desc>
-gen_tunable(squid_use_tproxy, false)
-
-type squid_t;
-type squid_exec_t;
-init_daemon_domain(squid_t, squid_exec_t)
-
-# type for /var/cache/squid
-type squid_cache_t;
-files_type(squid_cache_t)
-
-type squid_conf_t;
-files_type(squid_conf_t)
-
-type squid_initrc_exec_t;
-init_script_file(squid_initrc_exec_t)
-
-type squid_log_t;
-logging_log_file(squid_log_t)
-
-type squid_tmpfs_t;
-files_tmpfs_file(squid_tmpfs_t)
-
-type squid_var_run_t;
-files_pid_file(squid_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow squid_t self:capability { setgid kill setuid dac_override sys_resource };
-dontaudit squid_t self:capability sys_tty_config;
-allow squid_t self:process ~{ ptrace setcurrent setexec setfscreate execmem execstack execheap };
-allow squid_t self:fifo_file rw_fifo_file_perms;
-allow squid_t self:sock_file read_sock_file_perms;
-allow squid_t self:fd use;
-allow squid_t self:shm create_shm_perms;
-allow squid_t self:sem create_sem_perms;
-allow squid_t self:msgq create_msgq_perms;
-allow squid_t self:msg { send receive };
-allow squid_t self:unix_stream_socket create_stream_socket_perms;
-allow squid_t self:unix_dgram_socket create_socket_perms;
-allow squid_t self:unix_dgram_socket sendto;
-allow squid_t self:unix_stream_socket connectto;
-allow squid_t self:tcp_socket create_stream_socket_perms;
-allow squid_t self:udp_socket create_socket_perms;
-
-# Grant permissions to create, access, and delete cache files.
-manage_dirs_pattern(squid_t, squid_cache_t, squid_cache_t)
-manage_files_pattern(squid_t, squid_cache_t, squid_cache_t)
-manage_lnk_files_pattern(squid_t, squid_cache_t, squid_cache_t)
-
-allow squid_t squid_conf_t:dir list_dir_perms;
-read_files_pattern(squid_t, squid_conf_t, squid_conf_t)
-read_lnk_files_pattern(squid_t, squid_conf_t, squid_conf_t)
-
-can_exec(squid_t, squid_exec_t)
-
-manage_dirs_pattern(squid_t, squid_log_t, squid_log_t)
-manage_files_pattern(squid_t, squid_log_t, squid_log_t)
-manage_lnk_files_pattern(squid_t, squid_log_t, squid_log_t)
-logging_log_filetrans(squid_t, squid_log_t, { file dir })
-
-#squid requires the following when run in diskd mode, the recommended setting
-manage_files_pattern(squid_t, squid_tmpfs_t, squid_tmpfs_t)
-fs_tmpfs_filetrans(squid_t, squid_tmpfs_t, file)
-
-manage_files_pattern(squid_t, squid_var_run_t, squid_var_run_t)
-files_pid_filetrans(squid_t, squid_var_run_t, file)
-
-kernel_read_kernel_sysctls(squid_t)
-kernel_read_system_state(squid_t)
-
-files_dontaudit_getattr_boot_dirs(squid_t)
-
-corenet_all_recvfrom_unlabeled(squid_t)
-corenet_all_recvfrom_netlabel(squid_t)
-corenet_tcp_sendrecv_generic_if(squid_t)
-corenet_udp_sendrecv_generic_if(squid_t)
-corenet_tcp_sendrecv_generic_node(squid_t)
-corenet_udp_sendrecv_generic_node(squid_t)
-corenet_tcp_sendrecv_all_ports(squid_t)
-corenet_udp_sendrecv_all_ports(squid_t)
-corenet_tcp_bind_generic_node(squid_t)
-corenet_udp_bind_generic_node(squid_t)
-corenet_tcp_bind_http_port(squid_t)
-corenet_tcp_bind_http_cache_port(squid_t)
-corenet_udp_bind_http_cache_port(squid_t)
-corenet_tcp_bind_ftp_port(squid_t)
-corenet_tcp_bind_gopher_port(squid_t)
-corenet_udp_bind_gopher_port(squid_t)
-corenet_tcp_bind_squid_port(squid_t)
-corenet_udp_bind_squid_port(squid_t)
-corenet_udp_bind_wccp_port(squid_t)
-corenet_tcp_connect_ftp_port(squid_t)
-corenet_tcp_connect_gopher_port(squid_t)
-corenet_tcp_connect_http_port(squid_t)
-corenet_tcp_connect_http_cache_port(squid_t)
-corenet_tcp_connect_pgpkeyserver_port(squid_t)
-corenet_sendrecv_ftp_client_packets(squid_t)
-corenet_sendrecv_gopher_client_packets(squid_t)
-corenet_sendrecv_http_client_packets(squid_t)
-corenet_sendrecv_http_server_packets(squid_t)
-corenet_sendrecv_http_cache_server_packets(squid_t)
-corenet_sendrecv_http_cache_client_packets(squid_t)
-corenet_sendrecv_pgpkeyserver_client_packets(squid_t)
-corenet_sendrecv_squid_client_packets(squid_t)
-corenet_sendrecv_squid_server_packets(squid_t)
-corenet_sendrecv_wccp_server_packets(squid_t)
-
-dev_read_sysfs(squid_t)
-dev_read_urand(squid_t)
-
-fs_getattr_all_fs(squid_t)
-fs_search_auto_mountpoints(squid_t)
-fs_list_inotifyfs(squid_t)
-
-selinux_dontaudit_getattr_dir(squid_t)
-
-term_dontaudit_getattr_pty_dirs(squid_t)
-
-# to allow running programs from /usr/lib/squid (IE unlinkd)
-corecmd_exec_bin(squid_t)
-corecmd_exec_shell(squid_t)
-
-domain_use_interactive_fds(squid_t)
-
-files_read_etc_files(squid_t)
-files_read_etc_runtime_files(squid_t)
-files_read_usr_files(squid_t)
-files_search_spool(squid_t)
-files_dontaudit_getattr_tmp_dirs(squid_t)
-files_getattr_home_dir(squid_t)
-
-auth_use_nsswitch(squid_t)
-auth_domtrans_chk_passwd(squid_t)
-
-# to allow running programs from /usr/lib/squid (IE unlinkd)
-libs_exec_lib_files(squid_t)
-
-logging_send_syslog_msg(squid_t)
-
-miscfiles_read_generic_certs(squid_t)
-miscfiles_read_localization(squid_t)
-
-userdom_use_unpriv_users_fds(squid_t)
-userdom_dontaudit_search_user_home_dirs(squid_t)
-
-tunable_policy(`squid_connect_any',`
-	corenet_tcp_connect_all_ports(squid_t)
-	corenet_tcp_bind_all_ports(squid_t)
-	corenet_sendrecv_all_packets(squid_t)
-')
-
-tunable_policy(`squid_use_tproxy',`
-	allow squid_t self:capability net_admin;
-	corenet_tcp_bind_netport_port(squid_t)
-')
-
-optional_policy(`
-	apache_content_template(squid)
-
-	allow httpd_squid_script_t self:tcp_socket create_socket_perms;
-
-	corenet_all_recvfrom_unlabeled(httpd_squid_script_t)
-	corenet_all_recvfrom_netlabel(httpd_squid_script_t)
-	corenet_tcp_connect_http_cache_port(httpd_squid_script_t)
-
-	sysnet_dns_name_resolve(httpd_squid_script_t)
-
-	squid_read_config(httpd_squid_script_t)
-')
-
-optional_policy(`
-	cron_system_entry(squid_t, squid_exec_t)
-')
-
-optional_policy(`
-	samba_domtrans_winbind_helper(squid_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(squid_t)
-')
-
-optional_policy(`
-	udev_read_db(squid_t)
-')
diff --git a/policy/modules/services/ssh.fc b/policy/modules/services/ssh.fc
deleted file mode 100644
index 06da5f7..0000000
--- a/policy/modules/services/ssh.fc
+++ /dev/null
@@ -1,25 +0,0 @@
-HOME_DIR/\.ssh(/.*)?			gen_context(system_u:object_r:ssh_home_t,s0)
-HOME_DIR/\.shosts			gen_context(system_u:object_r:ssh_home_t,s0)
-
-/var/lib/gitolite/\.ssh(/.*)?		gen_context(system_u:object_r:ssh_home_t,s0)
-
-/etc/rc\.d/init\.d/sshd        --  gen_context(system_u:object_r:sshd_initrc_exec_t,s0)
-
-/etc/ssh/primes			--	gen_context(system_u:object_r:sshd_key_t,s0)
-/etc/ssh/ssh_host_key 		--	gen_context(system_u:object_r:sshd_key_t,s0)
-/etc/ssh/ssh_host_dsa_key	--	gen_context(system_u:object_r:sshd_key_t,s0)
-/etc/ssh/ssh_host_rsa_key	--	gen_context(system_u:object_r:sshd_key_t,s0)
-
-/usr/bin/ssh			--	gen_context(system_u:object_r:ssh_exec_t,s0)
-/usr/bin/ssh-agent		--	gen_context(system_u:object_r:ssh_agent_exec_t,s0)
-/usr/bin/ssh-keygen		--	gen_context(system_u:object_r:ssh_keygen_exec_t,s0)
-
-/usr/libexec/openssh/ssh-keysign --	gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
-
-/usr/sbin/sshd			--	gen_context(system_u:object_r:sshd_exec_t,s0)
-
-/var/run/sshd\.init\.pid	--	gen_context(system_u:object_r:sshd_var_run_t,s0)
-/var/run/sshd\.pid		--	gen_context(system_u:object_r:sshd_var_run_t,s0)
-
-/root/\.ssh(/.*)?			gen_context(system_u:object_r:ssh_home_t,s0)
-/root/\.shosts				gen_context(system_u:object_r:ssh_home_t,s0)
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
deleted file mode 100644
index 784c363..0000000
--- a/policy/modules/services/ssh.if
+++ /dev/null
@@ -1,781 +0,0 @@
-## <summary>Secure shell client and server policy.</summary>
-
-#######################################
-## <summary>
-##	Basic SSH client template.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a derived domains which are used
-##	for ssh client sessions.  A derived
-##	type is also created to protect the user ssh keys.
-##	</p>
-##	<p>
-##	This template was added for NX.
-##	</p>
-## </desc>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The prefix of the domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the domain.
-##	</summary>
-## </param>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-#
-template(`ssh_basic_client_template',`
-	gen_require(`
-		attribute ssh_server;
-		type ssh_exec_t, sshd_key_t, sshd_tmp_t;
-		type ssh_home_t;
-	')
-
-	##############################
-	#
-	# Declarations
-	#
-
-	type $1_ssh_t;
-	application_domain($1_ssh_t, ssh_exec_t)
-	role $3 types $1_ssh_t;
-
-	##############################
-	#
-	# Client local policy
-	#
-
-	allow $1_ssh_t self:capability { setuid setgid dac_override dac_read_search };
-	allow $1_ssh_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-	allow $1_ssh_t self:fd use;
-	allow $1_ssh_t self:fifo_file rw_fifo_file_perms;
-	allow $1_ssh_t self:unix_dgram_socket { create_socket_perms sendto };
-	allow $1_ssh_t self:unix_stream_socket { create_stream_socket_perms connectto };
-	allow $1_ssh_t self:shm create_shm_perms;
-	allow $1_ssh_t self:sem create_sem_perms;
-	allow $1_ssh_t self:msgq create_msgq_perms;
-	allow $1_ssh_t self:msg { send receive };
-	allow $1_ssh_t self:tcp_socket create_stream_socket_perms;
-
-	# for rsync
-	allow $1_ssh_t $2:unix_stream_socket rw_socket_perms;
-	allow $1_ssh_t $2:unix_stream_socket connectto;
-
-	# Read the ssh key file.
-	allow $1_ssh_t sshd_key_t:file read_file_perms;
-
-	# Access the ssh temporary files.
-	allow $1_ssh_t sshd_tmp_t:dir manage_dir_perms;
-	allow $1_ssh_t sshd_tmp_t:file manage_file_perms;
-	files_tmp_filetrans($1_ssh_t, sshd_tmp_t, { file dir })
-
-	# Transition from the domain to the derived domain.
-	domtrans_pattern($2, ssh_exec_t, $1_ssh_t)
-
-	# inheriting stream sockets is needed for "ssh host command" as no pty
-	# is allocated
-	# cjp: should probably fix target to be an attribute for ssh servers
-	# or "regular" (not special like sshd_extern_t) servers
-	allow $2 ssh_server:unix_stream_socket rw_stream_socket_perms;
-
-	# allow ps to show ssh
-	ps_process_pattern($2, $1_ssh_t)
-
-	# user can manage the keys and config
-	manage_files_pattern($2, ssh_home_t, ssh_home_t)
-	manage_lnk_files_pattern($2, ssh_home_t, ssh_home_t)
-	manage_sock_files_pattern($2, ssh_home_t, ssh_home_t)
-
-	# ssh client can manage the keys and config
-	manage_files_pattern($1_ssh_t, ssh_home_t, ssh_home_t)
-	read_lnk_files_pattern($1_ssh_t, ssh_home_t, ssh_home_t)
-
-	# ssh servers can read the user keys and config
-	allow ssh_server ssh_home_t:dir list_dir_perms;
-	read_files_pattern(ssh_server, ssh_home_t, ssh_home_t)
-	read_lnk_files_pattern(ssh_server, ssh_home_t, ssh_home_t)
-
-	kernel_read_kernel_sysctls($1_ssh_t)
-	kernel_read_system_state($1_ssh_t)
-
-	corenet_all_recvfrom_unlabeled($1_ssh_t)
-	corenet_all_recvfrom_netlabel($1_ssh_t)
-	corenet_tcp_sendrecv_generic_if($1_ssh_t)
-	corenet_tcp_sendrecv_generic_node($1_ssh_t)
-	corenet_tcp_sendrecv_all_ports($1_ssh_t)
-	corenet_tcp_connect_ssh_port($1_ssh_t)
-	corenet_sendrecv_ssh_client_packets($1_ssh_t)
-	corenet_tcp_bind_generic_node($1_ssh_t)
-	corenet_tcp_bind_all_unreserved_ports($1_ssh_t)
-
-	dev_read_urand($1_ssh_t)
-
-	fs_getattr_all_fs($1_ssh_t)
-	fs_search_auto_mountpoints($1_ssh_t)
-
-	# run helper programs - needed eg for x11-ssh-askpass
-	corecmd_exec_shell($1_ssh_t)
-	corecmd_exec_bin($1_ssh_t)
-
-	domain_use_interactive_fds($1_ssh_t)
-
-	files_list_home($1_ssh_t)
-	files_read_usr_files($1_ssh_t)
-	files_read_etc_runtime_files($1_ssh_t)
-	files_read_etc_files($1_ssh_t)
-	files_read_var_files($1_ssh_t)
-
-	auth_use_nsswitch($1_ssh_t)
-
-	logging_send_syslog_msg($1_ssh_t)
-	logging_read_generic_logs($1_ssh_t)
-
-	miscfiles_read_localization($1_ssh_t)
-
-	seutil_read_config($1_ssh_t)
-
-	optional_policy(`
-		kerberos_use($1_ssh_t)
-	')
-')
-
-#######################################
-## <summary>
-##	The template to define a ssh server.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a domains to be used for
-##	creating a ssh server.  This is typically done
-##	to have multiple ssh servers of different sensitivities,
-##	such as for an internal network-facing ssh server, and
-##	a external network-facing ssh server.
-##	</p>
-## </desc>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The prefix of the server domain (e.g., sshd
-##	is the prefix for sshd_t).
-##	</summary>
-## </param>
-#
-template(`ssh_server_template',`
-	type $1_t, ssh_server;
-	auth_login_pgm_domain($1_t)
-
-	type $1_devpts_t;
-	term_login_pty($1_devpts_t)
-
-	type $1_tmpfs_t;
-	files_tmpfs_file($1_tmpfs_t)
-
-	type $1_var_run_t;
-	files_pid_file($1_var_run_t)
-
-	allow $1_t self:capability { kill sys_chroot sys_nice sys_resource chown dac_override fowner fsetid net_admin setgid setuid sys_tty_config };
-	allow $1_t self:fifo_file rw_fifo_file_perms;
-	allow $1_t self:process { signal getsched setsched setrlimit setexec };
-	allow $1_t self:tcp_socket create_stream_socket_perms;
-	allow $1_t self:udp_socket create_socket_perms;
-	# ssh agent connections:
-	allow $1_t self:unix_stream_socket create_stream_socket_perms;
-	allow $1_t self:shm create_shm_perms;
-
-	allow $1_t $1_devpts_t:chr_file { rw_chr_file_perms setattr_chr_file_perms getattr_chr_file_perms relabelfrom };
-	term_create_pty($1_t, $1_devpts_t)
-
-	manage_files_pattern($1_t, $1_tmpfs_t, $1_tmpfs_t)
-	fs_tmpfs_filetrans($1_t, $1_tmpfs_t, file)
-
-	allow $1_t $1_var_run_t:file manage_file_perms;
-	files_pid_filetrans($1_t, $1_var_run_t, file)
-
-	can_exec($1_t, sshd_exec_t)
-
-	# Access key files
-	allow $1_t sshd_key_t:file read_file_perms;
-
-	kernel_read_kernel_sysctls($1_t)
-	kernel_read_network_state($1_t)
-	kernel_request_load_module(ssh_t)
-
-	corenet_all_recvfrom_unlabeled($1_t)
-	corenet_all_recvfrom_netlabel($1_t)
-	corenet_tcp_sendrecv_generic_if($1_t)
-	corenet_udp_sendrecv_generic_if($1_t)
-	corenet_raw_sendrecv_generic_if($1_t)
-	corenet_tcp_sendrecv_generic_node($1_t)
-	corenet_udp_sendrecv_generic_node($1_t)
-	corenet_raw_sendrecv_generic_node($1_t)
-	corenet_udp_sendrecv_all_ports($1_t)
-	corenet_tcp_sendrecv_all_ports($1_t)
-	corenet_tcp_bind_generic_node($1_t)
-	corenet_udp_bind_generic_node($1_t)
-	corenet_tcp_bind_ssh_port($1_t)
-	corenet_sendrecv_ssh_server_packets($1_t)
-	# -R qualifier
-	corenet_sendrecv_ssh_server_packets($1_t)
-	# tunnel feature and -w (net_admin capability also)
-	corenet_rw_tun_tap_dev($1_t)
-
-	fs_dontaudit_getattr_all_fs($1_t)
-
-	auth_rw_login_records($1_t)
-	auth_rw_faillog($1_t)
-
-	corecmd_read_bin_symlinks($1_t)
-	corecmd_getattr_bin_files($1_t)
-	# for sshd subsystems, such as sftp-server.
-	corecmd_getattr_bin_files($1_t)
-
-	domain_interactive_fd($1_t)
-	domain_dyntrans_type($1_t)
-
-	files_read_etc_files($1_t)
-	files_read_etc_runtime_files($1_t)
-	files_read_usr_files($1_t)
-
-	logging_search_logs($1_t)
-
-	miscfiles_read_localization($1_t)
-
-	userdom_dontaudit_relabelfrom_user_ptys($1_t)
-	userdom_read_user_home_content_files($1_t)
-
-	# Allow checking users mail at login
-	mta_getattr_spool($1_t)
-
-	tunable_policy(`use_nfs_home_dirs',`
-		fs_read_nfs_files($1_t)
-		fs_read_nfs_symlinks($1_t)
-	')
-
-	tunable_policy(`use_samba_home_dirs',`
-		fs_read_cifs_files($1_t)
-	')
-
-	optional_policy(`
-		kerberos_use($1_t)
-		kerberos_manage_host_rcache($1_t)
-	')
-
-	optional_policy(`
-		files_read_var_lib_symlinks($1_t)
-		nx_spec_domtrans_server($1_t)
-	')
-
-	optional_policy(`
-		rlogin_read_home_content($1_t)
-	')
-
-	optional_policy(`
-		shutdown_getattr_exec_files($1_t)
-	')
-')
-
-########################################
-## <summary>
-##	Role access for ssh
-## </summary>
-## <param name="role_prefix">
-##	<summary>
-##	The prefix of the role (e.g., user
-##	is the prefix for user_r).
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-## <rolecap/>
-#
-template(`ssh_role_template',`
-	gen_require(`
-		attribute ssh_server, ssh_agent_type;
-		type ssh_t, ssh_exec_t, ssh_tmpfs_t, ssh_home_t;
-		type ssh_agent_exec_t, ssh_keysign_t, ssh_tmpfs_t;
-		type ssh_agent_tmp_t;
-	')
-
-	##############################
-	#
-	# Declarations
-	#
-
-	role $2 types ssh_t;
-
-	type $1_ssh_agent_t, ssh_agent_type;
-	application_domain($1_ssh_agent_t, ssh_agent_exec_t)
-	domain_interactive_fd($1_ssh_agent_t)
-	ubac_constrained($1_ssh_agent_t)
-	role $2 types $1_ssh_agent_t;
-
-	##############################
-	#
-	# Local policy
-	#
-
-	# Transition from the domain to the derived domain.
-	domtrans_pattern($3, ssh_exec_t, ssh_t)
-
-	# inheriting stream sockets is needed for "ssh host command" as no pty
-	# is allocated
-	allow $3 ssh_server:unix_stream_socket rw_stream_socket_perms;
-
-	# allow ps to show ssh
-	ps_process_pattern($3, ssh_t)
-	allow $3 ssh_t:process { ptrace signal_perms };
-
-	# for rsync
-	allow ssh_t $3:unix_stream_socket rw_socket_perms;
-	allow ssh_t $3:unix_stream_socket connectto;
-
-	# user can manage the keys and config
-	manage_files_pattern($3, ssh_home_t, ssh_home_t)
-	manage_lnk_files_pattern($3, ssh_home_t, ssh_home_t)
-	manage_sock_files_pattern($3, ssh_home_t, ssh_home_t)
-	userdom_search_user_home_dirs($1_t)
-	userdom_manage_tmp_role($2, ssh_t)
-
-	##############################
-	#
-	# SSH agent local policy
-	#
-
-	allow $1_ssh_agent_t self:process setrlimit;
-	allow $1_ssh_agent_t self:capability setgid;
-
-	allow $1_ssh_agent_t { $1_ssh_agent_t $3 }:process signull;
-
-	allow $1_ssh_agent_t self:unix_stream_socket { create_stream_socket_perms connectto };
-
-	manage_dirs_pattern($1_ssh_agent_t, ssh_agent_tmp_t, ssh_agent_tmp_t)
-	manage_sock_files_pattern($1_ssh_agent_t, ssh_agent_tmp_t, ssh_agent_tmp_t)
-	files_tmp_filetrans($1_ssh_agent_t, ssh_agent_tmp_t, { dir sock_file })
-
-	# for ssh-add
-	stream_connect_pattern($3, ssh_agent_tmp_t, ssh_agent_tmp_t, $1_ssh_agent_t)
-
-	# Allow the user shell to signal the ssh program.
-	allow $3 $1_ssh_agent_t:process { ptrace signal_perms };
-
-	# allow ps to show ssh
-	ps_process_pattern($3, $1_ssh_agent_t)
-
-	domtrans_pattern($3, ssh_agent_exec_t, $1_ssh_agent_t)
-
-	kernel_read_kernel_sysctls($1_ssh_agent_t)
-
-	dev_read_urand($1_ssh_agent_t)
-	dev_read_rand($1_ssh_agent_t)
-
-	fs_search_auto_mountpoints($1_ssh_agent_t)
-
-	# transition back to normal privs upon exec
-	corecmd_shell_domtrans($1_ssh_agent_t, $3)
-	corecmd_bin_domtrans($1_ssh_agent_t, $3)
-
-	domain_use_interactive_fds($1_ssh_agent_t)
-
-	files_read_etc_files($1_ssh_agent_t)
-	files_read_etc_runtime_files($1_ssh_agent_t)
-
-	libs_read_lib_files($1_ssh_agent_t)
-
-	logging_send_syslog_msg($1_ssh_agent_t)
-
-	miscfiles_read_localization($1_ssh_agent_t)
-	miscfiles_read_generic_certs($1_ssh_agent_t)
-
-	seutil_dontaudit_read_config($1_ssh_agent_t)
-
-	# Write to the user domain tty.
-	userdom_use_user_terminals($1_ssh_agent_t)
-
-	# for the transition back to normal privs upon exec
-	userdom_search_user_home_content($1_ssh_agent_t)
-	userdom_user_home_domtrans($1_ssh_agent_t, $3)
-
-	tunable_policy(`use_nfs_home_dirs',`
-		fs_manage_nfs_files($1_ssh_agent_t)
-
-		# transition back to normal privs upon exec
-		fs_nfs_domtrans($1_ssh_agent_t, $3)
-	')
-
-	tunable_policy(`use_samba_home_dirs',`
-		fs_manage_cifs_files($1_ssh_agent_t)
-
-		# transition back to normal privs upon exec
-		fs_cifs_domtrans($1_ssh_agent_t, $3)
-	')
-
-	optional_policy(`
-		nis_use_ypbind($1_ssh_agent_t)
-	')
-
-	optional_policy(`
-		xserver_use_xdm_fds($1_ssh_agent_t)
-		xserver_rw_xdm_pipes($1_ssh_agent_t)
-	')
-')
-
-########################################
-## <summary>
-##	Send a SIGCHLD signal to the ssh server.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ssh_sigchld',`
-	gen_require(`
-		type sshd_t;
-	')
-
-	allow $1 sshd_t:process sigchld;
-')
-
-########################################
-## <summary>
-##	Send a generic signal to the ssh server.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ssh_signal',`
-	gen_require(`
-		type sshd_t;
-	')
-
-	allow $1 sshd_t:process signal;
-')
-
-########################################
-## <summary>
-##	Read a ssh server unnamed pipe.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ssh_read_pipes',`
-	gen_require(`
-		type sshd_t;
-	')
-
-	allow $1 sshd_t:fifo_file read_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write a ssh server unnamed pipe.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ssh_rw_pipes',`
-	gen_require(`
-		type sshd_t;
-	')
-
-	allow $1 sshd_t:fifo_file rw_inherited_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write ssh server unix domain stream sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ssh_rw_stream_sockets',`
-	gen_require(`
-		type sshd_t;
-	')
-
-	allow $1 sshd_t:unix_stream_socket rw_stream_socket_perms;
-')
-
-########################################
-## <summary>
-##	Read and write ssh server TCP sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ssh_rw_tcp_sockets',`
-	gen_require(`
-		type sshd_t;
-	')
-
-	allow $1 sshd_t:tcp_socket rw_stream_socket_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write
-##	ssh server TCP sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`ssh_dontaudit_rw_tcp_sockets',`
-	gen_require(`
-		type sshd_t;
-	')
-
-	dontaudit $1 sshd_t:tcp_socket { read write };
-')
-
-########################################
-## <summary>
-##	Connect to SSH daemons over TCP sockets.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ssh_tcp_connect',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Execute the ssh daemon sshd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ssh_domtrans',`
-	gen_require(`
-		type sshd_t, sshd_exec_t;
-	')
-
-	domtrans_pattern($1, sshd_exec_t, sshd_t)
-')
-
-########################################
-## <summary>
-##	Execute sshd server in the sshd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ssh_initrc_domtrans',`
-	gen_require(`
-		type sshd_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, sshd_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute the ssh client in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ssh_exec',`
-	gen_require(`
-		type ssh_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, ssh_exec_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes of sshd key files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ssh_setattr_key_files',`
-	gen_require(`
-		type sshd_key_t;
-	')
-
-	allow $1 sshd_key_t:file setattr_file_perms;
-	files_search_pids($1)
-')
-
-########################################
-## <summary>
-##	Execute the ssh agent client in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ssh_agent_exec',`
-	gen_require(`
-		type ssh_agent_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, ssh_agent_exec_t)
-')
-
-########################################
-## <summary>
-##	Read ssh home directory content
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ssh_read_user_home_files',`
-	gen_require(`
-		type ssh_home_t;
-	')
-
-	allow $1 ssh_home_t:dir list_dir_perms;
-	read_files_pattern($1, ssh_home_t, ssh_home_t)
-	read_lnk_files_pattern($1, ssh_home_t, ssh_home_t)
-	userdom_search_user_home_dirs($1)
-')
-
-########################################
-## <summary>
-##	Execute the ssh key generator in the ssh keygen domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ssh_domtrans_keygen',`
-	gen_require(`
-		type ssh_keygen_t, ssh_keygen_exec_t;
-	')
-
-	domtrans_pattern($1, ssh_keygen_exec_t, ssh_keygen_t)
-')
-
-########################################
-## <summary>
-##	Read ssh server keys
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`ssh_dontaudit_read_server_keys',`
-	gen_require(`
-		type sshd_key_t;
-	')
-
-	dontaudit $1 sshd_key_t:file read_file_perms;
-')
-
-######################################
-## <summary>
-##	Manage ssh home directory content
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ssh_manage_home_files',`
-	gen_require(`
-		type ssh_home_t;
-	')
-
-	manage_files_pattern($1, ssh_home_t, ssh_home_t)
-	userdom_search_user_home_dirs($1)
-')
-
-#######################################
-## <summary>
-##	Delete from the ssh temp files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ssh_delete_tmp',`
-	gen_require(`
-		type sshd_tmp_t;
-	')
-
-	files_search_tmp($1)
-	delete_files_pattern($1, sshd_tmp_t, sshd_tmp_t)
-')
-
-########################################
-## <summary>
-##	Send a null signal to sshd processes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ssh_signull',`
-	gen_require(`
-		type sshd_t;
-	')
-
-	allow $1 sshd_t:process signull;
-')
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
deleted file mode 100644
index c7efe5d..0000000
--- a/policy/modules/services/ssh.te
+++ /dev/null
@@ -1,433 +0,0 @@
-policy_module(ssh, 2.2.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	allow host key based authentication
-##	</p>
-## </desc>
-gen_tunable(allow_ssh_keysign, false)
-
-## <desc>
-##	<p>
-##	Allow ssh logins as sysadm_r:sysadm_t
-##	</p>
-## </desc>
-gen_tunable(ssh_sysadm_login, false)
-
-## <desc>
-##	<p>
-##	allow sshd to forward port connections
-##	</p>
-## </desc>
-gen_tunable(sshd_forward_ports, false)
-
-attribute ssh_server;
-attribute ssh_agent_type;
-
-type ssh_keygen_t;
-type ssh_keygen_exec_t;
-init_system_domain(ssh_keygen_t, ssh_keygen_exec_t)
-
-type sshd_exec_t;
-corecmd_executable_file(sshd_exec_t)
-
-ssh_server_template(sshd)
-init_daemon_domain(sshd_t, sshd_exec_t)
-
-type sshd_initrc_exec_t;
-init_script_file(sshd_initrc_exec_t)
-
-type sshd_key_t;
-files_type(sshd_key_t)
-
-type ssh_t;
-type ssh_exec_t;
-typealias ssh_t alias { user_ssh_t staff_ssh_t sysadm_ssh_t };
-typealias ssh_t alias { auditadm_ssh_t secadm_ssh_t };
-application_domain(ssh_t, ssh_exec_t)
-ubac_constrained(ssh_t)
-
-type ssh_agent_exec_t;
-corecmd_executable_file(ssh_agent_exec_t)
-
-type ssh_agent_tmp_t;
-typealias ssh_agent_tmp_t alias { user_ssh_agent_tmp_t staff_ssh_agent_tmp_t sysadm_ssh_agent_tmp_t };
-typealias ssh_agent_tmp_t alias { auditadm_ssh_agent_tmp_t secadm_ssh_agent_tmp_t };
-files_tmp_file(ssh_agent_tmp_t)
-ubac_constrained(ssh_agent_tmp_t)
-
-type ssh_keysign_t;
-type ssh_keysign_exec_t;
-typealias ssh_keysign_t alias { user_ssh_keysign_t staff_ssh_keysign_t sysadm_ssh_keysign_t };
-typealias ssh_keysign_t alias { auditadm_ssh_keysign_t secadm_ssh_keysign_t };
-application_domain(ssh_keysign_t, ssh_keysign_exec_t)
-ubac_constrained(ssh_keysign_t)
-
-type ssh_tmpfs_t;
-typealias ssh_tmpfs_t alias { user_ssh_tmpfs_t staff_ssh_tmpfs_t sysadm_ssh_tmpfs_t };
-typealias ssh_tmpfs_t alias { auditadm_ssh_tmpfs_t secadm_ssh_tmpfs_t };
-files_tmpfs_file(ssh_tmpfs_t)
-ubac_constrained(ssh_tmpfs_t)
-
-type ssh_home_t;
-typealias ssh_home_t alias { home_ssh_t user_ssh_home_t user_home_ssh_t staff_home_ssh_t sysadm_home_ssh_t };
-typealias ssh_home_t alias { auditadm_home_ssh_t secadm_home_ssh_t };
-userdom_user_home_content(ssh_home_t)
-
-ifdef(`enable_mcs',`
-	init_ranged_daemon_domain(sshd_t, sshd_exec_t, s0 - mcs_systemhigh)
-')
-
-##############################
-#
-# SSH client local policy
-#
-
-allow ssh_t self:capability { setuid setgid dac_override dac_read_search };
-allow ssh_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow ssh_t self:fd use;
-allow ssh_t self:fifo_file rw_fifo_file_perms;
-allow ssh_t self:unix_dgram_socket { create_socket_perms sendto };
-allow ssh_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow ssh_t self:shm create_shm_perms;
-allow ssh_t self:sem create_sem_perms;
-allow ssh_t self:msgq create_msgq_perms;
-allow ssh_t self:msg { send receive };
-allow ssh_t self:tcp_socket create_stream_socket_perms;
-
-# Read the ssh key file.
-allow ssh_t sshd_key_t:file read_file_perms;
-
-manage_files_pattern(ssh_t, ssh_tmpfs_t, ssh_tmpfs_t)
-manage_lnk_files_pattern(ssh_t, ssh_tmpfs_t, ssh_tmpfs_t)
-manage_fifo_files_pattern(ssh_t, ssh_tmpfs_t, ssh_tmpfs_t)
-manage_sock_files_pattern(ssh_t, ssh_tmpfs_t, ssh_tmpfs_t)
-fs_tmpfs_filetrans(ssh_t, ssh_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-manage_dirs_pattern(ssh_t, ssh_home_t, ssh_home_t)
-manage_sock_files_pattern(ssh_t, ssh_home_t, ssh_home_t)
-userdom_user_home_dir_filetrans(ssh_t, ssh_home_t, { dir sock_file })
-userdom_stream_connect(ssh_t)
-
-# Allow the ssh program to communicate with ssh-agent.
-stream_connect_pattern(ssh_t, ssh_agent_tmp_t, ssh_agent_tmp_t, ssh_agent_type)
-
-allow ssh_t sshd_t:unix_stream_socket connectto;
-
-# ssh client can manage the keys and config
-manage_files_pattern(ssh_t, ssh_home_t, ssh_home_t)
-read_lnk_files_pattern(ssh_t, ssh_home_t, ssh_home_t)
-
-# ssh servers can read the user keys and config
-manage_dirs_pattern(ssh_server, ssh_home_t, ssh_home_t)
-manage_files_pattern(ssh_server, ssh_home_t, ssh_home_t)
-userdom_user_home_dir_filetrans(ssh_server, ssh_home_t, dir)
-userdom_admin_home_dir_filetrans(ssh_server, ssh_home_t, dir)
-
-kernel_read_kernel_sysctls(ssh_t)
-kernel_read_system_state(ssh_t)
-
-corenet_all_recvfrom_unlabeled(ssh_t)
-corenet_all_recvfrom_netlabel(ssh_t)
-corenet_tcp_sendrecv_generic_if(ssh_t)
-corenet_tcp_sendrecv_generic_node(ssh_t)
-corenet_tcp_sendrecv_all_ports(ssh_t)
-corenet_tcp_connect_ssh_port(ssh_t)
-corenet_sendrecv_ssh_client_packets(ssh_t)
-corenet_tcp_bind_generic_node(ssh_t)
-corenet_tcp_bind_all_unreserved_ports(ssh_t)
-
-dev_read_urand(ssh_t)
-
-fs_getattr_all_fs(ssh_t)
-fs_search_auto_mountpoints(ssh_t)
-
-# run helper programs - needed eg for x11-ssh-askpass
-corecmd_exec_shell(ssh_t)
-corecmd_exec_bin(ssh_t)
-
-domain_use_interactive_fds(ssh_t)
-
-files_list_home(ssh_t)
-files_read_usr_files(ssh_t)
-files_read_etc_runtime_files(ssh_t)
-files_read_etc_files(ssh_t)
-files_read_var_files(ssh_t)
-
-logging_send_syslog_msg(ssh_t)
-logging_read_generic_logs(ssh_t)
-
-auth_use_nsswitch(ssh_t)
-
-miscfiles_read_localization(ssh_t)
-
-seutil_read_config(ssh_t)
-
-userdom_dontaudit_list_user_home_dirs(ssh_t)
-userdom_search_user_home_dirs(ssh_t)
-# Write to the user domain tty.
-userdom_use_user_terminals(ssh_t)
-# needs to read krb/write tgt
-userdom_read_user_tmp_files(ssh_t)
-userdom_write_user_tmp_files(ssh_t)
-userdom_read_user_home_content_symlinks(ssh_t)
-
-tunable_policy(`allow_ssh_keysign',`
-	domtrans_pattern(ssh_t, ssh_keysign_exec_t, ssh_keysign_t)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(ssh_t)
-	fs_manage_nfs_files(ssh_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(ssh_t)
-	fs_manage_cifs_files(ssh_t)
-')
-
-# for port forwarding
-tunable_policy(`user_tcp_server',`
-	corenet_tcp_bind_ssh_port(ssh_t)
-	corenet_tcp_bind_generic_node(ssh_t)
-')
-
-optional_policy(`
-	xserver_user_x_domain_template(ssh, ssh_t, ssh_tmpfs_t)
-	xserver_domtrans_xauth(ssh_t)
-')
-
-########################################
-#
-# ssh_keygen local policy
-#
-
-# ssh_keygen_t is the type of the ssh-keygen program when run at install time
-# and by sysadm_t
-
-dontaudit ssh_keygen_t self:capability sys_tty_config;
-allow ssh_keygen_t self:process { sigchld sigkill sigstop signull signal };
-allow ssh_keygen_t self:unix_stream_socket create_stream_socket_perms;
-
-allow ssh_keygen_t sshd_key_t:file manage_file_perms;
-files_etc_filetrans(ssh_keygen_t, sshd_key_t, file)
-
-kernel_read_kernel_sysctls(ssh_keygen_t)
-
-fs_search_auto_mountpoints(ssh_keygen_t)
-
-dev_read_sysfs(ssh_keygen_t)
-dev_read_urand(ssh_keygen_t)
-
-term_dontaudit_use_console(ssh_keygen_t)
-
-domain_use_interactive_fds(ssh_keygen_t)
-
-files_read_etc_files(ssh_keygen_t)
-
-init_use_fds(ssh_keygen_t)
-init_use_script_ptys(ssh_keygen_t)
-
-logging_send_syslog_msg(ssh_keygen_t)
-
-userdom_dontaudit_use_unpriv_user_fds(ssh_keygen_t)
-
-optional_policy(`
-	nscd_socket_use(ssh_keygen_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(ssh_keygen_t)
-')
-
-optional_policy(`
-	udev_read_db(ssh_keygen_t)
-')
-
-##############################
-#
-# ssh_keysign_t local policy
-#
-
-tunable_policy(`allow_ssh_keysign',`
-	allow ssh_keysign_t self:capability { setgid setuid };
-	allow ssh_keysign_t self:unix_stream_socket create_socket_perms;
-
-	allow ssh_keysign_t sshd_key_t:file read_file_perms;
-
-	dev_read_urand(ssh_keysign_t)
-
-	files_read_etc_files(ssh_keysign_t)
-')
-
-optional_policy(`
-	tunable_policy(`allow_ssh_keysign',`
-		nscd_socket_use(ssh_keysign_t)
-	')
-')
-
-#################################
-#
-# sshd local policy
-#
-# sshd_t is the domain for the sshd program.
-#
-
-# so a tunnel can point to another ssh tunnel
-allow sshd_t self:netlink_route_socket r_netlink_socket_perms;
-allow sshd_t self:key { search link write };
-allow sshd_t self:process setcurrent;
-
-kernel_search_key(sshd_t)
-kernel_link_key(sshd_t)
-
-term_use_all_ptys(sshd_t)
-term_setattr_all_ptys(sshd_t)
-term_setattr_all_ttys(sshd_t)
-term_relabelto_all_ptys(sshd_t)
-term_use_ptmx(sshd_t)
-
-# for X forwarding
-corenet_tcp_bind_xserver_port(sshd_t)
-corenet_sendrecv_xserver_server_packets(sshd_t)
-
-userdom_read_user_home_content_files(sshd_t)
-userdom_read_user_home_content_symlinks(sshd_t)
-userdom_search_admin_dir(sshd_t)
-userdom_manage_tmp_role(system_r, sshd_t)
-userdom_spec_domtrans_unpriv_users(sshd_t)
-userdom_signal_unpriv_users(sshd_t)
-
-tunable_policy(`sshd_forward_ports',`
-	corenet_tcp_bind_all_unreserved_ports(sshd_t)
-	corenet_tcp_connect_all_ports(sshd_t)
-')
-
-tunable_policy(`ssh_sysadm_login',`
-	# Relabel and access ptys created by sshd
-	# ioctl is necessary for logout() processing for utmp entry and for w to
-	# display the tty.
-	# some versions of sshd on the new SE Linux require setattr
-	userdom_signal_all_users(sshd_t)
-')
-
-optional_policy(`
-	daemontools_service_domain(sshd_t, sshd_exec_t)
-')
-
-optional_policy(`
-	kerberos_keytab_template(sshd, sshd_t)
-')
-
-optional_policy(`
-	ftp_dyntrans_sftpd(sshd_t)
-	ftp_dyntrans_anon_sftpd(sshd_t)
-')
-
-optional_policy(`
-	gitosis_manage_lib_files(sshd_t)
-')
-
-optional_policy(`
-	inetd_tcp_service_domain(sshd_t, sshd_exec_t)
-')
-
-optional_policy(`
-	nx_read_home_files(sshd_t)
-')
-
-optional_policy(`
-	rpm_use_script_fds(sshd_t)
-')
-
-optional_policy(`
-	rssh_spec_domtrans(sshd_t)
-	# For reading /home/user/.ssh
-	rssh_read_ro_content(sshd_t)
-')
-
-optional_policy(`
-	usermanage_domtrans_passwd(sshd_t)
-	usermanage_read_crack_db(sshd_t)
-')
-
-optional_policy(`
-	unconfined_shell_domtrans(sshd_t)
-')
-
-optional_policy(`
-	xserver_domtrans_xauth(sshd_t)
-')
-
-ifdef(`TODO',`
-	tunable_policy(`ssh_sysadm_login',`
-		# Relabel and access ptys created by sshd
-		# ioctl is necessary for logout() processing for utmp entry and for w to
-		# display the tty.
-		# some versions of sshd on the new SE Linux require setattr
-		allow sshd_t ptyfile:chr_file relabelto;
-
-			optional_policy(`
-				domain_trans(sshd_t, xauth_exec_t, userdomain)
-			')
-	',`
-		optional_policy(`
-			domain_trans(sshd_t, xauth_exec_t, unpriv_userdomain)
-		')
-		# Relabel and access ptys created by sshd
-		# ioctl is necessary for logout() processing for utmp entry and for w to
-		# display the tty.
-		# some versions of sshd on the new SE Linux require setattr
-		allow sshd_t userpty_type:chr_file { relabelto rw_inherited_chr_file_perms setattr_chr_file_perms };
-	')
-') dnl endif TODO
-
-########################################
-#
-# ssh_keygen local policy
-#
-
-# ssh_keygen_t is the type of the ssh-keygen program when run at install time
-# and by sysadm_t
-
-dontaudit ssh_keygen_t self:capability sys_tty_config;
-allow ssh_keygen_t self:process { sigchld sigkill sigstop signull signal };
-allow ssh_keygen_t self:unix_stream_socket create_stream_socket_perms;
-
-allow ssh_keygen_t sshd_key_t:file manage_file_perms;
-files_etc_filetrans(ssh_keygen_t, sshd_key_t, file)
-
-kernel_read_kernel_sysctls(ssh_keygen_t)
-
-fs_search_auto_mountpoints(ssh_keygen_t)
-
-dev_read_sysfs(ssh_keygen_t)
-dev_read_urand(ssh_keygen_t)
-
-term_dontaudit_use_console(ssh_keygen_t)
-
-domain_use_interactive_fds(ssh_keygen_t)
-
-files_read_etc_files(ssh_keygen_t)
-
-init_use_fds(ssh_keygen_t)
-init_use_script_ptys(ssh_keygen_t)
-
-auth_use_nsswitch(ssh_keygen_t)
-
-logging_send_syslog_msg(ssh_keygen_t)
-
-userdom_dontaudit_use_unpriv_user_fds(ssh_keygen_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(ssh_keygen_t)
-')
-
-optional_policy(`
-	udev_read_db(ssh_keygen_t)
-')
diff --git a/policy/modules/services/sssd.fc b/policy/modules/services/sssd.fc
deleted file mode 100644
index 4271815..0000000
--- a/policy/modules/services/sssd.fc
+++ /dev/null
@@ -1,11 +0,0 @@
-/etc/rc\.d/init\.d/sssd	--	gen_context(system_u:object_r:sssd_initrc_exec_t,s0)
-
-/usr/sbin/sssd		--	gen_context(system_u:object_r:sssd_exec_t,s0)
-
-/var/lib/sss(/.*)?		gen_context(system_u:object_r:sssd_var_lib_t,s0)
-
-/var/lib/sss/pubconf(/.*)?	gen_context(system_u:object_r:sssd_public_t,s0)
-
-/var/log/sssd(/.*)?		gen_context(system_u:object_r:sssd_var_log_t,s0)
-
-/var/run/sssd.pid	--	gen_context(system_u:object_r:sssd_var_run_t,s0)
diff --git a/policy/modules/services/sssd.if b/policy/modules/services/sssd.if
deleted file mode 100644
index 6dbfc01..0000000
--- a/policy/modules/services/sssd.if
+++ /dev/null
@@ -1,249 +0,0 @@
-## <summary>System Security Services Daemon</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run sssd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`sssd_domtrans',`
-	gen_require(`
-		type sssd_t, sssd_exec_t;
-	')
-
-	domtrans_pattern($1, sssd_exec_t, sssd_t)
-')
-
-########################################
-## <summary>
-##	Execute sssd server in the sssd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`sssd_initrc_domtrans',`
-	gen_require(`
-		type sssd_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, sssd_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Read sssd public files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sssd_read_public_files',`
-	gen_require(`
-		type sssd_public_t;
-	')
-
-	sssd_search_lib($1)
-	read_files_pattern($1, sssd_public_t, sssd_public_t)
-')
-
-########################################
-## <summary>
-##	Read sssd PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sssd_read_pid_files',`
-	gen_require(`
-		type sssd_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 sssd_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Manage sssd var_run files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sssd_manage_pids',`
-	gen_require(`
-		type sssd_var_run_t;
-	')
-
-	files_search_pids($1)
-	manage_dirs_pattern($1, sssd_var_run_t, sssd_var_run_t)
-	manage_files_pattern($1, sssd_var_run_t, sssd_var_run_t)
-')
-
-########################################
-## <summary>
-##	Search sssd lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sssd_search_lib',`
-	gen_require(`
-		type sssd_var_lib_t;
-	')
-
-	allow $1 sssd_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search sssd lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`sssd_dontaudit_search_lib',`
-	gen_require(`
-		type sssd_var_lib_t;
-	')
-
-	dontaudit $1 sssd_var_lib_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read sssd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sssd_read_lib_files',`
-	gen_require(`
-		type sssd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, sssd_var_lib_t, sssd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	sssd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sssd_manage_lib_files',`
-	gen_require(`
-		type sssd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, sssd_var_lib_t, sssd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	sssd over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sssd_dbus_chat',`
-	gen_require(`
-		type sssd_t;
-		class dbus send_msg;
-	')
-
-	allow $1 sssd_t:dbus send_msg;
-	allow sssd_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Connect to sssd over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sssd_stream_connect',`
-	gen_require(`
-		type sssd_t, sssd_var_lib_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, sssd_var_lib_t, sssd_var_lib_t, sssd_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an sssd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the sssd domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`sssd_admin',`
-	gen_require(`
-		type sssd_t, sssd_public_t, sssd_initrc_exec_t;
-	')
-
-	allow $1 sssd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, sssd_t)
-
-	# Allow sssd_t to restart the apache service
-	sssd_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 sssd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	sssd_manage_pids($1)
-
-	sssd_manage_lib_files($1)
-
-	admin_pattern($1, sssd_public_t)
-')
diff --git a/policy/modules/services/sssd.te b/policy/modules/services/sssd.te
deleted file mode 100644
index 7113802..0000000
--- a/policy/modules/services/sssd.te
+++ /dev/null
@@ -1,95 +0,0 @@
-policy_module(sssd, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type sssd_t;
-type sssd_exec_t;
-init_daemon_domain(sssd_t, sssd_exec_t)
-
-type sssd_initrc_exec_t;
-init_script_file(sssd_initrc_exec_t)
-
-type sssd_public_t;
-files_pid_file(sssd_public_t)
-
-type sssd_var_lib_t;
-files_type(sssd_var_lib_t)
-
-type sssd_var_log_t;
-logging_log_file(sssd_var_log_t)
-
-type sssd_var_run_t;
-files_pid_file(sssd_var_run_t)
-
-########################################
-#
-# sssd local policy
-#
-
-allow sssd_t self:capability { chown dac_read_search dac_override kill sys_nice setgid setuid };
-allow sssd_t self:process { setfscreate setsched sigkill signal getsched };
-allow sssd_t self:fifo_file rw_fifo_file_perms;
-allow sssd_t self:key manage_key_perms;
-allow sssd_t self:unix_stream_socket { create_stream_socket_perms connectto };
-
-manage_dirs_pattern(sssd_t, sssd_public_t, sssd_public_t)
-manage_files_pattern(sssd_t, sssd_public_t, sssd_public_t)
-
-manage_dirs_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
-manage_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
-manage_sock_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
-files_var_lib_filetrans(sssd_t, sssd_var_lib_t, { file dir })
-
-manage_files_pattern(sssd_t, sssd_var_log_t, sssd_var_log_t)
-logging_log_filetrans(sssd_t, sssd_var_log_t, file)
-
-manage_dirs_pattern(sssd_t, sssd_var_run_t, sssd_var_run_t)
-manage_files_pattern(sssd_t, sssd_var_run_t, sssd_var_run_t)
-files_pid_filetrans(sssd_t, sssd_var_run_t, { file dir })
-
-kernel_read_network_state(sssd_t)
-kernel_read_system_state(sssd_t)
-
-corecmd_exec_bin(sssd_t)
-
-dev_read_urand(sssd_t)
-
-domain_read_all_domains_state(sssd_t)
-domain_obj_id_change_exemption(sssd_t)
-
-files_list_tmp(sssd_t)
-files_read_etc_files(sssd_t)
-files_read_usr_files(sssd_t)
-
-fs_list_inotifyfs(sssd_t)
-
-selinux_validate_context(sssd_t)
-
-seutil_read_file_contexts(sssd_t)
-
-mls_file_read_to_clearance(sssd_t)
-
-auth_use_nsswitch(sssd_t)
-auth_domtrans_chk_passwd(sssd_t)
-auth_domtrans_upd_passwd(sssd_t)
-
-init_read_utmp(sssd_t)
-
-logging_send_syslog_msg(sssd_t)
-logging_send_audit_msgs(sssd_t)
-
-miscfiles_read_localization(sssd_t)
-
-userdom_manage_tmp_role(system_r, sssd_t)
-
-optional_policy(`
-	dbus_system_bus_client(sssd_t)
-	dbus_connect_system_bus(sssd_t)
-')
-
-optional_policy(`
-	kerberos_manage_host_rcache(sssd_t)
-')
diff --git a/policy/modules/services/stunnel.fc b/policy/modules/services/stunnel.fc
deleted file mode 100644
index 50e29aa..0000000
--- a/policy/modules/services/stunnel.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-/etc/stunnel(/.*)?		gen_context(system_u:object_r:stunnel_etc_t,s0)
-
-/usr/bin/stunnel	--	gen_context(system_u:object_r:stunnel_exec_t,s0)
-
-/usr/sbin/stunnel	--	gen_context(system_u:object_r:stunnel_exec_t,s0)
-
-/var/run/stunnel(/.*)?		gen_context(system_u:object_r:stunnel_var_run_t,s0)
diff --git a/policy/modules/services/stunnel.if b/policy/modules/services/stunnel.if
deleted file mode 100644
index eaf49b2..0000000
--- a/policy/modules/services/stunnel.if
+++ /dev/null
@@ -1,25 +0,0 @@
-## <summary>SSL Tunneling Proxy</summary>
-
-########################################
-## <summary>
-##	Define the specified domain as a stunnel inetd service.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The type associated with the stunnel inetd service process.
-##	</summary>
-## </param>
-## <param name="entrypoint">
-##	<summary>
-##	The type associated with the process program.
-##	</summary>
-## </param>
-#
-interface(`stunnel_service_domain',`
-	gen_require(`
-		type stunnel_t;
-	')
-
-	domtrans_pattern(stunnel_t, $2, $1)
-	allow $1 stunnel_t:tcp_socket rw_socket_perms;
-')
diff --git a/policy/modules/services/stunnel.te b/policy/modules/services/stunnel.te
deleted file mode 100644
index 296e5ba..0000000
--- a/policy/modules/services/stunnel.te
+++ /dev/null
@@ -1,120 +0,0 @@
-policy_module(stunnel, 1.9.1)
-
-########################################
-#
-# Declarations
-#
-
-type stunnel_t;
-type stunnel_exec_t;
-
-type stunnel_etc_t;
-files_config_file(stunnel_etc_t)
-
-type stunnel_tmp_t;
-files_tmp_file(stunnel_tmp_t)
-
-type stunnel_var_run_t;
-files_pid_file(stunnel_var_run_t)
-
-ifdef(`distro_gentoo',`
-	init_daemon_domain(stunnel_t, stunnel_exec_t)
-',`
-	inetd_tcp_service_domain(stunnel_t, stunnel_exec_t)
-')
-
-########################################
-#
-# Local policy
-#
-
-allow stunnel_t self:capability { setgid setuid sys_chroot };
-allow stunnel_t self:process signal_perms;
-allow stunnel_t self:fifo_file rw_fifo_file_perms;
-allow stunnel_t self:tcp_socket create_stream_socket_perms;
-allow stunnel_t self:udp_socket create_socket_perms;
-
-allow stunnel_t stunnel_etc_t:dir list_dir_perms;
-allow stunnel_t stunnel_etc_t:file read_file_perms;
-allow stunnel_t stunnel_etc_t:lnk_file read_lnk_file_perms;
-
-manage_dirs_pattern(stunnel_t, stunnel_tmp_t, stunnel_tmp_t)
-manage_files_pattern(stunnel_t, stunnel_tmp_t, stunnel_tmp_t)
-files_tmp_filetrans(stunnel_t, stunnel_tmp_t, { file dir })
-
-manage_dirs_pattern(stunnel_t, stunnel_var_run_t, stunnel_var_run_t)
-manage_files_pattern(stunnel_t, stunnel_var_run_t, stunnel_var_run_t)
-files_pid_filetrans(stunnel_t, stunnel_var_run_t, { dir file })
-
-kernel_read_kernel_sysctls(stunnel_t)
-kernel_read_system_state(stunnel_t)
-kernel_read_network_state(stunnel_t)
-
-corecmd_exec_bin(stunnel_t)
-
-corenet_all_recvfrom_unlabeled(stunnel_t)
-corenet_all_recvfrom_netlabel(stunnel_t)
-corenet_tcp_sendrecv_generic_if(stunnel_t)
-corenet_udp_sendrecv_generic_if(stunnel_t)
-corenet_tcp_sendrecv_generic_node(stunnel_t)
-corenet_udp_sendrecv_generic_node(stunnel_t)
-corenet_tcp_sendrecv_all_ports(stunnel_t)
-corenet_udp_sendrecv_all_ports(stunnel_t)
-corenet_tcp_bind_generic_node(stunnel_t)
-corenet_tcp_connect_all_ports(stunnel_t)
-
-fs_getattr_all_fs(stunnel_t)
-
-auth_use_nsswitch(stunnel_t)
-
-logging_send_syslog_msg(stunnel_t)
-
-miscfiles_read_localization(stunnel_t)
-
-sysnet_read_config(stunnel_t)
-
-ifdef(`distro_gentoo',`
-	dontaudit stunnel_t self:capability sys_tty_config;
-	allow stunnel_t self:udp_socket create_socket_perms;
-
-	dev_read_sysfs(stunnel_t)
-
-	fs_search_auto_mountpoints(stunnel_t)
-
-	domain_use_interactive_fds(stunnel_t)
-
-	userdom_dontaudit_use_unpriv_user_fds(stunnel_t)
-	userdom_dontaudit_search_user_home_dirs(stunnel_t)
-
-	optional_policy(`
-		daemontools_service_domain(stunnel_t, stunnel_exec_t)
-	')
-
-	optional_policy(`
-		seutil_sigchld_newrole(stunnel_t)
-	')
-
-	optional_policy(`
-		udev_read_db(stunnel_t)
-	')
-',`
-	allow stunnel_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-
-	dev_read_urand(stunnel_t)
-
-	files_read_etc_files(stunnel_t)
-	files_read_etc_runtime_files(stunnel_t)
-	files_search_home(stunnel_t)
-
-	optional_policy(`
-		kerberos_use(stunnel_t)
-	')
-')
-
-# hack since this port has no interfaces since it doesnt
-# have net_contexts
-gen_require(`
-	type stunnel_port_t;
-')
-
-allow stunnel_t stunnel_port_t:tcp_socket name_bind;
diff --git a/policy/modules/services/sysstat.fc b/policy/modules/services/sysstat.fc
deleted file mode 100644
index 08d999c..0000000
--- a/policy/modules/services/sysstat.fc
+++ /dev/null
@@ -1,8 +0,0 @@
-
-/usr/lib(64)?/atsar/atsa.*	--	gen_context(system_u:object_r:sysstat_exec_t,s0)
-/usr/lib(64)?/sa/sa.*		--	gen_context(system_u:object_r:sysstat_exec_t,s0)
-/usr/lib(64)?/sysstat/sa.*	--	gen_context(system_u:object_r:sysstat_exec_t,s0)
-
-/var/log/atsar(/.*)?			gen_context(system_u:object_r:sysstat_log_t,s0)
-/var/log/sa(/.*)?			gen_context(system_u:object_r:sysstat_log_t,s0)
-/var/log/sysstat(/.*)?			gen_context(system_u:object_r:sysstat_log_t,s0)
diff --git a/policy/modules/services/sysstat.if b/policy/modules/services/sysstat.if
deleted file mode 100644
index 7a23b3b..0000000
--- a/policy/modules/services/sysstat.if
+++ /dev/null
@@ -1,21 +0,0 @@
-## <summary>Policy for sysstat. Reports on various system states</summary>
-
-########################################
-## <summary>
-##	Manage sysstat logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`sysstat_manage_log',`
-	gen_require(`
-		type sysstat_log_t;
-	')
-
-	logging_search_logs($1)
-	manage_files_pattern($1, sysstat_log_t, sysstat_log_t)
-')
diff --git a/policy/modules/services/sysstat.te b/policy/modules/services/sysstat.te
deleted file mode 100644
index 3645a22..0000000
--- a/policy/modules/services/sysstat.te
+++ /dev/null
@@ -1,72 +0,0 @@
-policy_module(sysstat, 1.6.0)
-
-########################################
-#
-# Declarations
-#
-
-type sysstat_t;
-type sysstat_exec_t;
-init_system_domain(sysstat_t, sysstat_exec_t)
-
-type sysstat_log_t;
-logging_log_file(sysstat_log_t)
-
-########################################
-#
-# Local policy
-#
-
-allow sysstat_t self:capability { dac_override sys_admin sys_resource sys_tty_config };
-allow sysstat_t self:fifo_file rw_fifo_file_perms;
-
-can_exec(sysstat_t, sysstat_exec_t)
-
-manage_dirs_pattern(sysstat_t,sysstat_log_t,sysstat_log_t)
-manage_files_pattern(sysstat_t, sysstat_log_t, sysstat_log_t)
-manage_lnk_files_pattern(sysstat_t,sysstat_log_t,sysstat_log_t)
-logging_log_filetrans(sysstat_t, sysstat_log_t, { file dir })
-
-# get info from /proc
-kernel_read_system_state(sysstat_t)
-kernel_read_network_state(sysstat_t)
-kernel_read_kernel_sysctls(sysstat_t)
-kernel_read_fs_sysctls(sysstat_t)
-kernel_read_rpc_sysctls(sysstat_t)
-
-corecmd_exec_bin(sysstat_t)
-
-dev_read_urand(sysstat_t)
-dev_read_sysfs(sysstat_t)
-
-files_search_var(sysstat_t)
-# for mtab
-files_read_etc_runtime_files(sysstat_t)
-#for fstab
-files_read_etc_files(sysstat_t)
-
-fs_getattr_xattr_fs(sysstat_t)
-fs_list_inotifyfs(sysstat_t)
-
-term_use_console(sysstat_t)
-term_use_all_terms(sysstat_t)
-
-init_use_fds(sysstat_t)
-
-locallogin_use_fds(sysstat_t)
-
-miscfiles_read_localization(sysstat_t)
-
-userdom_dontaudit_list_user_home_dirs(sysstat_t)
-
-optional_policy(`
-	cron_system_entry(sysstat_t, sysstat_exec_t)
-')
-
-optional_policy(`
-	logging_send_syslog_msg(sysstat_t)
-')
-
-optional_policy(`
-	nscd_socket_use(sysstat_t)
-')
diff --git a/policy/modules/services/tcpd.fc b/policy/modules/services/tcpd.fc
deleted file mode 100644
index 2e8d7a1..0000000
--- a/policy/modules/services/tcpd.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-
-/usr/sbin/tcpd		--	gen_context(system_u:object_r:tcpd_exec_t,s0)
diff --git a/policy/modules/services/tcpd.if b/policy/modules/services/tcpd.if
deleted file mode 100644
index 2075ebb..0000000
--- a/policy/modules/services/tcpd.if
+++ /dev/null
@@ -1,45 +0,0 @@
-## <summary>Policy for TCP daemon.</summary>
-
-########################################
-## <summary>
-##	Execute tcpd in the tcpd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`tcpd_domtrans',`
-	gen_require(`
-		type tcpd_t, tcpd_exec_t;
-	')
-
-	domtrans_pattern($1, tcpd_exec_t, tcpd_t)
-')
-
-########################################
-## <summary>
-##	Create a domain for services that
-##	utilize tcp wrappers.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Type to be used as a domain.
-##	</summary>
-## </param>
-## <param name="entry_point">
-##	<summary>
-##	Type of the program to be used as an entry point to this domain.
-##	</summary>
-## </param>
-#
-interface(`tcpd_wrapped_domain',`
-	gen_require(`
-		type tcpd_t;
-		role system_r;
-	')
-
-	domtrans_pattern(tcpd_t, $2, $1)
-	role system_r types $1;
-')
diff --git a/policy/modules/services/tcpd.te b/policy/modules/services/tcpd.te
deleted file mode 100644
index 4e84f23..0000000
--- a/policy/modules/services/tcpd.te
+++ /dev/null
@@ -1,49 +0,0 @@
-policy_module(tcpd, 1.4.0)
-
-########################################
-#
-# Declarations
-#
-type tcpd_t;
-type tcpd_exec_t;
-inetd_tcp_service_domain(tcpd_t, tcpd_exec_t)
-
-type tcpd_tmp_t;
-files_tmp_file(tcpd_tmp_t)
-
-########################################
-#
-# Local policy
-#
-allow tcpd_t self:tcp_socket create_stream_socket_perms;
-
-manage_dirs_pattern(tcpd_t, tcpd_tmp_t, tcpd_tmp_t)
-manage_files_pattern(tcpd_t, tcpd_tmp_t, tcpd_tmp_t)
-files_tmp_filetrans(tcpd_t, tcpd_tmp_t, { file dir })
-
-corenet_all_recvfrom_unlabeled(tcpd_t)
-corenet_all_recvfrom_netlabel(tcpd_t)
-corenet_tcp_sendrecv_generic_if(tcpd_t)
-corenet_tcp_sendrecv_generic_node(tcpd_t)
-corenet_tcp_sendrecv_all_ports(tcpd_t)
-
-fs_getattr_xattr_fs(tcpd_t)
-
-# Run other daemons in the inetd child domain.
-corecmd_search_bin(tcpd_t)
-
-files_read_etc_files(tcpd_t)
-# no good reason for files_dontaudit_search_var, probably nscd
-files_dontaudit_search_var(tcpd_t)
-
-logging_send_syslog_msg(tcpd_t)
-
-miscfiles_read_localization(tcpd_t)
-
-sysnet_read_config(tcpd_t)
-
-inetd_domtrans_child(tcpd_t)
-
-optional_policy(`
-	nis_use_ypbind(tcpd_t)
-')
diff --git a/policy/modules/services/telnet.fc b/policy/modules/services/telnet.fc
deleted file mode 100644
index 7405170..0000000
--- a/policy/modules/services/telnet.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-
-/usr/sbin/in\.telnetd		--	gen_context(system_u:object_r:telnetd_exec_t,s0)
-
-/usr/kerberos/sbin/telnetd 	--	gen_context(system_u:object_r:telnetd_exec_t,s0)
diff --git a/policy/modules/services/telnet.if b/policy/modules/services/telnet.if
deleted file mode 100644
index 58e7ec0..0000000
--- a/policy/modules/services/telnet.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>Telnet daemon</summary>
diff --git a/policy/modules/services/telnet.te b/policy/modules/services/telnet.te
deleted file mode 100644
index 34c4c57..0000000
--- a/policy/modules/services/telnet.te
+++ /dev/null
@@ -1,98 +0,0 @@
-policy_module(telnet, 1.10.0)
-
-########################################
-#
-# Declarations
-#
-
-type telnetd_t;
-type telnetd_exec_t;
-inetd_service_domain(telnetd_t, telnetd_exec_t)
-
-type telnetd_devpts_t; #, userpty_type;
-term_login_pty(telnetd_devpts_t)
-
-type telnetd_tmp_t;
-files_tmp_file(telnetd_tmp_t)
-
-type telnetd_var_run_t;
-files_pid_file(telnetd_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow telnetd_t self:capability { fsetid chown fowner setuid setgid sys_tty_config dac_override };
-allow telnetd_t self:process signal_perms;
-allow telnetd_t self:fifo_file rw_fifo_file_perms;
-allow telnetd_t self:tcp_socket connected_stream_socket_perms;
-allow telnetd_t self:udp_socket create_socket_perms;
-# for identd; cjp: this should probably only be inetd_child rules?
-allow telnetd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-
-allow telnetd_t telnetd_devpts_t:chr_file { rw_chr_file_perms setattr_chr_file_perms };
-term_create_pty(telnetd_t, telnetd_devpts_t)
-
-manage_dirs_pattern(telnetd_t, telnetd_tmp_t, telnetd_tmp_t)
-manage_files_pattern(telnetd_t, telnetd_tmp_t, telnetd_tmp_t)
-
-manage_files_pattern(telnetd_t, telnetd_var_run_t, telnetd_var_run_t)
-files_pid_filetrans(telnetd_t, telnetd_var_run_t, file)
-
-kernel_read_kernel_sysctls(telnetd_t)
-kernel_read_system_state(telnetd_t)
-kernel_read_network_state(telnetd_t)
-
-corenet_all_recvfrom_unlabeled(telnetd_t)
-corenet_all_recvfrom_netlabel(telnetd_t)
-corenet_tcp_sendrecv_generic_if(telnetd_t)
-corenet_udp_sendrecv_generic_if(telnetd_t)
-corenet_tcp_sendrecv_generic_node(telnetd_t)
-corenet_udp_sendrecv_generic_node(telnetd_t)
-corenet_tcp_sendrecv_all_ports(telnetd_t)
-corenet_udp_sendrecv_all_ports(telnetd_t)
-
-dev_read_urand(telnetd_t)
-
-domain_interactive_fd(telnetd_t)
-
-fs_getattr_xattr_fs(telnetd_t)
-
-auth_rw_login_records(telnetd_t)
-auth_use_nsswitch(telnetd_t)
-
-corecmd_search_bin(telnetd_t)
-
-files_read_usr_files(telnetd_t)
-files_read_etc_files(telnetd_t)
-files_read_etc_runtime_files(telnetd_t)
-
-init_rw_utmp(telnetd_t)
-
-logging_send_syslog_msg(telnetd_t)
-
-miscfiles_read_localization(telnetd_t)
-
-seutil_read_config(telnetd_t)
-
-remotelogin_domtrans(telnetd_t)
-
-userdom_search_user_home_dirs(telnetd_t)
-userdom_setattr_user_ptys(telnetd_t)
-userdom_manage_user_tmp_files(telnetd_t)
-userdom_tmp_filetrans_user_tmp(telnetd_t, file)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_search_nfs(telnetd_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_search_cifs(telnetd_t)
-')
-
-optional_policy(`
-	kerberos_keytab_template(telnetd, telnetd_t)
-	kerberos_manage_host_rcache(telnetd_t)
-')
-
diff --git a/policy/modules/services/tftp.fc b/policy/modules/services/tftp.fc
deleted file mode 100644
index 25eee43..0000000
--- a/policy/modules/services/tftp.fc
+++ /dev/null
@@ -1,8 +0,0 @@
-
-/usr/sbin/atftpd	--	gen_context(system_u:object_r:tftpd_exec_t,s0)
-/usr/sbin/in\.tftpd	--	gen_context(system_u:object_r:tftpd_exec_t,s0)
-
-/tftpboot		-d	gen_context(system_u:object_r:tftpdir_t,s0)
-/tftpboot/.*			gen_context(system_u:object_r:tftpdir_t,s0)
-
-/var/lib/tftpboot(/.*)?		gen_context(system_u:object_r:tftpdir_rw_t,s0)
diff --git a/policy/modules/services/tftp.if b/policy/modules/services/tftp.if
deleted file mode 100644
index 1427b54..0000000
--- a/policy/modules/services/tftp.if
+++ /dev/null
@@ -1,118 +0,0 @@
-## <summary>Trivial file transfer protocol daemon</summary>
-
-########################################
-## <summary>
-##	Read tftp content
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`tftp_read_content',`
-	gen_require(`
-		type tftpdir_t;
-	')
-
-	read_files_pattern($1, tftpdir_t, tftpdir_t)
-	read_lnk_files_pattern($1, tftpdir_t, tftpdir_t)
-')
-
-########################################
-## <summary>
-##	Search tftp /var/lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`tftp_search_rw_content',`
-	gen_require(`
-		type tftpdir_rw_t;
-	')
-
-	search_dirs_pattern($1, tftpdir_rw_t, tftpdir_rw_t)
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Manage tftp /var/lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`tftp_manage_rw_content',`
-	gen_require(`
-		type tftpdir_rw_t;
-	')
-
-	files_search_var_lib($1)
-	manage_dirs_pattern($1, tftpdir_rw_t, tftpdir_rw_t)
-	manage_files_pattern($1, tftpdir_rw_t, tftpdir_rw_t)
-')
-
-########################################
-## <summary>
-##	Create objects in tftpdir directories
-##	with specified types.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="file_type">
-##	<summary>
-##	Private file type.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	Class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`tftp_filetrans_tftpdir',`
-	gen_require(`
-		type tftpdir_rw_t;
-	')
-
-	filetrans_pattern($1, tftpdir_rw_t, $2, $3)
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an tftp environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`tftp_admin',`
-	gen_require(`
-		type tftpd_t, tftpdir_t, tftpdir_rw_t, tftpd_var_run_t;
-	')
-
-	allow $1 tftpd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, tftpd_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, tftpdir_rw_t)
-
-	admin_pattern($1, tftpdir_t)
-
-	files_list_pids($1)
-	admin_pattern($1, tftpd_var_run_t)
-')
diff --git a/policy/modules/services/tftp.te b/policy/modules/services/tftp.te
deleted file mode 100644
index 97ce79e..0000000
--- a/policy/modules/services/tftp.te
+++ /dev/null
@@ -1,110 +0,0 @@
-policy_module(tftp, 1.12.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow tftp to modify public files
-##	used for public file transfer services.
-##	</p>
-## </desc>
-gen_tunable(tftp_anon_write, false)
-
-type tftpd_t;
-type tftpd_exec_t;
-init_daemon_domain(tftpd_t, tftpd_exec_t)
-
-type tftpd_var_run_t;
-files_pid_file(tftpd_var_run_t)
-
-type tftpdir_t;
-files_type(tftpdir_t)
-
-type tftpdir_rw_t;
-files_type(tftpdir_rw_t)
-
-########################################
-#
-# Local policy
-#
-
-allow tftpd_t self:capability { setgid setuid sys_chroot };
-dontaudit tftpd_t self:capability sys_tty_config;
-allow tftpd_t self:tcp_socket create_stream_socket_perms;
-allow tftpd_t self:udp_socket create_socket_perms;
-allow tftpd_t self:unix_dgram_socket create_socket_perms;
-allow tftpd_t self:unix_stream_socket create_stream_socket_perms;
-
-allow tftpd_t tftpdir_t:dir list_dir_perms;
-allow tftpd_t tftpdir_t:file read_file_perms;
-allow tftpd_t tftpdir_t:lnk_file read_lnk_file_perms;
-
-manage_dirs_pattern(tftpd_t, tftpdir_rw_t, tftpdir_rw_t)
-manage_files_pattern(tftpd_t, tftpdir_rw_t, tftpdir_rw_t)
-manage_lnk_files_pattern(tftpd_t, tftpdir_rw_t, tftpdir_rw_t)
-
-manage_files_pattern(tftpd_t, tftpd_var_run_t, tftpd_var_run_t)
-files_pid_filetrans(tftpd_t, tftpd_var_run_t, file)
-
-kernel_read_system_state(tftpd_t)
-kernel_read_kernel_sysctls(tftpd_t)
-
-corenet_all_recvfrom_unlabeled(tftpd_t)
-corenet_all_recvfrom_netlabel(tftpd_t)
-corenet_tcp_sendrecv_generic_if(tftpd_t)
-corenet_udp_sendrecv_generic_if(tftpd_t)
-corenet_tcp_sendrecv_generic_node(tftpd_t)
-corenet_udp_sendrecv_generic_node(tftpd_t)
-corenet_tcp_sendrecv_all_ports(tftpd_t)
-corenet_udp_sendrecv_all_ports(tftpd_t)
-corenet_tcp_bind_generic_node(tftpd_t)
-corenet_udp_bind_generic_node(tftpd_t)
-corenet_udp_bind_tftp_port(tftpd_t)
-corenet_sendrecv_tftp_server_packets(tftpd_t)
-
-dev_read_sysfs(tftpd_t)
-
-fs_getattr_all_fs(tftpd_t)
-fs_search_auto_mountpoints(tftpd_t)
-
-domain_use_interactive_fds(tftpd_t)
-
-files_read_etc_files(tftpd_t)
-files_read_etc_runtime_files(tftpd_t)
-files_read_var_files(tftpd_t)
-files_read_var_symlinks(tftpd_t)
-files_search_var(tftpd_t)
-
-auth_use_nsswitch(tftpd_t)
-
-logging_send_syslog_msg(tftpd_t)
-
-miscfiles_read_localization(tftpd_t)
-miscfiles_read_public_files(tftpd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(tftpd_t)
-userdom_dontaudit_use_user_terminals(tftpd_t)
-userdom_dontaudit_search_user_home_dirs(tftpd_t)
-
-tunable_policy(`tftp_anon_write',`
-	miscfiles_manage_public_files(tftpd_t)
-')
-
-optional_policy(`
-	cobbler_read_lib_files(tftpd_t)
-')
-
-optional_policy(`
-	inetd_udp_service_domain(tftpd_t, tftpd_exec_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(tftpd_t)
-')
-
-optional_policy(`
-	udev_read_db(tftpd_t)
-')
diff --git a/policy/modules/services/tgtd.fc b/policy/modules/services/tgtd.fc
deleted file mode 100644
index 8294f6f..0000000
--- a/policy/modules/services/tgtd.fc
+++ /dev/null
@@ -1,3 +0,0 @@
-/etc/rc\.d/init\.d/tgtd		--	gen_context(system_u:object_r:tgtd_initrc_exec_t,s0)
-/usr/sbin/tgtd			--	gen_context(system_u:object_r:tgtd_exec_t,s0)
-/var/lib/tgtd(/.*)?			gen_context(system_u:object_r:tgtd_var_lib_t,s0)
diff --git a/policy/modules/services/tgtd.if b/policy/modules/services/tgtd.if
deleted file mode 100644
index c2ed23a..0000000
--- a/policy/modules/services/tgtd.if
+++ /dev/null
@@ -1,46 +0,0 @@
-## <summary>Linux Target Framework Daemon.</summary>
-## <desc>
-##	<p>
-##	Linux target framework (tgt) aims to simplify various
-##	SCSI target driver (iSCSI, Fibre Channel, SRP, etc) creation
-##	and maintenance. Our key goals are the clean integration into
-##	the scsi-mid layer and implementing a great portion of tgt
-##	in user space.
-##	</p>
-## </desc>
-
-#####################################
-## <summary>
-##	Allow read and write access to tgtd semaphores.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`tgtd_rw_semaphores',`
-	gen_require(`
-		type tgtd_t;
-	')
-
-	allow $1 tgtd_t:sem rw_sem_perms;
-')
-
-######################################
-## <summary>
-##	Manage tgtd sempaphores.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`tgtd_manage_semaphores',`
-	gen_require(`
-		type tgtd_t;
-	')
-
-	allow $1 tgtd_t:sem create_sem_perms;
-')
diff --git a/policy/modules/services/tgtd.te b/policy/modules/services/tgtd.te
deleted file mode 100644
index 44dfdc8..0000000
--- a/policy/modules/services/tgtd.te
+++ /dev/null
@@ -1,74 +0,0 @@
-policy_module(tgtd, 1.1.0)
-
-########################################
-#
-# TGTD personal declarations.
-#
-
-type tgtd_t;
-type tgtd_exec_t;
-init_daemon_domain(tgtd_t, tgtd_exec_t)
-
-type tgtd_initrc_exec_t;
-init_script_file(tgtd_initrc_exec_t)
-
-type tgtd_tmp_t;
-files_tmp_file(tgtd_tmp_t)
-
-type tgtd_tmpfs_t;
-files_tmpfs_file(tgtd_tmpfs_t)
-
-type tgtd_var_lib_t;
-files_type(tgtd_var_lib_t)
-
-########################################
-#
-# TGTD personal policy.
-#
-
-allow tgtd_t self:capability sys_resource;
-allow tgtd_t self:process { setrlimit signal };
-allow tgtd_t self:fifo_file rw_fifo_file_perms;
-allow tgtd_t self:netlink_route_socket create_netlink_socket_perms;
-allow tgtd_t self:shm create_shm_perms;
-allow tgtd_t self:sem create_sem_perms;
-allow tgtd_t self:tcp_socket create_stream_socket_perms;
-allow tgtd_t self:udp_socket create_socket_perms;
-allow tgtd_t self:unix_dgram_socket create_socket_perms;
-
-manage_sock_files_pattern(tgtd_t, tgtd_tmp_t, tgtd_tmp_t)
-files_tmp_filetrans(tgtd_t, tgtd_tmp_t, { sock_file })
-
-manage_files_pattern(tgtd_t, tgtd_tmpfs_t, tgtd_tmpfs_t)
-fs_tmpfs_filetrans(tgtd_t, tgtd_tmpfs_t, file)
-
-manage_dirs_pattern(tgtd_t, tgtd_var_lib_t, tgtd_var_lib_t)
-manage_files_pattern(tgtd_t, tgtd_var_lib_t, tgtd_var_lib_t)
-files_var_lib_filetrans(tgtd_t, tgtd_var_lib_t, { dir file })
-
-kernel_read_fs_sysctls(tgtd_t)
-
-corenet_all_recvfrom_netlabel(tgtd_t)
-corenet_all_recvfrom_unlabeled(tgtd_t)
-corenet_tcp_sendrecv_generic_if(tgtd_t)
-corenet_tcp_sendrecv_generic_node(tgtd_t)
-corenet_tcp_sendrecv_iscsi_port(tgtd_t)
-corenet_tcp_bind_generic_node(tgtd_t)
-corenet_tcp_bind_iscsi_port(tgtd_t)
-corenet_sendrecv_iscsi_server_packets(tgtd_t)
-
-dev_search_sysfs(tgtd_t)
-
-files_read_etc_files(tgtd_t)
-
-fs_read_anon_inodefs_files(tgtd_t)
-
-storage_manage_fixed_disk(tgtd_t)
-
-logging_send_syslog_msg(tgtd_t)
-
-miscfiles_read_localization(tgtd_t)
-
-optional_policy(`
-	iscsi_manage_semaphores(tgtd_t)
-')
diff --git a/policy/modules/services/timidity.fc b/policy/modules/services/timidity.fc
deleted file mode 100644
index ed5eef3..0000000
--- a/policy/modules/services/timidity.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-
-/usr/bin/timidity	--	gen_context(system_u:object_r:timidity_exec_t,s0)
diff --git a/policy/modules/services/timidity.if b/policy/modules/services/timidity.if
deleted file mode 100644
index 989b240..0000000
--- a/policy/modules/services/timidity.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>MIDI to WAV converter and player configured as a service</summary>
diff --git a/policy/modules/services/timidity.te b/policy/modules/services/timidity.te
deleted file mode 100644
index 67b5592..0000000
--- a/policy/modules/services/timidity.te
+++ /dev/null
@@ -1,85 +0,0 @@
-policy_module(timidity, 1.9.0)
-
-# Note: You only need this policy if you want to run timidity as a server
-
-########################################
-#
-# Declarations
-#
-
-type timidity_t;
-type timidity_exec_t;
-init_daemon_domain(timidity_t, timidity_exec_t)
-application_domain(timidity_t, timidity_exec_t)
-
-type timidity_tmpfs_t;
-files_tmpfs_file(timidity_tmpfs_t)
-
-########################################
-#
-# Local policy
-#
-
-allow timidity_t self:capability { dac_override dac_read_search };
-dontaudit timidity_t self:capability sys_tty_config;
-allow timidity_t self:process { signal_perms getsched };
-allow timidity_t self:shm create_shm_perms;
-allow timidity_t self:unix_stream_socket create_stream_socket_perms;
-allow timidity_t self:tcp_socket create_stream_socket_perms;
-allow timidity_t self:udp_socket create_socket_perms;
-
-manage_dirs_pattern(timidity_t, timidity_tmpfs_t, timidity_tmpfs_t)
-manage_files_pattern(timidity_t, timidity_tmpfs_t, timidity_tmpfs_t)
-manage_lnk_files_pattern(timidity_t, timidity_tmpfs_t, timidity_tmpfs_t)
-manage_fifo_files_pattern(timidity_t, timidity_tmpfs_t, timidity_tmpfs_t)
-manage_sock_files_pattern(timidity_t, timidity_tmpfs_t, timidity_tmpfs_t)
-fs_tmpfs_filetrans(timidity_t, timidity_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-kernel_read_kernel_sysctls(timidity_t)
-# read /proc/cpuinfo
-kernel_read_system_state(timidity_t)
-
-corenet_all_recvfrom_unlabeled(timidity_t)
-corenet_all_recvfrom_netlabel(timidity_t)
-corenet_tcp_sendrecv_generic_if(timidity_t)
-corenet_udp_sendrecv_generic_if(timidity_t)
-corenet_tcp_sendrecv_generic_node(timidity_t)
-corenet_udp_sendrecv_generic_node(timidity_t)
-corenet_tcp_sendrecv_all_ports(timidity_t)
-corenet_udp_sendrecv_all_ports(timidity_t)
-
-dev_read_sysfs(timidity_t)
-dev_read_sound(timidity_t)
-dev_write_sound(timidity_t)
-
-fs_search_auto_mountpoints(timidity_t)
-
-domain_use_interactive_fds(timidity_t)
-
-files_search_tmp(timidity_t)
-# read /usr/share/alsa/alsa.conf
-files_read_usr_files(timidity_t)
-# read /etc/esd.conf
-files_read_etc_files(timidity_t)
-
-# read libartscbackend.la
-libs_read_lib_files(timidity_t)
-
-logging_send_syslog_msg(timidity_t)
-
-sysnet_read_config(timidity_t)
-
-userdom_dontaudit_use_unpriv_user_fds(timidity_t)
-
-# stupid timidity won't start if it can't search its current directory.
-# allow this so /etc/init.d/alsasound start works from /root
-# cjp: this should be fixed if possible so this rule can be removed.
-userdom_search_user_home_dirs(timidity_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(timidity_t)
-')
-
-optional_policy(`
-	udev_read_db(timidity_t)
-')
diff --git a/policy/modules/services/tor.fc b/policy/modules/services/tor.fc
deleted file mode 100644
index e2e06b2..0000000
--- a/policy/modules/services/tor.fc
+++ /dev/null
@@ -1,12 +0,0 @@
-/etc/rc\.d/init\.d/tor	--	gen_context(system_u:object_r:tor_initrc_exec_t,s0)
-/etc/tor(/.*)?			gen_context(system_u:object_r:tor_etc_t,s0)
-
-/usr/bin/tor		--	gen_context(system_u:object_r:tor_exec_t,s0)
-/usr/sbin/tor		--	gen_context(system_u:object_r:tor_exec_t,s0)
-
-/var/lib/tor(/.*)?		gen_context(system_u:object_r:tor_var_lib_t,s0)
-/var/lib/tor-data(/.*)?		gen_context(system_u:object_r:tor_var_lib_t,s0)
-
-/var/log/tor(/.*)?		gen_context(system_u:object_r:tor_var_log_t,s0)
-
-/var/run/tor(/.*)?		gen_context(system_u:object_r:tor_var_run_t,s0)
diff --git a/policy/modules/services/tor.if b/policy/modules/services/tor.if
deleted file mode 100644
index 464347f..0000000
--- a/policy/modules/services/tor.if
+++ /dev/null
@@ -1,64 +0,0 @@
-## <summary>TOR, the onion router</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run TOR.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`tor_domtrans',`
-	gen_require(`
-		type tor_t, tor_exec_t;
-	')
-
-	domtrans_pattern($1, tor_exec_t, tor_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an tor environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the tor domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`tor_admin',`
-	gen_require(`
-		type tor_t, tor_var_log_t, tor_etc_t;
-		type tor_var_lib_t, tor_var_run_t;
-		type tor_initrc_exec_t;
-	')
-
-	allow $1 tor_t:process { ptrace signal_perms };
-	ps_process_pattern($1, tor_t)
-
-	init_labeled_script_domtrans($1, tor_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 tor_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, tor_etc_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, tor_var_lib_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, tor_var_log_t)
-
-	files_list_pids($1)
-	admin_pattern($1, tor_var_run_t)
-')
diff --git a/policy/modules/services/tor.te b/policy/modules/services/tor.te
deleted file mode 100644
index 7f0d9a9..0000000
--- a/policy/modules/services/tor.te
+++ /dev/null
@@ -1,116 +0,0 @@
-policy_module(tor, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow tor daemon to bind
-##	tcp sockets to all unreserved ports.
-##	</p>
-## </desc>
-gen_tunable(tor_bind_all_unreserved_ports, false)
-
-type tor_t;
-type tor_exec_t;
-init_daemon_domain(tor_t, tor_exec_t)
-
-# etc/tor
-type tor_etc_t;
-files_config_file(tor_etc_t)
-
-type tor_initrc_exec_t;
-init_script_file(tor_initrc_exec_t)
-
-# var/lib/tor
-type tor_var_lib_t;
-files_type(tor_var_lib_t)
-
-# log files
-type tor_var_log_t;
-logging_log_file(tor_var_log_t)
-
-# pid files
-type tor_var_run_t;
-files_pid_file(tor_var_run_t)
-
-########################################
-#
-# tor local policy
-#
-
-allow tor_t self:capability { setgid setuid sys_tty_config };
-allow tor_t self:process signal;
-allow tor_t self:fifo_file rw_fifo_file_perms;
-allow tor_t self:unix_stream_socket create_stream_socket_perms;
-allow tor_t self:netlink_route_socket r_netlink_socket_perms;
-allow tor_t self:tcp_socket create_stream_socket_perms;
-
-# configuration files
-allow tor_t tor_etc_t:dir list_dir_perms;
-read_files_pattern(tor_t, tor_etc_t, tor_etc_t)
-read_lnk_files_pattern(tor_t, tor_etc_t, tor_etc_t)
-
-# var/lib/tor files
-manage_dirs_pattern(tor_t, tor_var_lib_t, tor_var_lib_t)
-manage_files_pattern(tor_t, tor_var_lib_t, tor_var_lib_t)
-manage_sock_files_pattern(tor_t, tor_var_lib_t, tor_var_lib_t)
-files_usr_filetrans(tor_t, tor_var_lib_t, file)
-files_var_filetrans(tor_t, tor_var_lib_t, { file dir sock_file })
-files_var_lib_filetrans(tor_t, tor_var_lib_t, file)
-
-# log files
-allow tor_t tor_var_log_t:dir setattr;
-manage_files_pattern(tor_t, tor_var_log_t, tor_var_log_t)
-manage_sock_files_pattern(tor_t, tor_var_log_t, tor_var_log_t)
-logging_log_filetrans(tor_t, tor_var_log_t, { sock_file file dir })
-
-# pid file
-manage_dirs_pattern(tor_t, tor_var_run_t, tor_var_run_t)
-manage_files_pattern(tor_t, tor_var_run_t, tor_var_run_t)
-manage_sock_files_pattern(tor_t, tor_var_run_t, tor_var_run_t)
-files_pid_filetrans(tor_t, tor_var_run_t, { file sock_file dir })
-
-kernel_read_system_state(tor_t)
-
-# networking basics
-corenet_all_recvfrom_unlabeled(tor_t)
-corenet_all_recvfrom_netlabel(tor_t)
-corenet_tcp_sendrecv_generic_if(tor_t)
-corenet_tcp_sendrecv_generic_node(tor_t)
-corenet_tcp_sendrecv_all_ports(tor_t)
-corenet_tcp_sendrecv_all_reserved_ports(tor_t)
-corenet_tcp_bind_generic_node(tor_t)
-corenet_tcp_bind_tor_port(tor_t)
-corenet_sendrecv_tor_server_packets(tor_t)
-# TOR will need to connect to various ports
-corenet_tcp_connect_all_ports(tor_t)
-corenet_sendrecv_all_client_packets(tor_t)
-# ... especially including port 80 and other privileged ports
-corenet_tcp_connect_all_reserved_ports(tor_t)
-corenet_udp_bind_dns_port(tor_t)
-
-# tor uses crypto and needs random
-dev_read_urand(tor_t)
-
-domain_use_interactive_fds(tor_t)
-
-files_read_etc_files(tor_t)
-files_read_etc_runtime_files(tor_t)
-files_read_usr_files(tor_t)
-
-auth_use_nsswitch(tor_t)
-
-logging_send_syslog_msg(tor_t)
-
-miscfiles_read_localization(tor_t)
-
-tunable_policy(`tor_bind_all_unreserved_ports',`
-	corenet_tcp_bind_all_unreserved_ports(tor_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(tor_t)
-')
diff --git a/policy/modules/services/transproxy.fc b/policy/modules/services/transproxy.fc
deleted file mode 100644
index ce33f17..0000000
--- a/policy/modules/services/transproxy.fc
+++ /dev/null
@@ -1,3 +0,0 @@
-/usr/sbin/tproxy	--	gen_context(system_u:object_r:transproxy_exec_t,s0)
-
-/var/run/tproxy\.pid	--	gen_context(system_u:object_r:transproxy_var_run_t,s0)
diff --git a/policy/modules/services/transproxy.if b/policy/modules/services/transproxy.if
deleted file mode 100644
index 23323f9..0000000
--- a/policy/modules/services/transproxy.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>HTTP transperant proxy</summary>
diff --git a/policy/modules/services/transproxy.te b/policy/modules/services/transproxy.te
deleted file mode 100644
index 95cf0c0..0000000
--- a/policy/modules/services/transproxy.te
+++ /dev/null
@@ -1,65 +0,0 @@
-policy_module(transproxy, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type transproxy_t;
-type transproxy_exec_t;
-init_daemon_domain(transproxy_t, transproxy_exec_t)
-
-type transproxy_var_run_t;
-files_pid_file(transproxy_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow transproxy_t self:capability { setgid setuid };
-dontaudit transproxy_t self:capability sys_tty_config;
-allow transproxy_t self:process signal_perms;
-allow transproxy_t self:tcp_socket create_stream_socket_perms;
-
-manage_files_pattern(transproxy_t, transproxy_var_run_t, transproxy_var_run_t)
-files_pid_filetrans(transproxy_t, transproxy_var_run_t, file)
-
-kernel_read_kernel_sysctls(transproxy_t)
-kernel_list_proc(transproxy_t)
-kernel_read_proc_symlinks(transproxy_t)
-
-corenet_all_recvfrom_unlabeled(transproxy_t)
-corenet_all_recvfrom_netlabel(transproxy_t)
-corenet_tcp_sendrecv_generic_if(transproxy_t)
-corenet_tcp_sendrecv_generic_node(transproxy_t)
-corenet_tcp_sendrecv_all_ports(transproxy_t)
-corenet_tcp_bind_generic_node(transproxy_t)
-corenet_tcp_bind_transproxy_port(transproxy_t)
-corenet_sendrecv_transproxy_server_packets(transproxy_t)
-
-dev_read_sysfs(transproxy_t)
-
-domain_use_interactive_fds(transproxy_t)
-
-files_read_etc_files(transproxy_t)
-
-fs_getattr_all_fs(transproxy_t)
-fs_search_auto_mountpoints(transproxy_t)
-
-logging_send_syslog_msg(transproxy_t)
-
-miscfiles_read_localization(transproxy_t)
-
-sysnet_read_config(transproxy_t)
-
-userdom_dontaudit_use_unpriv_user_fds(transproxy_t)
-userdom_dontaudit_search_user_home_dirs(transproxy_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(transproxy_t)
-')
-
-optional_policy(`
-	udev_read_db(transproxy_t)
-')
diff --git a/policy/modules/services/tuned.fc b/policy/modules/services/tuned.fc
deleted file mode 100644
index 639c962..0000000
--- a/policy/modules/services/tuned.fc
+++ /dev/null
@@ -1,8 +0,0 @@
-/etc/rc\.d/init\.d/tuned	--	gen_context(system_u:object_r:tuned_initrc_exec_t,s0)
-
-/usr/sbin/tuned			--	gen_context(system_u:object_r:tuned_exec_t,s0)
-
-/var/log/tuned(/.*)?			gen_context(system_u:object_r:tuned_log_t,s0)
-/var/log/tuned\.log		--	gen_context(system_u:object_r:tuned_log_t,s0)
-
-/var/run/tuned\.pid		--	gen_context(system_u:object_r:tuned_var_run_t,s0)
diff --git a/policy/modules/services/tuned.if b/policy/modules/services/tuned.if
deleted file mode 100644
index 752697f..0000000
--- a/policy/modules/services/tuned.if
+++ /dev/null
@@ -1,128 +0,0 @@
-## <summary>Dynamic adaptive system tuning daemon</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run tuned.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`tuned_domtrans',`
-	gen_require(`
-		type tuned_t, tuned_exec_t;
-	')
-
-	domtrans_pattern($1, tuned_exec_t, tuned_t)
-')
-
-#######################################
-## <summary>
-##	Execute tuned in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`tuned_exec',`
-	gen_require(`
-		type tuned_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, tuned_exec_t)
-')
-
-######################################
-## <summary>
-##	Read tuned PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`tuned_read_pid_files',`
-	gen_require(`
-		type tuned_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, tuned_var_run_t, tuned_var_run_t)
-')
-
-#######################################
-## <summary>
-##	Manage tuned PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`tuned_manage_pid_files',`
-	gen_require(`
-		type tuned_var_run_t;
-	')
-
-	files_search_pids($1)
-	manage_files_pattern($1, tuned_var_run_t, tuned_var_run_t)
-')
-
-########################################
-## <summary>
-##	Execute tuned server in the tuned domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`tuned_initrc_domtrans',`
-	gen_require(`
-		type tuned_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, tuned_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an tuned environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`tuned_admin',`
-	gen_require(`
-		type tuned_t, tuned_var_run_t, tuned_initrc_exec_t;
-	')
-
-	allow $1 tuned_t:process { ptrace signal_perms };
-	ps_process_pattern($1, tuned_t)
-
-	tuned_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 tuned_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_pids($1)
-	admin_pattern($1, tuned_var_run_t)
-')
diff --git a/policy/modules/services/tuned.te b/policy/modules/services/tuned.te
deleted file mode 100644
index b3983a9..0000000
--- a/policy/modules/services/tuned.te
+++ /dev/null
@@ -1,69 +0,0 @@
-policy_module(tuned, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type tuned_t;
-type tuned_exec_t;
-init_daemon_domain(tuned_t, tuned_exec_t)
-
-type tuned_initrc_exec_t;
-init_script_file(tuned_initrc_exec_t)
-
-type tuned_log_t;
-logging_log_file(tuned_log_t)
-
-type tuned_var_run_t;
-files_pid_file(tuned_var_run_t)
-
-########################################
-#
-# tuned local policy
-#
-
-dontaudit tuned_t self:capability { dac_override sys_tty_config };
-allow tuned_t self:fifo_file rw_fifo_file_perms;
-
-manage_dirs_pattern(tuned_t, tuned_log_t, tuned_log_t)
-manage_files_pattern(tuned_t, tuned_log_t, tuned_log_t)
-logging_log_filetrans(tuned_t, tuned_log_t, file)
-
-manage_files_pattern(tuned_t, tuned_var_run_t, tuned_var_run_t)
-files_pid_filetrans(tuned_t, tuned_var_run_t, file)
-
-corecmd_exec_shell(tuned_t)
-corecmd_exec_bin(tuned_t)
-
-kernel_read_system_state(tuned_t)
-kernel_read_network_state(tuned_t)
-
-dev_read_urand(tuned_t)
-dev_read_sysfs(tuned_t)
-# to allow cpu tuning
-dev_rw_netcontrol(tuned_t)
-
-files_read_etc_files(tuned_t)
-files_read_usr_files(tuned_t)
-files_dontaudit_search_home(tuned_t)
-
-logging_send_syslog_msg(tuned_t)
-
-miscfiles_read_localization(tuned_t)
-
-userdom_dontaudit_search_user_home_dirs(tuned_t)
-
-# to allow disk tuning
-optional_policy(`
-	fstools_domtrans(tuned_t)
-')
-
-optional_policy(`
-	gnome_dontaudit_search_config(tuned_t)
-')
-
-# to allow network interface tuning
-optional_policy(`
-	sysnet_domtrans_ifconfig(tuned_t)
-')
diff --git a/policy/modules/services/ucspitcp.fc b/policy/modules/services/ucspitcp.fc
deleted file mode 100644
index 667d0b5..0000000
--- a/policy/modules/services/ucspitcp.fc
+++ /dev/null
@@ -1,3 +0,0 @@
-
-/usr/bin/rblsmtpd	--	gen_context(system_u:object_r:rblsmtpd_exec_t,s0)
-/usr/bin/tcpserver	--	gen_context(system_u:object_r:ucspitcp_exec_t,s0)
diff --git a/policy/modules/services/ucspitcp.if b/policy/modules/services/ucspitcp.if
deleted file mode 100644
index 1f6f55b..0000000
--- a/policy/modules/services/ucspitcp.if
+++ /dev/null
@@ -1,35 +0,0 @@
-## <summary>ucspitcp policy</summary>
-## <desc>
-##	<p>
-##	Policy for DJB's ucspi-tcpd
-##	</p>
-## </desc>
-
-########################################
-## <summary>
-##	Define a specified domain as a ucspitcp service.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="entrypoint">
-##	<summary>
-##	The type associated with the process program.
-##	</summary>
-## </param>
-#
-interface(`ucspitcp_service_domain',`
-	gen_require(`
-		type ucspitcp_t;
-		role system_r;
-	')
-
-	domain_type($1)
-	domain_entry_file($1, $2)
-
-	role system_r types $1;
-
-	domtrans_pattern(ucspitcp_t, $2, $1)
-')
diff --git a/policy/modules/services/ucspitcp.te b/policy/modules/services/ucspitcp.te
deleted file mode 100644
index 37c056b..0000000
--- a/policy/modules/services/ucspitcp.te
+++ /dev/null
@@ -1,93 +0,0 @@
-policy_module(ucspitcp, 1.3.0)
-
-########################################
-#
-# Declarations
-#
-
-type rblsmtpd_t;
-type rblsmtpd_exec_t;
-init_system_domain(rblsmtpd_t, rblsmtpd_exec_t)
-
-type ucspitcp_t;
-type ucspitcp_exec_t;
-init_system_domain(ucspitcp_t, ucspitcp_exec_t)
-
-########################################
-#
-# Local policy for rblsmtpd
-#
-
-ucspitcp_service_domain(rblsmtpd_t, rblsmtpd_exec_t)
-
-corecmd_search_bin(rblsmtpd_t)
-
-corenet_all_recvfrom_unlabeled(rblsmtpd_t)
-corenet_all_recvfrom_netlabel(rblsmtpd_t)
-corenet_tcp_sendrecv_generic_if(rblsmtpd_t)
-corenet_udp_sendrecv_generic_if(rblsmtpd_t)
-corenet_tcp_sendrecv_generic_node(rblsmtpd_t)
-corenet_udp_sendrecv_generic_node(rblsmtpd_t)
-corenet_tcp_sendrecv_all_ports(rblsmtpd_t)
-corenet_udp_sendrecv_all_ports(rblsmtpd_t)
-corenet_tcp_bind_generic_node(rblsmtpd_t)
-corenet_udp_bind_generic_port(rblsmtpd_t)
-
-files_read_etc_files(rblsmtpd_t)
-files_search_var(rblsmtpd_t)
-
-optional_policy(`
-	daemontools_ipc_domain(rblsmtpd_t)
-')
-
-########################################
-#
-# Local policy for tcpserver
-#
-
-allow ucspitcp_t self:capability { setgid setuid };
-allow ucspitcp_t self:fifo_file rw_fifo_file_perms;
-allow ucspitcp_t self:tcp_socket create_stream_socket_perms;
-allow ucspitcp_t self:udp_socket create_socket_perms;
-
-corecmd_search_bin(ucspitcp_t)
-
-# base networking:
-corenet_all_recvfrom_unlabeled(ucspitcp_t)
-corenet_all_recvfrom_netlabel(ucspitcp_t)
-corenet_tcp_sendrecv_generic_if(ucspitcp_t)
-corenet_udp_sendrecv_generic_if(ucspitcp_t)
-corenet_tcp_sendrecv_generic_node(ucspitcp_t)
-corenet_udp_sendrecv_generic_node(ucspitcp_t)
-corenet_tcp_sendrecv_all_ports(ucspitcp_t)
-corenet_udp_sendrecv_all_ports(ucspitcp_t)
-corenet_tcp_bind_generic_node(ucspitcp_t)
-corenet_udp_bind_generic_node(ucspitcp_t)
-
-# server ports:
-corenet_tcp_bind_ftp_port(ucspitcp_t)
-corenet_tcp_bind_ftp_data_port(ucspitcp_t)
-corenet_tcp_bind_http_port(ucspitcp_t)
-corenet_tcp_bind_smtp_port(ucspitcp_t)
-corenet_tcp_bind_dns_port(ucspitcp_t)
-corenet_udp_bind_dns_port(ucspitcp_t)
-corenet_udp_bind_generic_port(ucspitcp_t)
-
-# server packets:
-corenet_sendrecv_ftp_server_packets(ucspitcp_t)
-corenet_sendrecv_http_server_packets(ucspitcp_t)
-corenet_sendrecv_smtp_server_packets(ucspitcp_t)
-corenet_sendrecv_dns_server_packets(ucspitcp_t)
-corenet_sendrecv_generic_server_packets(ucspitcp_t)
-
-files_search_var(ucspitcp_t)
-files_read_etc_files(ucspitcp_t)
-
-sysnet_read_config(ucspitcp_t)
-
-optional_policy(`
-	daemontools_service_domain(ucspitcp_t, ucspitcp_exec_t)
-	daemontools_sigchld_run(ucspitcp_t)
-	daemontools_read_svc(ucspitcp_t)
-')
-
diff --git a/policy/modules/services/ulogd.fc b/policy/modules/services/ulogd.fc
deleted file mode 100644
index 831b4a3..0000000
--- a/policy/modules/services/ulogd.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-/etc/rc\.d/init\.d/ulogd	--	gen_context(system_u:object_r:ulogd_initrc_exec_t,s0)
-/etc/ulogd.conf			--	gen_context(system_u:object_r:ulogd_etc_t,s0)
-
-/usr/lib/ulogd(/.*)?			gen_context(system_u:object_r:ulogd_modules_t,s0)	
-/usr/sbin/ulogd			--	gen_context(system_u:object_r:ulogd_exec_t,s0)
-
-/var/log/ulogd(/.*)?			gen_context(system_u:object_r:ulogd_var_log_t,s0)
diff --git a/policy/modules/services/ulogd.if b/policy/modules/services/ulogd.if
deleted file mode 100644
index fd72fe8..0000000
--- a/policy/modules/services/ulogd.if
+++ /dev/null
@@ -1,142 +0,0 @@
-## <summary>Iptables/netfilter userspace logging daemon.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run ulogd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ulogd_domtrans',`
-	gen_require(`
-		type ulogd_t, ulogd_exec_t;
-	')
-
-	domtrans_pattern($1, ulogd_exec_t, ulogd_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	ulogd configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ulogd_read_config',`
-	gen_require(`
-		type ulogd_etc_t;
-	')
-
-	files_search_etc($1)
-	read_files_pattern($1, ulogd_etc_t, ulogd_etc_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read ulogd's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ulogd_read_log',`
-	gen_require(`
-		type ulogd_var_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 ulogd_var_log_t:dir list_dir_perms;
-	read_files_pattern($1, ulogd_var_log_t, ulogd_var_log_t)
-')
-
-#######################################
-## <summary>
-##	Allow the specified domain to search ulogd's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ulogd_search_log',`
-	gen_require(`
-		type ulogd_var_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 ulogd_var_log_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to append to ulogd's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ulogd_append_log',`
-	gen_require(`
-		type ulogd_var_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 ulogd_var_log_t:dir list_dir_perms;
-	allow $1 ulogd_var_log_t:file append_file_perms;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an ulogd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the syslog domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ulogd_admin',`
-	gen_require(`
-		type ulogd_t, ulogd_etc_t, ulogd_modules_t;
-		type ulogd_var_log_t, ulogd_initrc_exec_t;
-	')
-
-	allow $1 ulogd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, ulogd_t)
-
-	init_labeled_script_domtrans($1, ulogd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 ulogd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, ulogd_etc_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, ulogd_var_log_t)
-
-	files_list_usr($1)
-	admin_pattern($1, ulogd_modules_t)
-')
diff --git a/policy/modules/services/ulogd.te b/policy/modules/services/ulogd.te
deleted file mode 100644
index ef97cb3..0000000
--- a/policy/modules/services/ulogd.te
+++ /dev/null
@@ -1,64 +0,0 @@
-policy_module(ulogd, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type ulogd_t;
-type ulogd_exec_t;
-init_daemon_domain(ulogd_t, ulogd_exec_t)
-
-# config files
-type ulogd_etc_t;
-files_type(ulogd_etc_t)
-
-type ulogd_initrc_exec_t;
-init_script_file(ulogd_initrc_exec_t)
-
-# /usr/lib files
-type ulogd_modules_t;
-files_type(ulogd_modules_t)
-
-# log files
-type ulogd_var_log_t;
-logging_log_file(ulogd_var_log_t)
-
-########################################
-#
-# ulogd local policy
-#
-
-allow ulogd_t self:capability net_admin;
-allow ulogd_t self:netlink_nflog_socket create_socket_perms;
-allow ulogd_t self:netlink_route_socket r_netlink_socket_perms;
-allow ulogd_t self:tcp_socket { create_stream_socket_perms connect };
-allow ulogd_t self:udp_socket create_socket_perms;
-
-# config files
-read_files_pattern(ulogd_t, ulogd_etc_t, ulogd_etc_t)
-
-# modules for ulogd
-list_dirs_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)
-mmap_files_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)
-
-# log files
-manage_files_pattern(ulogd_t, ulogd_var_log_t, ulogd_var_log_t)
-logging_log_filetrans(ulogd_t, ulogd_var_log_t, file)
-
-files_read_etc_files(ulogd_t)
-files_read_usr_files(ulogd_t)
-
-miscfiles_read_localization(ulogd_t)
-
-sysnet_dns_name_resolve(ulogd_t)
-
-optional_policy(`
-	mysql_stream_connect(ulogd_t)
-	mysql_tcp_connect(ulogd_t)
-')
-
-optional_policy(`
-	postgresql_stream_connect(ulogd_t)
-	postgresql_tcp_connect(ulogd_t)
-')
diff --git a/policy/modules/services/uptime.fc b/policy/modules/services/uptime.fc
deleted file mode 100644
index e30d6fc..0000000
--- a/policy/modules/services/uptime.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-
-/etc/uptimed\.conf	--	gen_context(system_u:object_r:uptimed_etc_t,s0)
-
-/usr/sbin/uptimed	--	gen_context(system_u:object_r:uptimed_exec_t,s0)
-
-/var/spool/uptimed(/.*)?	gen_context(system_u:object_r:uptimed_spool_t,s0)
diff --git a/policy/modules/services/uptime.if b/policy/modules/services/uptime.if
deleted file mode 100644
index 447abf7..0000000
--- a/policy/modules/services/uptime.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>Uptime daemon</summary>
diff --git a/policy/modules/services/uptime.te b/policy/modules/services/uptime.te
deleted file mode 100644
index 037a1e8..0000000
--- a/policy/modules/services/uptime.te
+++ /dev/null
@@ -1,73 +0,0 @@
-policy_module(uptime, 1.4.0)
-
-########################################
-#
-# Declarations
-#
-
-type uptimed_t;
-type uptimed_exec_t;
-init_daemon_domain(uptimed_t, uptimed_exec_t)
-
-type uptimed_etc_t alias etc_uptimed_t;
-files_config_file(uptimed_etc_t)
-
-type uptimed_spool_t;
-files_type(uptimed_spool_t)
-
-type uptimed_var_run_t;
-files_pid_file(uptimed_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-dontaudit uptimed_t self:capability sys_tty_config;
-allow uptimed_t self:process signal_perms;
-allow uptimed_t self:fifo_file write_fifo_file_perms;
-
-allow uptimed_t uptimed_etc_t:file read_file_perms;
-files_search_etc(uptimed_t)
-
-allow uptimed_t uptimed_spool_t:file manage_file_perms;
-
-manage_files_pattern(uptimed_t, uptimed_var_run_t, uptimed_var_run_t)
-files_pid_filetrans(uptimed_t, uptimed_var_run_t, file)
-
-manage_dirs_pattern(uptimed_t, uptimed_spool_t, uptimed_spool_t)
-manage_files_pattern(uptimed_t, uptimed_spool_t, uptimed_spool_t)
-files_spool_filetrans(uptimed_t, uptimed_spool_t, { dir file })
-
-kernel_read_system_state(uptimed_t)
-kernel_read_kernel_sysctls(uptimed_t)
-
-corecmd_exec_shell(uptimed_t)
-
-dev_read_sysfs(uptimed_t)
-
-domain_use_interactive_fds(uptimed_t)
-
-files_read_etc_runtime_files(uptimed_t)
-
-fs_getattr_all_fs(uptimed_t)
-fs_search_auto_mountpoints(uptimed_t)
-
-logging_send_syslog_msg(uptimed_t)
-
-miscfiles_read_localization(uptimed_t)
-
-userdom_dontaudit_use_unpriv_user_fds(uptimed_t)
-userdom_dontaudit_search_user_home_dirs(uptimed_t)
-
-optional_policy(`
-	mta_send_mail(uptimed_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(uptimed_t)
-')
-
-optional_policy(`
-	udev_read_db(uptimed_t)
-')
diff --git a/policy/modules/services/usbmuxd.fc b/policy/modules/services/usbmuxd.fc
deleted file mode 100644
index 40b8b8d..0000000
--- a/policy/modules/services/usbmuxd.fc
+++ /dev/null
@@ -1,3 +0,0 @@
-/usr/sbin/usbmuxd	--	gen_context(system_u:object_r:usbmuxd_exec_t,s0)
-
-/var/run/usbmuxd.*	 	gen_context(system_u:object_r:usbmuxd_var_run_t,s0)
diff --git a/policy/modules/services/usbmuxd.if b/policy/modules/services/usbmuxd.if
deleted file mode 100644
index 53792d3..0000000
--- a/policy/modules/services/usbmuxd.if
+++ /dev/null
@@ -1,39 +0,0 @@
-## <summary>USB multiplexing daemon for communicating with Apple iPod Touch and iPhone</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run usbmuxd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`usbmuxd_domtrans',`
-	gen_require(`
-		type usbmuxd_t, usbmuxd_exec_t;
-	')
-
-	domtrans_pattern($1, usbmuxd_exec_t, usbmuxd_t)
-')
-
-#####################################
-## <summary>
-##	Connect to usbmuxd over a unix domain
-##	stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`usbmuxd_stream_connect',`
-	gen_require(`
-		type usbmuxd_t, usbmuxd_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, usbmuxd_var_run_t, usbmuxd_var_run_t, usbmuxd_t)
-')
diff --git a/policy/modules/services/usbmuxd.te b/policy/modules/services/usbmuxd.te
deleted file mode 100644
index edfbe55..0000000
--- a/policy/modules/services/usbmuxd.te
+++ /dev/null
@@ -1,42 +0,0 @@
-policy_module(usbmuxd, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type usbmuxd_t;
-type usbmuxd_exec_t;
-application_domain(usbmuxd_t, usbmuxd_exec_t)
-role system_r types usbmuxd_t;
-
-type usbmuxd_var_run_t;
-files_pid_file(usbmuxd_var_run_t)
-
-########################################
-#
-# usbmuxd local policy
-#
-
-allow usbmuxd_t self:capability { kill setgid setuid };
-allow usbmuxd_t self:process { fork signal signull };
-allow usbmuxd_t self:fifo_file rw_fifo_file_perms;
-
-manage_dirs_pattern(usbmuxd_t, usbmuxd_var_run_t, usbmuxd_var_run_t)
-manage_files_pattern(usbmuxd_t, usbmuxd_var_run_t, usbmuxd_var_run_t)
-manage_sock_files_pattern(usbmuxd_t, usbmuxd_var_run_t, usbmuxd_var_run_t)
-files_pid_filetrans(usbmuxd_t, usbmuxd_var_run_t, { file dir sock_file })
-
-kernel_read_kernel_sysctls(usbmuxd_t)
-kernel_read_system_state(usbmuxd_t)
-
-dev_read_sysfs(usbmuxd_t)
-dev_rw_generic_usb_dev(usbmuxd_t)
-
-files_read_etc_files(usbmuxd_t)
-
-miscfiles_read_localization(usbmuxd_t)
-
-auth_use_nsswitch(usbmuxd_t)
-
-logging_send_syslog_msg(usbmuxd_t)
diff --git a/policy/modules/services/uucp.fc b/policy/modules/services/uucp.fc
deleted file mode 100644
index e1c0d8d..0000000
--- a/policy/modules/services/uucp.fc
+++ /dev/null
@@ -1,11 +0,0 @@
-
-/usr/bin/uux 		--	gen_context(system_u:object_r:uux_exec_t,s0)
-
-/usr/sbin/uucico	--	gen_context(system_u:object_r:uucpd_exec_t,s0)
-
-/var/spool/uucp(/.*)?		gen_context(system_u:object_r:uucpd_spool_t,s0)
-/var/spool/uucppublic(/.*)?	gen_context(system_u:object_r:uucpd_spool_t,s0)
-
-/var/lock/uucp(/.*)?		gen_context(system_u:object_r:uucpd_lock_t,s0)
-
-/var/log/uucp(/.*)?		gen_context(system_u:object_r:uucpd_log_t,s0)
diff --git a/policy/modules/services/uucp.if b/policy/modules/services/uucp.if
deleted file mode 100644
index a717e2d..0000000
--- a/policy/modules/services/uucp.if
+++ /dev/null
@@ -1,120 +0,0 @@
-## <summary>Unix to Unix Copy</summary>
-
-########################################
-## <summary>
-##	Execute the uucico program in the
-##	uucpd_t domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`uucp_domtrans',`
-	gen_require(`
-		type uucpd_t, uucpd_exec_t;
-	')
-
-	domtrans_pattern($1, uucpd_exec_t, uucpd_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to append
-##	to uucp log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`uucp_append_log',`
-	gen_require(`
-		type uucpd_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 uucpd_log_t:dir list_dir_perms;
-	append_files_pattern($1, uucpd_log_t, uucpd_log_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete uucp spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`uucp_manage_spool',`
-	gen_require(`
-		type uucpd_spool_t;
-	')
-
-	files_search_spool($1)
-	manage_dirs_pattern($1, uucpd_spool_t, uucpd_spool_t)
-	manage_files_pattern($1, uucpd_spool_t, uucpd_spool_t)
-	manage_lnk_files_pattern($1, uucpd_spool_t, uucpd_spool_t)
-')
-
-########################################
-## <summary>
-##	Execute the master uux program in the
-##	uux_t domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`uucp_domtrans_uux',`
-	gen_require(`
-		type uux_t, uux_exec_t;
-	')
-
-	domtrans_pattern($1, uux_exec_t, uux_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an uucp environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`uucp_admin',`
-	gen_require(`
-		type uucpd_t, uucpd_tmp_t, uucpd_log_t;
-		type uucpd_spool_t, uucpd_ro_t, uucpd_rw_t;
-		type uucpd_var_run_t;
-	')
-
-	allow $1 uucpd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, uucpd_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, uucpd_log_t)
-
-	files_list_spool($1)
-	admin_pattern($1, uucpd_spool_t)
-
-	admin_pattern($1, uucpd_ro_t)
-
-	admin_pattern($1, uucpd_rw_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, uucpd_tmp_t)
-
-	files_list_pids($1)
-	admin_pattern($1, uucpd_var_run_t)
-')
diff --git a/policy/modules/services/uucp.te b/policy/modules/services/uucp.te
deleted file mode 100644
index 1e40c2a..0000000
--- a/policy/modules/services/uucp.te
+++ /dev/null
@@ -1,149 +0,0 @@
-policy_module(uucp, 1.11.0)
-
-########################################
-#
-# Declarations
-#
-type uucpd_t;
-type uucpd_exec_t;
-inetd_tcp_service_domain(uucpd_t, uucpd_exec_t)
-
-type uucpd_lock_t;
-files_lock_file(uucpd_lock_t)
-
-type uucpd_tmp_t;
-files_tmp_file(uucpd_tmp_t)
-
-type uucpd_var_run_t;
-files_pid_file(uucpd_var_run_t)
-
-type uucpd_rw_t;
-files_type(uucpd_rw_t)
-
-type uucpd_ro_t;
-files_type(uucpd_ro_t)
-
-type uucpd_spool_t;
-files_type(uucpd_spool_t)
-
-type uucpd_log_t;
-logging_log_file(uucpd_log_t)
-
-type uux_t;
-type uux_exec_t;
-application_domain(uux_t, uux_exec_t)
-role system_r types uux_t;
-
-########################################
-#
-# UUCPd Local policy
-#
-allow uucpd_t self:capability { setuid setgid };
-allow uucpd_t self:process signal_perms;
-allow uucpd_t self:fifo_file rw_fifo_file_perms;
-allow uucpd_t self:tcp_socket connected_stream_socket_perms;
-allow uucpd_t self:udp_socket create_socket_perms;
-allow uucpd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-
-allow uucpd_t uucpd_log_t:dir setattr;
-manage_files_pattern(uucpd_t, uucpd_log_t, uucpd_log_t)
-logging_log_filetrans(uucpd_t, uucpd_log_t, { file dir })
-
-allow uucpd_t uucpd_ro_t:dir list_dir_perms;
-read_files_pattern(uucpd_t, uucpd_ro_t, uucpd_ro_t)
-read_lnk_files_pattern(uucpd_t, uucpd_ro_t, uucpd_ro_t)
-
-manage_dirs_pattern(uucpd_t, uucpd_rw_t, uucpd_rw_t)
-manage_files_pattern(uucpd_t, uucpd_rw_t, uucpd_rw_t)
-manage_lnk_files_pattern(uucpd_t, uucpd_rw_t, uucpd_rw_t)
-
-uucp_manage_spool(uucpd_t)
-
-manage_dirs_pattern(uucpd_t, uucpd_lock_t, uucpd_lock_t)
-manage_files_pattern(uucpd_t, uucpd_lock_t, uucpd_lock_t)
-files_search_locks(uucpd_t)
-
-manage_dirs_pattern(uucpd_t, uucpd_tmp_t, uucpd_tmp_t)
-manage_files_pattern(uucpd_t, uucpd_tmp_t, uucpd_tmp_t)
-files_tmp_filetrans(uucpd_t, uucpd_tmp_t, { file dir })
-
-manage_files_pattern(uucpd_t, uucpd_var_run_t, uucpd_var_run_t)
-files_pid_filetrans(uucpd_t, uucpd_var_run_t, file)
-
-kernel_read_kernel_sysctls(uucpd_t)
-kernel_read_system_state(uucpd_t)
-kernel_read_network_state(uucpd_t)
-
-corenet_all_recvfrom_unlabeled(uucpd_t)
-corenet_all_recvfrom_netlabel(uucpd_t)
-corenet_tcp_sendrecv_generic_if(uucpd_t)
-corenet_udp_sendrecv_generic_if(uucpd_t)
-corenet_tcp_sendrecv_generic_node(uucpd_t)
-corenet_udp_sendrecv_generic_node(uucpd_t)
-corenet_tcp_sendrecv_all_ports(uucpd_t)
-corenet_udp_sendrecv_all_ports(uucpd_t)
-corenet_tcp_connect_ssh_port(uucpd_t)
-
-dev_read_urand(uucpd_t)
-
-fs_getattr_xattr_fs(uucpd_t)
-
-corecmd_exec_bin(uucpd_t)
-corecmd_exec_shell(uucpd_t)
-
-files_read_etc_files(uucpd_t)
-files_search_home(uucpd_t)
-files_search_spool(uucpd_t)
-
-term_setattr_controlling_term(uucpd_t)
-
-auth_use_nsswitch(uucpd_t)
-
-logging_send_syslog_msg(uucpd_t)
-
-miscfiles_read_localization(uucpd_t)
-
-mta_send_mail(uucpd_t)
-
-optional_policy(`
-	cron_system_entry(uucpd_t, uucpd_exec_t)
-')
-
-optional_policy(`
-	kerberos_use(uucpd_t)
-')
-
-optional_policy(`
-	ssh_exec(uucpd_t)
-')
-
-########################################
-#
-# UUX Local policy
-#
-
-allow uux_t self:capability { setuid setgid };
-allow uux_t self:fifo_file write_fifo_file_perms;
-
-uucp_append_log(uux_t)
-uucp_manage_spool(uux_t)
-
-corecmd_exec_bin(uux_t)
-
-files_read_etc_files(uux_t)
-
-fs_rw_anon_inodefs_files(uux_t)
-
-logging_send_syslog_msg(uux_t)
-
-miscfiles_read_localization(uux_t)
-
-optional_policy(`
-	mta_send_mail(uux_t)
-	mta_read_queue(uux_t)
-	sendmail_dontaudit_rw_unix_stream_sockets(uux_t)
-')
-
-optional_policy(`
-	nscd_socket_use(uux_t)
-')
diff --git a/policy/modules/services/uwimap.fc b/policy/modules/services/uwimap.fc
deleted file mode 100644
index 43bdef0..0000000
--- a/policy/modules/services/uwimap.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-
-/usr/sbin/imapd		-- 	gen_context(system_u:object_r:imapd_exec_t,s0)
diff --git a/policy/modules/services/uwimap.if b/policy/modules/services/uwimap.if
deleted file mode 100644
index 8337684..0000000
--- a/policy/modules/services/uwimap.if
+++ /dev/null
@@ -1,20 +0,0 @@
-## <summary>University of Washington IMAP toolkit POP3 and IMAP mail server</summary>
-
-########################################
-## <summary>
-##	Execute the UW IMAP/POP3 servers with a domain transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`uwimap_domtrans',`
-	gen_require(`
-		type imapd_t, imapd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, imapd_exec_t, imapd_t)
-')
diff --git a/policy/modules/services/uwimap.te b/policy/modules/services/uwimap.te
deleted file mode 100644
index 41fa663..0000000
--- a/policy/modules/services/uwimap.te
+++ /dev/null
@@ -1,95 +0,0 @@
-policy_module(uwimap, 1.8.0)
-
-########################################
-#
-# Declarations
-#
-
-type imapd_t;
-type imapd_exec_t;
-init_daemon_domain(imapd_t, imapd_exec_t)
-inetd_tcp_service_domain(imapd_t, imapd_exec_t)
-
-type imapd_tmp_t;
-files_tmp_file(imapd_tmp_t)
-
-type imapd_var_run_t;
-files_pid_file(imapd_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow imapd_t self:capability { dac_override net_bind_service setgid setuid sys_resource };
-dontaudit imapd_t self:capability sys_tty_config;
-allow imapd_t self:process signal_perms;
-allow imapd_t self:fifo_file rw_fifo_file_perms;
-allow imapd_t self:tcp_socket create_stream_socket_perms;
-
-manage_dirs_pattern(imapd_t, imapd_tmp_t, imapd_tmp_t)
-manage_files_pattern(imapd_t, imapd_tmp_t, imapd_tmp_t)
-files_tmp_filetrans(imapd_t, imapd_tmp_t, { file dir })
-
-manage_files_pattern(imapd_t, imapd_var_run_t, imapd_var_run_t)
-files_pid_filetrans(imapd_t, imapd_var_run_t, file)
-
-kernel_read_kernel_sysctls(imapd_t)
-kernel_list_proc(imapd_t)
-kernel_read_proc_symlinks(imapd_t)
-
-corenet_all_recvfrom_unlabeled(imapd_t)
-corenet_all_recvfrom_netlabel(imapd_t)
-corenet_tcp_sendrecv_generic_if(imapd_t)
-corenet_tcp_sendrecv_generic_node(imapd_t)
-corenet_tcp_sendrecv_all_ports(imapd_t)
-corenet_tcp_bind_generic_node(imapd_t)
-corenet_tcp_bind_pop_port(imapd_t)
-corenet_tcp_connect_all_ports(imapd_t)
-corenet_sendrecv_pop_server_packets(imapd_t)
-corenet_sendrecv_all_client_packets(imapd_t)
-
-dev_read_sysfs(imapd_t)
-#urandom, for ssl
-dev_read_rand(imapd_t)
-dev_read_urand(imapd_t)
-
-domain_use_interactive_fds(imapd_t)
-
-#read /etc/ for hostname nsswitch.conf
-files_read_etc_files(imapd_t)
-
-fs_getattr_all_fs(imapd_t)
-fs_search_auto_mountpoints(imapd_t)
-
-auth_domtrans_chk_passwd(imapd_t)
-
-logging_send_syslog_msg(imapd_t)
-
-miscfiles_read_localization(imapd_t)
-
-sysnet_read_config(imapd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(imapd_t)
-# cjp: this is excessive, should be limited to the
-# mail directories
-userdom_manage_user_home_content_dirs(imapd_t)
-userdom_manage_user_home_content_files(imapd_t)
-userdom_manage_user_home_content_symlinks(imapd_t)
-userdom_manage_user_home_content_pipes(imapd_t)
-userdom_manage_user_home_content_sockets(imapd_t)
-userdom_user_home_dir_filetrans_user_home_content(imapd_t, { dir file lnk_file fifo_file sock_file })
-
-mta_rw_spool(imapd_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(imapd_t)
-')
-
-optional_policy(`
-	tcpd_wrapped_domain(imapd_t, imapd_exec_t)
-')
-
-optional_policy(`
-	udev_read_db(imapd_t)
-')
diff --git a/policy/modules/services/varnishd.fc b/policy/modules/services/varnishd.fc
deleted file mode 100644
index 194d123..0000000
--- a/policy/modules/services/varnishd.fc
+++ /dev/null
@@ -1,18 +0,0 @@
-/etc/rc\.d/init\.d/varnish	--	gen_context(system_u:object_r:varnishd_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/varnishlog	--	gen_context(system_u:object_r:varnishlog_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/varnishncsa	--	gen_context(system_u:object_r:varnishlog_initrc_exec_t,s0)
-
-/etc/varnish(/.*)?			gen_context(system_u:object_r:varnishd_etc_t,s0)
-
-/usr/bin/varnishlog		--	gen_context(system_u:object_r:varnishlog_exec_t,s0)
-/usr/bin/varnisncsa		--	gen_context(system_u:object_r:varnishlog_exec_t,s0)
-
-/usr/sbin/varnishd		--	gen_context(system_u:object_r:varnishd_exec_t,s0)
-
-/var/lib/varnish(/.*)?			gen_context(system_u:object_r:varnishd_var_lib_t,s0)
-
-/var/log/varnish(/.*)?			gen_context(system_u:object_r:varnishlog_log_t,s0)
-
-/var/run/varnish\.pid		--	gen_context(system_u:object_r:varnishd_var_run_t,s0)
-/var/run/varnishlog\.pid	--	gen_context(system_u:object_r:varnishlog_var_run_t,s0)
-/var/run/varnishncsa\.pid	--	gen_context(system_u:object_r:varnishlog_var_run_t,s0)
diff --git a/policy/modules/services/varnishd.if b/policy/modules/services/varnishd.if
deleted file mode 100644
index fe5ce10..0000000
--- a/policy/modules/services/varnishd.if
+++ /dev/null
@@ -1,216 +0,0 @@
-## <summary>Varnishd http accelerator daemon</summary>
-
-#######################################
-## <summary>
-##	Execute varnishd in the varnishd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`varnishd_domtrans',`
-	gen_require(`
-		type varnishd_t, varnishd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, varnishd_exec_t, varnishd_t)
-')
-
-#######################################
-## <summary>
-##	Execute varnishd
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`varnishd_exec',`
-	gen_require(`
-		type varnishd_exec_t;
-	')
-
-	can_exec($1, varnishd_exec_t)
-')
-
-######################################
-## <summary>
-##	Read varnishd configuration file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`varnishd_read_config',`
-	gen_require(`
-		type varnishd_etc_t;
-	')
-
-	files_search_etc($1)
-	read_files_pattern($1, varnishd_etc_t, varnishd_etc_t)
-')
-
-#####################################
-## <summary>
-##	Read varnish lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`varnishd_read_lib_files',`
-	gen_require(`
-		type varnishd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, varnishd_var_lib_t, varnishd_var_lib_t)
-')
-
-#######################################
-## <summary>
-##	Read varnish logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`varnishd_read_log',`
-	gen_require(`
-		type varnishlog_log_t;
-	')
-
-	logging_search_logs($1)
-	read_files_pattern($1, varnishlog_log_t, varnishlog_log_t)
-')
-
-######################################
-## <summary>
-##	Append varnish logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`varnishd_append_log',`
-	gen_require(`
-		type varnishlog_log_t;
-	')
-
-	logging_search_logs($1)
-	append_files_pattern($1, varnishlog_log_t, varnishlog_log_t)
-')
-
-#####################################
-## <summary>
-##	Manage varnish logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`varnishd_manage_log',`
-	gen_require(`
-		type varnishlog_log_t;
-	')
-
-	logging_search_logs($1)
-	manage_files_pattern($1, varnishlog_log_t, varnishlog_log_t)
-')
-
-######################################
-## <summary>
-##	All of the rules required to administrate 
-##	an varnishlog environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the varnishlog domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`varnishd_admin_varnishlog',`
-	gen_require(`
-		type varnishlog_t, varnishlog_initrc_exec_t, varnishlog_log_t;
-		type varnishlog_var_run_t;
-	')
-
-	allow $1 varnishlog_t:process { ptrace signal_perms };
-	ps_process_pattern($1, varnishlog_t)
-
-	init_labeled_script_domtrans($1, varnishlog_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 varnishlog_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_pids($1)
-	admin_pattern($1, varnishlog_var_run_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, varnishlog_log_t)
-')
-
-#######################################
-## <summary>
-##	All of the rules required to administrate 
-##	an varnishd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the varnishd domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`varnishd_admin',`
-	gen_require(`
-		type varnishd_t, varnishd_var_lib_t, varnishd_etc_t;
-		type varnishd_var_run_t, varnishd_tmp_t;
-		type varnishd_initrc_exec_t;
-	')
-
-	allow $1 varnishd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, varnishd_t)
-
-	init_labeled_script_domtrans($1, varnishd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 varnishd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_var_lib($1)
-	admin_pattern($1, varnishd_var_lib_t)
-
-	files_list_etc($1)
-	admin_pattern($1, varnishd_etc_t)
-
-	files_list_pids($1)
-	admin_pattern($1, varnishd_var_run_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, varnishd_tmp_t)
-')
diff --git a/policy/modules/services/varnishd.te b/policy/modules/services/varnishd.te
deleted file mode 100644
index c6bf70e..0000000
--- a/policy/modules/services/varnishd.te
+++ /dev/null
@@ -1,118 +0,0 @@
-policy_module(varnishd, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow varnishd to connect to all ports,
-##	not just HTTP.
-##	</p>
-## </desc>
-gen_tunable(varnishd_connect_any, false)
-
-type varnishd_t;
-type varnishd_exec_t;
-init_daemon_domain(varnishd_t, varnishd_exec_t)
-
-type varnishd_initrc_exec_t;
-init_script_file(varnishd_initrc_exec_t)
-
-type varnishd_etc_t;
-files_type(varnishd_etc_t)
-
-type varnishd_tmp_t;
-files_tmp_file(varnishd_tmp_t)
-
-type varnishd_var_lib_t;
-files_type(varnishd_var_lib_t)
-
-type varnishd_var_run_t;
-files_pid_file(varnishd_var_run_t)
-
-type varnishlog_t;
-type varnishlog_exec_t;
-init_daemon_domain(varnishlog_t, varnishlog_exec_t)
-
-type varnishlog_initrc_exec_t;
-init_script_file(varnishlog_initrc_exec_t)
-
-type varnishlog_var_run_t;
-files_pid_file(varnishlog_var_run_t)
-
-type varnishlog_log_t;
-files_type(varnishlog_log_t)
-
-########################################
-#
-# varnishd local policy
-#
-
-allow varnishd_t self:capability { kill dac_override ipc_lock setuid setgid };
-dontaudit varnishd_t self:capability sys_tty_config;
-allow varnishd_t self:process signal;
-allow varnishd_t self:fifo_file rw_fifo_file_perms;
-allow varnishd_t self:tcp_socket create_stream_socket_perms;
-allow varnishd_t self:udp_socket create_socket_perms;
-
-read_files_pattern(varnishd_t, varnishd_etc_t, varnishd_etc_t)
-list_dirs_pattern(varnishd_t, varnishd_etc_t, varnishd_etc_t)
-
-manage_dirs_pattern(varnishd_t, varnishd_tmp_t, varnishd_tmp_t)
-manage_files_pattern(varnishd_t, varnishd_tmp_t, varnishd_tmp_t)
-files_tmp_filetrans(varnishd_t, varnishd_tmp_t, { file dir })
-
-exec_files_pattern(varnishd_t, varnishd_var_lib_t, varnishd_var_lib_t)
-manage_dirs_pattern(varnishd_t, varnishd_var_lib_t, varnishd_var_lib_t)
-manage_files_pattern(varnishd_t, varnishd_var_lib_t, varnishd_var_lib_t)
-files_var_lib_filetrans(varnishd_t, varnishd_var_lib_t, { dir file })
-
-manage_files_pattern(varnishd_t, varnishd_var_run_t, varnishd_var_run_t)
-files_pid_filetrans(varnishd_t, varnishd_var_run_t, file)
-
-kernel_read_system_state(varnishd_t)
-
-corecmd_exec_bin(varnishd_t)
-corecmd_exec_shell(varnishd_t)
-
-corenet_tcp_sendrecv_generic_if(varnishd_t)
-corenet_tcp_bind_generic_node(varnishd_t)
-corenet_tcp_bind_http_port(varnishd_t)
-corenet_tcp_bind_http_cache_port(varnishd_t)
-corenet_tcp_bind_varnishd_port(varnishd_t)
-corenet_tcp_connect_http_cache_port(varnishd_t)
-corenet_tcp_connect_http_port(varnishd_t)
-
-dev_read_urand(varnishd_t)
-
-fs_getattr_all_fs(varnishd_t)
-
-auth_use_nsswitch(varnishd_t)
-
-logging_send_syslog_msg(varnishd_t)
-
-miscfiles_read_localization(varnishd_t)
-
-sysnet_read_config(varnishd_t)
-
-tunable_policy(`varnishd_connect_any',`
-	corenet_tcp_connect_all_ports(varnishd_t)
-	corenet_tcp_bind_all_ports(varnishd_t)
-')
-
-#######################################
-#
-# varnishlog local policy
-#
-
-manage_files_pattern(varnishlog_t, varnishlog_var_run_t, varnishlog_var_run_t)
-files_pid_filetrans(varnishlog_t, varnishlog_var_run_t, file)
-
-manage_dirs_pattern(varnishlog_t, varnishlog_log_t, varnishlog_log_t)
-manage_files_pattern(varnishlog_t, varnishlog_log_t, varnishlog_log_t)
-logging_log_filetrans(varnishlog_t, varnishlog_log_t, { file dir })
-
-files_search_var_lib(varnishlog_t)
-read_files_pattern(varnishlog_t, varnishd_var_lib_t, varnishd_var_lib_t)
diff --git a/policy/modules/services/vhostmd.fc b/policy/modules/services/vhostmd.fc
deleted file mode 100644
index c1fb329..0000000
--- a/policy/modules/services/vhostmd.fc
+++ /dev/null
@@ -1,5 +0,0 @@
-/etc/rc.d/init.d/vhostmd	--	gen_context(system_u:object_r:vhostmd_initrc_exec_t,s0)
-
-/usr/sbin/vhostmd		--	gen_context(system_u:object_r:vhostmd_exec_t,s0)
-
-/var/run/vhostmd.pid		--	gen_context(system_u:object_r:vhostmd_var_run_t,s0)
diff --git a/policy/modules/services/vhostmd.if b/policy/modules/services/vhostmd.if
deleted file mode 100644
index da605ba..0000000
--- a/policy/modules/services/vhostmd.if
+++ /dev/null
@@ -1,224 +0,0 @@
-## <summary>Virtual host metrics daemon</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run vhostmd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`vhostmd_domtrans',`
-	gen_require(`
-		type vhostmd_t, vhostmd_exec_t;
-	')
-
-	domtrans_pattern($1, vhostmd_exec_t, vhostmd_t)
-')
-
-########################################
-## <summary>
-##	Execute vhostmd server in the vhostmd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`vhostmd_initrc_domtrans',`
-	gen_require(`
-		type vhostmd_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, vhostmd_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Allow domain to read, vhostmd tmpfs files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vhostmd_read_tmpfs_files',`
-	gen_require(`
-		type vhostmd_tmpfs_t;
-	')
-
-	allow $1 vhostmd_tmpfs_t:file read_file_perms;
-	fs_search_tmpfs($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read,
-##	vhostmd tmpfs files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`vhostmd_dontaudit_read_tmpfs_files',`
-	gen_require(`
-		type vhostmd_tmpfs_t;
-	')
-
-	dontaudit $1 vhostmd_tmpfs_t:file read_file_perms;
-')
-
-#######################################
-## <summary>
-##	Allow domain to read and write vhostmd tmpfs files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vhostmd_rw_tmpfs_files',`
-	gen_require(`
-		type vhostmd_tmpfs_t;
-	')
-
-	rw_files_pattern($1, vhostmd_tmpfs_t, vhostmd_tmpfs_t)
-	fs_search_tmpfs($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete vhostmd tmpfs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vhostmd_manage_tmpfs_files',`
-	gen_require(`
-		type vhostmd_tmpfs_t;
-	')
-
-	manage_files_pattern($1, vhostmd_tmpfs_t, vhostmd_tmpfs_t)
-	fs_search_tmpfs($1)
-')
-
-########################################
-## <summary>
-##	Read vhostmd PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vhostmd_read_pid_files',`
-	gen_require(`
-		type vhostmd_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 vhostmd_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Manage vhostmd var_run files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vhostmd_manage_pid_files',`
-	gen_require(`
-		type vhostmd_var_run_t;
-	')
-
-	files_search_pids($1)
-	manage_files_pattern($1, vhostmd_var_run_t, vhostmd_var_run_t)
-')
-
-########################################
-## <summary>
-##	Connect to vhostmd over an unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vhostmd_stream_connect',`
-	gen_require(`
-		type vhostmd_t, vhostmd_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, vhostmd_var_run_t, vhostmd_var_run_t, vhostmd_t)
-')
-
-#######################################
-## <summary>
-##	Dontaudit read and write to vhostmd
-##	over an unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`vhostmd_dontaudit_rw_stream_connect',`
-	gen_require(`
-		type vhostmd_t;
-	')
-
-	dontaudit $1 vhostmd_t:unix_stream_socket { read write };
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an vhostmd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`vhostmd_admin',`
-	gen_require(`
-		type vhostmd_t, vhostmd_initrc_exec_t;
-	')
-
-	allow $1 vhostmd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, vhostmd_t)
-
-	vhostmd_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 vhostmd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	vhostmd_manage_tmpfs_files($1)
-
-	vhostmd_manage_pid_files($1)
-')
diff --git a/policy/modules/services/vhostmd.te b/policy/modules/services/vhostmd.te
deleted file mode 100644
index 7baeb6f..0000000
--- a/policy/modules/services/vhostmd.te
+++ /dev/null
@@ -1,79 +0,0 @@
-policy_module(vhostmd, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type vhostmd_t;
-type vhostmd_exec_t;
-init_daemon_domain(vhostmd_t, vhostmd_exec_t)
-
-type vhostmd_initrc_exec_t;
-init_script_file(vhostmd_initrc_exec_t)
-
-type vhostmd_tmpfs_t;
-files_tmpfs_file(vhostmd_tmpfs_t)
-
-type vhostmd_var_run_t;
-files_pid_file(vhostmd_var_run_t)
-
-########################################
-#
-# vhostmd local policy
-#
-
-allow vhostmd_t self:capability { dac_override ipc_lock	setuid setgid };
-allow vhostmd_t self:process { setsched getsched };
-allow vhostmd_t self:fifo_file rw_fifo_file_perms;
-
-manage_dirs_pattern(vhostmd_t, vhostmd_tmpfs_t, vhostmd_tmpfs_t)
-manage_files_pattern(vhostmd_t, vhostmd_tmpfs_t, vhostmd_tmpfs_t)
-fs_tmpfs_filetrans(vhostmd_t, vhostmd_tmpfs_t, { file dir })
-
-manage_dirs_pattern(vhostmd_t, vhostmd_var_run_t, vhostmd_var_run_t)
-manage_files_pattern(vhostmd_t, vhostmd_var_run_t, vhostmd_var_run_t)
-files_pid_filetrans(vhostmd_t, vhostmd_var_run_t, { file dir })
-
-kernel_read_system_state(vhostmd_t)
-kernel_read_network_state(vhostmd_t)
-kernel_write_xen_state(vhostmd_t)
-
-corecmd_exec_bin(vhostmd_t)
-corecmd_exec_shell(vhostmd_t)
-
-corenet_tcp_connect_soundd_port(vhostmd_t)
-
-# 579803
-files_list_tmp(vhostmd_t)
-files_read_etc_files(vhostmd_t)
-files_read_usr_files(vhostmd_t)
-
-dev_read_sysfs(vhostmd_t)
-
-auth_use_nsswitch(vhostmd_t)
-
-logging_send_syslog_msg(vhostmd_t)
-
-miscfiles_read_localization(vhostmd_t)
-
-optional_policy(`
-	hostname_exec(vhostmd_t)
-')
-
-optional_policy(`
-	rpm_exec(vhostmd_t)
-	rpm_read_db(vhostmd_t)
-')
-
-optional_policy(`
-	virt_stream_connect(vhostmd_t)
-	virt_write_content(vhostmd_t)
-')
-
-optional_policy(`
-	xen_domtrans_xm(vhostmd_t)
-	xen_stream_connect(vhostmd_t)
-	xen_stream_connect_xenstore(vhostmd_t)
-	xen_stream_connect_xm(vhostmd_t)
-')
diff --git a/policy/modules/services/virt.fc b/policy/modules/services/virt.fc
deleted file mode 100644
index be4b00f..0000000
--- a/policy/modules/services/virt.fc
+++ /dev/null
@@ -1,32 +0,0 @@
-HOME_DIR/.libvirt(/.*)? 	gen_context(system_u:object_r:virt_content_t,s0)
-HOME_DIR/.virtinst(/.*)? 	gen_context(system_u:object_r:virt_content_t,s0)
-HOME_DIR/VirtualMachines(/.*)? 	gen_context(system_u:object_r:virt_image_t,s0)
-HOME_DIR/VirtualMachines/isos(/.*)? gen_context(system_u:object_r:virt_content_t,s0)
-
-/etc/libvirt		-d	gen_context(system_u:object_r:virt_etc_t,s0)
-/etc/libvirt/[^/]*	--	gen_context(system_u:object_r:virt_etc_t,s0)
-/etc/libvirt/[^/]*	-d	gen_context(system_u:object_r:virt_etc_rw_t,s0)
-/etc/libvirt/.*/.*		gen_context(system_u:object_r:virt_etc_rw_t,s0)
-/etc/rc\.d/init\.d/libvirtd --	gen_context(system_u:object_r:virtd_initrc_exec_t,s0)
-/etc/xen		-d	gen_context(system_u:object_r:virt_etc_t,s0)
-/etc/xen/[^/]*		--	gen_context(system_u:object_r:virt_etc_t,s0)
-/etc/xen/[^/]*		-d	gen_context(system_u:object_r:virt_etc_rw_t,s0)
-/etc/xen/.*/.*			gen_context(system_u:object_r:virt_etc_rw_t,s0)
-
-/usr/sbin/libvirtd	--	gen_context(system_u:object_r:virtd_exec_t,s0)
-/usr/bin/virsh		--	gen_context(system_u:object_r:virsh_exec_t,s0)
-/usr/sbin/condor_vm-gahp	--	gen_context(system_u:object_r:virtd_exec_t,s0)
-
-/var/cache/libvirt(/.*)?	gen_context(system_u:object_r:virt_cache_t,s0-mls_systemhigh)
-
-/var/lib/libvirt(/.*)?		gen_context(system_u:object_r:virt_var_lib_t,s0)
-/var/lib/libvirt/boot(/.*)? 	gen_context(system_u:object_r:virt_content_t,s0)
-/var/lib/libvirt/images(/.*)? 	gen_context(system_u:object_r:virt_image_t,s0)
-/var/lib/libvirt/isos(/.*)? 	gen_context(system_u:object_r:virt_content_t,s0)
-/var/lib/libvirt/qemu(/.*)? 	gen_context(system_u:object_r:qemu_var_run_t,s0-mls_systemhigh)
-
-/var/log/libvirt(/.*)?		gen_context(system_u:object_r:virt_log_t,s0)
-/var/run/libvirt(/.*)?		gen_context(system_u:object_r:virt_var_run_t,s0)
-/var/run/libvirt/qemu(/.*)? 	gen_context(system_u:object_r:qemu_var_run_t,s0-mls_systemhigh)
-
-/var/vdsm(/.*)?			gen_context(system_u:object_r:virt_var_run_t,s0)
diff --git a/policy/modules/services/virt.if b/policy/modules/services/virt.if
deleted file mode 100644
index dbdc0e0..0000000
--- a/policy/modules/services/virt.if
+++ /dev/null
@@ -1,610 +0,0 @@
-## <summary>Libvirt virtualization API</summary>
-
-########################################
-## <summary>
-##	Creates types and rules for a basic
-##	qemu process domain.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Prefix for the domain.
-##	</summary>
-## </param>
-#
-template(`virt_domain_template',`
-	gen_require(`
-		type virtd_t;
-		attribute virt_image_type, virt_domain;
-	')
-
-	type $1_t, virt_domain;
-	domain_type($1_t)
-	domain_user_exemption_target($1_t)
-	mls_rangetrans_target($1_t)
-	mcs_untrusted_proc($1_t)
-	role system_r types $1_t;
-
-	type $1_devpts_t;
-	term_pty($1_devpts_t)
-
-	type $1_tmp_t;
-	files_tmp_file($1_tmp_t)
-
-	type $1_tmpfs_t;
-	files_tmpfs_file($1_tmpfs_t)
-
-	type $1_image_t, virt_image_type;
-	files_type($1_image_t)
-	dev_node($1_image_t)
-	dev_associate_sysfs($1_image_t)
-
-	allow $1_t $1_devpts_t:chr_file { rw_chr_file_perms setattr_chr_file_perms };
-	term_create_pty($1_t, $1_devpts_t)
-
-	manage_dirs_pattern($1_t, $1_image_t, $1_image_t)
-	manage_files_pattern($1_t, $1_image_t, $1_image_t)
-	manage_fifo_files_pattern($1_t, $1_image_t, $1_image_t)
-	read_lnk_files_pattern($1_t, $1_image_t, $1_image_t)
-	rw_chr_files_pattern($1_t, $1_image_t, $1_image_t)
-	rw_blk_files_pattern($1_t, $1_image_t, $1_image_t)
-	fs_hugetlbfs_filetrans($1_t, $1_image_t, file)
-
-	manage_dirs_pattern($1_t, $1_tmp_t, $1_tmp_t)
-	manage_files_pattern($1_t, $1_tmp_t, $1_tmp_t)
-	manage_lnk_files_pattern($1_t, $1_tmp_t, $1_tmp_t)
-	files_tmp_filetrans($1_t, $1_tmp_t, { file dir })
-
-	manage_dirs_pattern($1_t, $1_tmpfs_t, $1_tmpfs_t)
-	manage_files_pattern($1_t, $1_tmpfs_t, $1_tmpfs_t)
-	manage_lnk_files_pattern($1_t, $1_tmpfs_t, $1_tmpfs_t)
-	fs_tmpfs_filetrans($1_t, $1_tmpfs_t, { dir file lnk_file })
-
-	optional_policy(`
-		xserver_rw_shm($1_t)
-	')
-')
-
-########################################
-## <summary>
-##	Make the specified type usable as a virt image
-## </summary>
-## <param name="type">
-##	<summary>
-##	Type to be used as a virtual image
-##	</summary>
-## </param>
-#
-interface(`virt_image',`
-	gen_require(`
-		attribute virt_image_type;
-	')
-
-	typeattribute $1 virt_image_type;
-	files_type($1)
-
-	# virt images can be assigned to blk devices
-	dev_node($1)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run virt.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`virt_domtrans',`
-	gen_require(`
-		type virtd_t, virtd_exec_t;
-	')
-
-	domtrans_pattern($1, virtd_exec_t, virtd_t)
-')
-
-#######################################
-## <summary>
-##	Connect to virt over an unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`virt_stream_connect',`
-	gen_require(`
-		type virtd_t, virt_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, virt_var_run_t, virt_var_run_t, virtd_t)
-')
-
-########################################
-## <summary>
-##	Allow domain to attach to virt TUN devices
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`virt_attach_tun_iface',`
-	gen_require(`
-		type virtd_t;
-	')
-
-	allow $1 virtd_t:tun_socket relabelfrom;
-	allow $1 self:tun_socket relabelto;
-')
-
-########################################
-## <summary>
-##	Read virt config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`virt_read_config',`
-	gen_require(`
-		type virt_etc_t, virt_etc_rw_t;
-	')
-
-	files_search_etc($1)
-	read_files_pattern($1, virt_etc_t, virt_etc_t)
-	read_files_pattern($1, virt_etc_rw_t, virt_etc_rw_t)
-	read_lnk_files_pattern($1, virt_etc_rw_t, virt_etc_rw_t)
-')
-
-########################################
-## <summary>
-##	manage virt config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`virt_manage_config',`
-	gen_require(`
-		type virt_etc_t, virt_etc_rw_t;
-	')
-
-	files_search_etc($1)
-	manage_files_pattern($1, virt_etc_t, virt_etc_t)
-	manage_files_pattern($1, virt_etc_rw_t, virt_etc_rw_t)
-	manage_lnk_files_pattern($1, virt_etc_rw_t, virt_etc_rw_t)
-')
-
-########################################
-## <summary>
-##	Allow domain to manage virt image files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`virt_read_content',`
-	gen_require(`
-		type virt_content_t;
-	')
-
-	virt_search_lib($1)
-	allow $1 virt_content_t:dir list_dir_perms;
-	list_dirs_pattern($1, virt_content_t, virt_content_t)
-	read_files_pattern($1, virt_content_t, virt_content_t)
-	read_lnk_files_pattern($1, virt_content_t, virt_content_t)
-	read_blk_files_pattern($1, virt_content_t, virt_content_t)
-
-	tunable_policy(`virt_use_nfs',`
-		fs_list_nfs($1)
-		fs_read_nfs_files($1)
-		fs_read_nfs_symlinks($1)
-	')
-
-	tunable_policy(`virt_use_samba',`
-		fs_list_cifs($1)
-		fs_read_cifs_files($1)
-		fs_read_cifs_symlinks($1)
-	')
-')
-
-########################################
-## <summary>
-##	Allow domain to write virt image files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`virt_write_content',`
-	gen_require(`
-		type virt_content_t;
-	')
-
-	allow $1 virt_content_t:file write_file_perms;
-')
-
-########################################
-## <summary>
-##	Read virt PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`virt_read_pid_files',`
-	gen_require(`
-		type virt_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, virt_var_run_t, virt_var_run_t)
-')
-
-########################################
-## <summary>
-##	Manage virt pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`virt_manage_pid_files',`
-	gen_require(`
-		type virt_var_run_t;
-	')
-
-	files_search_pids($1)
-	manage_files_pattern($1, virt_var_run_t, virt_var_run_t)
-')
-
-########################################
-## <summary>
-##	Search virt lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`virt_search_lib',`
-	gen_require(`
-		type virt_var_lib_t;
-	')
-
-	allow $1 virt_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Read virt lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`virt_read_lib_files',`
-	gen_require(`
-		type virt_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, virt_var_lib_t, virt_var_lib_t)
-	read_lnk_files_pattern($1, virt_var_lib_t, virt_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Dontaudit inherited read virt lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`virt_dontaudit_read_lib_files',`
-	gen_require(`
-		type virt_var_lib_t;
-	')
-
-	dontaudit $1 virt_var_lib_t:file read_inherited_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	virt lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`virt_manage_lib_files',`
-	gen_require(`
-		type virt_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, virt_var_lib_t, virt_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read virt's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`virt_read_log',`
-	gen_require(`
-		type virt_log_t;
-	')
-
-	logging_search_logs($1)
-	read_files_pattern($1, virt_log_t, virt_log_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to append
-##	virt log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`virt_append_log',`
-	gen_require(`
-		type virt_log_t;
-	')
-
-	logging_search_logs($1)
-	append_files_pattern($1, virt_log_t, virt_log_t)
-')
-
-########################################
-## <summary>
-##	Allow domain to manage virt log files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`virt_manage_log',`
-	gen_require(`
-		type virt_log_t;
-	')
-
-	manage_dirs_pattern($1, virt_log_t, virt_log_t)
-	manage_files_pattern($1, virt_log_t, virt_log_t)
-	manage_lnk_files_pattern($1, virt_log_t, virt_log_t)
-')
-
-########################################
-## <summary>
-##	Allow domain to read virt image files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`virt_read_images',`
-	gen_require(`
-		type virt_var_lib_t;
-		attribute virt_image_type;
-	')
-
-	virt_search_lib($1)
-	allow $1 virt_image_type:dir list_dir_perms;
-	list_dirs_pattern($1, virt_image_type, virt_image_type)
-	read_files_pattern($1, virt_image_type, virt_image_type)
-	read_lnk_files_pattern($1, virt_image_type, virt_image_type)
-	read_blk_files_pattern($1, virt_image_type, virt_image_type)
-
-	tunable_policy(`virt_use_nfs',`
-		fs_list_nfs($1)
-		fs_read_nfs_files($1)
-		fs_read_nfs_symlinks($1)
-	')
-
-	tunable_policy(`virt_use_samba',`
-		fs_list_cifs($1)
-		fs_read_cifs_files($1)
-		fs_read_cifs_symlinks($1)
-	')
-')
-
-########################################
-## <summary>
-##	Allow domain to read virt blk image files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`virt_read_blk_images',`
-	gen_require(`
-		attribute virt_image_type;
-	')
-
-	read_blk_files_pattern($1, virt_image_type, virt_image_type)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	svirt cache files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`virt_manage_cache',`
-	gen_require(`
-		type virt_cache_t;
-	')
-
-	files_search_var($1)
-	manage_dirs_pattern($1, virt_cache_t, virt_cache_t)
-	manage_files_pattern($1, virt_cache_t, virt_cache_t)
-	manage_lnk_files_pattern($1, virt_cache_t, virt_cache_t)
-')
-
-########################################
-## <summary>
-##	Allow domain to manage virt image files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`virt_manage_images',`
-	gen_require(`
-		type virt_var_lib_t;
-		attribute virt_image_type;
-	')
-
-	virt_search_lib($1)
-	allow $1 virt_image_type:dir list_dir_perms;
-	manage_dirs_pattern($1, virt_image_type, virt_image_type)
-	manage_files_pattern($1, virt_image_type, virt_image_type)
-	read_lnk_files_pattern($1, virt_image_type, virt_image_type)
-	rw_blk_files_pattern($1, virt_image_type, virt_image_type)
-
-	tunable_policy(`virt_use_nfs',`
-		fs_manage_nfs_dirs($1)
-		fs_manage_nfs_files($1)
-		fs_read_nfs_symlinks($1)
-	')
-
-	tunable_policy(`virt_use_samba',`
-		fs_manage_cifs_files($1)
-		fs_manage_cifs_files($1)
-		fs_read_cifs_symlinks($1)
-	')
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an virt environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`virt_admin',`
-	gen_require(`
-		type virtd_t, virtd_initrc_exec_t;
-	')
-
-	allow $1 virtd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, virtd_t)
-
-	init_labeled_script_domtrans($1, virtd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 virtd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	virt_manage_pid_files($1)
-
-	virt_manage_lib_files($1)
-
-	virt_manage_log($1)
-')
-
-########################################
-## <summary>
-##	Execute qemu in the svirt domain, and
-##	allow the specified role the svirt domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed the sandbox domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`virt_transition_svirt',`
-	gen_require(`
-		type svirt_t;
-	')
-
-	allow $1 svirt_t:process transition;
-	role $2 types svirt_t;
-
-	optional_policy(`
-		ptchown_run(svirt_t, $2)
-	')
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write virt daemon unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`virt_dontaudit_write_pipes',`
-	gen_require(`
-		type virtd_t;
-	')
-
-	dontaudit $1 virtd_t:fifo_file write_fifo_file_perms;
-')
diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te
deleted file mode 100644
index 62e349a..0000000
--- a/policy/modules/services/virt.te
+++ /dev/null
@@ -1,671 +0,0 @@
-policy_module(virt, 1.4.0)
-
-########################################
-#
-# Declarations
-#
-
-attribute virsh_transition_domain;
-
-## <desc>
-##	<p>
-##	Allow virt to use serial/parallell communication ports
-##	</p>
-## </desc>
-gen_tunable(virt_use_comm, false)
-
-## <desc>
-##	<p>
-##	Allow virt to read fuse files
-##	</p>
-## </desc>
-gen_tunable(virt_use_fusefs, false)
-
-## <desc>
-##	<p>
-##	Allow virt to manage nfs files
-##	</p>
-## </desc>
-gen_tunable(virt_use_nfs, false)
-
-## <desc>
-##	<p>
-##	Allow virt to manage cifs files
-##	</p>
-## </desc>
-gen_tunable(virt_use_samba, false)
-
-## <desc>
-##	<p>
-##	Allow virt to manage device configuration, (pci)
-##	</p>
-## </desc>
-gen_tunable(virt_use_sysfs, false)
-
-## <desc>
-##	<p>
-##	Allow virtual machine to interact with the xserver
-##	</p>
-## </desc>
-gen_tunable(virt_use_xserver, false)
-
-## <desc>
-##	<p>
-##	Allow virt to use usb devices
-##	</p>
-## </desc>
-gen_tunable(virt_use_usb, true)
-
-virt_domain_template(svirt)
-role system_r types svirt_t;
-
-attribute virt_domain;
-attribute virt_image_type;
-
-type virt_cache_t alias svirt_cache_t;
-files_type(virt_cache_t)
-
-type virt_etc_t;
-files_config_file(virt_etc_t)
-
-type virt_etc_rw_t;
-files_type(virt_etc_rw_t)
-
-# virt Image files
-type virt_image_t; # customizable
-virt_image(virt_image_t)
-files_mountpoint(virt_image_t)
-
-# virt Image files
-type virt_content_t; # customizable
-virt_image(virt_content_t)
-userdom_user_home_content(virt_content_t)
-
-type virt_tmp_t;
-files_tmp_file(virt_tmp_t)
-
-type virt_log_t;
-logging_log_file(virt_log_t)
-mls_trusted_object(virt_log_t)
-
-type virt_var_run_t;
-files_pid_file(virt_var_run_t)
-
-type virt_var_lib_t;
-files_mountpoint(virt_var_lib_t)
-
-type virtd_t;
-type virtd_exec_t;
-init_daemon_domain(virtd_t, virtd_exec_t)
-domain_obj_id_change_exemption(virtd_t)
-domain_subj_id_change_exemption(virtd_t)
-
-type virtd_initrc_exec_t;
-init_script_file(virtd_initrc_exec_t)
-
-type qemu_var_run_t;
-typealias qemu_var_run_t alias svirt_var_run_t;
-files_pid_file(qemu_var_run_t)
-mls_trusted_object(qemu_var_run_t)
-
-ifdef(`enable_mcs',`
-	init_ranged_daemon_domain(virtd_t, virtd_exec_t, s0 - mcs_systemhigh)
-')
-
-ifdef(`enable_mls',`
-	init_ranged_daemon_domain(virtd_t, virtd_exec_t, s0 - mls_systemhigh)
-')
-
-########################################
-#
-# svirt local policy
-#
-
-allow svirt_t self:udp_socket create_socket_perms;
-
-read_lnk_files_pattern(svirt_t, virt_image_t, virt_image_t)
-
-allow svirt_t svirt_image_t:dir search_dir_perms;
-manage_dirs_pattern(svirt_t, svirt_image_t, svirt_image_t)
-manage_files_pattern(svirt_t, svirt_image_t, svirt_image_t)
-manage_fifo_files_pattern(svirt_t, svirt_image_t, svirt_image_t)
-fs_hugetlbfs_filetrans(svirt_t, svirt_image_t, file)
-
-list_dirs_pattern(svirt_t, virt_content_t, virt_content_t)
-read_files_pattern(svirt_t, virt_content_t, virt_content_t)
-dontaudit svirt_t virt_content_t:file write_file_perms;
-dontaudit svirt_t virt_content_t:dir write;
-
-corenet_udp_sendrecv_generic_if(svirt_t)
-corenet_udp_sendrecv_generic_node(svirt_t)
-corenet_udp_sendrecv_all_ports(svirt_t)
-corenet_udp_bind_generic_node(svirt_t)
-corenet_udp_bind_all_ports(svirt_t)
-corenet_tcp_bind_all_ports(svirt_t)
-corenet_tcp_connect_all_ports(svirt_t)
-
-dev_list_sysfs(svirt_t)
-
-userdom_search_user_home_content(svirt_t)
-userdom_read_user_home_content_symlinks(svirt_t)
-userdom_read_all_users_state(svirt_t)
-
-tunable_policy(`virt_use_comm',`
-	term_use_unallocated_ttys(svirt_t)
-	dev_rw_printer(svirt_t)
-')
-
-tunable_policy(`virt_use_fusefs',`
-	fs_read_fusefs_files(svirt_t)
-	fs_read_fusefs_symlinks(svirt_t)
-')
-
-tunable_policy(`virt_use_nfs',`
-	fs_manage_nfs_dirs(svirt_t)
-	fs_manage_nfs_files(svirt_t)
-	fs_manage_nfs_named_sockets(svirt_t)
-	fs_read_nfs_symlinks(svirt_t)
-')
-
-tunable_policy(`virt_use_samba',`
-	fs_manage_cifs_dirs(svirt_t)
-	fs_manage_cifs_files(svirt_t)
-	fs_manage_cifs_named_sockets(svirt_t)
-	fs_read_cifs_symlinks(virtd_t)
-')
-
-tunable_policy(`virt_use_sysfs',`
-	dev_rw_sysfs(svirt_t)
-')
-
-tunable_policy(`virt_use_usb',`
-	dev_rw_usbfs(svirt_t)
-	dev_read_sysfs(svirt_t)
-	fs_manage_dos_dirs(svirt_t)
-	fs_manage_dos_files(svirt_t)
-')
-
-optional_policy(`
-	tunable_policy(`virt_use_xserver',`
-		xserver_stream_connect(svirt_t)
-	')
-')
-
-optional_policy(`
-	xen_rw_image_files(svirt_t)
-')
-
-optional_policy(`
-	xen_rw_image_files(svirt_t)
-')
-
-########################################
-#
-# virtd local policy
-#
-
-allow virtd_t self:capability { chown dac_override fowner ipc_lock kill mknod net_admin net_raw setpcap setuid setgid sys_admin sys_nice sys_ptrace };
-allow virtd_t self:process { getcap getsched setcap sigkill signal signull execmem setexec setfscreate setsockcreate setsched };
-allow virtd_t self:fifo_file rw_fifo_file_perms;
-allow virtd_t self:unix_stream_socket create_stream_socket_perms;
-allow virtd_t self:tcp_socket create_stream_socket_perms;
-allow virtd_t self:tun_socket create_socket_perms;
-allow virtd_t self:rawip_socket create_socket_perms;
-allow virtd_t self:netlink_kobject_uevent_socket create_socket_perms;
-
-manage_dirs_pattern(virtd_t, virt_cache_t, virt_cache_t)
-manage_files_pattern(virtd_t, virt_cache_t, virt_cache_t)
-
-manage_dirs_pattern(virtd_t, virt_content_t, virt_content_t)
-manage_files_pattern(virtd_t, virt_content_t, virt_content_t)
-
-allow virtd_t virt_domain:process { getattr getsched setsched transition signal signull sigkill };
-
-allow virtd_t qemu_var_run_t:file relabel_file_perms;
-manage_dirs_pattern(virtd_t, qemu_var_run_t, qemu_var_run_t)
-manage_files_pattern(virtd_t, qemu_var_run_t, qemu_var_run_t)
-manage_sock_files_pattern(virtd_t, qemu_var_run_t, qemu_var_run_t)
-stream_connect_pattern(virtd_t, qemu_var_run_t, qemu_var_run_t, virt_domain)
-
-read_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
-read_lnk_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
-
-manage_dirs_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
-manage_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
-manage_lnk_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
-filetrans_pattern(virtd_t, virt_etc_t, virt_etc_rw_t, dir)
-
-manage_files_pattern(virtd_t, virt_image_type, virt_image_type)
-manage_blk_files_pattern(virtd_t, virt_image_type, virt_image_type)
-manage_lnk_files_pattern(virtd_t, virt_image_type, virt_image_type)
-allow virtd_t virt_image_type:file relabel_file_perms;
-allow virtd_t virt_image_type:blk_file relabel_blk_file_perms;
-
-manage_dirs_pattern(virtd_t, virt_tmp_t, virt_tmp_t)
-manage_files_pattern(virtd_t, virt_tmp_t, virt_tmp_t)
-files_tmp_filetrans(virtd_t, virt_tmp_t, { file dir })
-can_exec(virtd_t, virt_tmp_t)
-
-manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t)
-manage_files_pattern(virtd_t, virt_log_t, virt_log_t)
-logging_log_filetrans(virtd_t, virt_log_t, { file dir })
-
-manage_dirs_pattern(virtd_t, virt_var_lib_t, virt_var_lib_t)
-manage_files_pattern(virtd_t, virt_var_lib_t, virt_var_lib_t)
-manage_sock_files_pattern(virtd_t, virt_var_lib_t, virt_var_lib_t)
-files_var_lib_filetrans(virtd_t, virt_var_lib_t, { file dir })
-
-manage_dirs_pattern(virtd_t, virt_var_run_t, virt_var_run_t)
-manage_files_pattern(virtd_t, virt_var_run_t, virt_var_run_t)
-manage_sock_files_pattern(virtd_t, virt_var_run_t, virt_var_run_t)
-files_pid_filetrans(virtd_t, virt_var_run_t, { file dir })
-
-kernel_read_system_state(virtd_t)
-kernel_read_network_state(virtd_t)
-kernel_rw_net_sysctls(virtd_t)
-kernel_read_kernel_sysctls(virtd_t)
-kernel_request_load_module(virtd_t)
-kernel_search_debugfs(virtd_t)
-
-corecmd_exec_bin(virtd_t)
-corecmd_exec_shell(virtd_t)
-
-corenet_all_recvfrom_unlabeled(virtd_t)
-corenet_all_recvfrom_netlabel(virtd_t)
-corenet_tcp_sendrecv_generic_if(virtd_t)
-corenet_tcp_sendrecv_generic_node(virtd_t)
-corenet_tcp_sendrecv_all_ports(virtd_t)
-corenet_tcp_bind_generic_node(virtd_t)
-corenet_tcp_bind_virt_port(virtd_t)
-corenet_tcp_bind_vnc_port(virtd_t)
-corenet_tcp_connect_vnc_port(virtd_t)
-corenet_tcp_connect_soundd_port(virtd_t)
-corenet_rw_tun_tap_dev(virtd_t)
-
-dev_rw_sysfs(virtd_t)
-dev_read_rand(virtd_t)
-dev_rw_kvm(virtd_t)
-dev_getattr_all_chr_files(virtd_t)
-dev_rw_mtrr(virtd_t)
-dev_rw_vhost(virtd_t)
-
-# Init script handling
-domain_use_interactive_fds(virtd_t)
-domain_read_all_domains_state(virtd_t)
-domain_read_all_domains_state(virtd_t)
-
-files_read_usr_files(virtd_t)
-files_read_etc_files(virtd_t)
-files_read_usr_files(virtd_t)
-files_read_etc_runtime_files(virtd_t)
-files_search_all(virtd_t)
-files_read_kernel_modules(virtd_t)
-files_read_usr_src_files(virtd_t)
-files_relabelto_system_conf_files(virtd_t)
-files_relabelfrom_system_conf_files(virtd_t)
-
-# Manages /etc/sysconfig/system-config-firewall
-files_manage_system_conf_files(virtd_t)
-files_manage_system_conf_files(virtd_t)
-files_etc_filetrans_system_conf(virtd_t)
-
-fs_list_auto_mountpoints(virtd_t)
-fs_getattr_xattr_fs(virtd_t)
-fs_rw_anon_inodefs_files(virtd_t)
-fs_list_inotifyfs(virtd_t)
-fs_manage_cgroup_dirs(virtd_t)
-fs_rw_cgroup_files(virtd_t)
-fs_manage_hugetlbfs_dirs(virtd_t)
-fs_rw_hugetlbfs_files(virtd_t)
-
-mls_fd_share_all_levels(virtd_t)
-mls_file_read_to_clearance(virtd_t)
-mls_file_write_to_clearance(virtd_t)
-mls_process_read_to_clearance(virtd_t)
-mls_process_write_to_clearance(virtd_t)
-mls_net_write_within_range(virtd_t)
-mls_socket_write_to_clearance(virtd_t)
-mls_socket_read_to_clearance(virtd_t)
-mls_rangetrans_source(virtd_t)
-
-mcs_process_set_categories(virtd_t)
-
-storage_manage_fixed_disk(virtd_t)
-storage_relabel_fixed_disk(virtd_t)
-storage_raw_write_removable_device(virtd_t)
-storage_raw_read_removable_device(virtd_t)
-
-term_getattr_pty_fs(virtd_t)
-term_use_generic_ptys(virtd_t)
-term_use_ptmx(virtd_t)
-
-auth_use_nsswitch(virtd_t)
-
-miscfiles_read_localization(virtd_t)
-miscfiles_read_generic_certs(virtd_t)
-miscfiles_read_hwdata(virtd_t)
-
-modutils_read_module_deps(virtd_t)
-modutils_read_module_config(virtd_t)
-modutils_manage_module_config(virtd_t)
-
-logging_send_syslog_msg(virtd_t)
-logging_send_audit_msgs(virtd_t)
-
-selinux_validate_context(virtd_t)
-
-seutil_read_config(virtd_t)
-seutil_read_default_contexts(virtd_t)
-seutil_read_file_contexts(virtd_t)
-
-sysnet_domtrans_ifconfig(virtd_t)
-sysnet_read_config(virtd_t)
-
-userdom_list_admin_dir(virtd_t)
-userdom_getattr_all_users(virtd_t)
-userdom_list_user_home_content(virtd_t)
-userdom_read_all_users_state(virtd_t)
-userdom_read_user_home_content_files(virtd_t)
-userdom_relabel_user_home_files(virtd_t)
-userdom_setattr_user_home_content_files(virtd_t)
-
-consoletype_exec(virtd_t)
-
-tunable_policy(`virt_use_nfs',`
-	fs_manage_nfs_dirs(virtd_t)
-	fs_manage_nfs_files(virtd_t)
-	fs_read_nfs_symlinks(virtd_t)
-')
-
-tunable_policy(`virt_use_samba',`
-	fs_manage_nfs_files(virtd_t)
-	fs_manage_cifs_files(virtd_t)
-	fs_read_cifs_symlinks(virtd_t)
-')
-
-optional_policy(`
-	brctl_domtrans(virtd_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(virtd_t)
-
-	optional_policy(`
-		avahi_dbus_chat(virtd_t)
-	')
-
-	optional_policy(`
-		consolekit_dbus_chat(virtd_t)
-	')
-
-	optional_policy(`
-		hal_dbus_chat(virtd_t)
-	')
-')
-
-optional_policy(`
-	dnsmasq_domtrans(virtd_t)
-	dnsmasq_signal(virtd_t)
-	dnsmasq_kill(virtd_t)
-	dnsmasq_read_pid_files(virtd_t)
-	dnsmasq_signull(virtd_t)
-')
-
-optional_policy(`
-	iptables_domtrans(virtd_t)
-	iptables_initrc_domtrans(virtd_t)
-
-	# Manages /etc/sysconfig/system-config-firewall
-	iptables_manage_config(virtd_t)
-')
-
-optional_policy(`
-	kerberos_keytab_template(virtd, virtd_t)
-')
-
-optional_policy(`
-	lvm_domtrans(virtd_t)
-')
-
-optional_policy(`
-	policykit_dbus_chat(virtd_t)
-	policykit_domtrans_auth(virtd_t)
-	policykit_domtrans_resolve(virtd_t)
-	policykit_read_lib(virtd_t)
-')
-
-optional_policy(`
-	qemu_domtrans(virtd_t)
-	qemu_read_state(virtd_t)
-	qemu_signal(virtd_t)
-	qemu_kill(virtd_t)
-	qemu_setsched(virtd_t)
-	qemu_entry_type(virt_domain)
-	qemu_exec(virt_domain)
-')
-
-optional_policy(`
-	sasl_connect(virtd_t)
-')
-
-optional_policy(`
-	kernel_read_xen_state(virtd_t)
-	kernel_write_xen_state(virtd_t)
-
-	xen_stream_connect(virtd_t)
-	xen_stream_connect_xenstore(virtd_t)
-	xen_read_image_files(virtd_t)
-')
-
-optional_policy(`
-	udev_domtrans(virtd_t)
-	udev_read_db(virtd_t)
-')
-
-optional_policy(`
-	unconfined_domain(virtd_t)
-')
-
-########################################
-#
-# virtual domains common policy
-#
-
-allow virt_domain self:capability { dac_read_search dac_override kill };
-allow virt_domain self:process { execmem execstack signal getsched signull };
-allow virt_domain self:fifo_file rw_fifo_file_perms;
-allow virt_domain self:shm create_shm_perms;
-allow virt_domain self:unix_stream_socket create_stream_socket_perms;
-allow virt_domain self:unix_dgram_socket { create_socket_perms sendto };
-allow virt_domain self:tcp_socket create_stream_socket_perms;
-
-manage_dirs_pattern(virt_domain, virt_cache_t, virt_cache_t)
-manage_files_pattern(virt_domain, virt_cache_t, virt_cache_t)
-files_var_filetrans(virt_domain, virt_cache_t, { file dir })
-
-manage_dirs_pattern(virt_domain, qemu_var_run_t, qemu_var_run_t)
-manage_files_pattern(virt_domain, qemu_var_run_t, qemu_var_run_t)
-manage_sock_files_pattern(virt_domain, qemu_var_run_t, qemu_var_run_t)
-manage_lnk_files_pattern(virt_domain, qemu_var_run_t, qemu_var_run_t)
-files_pid_filetrans(virt_domain, qemu_var_run_t, { dir file })
-stream_connect_pattern(virt_domain, qemu_var_run_t, qemu_var_run_t, virtd_t)
-
-dontaudit virtd_t virt_domain:process  { siginh noatsecure rlimitinh };
-
-append_files_pattern(virt_domain, virt_log_t, virt_log_t)
-
-append_files_pattern(virt_domain, virt_var_lib_t, virt_var_lib_t)
-
-kernel_read_system_state(virt_domain)
-
-corecmd_exec_bin(virt_domain)
-corecmd_exec_shell(virt_domain)
-
-corenet_all_recvfrom_unlabeled(virt_domain)
-corenet_all_recvfrom_netlabel(virt_domain)
-corenet_tcp_sendrecv_generic_if(virt_domain)
-corenet_tcp_sendrecv_generic_node(virt_domain)
-corenet_tcp_sendrecv_all_ports(virt_domain)
-corenet_tcp_bind_generic_node(virt_domain)
-corenet_tcp_bind_vnc_port(virt_domain)
-corenet_rw_tun_tap_dev(virt_domain)
-corenet_tcp_bind_virt_migration_port(virt_domain)
-corenet_tcp_connect_virt_migration_port(virt_domain)
-
-dev_read_generic_symlinks(virt_domain)
-dev_read_rand(virt_domain)
-dev_read_sound(virt_domain)
-dev_read_urand(virt_domain)
-dev_write_sound(virt_domain)
-dev_rw_ksm(virt_domain)
-dev_rw_kvm(virt_domain)
-dev_rw_qemu(virt_domain)
-dev_rw_vhost(virt_domain)
-
-domain_use_interactive_fds(virt_domain)
-
-files_read_etc_files(virt_domain)
-files_read_mnt_symlinks(virt_domain)
-files_read_usr_files(virt_domain)
-files_read_var_files(virt_domain)
-files_search_all(virt_domain)
-
-fs_getattr_tmpfs(virt_domain)
-fs_rw_anon_inodefs_files(virt_domain)
-fs_rw_tmpfs_files(virt_domain)
-fs_getattr_hugetlbfs(virt_domain)
-
-# I think we need these for now.
-miscfiles_read_public_files(virt_domain)
-storage_raw_read_removable_device(virt_domain)
-
-term_use_all_terms(virt_domain)
-term_getattr_pty_fs(virt_domain)
-term_use_generic_ptys(virt_domain)
-term_use_ptmx(virt_domain)
-
-auth_use_nsswitch(virt_domain)
-
-logging_send_syslog_msg(virt_domain)
-
-miscfiles_read_localization(virt_domain)
-
-optional_policy(`
-	ptchown_domtrans(virt_domain)
-')
-
-optional_policy(`
-	pulseaudio_dontaudit_exec(virt_domain)
-')
-
-optional_policy(`
-	virt_read_config(virt_domain)
-	virt_read_lib_files(virt_domain)
-	virt_read_content(virt_domain)
-	virt_stream_connect(virt_domain)
-')
-
-########################################
-#
-# xm local policy
-#
-type virsh_t;
-type virsh_exec_t;
-init_system_domain(virsh_t, virsh_exec_t)
-typealias virsh_t alias xm_t;
-typealias virsh_exec_t alias xm_exec_t;
-
-allow virsh_t self:capability { dac_override ipc_lock sys_tty_config };
-allow virsh_t self:process { getcap getsched setcap signal };
-allow virsh_t self:fifo_file rw_fifo_file_perms;
-allow virsh_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow virsh_t self:tcp_socket create_stream_socket_perms;
-
-manage_files_pattern(virsh_t, virt_image_type, virt_image_type)
-manage_blk_files_pattern(virsh_t, virt_image_type, virt_image_type)
-manage_lnk_files_pattern(virsh_t, virt_image_type, virt_image_type)
-
-dontaudit virsh_t virt_var_lib_t:file read_inherited_file_perms;
-
-kernel_read_system_state(virsh_t)
-kernel_read_network_state(virsh_t)
-kernel_read_kernel_sysctls(virsh_t)
-kernel_read_sysctl(virsh_t)
-kernel_read_xen_state(virsh_t)
-kernel_write_xen_state(virsh_t)
-
-corecmd_exec_bin(virsh_t)
-corecmd_exec_shell(virsh_t)
-
-corenet_tcp_sendrecv_generic_if(virsh_t)
-corenet_tcp_sendrecv_generic_node(virsh_t)
-corenet_tcp_connect_soundd_port(virsh_t)
-
-dev_read_urand(virsh_t)
-dev_read_sysfs(virsh_t)
-
-files_read_etc_runtime_files(virsh_t)
-files_read_usr_files(virsh_t)
-files_list_mnt(virsh_t)
-# Some common macros (you might be able to remove some)
-files_read_etc_files(virsh_t)
-
-fs_getattr_all_fs(virsh_t)
-fs_manage_xenfs_dirs(virsh_t)
-fs_manage_xenfs_files(virsh_t)
-fs_search_auto_mountpoints(virsh_t)
-
-storage_raw_read_fixed_disk(virsh_t)
-
-term_use_all_terms(virsh_t)
-
-init_stream_connect_script(virsh_t)
-init_rw_script_stream_sockets(virsh_t)
-init_use_fds(virsh_t)
-
-miscfiles_read_localization(virsh_t)
-
-sysnet_dns_name_resolve(virsh_t)
-
-optional_policy(`
-	xen_manage_image_dirs(virsh_t)
-	xen_append_log(virsh_t)
-	xen_stream_connect(virsh_t)
-	xen_stream_connect_xenstore(virsh_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(virsh_t)
-
-	optional_policy(`
-		hal_dbus_chat(virsh_t)
-	')
-')
-
-optional_policy(`
-	vhostmd_rw_tmpfs_files(virsh_t)
-	vhostmd_stream_connect(virsh_t)
-	vhostmd_dontaudit_rw_stream_connect(virsh_t)
-')
-
-optional_policy(`
-	virt_domtrans(virsh_t)
-	virt_manage_images(virsh_t)
-	virt_manage_config(virsh_t)
-	virt_stream_connect(virsh_t)
-')
-
-optional_policy(`
-	ssh_basic_client_template(virsh, virsh_t, system_r)
-
-	kernel_read_xen_state(virsh_ssh_t)
-	kernel_write_xen_state(virsh_ssh_t)
-
-	dontaudit virsh_ssh_t virsh_transition_domain:fifo_file rw_inherited_fifo_file_perms;
-	files_search_tmp(virsh_ssh_t)
-
-	fs_manage_xenfs_dirs(virsh_ssh_t)
-	fs_manage_xenfs_files(virsh_ssh_t)
-
-	userdom_search_admin_dir(virsh_ssh_t)
-')
diff --git a/policy/modules/services/vnstatd.fc b/policy/modules/services/vnstatd.fc
deleted file mode 100644
index 7667c31..0000000
--- a/policy/modules/services/vnstatd.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-
-/usr/bin/vnstat		--	gen_context(system_u:object_r:vnstat_exec_t,s0)
-
-/usr/sbin/vnstatd	--	gen_context(system_u:object_r:vnstatd_exec_t,s0)
-
-/var/lib/vnstat(/.*)?		gen_context(system_u:object_r:vnstatd_var_lib_t,s0)
diff --git a/policy/modules/services/vnstatd.if b/policy/modules/services/vnstatd.if
deleted file mode 100644
index b9104b7..0000000
--- a/policy/modules/services/vnstatd.if
+++ /dev/null
@@ -1,144 +0,0 @@
-## <summary>policy for vnstatd</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run vnstatd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`vnstatd_domtrans',`
-	gen_require(`
-		type vnstatd_t, vnstatd_exec_t;
-	')
-
-	domtrans_pattern($1, vnstatd_exec_t, vnstatd_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run vnstat.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`vnstatd_domtrans_vnstat',`
-	gen_require(`
-		type vnstat_t, vnstat_exec_t;
-	')
-
-	domtrans_pattern($1, vnstat_exec_t, vnstat_t)
-')
-
-########################################
-## <summary>
-##	Search vnstatd lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vnstatd_search_lib',`
-	gen_require(`
-		type vnstatd_var_lib_t;
-	')
-
-	allow $1 vnstatd_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Read vnstatd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vnstatd_read_lib_files',`
-	gen_require(`
-		type vnstatd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	vnstatd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vnstatd_manage_lib_files',`
-	gen_require(`
-		type vnstatd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Manage vnstatd lib dirs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`vnstatd_manage_lib_dirs',`
-	gen_require(`
-		type vnstatd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_dirs_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
-')
-
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an vnstatd environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`vnstatd_admin',`
-	gen_require(`
-		type vnstatd_t, vnstatd_var_lib_t;
-	')
-
-	allow $1 vnstatd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, vnstatd_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, vnstatd_var_lib_t)
-')
diff --git a/policy/modules/services/vnstatd.te b/policy/modules/services/vnstatd.te
deleted file mode 100644
index 8ec07ff..0000000
--- a/policy/modules/services/vnstatd.te
+++ /dev/null
@@ -1,65 +0,0 @@
-policy_module(vnstatd, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type vnstatd_t;
-type vnstatd_exec_t;
-init_daemon_domain(vnstatd_t, vnstatd_exec_t)
-
-permissive vnstatd_t;
-
-type vnstatd_var_lib_t;
-files_type(vnstatd_var_lib_t)
-
-type vnstat_t;
-type vnstat_exec_t;
-application_domain(vnstat_t, vnstat_exec_t)
-cron_system_entry(vnstat_t, vnstat_exec_t)
-
-########################################
-#
-# vnstatd local policy
-#
-allow vnstatd_t self:process { fork signal };
-allow vnstatd_t self:fifo_file rw_fifo_file_perms;
-allow vnstatd_t self:unix_stream_socket create_stream_socket_perms;
-
-manage_dirs_pattern(vnstatd_t, vnstatd_var_lib_t, vnstatd_var_lib_t)
-manage_files_pattern(vnstatd_t, vnstatd_var_lib_t, vnstatd_var_lib_t)
-files_var_lib_filetrans(vnstatd_t, vnstatd_var_lib_t, { dir file })
-
-domain_use_interactive_fds(vnstatd_t)
-
-files_read_etc_files(vnstatd_t)
-
-logging_send_syslog_msg(vnstatd_t)
-
-miscfiles_read_localization(vnstatd_t)
-
-########################################
-#
-# vnstat local policy
-#
-allow vnstat_t self:process signal;
-allow vnstat_t self:fifo_file rw_fifo_file_perms;
-allow vnstat_t self:unix_stream_socket create_stream_socket_perms;
-
-manage_dirs_pattern(vnstat_t, vnstatd_var_lib_t, vnstatd_var_lib_t)
-manage_files_pattern(vnstat_t, vnstatd_var_lib_t, vnstatd_var_lib_t)
-files_var_lib_filetrans(vnstat_t, vnstatd_var_lib_t, { dir file })
-
-kernel_read_network_state(vnstat_t)
-kernel_read_system_state(vnstat_t)
-
-domain_use_interactive_fds(vnstat_t)
-
-files_read_etc_files(vnstat_t)
-
-fs_getattr_xattr_fs(vnstat_t)
-
-logging_send_syslog_msg(vnstat_t)
-
-miscfiles_read_localization(vnstat_t)
diff --git a/policy/modules/services/w3c.fc b/policy/modules/services/w3c.fc
deleted file mode 100644
index a9cc9a8..0000000
--- a/policy/modules/services/w3c.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-/usr/lib/cgi-bin/check				gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0)
-
-/usr/share/w3c-markup-validator(/.*)?		gen_context(system_u:object_r:httpd_w3c_validator_content_t,s0)
-/usr/share/w3c-markup-validator/cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0)
diff --git a/policy/modules/services/w3c.if b/policy/modules/services/w3c.if
deleted file mode 100644
index 8f678a9..0000000
--- a/policy/modules/services/w3c.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>W3C Markup Validator</summary>
diff --git a/policy/modules/services/w3c.te b/policy/modules/services/w3c.te
deleted file mode 100644
index f4c4c1b..0000000
--- a/policy/modules/services/w3c.te
+++ /dev/null
@@ -1,33 +0,0 @@
-policy_module(w3c, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-apache_content_template(w3c_validator)
-
-type httpd_w3c_validator_tmp_t;
-files_tmp_file(httpd_w3c_validator_tmp_t)
-
-########################################
-#
-# Local policy
-#
-
-manage_dirs_pattern(httpd_w3c_validator_script_t, httpd_w3c_validator_tmp_t, httpd_w3c_validator_tmp_t)
-manage_files_pattern(httpd_w3c_validator_script_t, httpd_w3c_validator_tmp_t, httpd_w3c_validator_tmp_t)
-files_tmp_filetrans(httpd_w3c_validator_script_t, httpd_w3c_validator_tmp_t, { file dir })
-
-corenet_tcp_connect_ftp_port(httpd_w3c_validator_script_t)
-corenet_tcp_sendrecv_ftp_port(httpd_w3c_validator_script_t)
-corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
-corenet_tcp_sendrecv_http_port(httpd_w3c_validator_script_t)
-corenet_tcp_connect_http_cache_port(httpd_w3c_validator_script_t)
-corenet_tcp_sendrecv_http_cache_port(httpd_w3c_validator_script_t)
-
-miscfiles_read_generic_certs(httpd_w3c_validator_script_t)
-
-sysnet_dns_name_resolve(httpd_w3c_validator_script_t)
-
-apache_dontaudit_rw_tmp_files(httpd_w3c_validator_script_t)
diff --git a/policy/modules/services/watchdog.fc b/policy/modules/services/watchdog.fc
deleted file mode 100644
index 7551c51..0000000
--- a/policy/modules/services/watchdog.fc
+++ /dev/null
@@ -1,5 +0,0 @@
-/usr/sbin/watchdog	--	gen_context(system_u:object_r:watchdog_exec_t,s0)
-
-/var/log/watchdog(/.*)?		gen_context(system_u:object_r:watchdog_log_t,s0)
-
-/var/run/watchdog\.pid	--	gen_context(system_u:object_r:watchdog_var_run_t,s0)
diff --git a/policy/modules/services/watchdog.if b/policy/modules/services/watchdog.if
deleted file mode 100644
index f8acf10..0000000
--- a/policy/modules/services/watchdog.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>Software watchdog</summary>
diff --git a/policy/modules/services/watchdog.te b/policy/modules/services/watchdog.te
deleted file mode 100644
index b10bb05..0000000
--- a/policy/modules/services/watchdog.te
+++ /dev/null
@@ -1,105 +0,0 @@
-policy_module(watchdog, 1.7.0)
-
-#################################
-#
-# Rules for the watchdog_t domain.
-#
-
-type watchdog_t;
-type watchdog_exec_t;
-init_daemon_domain(watchdog_t, watchdog_exec_t)
-
-type watchdog_log_t;
-logging_log_file(watchdog_log_t)
-
-type watchdog_var_run_t;
-files_pid_file(watchdog_var_run_t)
-
-########################################
-#
-# Declarations
-#
-
-allow watchdog_t self:capability { sys_admin net_admin sys_boot ipc_lock sys_pacct sys_nice sys_resource };
-dontaudit watchdog_t self:capability sys_tty_config;
-allow watchdog_t self:process { setsched signal_perms };
-allow watchdog_t self:fifo_file rw_fifo_file_perms;
-allow watchdog_t self:unix_stream_socket create_socket_perms;
-allow watchdog_t self:tcp_socket create_stream_socket_perms;
-allow watchdog_t self:udp_socket create_socket_perms;
-
-allow watchdog_t watchdog_log_t:file manage_file_perms;
-logging_log_filetrans(watchdog_t, watchdog_log_t, file)
-
-manage_files_pattern(watchdog_t, watchdog_var_run_t, watchdog_var_run_t)
-files_pid_filetrans(watchdog_t, watchdog_var_run_t, file)
-
-kernel_read_system_state(watchdog_t)
-kernel_read_kernel_sysctls(watchdog_t)
-kernel_unmount_proc(watchdog_t)
-
-# for orderly shutdown
-corecmd_exec_shell(watchdog_t)
-
-# cjp: why networking?
-corenet_all_recvfrom_unlabeled(watchdog_t)
-corenet_all_recvfrom_netlabel(watchdog_t)
-corenet_tcp_sendrecv_generic_if(watchdog_t)
-corenet_udp_sendrecv_generic_if(watchdog_t)
-corenet_tcp_sendrecv_generic_node(watchdog_t)
-corenet_udp_sendrecv_generic_node(watchdog_t)
-corenet_tcp_sendrecv_all_ports(watchdog_t)
-corenet_udp_sendrecv_all_ports(watchdog_t)
-corenet_tcp_connect_all_ports(watchdog_t)
-corenet_sendrecv_all_client_packets(watchdog_t)
-
-dev_read_sysfs(watchdog_t)
-dev_write_watchdog(watchdog_t)
-# do not care about saving the random seed
-dev_dontaudit_read_rand(watchdog_t)
-dev_dontaudit_read_urand(watchdog_t)
-
-domain_use_interactive_fds(watchdog_t)
-domain_getsession_all_domains(watchdog_t)
-domain_sigchld_all_domains(watchdog_t)
-domain_sigstop_all_domains(watchdog_t)
-domain_signull_all_domains(watchdog_t)
-domain_signal_all_domains(watchdog_t)
-domain_kill_all_domains(watchdog_t)
-
-files_read_etc_files(watchdog_t)
-# for updating mtab on umount
-files_manage_etc_runtime_files(watchdog_t)
-files_etc_filetrans_etc_runtime(watchdog_t, file)
-
-fs_unmount_xattr_fs(watchdog_t)
-fs_getattr_all_fs(watchdog_t)
-fs_search_auto_mountpoints(watchdog_t)
-
-# record the fact that we are going down
-auth_append_login_records(watchdog_t)
-
-logging_send_syslog_msg(watchdog_t)
-
-miscfiles_read_localization(watchdog_t)
-
-sysnet_read_config(watchdog_t)
-
-userdom_dontaudit_use_unpriv_user_fds(watchdog_t)
-userdom_dontaudit_search_user_home_dirs(watchdog_t)
-
-optional_policy(`
-	mta_send_mail(watchdog_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(watchdog_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(watchdog_t)
-')
-
-optional_policy(`
-	udev_read_db(watchdog_t)
-')
diff --git a/policy/modules/services/xfs.fc b/policy/modules/services/xfs.fc
deleted file mode 100644
index 8e70038..0000000
--- a/policy/modules/services/xfs.fc
+++ /dev/null
@@ -1,8 +0,0 @@
-
-/tmp/\.font-unix(/.*)?		gen_context(system_u:object_r:xfs_tmp_t,s0)
-
-/usr/bin/xfs		--	gen_context(system_u:object_r:xfs_exec_t,s0)
-/usr/bin/xfstt		--	gen_context(system_u:object_r:xfs_exec_t,s0)
-
-/usr/X11R6/bin/xfs	--	gen_context(system_u:object_r:xfs_exec_t,s0)
-/usr/X11R6/bin/xfs-xtt	--	gen_context(system_u:object_r:xfs_exec_t,s0)
diff --git a/policy/modules/services/xfs.if b/policy/modules/services/xfs.if
deleted file mode 100644
index 42a0efb..0000000
--- a/policy/modules/services/xfs.if
+++ /dev/null
@@ -1,59 +0,0 @@
-## <summary>X Windows Font Server</summary>
-
-########################################
-## <summary>
-##	Read a X font server named socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xfs_read_sockets',`
-	gen_require(`
-		type xfs_tmp_t;
-	')
-
-	files_search_tmp($1)
-	read_sock_files_pattern($1, xfs_tmp_t, xfs_tmp_t)
-')
-
-########################################
-## <summary>
-##	Connect to a X font server over
-##	a unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xfs_stream_connect',`
-	gen_require(`
-		type xfs_tmp_t, xfs_t;
-	')
-
-	files_search_tmp($1)
-	stream_connect_pattern($1, xfs_tmp_t, xfs_tmp_t, xfs_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to execute xfs
-##	in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xfs_exec',`
-	gen_require(`
-		type xfs_exec_t;
-	')
-
-	can_exec($1, xfs_exec_t)
-')
diff --git a/policy/modules/services/xfs.te b/policy/modules/services/xfs.te
deleted file mode 100644
index 11c1b12..0000000
--- a/policy/modules/services/xfs.te
+++ /dev/null
@@ -1,87 +0,0 @@
-policy_module(xfs, 1.6.0)
-
-########################################
-#
-# Declarations
-#
-
-type xfs_t;
-type xfs_exec_t;
-init_daemon_domain(xfs_t, xfs_exec_t)
-
-type xfs_tmp_t;
-files_tmp_file(xfs_tmp_t)
-
-type xfs_var_run_t;
-files_pid_file(xfs_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow xfs_t self:capability { dac_override setgid setuid };
-dontaudit xfs_t self:capability sys_tty_config;
-allow xfs_t self:process { signal_perms setpgid };
-allow xfs_t self:unix_stream_socket create_stream_socket_perms;
-allow xfs_t self:unix_dgram_socket create_socket_perms;
-allow xfs_t self:tcp_socket create_stream_socket_perms;
-
-manage_dirs_pattern(xfs_t, xfs_tmp_t, xfs_tmp_t)
-manage_sock_files_pattern(xfs_t, xfs_tmp_t, xfs_tmp_t)
-files_tmp_filetrans(xfs_t, xfs_tmp_t, { sock_file dir })
-
-manage_files_pattern(xfs_t, xfs_var_run_t, xfs_var_run_t)
-files_pid_filetrans(xfs_t, xfs_var_run_t, file)
-
-kernel_read_kernel_sysctls(xfs_t)
-kernel_read_system_state(xfs_t)
-
-corenet_all_recvfrom_unlabeled(xfs_t)
-corenet_all_recvfrom_netlabel(xfs_t)
-corenet_tcp_sendrecv_generic_if(xfs_t)
-corenet_tcp_sendrecv_generic_node(xfs_t)
-corenet_tcp_sendrecv_all_ports(xfs_t)
-corenet_tcp_bind_generic_node(xfs_t)
-corenet_tcp_bind_xfs_port(xfs_t)
-corenet_sendrecv_xfs_server_packets(xfs_t)
-
-corecmd_list_bin(xfs_t)
-
-dev_read_sysfs(xfs_t)
-dev_read_urand(xfs_t)
-dev_read_rand(xfs_t)
-
-fs_getattr_all_fs(xfs_t)
-fs_search_auto_mountpoints(xfs_t)
-
-domain_use_interactive_fds(xfs_t)
-
-files_read_etc_files(xfs_t)
-files_read_etc_runtime_files(xfs_t)
-files_read_usr_files(xfs_t)
-
-auth_use_nsswitch(xfs_t)
-
-logging_send_syslog_msg(xfs_t)
-
-miscfiles_read_localization(xfs_t)
-miscfiles_read_fonts(xfs_t)
-
-userdom_dontaudit_use_unpriv_user_fds(xfs_t)
-userdom_dontaudit_search_user_home_dirs(xfs_t)
-
-xfs_exec(xfs_t)
-
-ifdef(`distro_debian',`
-	# for /tmp/.font-unix/fs7100
-	init_script_tmp_filetrans(xfs_t, xfs_tmp_t, sock_file)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(xfs_t)
-')
-
-optional_policy(`
-	udev_read_db(xfs_t)
-')
diff --git a/policy/modules/services/xprint.fc b/policy/modules/services/xprint.fc
deleted file mode 100644
index 6a857ff..0000000
--- a/policy/modules/services/xprint.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/bin/Xprt	--	gen_context(system_u:object_r:xprint_exec_t,s0)
diff --git a/policy/modules/services/xprint.if b/policy/modules/services/xprint.if
deleted file mode 100644
index e69a82a..0000000
--- a/policy/modules/services/xprint.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>X print server</summary>
diff --git a/policy/modules/services/xprint.te b/policy/modules/services/xprint.te
deleted file mode 100644
index 68d13e5..0000000
--- a/policy/modules/services/xprint.te
+++ /dev/null
@@ -1,82 +0,0 @@
-policy_module(xprint, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type xprint_t;
-type xprint_exec_t;
-init_daemon_domain(xprint_t, xprint_exec_t)
-
-type xprint_var_run_t;
-files_pid_file(xprint_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-dontaudit xprint_t self:capability sys_tty_config;
-allow xprint_t self:process signal_perms;
-allow xprint_t self:fifo_file rw_file_perms;
-allow xprint_t self:tcp_socket create_stream_socket_perms;
-allow xprint_t self:udp_socket create_socket_perms;
-
-manage_files_pattern(xprint_t, xprint_var_run_t, xprint_var_run_t)
-files_pid_filetrans(xprint_t, xprint_var_run_t, file)
-
-kernel_read_system_state(xprint_t)
-kernel_read_kernel_sysctls(xprint_t)
-
-corecmd_exec_bin(xprint_t)
-corecmd_exec_shell(xprint_t)
-
-corenet_all_recvfrom_unlabeled(xprint_t)
-corenet_all_recvfrom_netlabel(xprint_t)
-corenet_tcp_sendrecv_generic_if(xprint_t)
-corenet_udp_sendrecv_generic_if(xprint_t)
-corenet_tcp_sendrecv_generic_node(xprint_t)
-corenet_udp_sendrecv_generic_node(xprint_t)
-corenet_tcp_sendrecv_all_ports(xprint_t)
-corenet_udp_sendrecv_all_ports(xprint_t)
-
-dev_read_sysfs(xprint_t)
-dev_read_urand(xprint_t)
-
-domain_use_interactive_fds(xprint_t)
-
-files_read_etc_files(xprint_t)
-files_read_etc_runtime_files(xprint_t)
-files_read_usr_files(xprint_t)
-files_search_var_lib(xprint_t)
-files_search_tmp(xprint_t)
-
-fs_getattr_all_fs(xprint_t)
-fs_search_auto_mountpoints(xprint_t)
-
-logging_send_syslog_msg(xprint_t)
-
-miscfiles_read_fonts(xprint_t)
-miscfiles_read_localization(xprint_t)
-
-sysnet_read_config(xprint_t)
-
-userdom_dontaudit_use_unpriv_user_fds(xprint_t)
-userdom_dontaudit_search_user_home_dirs(xprint_t)
-
-optional_policy(`
-	cups_read_config(xprint_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(xprint_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(xprint_t)
-')
-
-optional_policy(`
-	udev_read_db(xprint_t)
-')
diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
deleted file mode 100644
index 6a160b2..0000000
--- a/policy/modules/services/xserver.fc
+++ /dev/null
@@ -1,141 +0,0 @@
-#
-# HOME_DIR
-#
-HOME_DIR/\.fonts\.conf	--	gen_context(system_u:object_r:user_fonts_config_t,s0)
-HOME_DIR/\.fonts\.d(/.*)?	gen_context(system_u:object_r:user_fonts_config_t,s0)
-HOME_DIR/\.fonts(/.*)?		gen_context(system_u:object_r:user_fonts_t,s0)
-HOME_DIR/\.fontconfig(/.*)?	gen_context(system_u:object_r:user_fonts_cache_t,s0)
-HOME_DIR/\.fonts/auto(/.*)?	gen_context(system_u:object_r:user_fonts_cache_t,s0)
-HOME_DIR/\.fonts\.cache-.* --	gen_context(system_u:object_r:user_fonts_cache_t,s0)
-HOME_DIR/\.DCOP.* 	   --	gen_context(system_u:object_r:iceauth_home_t,s0)
-HOME_DIR/\.ICEauthority.* --	gen_context(system_u:object_r:iceauth_home_t,s0)
-HOME_DIR/\.ICEauthority.* --	gen_context(system_u:object_r:iceauth_home_t,s0)
-HOME_DIR/\.serverauth.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
-HOME_DIR/\.xauth.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
-HOME_DIR/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
-HOME_DIR/\.xsession-errors.*	--	gen_context(system_u:object_r:xdm_home_t,s0)
-HOME_DIR/\.dmrc.*	--	gen_context(system_u:object_r:xdm_home_t,s0)
-
-/root/\.serverauth.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
-/root/\.Xauth.*		--	gen_context(system_u:object_r:xauth_home_t,s0)
-/root/\.xauth.*		--	gen_context(system_u:object_r:xauth_home_t,s0)
-#
-# /dev
-#
-/dev/xconsole		-p	gen_context(system_u:object_r:xconsole_device_t,s0)
-
-#
-# /etc
-#
-
-/etc/init\.d/xfree86-common --	gen_context(system_u:object_r:xserver_exec_t,s0)
-
-/etc/gdm(/.*)?		  	gen_context(system_u:object_r:xdm_etc_t,s0)
-
-/etc/kde3?/kdm/Xstartup	--	gen_context(system_u:object_r:xsession_exec_t,s0)
-/etc/kde3?/kdm/Xreset	--	gen_context(system_u:object_r:xsession_exec_t,s0)
-/etc/kde3?/kdm/Xsession	--	gen_context(system_u:object_r:xsession_exec_t,s0)
-/etc/kde3?/kdm/backgroundrc	gen_context(system_u:object_r:xdm_var_run_t,s0)
-
-/etc/X11/[wx]dm/Xreset.* --	gen_context(system_u:object_r:xsession_exec_t,s0)
-/etc/X11/[wxg]dm/Xsession --	gen_context(system_u:object_r:xsession_exec_t,s0)
-/etc/X11/wdm(/.*)?		gen_context(system_u:object_r:xdm_rw_etc_t,s0)
-/etc/X11/wdm/Xsetup.*	--	gen_context(system_u:object_r:xsession_exec_t,s0)
-/etc/X11/wdm/Xstartup.*	--	gen_context(system_u:object_r:xsession_exec_t,s0)
-/etc/X11/Xsession[^/]*	--	gen_context(system_u:object_r:xsession_exec_t,s0)
-
-#
-# /opt
-#
-
-/opt/kde3/bin/kdm	--	gen_context(system_u:object_r:xdm_exec_t,s0)
-
-#
-# /tmp
-#
-
-/tmp/\.X0-lock		--	gen_context(system_u:object_r:xdm_tmp_t,s0)
-/tmp/\.X11-unix(/.*)?			gen_context(system_u:object_r:xdm_tmp_t,s0)
-/tmp/\.ICE-unix(/.*)?			gen_context(system_u:object_r:xdm_tmp_t,s0)
-
-#
-# /usr
-#
-
-/usr/(s)?bin/gdm-binary	--	gen_context(system_u:object_r:xdm_exec_t,s0)
-/usr/(s)?bin/lxdm	--	gen_context(system_u:object_r:xdm_exec_t,s0)
-/usr/(s)?bin/lxdm-binary --	gen_context(system_u:object_r:xdm_exec_t,s0)
-/usr/(s)?bin/[xgkw]dm	--	gen_context(system_u:object_r:xdm_exec_t,s0)
-/usr/bin/gpe-dm		--	gen_context(system_u:object_r:xdm_exec_t,s0)
-/usr/bin/iceauth	--	gen_context(system_u:object_r:iceauth_exec_t,s0)
-/usr/bin/slim		--	gen_context(system_u:object_r:xdm_exec_t,s0)
-/usr/bin/Xair		--	gen_context(system_u:object_r:xserver_exec_t,s0)
-/usr/bin/Xephyr		--	gen_context(system_u:object_r:xserver_exec_t,s0)
-/usr/bin/xauth		--	gen_context(system_u:object_r:xauth_exec_t,s0)
-/usr/bin/Xorg		--	gen_context(system_u:object_r:xserver_exec_t,s0)
-ifdef(`distro_debian', `
-/usr/sbin/gdm		--	gen_context(system_u:object_r:xdm_exec_t,s0)
-')
-
-/usr/lib(64)?/qt-.*/etc/settings(/.*)?	gen_context(system_u:object_r:xdm_var_run_t,s0)
-
-/usr/var/[xgkw]dm(/.*)?		gen_context(system_u:object_r:xserver_log_t,s0)
-
-/usr/X11R6/bin/[xgkw]dm	--	gen_context(system_u:object_r:xdm_exec_t,s0)
-/usr/X11R6/bin/iceauth	--	gen_context(system_u:object_r:iceauth_exec_t,s0)
-/usr/X11R6/bin/X	--	gen_context(system_u:object_r:xserver_exec_t,s0)
-/usr/X11R6/bin/xauth	--	gen_context(system_u:object_r:xauth_exec_t,s0)
-/usr/X11R6/bin/XFree86	--	gen_context(system_u:object_r:xserver_exec_t,s0)
-/usr/X11R6/bin/Xipaq	--	gen_context(system_u:object_r:xserver_exec_t,s0)
-/usr/X11R6/bin/Xorg	--	gen_context(system_u:object_r:xserver_exec_t,s0)
-/usr/X11R6/bin/Xwrapper	--	gen_context(system_u:object_r:xserver_exec_t,s0)
-/usr/X11R6/lib/X11/xkb	-d	gen_context(system_u:object_r:xkb_var_lib_t,s0)
-/usr/X11R6/lib/X11/xkb/.* --	gen_context(system_u:object_r:xkb_var_lib_t,s0)
-
-#
-# /var
-#
-
-/var/[xgk]dm(/.*)?		gen_context(system_u:object_r:xserver_log_t,s0)
-
-/var/lib/[gxkw]dm(/.*)?		gen_context(system_u:object_r:xdm_var_lib_t,s0)
-/var/lib/lxdm(/.*)?		gen_context(system_u:object_r:xdm_var_lib_t,s0)
-/var/lib/xkb(/.*)?		gen_context(system_u:object_r:xkb_var_lib_t,s0)
-/var/lib/xorg(/.*)?		gen_context(system_u:object_r:xserver_var_lib_t,s0)
-
-/var/cache/gdm(/.*)?		gen_context(system_u:object_r:xdm_var_lib_t,s0)
-
-/var/log/gdm(/.*)?		gen_context(system_u:object_r:xdm_log_t,s0)
-/var/log/slim\.log.*	--	gen_context(system_u:object_r:xdm_log_t,s0)
-/var/log/lxdm\.log.*	--	gen_context(system_u:object_r:xdm_log_t,s0)
-/var/log/[kw]dm\.log.*	--	gen_context(system_u:object_r:xserver_log_t,s0)
-/var/log/XFree86.*	--	gen_context(system_u:object_r:xserver_log_t,s0)
-/var/log/Xorg.*		--	gen_context(system_u:object_r:xserver_log_t,s0)
-/var/log/nvidia-installer\.log.* --	gen_context(system_u:object_r:xserver_log_t,s0)
-
-/var/spool/gdm(/.*)?	 	gen_context(system_u:object_r:xdm_spool_t,s0)
-
-/var/run/slim(/.*)?	 	gen_context(system_u:object_r:xdm_var_run_t,s0)
-/var/run/kdm(/.*)?	 	gen_context(system_u:object_r:xdm_var_run_t,s0)
-/var/run/gdm(/.*)?	 	gen_context(system_u:object_r:xdm_var_run_t,s0)
-/var/run/gdm_socket	-s	gen_context(system_u:object_r:xdm_var_run_t,s0)
-/var/run/[gx]dm\.pid	--	gen_context(system_u:object_r:xdm_var_run_t,s0)
-/var/run/lxdm\.pid	--	gen_context(system_u:object_r:xdm_var_run_t,s0)
-/var/run/xdmctl(/.*)?		gen_context(system_u:object_r:xdm_var_run_t,s0)
-/var/run/xauth(/.*)?		gen_context(system_u:object_r:xdm_var_run_t,s0)
-/var/run/slim.*		--	gen_context(system_u:object_r:xdm_var_run_t,s0)
-/var/run/lxdm\.auth	--	gen_context(system_u:object_r:xdm_var_run_t,s0)
-/var/run/lxdm(/*.)?		gen_context(system_u:object_r:xdm_var_run_t,s0)
-
-/var/run/video.rom	--	gen_context(system_u:object_r:xserver_var_run_t,s0)
-/var/run/xorg(/.*)?		gen_context(system_u:object_r:xserver_var_run_t,s0)
-
-ifdef(`distro_suse',`
-/var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
-')
-
-/var/lib/nxserver/home/\.xauth.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
-/var/lib/nxserver/home/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
-/var/lib/pqsql/\.xauth.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
-/var/lib/pqsql/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
-
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
deleted file mode 100644
index f963642..0000000
--- a/policy/modules/services/xserver.if
+++ /dev/null
@@ -1,1713 +0,0 @@
-## <summary>X Windows Server</summary>
-
-########################################
-## <summary>
-##	Rules required for using the X Windows server
-##	and environment, for restricted users.
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_restricted_role',`
-	gen_require(`
-		type xserver_t, xserver_exec_t, xserver_tmp_t, xserver_tmpfs_t;
-		type user_fonts_t, user_fonts_cache_t, user_fonts_config_t, xdm_tmp_t;
-		type iceauth_t, iceauth_exec_t, iceauth_home_t;
-		type xauth_t, xauth_exec_t, xauth_home_t;
-		class dbus send_msg;
-	')
-
-	role $1 types { xserver_t xauth_t iceauth_t };
-
-	# Xserver read/write client shm
-	allow xserver_t $2:fd use;
-	allow xserver_t $2:shm rw_shm_perms;
-
-	domtrans_pattern($2, xserver_exec_t, xserver_t)
-	allow xserver_t $2:process { getpgid signal };
-
-	allow xserver_t $2:shm rw_shm_perms;
-
-	allow $2 user_fonts_t:dir list_dir_perms;
-	allow $2 user_fonts_t:file read_file_perms;
-	allow $2 user_fonts_t:lnk_file read_lnk_file_perms;
-
-	allow $2 user_fonts_config_t:dir list_dir_perms;
-	allow $2 user_fonts_config_t:file read_file_perms;
-
-	manage_dirs_pattern($2, user_fonts_cache_t, user_fonts_cache_t)
-	manage_files_pattern($2, user_fonts_cache_t, user_fonts_cache_t)
-
-	stream_connect_pattern($2, xserver_tmp_t, xserver_tmp_t, xserver_t)
-	allow $2 xserver_tmp_t:sock_file delete_sock_file_perms;
-	files_search_tmp($2)
-
-	# Communicate via System V shared memory.
-	allow $2 xserver_t:shm r_shm_perms;
-	allow $2 xserver_tmpfs_t:file read_file_perms;
-
-	# allow ps to show iceauth
-	ps_process_pattern($2, iceauth_t)
-
-	domtrans_pattern($2, iceauth_exec_t, iceauth_t)
-
-	allow $2 iceauth_home_t:file read_file_perms;
-
-	domtrans_pattern($2, xauth_exec_t, xauth_t)
-
-	allow $2 xauth_t:process signal;
-
-	# allow ps to show xauth
-	ps_process_pattern($2, xauth_t)
-	allow $2 xserver_t:process signal;
-
-	allow $2 xauth_home_t:file read_file_perms;
-
-	# for when /tmp/.X11-unix is created by the system
-	allow $2 xdm_t:fd use;
-	allow $2 xdm_t:fifo_file rw_inherited_fifo_file_perms;
-	allow $2 xdm_tmp_t:dir search_dir_perms;
-	allow $2 xdm_tmp_t:sock_file rw_inherited_sock_file_perms;
-	dontaudit $2 xdm_t:tcp_socket { read write };
-	dontaudit $2 xdm_tmp_t:dir setattr_dir_perms;
-
-	allow $2 xdm_t:dbus send_msg;
-	allow xdm_t  $2:dbus send_msg;
-
-	# Client read xserver shm
-	allow $2 xserver_t:fd use;
-	allow $2 xserver_tmpfs_t:file read_file_perms;
-
-	# Read /tmp/.X0-lock
-	allow $2 xserver_tmp_t:file read_inherited_file_perms;
-
-	dev_rw_xserver_misc($2)
-	dev_rw_power_management($2)
-	dev_read_input($2)
-	dev_read_misc($2)
-	dev_write_misc($2)
-	# open office is looking for the following
-	dev_getattr_agp_dev($2)
-
-	# GNOME checks for usb and other devices:
-	dev_rw_usbfs($2)
-
-	miscfiles_read_fonts($2)
-	miscfiles_setattr_fonts_cache_dirs($2)
-	miscfiles_read_hwdata($2)
-
-	xserver_common_x_domain_template(user, $2)
-	xserver_xsession_entry_type($2)
-	xserver_dontaudit_write_log($2)
-	xserver_stream_connect_xdm($2)
-	# certain apps want to read xdm.pid file
-	xserver_read_xdm_pid($2)
-	# gnome-session creates socket under /tmp/.ICE-unix/
-	xserver_create_xdm_tmp_sockets($2)
-	# Needed for escd, remove if we get escd policy
-	xserver_manage_xdm_tmp_files($2)
-	xserver_read_xdm_etc_files($2)
-
-	ifdef(`hide_broken_symptoms',`
-		dontaudit iceauth_t $2:socket_class_set { read write };
-	')
-
-	# Client write xserver shm
-	tunable_policy(`allow_write_xshm',`
-		allow $2 xserver_t:shm rw_shm_perms;
-		allow $2 xserver_tmpfs_t:file rw_file_perms;
-	')
-
-	tunable_policy(`user_direct_dri',`
-		dev_rw_dri($2)
-	')
-
-	optional_policy(`
-		gnome_read_gconf_config($2)
-	')
-')
-
-########################################
-## <summary>
-##	Rules required for using the X Windows server
-##	and environment.
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_role',`
-	gen_require(`
-		type iceauth_home_t, xserver_t, xserver_tmpfs_t, xauth_home_t;
-		type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
-	')
-
-	xserver_restricted_role($1, $2)
-
-	# Communicate via System V shared memory.
-	allow $2 xserver_t:shm rw_shm_perms;
-	allow $2 xserver_tmpfs_t:file rw_file_perms;
-
-	allow $2 iceauth_home_t:file manage_file_perms;
-	allow $2 iceauth_home_t:file relabel_file_perms;
-
-	allow $2 xauth_home_t:file manage_file_perms;
-	allow $2 xauth_home_t:file relabel_file_perms;
-
-	mls_xwin_read_to_clearance($2)
-	manage_dirs_pattern($2, user_fonts_t, user_fonts_t)
-	manage_files_pattern($2, user_fonts_t, user_fonts_t)
-	allow $2 user_fonts_t:lnk_file read_lnk_file_perms;
-	relabel_dirs_pattern($2, user_fonts_t, user_fonts_t)
-	relabel_files_pattern($2, user_fonts_t, user_fonts_t)
-
-	manage_dirs_pattern($2, user_fonts_cache_t, user_fonts_cache_t)
-	manage_files_pattern($2, user_fonts_cache_t, user_fonts_cache_t)
-	relabel_dirs_pattern($2, user_fonts_cache_t, user_fonts_cache_t)
-	relabel_files_pattern($2, user_fonts_cache_t, user_fonts_cache_t)
-
-	manage_dirs_pattern($2, user_fonts_config_t, user_fonts_config_t)
-	manage_files_pattern($2, user_fonts_config_t, user_fonts_config_t)
-	relabel_dirs_pattern($2, user_fonts_config_t, user_fonts_config_t)
-	relabel_files_pattern($2, user_fonts_config_t, user_fonts_config_t)
-')
-
-#######################################
-## <summary>
-##	Create sessions on the X server, with read-only
-##	access to the X server shared
-##	memory segments.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="tmpfs_type">
-##	<summary>
-##	The type of the domain SYSV tmpfs files.
-##	</summary>
-## </param>
-#
-interface(`xserver_ro_session',`
-	gen_require(`
-		type xserver_t, xserver_tmp_t, xserver_tmpfs_t;
-	')
-
-	# Xserver read/write client shm
-	allow xserver_t $1:fd use;
-	allow xserver_t $1:shm rw_shm_perms;
-	allow xserver_t $2:file rw_file_perms;
-
-	# Connect to xserver
-	allow $1 xserver_t:unix_stream_socket connectto;
-	allow $1 xserver_t:process signal;
-
-	# Read /tmp/.X0-lock
-	allow $1 xserver_tmp_t:file read_file_perms;
-
-	# Client read xserver shm
-	allow $1 xserver_t:fd use;
-	allow $1 xserver_t:shm r_shm_perms;
-	allow $1 xserver_tmpfs_t:file read_file_perms;
-')
-
-#######################################
-## <summary>
-##	Create sessions on the X server, with read and write
-##	access to the X server shared
-##	memory segments.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="tmpfs_type">
-##	<summary>
-##	The type of the domain SYSV tmpfs files.
-##	</summary>
-## </param>
-#
-interface(`xserver_rw_session',`
-	gen_require(`
-		type xserver_t, xserver_tmpfs_t;
-	')
-
-	xserver_ro_session($1, $2)
-	allow $1 xserver_t:shm rw_shm_perms;
-	allow $1 xserver_tmpfs_t:file rw_file_perms;
-')
-
-#######################################
-## <summary>
-##	Create non-drawing client sessions on an X server.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_non_drawing_client',`
-	gen_require(`
-		class x_drawable { getattr get_property };
-		class x_extension { query use };
-		class x_gc { create setattr };
-		class x_property read;
-
-		type xserver_t, xdm_var_run_t;
-		type xextension_t, xproperty_t, root_xdrawable_t;
-	')
-
-	allow $1 self:x_gc { create setattr };
-
-	allow $1 xdm_var_run_t:dir search_dir_perms;
-	allow $1 xserver_t:unix_stream_socket connectto;
-
-	allow $1 xextension_t:x_extension { query use };
-	allow $1 root_xdrawable_t:x_drawable { getattr get_property };
-	allow $1 xproperty_t:x_property read;
-')
-
-#######################################
-## <summary>
-##	Create full client sessions
-##	on a user X server.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="tmpfs_type">
-##	<summary>
-##	The type of the domain SYSV tmpfs files.
-##	</summary>
-## </param>
-#
-interface(`xserver_user_client',`
-	refpolicywarn(`$0() has been deprecated, please use xserver_user_x_domain_template instead.')
-	gen_require(`
-		type xdm_t, xdm_tmp_t;
-		type xauth_home_t, iceauth_home_t, xserver_t, xserver_tmpfs_t;
-	')
-
-	allow $1 self:shm create_shm_perms;
-	allow $1 self:unix_dgram_socket create_socket_perms;
-	allow $1 self:unix_stream_socket { connectto create_stream_socket_perms };
-
-	# Read .Xauthority file
-	allow $1 xauth_home_t:file read_file_perms;
-	allow $1 iceauth_home_t:file read_file_perms;
-
-	# for when /tmp/.X11-unix is created by the system
-	allow $1 xdm_t:fd use;
-	allow $1 xdm_t:fifo_file rw_inherited_fifo_file_perms;
-	allow $1 xdm_tmp_t:dir search_dir_perms;
-	allow $1 xdm_tmp_t:sock_file { read write };
-	dontaudit $1 xdm_t:tcp_socket { read write };
-
-	# Allow connections to X server.
-	files_search_tmp($1)
-
-	miscfiles_read_fonts($1)
-
-	userdom_search_user_home_dirs($1)
-	# for .xsession-errors
-	userdom_dontaudit_write_user_home_content_files($1)
-
-	xserver_ro_session($1,$2)
-	xserver_use_user_fonts($1)
-
-	xserver_read_xdm_tmp_files($1)
-
-	# Client write xserver shm
-	tunable_policy(`allow_write_xshm',`
-		allow $1 xserver_t:shm rw_shm_perms;
-		allow $1 xserver_tmpfs_t:file rw_file_perms;
-	')
-')
-
-#######################################
-## <summary>
-##	Interface to provide X object permissions on a given X server to
-##	an X client domain.  Provides the minimal set required by a basic
-##	X client application.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	The prefix of the X client domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	Client domain allowed access.
-##	</summary>
-## </param>
-#
-template(`xserver_common_x_domain_template',`
-	gen_require(`
-		type root_xdrawable_t, xdm_t, xserver_t;
-		type xproperty_t, $1_xproperty_t;
-		type xevent_t, client_xevent_t;
-		type input_xevent_t, $1_input_xevent_t;
-
-		attribute x_domain, input_xevent_type;
-		attribute xdrawable_type, xcolormap_type;
-
-		class x_drawable all_x_drawable_perms;
-		class x_property all_x_property_perms;
-		class x_event all_x_event_perms;
-		class x_synthetic_event all_x_synthetic_event_perms;
-		class x_client destroy;
-		class x_server manage;
-		class x_screen { saver_setattr saver_hide saver_show };
-		class x_pointer { get_property set_property manage };
-		class x_keyboard { read manage };
-	')
-
-	##############################
-	#
-	# Local Policy
-	#
-
-	# Type attributes
-	typeattribute $2 x_domain;
-	typeattribute $2 xdrawable_type, xcolormap_type;
-
-	# X Properties
-	# disable property transitions for the time being.
-#	type_transition $2 xproperty_t:x_property $1_xproperty_t;
-
-	# X Windows
-	# new windows have the domain type
-	type_transition $2 root_xdrawable_t:x_drawable $2;
-
-	# X Input
-	# distinguish input events
-	type_transition $2 input_xevent_t:x_event $1_input_xevent_t;
-	# can send own events
-	allow $2 $1_input_xevent_t:{ x_event x_synthetic_event } send;
-	# can receive own events
-	allow $2 $1_input_xevent_t:{ x_event x_synthetic_event } receive;
-	# can receive default events
-	allow $2 client_xevent_t:{ x_event x_synthetic_event } receive;
-	allow $2 xevent_t:{ x_event x_synthetic_event } receive;
-	# dont audit send failures
-	dontaudit $2 input_xevent_type:x_event send;
-
-	allow $2 xdm_t:x_drawable { hide read add_child manage };
-	allow $2 xdm_t:x_client destroy;
-
-	allow $2 root_xdrawable_t:x_drawable write;
-	allow $2 xserver_t:x_server manage;
-	allow $2 xserver_t:x_screen { saver_setattr saver_hide saver_show };
-	allow $2 xserver_t:x_pointer { get_property set_property manage };
-	allow $2 xserver_t:x_keyboard { read manage };
-')
-
-#######################################
-## <summary>
-##	Template for creating the set of types used
-##	in an X windows domain.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	The prefix of the X client domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-#
-template(`xserver_object_types_template',`
-	gen_require(`
-		attribute xproperty_type, input_xevent_type, xevent_type;
-	')
-
-	##############################
-	#
-	# Declarations
-	#
-
-	# Types for properties
-	type $1_xproperty_t, xproperty_type;
-	ubac_constrained($1_xproperty_t)
-
-	# Types for events
-	type $1_input_xevent_t, input_xevent_type, xevent_type;
-	ubac_constrained($1_input_xevent_t)
-')
-
-#######################################
-## <summary>
-##	Interface to provide X object permissions on a given X server to
-##	an X client domain.  Provides the minimal set required by a basic
-##	X client application.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	The prefix of the X client domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	Client domain allowed access.
-##	</summary>
-## </param>
-## <param name="tmpfs_type">
-##	<summary>
-##	The type of the domain SYSV tmpfs files.
-##	</summary>
-## </param>
-#
-template(`xserver_user_x_domain_template',`
-	gen_require(`
-		type xdm_t, xdm_tmp_t, xserver_tmpfs_t;
-		type xauth_home_t, iceauth_home_t, xserver_t;
-	')
-
-	allow $2 self:shm create_shm_perms;
-	allow $2 self:unix_dgram_socket create_socket_perms;
-	allow $2 self:unix_stream_socket { connectto create_stream_socket_perms };
-
-	# Read .Xauthority file
-	allow $2 xauth_home_t:file read_file_perms;
-	allow $2 iceauth_home_t:file read_file_perms;
-
-	# for when /tmp/.X11-unix is created by the system
-	allow $2 xdm_t:fd use;
-	allow $2 xdm_t:fifo_file rw_inherited_fifo_file_perms;
-	allow $2 xdm_tmp_t:dir search_dir_perms;
-	allow $2 xdm_tmp_t:sock_file rw_inherited_sock_file_perms;
-	dontaudit $2 xdm_t:tcp_socket { read write };
-
-	# Allow connections to X server.
-	files_search_tmp($2)
-
-	miscfiles_read_fonts($2)
-
-	userdom_search_user_home_dirs($2)
-	# for .xsession-errors
-	userdom_dontaudit_write_user_home_content_files($2)
-
-	xserver_ro_session($2, $3)
-	xserver_use_user_fonts($2)
-
-	xserver_read_xdm_tmp_files($2)
-	xserver_read_xdm_pid($2)
-
-	# X object manager
-	xserver_object_types_template($1)
-	xserver_common_x_domain_template($1, $2)
-
-	# Client write xserver shm
-	tunable_policy(`allow_write_xshm',`
-		allow $2 xserver_t:shm rw_shm_perms;
-		allow $2 xserver_tmpfs_t:file rw_file_perms;
-	')
-
-	tunable_policy(`user_direct_dri',`
-		dev_rw_dri($2)
-	')
-')
-
-########################################
-## <summary>
-##	Read user fonts, user font configuration,
-##	and manage the user font cache.
-## </summary>
-## <desc>
-##	<p>
-##	Read user fonts, user font configuration,
-##	and manage the user font cache.
-##	</p>
-##	<p>
-##	This is a templated interface, and should only
-##	be called from a per-userdomain template.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_use_user_fonts',`
-	gen_require(`
-		type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
-	')
-
-	# Read per user fonts
-	allow $1 user_fonts_t:dir list_dir_perms;
-	allow $1 user_fonts_t:file read_file_perms;
-	allow $1 user_fonts_t:lnk_file read_lnk_file_perms;
-
-	# Manipulate the global font cache
-	manage_dirs_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
-	manage_files_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
-
-	# Read per user font config
-	allow $1 user_fonts_config_t:dir list_dir_perms;
-	allow $1 user_fonts_config_t:file read_file_perms;
-
-	userdom_search_user_home_dirs($1)
-')
-
-########################################
-## <summary>
-##	Transition to the Xauthority domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`xserver_domtrans_xauth',`
-	gen_require(`
-		type xauth_t, xauth_exec_t;
-	')
-
-	domtrans_pattern($1, xauth_exec_t, xauth_t)
-
-	ifdef(`hide_broken_symptoms',`
-		dontaudit xauth_t $1:socket_class_set { read write };
-	')
-')
-
-########################################
-## <summary>
-##	Dontaudit exec of Xauthority program.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_dontaudit_exec_xauth',`
-	gen_require(`
-		type xauth_exec_t;
-	')
-
-	dontaudit $1 xauth_exec_t:file execute;
-')
-
-########################################
-## <summary>
-##	Create a Xauthority file in the user home directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_user_home_dir_filetrans_user_xauth',`
-	gen_require(`
-		type xauth_home_t;
-	')
-
-	userdom_user_home_dir_filetrans($1, xauth_home_t, file)
-')
-
-########################################
-## <summary>
-##	Read all users fonts, user font configurations,
-##	and manage all users font caches.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_use_all_users_fonts',`
-	refpolicywarn(`$0() has been deprecated, please use xserver_use_user_fonts.')
-	xserver_use_user_fonts($1)
-')
-
-########################################
-## <summary>
-##	Read all users .Xauthority.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_read_user_xauth',`
-	gen_require(`
-		type xauth_home_t;
-	')
-
-	allow $1 xauth_home_t:file read_file_perms;
-	userdom_search_user_home_dirs($1)
-	xserver_read_xdm_pid($1)
-')
-
-########################################
-## <summary>
-##	Set the attributes of the X windows console named pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_setattr_console_pipes',`
-	gen_require(`
-		type xconsole_device_t;
-	')
-
-	allow $1 xconsole_device_t:fifo_file setattr_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write the X windows console named pipe.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_rw_console',`
-	gen_require(`
-		type xconsole_device_t;
-	')
-
-	allow $1 xconsole_device_t:fifo_file rw_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Use file descriptors for xdm.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_use_xdm_fds',`
-	gen_require(`
-		type xdm_t;
-	')
-
-	allow $1 xdm_t:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to inherit
-##	XDM file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`xserver_dontaudit_use_xdm_fds',`
-	gen_require(`
-		type xdm_t;
-	')
-
-	dontaudit $1 xdm_t:fd use;
-')
-
-########################################
-## <summary>
-##	Read and write XDM unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_rw_xdm_pipes',`
-	gen_require(`
-		type xdm_t;
-	')
-
-	allow $1 xdm_t:fifo_file rw_inherited_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write
-##	XDM unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`xserver_dontaudit_rw_xdm_pipes',`
-	gen_require(`
-		type xdm_t;
-	')
-
-	dontaudit $1 xdm_t:fifo_file rw_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Connect to XDM over a unix domain
-##	stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_stream_connect_xdm',`
-	gen_require(`
-		type xdm_t, xdm_tmp_t, xdm_var_run_t;
-	')
-
-	files_search_tmp($1)
-	files_search_pids($1)
-	stream_connect_pattern($1, { xdm_tmp_t xdm_var_run_t }, { xdm_tmp_t xdm_var_run_t }, xdm_t)
-')
-
-########################################
-## <summary>
-##	Read xdm-writable configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_read_xdm_rw_config',`
-	gen_require(`
-		type xdm_rw_etc_t;
-	')
-
-	files_search_etc($1)
-	allow $1 xdm_rw_etc_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Set the attributes of XDM temporary directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_setattr_xdm_tmp_dirs',`
-	gen_require(`
-		type xdm_tmp_t;
-	')
-
-	allow $1 xdm_tmp_t:dir setattr_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create a named socket in a XDM
-##	temporary directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_create_xdm_tmp_sockets',`
-	gen_require(`
-		type xdm_tmp_t;
-	')
-
-	files_search_tmp($1)
-	allow $1 xdm_tmp_t:dir list_dir_perms;
-	create_sock_files_pattern($1, xdm_tmp_t, xdm_tmp_t)
-')
-
-########################################
-## <summary>
-##	Read XDM pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_read_xdm_pid',`
-	gen_require(`
-		type xdm_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, xdm_var_run_t, xdm_var_run_t)
-')
-
-########################################
-## <summary>
-##	Read XDM var lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_read_xdm_lib_files',`
-	gen_require(`
-		type xdm_var_lib_t;
-	')
-
-	allow $1 xdm_var_lib_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Make an X session script an entrypoint for the specified domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The domain for which the shell is an entrypoint.
-##	</summary>
-## </param>
-#
-interface(`xserver_xsession_entry_type',`
-	gen_require(`
-		type xsession_exec_t;
-	')
-
-	domain_entry_file($1, xsession_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute an X session in the target domain.  This
-##	is an explicit transition, requiring the
-##	caller to use setexeccon().
-## </summary>
-## <desc>
-##	<p>
-##	Execute an Xsession in the target domain.  This
-##	is an explicit transition, requiring the
-##	caller to use setexeccon().
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the shell process.
-##	</summary>
-## </param>
-#
-interface(`xserver_xsession_spec_domtrans',`
-	gen_require(`
-		type xsession_exec_t;
-	')
-
-	domain_trans($1, xsession_exec_t, $2)
-')
-
-########################################
-## <summary>
-##	Get the attributes of X server logs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_getattr_log',`
-	gen_require(`
-		type xserver_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 xserver_log_t:file getattr_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write the X server
-##	log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`xserver_dontaudit_write_log',`
-	gen_require(`
-		type xserver_log_t;
-	')
-
-	dontaudit $1 xserver_log_t:file rw_inherited_file_perms;
-')
-
-########################################
-## <summary>
-##	Delete X server log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_delete_log',`
-	gen_require(`
-		type xserver_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 xserver_log_t:dir list_dir_perms;
-	delete_files_pattern($1, xserver_log_t, xserver_log_t)
-	delete_fifo_files_pattern($1, xserver_log_t, xserver_log_t)
-')
-
-########################################
-## <summary>
-##	Read X keyboard extension libraries.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_read_xkb_libs',`
-	gen_require(`
-		type xkb_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 xkb_var_lib_t:dir list_dir_perms;
-	read_files_pattern($1, xkb_var_lib_t, xkb_var_lib_t)
-	read_lnk_files_pattern($1, xkb_var_lib_t, xkb_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Read xdm config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit
-##	</summary>
-## </param>
-#
-interface(`xserver_read_xdm_etc_files',`
-	gen_require(`
-		type xdm_etc_t;
-	')
-
-	files_search_etc($1)
-	read_files_pattern($1, xdm_etc_t, xdm_etc_t)
-	read_lnk_files_pattern($1, xdm_etc_t, xdm_etc_t)
-')
-
-########################################
-## <summary>
-##	Manage xdm config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit
-##	</summary>
-## </param>
-#
-interface(`xserver_manage_xdm_etc_files',`
-	gen_require(`
-		type xdm_etc_t;
-	')
-
-	files_search_etc($1)
-	manage_files_pattern($1, xdm_etc_t, xdm_etc_t)
-')
-
-########################################
-## <summary>
-##	Read xdm temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_read_xdm_tmp_files',`
-	gen_require(`
-		type xdm_tmp_t;
-	')
-
-	files_search_tmp($1)
-	read_files_pattern($1, xdm_tmp_t, xdm_tmp_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read xdm temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`xserver_dontaudit_read_xdm_tmp_files',`
-	gen_require(`
-		type xdm_tmp_t;
-	')
-
-	dontaudit $1 xdm_tmp_t:dir search_dir_perms;
-	dontaudit $1 xdm_tmp_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Read write xdm temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_rw_xdm_tmp_files',`
-	gen_require(`
-		type xdm_tmp_t;
-	')
-
-	allow $1 xdm_tmp_t:dir search_dir_perms;
-	allow $1 xdm_tmp_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete xdm temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_manage_xdm_tmp_files',`
-	gen_require(`
-		type xdm_tmp_t;
-	')
-
-	manage_files_pattern($1, xdm_tmp_t, xdm_tmp_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes of
-##	xdm temporary named sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`xserver_dontaudit_getattr_xdm_tmp_sockets',`
-	gen_require(`
-		type xdm_tmp_t;
-	')
-
-	dontaudit $1 xdm_tmp_t:sock_file getattr_sock_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute the X server in the X server domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`xserver_domtrans',`
-	gen_require(`
-		type xserver_t, xserver_exec_t;
-	')
-
-	allow $1 xserver_t:process siginh;
-	domtrans_pattern($1, xserver_exec_t, xserver_t)
-
-	allow xserver_t $1:process getpgid;
-')
-
-########################################
-## <summary>
-##	Signal X servers
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_signal',`
-	gen_require(`
-		type xserver_t;
-	')
-
-	allow $1 xserver_t:process signal;
-')
-
-########################################
-## <summary>
-##	Kill X servers
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_kill',`
-	gen_require(`
-		type xserver_t;
-	')
-
-	allow $1 xserver_t:process sigkill;
-')
-
-########################################
-## <summary>
-##	Read and write X server Sys V Shared
-##	memory segments.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_rw_shm',`
-	gen_require(`
-		type xserver_t;
-	')
-
-	allow $1 xserver_t:shm rw_shm_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write to
-##	X server sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`xserver_dontaudit_rw_tcp_sockets',`
-	gen_require(`
-		type xserver_t;
-	')
-
-	dontaudit $1 xserver_t:tcp_socket { read write };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write X server
-##	unix domain stream sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`xserver_dontaudit_rw_stream_sockets',`
-	gen_require(`
-		type xserver_t;
-	')
-
-	dontaudit $1 xserver_t:unix_stream_socket { read write };
-')
-
-########################################
-## <summary>
-##	Connect to the X server over a unix domain
-##	stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_stream_connect',`
-	gen_require(`
-		type xserver_t, xserver_tmp_t;
-	')
-
-	files_search_tmp($1)
-	stream_connect_pattern($1, xserver_tmp_t, xserver_tmp_t, xserver_t)
-	allow xserver_t $1:shm rw_shm_perms;
-')
-
-########################################
-## <summary>
-##	Read X server temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_read_tmp_files',`
-	gen_require(`
-		type xserver_tmp_t;
-	')
-
-	allow $1 xserver_tmp_t:file read_file_perms;
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	Interface to provide X object permissions on a given X server to
-##	an X client domain.  Gives the domain permission to read the
-##	virtual core keyboard and virtual core pointer devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_manage_core_devices',`
-	gen_require(`
-		type xserver_t, root_xdrawable_t;
-		class x_device all_x_device_perms;
-		class x_pointer all_x_pointer_perms;
-		class x_keyboard all_x_keyboard_perms;
-		class x_screen all_x_screen_perms;
-		class x_drawable { manage };
-		attribute x_domain;
-		class x_drawable { read manage setattr show };
-		class x_resource { write read };
-	')
-
-	allow $1 xserver_t:{ x_device x_pointer x_keyboard } *;
-	allow $1 xserver_t:{ x_screen } setattr;
-	
-	allow $1 x_domain:x_drawable { read manage setattr show };
-	allow $1 x_domain:x_resource { write read };
-	allow $1 root_xdrawable_t:x_drawable { manage read };
-')
-
-########################################
-## <summary>
-##	Interface to provide X object permissions on a given X server to
-##	an X client domain.  Gives the domain complete control over the
-##	display.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_unconfined',`
-	gen_require(`
-		attribute x_domain, xserver_unconfined_type;
-	')
-
-	typeattribute $1 x_domain;
-	typeattribute $1 xserver_unconfined_type;
-')
-
-########################################
-## <summary>
-##	Dontaudit append to .xsession-errors file
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit
-##	</summary>
-## </param>
-#
-interface(`xserver_dontaudit_append_xdm_home_files',`
-	gen_require(`
-		type xdm_home_t, xserver_tmp_t;
-	')
-
-	dontaudit $1 xdm_home_t:file rw_inherited_file_perms;
-	dontaudit $1 xserver_tmp_t:file rw_inherited_file_perms;
-
-	tunable_policy(`use_nfs_home_dirs',`
-		fs_dontaudit_rw_nfs_files($1)
-	')
-
-	tunable_policy(`use_samba_home_dirs',`
-		fs_dontaudit_rw_cifs_files($1)
-	')
-')
-
-########################################
-## <summary>
-##	append to .xsession-errors file
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit
-##	</summary>
-## </param>
-#
-interface(`xserver_append_xdm_home_files',`
-	gen_require(`
-		type xdm_home_t, xserver_tmp_t;
-	')
-
-	allow $1 xdm_home_t:file append_file_perms;
-	allow $1 xserver_tmp_t:file append_file_perms;
-
-	tunable_policy(`use_nfs_home_dirs',`
-		fs_append_nfs_files($1)
-	')
-
-	tunable_policy(`use_samba_home_dirs',`
-		fs_append_cifs_files($1)
-	')
-')
-
-########################################
-## <summary>
-##	Manage the xdm_spool files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_xdm_manage_spool',`
-	gen_require(`
-		type xdm_spool_t;
-	')
-
-	files_search_spool($1)
-	manage_files_pattern($1, xdm_spool_t, xdm_spool_t)
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	xdm over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_dbus_chat_xdm',`
-	gen_require(`
-		type xdm_t;
-		class dbus send_msg;
-	')
-
-	allow $1 xdm_t:dbus send_msg;
-	allow xdm_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Read xserver files created in /var/run
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_read_pid',`
-	gen_require(`
-		type xserver_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, xserver_var_run_t, xserver_var_run_t)
-')
-
-########################################
-## <summary>
-##	Execute xserver files created in /var/run
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_exec_pid',`
-	gen_require(`
-		type xserver_var_run_t;
-	')
-
-	files_search_pids($1)
-	exec_files_pattern($1, xserver_var_run_t, xserver_var_run_t)
-')
-
-########################################
-## <summary>
-##	Write xserver files created in /var/run
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_write_pid',`
-	gen_require(`
-		type xserver_var_run_t;
-	')
-
-	files_search_pids($1)
-	write_files_pattern($1, xserver_var_run_t, xserver_var_run_t)
-')
-
-########################################
-## <summary>
-##	Allow append the xdm
-##	log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit
-##	</summary>
-## </param>
-#
-interface(`xserver_xdm_append_log',`
-	gen_require(`
-		type xdm_log_t;
-		attribute xdmhomewriter;
-	')
-
-	typeattribute $1 xdmhomewriter;
-	append_files_pattern($1, xdm_log_t, xdm_log_t)
-')
-
-########################################
-## <summary>
-##	Read a user Iceauthority domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_read_user_iceauth',`
-	gen_require(`
-		type iceauth_home_t;
-	')
-
-	# Read .Iceauthority file
-	allow $1 iceauth_home_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Read/write inherited user homedir fonts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_rw_inherited_user_fonts',`
-	gen_require(`
-		type user_fonts_t, user_fonts_config_t;
-	')
-
-	allow $1 user_fonts_t:file rw_inherited_file_perms;
-	allow $1 user_fonts_t:file read_lnk_file_perms;
-
-	allow $1 user_fonts_config_t:file rw_inherited_file_perms;
-')
-
-########################################
-## <summary>
-##	Search XDM var lib dirs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xserver_search_xdm_lib',`
-	gen_require(`
-		type xdm_var_lib_t;
-	')
-
-	allow $1 xdm_var_lib_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Make an X executable an entrypoint for the specified domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The domain for which the shell is an entrypoint.
-##	</summary>
-## </param>
-#
-interface(`xserver_entry_type',`
-	gen_require(`
-		type xserver_exec_t;
-	')
-
-	domain_entry_file($1, xserver_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute xsever in the xserver domain, and
-##	allow the specified role the xserver domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed the xserver domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`xserver_run',`
-	gen_require(`
-		type xserver_t;
-	')
-
-	xserver_domtrans($1)
-	role $2 types xserver_t;
-')
-
-########################################
-## <summary>
-##	Execute xsever in the xserver domain, and
-##	allow the specified role the xserver domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed the xserver domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`xserver_run_xauth',`
-	gen_require(`
-		type xauth_t;
-	')
-
-	xserver_domtrans_xauth($1)
-	role $2 types xauth_t;
-')
-
-########################################
-## <summary>
-##	Read user homedir fonts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`xserver_read_home_fonts',`
-	gen_require(`
-		type user_fonts_t, user_fonts_config_t;
-	')
-
-	list_dirs_pattern($1, user_fonts_t, user_fonts_t)
-	read_files_pattern($1, user_fonts_t, user_fonts_t)
-	read_lnk_files_pattern($1, user_fonts_t, user_fonts_t)
-
-	read_files_pattern($1, user_fonts_config_t, user_fonts_config_t)
-')
-
-########################################
-## <summary>
-##	Manage user homedir fonts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`xserver_manage_home_fonts',`
-	gen_require(`
-		type user_fonts_t, user_fonts_config_t;
-	')
-
-	manage_dirs_pattern($1, user_fonts_t, user_fonts_t)
-	manage_files_pattern($1, user_fonts_t, user_fonts_t)
-	manage_lnk_files_pattern($1, user_fonts_t, user_fonts_t)
-
-	manage_files_pattern($1, user_fonts_config_t, user_fonts_config_t)
-')
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
deleted file mode 100644
index edd7260..0000000
--- a/policy/modules/services/xserver.te
+++ /dev/null
@@ -1,1370 +0,0 @@
-policy_module(xserver, 3.4.2)
-
-gen_require(`
-	class x_drawable all_x_drawable_perms;
-	class x_screen all_x_screen_perms;
-	class x_gc all_x_gc_perms;
-	class x_font all_x_font_perms;
-	class x_colormap all_x_colormap_perms;
-	class x_property all_x_property_perms;
-	class x_selection all_x_selection_perms;
-	class x_cursor all_x_cursor_perms;
-	class x_client all_x_client_perms;
-	class x_device all_x_device_perms;
-	class x_pointer all_x_pointer_perms;
-	class x_keyboard all_x_keyboard_perms;
-	class x_server all_x_server_perms;
-	class x_extension all_x_extension_perms;
-	class x_resource all_x_resource_perms;
-	class x_event all_x_event_perms;
-	class x_synthetic_event all_x_synthetic_event_perms;
-')
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allows clients to write to the X server shared
-##	memory segments.
-##	</p>
-## </desc>
-gen_tunable(allow_write_xshm, false)
-
-## <desc>
-##	<p>
-##	Allows XServer to execute writable memory
-##	</p>
-## </desc>
-gen_tunable(allow_xserver_execmem, false)
-
-## <desc>
-##	<p>
-##	Allow xdm logins as sysadm
-##	</p>
-## </desc>
-gen_tunable(xdm_sysadm_login, false)
-
-## <desc>
-##	<p>
-##	Support X userspace object manager
-##	</p>
-## </desc>
-gen_tunable(xserver_object_manager, false)
-
-## <desc>
-##	<p>
-##	Allow regular users direct dri device access
-##	</p>
-## </desc>
-gen_tunable(user_direct_dri, false)
-
-attribute xdmhomewriter;
-attribute x_userdomain;
-attribute x_domain;
-
-# X Events
-attribute xevent_type;
-attribute input_xevent_type;
-type xevent_t, xevent_type;
-typealias xevent_t alias { user_property_xevent_t staff_property_xevent_t sysadm_property_xevent_t };
-typealias xevent_t alias { auditadm_property_xevent_t secadm_property_xevent_t };
-typealias xevent_t alias { user_focus_xevent_t staff_focus_xevent_t sysadm_focus_xevent_t };
-typealias xevent_t alias { auditadm_focus_xevent_t secadm_focus_xevent_t };
-typealias xevent_t alias { user_manage_xevent_t staff_manage_xevent_t sysadm_manage_xevent_t };
-typealias xevent_t alias { auditadm_manage_xevent_t secadm_manage_xevent_t };
-typealias xevent_t alias { user_default_xevent_t staff_default_xevent_t sysadm_default_xevent_t };
-typealias xevent_t alias { auditadm_default_xevent_t secadm_default_xevent_t };
-
-type client_xevent_t, xevent_type;
-typealias client_xevent_t alias { user_client_xevent_t staff_client_xevent_t sysadm_client_xevent_t };
-typealias client_xevent_t alias { auditadm_client_xevent_t secadm_client_xevent_t };
-
-type input_xevent_t, xevent_type, input_xevent_type;
-
-# X Extensions
-attribute xextension_type;
-type xextension_t, xextension_type;
-type security_xextension_t, xextension_type;
-
-# X Properties
-attribute xproperty_type;
-type xproperty_t, xproperty_type;
-type seclabel_xproperty_t, xproperty_type;
-type clipboard_xproperty_t, xproperty_type;
-
-# X Selections
-attribute xselection_type;
-type xselection_t, xselection_type;
-type clipboard_xselection_t, xselection_type;
-#type settings_xselection_t, xselection_type;
-#type dbus_xselection_t, xselection_type;
-
-# X Drawables
-attribute xdrawable_type;
-attribute xcolormap_type;
-type root_xdrawable_t, xdrawable_type;
-type root_xcolormap_t, xcolormap_type;
-
-attribute xserver_unconfined_type;
-
-xserver_object_types_template(root)
-xserver_object_types_template(user)
-
-typealias user_xproperty_t alias { staff_xproperty_t sysadm_xproperty_t };
-typealias user_xproperty_t alias { auditadm_xproperty_t secadm_xproperty_t };
-typealias user_input_xevent_t alias { staff_input_xevent_t sysadm_input_xevent_t };
-typealias user_input_xevent_t alias { auditadm_input_xevent_t secadm_input_xevent_t };
-
-type remote_t;
-xserver_object_types_template(remote)
-xserver_common_x_domain_template(remote, remote_t)
-
-type user_fonts_t;
-typealias user_fonts_t alias { staff_fonts_t sysadm_fonts_t };
-typealias user_fonts_t alias { auditadm_fonts_t secadm_fonts_t };
-typealias user_fonts_t alias { xguest_fonts_t unconfined_fonts_t user_fonts_home_t };
-userdom_user_home_content(user_fonts_t)
-
-type user_fonts_cache_t;
-typealias user_fonts_cache_t alias { staff_fonts_cache_t sysadm_fonts_cache_t };
-typealias user_fonts_cache_t alias { auditadm_fonts_cache_t secadm_fonts_cache_t };
-typealias user_fonts_cache_t alias { xguest_fonts_cache_t unconfined_fonts_cache_t };
-userdom_user_home_content(user_fonts_cache_t)
-
-type user_fonts_config_t;
-typealias user_fonts_config_t alias { staff_fonts_config_t sysadm_fonts_config_t };
-typealias user_fonts_config_t alias { auditadm_fonts_config_t secadm_fonts_config_t };
-typealias user_fonts_config_t alias { fonts_config_home_t xguest_fonts_config_t unconfined_fonts_config_t };
-userdom_user_home_content(user_fonts_config_t)
-
-type iceauth_t;
-type iceauth_exec_t;
-typealias iceauth_t alias { user_iceauth_t staff_iceauth_t sysadm_iceauth_t };
-typealias iceauth_t alias { xguest_iceauth_t };
-typealias iceauth_t alias { auditadm_iceauth_t secadm_iceauth_t };
-application_domain(iceauth_t, iceauth_exec_t)
-ubac_constrained(iceauth_t)
-
-type iceauth_home_t;
-typealias iceauth_home_t alias { user_iceauth_home_t staff_iceauth_home_t sysadm_iceauth_home_t };
-typealias iceauth_home_t alias { auditadm_iceauth_home_t secadm_iceauth_home_t };
-typealias iceauth_home_t alias { xguest_iceauth_home_t };
-userdom_user_home_content(iceauth_home_t)
-
-type xauth_t;
-type xauth_exec_t;
-typealias xauth_t alias { user_xauth_t staff_xauth_t sysadm_xauth_t };
-typealias xauth_t alias { auditadm_xauth_t secadm_xauth_t };
-typealias xauth_t alias { xguest_xauth_t unconfined_xauth_t };
-application_domain(xauth_t, xauth_exec_t)
-ubac_constrained(xauth_t)
-
-type xauth_home_t;
-typealias xauth_home_t alias { user_xauth_home_t staff_xauth_home_t sysadm_xauth_home_t };
-typealias xauth_home_t alias { auditadm_xauth_home_t secadm_xauth_home_t };
-typealias xauth_home_t alias { xguest_xauth_home_t unconfined_xauth_home_t };
-userdom_user_home_content(xauth_home_t)
-
-type xauth_tmp_t;
-typealias xauth_tmp_t alias { user_xauth_tmp_t staff_xauth_tmp_t sysadm_xauth_tmp_t };
-typealias xauth_tmp_t alias { xguest_xauth_tmp_t unconfined_xauth_tmp_t };
-typealias xauth_tmp_t alias { auditadm_xauth_tmp_t secadm_xauth_tmp_t };
-files_tmp_file(xauth_tmp_t)
-ubac_constrained(xauth_tmp_t)
-
-# this is not actually a device, its a pipe
-type xconsole_device_t;
-files_type(xconsole_device_t)
-fs_associate_tmpfs(xconsole_device_t)
-files_associate_tmp(xconsole_device_t)
-
-type xdm_t;
-type xdm_exec_t;
-auth_login_pgm_domain(xdm_t)
-init_domain(xdm_t, xdm_exec_t)
-init_system_domain(xdm_t, xdm_exec_t)
-xserver_object_types_template(xdm)
-xserver_common_x_domain_template(xdm, xdm_t)
-
-type xdm_lock_t;
-files_lock_file(xdm_lock_t)
-
-type xdm_etc_t;
-files_config_file(xdm_etc_t)
-
-type xdm_rw_etc_t;
-files_config_file(xdm_rw_etc_t)
-
-type xdm_spool_t;
-files_type(xdm_spool_t)
-
-type xdm_var_lib_t;
-files_type(xdm_var_lib_t)
-
-type xdm_var_run_t;
-files_pid_file(xdm_var_run_t)
-
-type xserver_var_lib_t;
-files_type(xserver_var_lib_t)
-
-type xserver_var_run_t;
-files_pid_file(xserver_var_run_t)
-
-type xdm_tmp_t;
-files_tmp_file(xdm_tmp_t)
-typealias xdm_tmp_t alias { xserver_tmp_t user_xserver_tmp_t staff_xserver_tmp_t sysadm_xserver_tmp_t ice_tmp_t };
-typealias xdm_tmp_t alias { auditadm_xserver_tmp_t secadm_xserver_tmp_t xdm_xserver_tmp_t };
-ubac_constrained(xdm_tmp_t)
-
-type xdm_tmpfs_t;
-files_tmpfs_file(xdm_tmpfs_t)
-
-type xdm_home_t;
-userdom_user_home_content(xdm_home_t)
-
-type xdm_log_t;
-logging_log_file(xdm_log_t)
-
-# type for /var/lib/xkb
-type xkb_var_lib_t;
-files_type(xkb_var_lib_t)
-
-# Type for the executable used to start the X server, e.g. Xwrapper.
-type xserver_t;
-type xserver_exec_t;
-typealias xserver_t alias { user_xserver_t staff_xserver_t sysadm_xserver_t };
-typealias xserver_t alias { auditadm_xserver_t secadm_xserver_t xdm_xserver_t };
-init_system_domain(xserver_t, xserver_exec_t)
-ubac_constrained(xserver_t)
-
-type xserver_tmpfs_t;
-typealias xserver_tmpfs_t alias { user_xserver_tmpfs_t staff_xserver_tmpfs_t sysadm_xserver_tmpfs_t xguest_xserver_tmpfs_t unconfined_xserver_tmpfs_t xdm_xserver_tmpfs_t };
-typealias xserver_tmpfs_t alias { auditadm_xserver_tmpfs_t secadm_xserver_tmpfs_t };
-files_tmpfs_file(xserver_tmpfs_t)
-ubac_constrained(xserver_tmpfs_t)
-
-type xsession_exec_t;
-corecmd_executable_file(xsession_exec_t)
-
-# Type for the X server log file.
-type xserver_log_t;
-logging_log_file(xserver_log_t)
-
-ifdef(`enable_mcs',`
-	init_ranged_domain(xdm_t, xdm_exec_t, s0 - mcs_systemhigh)
-	init_ranged_daemon_domain(xdm_t, xdm_exec_t, s0 - mcs_systemhigh)
-')
-
-optional_policy(`
-	prelink_object_file(xkb_var_lib_t)
-')
-
-########################################
-#
-# Iceauth local policy
-#
-
-allow iceauth_t iceauth_home_t:file manage_file_perms;
-userdom_user_home_dir_filetrans(iceauth_t, iceauth_home_t, file)
-
-allow xdm_t iceauth_home_t:file read_file_perms;
-
-dev_read_rand(iceauth_t)
-
-fs_search_auto_mountpoints(iceauth_t)
-
-userdom_use_user_terminals(iceauth_t)
-userdom_read_user_tmp_files(iceauth_t)
-userdom_read_all_users_state(iceauth_t)
-
-tunable_policy(`use_fusefs_home_dirs',`
-	fs_manage_fusefs_files(iceauth_t)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_files(iceauth_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_files(iceauth_t)
-')
-
-ifdef(`hide_broken_symptoms',`
-	dev_dontaudit_read_urand(iceauth_t)
-	dev_dontaudit_rw_dri(iceauth_t)
-	dev_dontaudit_rw_generic_dev_nodes(iceauth_t)
-	fs_dontaudit_list_inotifyfs(iceauth_t)
-	fs_dontaudit_rw_anon_inodefs_files(iceauth_t)
-	term_dontaudit_use_unallocated_ttys(iceauth_t)
-
-	userdom_dontaudit_read_user_home_content_files(iceauth_t)
-	userdom_dontaudit_write_user_home_content_files(iceauth_t)
-	userdom_dontaudit_write_user_tmp_files(iceauth_t)
-
-	optional_policy(`
-		mozilla_dontaudit_rw_user_home_files(iceauth_t)
-	')
-')
-
-########################################
-#
-# Xauth local policy
-#
-
-allow xauth_t self:capability dac_override;
-allow xauth_t self:process signal;
-allow xauth_t self:unix_stream_socket create_stream_socket_perms;
-
-allow xauth_t xdm_t:process sigchld;
-allow xauth_t xserver_t:unix_stream_socket connectto;
-
-corenet_tcp_connect_xserver_port(xauth_t)
-
-allow xauth_t xauth_home_t:file manage_file_perms;
-userdom_user_home_dir_filetrans(xauth_t, xauth_home_t, file)
-userdom_admin_home_dir_filetrans(xauth_t, xauth_home_t, file)
-
-manage_dirs_pattern(xauth_t, xdm_var_run_t, xdm_var_run_t)
-manage_files_pattern(xauth_t, xdm_var_run_t, xdm_var_run_t)
-
-manage_dirs_pattern(xauth_t, xauth_tmp_t, xauth_tmp_t)
-manage_files_pattern(xauth_t, xauth_tmp_t, xauth_tmp_t)
-files_tmp_filetrans(xauth_t, xauth_tmp_t, { file dir })
-
-stream_connect_pattern(xauth_t, xserver_tmp_t, xserver_tmp_t, xserver_t)
-
-kernel_read_system_state(xauth_t)
-
-domain_use_interactive_fds(xauth_t)
-domain_dontaudit_leaks(xauth_t)
-
-files_read_etc_files(xauth_t)
-files_read_usr_files(xauth_t)
-files_search_pids(xauth_t)
-files_dontaudit_getattr_all_dirs(xauth_t)
-files_dontaudit_leaks(xauth_t)
-files_var_lib_filetrans(xauth_t, xauth_home_t, file)
-
-fs_dontaudit_leaks(xauth_t)
-fs_getattr_all_fs(xauth_t)
-fs_search_auto_mountpoints(xauth_t)
-
-# Probably a leak
-term_dontaudit_use_ptmx(xauth_t)
-term_dontaudit_use_console(xauth_t)
-
-auth_use_nsswitch(xauth_t)
-
-userdom_use_user_terminals(xauth_t)
-userdom_read_user_tmp_files(xauth_t)
-userdom_read_all_users_state(xauth_t)
-
-xserver_rw_xdm_tmp_files(xauth_t)
-
-ifdef(`hide_broken_symptoms',`
-	fs_dontaudit_rw_anon_inodefs_files(xauth_t)
-	fs_dontaudit_list_inotifyfs(xauth_t)
-	userdom_manage_user_home_content_files(xauth_t)
-	userdom_manage_user_tmp_files(xauth_t)
-	dev_dontaudit_rw_generic_dev_nodes(xauth_t)
-	miscfiles_read_fonts(xauth_t)
-')
-
-tunable_policy(`use_fusefs_home_dirs',`
-	fs_manage_fusefs_files(xauth_t)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_files(xauth_t)
-	fs_read_nfs_symlinks(xauth_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_files(xauth_t)
-')
-
-ifdef(`hide_broken_symptoms',`
-	term_dontaudit_use_unallocated_ttys(xauth_t)
-	dev_dontaudit_rw_dri(xauth_t)
-')
-
-optional_policy(`
-	nx_var_lib_filetrans(xauth_t, xauth_home_t, file)
-')
-
-optional_policy(`
-	ssh_sigchld(xauth_t)
-	ssh_read_pipes(xauth_t)
-	ssh_dontaudit_rw_tcp_sockets(xauth_t)
-')
-
-########################################
-#
-# XDM Local policy
-#
-
-allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service sys_ptrace };
-allow xdm_t self:process { setexec setpgid getattr getcap setcap getsched setsched setrlimit signal_perms setkeycreate ptrace };
-allow xdm_t self:fifo_file rw_fifo_file_perms;
-allow xdm_t self:shm create_shm_perms;
-allow xdm_t self:sem create_sem_perms;
-allow xdm_t self:unix_stream_socket { connectto create_stream_socket_perms };
-allow xdm_t self:unix_dgram_socket { create_socket_perms sendto };
-allow xdm_t self:tcp_socket create_stream_socket_perms;
-allow xdm_t self:udp_socket create_socket_perms;
-allow xdm_t self:netlink_kobject_uevent_socket create_socket_perms;
-allow xdm_t self:socket create_socket_perms;
-allow xdm_t self:appletalk_socket create_socket_perms;
-allow xdm_t self:key { search link write };
-
-allow xdm_t xauth_home_t:file manage_file_perms;
-
-allow xdm_t xconsole_device_t:fifo_file { getattr_fifo_file_perms setattr_fifo_file_perms };
-manage_dirs_pattern(xdm_t, xkb_var_lib_t, xkb_var_lib_t)
-manage_files_pattern(xdm_t, xkb_var_lib_t, xkb_var_lib_t)
-
-manage_files_pattern(xdm_t, xdm_home_t, xdm_home_t)
-userdom_user_home_dir_filetrans(xdm_t, xdm_home_t, file)
-#Handle mislabeled files in homedir
-userdom_delete_user_home_content_files(xdm_t)
-userdom_signull_unpriv_users(xdm_t)
-userdom_dontaudit_read_admin_home_lnk_files(xdm_t)
-
-# Allow gdm to run gdm-binary
-can_exec(xdm_t, xdm_exec_t)
-
-allow xdm_t xdm_lock_t:file manage_file_perms;
-files_lock_filetrans(xdm_t, xdm_lock_t, file)
-
-read_lnk_files_pattern(xdm_t, xdm_etc_t, xdm_etc_t)
-read_files_pattern(xdm_t, xdm_etc_t, xdm_etc_t)
-# wdm has its own config dir /etc/X11/wdm
-# this is ugly, daemons should not create files under /etc!
-manage_files_pattern(xdm_t, xdm_rw_etc_t, xdm_rw_etc_t)
-
-manage_dirs_pattern(xdm_t, xdm_tmp_t, xdm_tmp_t)
-manage_files_pattern(xdm_t, xdm_tmp_t, xdm_tmp_t)
-manage_lnk_files_pattern(xdm_t, xdm_tmp_t, xdm_tmp_t)
-manage_sock_files_pattern(xdm_t, xdm_tmp_t, xdm_tmp_t)
-files_tmp_filetrans(xdm_t, xdm_tmp_t, { file dir sock_file lnk_file })
-relabelfrom_dirs_pattern(xdm_t, xdm_tmp_t, xdm_tmp_t)
-relabelfrom_files_pattern(xdm_t, xdm_tmp_t, xdm_tmp_t)
-
-manage_dirs_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
-manage_files_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
-manage_lnk_files_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
-manage_fifo_files_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
-manage_sock_files_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
-
-fs_getattr_all_fs(xdm_t)
-fs_list_inotifyfs(xdm_t)
-fs_read_noxattr_fs_files(xdm_t)
-fs_dontaudit_list_fusefs(xdm_t)
-fs_manage_cgroup_dirs(xdm_t)
-fs_manage_cgroup_files(xdm_t)
-
-manage_files_pattern(xdm_t, user_fonts_t, user_fonts_t)
-
-files_search_spool(xdm_t)
-manage_dirs_pattern(xdm_t, xdm_spool_t, xdm_spool_t)
-manage_files_pattern(xdm_t, xdm_spool_t, xdm_spool_t)
-files_spool_filetrans(xdm_t, xdm_spool_t, { file dir })
-
-manage_dirs_pattern(xdm_t, xdm_var_lib_t, xdm_var_lib_t)
-manage_files_pattern(xdm_t, xdm_var_lib_t, xdm_var_lib_t)
-manage_lnk_files_pattern(xdm_t, xdm_var_lib_t, xdm_var_lib_t)
-manage_sock_files_pattern(xdm_t, xdm_var_lib_t, xdm_var_lib_t)
-files_var_lib_filetrans(xdm_t, xdm_var_lib_t, { file dir })
-# Read machine-id
-files_read_var_lib_files(xdm_t)
-
-manage_dirs_pattern(xdm_t, xdm_var_run_t, xdm_var_run_t)
-manage_files_pattern(xdm_t, xdm_var_run_t, xdm_var_run_t)
-manage_fifo_files_pattern(xdm_t, xdm_var_run_t, xdm_var_run_t)
-manage_sock_files_pattern(xdm_t, xdm_var_run_t, xdm_var_run_t)
-files_pid_filetrans(xdm_t, xdm_var_run_t, { dir file fifo_file sock_file })
-
-allow xdm_t xserver_t:process { signal signull };
-allow xdm_t xserver_t:unix_stream_socket connectto;
-
-allow xdm_t xserver_tmp_t:sock_file rw_sock_file_perms;
-allow xdm_t xserver_tmp_t:dir { setattr_dir_perms list_dir_perms };
-
-# transition to the xdm xserver
-domtrans_pattern(xdm_t, xserver_exec_t, xserver_t)
-
-ps_process_pattern(xserver_t, xdm_t)
-allow xserver_t xdm_t:process signal;
-allow xdm_t xserver_t:process { noatsecure siginh rlimitinh signal sigkill };
-
-allow xdm_t xserver_t:shm rw_shm_perms;
-read_files_pattern(xdm_t, xserver_t, xserver_t)
-
-# connect to xdm xserver over stream socket
-stream_connect_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t, xserver_t)
-
-# Remove /tmp/.X11-unix/X0.
-delete_files_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t)
-delete_sock_files_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t)
-
-manage_dirs_pattern(xdm_t, xdm_log_t, xdm_log_t)
-manage_files_pattern(xdm_t, xdm_log_t, xdm_log_t)
-manage_fifo_files_pattern(xdm_t, xdm_log_t, xdm_log_t)
-logging_log_filetrans(xdm_t, xdm_log_t, { dir file })
-
-manage_dirs_pattern(xdm_t, xserver_log_t, xserver_log_t)
-manage_files_pattern(xdm_t, xserver_log_t, xserver_log_t)
-manage_fifo_files_pattern(xdm_t, xserver_log_t, xserver_log_t)
-
-kernel_read_system_state(xdm_t)
-kernel_read_device_sysctls(xdm_t)
-kernel_read_kernel_sysctls(xdm_t)
-kernel_read_net_sysctls(xdm_t)
-kernel_read_network_state(xdm_t)
-kernel_request_load_module(xdm_t)
-kernel_stream_connect(xdm_t)
-
-corecmd_exec_shell(xdm_t)
-corecmd_exec_bin(xdm_t)
-corecmd_dontaudit_write_bin_files(xdm_t)
-
-corenet_all_recvfrom_unlabeled(xdm_t)
-corenet_all_recvfrom_netlabel(xdm_t)
-corenet_tcp_sendrecv_generic_if(xdm_t)
-corenet_udp_sendrecv_generic_if(xdm_t)
-corenet_tcp_sendrecv_generic_node(xdm_t)
-corenet_udp_sendrecv_generic_node(xdm_t)
-corenet_tcp_sendrecv_all_ports(xdm_t)
-corenet_udp_sendrecv_all_ports(xdm_t)
-corenet_tcp_bind_generic_node(xdm_t)
-corenet_udp_bind_generic_node(xdm_t)
-corenet_udp_bind_ipp_port(xdm_t)
-corenet_udp_bind_xdmcp_port(xdm_t)
-corenet_tcp_connect_all_ports(xdm_t)
-corenet_sendrecv_all_client_packets(xdm_t)
-# xdm tries to bind to biff_port_t
-corenet_dontaudit_tcp_bind_all_ports(xdm_t)
-
-dev_rwx_zero(xdm_t)
-dev_read_rand(xdm_t)
-dev_rw_sysfs(xdm_t)
-dev_getattr_framebuffer_dev(xdm_t)
-dev_setattr_framebuffer_dev(xdm_t)
-dev_getattr_mouse_dev(xdm_t)
-dev_setattr_mouse_dev(xdm_t)
-dev_rw_apm_bios(xdm_t)
-dev_rw_input_dev(xdm_t)
-dev_setattr_apm_bios_dev(xdm_t)
-dev_rw_dri(xdm_t)
-dev_rw_agp(xdm_t)
-dev_getattr_xserver_misc_dev(xdm_t)
-dev_setattr_xserver_misc_dev(xdm_t)
-dev_getattr_misc_dev(xdm_t)
-dev_setattr_misc_dev(xdm_t)
-dev_dontaudit_rw_misc(xdm_t)
-dev_read_video_dev(xdm_t)
-dev_write_video_dev(xdm_t)
-dev_setattr_video_dev(xdm_t)
-dev_getattr_scanner_dev(xdm_t)
-dev_setattr_scanner_dev(xdm_t)
-dev_read_sound(xdm_t)
-dev_write_sound(xdm_t)
-dev_getattr_power_mgmt_dev(xdm_t)
-dev_setattr_power_mgmt_dev(xdm_t)
-dev_getattr_null_dev(xdm_t)
-dev_setattr_null_dev(xdm_t)
-
-domain_use_interactive_fds(xdm_t)
-# Do not audit denied probes of /proc.
-domain_dontaudit_read_all_domains_state(xdm_t)
-domain_dontaudit_ptrace_all_domains(xdm_t)
-domain_dontaudit_signal_all_domains(xdm_t)
-
-files_read_etc_files(xdm_t)
-files_read_var_files(xdm_t)
-files_read_etc_runtime_files(xdm_t)
-files_exec_etc_files(xdm_t)
-files_list_mnt(xdm_t)
-# Read /usr/share/terminfo/l/linux and /usr/share/icons/default/index.theme...
-files_read_usr_files(xdm_t)
-# Poweroff wants to create the /poweroff file when run from xdm
-files_create_boot_flag(xdm_t)
-files_dontaudit_getattr_boot_dirs(xdm_t)
-files_dontaudit_write_usr_files(xdm_t)
-files_dontaudit_getattr_all_dirs(xdm_t)
-files_dontaudit_getattr_all_symlinks(xdm_t)
-
-fs_getattr_all_fs(xdm_t)
-fs_search_auto_mountpoints(xdm_t)
-fs_rw_anon_inodefs_files(xdm_t)
-fs_mount_tmpfs(xdm_t)
-
-mls_socket_write_to_clearance(xdm_t)
-
-storage_dontaudit_read_fixed_disk(xdm_t)
-storage_dontaudit_write_fixed_disk(xdm_t)
-storage_dontaudit_setattr_fixed_disk_dev(xdm_t)
-storage_dontaudit_raw_read_removable_device(xdm_t)
-storage_dontaudit_raw_write_removable_device(xdm_t)
-storage_dontaudit_setattr_removable_dev(xdm_t)
-storage_dontaudit_rw_scsi_generic(xdm_t)
-storage_dontaudit_rw_fuse(xdm_t)
-
-term_setattr_console(xdm_t)
-term_use_console(xdm_t)
-term_use_unallocated_ttys(xdm_t)
-term_setattr_unallocated_ttys(xdm_t)
-term_relabel_all_ttys(xdm_t)
-term_relabel_unallocated_ttys(xdm_t)
-
-auth_domtrans_pam_console(xdm_t)
-auth_manage_pam_pid(xdm_t)
-auth_manage_pam_console_data(xdm_t)
-auth_signal_pam(xdm_t)
-auth_rw_faillog(xdm_t)
-auth_write_login_records(xdm_t)
-
-# Run telinit->init to shutdown.
-init_telinit(xdm_t)
-init_dbus_chat(xdm_t)
-
-libs_exec_lib_files(xdm_t)
-
-logging_read_generic_logs(xdm_t)
-
-miscfiles_search_man_pages(xdm_t)
-miscfiles_read_localization(xdm_t)
-miscfiles_read_fonts(xdm_t)
-miscfiles_manage_fonts_cache(xdm_t)
-miscfiles_manage_localization(xdm_t)
-miscfiles_read_hwdata(xdm_t)
-
-userdom_dontaudit_use_unpriv_user_fds(xdm_t)
-userdom_create_all_users_keys(xdm_t)
-# for .dmrc
-userdom_read_user_home_content_files(xdm_t)
-# Search /proc for any user domain processes.
-userdom_read_all_users_state(xdm_t)
-userdom_signal_all_users(xdm_t)
-userdom_stream_connect(xdm_t)
-userdom_manage_user_tmp_dirs(xdm_t)
-userdom_manage_user_tmp_files(xdm_t)
-userdom_manage_user_tmp_sockets(xdm_t)
-userdom_manage_tmpfs_role(system_r, xdm_t)
-
-application_signal(xdm_t)
-
-xserver_rw_session(xdm_t, xdm_tmpfs_t)
-xserver_unconfined(xdm_t)
-xserver_domtrans_xauth(xdm_t)
-
-ifndef(`distro_redhat',`
-	allow xdm_t self:process { execheap execmem };
-')
-
-ifdef(`distro_rhel4',`
-	allow xdm_t self:process { execheap execmem };
-')
-
-tunable_policy(`use_fusefs_home_dirs',`
-	fs_manage_fusefs_dirs(xdm_t)
-	fs_manage_fusefs_files(xdm_t)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(xdm_t)
-	fs_manage_nfs_files(xdm_t)
-	fs_manage_nfs_symlinks(xdm_t)
-	fs_exec_nfs_files(xdm_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(xdm_t)
-	fs_manage_cifs_files(xdm_t)
-	fs_manage_cifs_symlinks(xdm_t)
-	fs_exec_cifs_files(xdm_t)
-')
-
-tunable_policy(`xdm_sysadm_login',`
-	userdom_xsession_spec_domtrans_all_users(xdm_t)
-	# FIXME:
-#	xserver_rw_session_template(xdm,userdomain)
-',`
-	userdom_xsession_spec_domtrans_unpriv_users(xdm_t)
-	# FIXME:
-#	xserver_rw_session_template(xdm,unpriv_userdomain)
-#	dontaudit xserver_t sysadm_t:shm { unix_read unix_write };
-#	allow xserver_t xdm_tmpfs_t:file rw_file_perms;
-')
-
-optional_policy(`
-	accountsd_read_lib_files(xdm_t)
-')
-
-optional_policy(`
-	alsa_domtrans(xdm_t)
-	alsa_read_rw_config(xdm_t)
-')
-
-optional_policy(`
-	consolekit_dbus_chat(xdm_t)
-	consolekit_read_log(xdm_t)
-')
-
-optional_policy(`
-	consoletype_exec(xdm_t)
-')
-
-optional_policy(`
-	# Use dbus to start other processes as xdm_t
-	dbus_role_template(xdm, system_r, xdm_t)
-
-	dontaudit xdm_dbusd_t xdm_var_lib_t:dir search_dir_perms;
-	xserver_xdm_append_log(xdm_dbusd_t)
-	xserver_read_xdm_pid(xdm_dbusd_t)
-
-	corecmd_bin_entry_type(xdm_t)
-
-	dbus_system_bus_client(xdm_t)
-
-	optional_policy(`
-		bluetooth_dbus_chat(xdm_t)
-	')
-
-	optional_policy(`
-		devicekit_dbus_chat_disk(xdm_t)
-		devicekit_dbus_chat_power(xdm_t)
-	')
-
-	optional_policy(`
-		hal_dbus_chat(xdm_t)
-	')
-
-	optional_policy(`
-		networkmanager_dbus_chat(xdm_t)
-	')
-')
-
-optional_policy(`
-	# Talk to the console mouse server.
-	gpm_stream_connect(xdm_t)
-	gpm_setattr_gpmctl(xdm_t)
-')
-
-optional_policy(`
-	gnome_manage_config(xdm_t)
-	gnome_manage_gconf_home_files(xdm_t)
-	gnome_read_config(xdm_t)
-	gnome_read_gconf_config(xdm_t)
-')
-
-optional_policy(`
-	hostname_exec(xdm_t)
-')
-
-optional_policy(`
-	loadkeys_exec(xdm_t)
-')
-
-optional_policy(`
-	locallogin_signull(xdm_t)
-')
-
-optional_policy(`
-	# Do not audit attempts to check whether user root has email
-	mta_dontaudit_getattr_spool_files(xdm_t)
-')
-
-optional_policy(`
-	policykit_dbus_chat(xdm_t)
-	policykit_domtrans_auth(xdm_t)
-	policykit_read_lib(xdm_t)
-	policykit_read_reload(xdm_t)
-	policykit_signal_auth(xdm_t)
-')
-
-optional_policy(`
-	pcscd_stream_connect(xdm_t)
-')
-
-optional_policy(`
-	plymouthd_search_spool(xdm_t)
-	plymouthd_exec_plymouth(xdm_t)
-	plymouthd_stream_connect(xdm_t)
-')
-
-optional_policy(`
-	pulseaudio_exec(xdm_t)
-	pulseaudio_dbus_chat(xdm_t)
-	pulseaudio_stream_connect(xdm_t)
-')
-
-optional_policy(`
-	resmgr_stream_connect(xdm_t)
-')
-
-# On crash gdm execs gdb to dump stack
-optional_policy(`
-	rpm_exec(xdm_t)
-	rpm_read_db(xdm_t)
-	rpm_dontaudit_manage_db(xdm_t)
-')
-
-optional_policy(`
-	rtkit_scheduled(xdm_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(xdm_t)
-')
-
-optional_policy(`
-	ssh_signull(xdm_t)
-')
-
-optional_policy(`
-	shutdown_domtrans(xdm_t)
-')
-
-optional_policy(`
-	udev_read_db(xdm_t)
-')
-
-optional_policy(`
-	unconfined_shell_domtrans(xdm_t)
-	unconfined_signal(xdm_t)
-')
-
-optional_policy(`
-	userhelper_dontaudit_search_config(xdm_t)
-')
-
-optional_policy(`
-	usermanage_read_crack_db(xdm_t)
-')
-
-optional_policy(`
-	wm_exec(xdm_t)
-')
-
-optional_policy(`
-	xfs_stream_connect(xdm_t)
-')
-
-########################################
-#
-# X server local policy
-#
-
-# X Object Manager rules
-type_transition xserver_t xserver_t:x_drawable root_xdrawable_t;
-type_transition xserver_t xserver_t:x_colormap root_xcolormap_t;
-type_transition root_xdrawable_t input_xevent_t:x_event root_input_xevent_t;
-
-allow xserver_t { root_xdrawable_t x_domain }:x_drawable send;
-allow xserver_t input_xevent_t:x_event send;
-
-# setuid/setgid for the wrapper program to change UID
-# sys_rawio is for iopl access - should not be needed for frame-buffer
-# sys_admin, locking shared mem?  chowning IPC message queues or semaphores?
-# admin of APM bios?
-# sys_nice is so that the X server can set a negative nice value
-# execheap needed until the X module loader is fixed.
-# NVIDIA Needs execstack
-
-allow xserver_t self:capability { dac_override fowner fsetid setgid setuid ipc_owner sys_ptrace sys_rawio sys_admin sys_nice sys_tty_config mknod net_bind_service };
-dontaudit xserver_t self:capability chown;
-allow xserver_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow xserver_t self:fd use;
-allow xserver_t self:fifo_file rw_fifo_file_perms;
-allow xserver_t self:sock_file read_sock_file_perms;
-allow xserver_t self:shm create_shm_perms;
-allow xserver_t self:sem create_sem_perms;
-allow xserver_t self:msgq create_msgq_perms;
-allow xserver_t self:msg { send receive };
-allow xserver_t self:unix_dgram_socket { create_socket_perms sendto };
-allow xserver_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow xserver_t self:tcp_socket create_stream_socket_perms;
-allow xserver_t self:udp_socket create_socket_perms;
-allow xserver_t self:netlink_selinux_socket create_socket_perms;
-allow xserver_t self:netlink_kobject_uevent_socket create_socket_perms;
-
-allow xserver_t { input_xevent_t input_xevent_type }:x_event send;
-
-domtrans_pattern(xserver_t, xauth_exec_t, xauth_t)
-
-allow xserver_t xauth_home_t:file read_file_perms;
-
-manage_dirs_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
-manage_files_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
-manage_sock_files_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
-files_tmp_filetrans(xserver_t, xserver_tmp_t, { file dir sock_file })
-
-filetrans_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t, sock_file)
-
-manage_dirs_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
-manage_files_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
-manage_lnk_files_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
-manage_fifo_files_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
-manage_sock_files_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
-fs_tmpfs_filetrans(xserver_t, xserver_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-manage_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
-manage_lnk_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
-files_search_var_lib(xserver_t)
-
-manage_dirs_pattern(xserver_t, xserver_var_lib_t, xserver_var_lib_t)
-manage_files_pattern(xserver_t, xserver_var_lib_t, xserver_var_lib_t)
-files_var_lib_filetrans(xserver_t, xserver_var_lib_t, dir)
-
-manage_dirs_pattern(xserver_t, xserver_var_run_t, xserver_var_run_t)
-manage_files_pattern(xserver_t, xserver_var_run_t, xserver_var_run_t)
-manage_sock_files_pattern(xserver_t, xdm_var_run_t, xdm_var_run_t)
-files_pid_filetrans(xserver_t, xserver_var_run_t, { file dir })
-
-# Create files in /var/log with the xserver_log_t type.
-manage_files_pattern(xserver_t, xserver_log_t, xserver_log_t)
-logging_log_filetrans(xserver_t, xserver_log_t, file)
-manage_files_pattern(xserver_t, xdm_log_t, xdm_log_t)
-
-kernel_read_system_state(xserver_t)
-kernel_read_device_sysctls(xserver_t)
-kernel_read_modprobe_sysctls(xserver_t)
-# Xorg wants to check if kernel is tainted
-kernel_read_kernel_sysctls(xserver_t)
-kernel_write_proc_files(xserver_t)
-kernel_request_load_module(xserver_t)
-
-# Run helper programs in xserver_t.
-corecmd_exec_bin(xserver_t)
-corecmd_exec_shell(xserver_t)
-
-corenet_all_recvfrom_unlabeled(xserver_t)
-corenet_all_recvfrom_netlabel(xserver_t)
-corenet_tcp_sendrecv_generic_if(xserver_t)
-corenet_udp_sendrecv_generic_if(xserver_t)
-corenet_tcp_sendrecv_generic_node(xserver_t)
-corenet_udp_sendrecv_generic_node(xserver_t)
-corenet_tcp_sendrecv_all_ports(xserver_t)
-corenet_udp_sendrecv_all_ports(xserver_t)
-corenet_tcp_bind_generic_node(xserver_t)
-corenet_tcp_bind_xserver_port(xserver_t)
-corenet_tcp_connect_all_ports(xserver_t)
-corenet_sendrecv_xserver_server_packets(xserver_t)
-corenet_sendrecv_all_client_packets(xserver_t)
-
-dev_rw_sysfs(xserver_t)
-dev_rw_mouse(xserver_t)
-dev_rw_mtrr(xserver_t)
-dev_rw_apm_bios(xserver_t)
-dev_rw_agp(xserver_t)
-dev_rw_framebuffer(xserver_t)
-dev_manage_dri_dev(xserver_t)
-dev_create_generic_dirs(xserver_t)
-dev_setattr_generic_dirs(xserver_t)
-# raw memory access is needed if not using the frame buffer
-dev_read_raw_memory(xserver_t)
-dev_wx_raw_memory(xserver_t)
-# for other device nodes such as the NVidia binary-only driver
-dev_rw_xserver_misc(xserver_t)
-# read events - the synaptics touchpad driver reads raw events
-dev_rw_input_dev(xserver_t)
-dev_read_raw_memory(xserver_t)
-dev_write_raw_memory(xserver_t)
-dev_rwx_zero(xserver_t)
-
-domain_dontaudit_read_all_domains_state(xserver_t)
-domain_signal_all_domains(xserver_t)
-
-files_read_etc_files(xserver_t)
-files_read_etc_runtime_files(xserver_t)
-files_read_usr_files(xserver_t)
-files_rw_tmpfs_files(xserver_t)
-
-# brought on by rhgb
-files_search_mnt(xserver_t)
-# for nscd
-files_dontaudit_search_pids(xserver_t)
-
-fs_getattr_xattr_fs(xserver_t)
-fs_search_nfs(xserver_t)
-fs_search_auto_mountpoints(xserver_t)
-fs_search_ramfs(xserver_t)
-fs_rw_tmpfs_files(xserver_t)
-
-mls_xwin_read_to_clearance(xserver_t)
-mls_process_write_to_clearance(xserver_t)
-mls_file_read_to_clearance(xserver_t)
-mls_file_write_all_levels(xserver_t)
-mls_file_upgrade(xserver_t)
-
-selinux_validate_context(xserver_t)
-selinux_compute_access_vector(xserver_t)
-selinux_compute_create_context(xserver_t)
-
-auth_use_nsswitch(xserver_t)
-
-init_getpgid(xserver_t)
-
-term_setattr_unallocated_ttys(xserver_t)
-term_use_unallocated_ttys(xserver_t)
-
-getty_use_fds(xserver_t)
-
-locallogin_use_fds(xserver_t)
-
-logging_send_syslog_msg(xserver_t)
-logging_send_audit_msgs(xserver_t)
-
-miscfiles_read_localization(xserver_t)
-miscfiles_read_fonts(xserver_t)
-miscfiles_read_hwdata(xserver_t)
-
-modutils_domtrans_insmod(xserver_t)
-
-# read x_contexts
-seutil_read_default_contexts(xserver_t)
-seutil_read_config(xserver_t)
-seutil_read_file_contexts(xserver_t)
-
-userdom_search_user_home_dirs(xserver_t)
-userdom_use_user_ttys(xserver_t)
-userdom_setattr_user_ttys(xserver_t)
-userdom_rw_user_tmpfs_files(xserver_t)
-
-xserver_use_user_fonts(xserver_t)
-
-ifndef(`distro_redhat',`
-	allow xserver_t self:process { execmem execheap execstack };
-	domain_mmap_low_uncond(xserver_t)
-')
-
-ifdef(`distro_rhel4',`
-	allow xserver_t self:process { execmem execheap execstack };
-')
-
-ifdef(`enable_mls',`
-	range_transition xserver_t xserver_tmp_t:sock_file s0 - mls_systemhigh;
-	range_transition xserver_t xserver_t:x_drawable s0 - mls_systemhigh;
-')
-
-tunable_policy(`!xserver_object_manager',`
-	# should be xserver_unconfined(xserver_t),
-	# but typeattribute doesnt work in conditionals
-
-	allow xserver_t xserver_t:x_server *;
-	allow xserver_t { x_domain root_xdrawable_t }:x_drawable *;
-	allow xserver_t xserver_t:x_screen *;
-	allow xserver_t x_domain:x_gc *;
-	allow xserver_t { x_domain root_xcolormap_t }:x_colormap *;
-	allow xserver_t xproperty_type:x_property *;
-	allow xserver_t xselection_type:x_selection *;
-	allow xserver_t x_domain:x_cursor *;
-	allow xserver_t x_domain:x_client *;
-	allow xserver_t { x_domain xserver_t }:x_device *;
-	allow xserver_t { x_domain xserver_t }:x_pointer *;
-	allow xserver_t { x_domain xserver_t }:x_keyboard *;
-	allow xserver_t xextension_type:x_extension *;
-	allow xserver_t { x_domain xserver_t }:x_resource *;
-	allow xserver_t xevent_type:{ x_event x_synthetic_event } *;
-')
-
-optional_policy(`
-	apm_stream_connect(xserver_t)
-')
-
-optional_policy(`
-	auth_search_pam_console_data(xserver_t)
-')
-
-optional_policy(`
-	devicekit_signal_power(xserver_t)
-')
-
-optional_policy(`
-	rhgb_getpgid(xserver_t)
-	rhgb_signal(xserver_t)
-')
-
-optional_policy(`
-	setrans_translate_context(xserver_t)
-')
-
-optional_policy(`
-	sandbox_rw_xserver_tmpfs_files(xserver_t)
-')
-
-optional_policy(`
-	udev_read_db(xserver_t)
-')
-
-optional_policy(`
-	unconfined_domain(xserver_t)
-	unconfined_domtrans(xserver_t)
-')
-
-optional_policy(`
-	userhelper_search_config(xserver_t)
-')
-
-optional_policy(`
-	wine_rw_shm(xserver_t)
-')
-
-optional_policy(`
-	xfs_stream_connect(xserver_t)
-')
-
-########################################
-#
-# XDM Xserver local policy
-#
-# cjp: when xdm is configurable via tunable these
-# rules will be enabled only when xdm is enabled
-
-allow xserver_t xdm_t:process { signal getpgid };
-allow xserver_t xdm_t:shm rw_shm_perms;
-
-# NB we do NOT allow xserver_t xdm_var_lib_t:dir, only access to an open
-# handle of a file inside the dir!!!
-allow xserver_t xdm_var_lib_t:file read_file_perms;
-dontaudit xserver_t xdm_var_lib_t:dir search_dir_perms;
-
-read_files_pattern(xserver_t, xdm_var_run_t, xdm_var_run_t)
-
-# Label pid and temporary files with derived types.
-manage_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
-manage_lnk_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
-manage_sock_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
-
-# Run xkbcomp.
-allow xserver_t xkb_var_lib_t:lnk_file read_lnk_file_perms;
-can_exec(xserver_t, xkb_var_lib_t)
-
-# VNC v4 module in X server
-corenet_tcp_bind_vnc_port(xserver_t)
-
-init_use_fds(xserver_t)
-
-# FIXME: After per user fonts are properly working
-# xserver_t may no longer have any reason
-# to read ROLE_home_t - examine this in more detail
-# (xauth?)
-userdom_read_user_home_content_files(xserver_t)
-userdom_read_all_users_state(xserver_t)
-
-xserver_use_user_fonts(xserver_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(xserver_t)
-	fs_manage_nfs_files(xserver_t)
-	fs_manage_nfs_symlinks(xserver_t)
-')
-
-tunable_policy(`use_fusefs_home_dirs',`
-	fs_manage_fusefs_dirs(xserver_t)
-	fs_manage_fusefs_files(xserver_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(xserver_t)
-	fs_manage_cifs_files(xserver_t)
-	fs_manage_cifs_symlinks(xserver_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(xserver_t)
-
-	optional_policy(`
-		hal_dbus_chat(xserver_t)
-	')
-')
-
-optional_policy(`
-	mono_rw_shm(xserver_t)
-')
-
-optional_policy(`
-	rhgb_rw_shm(xserver_t)
-	rhgb_rw_tmpfs_files(xserver_t)
-')
-
-optional_policy(`
-	userhelper_search_config(xserver_t)
-')
-
-########################################
-#
-# Rules common to all X window domains
-#
-
-# Hacks
-# everyone can do override-redirect windows.
-# this could be used to spoof labels
-allow x_domain self:x_drawable override;
-# firefox gets nosy with other people's windows
-allow x_domain x_domain:x_drawable { list_child receive };
-
-# X Server
-# can get X server attributes
-allow x_domain xserver_t:x_server getattr;
-# can grab the server
-allow x_domain xserver_t:x_server grab;
-# can read and write server-owned generic resources
-allow x_domain xserver_t:x_resource { read write };
-# can mess with own clients
-allow x_domain self:x_client { getattr manage destroy };
-
-# X Protocol Extensions
-allow x_domain xextension_t:x_extension { query use };
-allow x_domain security_xextension_t:x_extension { query use };
-
-# X Properties
-# can change properties of root window
-allow x_domain root_xdrawable_t:x_drawable { list_property get_property set_property };
-# can change properties of my own windows
-allow x_domain self:x_drawable { list_property get_property set_property };
-# can read and write cut buffers
-allow x_domain clipboard_xproperty_t:x_property { create read write append };
-# can read security labels
-allow x_domain seclabel_xproperty_t:x_property { getattr read };
-# can change all other properties
-allow x_domain xproperty_t:x_property { getattr create read write append destroy };
-
-# X Windows
-# operations allowed on root windows
-allow x_domain root_xdrawable_t:x_drawable { getattr setattr list_child add_child remove_child send receive hide show };
-# operations allowed on my windows
-allow x_domain self:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive };
-allow x_domain self:x_drawable blend;
-# operations allowed on all windows
-allow x_domain x_domain:x_drawable { getattr get_property set_property remove_child };
-
-# X Colormaps
-# can use the default colormap
-allow x_domain root_xcolormap_t:x_colormap { read use add_color remove_color install uninstall };
-# can create and use colormaps
-allow x_domain self:x_colormap *;
-
-# X Devices
-# operations allowed on my own devices
-allow x_domain self:{ x_device x_pointer x_keyboard } *;
-# operations allowed on generic devices
-allow x_domain xserver_t:x_device { use getattr setattr getfocus setfocus bell grab freeze force_cursor };
-# operations allowed on core keyboard
-allow x_domain xserver_t:x_keyboard { use getattr setattr getfocus setfocus bell grab };
-# operations allowed on core pointer
-allow x_domain xserver_t:x_pointer { read use getattr setattr getfocus setfocus bell grab freeze force_cursor };
-
-# all devices can generate input events
-allow x_domain root_xdrawable_t:x_drawable send;
-allow x_domain x_domain:x_drawable send;
-allow x_domain input_xevent_t:x_event send;
-
-# dontaudit keyloggers repeatedly polling
-#dontaudit x_domain xserver_t:x_keyboard read;
-
-# X Input
-# can receive default events
-allow x_domain xevent_t:{ x_event x_synthetic_event } receive;
-# can receive ICCCM events
-allow x_domain client_xevent_t:{ x_event x_synthetic_event } receive;
-# can send ICCCM events to the root window
-allow x_domain client_xevent_t:x_synthetic_event send;
-# can receive root window input events
-allow x_domain root_input_xevent_t:x_event receive;
-
-# X Selections
-# can use the clipboard
-allow x_domain clipboard_xselection_t:x_selection { getattr setattr read };
-# can use default selections
-allow x_domain xselection_t:x_selection { getattr setattr read };
-
-# Other X Objects
-# can create and use cursors
-allow x_domain self:x_cursor *;
-# can create and use graphics contexts
-allow x_domain self:x_gc *;
-# can read and write own objects
-allow x_domain self:x_resource { read write };
-# can mess with the screensaver
-allow x_domain xserver_t:x_screen { getattr saver_getattr };
-
-# Device rules
-allow x_domain xserver_t:x_device { read getattr use setattr setfocus grab bell };
-allow x_domain xserver_t:x_screen getattr;
-
-########################################
-#
-# Rules for unconfined access to this module
-#
-
-allow xserver_unconfined_type xserver_t:x_server *;
-allow xserver_unconfined_type xdrawable_type:x_drawable *;
-allow xserver_unconfined_type xserver_t:x_screen *;
-allow xserver_unconfined_type x_domain:x_gc *;
-allow xserver_unconfined_type xcolormap_type:x_colormap *;
-allow xserver_unconfined_type xproperty_type:x_property *;
-allow xserver_unconfined_type xselection_type:x_selection *;
-allow xserver_unconfined_type x_domain:x_cursor *;
-allow xserver_unconfined_type x_domain:x_client *;
-allow xserver_unconfined_type { x_domain xserver_t }:x_device *;
-allow xserver_unconfined_type { x_domain xserver_t }:x_pointer *;
-allow xserver_unconfined_type { x_domain xserver_t }:x_keyboard *;
-allow xserver_unconfined_type xextension_type:x_extension *;
-allow xserver_unconfined_type { x_domain xserver_t }:x_resource *;
-allow xserver_unconfined_type xevent_type:{ x_event x_synthetic_event } *;
-
-tunable_policy(`! xserver_object_manager',`
-	# should be xserver_unconfined(x_domain),
-	# but typeattribute doesnt work in conditionals
-
-	allow x_domain xserver_t:x_server *;
-	allow x_domain xdrawable_type:x_drawable *;
-	allow x_domain xserver_t:x_screen *;
-	allow x_domain x_domain:x_gc *;
-	allow x_domain xcolormap_type:x_colormap *;
-	allow x_domain xproperty_type:x_property *;
-	allow x_domain xselection_type:x_selection *;
-	allow x_domain x_domain:x_cursor *;
-	allow x_domain x_domain:x_client *;
-	allow x_domain { x_domain xserver_t }:x_device *;
-	allow x_domain { x_domain xserver_t }:x_pointer *;
-	allow x_domain { x_domain xserver_t }:x_keyboard *;
-	allow x_domain xextension_type:x_extension *;
-	allow x_domain { x_domain xserver_t }:x_resource *;
-	allow x_domain xevent_type:{ x_event x_synthetic_event } *;
-')
-
-tunable_policy(`allow_xserver_execmem',`
-	allow xserver_t self:process { execheap execmem execstack };
-')
-
-# Hack to handle the problem of using the nvidia blobs
-tunable_policy(`allow_execmem',`
-	allow xdm_t self:process execmem;
-')
-
-tunable_policy(`allow_execstack',`
-	allow xdm_t self:process { execstack execmem };
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_append_nfs_files(xdmhomewriter)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_append_nfs_files(xdmhomewriter)
-')
-
-optional_policy(`
-	unconfined_rw_shm(xserver_t)
-	unconfined_execmem_rw_shm(xserver_t)
-
-	# xserver signals unconfined user on startx
-	unconfined_signal(xserver_t)
-	unconfined_getpgid(xserver_t)
-')
diff --git a/policy/modules/services/zabbix.fc b/policy/modules/services/zabbix.fc
deleted file mode 100644
index 3102286..0000000
--- a/policy/modules/services/zabbix.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-/etc/rc\.d/init\.d/zabbix --	gen_context(system_u:object_r:zabbix_initrc_exec_t,s0)
-
-/usr/bin/zabbix_server	--	gen_context(system_u:object_r:zabbix_exec_t,s0)
-
-/var/log/zabbix(/.*)?		gen_context(system_u:object_r:zabbix_log_t,s0)
-
-/var/run/zabbix(/.*)?		gen_context(system_u:object_r:zabbix_var_run_t,s0)
diff --git a/policy/modules/services/zabbix.if b/policy/modules/services/zabbix.if
deleted file mode 100644
index 4776863..0000000
--- a/policy/modules/services/zabbix.if
+++ /dev/null
@@ -1,116 +0,0 @@
-## <summary>Distributed infrastructure monitoring</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run zabbix.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`zabbix_domtrans',`
-	gen_require(`
-		type zabbix_t, zabbix_exec_t;
-	')
-
-	domtrans_pattern($1, zabbix_exec_t, zabbix_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read zabbix's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`zabbix_read_log',`
-	gen_require(`
-		type zabbix_log_t;
-	')
-
-	logging_search_logs($1)
-	read_files_pattern($1, zabbix_log_t, zabbix_log_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to append
-##	zabbix log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`zabbix_append_log',`
-	gen_require(`
-		type zabbix_log_t;
-	')
-
-	logging_search_logs($1)
-	append_files_pattern($1, zabbix_log_t, zabbix_log_t)
-')
-
-########################################
-## <summary>
-##	Read zabbix PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`zabbix_read_pid_files',`
-	gen_require(`
-		type zabbix_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 zabbix_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate 
-##	an zabbix environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the zabbix domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`zabbix_admin',`
-	gen_require(`
-		type zabbix_t, zabbix_log_t, zabbix_var_run_t;
-		type zabbix_initrc_exec_t;
-	')
-
-	allow $1 zabbix_t:process { ptrace signal_perms };
-	ps_process_pattern($1, zabbix_t)
-
-	init_labeled_script_domtrans($1, zabbix_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 zabbix_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	logging_list_logs($1)
-	admin_pattern($1, zabbix_log_t)
-
-	files_list_pids($1)
-	admin_pattern($1, zabbix_var_run_t)
-')
diff --git a/policy/modules/services/zabbix.te b/policy/modules/services/zabbix.te
deleted file mode 100644
index 20d7cde..0000000
--- a/policy/modules/services/zabbix.te
+++ /dev/null
@@ -1,52 +0,0 @@
-policy_module(zabbix, 1.2.1)
-
-########################################
-#
-# Declarations
-#
-
-type zabbix_t;
-type zabbix_exec_t;
-init_daemon_domain(zabbix_t, zabbix_exec_t)
-
-type zabbix_initrc_exec_t;
-init_script_file(zabbix_initrc_exec_t)
-
-# log files
-type zabbix_log_t;
-logging_log_file(zabbix_log_t)
-
-# pid files
-type zabbix_var_run_t;
-files_pid_file(zabbix_var_run_t)
-
-########################################
-#
-# zabbix local policy
-#
-
-allow zabbix_t self:capability { setuid setgid };
-allow zabbix_t self:fifo_file rw_fifo_file_perms;
-allow zabbix_t self:unix_stream_socket create_stream_socket_perms;
-
-# log files
-allow zabbix_t zabbix_log_t:dir setattr_dir_perms;
-manage_files_pattern(zabbix_t, zabbix_log_t, zabbix_log_t)
-logging_log_filetrans(zabbix_t, zabbix_log_t, file)
-
-# pid file
-manage_dirs_pattern(zabbix_t, zabbix_var_run_t, zabbix_var_run_t)
-manage_files_pattern(zabbix_t, zabbix_var_run_t, zabbix_var_run_t)
-files_pid_filetrans(zabbix_t, zabbix_var_run_t, { dir file })
-
-files_read_etc_files(zabbix_t)
-
-miscfiles_read_localization(zabbix_t)
-
-optional_policy(`
-	mysql_stream_connect(zabbix_t)
-')
-
-optional_policy(`
-	postgresql_stream_connect(zabbix_t)
-')
diff --git a/policy/modules/services/zarafa.fc b/policy/modules/services/zarafa.fc
deleted file mode 100644
index 56cb5af..0000000
--- a/policy/modules/services/zarafa.fc
+++ /dev/null
@@ -1,27 +0,0 @@
-
-/etc/zarafa(/.*)?			gen_context(system_u:object_r:zarafa_etc_t,s0)
-
-/usr/bin/zarafa-dagent	--	gen_context(system_u:object_r:zarafa_deliver_exec_t,s0)
-
-/usr/bin/zarafa-server	--	gen_context(system_u:object_r:zarafa_server_exec_t,s0)
-
-/usr/bin/zarafa-gateway	--	gen_context(system_u:object_r:zarafa_gateway_exec_t,s0)
-
-/usr/bin/zarafa-spooler	--	gen_context(system_u:object_r:zarafa_spooler_exec_t,s0)
-
-/usr/bin/zarafa-ical	--	gen_context(system_u:object_r:zarafa_ical_exec_t,s0)
-
-/usr/bin/zarafa-monitor	--	gen_context(system_u:object_r:zarafa_monitor_exec_t,s0)
-
-/var/log/zarafa/server\.log		--	gen_context(system_u:object_r:zarafa_server_log_t,s0)
-/var/log/zarafa/spooler\.log	--	gen_context(system_u:object_r:zarafa_spooler_log_t,s0)
-/var/log/zarafa/gateway\.log	--	gen_context(system_u:object_r:zarafa_gateway_log_t,s0)
-/var/log/zarafa/ical\.log		--	gen_context(system_u:object_r:zarafa_ical_log_t,s0)
-/var/log/zarafa/monitor\.log	--	gen_context(system_u:object_r:zarafa_monitor_log_t,s0)
-
-/var/run/zarafa		     		-s      gen_context(system_u:object_r:zarafa_server_var_run_t,s0)
-/var/run/zarafa-gateway\.pid	--		gen_context(system_u:object_r:zarafa_gateway_var_run_t,s0)
-/var/run/zarafa-server\.pid     --      gen_context(system_u:object_r:zarafa_server_var_run_t,s0)
-/var/run/zarafa-spooler\.pid    --      gen_context(system_u:object_r:zarafa_spooler_var_run_t,s0)
-/var/run/zarafa-ical\.pid       --      gen_context(system_u:object_r:zarafa_ical_var_run_t,s0)
-/var/run/zarafa-monitor\.pid    --      gen_context(system_u:object_r:zarafa_monitor_var_run_t,s0)
diff --git a/policy/modules/services/zarafa.if b/policy/modules/services/zarafa.if
deleted file mode 100644
index 4f2dde8..0000000
--- a/policy/modules/services/zarafa.if
+++ /dev/null
@@ -1,102 +0,0 @@
-## <summary>policy for zarafa services</summary>
-
-######################################
-## <summary>
-##	Creates types and rules for a basic
-##	zararfa init daemon domain.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Prefix for the domain.
-##	</summary>
-## </param>
-#
-template(`zarafa_domain_template',`
-	gen_require(`
-		attribute zarafa_domain;
-	')
-
-	##############################
-	#
-	# $1_t declarations
-	#
-
-	type zarafa_$1_t, zarafa_domain;
-	type zarafa_$1_exec_t;
-	init_daemon_domain(zarafa_$1_t, zarafa_$1_exec_t)
-
-	type zarafa_$1_log_t;
-	logging_log_file(zarafa_$1_log_t)
-
-	type zarafa_$1_var_run_t;
-	files_pid_file(zarafa_$1_var_run_t)
-
-	##############################
-	#
-	# $1_t local policy
-	#
-
-	manage_files_pattern(zarafa_$1_t, zarafa_$1_var_run_t, zarafa_$1_var_run_t)
-	manage_sock_files_pattern(zarafa_$1_t, zarafa_$1_var_run_t, zarafa_$1_var_run_t)
-	files_pid_filetrans(zarafa_$1_t, zarafa_$1_var_run_t, { file sock_file })
-	#stream_connect_pattern(zarafa_$1_t, $1_var_run_t, $1_var_run_t, virtd_t)
-
-	manage_files_pattern(zarafa_$1_t, zarafa_$1_log_t,zarafa_$1_log_t)
-	#manage_sock_files_pattern(zarafa_$1_t, zarafa_$1_log_t,zarafa_$1_log_t)
-	logging_log_filetrans(zarafa_$1_t,zarafa_$1_log_t,{ file })
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run zarafa_server.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`zarafa_server_domtrans',`
-	gen_require(`
-		type zarafa_server_t, zarafa_server_exec_t;
-	')
-
-	domtrans_pattern($1, zarafa_server_exec_t, zarafa_server_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run zarafa_deliver.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`zarafa_deliver_domtrans',`
-	gen_require(`
-		type zarafa_deliver_t, zarafa_deliver_exec_t;
-	')
-
-	domtrans_pattern($1, zarafa_deliver_exec_t, zarafa_deliver_t)
-')
-
-#######################################
-## <summary>
-##	Connect to zarafa-server unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`zarafa_stream_connect_server',`
-	gen_require(`
-		type zarafa_server_t, zarafa_server_var_run_t;
-	')
-
-	files_search_var_lib($1)
-	stream_connect_pattern($1, zarafa_server_var_run_t, zarafa_server_var_run_t, zarafa_server_t)
-')
diff --git a/policy/modules/services/zarafa.te b/policy/modules/services/zarafa.te
deleted file mode 100644
index 3ce4d86..0000000
--- a/policy/modules/services/zarafa.te
+++ /dev/null
@@ -1,132 +0,0 @@
-policy_module(zarafa, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-attribute zarafa_domain;
-
-zarafa_domain_template(monitor)
-zarafa_domain_template(ical)
-zarafa_domain_template(server)
-zarafa_domain_template(spooler)
-zarafa_domain_template(gateway)
-zarafa_domain_template(deliver)
-
-type zarafa_deliver_tmp_t;
-files_tmp_file(zarafa_deliver_tmp_t)
-
-type zarafa_etc_t;
-files_config_file(zarafa_etc_t)
-
-type zarafa_share_t;
-files_type(zarafa_share_t)
-
-permissive zarafa_server_t;
-permissive zarafa_spooler_t;
-permissive zarafa_gateway_t;
-permissive zarafa_deliver_t;
-permissive zarafa_ical_t;
-permissive zarafa_monitor_t;
-
-########################################
-#
-# zarafa-deliver local policy
-#
-
-manage_dirs_pattern(zarafa_deliver_t, zarafa_deliver_tmp_t, zarafa_deliver_tmp_t)
-manage_files_pattern(zarafa_deliver_t, zarafa_deliver_tmp_t, zarafa_deliver_tmp_t)
-files_tmp_filetrans(zarafa_deliver_t, zarafa_deliver_tmp_t, { file dir })
-
-#temporary
-#allow zarafa_deliver_t port_t:tcp_socket name_bind;
-
-########################################
-#
-# zarafa_server local policy
-#
-
-allow zarafa_server_t self:capability { chown kill net_bind_service };
-allow zarafa_server_t self:process { setrlimit signal };
-
-corenet_tcp_bind_zarafa_port(zarafa_server_t)
-
-files_read_usr_files(zarafa_server_t)
-
-logging_send_syslog_msg(zarafa_server_t)
-logging_send_audit_msgs(zarafa_server_t)
-
-sysnet_dns_name_resolve(zarafa_server_t)
-
-optional_policy(`
-	mysql_stream_connect(zarafa_server_t)
-')
-
-optional_policy(`
-	kerberos_use(zarafa_server_t)
-')
-
-########################################
-#
-# zarafa_spooler local policy
-#
-
-allow zarafa_spooler_t self:capability { chown kill };
-allow zarafa_spooler_t self:process signal;
-
-corenet_tcp_connect_smtp_port(zarafa_spooler_t)
-
-########################################
-#
-# zarafa_gateway local policy
-#
-
-allow zarafa_gateway_t self:capability { chown kill };
-allow zarafa_gateway_t self:process { setrlimit signal };
-
-corenet_tcp_bind_pop_port(zarafa_gateway_t)
-
-#######################################
-#
-# zarafa-ical local policy
-#
-
-allow zarafa_ical_t self:capability chown;
-
-corenet_tcp_bind_http_cache_port(zarafa_ical_t)
-
-######################################
-#
-# zarafa-monitor local policy
-#
-
-allow zarafa_monitor_t self:capability chown;
-
-########################################
-#
-# zarafa domains local policy
-#
-
-# bad permission on /etc/zarafa
-allow zarafa_domain self:capability { dac_override setgid setuid };
-allow zarafa_domain self:fifo_file rw_fifo_file_perms;
-allow zarafa_domain self:tcp_socket create_stream_socket_perms;
-allow zarafa_domain self:unix_stream_socket create_stream_socket_perms;
-
-stream_connect_pattern(zarafa_domain, zarafa_server_var_run_t, zarafa_server_var_run_t, zarafa_server_t)
-
-read_files_pattern(zarafa_domain, zarafa_etc_t, zarafa_etc_t)
-
-kernel_read_system_state(zarafa_domain)
-
-files_read_etc_files(zarafa_domain)
-
-auth_use_nsswitch(zarafa_domain)
-
-miscfiles_read_localization(zarafa_domain)
-
-# temporary rules
-optional_policy(`
-	apache_content_template(zarafa)
-')
diff --git a/policy/modules/services/zebra.fc b/policy/modules/services/zebra.fc
deleted file mode 100644
index e1b30b2..0000000
--- a/policy/modules/services/zebra.fc
+++ /dev/null
@@ -1,22 +0,0 @@
-/etc/rc\.d/init\.d/bgpd	--	gen_context(system_u:object_r:zebra_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/ospf6d --	gen_context(system_u:object_r:zebra_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/ospfd --	gen_context(system_u:object_r:zebra_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/ripd	--	gen_context(system_u:object_r:zebra_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/ripngd --	gen_context(system_u:object_r:zebra_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/zebra --	gen_context(system_u:object_r:zebra_initrc_exec_t,s0)
-
-/usr/sbin/bgpd		--	gen_context(system_u:object_r:zebra_exec_t,s0)
-/usr/sbin/zebra		--	gen_context(system_u:object_r:zebra_exec_t,s0)
-
-/etc/quagga(/.*)?		gen_context(system_u:object_r:zebra_conf_t,s0)
-/etc/zebra(/.*)?		gen_context(system_u:object_r:zebra_conf_t,s0)
-
-/usr/sbin/ospf.*	--	gen_context(system_u:object_r:zebra_exec_t,s0)
-/usr/sbin/rip.*		--	gen_context(system_u:object_r:zebra_exec_t,s0)
-
-/var/log/quagga(/.*)?		gen_context(system_u:object_r:zebra_log_t,s0)
-/var/log/zebra(/.*)?		gen_context(system_u:object_r:zebra_log_t,s0)
-
-/var/run/\.zebra	-s	gen_context(system_u:object_r:zebra_var_run_t,s0)
-/var/run/\.zserv	-s	gen_context(system_u:object_r:zebra_var_run_t,s0)
-/var/run/quagga(/.*)?		gen_context(system_u:object_r:zebra_var_run_t,s0)
diff --git a/policy/modules/services/zebra.if b/policy/modules/services/zebra.if
deleted file mode 100644
index 347f754..0000000
--- a/policy/modules/services/zebra.if
+++ /dev/null
@@ -1,86 +0,0 @@
-## <summary>Zebra border gateway protocol network routing service</summary>
-
-########################################
-## <summary>
-##	Read the configuration files for zebra.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`zebra_read_config',`
-	gen_require(`
-		type zebra_conf_t;
-	')
-
-	files_search_etc($1)
-	allow $1 zebra_conf_t:dir list_dir_perms;
-	read_files_pattern($1, zebra_conf_t, zebra_conf_t)
-	read_lnk_files_pattern($1, zebra_conf_t, zebra_conf_t)
-')
-
-########################################
-## <summary>
-##	Connect to zebra over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`zebra_stream_connect',`
-	gen_require(`
-		type zebra_t, zebra_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, zebra_var_run_t, zebra_var_run_t, zebra_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an zebra environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the zebra domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`zebra_admin',`
-	gen_require(`
-		type zebra_t, zebra_tmp_t, zebra_log_t;
-		type zebra_conf_t, zebra_var_run_t, zebra_initrc_exec_t;
-	')
-
-	allow $1 zebra_t:process { ptrace signal_perms };
-	ps_process_pattern($1, zebra_t)
-
-	init_labeled_script_domtrans($1, zebra_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 zebra_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, zebra_conf_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, zebra_log_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, zebra_tmp_t)
-
-	files_list_pids($1)
-	admin_pattern($1, zebra_var_run_t)
-')
diff --git a/policy/modules/services/zebra.te b/policy/modules/services/zebra.te
deleted file mode 100644
index f0b1201..0000000
--- a/policy/modules/services/zebra.te
+++ /dev/null
@@ -1,139 +0,0 @@
-policy_module(zebra, 1.11.1)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Allow zebra daemon to write it configuration files
-##	</p>
-## </desc>
-gen_tunable(allow_zebra_write_config, false)
-
-type zebra_t;
-type zebra_exec_t;
-init_daemon_domain(zebra_t, zebra_exec_t)
-
-type zebra_conf_t;
-files_type(zebra_conf_t)
-
-type zebra_initrc_exec_t;
-init_script_file(zebra_initrc_exec_t)
-
-type zebra_log_t;
-logging_log_file(zebra_log_t)
-
-type zebra_tmp_t;
-files_tmp_file(zebra_tmp_t)
-
-type zebra_var_run_t;
-files_pid_file(zebra_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow zebra_t self:capability { setgid setuid net_admin net_raw };
-dontaudit zebra_t self:capability sys_tty_config;
-allow zebra_t self:process { signal_perms getcap setcap };
-allow zebra_t self:file rw_file_perms;
-allow zebra_t self:unix_dgram_socket create_socket_perms;
-allow zebra_t self:unix_stream_socket { connectto create_stream_socket_perms };
-allow zebra_t self:netlink_route_socket rw_netlink_socket_perms;
-allow zebra_t self:tcp_socket { connect connected_stream_socket_perms };
-allow zebra_t self:udp_socket create_socket_perms;
-allow zebra_t self:rawip_socket create_socket_perms;
-
-allow zebra_t zebra_conf_t:dir list_dir_perms;
-read_files_pattern(zebra_t, zebra_conf_t, zebra_conf_t)
-read_lnk_files_pattern(zebra_t, zebra_conf_t, zebra_conf_t)
-
-allow zebra_t zebra_log_t:dir setattr_dir_perms;
-manage_files_pattern(zebra_t, zebra_log_t, zebra_log_t)
-manage_sock_files_pattern(zebra_t, zebra_log_t, zebra_log_t)
-logging_log_filetrans(zebra_t, zebra_log_t, { sock_file file dir })
-
-# /tmp/.bgpd is such a bad idea!
-allow zebra_t zebra_tmp_t:sock_file manage_sock_file_perms;
-files_tmp_filetrans(zebra_t, zebra_tmp_t, sock_file)
-
-manage_dirs_pattern(zebra_t, zebra_var_run_t, zebra_var_run_t)
-manage_files_pattern(zebra_t, zebra_var_run_t, zebra_var_run_t)
-manage_sock_files_pattern(zebra_t, zebra_var_run_t, zebra_var_run_t)
-files_pid_filetrans(zebra_t, zebra_var_run_t, { dir file sock_file })
-
-kernel_read_system_state(zebra_t)
-kernel_read_network_state(zebra_t)
-kernel_read_kernel_sysctls(zebra_t)
-kernel_rw_net_sysctls(zebra_t)
-
-corenet_all_recvfrom_unlabeled(zebra_t)
-corenet_all_recvfrom_netlabel(zebra_t)
-corenet_tcp_sendrecv_generic_if(zebra_t)
-corenet_udp_sendrecv_generic_if(zebra_t)
-corenet_raw_sendrecv_generic_if(zebra_t)
-corenet_tcp_sendrecv_generic_node(zebra_t)
-corenet_udp_sendrecv_generic_node(zebra_t)
-corenet_raw_sendrecv_generic_node(zebra_t)
-corenet_tcp_sendrecv_all_ports(zebra_t)
-corenet_udp_sendrecv_all_ports(zebra_t)
-corenet_tcp_bind_generic_node(zebra_t)
-corenet_udp_bind_generic_node(zebra_t)
-corenet_tcp_bind_bgp_port(zebra_t)
-corenet_tcp_bind_zebra_port(zebra_t)
-corenet_udp_bind_router_port(zebra_t)
-corenet_tcp_connect_bgp_port(zebra_t)
-corenet_sendrecv_zebra_server_packets(zebra_t)
-corenet_sendrecv_router_server_packets(zebra_t)
-
-dev_associate_usbfs(zebra_var_run_t)
-dev_list_all_dev_nodes(zebra_t)
-dev_read_sysfs(zebra_t)
-dev_rw_zero(zebra_t)
-
-fs_getattr_all_fs(zebra_t)
-fs_search_auto_mountpoints(zebra_t)
-
-term_list_ptys(zebra_t)
-
-domain_use_interactive_fds(zebra_t)
-
-files_search_etc(zebra_t)
-files_read_etc_files(zebra_t)
-files_read_etc_runtime_files(zebra_t)
-
-logging_send_syslog_msg(zebra_t)
-
-miscfiles_read_localization(zebra_t)
-
-sysnet_read_config(zebra_t)
-
-userdom_dontaudit_use_unpriv_user_fds(zebra_t)
-userdom_dontaudit_search_user_home_dirs(zebra_t)
-
-tunable_policy(`allow_zebra_write_config',`
-	manage_files_pattern(zebra_t, zebra_conf_t, zebra_conf_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(zebra_t)
-')
-
-optional_policy(`
-	rpm_read_pipes(zebra_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(zebra_t)
-')
-
-optional_policy(`
-	udev_read_db(zebra_t)
-')
-
-optional_policy(`
-	unconfined_sigchld(zebra_t)
-')
diff --git a/policy/modules/services/zosremote.fc b/policy/modules/services/zosremote.fc
deleted file mode 100644
index d719d0b..0000000
--- a/policy/modules/services/zosremote.fc
+++ /dev/null
@@ -1 +0,0 @@
-/sbin/audispd-zos-remote	--	gen_context(system_u:object_r:zos_remote_exec_t,s0)
diff --git a/policy/modules/services/zosremote.if b/policy/modules/services/zosremote.if
deleted file mode 100644
index 13f0eef..0000000
--- a/policy/modules/services/zosremote.if
+++ /dev/null
@@ -1,46 +0,0 @@
-## <summary>policy for z/OS Remote-services Audit dispatcher plugin</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run audispd-zos-remote.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`zosremote_domtrans',`
-	gen_require(`
-		type zos_remote_t, zos_remote_exec_t;
-	')
-
-	domtrans_pattern($1, zos_remote_exec_t, zos_remote_t)
-')
-
-########################################
-## <summary>
-##	Allow specified type and role to transition and
-##	run in the zos_remote_t domain. Allow specified type
-##	to use zos_remote_t terminal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`zosremote_run',`
-	gen_require(`
-		type zos_remote_t;
-	')
-
-	zosremote_domtrans($1)
-	role $2 types zos_remote_t;
-')
diff --git a/policy/modules/services/zosremote.te b/policy/modules/services/zosremote.te
deleted file mode 100644
index 3d407c6..0000000
--- a/policy/modules/services/zosremote.te
+++ /dev/null
@@ -1,28 +0,0 @@
-policy_module(zosremote, 1.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type zos_remote_t;
-type zos_remote_exec_t;
-init_system_domain(zos_remote_t, zos_remote_exec_t)
-logging_dispatcher_domain(zos_remote_t, zos_remote_exec_t)
-
-########################################
-#
-# zos_remote local policy
-#
-
-allow zos_remote_t self:process signal;
-allow zos_remote_t self:fifo_file rw_fifo_file_perms;
-allow zos_remote_t self:unix_stream_socket create_stream_socket_perms;
-
-files_read_etc_files(zos_remote_t)
-
-auth_use_nsswitch(zos_remote_t)
-
-miscfiles_read_localization(zos_remote_t)
-
-logging_send_syslog_msg(zos_remote_t)
diff --git a/policy/modules/system/application.fc b/policy/modules/system/application.fc
deleted file mode 100644
index 08133f3..0000000
--- a/policy/modules/system/application.fc
+++ /dev/null
@@ -1 +0,0 @@
-# No application file contexts.
diff --git a/policy/modules/system/application.if b/policy/modules/system/application.if
deleted file mode 100644
index 108595b..0000000
--- a/policy/modules/system/application.if
+++ /dev/null
@@ -1,150 +0,0 @@
-## <summary>Policy for user executable applications.</summary>
-
-########################################
-## <summary>
-##	Make the specified type usable as an application domain.
-## </summary>
-## <param name="type">
-##	<summary>
-##	Type to be used as a domain type.
-##	</summary>
-## </param>
-#
-interface(`application_type',`
-	gen_require(`
-		attribute application_domain_type;
-	')
-
-	typeattribute $1 application_domain_type;
-
-	# start with basic domain
-	domain_type($1)
-')
-
-########################################
-## <summary>
-##	Make the specified type usable for files
-##	that are exectuables, such as binary programs.
-##	This does not include shared libraries.
-## </summary>
-## <param name="type">
-##	<summary>
-##	Type to be used for files.
-##	</summary>
-## </param>
-#
-interface(`application_executable_file',`
-	gen_require(`
-		attribute application_exec_type;
-	')
-
-	typeattribute $1 application_exec_type;
-
-	corecmd_executable_file($1)
-')
-
-########################################
-## <summary>
-## Execute application executables in the caller domain.
-## </summary>
-## <param name="type">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`application_exec',`
-	gen_require(`
-		attribute application_exec_type;
-	')
-
-	can_exec($1, application_exec_type)
-')
-
-########################################
-## <summary>
-##	Execute all executable files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`application_exec_all',`
-	corecmd_dontaudit_exec_all_executables($1)
-	corecmd_exec_bin($1)
-	corecmd_exec_shell($1)
-	corecmd_exec_chroot($1)
-
-	application_exec($1)
-')
-
-########################################
-## <summary>
-##	Create a domain for applications.
-## </summary>
-## <desc>
-##	<p>
-##	Create a domain for applications.  Typically these are
-##	programs that are run interactively.
-##	</p>
-##	<p>
-##	The types will be made usable as a domain and file, making
-##	calls to domain_type() and files_type() redundant.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Type to be used as an application domain.
-##	</summary>
-## </param>
-## <param name="entry_point">
-##	<summary>
-##	Type of the program to be used as an entry point to this domain.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`application_domain',`
-	application_type($1)
-	application_executable_file($2)
-	domain_entry_file($1, $2)
-')
-
-########################################
-## <summary>
-##	Send signull to all application domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`application_signull',`
-	gen_require(`
-		attribute application_domain_type;
-	')
-
-	allow $1 application_domain_type:process signull;
-')
-
-########################################
-## <summary>
-##	Send signal to all application domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`application_signal',`
-	gen_require(`
-		attribute application_domain_type;
-	')
-
-	allow $1 application_domain_type:process signal;
-')
diff --git a/policy/modules/system/application.te b/policy/modules/system/application.te
deleted file mode 100644
index 2fa3974..0000000
--- a/policy/modules/system/application.te
+++ /dev/null
@@ -1,32 +0,0 @@
-policy_module(application, 1.2.0)
-
-# Attribute of user applications
-attribute application_domain_type;
-
-# Executables to be run by user
-attribute application_exec_type;
-
-userdom_inherit_append_user_home_content_files(application_domain_type)
-userdom_inherit_append_admin_home_files(application_domain_type)
-userdom_inherit_append_user_tmp_files(application_domain_type)
-logging_inherit_append_all_logs(application_domain_type)
-
-files_dontaudit_search_all_dirs(application_domain_type)
-
-optional_policy(`
-	afs_rw_udp_sockets(application_domain_type)
-')
-
-optional_policy(`
-	cron_rw_inherited_user_spool_files(application_domain_type)
-	cron_sigchld(application_domain_type)
-')
-
-optional_policy(`
-	ssh_sigchld(application_domain_type)
-	ssh_rw_stream_sockets(application_domain_type)
-')
-
-optional_policy(`
-	sudo_sigchld(application_domain_type)
-')
diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc
deleted file mode 100644
index 2997dd7..0000000
--- a/policy/modules/system/authlogin.fc
+++ /dev/null
@@ -1,47 +0,0 @@
-
-/bin/login		--	gen_context(system_u:object_r:login_exec_t,s0)
-
-/etc/\.pwd\.lock	--	gen_context(system_u:object_r:shadow_t,s0)
-/etc/group\.lock	--	gen_context(system_u:object_r:shadow_t,s0)
-/etc/gshadow.*		--	gen_context(system_u:object_r:shadow_t,s0)
-/etc/passwd\.lock	--	gen_context(system_u:object_r:shadow_t,s0)
-/etc/shadow.*		--	gen_context(system_u:object_r:shadow_t,s0)
-
-/sbin/pam_console_apply	 --	gen_context(system_u:object_r:pam_console_exec_t,s0)
-/sbin/pam_timestamp_check --	gen_context(system_u:object_r:pam_exec_t,s0)
-/sbin/unix_chkpwd	--	gen_context(system_u:object_r:chkpwd_exec_t,s0)
-/usr/sbin/validate	--	gen_context(system_u:object_r:chkpwd_exec_t,s0)
-/sbin/unix_update	--	gen_context(system_u:object_r:updpwd_exec_t,s0)
-/sbin/unix_verify	--	gen_context(system_u:object_r:chkpwd_exec_t,s0)
-ifdef(`distro_suse', `
-/sbin/unix2_chkpwd	--	gen_context(system_u:object_r:chkpwd_exec_t,s0)
-')
-
-/usr/kerberos/sbin/login\.krb5 -- gen_context(system_u:object_r:login_exec_t,s0)
-
-/usr/sbin/utempter	--	gen_context(system_u:object_r:utempter_exec_t,s0)
-ifdef(`distro_gentoo', `
-/usr/sbin/unix_chkpwd	--	gen_context(system_u:object_r:chkpwd_exec_t,s0)
-')
-
-/var/cache/coolkey(/.*)?	gen_context(system_u:object_r:auth_cache_t,s0)
-
-/var/db/shadow.*	--	gen_context(system_u:object_r:shadow_t,s0)
-
-/var/run/user(/.*)?		gen_context(system_u:object_r:var_auth_t,s0)
-/var/lib/abl(/.*)?		gen_context(system_u:object_r:var_auth_t,s0)
-/var/lib/pam_ssh(/.*)?		gen_context(system_u:object_r:var_auth_t,s0)
-
-/var/log/btmp.*		--	gen_context(system_u:object_r:faillog_t,s0)
-/var/log/dmesg		--	gen_context(system_u:object_r:var_log_t,s0)
-/var/log/faillog	--	gen_context(system_u:object_r:faillog_t,s0)
-/var/log/lastlog	--	gen_context(system_u:object_r:lastlog_t,s0)
-/var/log/syslog		--	gen_context(system_u:object_r:var_log_t,s0)
-/var/log/tallylog	--	gen_context(system_u:object_r:faillog_t,s0)
-/var/log/wtmp.*		--	gen_context(system_u:object_r:wtmp_t,s0)
-
-/var/run/console(/.*)?	 	gen_context(system_u:object_r:pam_var_console_t,s0)
-/var/run/pam_mount(/.*)?	gen_context(system_u:object_r:pam_var_run_t,s0)
-/var/run/pam_ssh(/.*)?		gen_context(system_u:object_r:var_auth_t,s0)
-/var/run/sepermit(/.*)? 	gen_context(system_u:object_r:pam_var_run_t,s0)
-/var/run/sudo(/.*)?		gen_context(system_u:object_r:pam_var_run_t,s0)
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
deleted file mode 100644
index c411b5e..0000000
--- a/policy/modules/system/authlogin.if
+++ /dev/null
@@ -1,1670 +0,0 @@
-## <summary>Common policy for authentication and user login.</summary>
-
-########################################
-## <summary>
-##	Role access for password authentication.
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_role',`
-	gen_require(`
-		type chkpwd_t, chkpwd_exec_t, shadow_t;
-	')
-
-	role $1 types chkpwd_t;
-
-	# Transition from the user domain to this domain.
-	domtrans_pattern($2, chkpwd_exec_t, chkpwd_t)
-
-	ps_process_pattern($2, chkpwd_t)
-
-	dontaudit $2 shadow_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Use PAM for authentication.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_use_pam',`
-
-	# for SSP/ProPolice
-	dev_read_urand($1)
-	# for encrypted homedir
-	dev_read_sysfs($1)
-
-	auth_domtrans_chk_passwd($1)
-	auth_domtrans_upd_passwd($1)
-	auth_dontaudit_read_shadow($1)
-	auth_read_login_records($1)
-	auth_append_login_records($1)
-	auth_rw_lastlog($1)
-	auth_rw_faillog($1)
-	auth_exec_pam($1)
-	auth_use_nsswitch($1)
-
-	init_rw_stream_sockets($1)
-
-	logging_send_audit_msgs($1)
-	logging_send_syslog_msg($1)
-
-	optional_policy(`
-		dbus_system_bus_client($1)
-
-		optional_policy(`
-			consolekit_dbus_chat($1)
-		')
-
-		optional_policy(`
-			fprintd_dbus_chat($1)
-		')
-	')
-
-	optional_policy(`
-		kerberos_manage_host_rcache($1)
-		kerberos_read_config($1)
-	')
-
-	optional_policy(`
-		nis_authenticate($1)
-	')
-')
-
-########################################
-## <summary>
-##	Make the specified domain used for a login program.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain type used for a login program domain.
-##	</summary>
-## </param>
-#
-interface(`auth_login_pgm_domain',`
-	gen_require(`
-		type var_auth_t, auth_cache_t;
-		attribute polydomain;
-	')
-
-	domain_type($1)
-	typeattribute $1 polydomain;
-
-	domain_subj_id_change_exemption($1)
-	domain_role_change_exemption($1)
-	domain_obj_id_change_exemption($1)
-	role system_r types $1;
-
-	# Needed for pam_selinux_permit to cleanup properly
-	domain_read_all_domains_state($1)
-	domain_kill_all_domains($1)
-
-	# pam_keyring
-	allow $1 self:capability ipc_lock;
-	allow $1 self:process setkeycreate;
-	allow $1 self:key manage_key_perms;
-	userdom_manage_all_users_keys($1)
-
-	files_list_var_lib($1)
-	manage_dirs_pattern($1, var_auth_t, var_auth_t)
-	manage_files_pattern($1, var_auth_t, var_auth_t)
-
-	manage_dirs_pattern($1, auth_cache_t, auth_cache_t)
-	manage_files_pattern($1, auth_cache_t, auth_cache_t)
-	manage_sock_files_pattern($1, auth_cache_t, auth_cache_t)
-	files_var_filetrans($1, auth_cache_t, dir)
-
-	# needed for afs - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=253321
-	kernel_rw_afs_state($1)
-
-	# for fingerprint readers
-	dev_rw_input_dev($1)
-	dev_rw_generic_usb_dev($1)
-
-	files_read_etc_files($1)
-
-	fs_list_auto_mountpoints($1)
-	fs_manage_cgroup_dirs($1)
-	fs_manage_cgroup_files($1)
-
-	selinux_get_fs_mount($1)
-	selinux_validate_context($1)
-	selinux_compute_access_vector($1)
-	selinux_compute_create_context($1)
-	selinux_compute_relabel_context($1)
-	selinux_compute_user_contexts($1)
-
-	mls_file_read_all_levels($1)
-	mls_file_write_all_levels($1)
-	mls_file_upgrade($1)
-	mls_file_downgrade($1)
-	mls_process_set_level($1)
-	mls_fd_share_all_levels($1)
-
-	auth_manage_pam_pid($1)
-	auth_use_pam($1)
-
-	init_rw_utmp($1)
-
-	logging_set_loginuid($1)
-	logging_set_tty_audit($1)
-
-	seutil_read_config($1)
-	seutil_read_default_contexts($1)
-
-	userdom_set_rlimitnh($1)
-	userdom_read_user_home_content_symlinks($1)
-	userdom_delete_user_tmp_files($1)
-	userdom_search_admin_dir($1)
-
-	optional_policy(`
-		afs_rw_udp_sockets($1)
-	')
-
-	optional_policy(`
-		kerberos_read_config($1)
-	')
-
-	optional_policy(`
-		oddjob_dbus_chat($1)
-		oddjob_domtrans_mkhomedir($1)
-	')
-
-	optional_policy(`
-		corecmd_exec_bin($1)
-		storage_getattr_fixed_disk_dev($1)
-		mount_domtrans($1)
-	')
-
-	optional_policy(`
-		fprintd_dbus_chat($1)
-	')
-
-	optional_policy(`
-		ssh_agent_exec($1)
-		ssh_read_user_home_files($1)
-		userdom_read_user_home_content_files($1)
-	')
-')
-
-########################################
-## <summary>
-##	Use the login program as an entry point program.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_login_entry_type',`
-	gen_require(`
-		type login_exec_t;
-	')
-
-	domain_entry_file($1, login_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute a login_program in the target domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the login_program process.
-##	</summary>
-## </param>
-#
-interface(`auth_domtrans_login_program',`
-	gen_require(`
-		type login_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, login_exec_t,$2)
-')
-
-########################################
-## <summary>
-##	Execute a login_program in the target domain,
-##	with a range transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the login_program process.
-##	</summary>
-## </param>
-## <param name="range">
-##	<summary>
-##	Range of the login program.
-##	</summary>
-## </param>
-#
-interface(`auth_ranged_domtrans_login_program',`
-	gen_require(`
-		type login_exec_t;
-	')
-
-	auth_domtrans_login_program($1,$2)
-
-	ifdef(`enable_mcs',`
-		range_transition $1 login_exec_t:process $3;
-	')
-
-	ifdef(`enable_mls',`
-		range_transition $1 login_exec_t:process $3;
-	')
-')
-
-########################################
-## <summary>
-##	Search authentication cache
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_search_cache',`
-	gen_require(`
-		type auth_cache_t;
-	')
-
-	allow $1 auth_cache_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read authentication cache
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_read_cache',`
-	gen_require(`
-		type auth_cache_t;
-	')
-
-	read_files_pattern($1, auth_cache_t, auth_cache_t)
-')
-
-########################################
-## <summary>
-##	Read/Write authentication cache
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_rw_cache',`
-	gen_require(`
-		type auth_cache_t;
-	')
-
-	rw_files_pattern($1, auth_cache_t, auth_cache_t)
-')
-
-########################################
-## <summary>
-##	Manage authentication cache
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_manage_cache',`
-	gen_require(`
-		type auth_cache_t;
-	')
-
-	manage_dirs_pattern($1, auth_cache_t, auth_cache_t)
-	manage_files_pattern($1, auth_cache_t, auth_cache_t)
-')
-
-#######################################
-## <summary>
-##	Automatic transition from cache_t to cache.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_var_filetrans_cache',`
-	gen_require(`
-		type auth_cache_t;
-	')
-
-	files_var_filetrans($1, auth_cache_t, { file dir } )
-')
-
-########################################
-## <summary>
-##	Run unix_chkpwd to check a password.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`auth_domtrans_chk_passwd',`
-	gen_require(`
-		type chkpwd_t, chkpwd_exec_t, shadow_t;
-		type auth_cache_t;
-	')
-
-	allow $1 auth_cache_t:dir search_dir_perms;
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, chkpwd_exec_t, chkpwd_t)
-
-	dontaudit $1 shadow_t:file read_file_perms;
-
-	dev_read_rand($1)
-	dev_read_urand($1)
-
-	auth_use_nsswitch($1)
-	auth_rw_faillog($1)
-
-	logging_send_audit_msgs($1)
-
-	miscfiles_read_generic_certs($1)
-
-	optional_policy(`
-		kerberos_read_keytab($1)
-		kerberos_connect_524($1)
-	')
-
-	optional_policy(`
-		pcscd_manage_pub_files($1)
-		pcscd_manage_pub_pipes($1)
-		pcscd_stream_connect($1)
-	')
-
-	optional_policy(`
-		samba_stream_connect_winbind($1)
-	')
-	auth_domtrans_upd_passwd($1)
-')
-
-########################################
-## <summary>
-##	Run unix_chkpwd to check a password.
-## 	Stripped down version to be called within boolean
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`auth_domtrans_chkpwd',`
-	gen_require(`
-		type chkpwd_t, chkpwd_exec_t, shadow_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, chkpwd_exec_t, chkpwd_t)
-	dontaudit $1 shadow_t:file { getattr read };
-	auth_domtrans_upd_passwd($1)
-')
-
-########################################
-## <summary>
-##	Execute chkpwd programs in the chkpwd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the chkpwd domain.
-##	</summary>
-## </param>
-#
-interface(`auth_run_chk_passwd',`
-	gen_require(`
-		type chkpwd_t;
-	')
-
-	auth_domtrans_chk_passwd($1)
-	role $2 types chkpwd_t;
-	auth_run_upd_passwd($1, $2)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run unix_update.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`auth_domtrans_upd_passwd',`
-	gen_require(`
-		type updpwd_t, updpwd_exec_t;
-	')
-
-	domtrans_pattern($1, updpwd_exec_t, updpwd_t)
-	auth_dontaudit_read_shadow($1)
-
-')
-
-########################################
-## <summary>
-##	Execute updpwd programs in the updpwd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the updpwd domain.
-##	</summary>
-## </param>
-#
-interface(`auth_run_upd_passwd',`
-	gen_require(`
-		type updpwd_t;
-	')
-
-	auth_domtrans_upd_passwd($1)
-	role $2 types updpwd_t;
-')
-
-########################################
-## <summary>
-##	Get the attributes of the shadow passwords file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_getattr_shadow',`
-	gen_require(`
-		type shadow_t;
-	')
-
-	files_search_etc($1)
-	allow $1 shadow_t:file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of the shadow passwords file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`auth_dontaudit_getattr_shadow',`
-	gen_require(`
-		type shadow_t;
-	')
-
-	dontaudit $1 shadow_t:file getattr;
-')
-
-########################################
-## <summary>
-##	Read the shadow passwords file (/etc/shadow)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: these next three interfaces are split 
-# since typeattribute does not work in conditionals
-# yet, otherwise they should be one interface.
-# 
-interface(`auth_read_shadow',`
-	auth_can_read_shadow_passwords($1)
-	auth_tunable_read_shadow($1)
-')
-
-########################################
-## <summary>
-##	Pass shadow assertion for reading.
-## </summary>
-## <desc>
-##	<p>
-##	Pass shadow assertion for reading.
-##	This should only be used with
-##	auth_tunable_read_shadow(), and
-##	only exists because typeattribute
-##	does not work in conditionals.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_can_read_shadow_passwords',`
-	gen_require(`
-		attribute can_read_shadow_passwords;
-	')
-
-	typeattribute $1 can_read_shadow_passwords;
-')
-
-########################################
-## <summary>
-##	Read the shadow password file.
-## </summary>
-## <desc>
-##	<p>
-##	Read the shadow password file.  This
-##	should only be used in a conditional;
-##	it does not pass the reading shadow
-##	assertion.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_tunable_read_shadow',`
-	gen_require(`
-		type shadow_t;
-	')
-
-	files_list_etc($1)
-	allow $1 shadow_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read the shadow
-##	password file (/etc/shadow).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`auth_dontaudit_read_shadow',`
-	gen_require(`
-		type shadow_t;
-	')
-
-	dontaudit $1 shadow_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write the shadow password file (/etc/shadow).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_rw_shadow',`
-	gen_require(`
-		attribute can_read_shadow_passwords, can_write_shadow_passwords;
-		type shadow_t;
-	')
-
-	files_list_etc($1)
-	allow $1 shadow_t:file rw_file_perms;
-	typeattribute $1 can_read_shadow_passwords, can_write_shadow_passwords;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete the shadow
-##	password file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_manage_shadow',`
-	gen_require(`
-		attribute can_read_shadow_passwords, can_write_shadow_passwords;
-		type shadow_t;
-	')
-
-	allow $1 shadow_t:file manage_file_perms;
-	typeattribute $1 can_read_shadow_passwords, can_write_shadow_passwords;
-')
-
-#######################################
-## <summary>
-##	Automatic transition from etc to shadow.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_etc_filetrans_shadow',`
-	gen_require(`
-		type shadow_t;
-	')
-
-	files_etc_filetrans($1, shadow_t, file)
-')
-
-#######################################
-## <summary>
-##	Relabel to the shadow
-##	password file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_relabelto_shadow',`
-	gen_require(`
-		attribute can_relabelto_shadow_passwords;
-		type shadow_t;
-	')
-
-	files_search_etc($1)
-	allow $1 shadow_t:file relabelto;
-	typeattribute $1 can_relabelto_shadow_passwords;
-')
-
-#######################################
-## <summary>
-##	Relabel from and to the shadow
-##	password file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_relabel_shadow',`
-	gen_require(`
-		attribute can_relabelto_shadow_passwords;
-		type shadow_t;
-	')
-
-	files_search_etc($1)
-	allow $1 shadow_t:file relabel_file_perms;
-	typeattribute $1 can_relabelto_shadow_passwords;
-')
-
-#######################################
-## <summary>
-##	Append to the login failure log.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_append_faillog',`
-	gen_require(`
-		type faillog_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 faillog_t:file append_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write the login failure log.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_rw_faillog',`
-	gen_require(`
-		type faillog_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 faillog_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Manage the login failure log.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_manage_faillog',`
-	gen_require(`
-		type faillog_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 faillog_t:file manage_file_perms;
-')
-
-#######################################
-## <summary>
-##	Read the last logins log.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`auth_read_lastlog',`
-	gen_require(`
-		type lastlog_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 lastlog_t:file read_file_perms;
-')
-
-#######################################
-## <summary>
-##	Append only to the last logins log.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_append_lastlog',`
-	gen_require(`
-		type lastlog_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 lastlog_t:file { append_file_perms lock };
-')
-
-#######################################
-## <summary>
-##	Read and write to the last logins log.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_rw_lastlog',`
-	gen_require(`
-		type lastlog_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 lastlog_t:file { rw_file_perms lock setattr };
-')
-
-########################################
-## <summary>
-##	Execute pam programs in the pam domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`auth_domtrans_pam',`
-	gen_require(`
-		type pam_t, pam_exec_t;
-	')
-
-	domtrans_pattern($1, pam_exec_t, pam_t)
-')
-
-########################################
-## <summary>
-##	Send generic signals to pam processes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_signal_pam',`
-	gen_require(`
-		type pam_t;
-	')
-
-	allow $1 pam_t:process signal;
-')
-
-########################################
-## <summary>
-##	Execute pam programs in the PAM domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the PAM domain.
-##	</summary>
-## </param>
-#
-interface(`auth_run_pam',`
-	gen_require(`
-		type pam_t;
-	')
-
-	auth_domtrans_pam($1)
-	role $2 types pam_t;
-')
-
-########################################
-## <summary>
-##	Execute the pam program.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_exec_pam',`
-	gen_require(`
-		type pam_exec_t;
-	')
-
-	can_exec($1, pam_exec_t)
-')
-
-########################################
-## <summary>
-##	Read var auth files. Used by various other applications
-##	and pam applets etc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_read_var_auth',`
-	gen_require(`
-		type var_auth_t;
-	')
-
-	files_search_var($1)
-	read_files_pattern($1, var_auth_t, var_auth_t)
-')
-
-########################################
-## <summary>
-##	Manage var auth files. Used by various other applications
-##	and pam applets etc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_manage_var_auth',`
-	gen_require(`
-		type var_auth_t;
-	')
-
-	files_search_var($1)
-	allow $1 var_auth_t:dir manage_dir_perms;
-	allow $1 var_auth_t:file rw_file_perms;
-	allow $1 var_auth_t:lnk_file rw_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Read PAM PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_read_pam_pid',`
-	gen_require(`
-		type pam_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 pam_var_run_t:dir list_dir_perms;
-	allow $1 pam_var_run_t:file read_file_perms;
-')
-
-#######################################
-## <summary>
-##	Do not audit attemps to read PAM PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`auth_dontaudit_read_pam_pid',`
-	gen_require(`
-		type pam_var_run_t;
-	')
-
-	dontaudit $1 pam_var_run_t:file { getattr read };
-')
-
-########################################
-## <summary>
-##	Delete pam PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_delete_pam_pid',`
-	gen_require(`
-		type pam_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 pam_var_run_t:dir del_entry_dir_perms;
-	allow $1 pam_var_run_t:file delete_file_perms;
-')
-
-########################################
-## <summary>
-##	Manage pam PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_manage_pam_pid',`
-	gen_require(`
-		type pam_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 pam_var_run_t:dir manage_dir_perms;
-	allow $1 pam_var_run_t:file manage_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute pam_console with a domain transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`auth_domtrans_pam_console',`
-	gen_require(`
-		type pam_console_t, pam_console_exec_t;
-	')
-
-	domtrans_pattern($1, pam_console_exec_t, pam_console_t)
-')
-
-########################################
-## <summary>
-##	Search the contents of the
-##	pam_console data directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_search_pam_console_data',`
-	gen_require(`
-		type pam_var_console_t;
-	')
-
-	files_search_pids($1)
-	allow $1 pam_var_console_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List the contents of the pam_console
-##	data directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_list_pam_console_data',`
-	gen_require(`
-		type pam_var_console_t;
-	')
-
-	files_search_pids($1)
-	allow $1 pam_var_console_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read pam_console data files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_read_pam_console_data',`
-	gen_require(`
-		type pam_var_console_t;
-	')
-
-	files_search_pids($1)
-	allow $1 pam_var_console_t:dir list_dir_perms;
-	allow $1 pam_var_console_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	pam_console data files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_manage_pam_console_data',`
-	gen_require(`
-		type pam_var_console_t;
-	')
-
-	files_search_pids($1)
-	manage_files_pattern($1, pam_var_console_t, pam_var_console_t)
-	manage_lnk_files_pattern($1, pam_var_console_t, pam_var_console_t)
-')
-
-#######################################
-## <summary>
-##	Delete pam_console data.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_delete_pam_console_data',`
-	gen_require(`
-		type pam_var_console_t;
-	')
-
-	files_search_var($1)
-	files_search_pids($1)
-	delete_files_pattern($1, pam_var_console_t, pam_var_console_t)
-')
-
-########################################
-## <summary>
-##	Read all directories on the filesystem, except
-##	the shadow passwords and listed exceptions.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="exception_types" optional="true">
-##	<summary>
-##	The types to be excluded.  Each type or attribute
-##	must be negated by the caller.
-##	</summary>
-## </param>
-#
-interface(`auth_read_all_dirs_except_shadow',`
-	gen_require(`
-		type shadow_t;
-	')
-
-	files_read_all_dirs_except($1,$2 -shadow_t)
-')
-
-########################################
-## <summary>
-##	Read all files on the filesystem, except
-##	the shadow passwords and listed exceptions.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="exception_types" optional="true">
-##	<summary>
-##	The types to be excluded.  Each type or attribute
-##	must be negated by the caller.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`auth_read_all_files_except_shadow',`
-	gen_require(`
-		type shadow_t;
-	')
-
-	files_read_all_files_except($1,$2 -shadow_t)
-')
-
-########################################
-## <summary>
-##	Read all symbolic links on the filesystem, except
-##	the shadow passwords and listed exceptions.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="exception_types" optional="true">
-##	<summary>
-##	The types to be excluded.  Each type or attribute
-##	must be negated by the caller.
-##	</summary>
-## </param>
-#
-interface(`auth_read_all_symlinks_except_shadow',`
-	gen_require(`
-		type shadow_t;
-	')
-
-	files_read_all_symlinks_except($1,$2 -shadow_t)
-')
-
-########################################
-## <summary>
-##	Relabel all files on the filesystem, except
-##	the shadow passwords and listed exceptions.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="exception_types" optional="true">
-##	<summary>
-##	The types to be excluded.  Each type or attribute
-##	must be negated by the caller.
-##	</summary>
-## </param>
-#
-
-interface(`auth_relabel_all_files_except_shadow',`
-	gen_require(`
-		type shadow_t;
-	')
-
-	files_relabel_all_files($1,$2 -shadow_t)
-')
-
-########################################
-## <summary>
-##	Read and write all files on the filesystem, except
-##	the shadow passwords and listed exceptions.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="exception_types" optional="true">
-##	<summary>
-##	The types to be excluded.  Each type or attribute
-##	must be negated by the caller.
-##	</summary>
-## </param>
-#
-
-interface(`auth_rw_all_files_except_shadow',`
-	gen_require(`
-		type shadow_t;
-	')
-
-	files_rw_all_files($1,$2 -shadow_t)
-')
-
-########################################
-## <summary>
-##	Manage all files on the filesystem, except
-##	the shadow passwords and listed exceptions.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="exception_types" optional="true">
-##	<summary>
-##	The types to be excluded.  Each type or attribute
-##	must be negated by the caller.
-##	</summary>
-## </param>
-#
-
-interface(`auth_manage_all_files_except_shadow',`
-	gen_require(`
-		type shadow_t;
-	')
-
-	files_manage_all_files($1,$2 -shadow_t)
-')
-
-########################################
-## <summary>
-##	Execute utempter programs in the utempter domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`auth_domtrans_utempter',`
-	gen_require(`
-		type utempter_t, utempter_exec_t;
-	')
-
-	domtrans_pattern($1, utempter_exec_t, utempter_t)
-')
-
-########################################
-## <summary>
-##	Execute utempter programs in the utempter domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the utempter domain.
-##	</summary>
-## </param>
-#
-interface(`auth_run_utempter',`
-	gen_require(`
-		type utempter_t;
-	')
-
-	auth_domtrans_utempter($1)
-	role $2 types utempter_t;
-')
-
-#######################################
-## <summary>
-##	Do not audit attemps to execute utempter executable.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`auth_dontaudit_exec_utempter',`
-	gen_require(`
-		type utempter_exec_t;
-	')
-
-	dontaudit $1 utempter_exec_t:file { execute execute_no_trans };
-')
-
-########################################
-## <summary>
-##	Set the attributes of login record files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_setattr_login_records',`
-	gen_require(`
-		type wtmp_t;
-	')
-
-	allow $1 wtmp_t:file setattr;
-	logging_search_logs($1)
-')
-
-########################################
-## <summary>
-##	Read login records files (/var/log/wtmp).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`auth_read_login_records',`
-	gen_require(`
-		type wtmp_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 wtmp_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read login records
-##	files (/var/log/wtmp).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`auth_dontaudit_read_login_records',`
-	gen_require(`
-		type wtmp_t;
-	')
-
-	dontaudit $1 wtmp_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write to
-##	login records files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`auth_dontaudit_write_login_records',`
-	gen_require(`
-		type wtmp_t;
-	')
-
-	dontaudit $1 wtmp_t:file write;
-')
-
-#######################################
-## <summary>
-##	Append to login records (wtmp).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_append_login_records',`
-	gen_require(`
-		type wtmp_t;
-	')
-
-	allow $1 wtmp_t:file append_file_perms;
-	logging_search_logs($1)
-')
-
-#######################################
-## <summary>
-##	Write to login records (wtmp).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_write_login_records',`
-	gen_require(`
-		type wtmp_t;
-	')
-
-	allow $1 wtmp_t:file { write_file_perms lock };
-')
-
-########################################
-## <summary>
-##	Read and write login records.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_rw_login_records',`
-	gen_require(`
-		type wtmp_t;
-	')
-
-	allow $1 wtmp_t:file rw_file_perms;
-	logging_search_logs($1)
-')
-
-########################################
-## <summary>
-##	Create a login records in the log directory
-##	using a type transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_log_filetrans_login_records',`
-	gen_require(`
-		type wtmp_t;
-	')
-
-	logging_log_filetrans($1, wtmp_t, file)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete login
-##	records files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_manage_login_records',`
-	gen_require(`
-		type wtmp_t;
-	')
-
-	logging_rw_generic_log_dirs($1)
-	allow $1 wtmp_t:file manage_file_perms;
-')
-
-########################################
-## <summary>
-##	Use nsswitch to look up user, password, group, or
-##	host information.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to look up user, password,
-##	group, or host information using the name service.
-##	The most common use of this interface is for services
-##	that do host name resolution (usually DNS resolution).
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`auth_use_nsswitch',`
-
-	allow $1 self:netlink_route_socket r_netlink_socket_perms;
-
-	files_list_var_lib($1)
-
-	# read /etc/nsswitch.conf
-	files_read_etc_files($1)
-
-	miscfiles_read_generic_certs($1)
-
-	sysnet_dns_name_resolve($1)
-	sysnet_use_ldap($1)
-
-	optional_policy(`
-		avahi_stream_connect($1)
-	')
-
-	optional_policy(`
-		ldap_stream_connect($1)
-	')
-
- 	optional_policy(`
-		likewise_stream_connect_lsassd($1)
-	')
-
-	optional_policy(`
-		kerberos_use($1)
-	')
-
-	optional_policy(`
-		nis_use_ypbind($1)
-	')
-
-	optional_policy(`
-		nscd_use($1)
-	')
-
-	optional_policy(`
-		nslcd_stream_connect($1)
-	')
-
-	optional_policy(`
-		sssd_stream_connect($1)
-	')
-
-	optional_policy(`
-		samba_stream_connect_winbind($1)
-		samba_read_var_files($1)
-		samba_dontaudit_write_var_files($1)
-	')
-')
-
-########################################
-## <summary>
-##	Unconfined access to the authlogin module.
-## </summary>
-## <desc>
-##	<p>
-##	Unconfined access to the authlogin module.
-##	</p>
-##	<p>
-##	Currently, this only allows assertions for
-##	the shadow passwords file (/etc/shadow) to
-##	be passed.  No access is granted yet.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`auth_unconfined',`
-	gen_require(`
-		attribute can_read_shadow_passwords;
-		attribute can_write_shadow_passwords;
-		attribute can_relabelto_shadow_passwords;
-	')
-
-	typeattribute $1 can_read_shadow_passwords;
-	typeattribute $1 can_write_shadow_passwords;
-	typeattribute $1 can_relabelto_shadow_passwords;
-')
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
deleted file mode 100644
index ee0fe55..0000000
--- a/policy/modules/system/authlogin.te
+++ /dev/null
@@ -1,405 +0,0 @@
-policy_module(authlogin, 2.2.0)
-
-########################################
-#
-# Declarations
-#
-
-attribute can_read_shadow_passwords;
-attribute can_write_shadow_passwords;
-attribute can_relabelto_shadow_passwords;
-attribute polydomain;
-
-type auth_cache_t;
-logging_log_file(auth_cache_t)
-
-type chkpwd_t, can_read_shadow_passwords;
-type chkpwd_exec_t;
-typealias chkpwd_t alias { user_chkpwd_t staff_chkpwd_t sysadm_chkpwd_t };
-typealias chkpwd_t alias { auditadm_chkpwd_t secadm_chkpwd_t };
-application_domain(chkpwd_t, chkpwd_exec_t)
-role system_r types chkpwd_t;
-
-type faillog_t;
-logging_log_file(faillog_t)
-
-type lastlog_t;
-logging_log_file(lastlog_t)
-
-type login_exec_t;
-application_executable_file(login_exec_t)
-
-type pam_console_t;
-type pam_console_exec_t;
-init_system_domain(pam_console_t, pam_console_exec_t)
-role system_r types pam_console_t;
-
-type pam_t;
-domain_type(pam_t)
-role system_r types pam_t;
-
-type pam_exec_t;
-domain_entry_file(pam_t, pam_exec_t)
-
-type pam_tmp_t;
-files_tmp_file(pam_tmp_t)
-
-type pam_var_console_t;
-files_type(pam_var_console_t)
-
-type pam_var_run_t;
-files_pid_file(pam_var_run_t)
-
-type shadow_t;
-files_security_file(shadow_t)
-neverallow ~can_read_shadow_passwords shadow_t:file read;
-neverallow ~can_write_shadow_passwords shadow_t:file { create write };
-neverallow ~can_relabelto_shadow_passwords shadow_t:file relabelto;
-
-type updpwd_t;
-type updpwd_exec_t;
-domain_type(updpwd_t)
-domain_entry_file(updpwd_t, updpwd_exec_t)
-domain_obj_id_change_exemption(updpwd_t)
-role system_r types updpwd_t;
-
-type utempter_t;
-type utempter_exec_t;
-application_domain(utempter_t, utempter_exec_t)
-
-#
-# var_auth_t is the type of /var/lib/auth, usually
-# used for auth data in pam_able
-#
-type var_auth_t;
-files_type(var_auth_t)
-
-type wtmp_t;
-logging_log_file(wtmp_t)
-
-########################################
-#
-# Check password local policy
-#
-
-allow chkpwd_t self:capability { dac_override setuid };
-dontaudit chkpwd_t self:capability sys_tty_config;
-allow chkpwd_t self:process { getattr signal };
-
-allow chkpwd_t shadow_t:file read_file_perms;
-files_list_etc(chkpwd_t)
-
-# is_selinux_enabled
-kernel_read_system_state(chkpwd_t)
-
-domain_dontaudit_use_interactive_fds(chkpwd_t)
-
-dev_read_rand(chkpwd_t)
-dev_read_urand(chkpwd_t)
-
-files_read_etc_files(chkpwd_t)
-# for nscd
-files_dontaudit_search_var(chkpwd_t)
-
-fs_dontaudit_getattr_xattr_fs(chkpwd_t)
-
-term_dontaudit_use_console(chkpwd_t)
-term_dontaudit_use_unallocated_ttys(chkpwd_t)
-term_dontaudit_use_generic_ptys(chkpwd_t)
-term_dontaudit_use_all_ptys(chkpwd_t)
-
-auth_use_nsswitch(chkpwd_t)
-
-logging_send_audit_msgs(chkpwd_t)
-logging_send_syslog_msg(chkpwd_t)
-
-miscfiles_read_localization(chkpwd_t)
-
-seutil_read_config(chkpwd_t)
-seutil_dontaudit_use_newrole_fds(chkpwd_t)
-
-userdom_use_user_terminals(chkpwd_t)
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(chkpwd_t)
-	')
-')
-
-optional_policy(`
-	# apache leaks file descriptors
-	apache_dontaudit_rw_tcp_sockets(chkpwd_t)
-')
-
-optional_policy(`
-	kerberos_use(chkpwd_t)
-')
-
-optional_policy(`
-	nis_authenticate(chkpwd_t)
-')
-
-########################################
-#
-# PAM local policy
-#
-
-allow pam_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-dontaudit pam_t self:capability sys_tty_config;
-
-allow pam_t self:fd use;
-allow pam_t self:fifo_file rw_file_perms;
-allow pam_t self:unix_dgram_socket create_socket_perms; 
-allow pam_t self:unix_stream_socket rw_stream_socket_perms;
-allow pam_t self:unix_dgram_socket sendto;
-allow pam_t self:unix_stream_socket connectto;
-allow pam_t self:shm create_shm_perms;
-allow pam_t self:sem create_sem_perms;
-allow pam_t self:msgq create_msgq_perms;
-allow pam_t self:msg { send receive };
-
-delete_files_pattern(pam_t, pam_var_run_t, pam_var_run_t)
-read_files_pattern(pam_t, pam_var_run_t, pam_var_run_t)
-files_list_pids(pam_t)
-
-allow pam_t pam_tmp_t:dir manage_dir_perms;
-allow pam_t pam_tmp_t:file manage_file_perms;
-files_tmp_filetrans(pam_t, pam_tmp_t, { file dir })
-
-auth_use_nsswitch(pam_t)
-
-kernel_read_system_state(pam_t)
-
-files_read_etc_files(pam_t)
-
-fs_search_auto_mountpoints(pam_t)
-
-miscfiles_read_localization(pam_t)
-
-term_use_all_ttys(pam_t)
-term_use_all_ptys(pam_t)
-
-init_dontaudit_rw_utmp(pam_t)
-
-logging_send_syslog_msg(pam_t)
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(pam_t)
-	')
-')
-
-optional_policy(`
-	locallogin_use_fds(pam_t)
-')
-
-########################################
-#
-# PAM console local policy
-#
-
-allow pam_console_t self:capability { chown fowner fsetid };
-dontaudit pam_console_t self:capability sys_tty_config;
-
-allow pam_console_t self:process { sigchld sigkill sigstop signull signal };
-
-# for /var/run/console.lock checking
-read_files_pattern(pam_console_t, pam_var_console_t, pam_var_console_t)
-read_lnk_files_pattern(pam_console_t, pam_var_console_t, pam_var_console_t)
-dontaudit pam_console_t pam_var_console_t:file write;
-
-kernel_read_kernel_sysctls(pam_console_t)
-kernel_use_fds(pam_console_t)
-# Read /proc/meminfo
-kernel_read_system_state(pam_console_t)
-
-dev_read_sysfs(pam_console_t)
-dev_getattr_apm_bios_dev(pam_console_t)
-dev_setattr_apm_bios_dev(pam_console_t)
-dev_getattr_dri_dev(pam_console_t)
-dev_setattr_dri_dev(pam_console_t)
-dev_getattr_input_dev(pam_console_t)
-dev_setattr_input_dev(pam_console_t)
-dev_getattr_framebuffer_dev(pam_console_t)
-dev_setattr_framebuffer_dev(pam_console_t)
-dev_getattr_generic_usb_dev(pam_console_t)
-dev_setattr_generic_usb_dev(pam_console_t)
-dev_getattr_misc_dev(pam_console_t)
-dev_setattr_misc_dev(pam_console_t)
-dev_getattr_mouse_dev(pam_console_t)
-dev_setattr_mouse_dev(pam_console_t)
-dev_getattr_power_mgmt_dev(pam_console_t)
-dev_setattr_power_mgmt_dev(pam_console_t)
-dev_getattr_printer_dev(pam_console_t)
-dev_setattr_printer_dev(pam_console_t)
-dev_getattr_scanner_dev(pam_console_t)
-dev_setattr_scanner_dev(pam_console_t)
-dev_getattr_sound_dev(pam_console_t)
-dev_setattr_sound_dev(pam_console_t)
-dev_getattr_video_dev(pam_console_t)
-dev_setattr_video_dev(pam_console_t)
-dev_getattr_xserver_misc_dev(pam_console_t)
-dev_setattr_xserver_misc_dev(pam_console_t)
-dev_read_urand(pam_console_t)
-
-files_read_etc_files(pam_console_t)
-files_search_pids(pam_console_t)
-files_list_mnt(pam_console_t)
-files_dontaudit_search_isid_type_dirs(pam_console_t)
-# read /etc/mtab
-files_read_etc_runtime_files(pam_console_t)
-
-fs_list_auto_mountpoints(pam_console_t)
-fs_list_noxattr_fs(pam_console_t)
-fs_getattr_all_fs(pam_console_t)
-
-mls_file_read_all_levels(pam_console_t)
-mls_file_write_all_levels(pam_console_t)
-
-storage_getattr_fixed_disk_dev(pam_console_t)
-storage_setattr_fixed_disk_dev(pam_console_t)
-storage_getattr_removable_dev(pam_console_t)
-storage_setattr_removable_dev(pam_console_t)
-storage_getattr_scsi_generic_dev(pam_console_t)
-storage_setattr_scsi_generic_dev(pam_console_t)
-
-term_use_console(pam_console_t)
-term_use_all_ttys(pam_console_t)
-term_use_all_ptys(pam_console_t)
-term_setattr_console(pam_console_t)
-term_getattr_unallocated_ttys(pam_console_t)
-term_setattr_unallocated_ttys(pam_console_t)
-term_use_unallocated_ttys(pam_console_t)
-
-auth_use_nsswitch(pam_console_t)
-
-domain_use_interactive_fds(pam_console_t)
-
-init_use_fds(pam_console_t)
-init_use_script_ptys(pam_console_t)
-
-logging_send_syslog_msg(pam_console_t)
-
-miscfiles_read_localization(pam_console_t)
-miscfiles_read_generic_certs(pam_console_t)
-
-seutil_read_file_contexts(pam_console_t)
-
-userdom_dontaudit_use_unpriv_user_fds(pam_console_t)
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(pam_console_t)
-	')
-')
-
-optional_policy(`
-	gpm_getattr_gpmctl(pam_console_t)
-	gpm_setattr_gpmctl(pam_console_t)
-')
-
-optional_policy(`
-	hotplug_use_fds(pam_console_t)
-	hotplug_dontaudit_search_config(pam_console_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(pam_console_t)
-')
-
-optional_policy(`
-	udev_read_db(pam_console_t)
-')
-
-optional_policy(`
-	xserver_read_xdm_pid(pam_console_t)
-	xserver_dontaudit_write_log(pam_console_t)
-')
-
-########################################
-#
-# updpwd local policy
-#
-
-allow updpwd_t self:capability { chown dac_override };
-allow updpwd_t self:process setfscreate;
-allow updpwd_t self:fifo_file rw_fifo_file_perms;
-allow updpwd_t self:unix_stream_socket create_stream_socket_perms;
-allow updpwd_t self:unix_dgram_socket create_socket_perms;
-
-kernel_read_system_state(updpwd_t)
-
-dev_read_urand(updpwd_t)
-
-files_manage_etc_files(updpwd_t)
-
-term_dontaudit_use_console(updpwd_t)
-term_dontaudit_use_unallocated_ttys(updpwd_t)
-
-auth_manage_shadow(updpwd_t)
-auth_use_nsswitch(updpwd_t)
-
-logging_send_syslog_msg(updpwd_t)
-
-miscfiles_read_localization(updpwd_t)
-
-userdom_use_user_terminals(updpwd_t)
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(updpwd_t)
-	')
-')
-
-########################################
-#
-# Utempter local policy
-#
-
-allow utempter_t self:capability setgid;
-allow utempter_t self:unix_stream_socket create_stream_socket_perms;
-
-allow utempter_t wtmp_t:file rw_file_perms;
-
-dev_read_urand(utempter_t)
-
-files_read_etc_files(utempter_t)
-
-term_getattr_all_ttys(utempter_t)
-term_getattr_all_ptys(utempter_t)
-term_dontaudit_use_all_ttys(utempter_t)
-term_dontaudit_use_all_ptys(utempter_t)
-term_dontaudit_use_ptmx(utempter_t)
-
-init_rw_utmp(utempter_t)
-
-domain_use_interactive_fds(utempter_t)
-
-logging_search_logs(utempter_t)
-
-userdom_use_user_terminals(utempter_t)
-# Allow utemper to write to /tmp/.xses-*
-userdom_write_user_tmp_files(utempter_t)
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(utempter_t)
-	')
-')
-
-optional_policy(`
-	nscd_socket_use(utempter_t)
-')
-
-optional_policy(`
-	xserver_use_xdm_fds(utempter_t)
-	xserver_rw_xdm_pipes(utempter_t)
-')
-
-tunable_policy(`allow_polyinstantiation',`
-	files_polyinstantiate_all(polydomain)
-	userdom_manage_user_home_content_dirs(polydomain)
-	userdom_manage_user_home_content_files(polydomain)
-	userdom_relabelto_user_home_dirs(polydomain)
-	userdom_relabelto_user_home_files(polydomain)
-')
diff --git a/policy/modules/system/clock.fc b/policy/modules/system/clock.fc
deleted file mode 100644
index c5e05ca..0000000
--- a/policy/modules/system/clock.fc
+++ /dev/null
@@ -1,5 +0,0 @@
-
-/etc/adjtime		--	gen_context(system_u:object_r:adjtime_t,s0)
-
-/sbin/hwclock		--	gen_context(system_u:object_r:hwclock_exec_t,s0)
-
diff --git a/policy/modules/system/clock.if b/policy/modules/system/clock.if
deleted file mode 100644
index e2f6d93..0000000
--- a/policy/modules/system/clock.if
+++ /dev/null
@@ -1,100 +0,0 @@
-## <summary>Policy for reading and setting the hardware clock.</summary>
-
-########################################
-## <summary>
-##	Execute hwclock in the clock domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`clock_domtrans',`
-	gen_require(`
-		type hwclock_t, hwclock_exec_t;
-	')
-
-	domtrans_pattern($1, hwclock_exec_t, hwclock_t)
-')
-
-########################################
-## <summary>
-##	Execute hwclock in the clock domain, and
-##	allow the specified role the hwclock domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`clock_run',`
-	gen_require(`
-		type hwclock_t;
-	')
-
-	clock_domtrans($1)
-	role $2 types hwclock_t;
-')
-
-########################################
-## <summary>
-## 	Execute hwclock in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-## 	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`clock_exec',`
-	gen_require(`
-		type hwclock_exec_t;
-	')
-
-	can_exec($1, hwclock_exec_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write clock drift adjustments.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`clock_dontaudit_write_adjtime',`
-	gen_require(`
-		type adjtime_t;
-	')
-
-	dontaudit $1 adjtime_t:file write;
-')
-
-########################################
-## <summary>
-##	Read and write clock drift adjustments.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`clock_rw_adjtime',`
-	gen_require(`
-		type adjtime_t;
-	')
-
-	allow $1 adjtime_t:file rw_file_perms;
-	files_list_etc($1)
-')
diff --git a/policy/modules/system/clock.te b/policy/modules/system/clock.te
deleted file mode 100644
index b9ed25b..0000000
--- a/policy/modules/system/clock.te
+++ /dev/null
@@ -1,81 +0,0 @@
-policy_module(clock, 1.6.0)
-
-########################################
-#
-# Declarations
-#
-
-type adjtime_t;
-files_type(adjtime_t)
-
-type hwclock_t;
-type hwclock_exec_t;
-init_system_domain(hwclock_t, hwclock_exec_t)
-role system_r types hwclock_t;
-
-########################################
-#
-# Local policy
-#
-
-# Give hwclock the capabilities it requires.  dac_override is a surprise,
-# but hwclock does require it.
-allow hwclock_t self:capability { dac_override sys_rawio sys_time sys_tty_config };
-dontaudit hwclock_t self:capability sys_tty_config;
-allow hwclock_t self:process signal_perms;
-allow hwclock_t self:fifo_file rw_fifo_file_perms;
-
-# Allow hwclock to store & retrieve correction factors.
-allow hwclock_t adjtime_t:file { rw_file_perms setattr };
-
-kernel_read_kernel_sysctls(hwclock_t)
-kernel_read_system_state(hwclock_t)
-
-corecmd_exec_bin(hwclock_t)
-corecmd_exec_shell(hwclock_t)
-
-dev_read_sysfs(hwclock_t)
-dev_rw_realtime_clock(hwclock_t)
-
-files_read_etc_files(hwclock_t)
-# for when /usr is not mounted:
-files_dontaudit_search_isid_type_dirs(hwclock_t)
-
-fs_getattr_xattr_fs(hwclock_t)
-fs_search_auto_mountpoints(hwclock_t)
-
-term_dontaudit_use_console(hwclock_t)
-term_use_unallocated_ttys(hwclock_t)
-term_use_all_ttys(hwclock_t)
-term_use_all_ptys(hwclock_t)
-
-domain_use_interactive_fds(hwclock_t)
-
-init_use_fds(hwclock_t)
-init_use_script_ptys(hwclock_t)
-
-logging_send_audit_msgs(hwclock_t)
-logging_send_syslog_msg(hwclock_t)
-
-miscfiles_read_localization(hwclock_t)
-
-optional_policy(`
-	apm_append_log(hwclock_t)
-	apm_rw_stream_sockets(hwclock_t)
-')
-
-optional_policy(`
-	nscd_socket_use(hwclock_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(hwclock_t)
-')
-
-optional_policy(`
-	udev_read_db(hwclock_t)
-')
-
-optional_policy(`
-	userdom_dontaudit_use_unpriv_user_fds(hwclock_t)
-')
diff --git a/policy/modules/system/daemontools.fc b/policy/modules/system/daemontools.fc
deleted file mode 100644
index 26df050..0000000
--- a/policy/modules/system/daemontools.fc
+++ /dev/null
@@ -1,53 +0,0 @@
-#
-# /service
-#
-
-/service		-d	gen_context(system_u:object_r:svc_svc_t,s0)
-/service/.*			gen_context(system_u:object_r:svc_svc_t,s0)
-
-#
-# /usr
-#
-
-/usr/bin/envdir		--	gen_context(system_u:object_r:svc_run_exec_t,s0)
-/usr/bin/envuidgid	--	gen_context(system_u:object_r:svc_run_exec_t,s0)
-/usr/bin/fghack		--	gen_context(system_u:object_r:svc_run_exec_t,s0)
-/usr/bin/multilog	--	gen_context(system_u:object_r:svc_multilog_exec_t,s0)
-/usr/bin/pgrphack	--	gen_context(system_u:object_r:svc_run_exec_t,s0)
-/usr/bin/setlock		--	gen_context(system_u:object_r:svc_run_exec_t,s0)
-/usr/bin/setuidgid	--	gen_context(system_u:object_r:svc_run_exec_t,s0)
-/usr/bin/softlimit	--	gen_context(system_u:object_r:svc_run_exec_t,s0)
-/usr/bin/svc		--	gen_context(system_u:object_r:svc_start_exec_t,s0)
-/usr/bin/svok		--	gen_context(system_u:object_r:svc_start_exec_t,s0)
-/usr/bin/svscan		--	gen_context(system_u:object_r:svc_start_exec_t,s0)
-/usr/bin/svscanboot	--	gen_context(system_u:object_r:svc_start_exec_t,s0)
-/usr/bin/supervise	--	gen_context(system_u:object_r:svc_start_exec_t,s0)
-
-#
-# /var
-#
-
-/var/axfrdns(/.*)?		gen_context(system_u:object_r:svc_svc_t,s0)
-/var/axfrdns/run		--	gen_context(system_u:object_r:svc_run_exec_t,s0)
-/var/axfrdns/log/run	--	gen_context(system_u:object_r:svc_run_exec_t,s0)
-/var/axfrdns/env(/.*)?		gen_context(system_u:object_r:svc_conf_t,s0)
-
-/var/dnscache(/.*)?		gen_context(system_u:object_r:svc_svc_t,s0)
-/var/dnscache/env(/.*)?		gen_context(system_u:object_r:svc_conf_t,s0)
-/var/dnscache/run	--	gen_context(system_u:object_r:svc_run_exec_t,s0)
-/var/dnscache/log/run	--	gen_context(system_u:object_r:svc_run_exec_t,s0)
-
-/var/qmail/supervise(/.*)?	gen_context(system_u:object_r:svc_svc_t,s0)
-/var/qmail/supervise/.*/run --	gen_context(system_u:object_r:svc_run_exec_t,s0)
-/var/qmail/supervise/.*/log/run -- gen_context(system_u:object_r:svc_run_exec_t,s0)
-
-/var/service/.*			gen_context(system_u:object_r:svc_svc_t,s0)
-/var/service/.*/env(/.*)?	gen_context(system_u:object_r:svc_conf_t,s0)
-/var/service/.*/log/main(/.*)?	gen_context(system_u:object_r:svc_log_t,s0)
-/var/service/.*/log/run		gen_context(system_u:object_r:svc_run_exec_t,s0)
-/var/service/.*/run.*		gen_context(system_u:object_r:svc_run_exec_t,s0)
-
-/var/tinydns(/.*)?		gen_context(system_u:object_r:svc_svc_t,s0)
-/var/tinydns/run		--	gen_context(system_u:object_r:svc_run_exec_t,s0)
-/var/tinydns/log/run	--	gen_context(system_u:object_r:svc_run_exec_t,s0)
-/var/tinydns/env(/.*)?		gen_context(system_u:object_r:svc_conf_t,s0)
diff --git a/policy/modules/system/daemontools.if b/policy/modules/system/daemontools.if
deleted file mode 100644
index 81e5ed4..0000000
--- a/policy/modules/system/daemontools.if
+++ /dev/null
@@ -1,212 +0,0 @@
-## <summary>Collection of tools for managing UNIX services</summary>
-## <desc>
-##	<p>
-##		Policy for DJB's daemontools
-##	</p>
-## </desc>
-
-########################################
-## <summary>
-##	An ipc channel between the supervised domain and svc_start_t
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`daemontools_ipc_domain',`
-	gen_require(`
-		type svc_start_t;
-	')
-
-	allow $1 svc_start_t:process sigchld;
-	allow $1 svc_start_t:fd use;
-	allow $1 svc_start_t:fifo_file { read write getattr };
-	allow svc_start_t $1:process signal;
-')
-
-########################################
-## <summary>
-##	Define a specified domain as a supervised service.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="entrypoint">
-##	<summary>
-##	The type associated with the process program.
-##	</summary>
-## </param>
-#
-interface(`daemontools_service_domain',`
-	gen_require(`
-		type svc_run_t;
-	')
-
-	domain_auto_trans(svc_run_t, $2, $1)
-	daemontools_ipc_domain($1)
-
-	allow svc_run_t $1:process signal;
-	allow $1 svc_run_t:fd use;
-')
-
-########################################
-## <summary>
-##	Execute in the svc_start_t domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`daemontools_domtrans_start',`
-	gen_require(`
-		type svc_start_t, svc_start_exec_t;
-	')
-
-	domtrans_pattern($1, svc_start_exec_t, svc_start_t)
-')
-
-######################################
-## <summary>
-##  Execute svc_start in the svc_start domain, and
-##  allow the specified role the svc_start domain.
-## </summary>
-## <param name="domain">
-##  <summary>
-##  Domain allowed access.
-##  </summary>
-## </param>
-## <param name="role">
-##  <summary>
-##  The role to be allowed the svc_start domain.
-##  </summary>
-## </param>
-## <rolecap/>
-#
-interface(`daemonstools_run_start',`
-    gen_require(`
-        type svc_start_t;
-    ')
-
-    daemontools_domtrans_start($1)
-    role $2 types svc_start_t;
-')
-
-########################################
-## <summary>
-##	Execute in the svc_run_t domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`daemontools_domtrans_run',`
-	gen_require(`
-		type svc_run_t, svc_run_exec_t;
-	')
-
-	domtrans_pattern($1, svc_run_exec_t, svc_run_t)
-')
-
-########################################
-## <summary>
-##	Execute in the svc_multilog_t domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`daemontools_domtrans_multilog',`
-	gen_require(`
-		type svc_multilog_t, svc_multilog_exec_t;
-	')
-
-	domtrans_pattern($1, svc_multilog_exec_t, svc_multilog_t)
-')
-
-########################################
-## <summary>
-##	Allow a domain to read svc_svc_t files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`daemontools_read_svc',`
-	gen_require(`
-		type svc_svc_t;
-	')
-
-	allow $1 svc_svc_t:dir list_dir_perms;
-	allow $1 svc_svc_t:file read_file_perms;
-')
-
-######################################
-## <summary>
-##  Search svc_svc_t  directory.
-## </summary>
-## <param name="domain">
-##  <summary>
-##  Domain allowed access.
-##  </summary>
-## </param>
-#
-interface(`daemontools_search_svc_dir',`
-    gen_require(`
-        type svc_svc_t;
-    ')
-
-    allow $1 svc_svc_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Allow a domain to create svc_svc_t files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`daemontools_manage_svc',`
-	gen_require(`
-		type svc_svc_t;
-	')
-
-	allow $1 svc_svc_t:dir manage_dir_perms;
-	allow $1 svc_svc_t:fifo_file manage_fifo_file_perms;
-	allow $1 svc_svc_t:file manage_file_perms;
-	allow $1 svc_svc_t:lnk_file { read create };
-')
-
-######################################
-## <summary>
-##  Send a SIGCHLD signal to svc_run domain.
-## </summary>
-## <param name="domain">
-##  <summary>
-##  Domain allowed access.
-##  </summary>
-## </param>
-#
-interface(`daemontools_sigchld_run',`
-    gen_require(`
-        type svc_run_t;
-    ')
-
-    allow $1 svc_run_t:process sigchld;
-')
diff --git a/policy/modules/system/daemontools.te b/policy/modules/system/daemontools.te
deleted file mode 100644
index 699451c..0000000
--- a/policy/modules/system/daemontools.te
+++ /dev/null
@@ -1,130 +0,0 @@
-policy_module(daemontools, 1.2.0)
-
-########################################
-#
-# Declarations
-#
-
-type svc_conf_t;
-files_type(svc_conf_t)
-
-type svc_log_t;
-files_type(svc_log_t)
-
-type svc_multilog_t;
-type svc_multilog_exec_t;
-application_domain(svc_multilog_t, svc_multilog_exec_t)
-role system_r types svc_multilog_t;
-
-type svc_run_t;
-type svc_run_exec_t;
-application_domain(svc_run_t, svc_run_exec_t)
-role system_r types svc_run_t;
-
-type svc_start_t;
-type svc_start_exec_t;
-init_domain(svc_start_t, svc_start_exec_t)
-init_system_domain(svc_start_t, svc_start_exec_t)
-role system_r types svc_start_t;
-
-type svc_svc_t;
-files_type(svc_svc_t)
-
-########################################
-#
-# multilog local policy
-#
-
-# multilog creates /service/*/log/status
-manage_files_pattern(svc_multilog_t, svc_svc_t, svc_svc_t)
-
-term_write_console(svc_multilog_t)
-
-init_use_fds(svc_multilog_t)
-init_dontaudit_use_script_fds(svc_multilog_t)
-
-# writes to /var/log/*/*
-logging_manage_generic_logs(svc_multilog_t)
-
-daemontools_ipc_domain(svc_multilog_t)
-
-########################################
-#
-# local policy for binaries that impose 
-# a given environment to supervised daemons
-# ie. softlimit, setuidgid, envuidgid, envdir, fghack ..
-#
-
-allow svc_run_t self:capability { setgid setuid chown fsetid sys_resource };
-allow svc_run_t self:process setrlimit;
-allow svc_run_t self:fifo_file rw_fifo_file_perms;
-allow svc_run_t self:unix_stream_socket create_stream_socket_perms;
-
-allow svc_run_t svc_conf_t:dir list_dir_perms;
-allow svc_run_t svc_conf_t:file read_file_perms;
-
-can_exec(svc_run_t, svc_run_exec_t)
-
-kernel_read_system_state(svc_run_t)
-
-dev_read_urand(svc_run_t)
-
-corecmd_exec_bin(svc_run_t)
-corecmd_exec_shell(svc_run_t)
-
-term_write_console(svc_run_t)
-
-files_read_etc_files(svc_run_t)
-files_read_etc_runtime_files(svc_run_t)
-files_search_pids(svc_run_t)
-files_search_var_lib(svc_run_t)
-
-init_use_script_fds(svc_run_t)
-init_use_fds(svc_run_t)
-
-daemontools_domtrans_multilog(svc_run_t)
-daemontools_read_svc(svc_run_t)
-
-optional_policy(`
-	qmail_read_config(svc_run_t)
-')
-
-########################################
-#
-# local policy for service monitoring programs
-# ie svc, svscan, supervise ...
-#
-
-allow svc_start_t svc_run_t:process { signal setrlimit };
-
-allow svc_start_t self:fifo_file rw_fifo_file_perms;
-allow svc_start_t self:capability kill;
-allow svc_start_t self:tcp_socket create_stream_socket_perms;
-allow svc_start_t self:unix_stream_socket create_socket_perms;
-
-can_exec(svc_start_t, svc_start_exec_t)
-
-mmap_files_pattern(svc_start_t, svc_svc_t, svc_svc_t)
-
-kernel_read_kernel_sysctls(svc_start_t)
-kernel_read_system_state(svc_start_t)
-
-corecmd_exec_bin(svc_start_t)
-corecmd_exec_shell(svc_start_t)
-
-corenet_tcp_bind_generic_node(svc_start_t)
-corenet_tcp_bind_generic_port(svc_start_t)
-
-term_write_console(svc_start_t)
-
-files_read_etc_files(svc_start_t)
-files_read_etc_runtime_files(svc_start_t)
-files_search_var(svc_start_t)
-files_search_pids(svc_start_t)
-
-logging_send_syslog_msg(svc_start_t)
-
-miscfiles_read_localization(svc_start_t)
-
-daemontools_domtrans_run(svc_start_t)
-daemontools_manage_svc(svc_start_t)
diff --git a/policy/modules/system/fstools.fc b/policy/modules/system/fstools.fc
deleted file mode 100644
index dd65c15..0000000
--- a/policy/modules/system/fstools.fc
+++ /dev/null
@@ -1,45 +0,0 @@
-/sbin/blkid		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/blockdev		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/cfdisk		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/dosfsck		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/dump		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/dumpe2fs		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/e2fsck		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/e4fsck		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/e2label		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/fdisk		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/findfs		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/fsck.*		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/hdparm		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/install-mbr	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/jfs_.*		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/losetup.*		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/lsraid		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/make_reiser4	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/mkdosfs		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/mke2fs		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/mke4fs		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/mkfs.*		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/mkraid		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/mkreiserfs	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/parted		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/partprobe		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/partx		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/raidautorun	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/raidstart		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/reiserfs(ck|tune)	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/resize.*fs	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/scsi_info		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/sfdisk		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/swapon.*		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/tune2fs		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-
-/usr/bin/partition_uuid	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/usr/bin/raw		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/usr/bin/scsi_unique_id	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/usr/bin/syslinux	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-
-/usr/sbin/clubufflush	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/usr/sbin/smartctl	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-
-/var/log/fsck(/.*)?		gen_context(system_u:object_r:fsadm_log_t,s0)
diff --git a/policy/modules/system/fstools.if b/policy/modules/system/fstools.if
deleted file mode 100644
index 016a770..0000000
--- a/policy/modules/system/fstools.if
+++ /dev/null
@@ -1,156 +0,0 @@
-## <summary>Tools for filesystem management, such as mkfs and fsck.</summary>
-
-########################################
-## <summary>
-##	Execute fs tools in the fstools domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`fstools_domtrans',`
-	gen_require(`
-		type fsadm_t, fsadm_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, fsadm_exec_t, fsadm_t)
-')
-
-########################################
-## <summary>
-##	Execute fs tools in the fstools domain, and
-##	allow the specified role the fs tools domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`fstools_run',`
-	gen_require(`
-		type fsadm_t;
-	')
-
-	fstools_domtrans($1)
-	role $2 types fsadm_t;
-')
-
-########################################
-## <summary>
-##	Execute fsadm in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fstools_exec',`
-	gen_require(`
-		type fsadm_exec_t;
-	')
-
-	can_exec($1, fsadm_exec_t)
-')
-
-########################################
-## <summary>
-##	Send signal to fsadm process
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fstools_signal',`
-	gen_require(`
-		type fsadm_t;
-	')
-
-	allow $1 fsadm_t:process signal;
-')
-
-########################################
-## <summary>
-##	Read fstools unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fstools_read_pipes',`
-	gen_require(`
-		type fsadm_t;
-	')
-
-	allow $1 fsadm_t:fifo_file read_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Relabel a file to the type used by the
-##	filesystem tools programs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fstools_relabelto_entry_files',`
-	gen_require(`
-		type fsadm_exec_t;
-	')
-
-	allow $1 fsadm_exec_t:file relabelto;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete a file used by the
-##	filesystem tools programs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fstools_manage_entry_files',`
-	gen_require(`
-		type fsadm_exec_t;
-	')
-
-	allow $1 fsadm_exec_t:file manage_file_perms;
-')
-
-########################################
-## <summary>
-##	Getattr swapfile
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fstools_getattr_swap_files',`
-	gen_require(`
-		type swapfile_t;
-	')
-
-	allow $1 swapfile_t:file getattr;
-')
diff --git a/policy/modules/system/fstools.te b/policy/modules/system/fstools.te
deleted file mode 100644
index 7cb7582..0000000
--- a/policy/modules/system/fstools.te
+++ /dev/null
@@ -1,196 +0,0 @@
-policy_module(fstools, 1.14.0)
-
-########################################
-#
-# Declarations
-#
-
-type fsadm_t;
-type fsadm_exec_t;
-init_system_domain(fsadm_t, fsadm_exec_t)
-role system_r types fsadm_t;
-
-type fsadm_log_t;
-logging_log_file(fsadm_log_t)
-
-type fsadm_tmp_t;
-files_tmp_file(fsadm_tmp_t)
-
-type swapfile_t; # customizable
-files_type(swapfile_t)
-
-########################################
-#
-# local policy
-#
-
-# ipc_lock is for losetup
-allow fsadm_t self:capability { ipc_lock sys_rawio sys_admin sys_resource sys_tty_config dac_override dac_read_search };
-allow fsadm_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execmem execheap };
-allow fsadm_t self:fd use;
-allow fsadm_t self:fifo_file rw_fifo_file_perms;
-allow fsadm_t self:sock_file read_sock_file_perms;
-allow fsadm_t self:unix_dgram_socket create_socket_perms;
-allow fsadm_t self:unix_stream_socket create_stream_socket_perms;
-allow fsadm_t self:unix_dgram_socket sendto;
-allow fsadm_t self:unix_stream_socket connectto;
-allow fsadm_t self:shm create_shm_perms;
-allow fsadm_t self:sem create_sem_perms;
-allow fsadm_t self:msgq create_msgq_perms;
-allow fsadm_t self:msg { send receive };
-
-can_exec(fsadm_t, fsadm_exec_t)
-
-allow fsadm_t fsadm_tmp_t:dir manage_dir_perms;
-allow fsadm_t fsadm_tmp_t:file manage_file_perms;
-files_tmp_filetrans(fsadm_t, fsadm_tmp_t, { file dir })
-
-# log files
-allow fsadm_t fsadm_log_t:dir setattr;
-manage_files_pattern(fsadm_t, fsadm_log_t, fsadm_log_t)
-logging_log_filetrans(fsadm_t, fsadm_log_t, file)
-
-# Enable swapping to files
-allow fsadm_t swapfile_t:file { rw_file_perms swapon };
-
-kernel_read_system_state(fsadm_t)
-kernel_read_kernel_sysctls(fsadm_t)
-kernel_request_load_module(fsadm_t)
-# Allow console log change (updfstab)
-kernel_change_ring_buffer_level(fsadm_t)
-# mkreiserfs needs this
-kernel_getattr_proc(fsadm_t)
-kernel_getattr_core_if(fsadm_t)
-# Access to /initrd devices
-kernel_rw_unlabeled_dirs(fsadm_t)
-kernel_rw_unlabeled_blk_files(fsadm_t)
-
-corecmd_exec_bin(fsadm_t)
-#RedHat bug #201164
-corecmd_exec_shell(fsadm_t)
-# cjp: these are probably not needed:
-corecmd_read_bin_files(fsadm_t)
-corecmd_read_bin_pipes(fsadm_t)
-corecmd_read_bin_sockets(fsadm_t)
-
-dev_getattr_all_chr_files(fsadm_t)
-dev_dontaudit_getattr_all_blk_files(fsadm_t)
-dev_dontaudit_getattr_generic_files(fsadm_t)
-# mkreiserfs and other programs need this for UUID
-dev_read_rand(fsadm_t)
-dev_read_urand(fsadm_t)
-# Recreate /dev/cdrom.
-dev_manage_generic_symlinks(fsadm_t)
-# fdisk needs this for early boot
-dev_manage_generic_blk_files(fsadm_t)
-# Access to /initrd devices
-dev_search_usbfs(fsadm_t)
-# for swapon
-dev_read_sysfs(fsadm_t)
-# Access to /initrd devices
-dev_getattr_usbfs_dirs(fsadm_t)
-# Access to /dev/mapper/control
-dev_rw_lvm_control(fsadm_t)
-
-domain_use_interactive_fds(fsadm_t)
-
-files_getattr_boot_dirs(fsadm_t)
-files_list_home(fsadm_t)
-files_read_usr_files(fsadm_t)
-files_read_etc_files(fsadm_t)
-files_manage_lost_found(fsadm_t)
-files_manage_isid_type_dirs(fsadm_t)
-# Write to /etc/mtab.
-files_manage_etc_runtime_files(fsadm_t)
-files_etc_filetrans_etc_runtime(fsadm_t, file)
-# Access to /initrd devices
-files_rw_isid_type_dirs(fsadm_t)
-files_rw_isid_type_blk_files(fsadm_t)
-files_read_isid_type_files(fsadm_t)
-
-fs_search_auto_mountpoints(fsadm_t)
-fs_getattr_xattr_fs(fsadm_t)
-fs_rw_ramfs_pipes(fsadm_t)
-fs_rw_tmpfs_files(fsadm_t)
-# remount file system to apply changes
-fs_remount_xattr_fs(fsadm_t)
-# for /dev/shm
-fs_search_tmpfs(fsadm_t)
-fs_getattr_tmpfs_dirs(fsadm_t)
-fs_read_tmpfs_symlinks(fsadm_t)
-fs_manage_nfs_files(fsadm_t)
-fs_manage_cifs_files(fsadm_t)
-fs_rw_hugetlbfs_files(fsadm_t)
-# Recreate /mnt/cdrom.
-files_manage_mnt_dirs(fsadm_t)
-# for tune2fs
-files_search_all(fsadm_t)
-
-mls_file_read_all_levels(fsadm_t)
-mls_file_write_all_levels(fsadm_t)
-
-storage_raw_read_fixed_disk(fsadm_t)
-storage_raw_write_fixed_disk(fsadm_t)
-storage_raw_read_removable_device(fsadm_t)
-storage_raw_write_removable_device(fsadm_t)
-storage_read_scsi_generic(fsadm_t)
-storage_swapon_fixed_disk(fsadm_t)
-
-term_use_console(fsadm_t)
-
-init_use_fds(fsadm_t)
-init_use_script_ptys(fsadm_t)
-init_dontaudit_getattr_initctl(fsadm_t)
-
-logging_send_syslog_msg(fsadm_t)
-
-miscfiles_read_localization(fsadm_t)
-
-modutils_read_module_config(fsadm_t)
-modutils_read_module_deps(fsadm_t)
-
-seutil_read_config(fsadm_t)
-
-term_use_all_terms(fsadm_t)
-
-ifdef(`distro_redhat',`
-	optional_policy(`
-		unconfined_domain(fsadm_t)
-	')
-')
-
-optional_policy(`
-	amanda_rw_dumpdates_files(fsadm_t)
-	amanda_append_log_files(fsadm_t)
-')
-
-optional_policy(`
-	# for smartctl cron jobs
-	cron_system_entry(fsadm_t, fsadm_exec_t)
-')
-
-optional_policy(`
-	hal_dontaudit_write_log(fsadm_t)
-')
-
-optional_policy(`
-	livecd_rw_tmp_files(fsadm_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(fsadm_t)
-')
-
-optional_policy(`
-	fs_dontaudit_write_ramfs_pipes(fsadm_t)
-	rhgb_stub(fsadm_t)
-')
-
-optional_policy(`
-	virt_read_blk_images(fsadm_t)
-')
-
-optional_policy(`
-	xen_append_log(fsadm_t)
-	xen_rw_image_files(fsadm_t)
-')
diff --git a/policy/modules/system/getty.fc b/policy/modules/system/getty.fc
deleted file mode 100644
index e1a1848..0000000
--- a/policy/modules/system/getty.fc
+++ /dev/null
@@ -1,12 +0,0 @@
-
-/etc/mgetty(/.*)?		gen_context(system_u:object_r:getty_etc_t,s0)
-
-/sbin/.*getty		--	gen_context(system_u:object_r:getty_exec_t,s0)
-
-/var/log/mgetty\.log.*	--	gen_context(system_u:object_r:getty_log_t,s0)
-/var/log/vgetty\.log\..* --	gen_context(system_u:object_r:getty_log_t,s0)
-
-/var/run/mgetty\.pid.*	--	gen_context(system_u:object_r:getty_var_run_t,s0)
-
-/var/spool/fax(/.*)?		gen_context(system_u:object_r:getty_var_run_t,s0)
-/var/spool/voice(/.*)?		gen_context(system_u:object_r:getty_var_run_t,s0)
diff --git a/policy/modules/system/getty.if b/policy/modules/system/getty.if
deleted file mode 100644
index e4376aa..0000000
--- a/policy/modules/system/getty.if
+++ /dev/null
@@ -1,98 +0,0 @@
-## <summary>Policy for getty.</summary>
-
-########################################
-## <summary>
-##	Execute gettys in the getty domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`getty_domtrans',`
-	gen_require(`
-		type getty_t, getty_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, getty_exec_t, getty_t)
-')
-
-########################################
-## <summary>
-##	Inherit and use getty file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`getty_use_fds',`
-	gen_require(`
-		type getty_t;
-	')
-
-	allow $1 getty_t:fd use;
-')
-
-########################################
-## <summary>
-##	Allow process to read getty log file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`getty_read_log',`
-	gen_require(`
-		type getty_log_t;
-	')
-
-	logging_search_logs($1)
-	allow $1 getty_log_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow process to read getty config file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`getty_read_config',`
-	gen_require(`
-		type getty_etc_t;
-	')
-
-	files_search_etc($1)
-	allow $1 getty_etc_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Allow process to edit getty config file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`getty_rw_config',`
-	gen_require(`
-		type getty_etc_t;
-	')
-
-	files_search_etc($1)
-	allow $1 getty_etc_t:file rw_file_perms;
-')
diff --git a/policy/modules/system/getty.te b/policy/modules/system/getty.te
deleted file mode 100644
index 55c2d03..0000000
--- a/policy/modules/system/getty.te
+++ /dev/null
@@ -1,135 +0,0 @@
-policy_module(getty, 1.8.0)
-
-########################################
-#
-# Declarations
-#
-
-type getty_t;
-type getty_exec_t;
-init_domain(getty_t, getty_exec_t)
-init_system_domain(getty_t, getty_exec_t)
-domain_interactive_fd(getty_t)
-
-type getty_etc_t;
-typealias getty_etc_t alias etc_getty_t;
-files_config_file(getty_etc_t)
-
-type getty_lock_t;
-files_lock_file(getty_lock_t)
-
-type getty_log_t;
-logging_log_file(getty_log_t)
-
-type getty_tmp_t;
-files_tmp_file(getty_tmp_t)
-
-type getty_var_run_t;
-files_pid_file(getty_var_run_t)
-
-########################################
-#
-# Getty local policy
-#
-
-# Use capabilities.
-allow getty_t self:capability { dac_override chown setgid sys_resource sys_tty_config fowner fsetid };
-dontaudit getty_t self:capability sys_tty_config;
-allow getty_t self:process { getpgid setpgid getsession signal_perms };
-allow getty_t self:fifo_file rw_fifo_file_perms;
-
-read_files_pattern(getty_t, getty_etc_t, getty_etc_t)
-read_lnk_files_pattern(getty_t, getty_etc_t, getty_etc_t)
-files_etc_filetrans(getty_t, getty_etc_t,{ file dir })
-
-allow getty_t getty_lock_t:file manage_file_perms;
-files_lock_filetrans(getty_t, getty_lock_t, file)
-
-allow getty_t getty_log_t:file manage_file_perms;
-logging_log_filetrans(getty_t, getty_log_t, file)
-
-allow getty_t getty_tmp_t:file manage_file_perms;
-allow getty_t getty_tmp_t:dir manage_dir_perms;
-files_tmp_filetrans(getty_t, getty_tmp_t, { file dir })
-
-manage_files_pattern(getty_t, getty_var_run_t, getty_var_run_t)
-files_pid_filetrans(getty_t, getty_var_run_t, file)
-
-kernel_read_system_state(getty_t)
-
-# these two needed for receiving faxes
-corecmd_exec_bin(getty_t)
-corecmd_exec_shell(getty_t)
-
-dev_read_sysfs(getty_t)
-
-files_rw_generic_pids(getty_t)
-files_read_etc_runtime_files(getty_t)
-files_read_etc_files(getty_t)
-files_search_spool(getty_t)
-
-fs_search_auto_mountpoints(getty_t)
-# for error condition handling
-fs_getattr_xattr_fs(getty_t)
-
-mcs_process_set_categories(getty_t)
-
-mls_file_read_all_levels(getty_t)
-mls_file_write_all_levels(getty_t)
-
-# Chown, chmod, read and write ttys.
-term_use_all_ttys(getty_t)
-term_use_unallocated_ttys(getty_t)
-term_setattr_all_ttys(getty_t)
-term_setattr_unallocated_ttys(getty_t)
-term_setattr_console(getty_t)
-term_use_console(getty_t)
-
-auth_rw_login_records(getty_t)
-
-init_rw_utmp(getty_t)
-init_use_script_ptys(getty_t)
-init_dontaudit_use_script_ptys(getty_t)
-
-locallogin_domtrans(getty_t)
-
-logging_send_syslog_msg(getty_t)
-
-miscfiles_read_localization(getty_t)
-
-ifdef(`distro_gentoo',`
-	# Gentoo default /etc/issue makes agetty
-	# do a DNS lookup for the hostname
-	sysnet_dns_name_resolve(getty_t)
-')
-
-ifdef(`distro_redhat',`
-	# getty requires sys_admin #209426
-	allow getty_t self:capability sys_admin;
-')
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(getty_t)
-	')
-')
-
-optional_policy(`
-	mta_send_mail(getty_t)
-')
-
-optional_policy(`
-	nscd_socket_use(getty_t)
-')
-
-optional_policy(`
-	ppp_domtrans(getty_t)
-')
-
-optional_policy(`
-	rhgb_dontaudit_use_ptys(getty_t)
-')
-
-optional_policy(`
-	udev_read_db(getty_t)
-')
diff --git a/policy/modules/system/hostname.fc b/policy/modules/system/hostname.fc
deleted file mode 100644
index 9dfecf7..0000000
--- a/policy/modules/system/hostname.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-
-/bin/hostname		--	gen_context(system_u:object_r:hostname_exec_t,s0)
diff --git a/policy/modules/system/hostname.if b/policy/modules/system/hostname.if
deleted file mode 100644
index 187f04f..0000000
--- a/policy/modules/system/hostname.if
+++ /dev/null
@@ -1,65 +0,0 @@
-## <summary>Policy for changing the system host name.</summary>
-
-########################################
-## <summary>
-##	Execute hostname in the hostname domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`hostname_domtrans',`
-	gen_require(`
-		type hostname_t, hostname_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, hostname_exec_t, hostname_t)
-')
-
-########################################
-## <summary>
-##	Execute hostname in the hostname domain, and
-##	allow the specified role the hostname domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`hostname_run',`
-	gen_require(`
-		type hostname_t;
-	')
-
-	hostname_domtrans($1)
-	role $2 types hostname_t;
-')
-
-########################################
-## <summary>
-##	Execute hostname in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-## 	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`hostname_exec',`
-	gen_require(`
-		type hostname_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, hostname_exec_t)
-')
diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
deleted file mode 100644
index 683494c..0000000
--- a/policy/modules/system/hostname.te
+++ /dev/null
@@ -1,71 +0,0 @@
-policy_module(hostname, 1.6.1)
-
-########################################
-#
-# Declarations
-#
-
-type hostname_t;
-type hostname_exec_t;
-init_system_domain(hostname_t, hostname_exec_t)
-role system_r types hostname_t;
-
-########################################
-#
-# Local policy
-#
-
-# for setting the hostname
-allow hostname_t self:process { sigchld sigkill sigstop signull signal };
-allow hostname_t self:capability sys_admin;
-allow hostname_t self:unix_stream_socket create_stream_socket_perms;
-dontaudit hostname_t self:capability sys_tty_config;
-
-kernel_list_proc(hostname_t)
-kernel_read_proc_symlinks(hostname_t)
-
-dev_read_sysfs(hostname_t)
-# Early devtmpfs, before udev relabel
-dev_dontaudit_rw_generic_chr_files(hostname_t)
-
-domain_dontaudit_leaks(hostname_t)
-domain_use_interactive_fds(hostname_t)
-
-files_read_etc_files(hostname_t)
-files_dontaudit_leaks(hostname_t)
-files_dontaudit_search_var(hostname_t)
-# for when /usr is not mounted:
-files_dontaudit_search_isid_type_dirs(hostname_t)
-
-fs_getattr_xattr_fs(hostname_t)
-fs_search_auto_mountpoints(hostname_t)
-fs_dontaudit_leaks(hostname_t)
-fs_dontaudit_use_tmpfs_chr_dev(hostname_t)
-
-term_dontaudit_use_console(hostname_t)
-term_use_all_ttys(hostname_t)
-term_use_all_ptys(hostname_t)
-
-init_use_fds(hostname_t)
-init_use_script_fds(hostname_t)
-init_use_script_ptys(hostname_t)
-
-logging_send_syslog_msg(hostname_t)
-
-miscfiles_read_localization(hostname_t)
-
-sysnet_read_config(hostname_t)
-sysnet_dns_name_resolve(hostname_t)
-
-optional_policy(`
-	nis_use_ypbind(hostname_t)
-')
-
-optional_policy(`
-	xen_append_log(hostname_t)
-	xen_dontaudit_use_fds(hostname_t)
-')
-
-optional_policy(`
-	unconfined_dontaudit_rw_pipes(hostname_t)
-')
diff --git a/policy/modules/system/hotplug.fc b/policy/modules/system/hotplug.fc
deleted file mode 100644
index caf736b..0000000
--- a/policy/modules/system/hotplug.fc
+++ /dev/null
@@ -1,11 +0,0 @@
-
-/etc/hotplug(/.*)?		gen_context(system_u:object_r:hotplug_etc_t,s0)
-/etc/hotplug/firmware\.agent --	gen_context(system_u:object_r:hotplug_exec_t,s0)
-
-/etc/hotplug\.d/.*	--	gen_context(system_u:object_r:hotplug_exec_t,s0)
-
-/sbin/hotplug		--	gen_context(system_u:object_r:hotplug_exec_t,s0)
-/sbin/netplugd		--	gen_context(system_u:object_r:hotplug_exec_t,s0)
-
-/var/run/usb(/.*)?		gen_context(system_u:object_r:hotplug_var_run_t,s0)
-/var/run/hotplug(/.*)?		gen_context(system_u:object_r:hotplug_var_run_t,s0)
diff --git a/policy/modules/system/hotplug.if b/policy/modules/system/hotplug.if
deleted file mode 100644
index 40eb10c..0000000
--- a/policy/modules/system/hotplug.if
+++ /dev/null
@@ -1,175 +0,0 @@
-## <summary>
-## Policy for hotplug system, for supporting the
-## connection and disconnection of devices at runtime.
-## </summary>
-
-########################################
-## <summary>
-##	Execute hotplug with a domain transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`hotplug_domtrans',`
-	gen_require(`
-		type hotplug_t, hotplug_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, hotplug_exec_t, hotplug_t)
-')
-
-########################################
-## <summary>
-##	Execute hotplug in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hotplug_exec',`
-	gen_require(`
-		type hotplug_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, hotplug_exec_t)
-')
-
-########################################
-## <summary>
-##	Inherit and use hotplug file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hotplug_use_fds',`
-	gen_require(`
-		type hotplug_t;
-	')
-
-	allow $1 hotplug_t:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to inherit
-##	hotplug file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`hotplug_dontaudit_use_fds',`
-	gen_require(`
-		type hotplug_t;
-	')
-
-	dontaudit $1 hotplug_t:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search the
-##	hotplug configuration directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`hotplug_dontaudit_search_config',`
-	gen_require(`
-		type hotplug_etc_t;
-	')
-
-	dontaudit $1 hotplug_etc_t:dir search;
-')
-
-########################################
-## <summary>
-##	Get the attributes of the hotplug configuration directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hotplug_getattr_config_dirs',`
-	gen_require(`
-		type hotplug_etc_t;
-	')
-
-	allow $1 hotplug_etc_t:dir getattr;
-')
-
-########################################
-## <summary>
-##	Search the hotplug configuration directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hotplug_search_config',`
-	gen_require(`
-		type hotplug_etc_t;
-	')
-
-	allow $1 hotplug_etc_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read the configuration files for hotplug.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`hotplug_read_config',`
-	gen_require(`
-		type hotplug_etc_t;
-	')
-
-	files_search_etc($1)
-	allow $1 hotplug_etc_t:dir list_dir_perms;
-	read_files_pattern($1, hotplug_etc_t, hotplug_etc_t)
-	read_lnk_files_pattern($1, hotplug_etc_t, hotplug_etc_t)
-')
-
-########################################
-## <summary>
-##	Search the hotplug PIDs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`hotplug_search_pids',`
-	gen_require(`
-		type hotplug_var_run_t;
-	')
-
-	allow $1 hotplug_var_run_t:dir search_dir_perms;
-	files_search_pids($1)
-')
diff --git a/policy/modules/system/hotplug.te b/policy/modules/system/hotplug.te
deleted file mode 100644
index 7c6933f..0000000
--- a/policy/modules/system/hotplug.te
+++ /dev/null
@@ -1,201 +0,0 @@
-policy_module(hotplug, 1.13.0)
-
-########################################
-#
-# Declarations
-#
-
-type hotplug_t;
-type hotplug_exec_t;
-kernel_domtrans_to(hotplug_t, hotplug_exec_t)
-init_daemon_domain(hotplug_t, hotplug_exec_t)
-
-type hotplug_etc_t;
-files_config_file(hotplug_etc_t)
-init_daemon_domain(hotplug_t, hotplug_etc_t)
-
-type hotplug_var_run_t;
-files_pid_file(hotplug_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow hotplug_t self:capability { net_admin sys_tty_config mknod sys_rawio };
-dontaudit hotplug_t self:capability { sys_module sys_admin sys_ptrace sys_tty_config };
-# for access("/etc/bashrc", X_OK) on Red Hat
-dontaudit hotplug_t self:capability { dac_override dac_read_search };
-allow hotplug_t self:process { setpgid getsession getattr signal_perms };
-allow hotplug_t self:fifo_file rw_file_perms;
-allow hotplug_t self:netlink_route_socket r_netlink_socket_perms;
-allow hotplug_t self:udp_socket create_socket_perms;
-allow hotplug_t self:tcp_socket connected_stream_socket_perms;
-
-read_files_pattern(hotplug_t, hotplug_etc_t, hotplug_etc_t)
-read_lnk_files_pattern(hotplug_t, hotplug_etc_t, hotplug_etc_t)
-can_exec(hotplug_t, hotplug_etc_t)
-allow hotplug_t hotplug_etc_t:dir list_dir_perms;
-
-can_exec(hotplug_t, hotplug_exec_t)
-
-manage_dirs_pattern(hotplug_t, hotplug_var_run_t, hotplug_var_run_t)
-manage_files_pattern(hotplug_t, hotplug_var_run_t, hotplug_var_run_t)
-files_pid_filetrans(hotplug_t, hotplug_var_run_t, { dir file })
-
-kernel_sigchld(hotplug_t)
-kernel_setpgid(hotplug_t)
-kernel_read_system_state(hotplug_t)
-kernel_read_network_state(hotplug_t)
-kernel_read_kernel_sysctls(hotplug_t)
-kernel_rw_net_sysctls(hotplug_t)
-
-files_read_kernel_modules(hotplug_t)
-
-corenet_all_recvfrom_unlabeled(hotplug_t)
-corenet_all_recvfrom_netlabel(hotplug_t)
-corenet_tcp_sendrecv_generic_if(hotplug_t)
-corenet_udp_sendrecv_generic_if(hotplug_t)
-corenet_tcp_sendrecv_generic_node(hotplug_t)
-corenet_udp_sendrecv_generic_node(hotplug_t)
-corenet_tcp_sendrecv_all_ports(hotplug_t)
-corenet_udp_sendrecv_all_ports(hotplug_t)
-
-dev_rw_sysfs(hotplug_t)
-dev_read_usbfs(hotplug_t)
-dev_setattr_printer_dev(hotplug_t)
-dev_setattr_sound_dev(hotplug_t)
-# for SSP:
-dev_read_urand(hotplug_t)
-
-fs_getattr_all_fs(hotplug_t)
-fs_search_auto_mountpoints(hotplug_t)
-
-storage_setattr_fixed_disk_dev(hotplug_t)
-storage_setattr_removable_dev(hotplug_t)
-
-corecmd_exec_bin(hotplug_t)
-corecmd_exec_shell(hotplug_t)
-
-domain_use_interactive_fds(hotplug_t)
-# for ps
-domain_dontaudit_read_all_domains_state(hotplug_t)
-domain_dontaudit_getattr_all_domains(hotplug_t)
-
-files_read_etc_files(hotplug_t)
-files_manage_etc_runtime_files(hotplug_t)
-files_etc_filetrans_etc_runtime(hotplug_t, file)
-files_exec_etc_files(hotplug_t)
-# for when filesystems are not mounted early in the boot:
-files_dontaudit_search_isid_type_dirs(hotplug_t)
-
-init_read_script_state(hotplug_t)
-# Allow hotplug (including /sbin/ifup-local) to start/stop services and
-# run sendmail -q
-init_domtrans_script(hotplug_t)
-# kernel threads inherit from shared descriptor table used by init
-init_dontaudit_rw_initctl(hotplug_t)
-
-logging_send_syslog_msg(hotplug_t)
-logging_search_logs(hotplug_t)
-
-# Read /usr/lib/gconv/.*
-libs_read_lib_files(hotplug_t)
-
-miscfiles_read_hwdata(hotplug_t)
-miscfiles_read_localization(hotplug_t)
-
-modutils_domtrans_insmod(hotplug_t)
-modutils_read_module_deps(hotplug_t)
-
-seutil_dontaudit_search_config(hotplug_t)
-
-sysnet_read_config(hotplug_t)
-
-userdom_dontaudit_use_unpriv_user_fds(hotplug_t)
-userdom_dontaudit_search_user_home_dirs(hotplug_t)
-
-ifdef(`distro_redhat', `
-	optional_policy(`
-		# for arping used for static IP addresses on PCMCIA ethernet
-		netutils_domtrans(hotplug_t)
-		netutils_signal(hotplug_t)
-		fs_rw_tmpfs_chr_files(hotplug_t)
-	')
-	files_getattr_generic_locks(hotplug_t)
-')
-
-optional_policy(`
-	brctl_domtrans(hotplug_t)
-')
-
-optional_policy(`
-	consoletype_exec(hotplug_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(hotplug_t)
-')
-
-optional_policy(`
-	fstools_domtrans(hotplug_t)
-')
-
-optional_policy(`
-	hal_dgram_send(hotplug_t)
-')
-
-optional_policy(`
-	hostname_exec(hotplug_t)
-')
-
-optional_policy(`
-	iptables_domtrans(hotplug_t)
-')
-
-optional_policy(`
-	mount_domtrans(hotplug_t)
-')
-
-optional_policy(`
-	mta_send_mail(hotplug_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(hotplug_t)
-')
-
-optional_policy(`
-	nscd_socket_use(hotplug_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(hotplug_t)
-')
-
-optional_policy(`
-	sysnet_domtrans_dhcpc(hotplug_t)
-	sysnet_signal_dhcpc(hotplug_t)
-	sysnet_kill_dhcpc(hotplug_t)
-	sysnet_signull_dhcpc(hotplug_t)
-	sysnet_sigstop_dhcpc(hotplug_t)
-	sysnet_sigchld_dhcpc(hotplug_t)
-	sysnet_read_dhcpc_pid(hotplug_t)
-	sysnet_rw_dhcp_config(hotplug_t)
-	sysnet_domtrans_ifconfig(hotplug_t)
-	sysnet_signal_ifconfig(hotplug_t)
-')
-
-optional_policy(`
-	udev_domtrans(hotplug_t)
-	udev_helper_domtrans(hotplug_t)
-	udev_read_db(hotplug_t)
-')
-
-optional_policy(`
-	updfstab_domtrans(hotplug_t)
-')
-
-optional_policy(`
-	usbmodules_domtrans(hotplug_t)
-')
diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
deleted file mode 100644
index b338481..0000000
--- a/policy/modules/system/init.fc
+++ /dev/null
@@ -1,77 +0,0 @@
-#
-# /etc
-#
-/etc/init\.d/.*		--	gen_context(system_u:object_r:initrc_exec_t,s0)
-
-/etc/rc\.d/rc		--	gen_context(system_u:object_r:initrc_exec_t,s0)
-/etc/rc\.d/rc\.[^/]+	--	gen_context(system_u:object_r:initrc_exec_t,s0)
-
-/etc/rc\.d/init\.d/.*	--	gen_context(system_u:object_r:initrc_exec_t,s0)
-/etc/sysconfig/network-scripts/ifup-ipsec -- gen_context(system_u:object_r:initrc_exec_t,s0)
-
-/etc/X11/prefdm		--	gen_context(system_u:object_r:initrc_exec_t,s0)
-
-ifdef(`distro_gentoo',`
-/etc/vmware/init\.d/vmware --	gen_context(system_u:object_r:initrc_exec_t,s0)
-/etc/x11/startDM\.sh	--	gen_context(system_u:object_r:initrc_exec_t,s0)
-')
-
-#
-# /dev
-#
-/dev/initctl		-p	gen_context(system_u:object_r:initctl_t,s0)
-
-#
-# /sbin
-#
-/bin/systemd		--	gen_context(system_u:object_r:init_exec_t,s0)
-
-#
-# /sbin
-#
-/sbin/init(ng)?		--	gen_context(system_u:object_r:init_exec_t,s0)
-/sbin/upstart		--	gen_context(system_u:object_r:init_exec_t,s0)
-
-ifdef(`distro_gentoo', `
-/sbin/rc		--	gen_context(system_u:object_r:initrc_exec_t,s0)
-/sbin/runscript		--	gen_context(system_u:object_r:initrc_exec_t,s0)
-/sbin/runscript\.sh	--	gen_context(system_u:object_r:initrc_exec_t,s0)
-/sbin/runsvcscript\.sh	--	gen_context(system_u:object_r:initrc_exec_t,s0)
-/sbin/svcinit		--	gen_context(system_u:object_r:initrc_exec_t,s0)
-')
-
-#
-# /usr
-#
-/usr/bin/sepg_ctl	--	gen_context(system_u:object_r:initrc_exec_t,s0)
-
-/usr/libexec/dcc/start-.* --	gen_context(system_u:object_r:initrc_exec_t,s0)
-/usr/libexec/dcc/stop-.* --	gen_context(system_u:object_r:initrc_exec_t,s0)
-
-/usr/sbin/apachectl	-- 	gen_context(system_u:object_r:initrc_exec_t,s0)
-/usr/sbin/open_init_pty	--	gen_context(system_u:object_r:initrc_exec_t,s0)
-/usr/sbin/startx	-- 	gen_context(system_u:object_r:initrc_exec_t,s0)
-
-/usr/share/system-config-services/system-config-services-mechanism\.py  --	gen_context(system_u:object_r:initrc_exec_t,s0)
-
-#
-# /var
-#
-ifdef(`distro_gentoo', `
-/var/lib/init\.d(/.*)?		gen_context(system_u:object_r:initrc_state_t,s0)
-/var/run/svscan\.pid	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
-')
-
-/var/run/utmp		--	gen_context(system_u:object_r:initrc_var_run_t,s0)
-/var/run/runlevel\.dir		gen_context(system_u:object_r:initrc_var_run_t,s0)
-/var/run/random-seed	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
-/var/run/setmixer_flag	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
-
-ifdef(`distro_suse', `
-/var/run/bootsplashctl	-p	gen_context(system_u:object_r:initrc_var_run_t,s0)
-/var/run/keymap		--	gen_context(system_u:object_r:initrc_var_run_t,s0)
-/var/run/numlock-on	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
-/var/run/setleds-on	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
-/var/run/sysconfig(/.*)?	gen_context(system_u:object_r:initrc_var_run_t,s0)
-')
-
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
deleted file mode 100644
index 666a58f..0000000
--- a/policy/modules/system/init.if
+++ /dev/null
@@ -1,1936 +0,0 @@
-## <summary>System initialization programs (init and init scripts).</summary>
-
-########################################
-## <summary>
-##	Create a file type used for init scripts.
-## </summary>
-## <desc>
-##	<p>
-##	Create a file type used for init scripts.  It can not be
-##	used in conjunction with init_script_domain(). These
-##	script files are typically stored in the /etc/init.d directory.
-##	</p>
-##	<p>
-##	Typically this is used to constrain what services an
-##	admin can start/stop.  For example, a policy writer may want
-##	to constrain a web administrator to only being able to
-##	restart the web server, not other services.  This special type
-##	will help address that goal.
-##	</p>
-##	<p>
-##	This also makes the type usable for files; thus an
-##	explicit call to files_type() is redundant.
-##	</p>
-## </desc>
-## <param name="script_file">
-##	<summary>
-##	Type to be used for a script file.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`init_script_file',`
-	gen_require(`
-		type initrc_t;
-		attribute init_script_file_type, init_run_all_scripts_domain;
-	')
-
-	typeattribute $1 init_script_file_type;
-
-	domain_entry_file(initrc_t, $1)
-
-	domtrans_pattern(init_run_all_scripts_domain, $1, initrc_t)
-')
-
-########################################
-## <summary>
-##	Create a domain used for init scripts.
-## </summary>
-## <desc>
-##	<p>
-##	Create a domain used for init scripts.
-##	Can not be used in conjunction with
-##	init_script_file().
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Type to be used as an init script domain.
-##	</summary>
-## </param>
-## <param name="script_file">
-##	<summary>
-##	Type of the script file used as an entry point to this domain.
-##	</summary>
-## </param>
-#
-interface(`init_script_domain',`
-	gen_require(`
-		attribute init_script_domain_type, init_script_file_type;
-		attribute init_run_all_scripts_domain;
-	')
-
-	typeattribute $1 init_script_domain_type;
-	typeattribute $2 init_script_file_type;
-
-	domain_type($1)
-	domain_entry_file($1, $2)
-
-	domtrans_pattern(init_run_all_scripts_domain, $2, $1)
-')
-
-########################################
-## <summary>
-##	Create a domain which can be started by init.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Type to be used as a domain.
-##	</summary>
-## </param>
-## <param name="entry_point">
-##	<summary>
-##	Type of the program to be used as an entry point to this domain.
-##	</summary>
-## </param>
-#
-interface(`init_domain',`
-	gen_require(`
-		type init_t;
-		role system_r;
-	')
-
-	domain_type($1)
-	domain_entry_file($1,$2)
-
-	role system_r types $1;
-
-	tunable_policy(`init_systemd',`', `
-		domtrans_pattern(init_t,$2,$1)
-		allow init_t $1:unix_stream_socket create_stream_socket_perms;
-		allow $1 init_t:unix_dgram_socket sendto;
-	')
-
-	ifdef(`hide_broken_symptoms',`
-		# RHEL4 systems seem to have a stray
-		# fds open from the initrd
-		ifdef(`distro_rhel4',`
-			kernel_dontaudit_use_fds($1)
-		')
-	')
-')
-
-########################################
-## <summary>
-##	Create a domain which can be started by init,
-##	with a range transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Type to be used as a domain.
-##	</summary>
-## </param>
-## <param name="entry_point">
-##	<summary>
-##	Type of the program to be used as an entry point to this domain.
-##	</summary>
-## </param>
-## <param name="range">
-##	<summary>
-##	Range for the domain.
-##	</summary>
-## </param>
-#
-interface(`init_ranged_domain',`
-	gen_require(`
-		type init_t;
-	')
-
-	init_domain($1,$2)
-
-	ifdef(`enable_mcs',`
-		range_transition init_t $2:process $3;
-	')
-
-	ifdef(`enable_mls',`
-		range_transition init_t $2:process $3;
-		mls_rangetrans_target($1)
-	')
-')
-
-########################################
-## <summary>
-##	Create a domain for long running processes
-##	(daemons/services) which are started by init scripts.
-## </summary>
-## <desc>
-##	<p>
-##	Create a domain for long running processes (daemons/services)
-##	which are started by init scripts. Short running processes
-##	should use the init_system_domain() interface instead.
-##	Typically all long running processes started by an init
-##	script (usually in /etc/init.d) will need to use this
-##	interface.
-##	</p>
-##	<p>
-##	The types will be made usable as a domain and file, making
-##	calls to domain_type() and files_type() redundant.
-##	</p>
-##	<p>
-##	If the process must also run in a specific MLS/MCS level,
-##	the init_ranged_daemon_domain() should be used instead.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Type to be used as a daemon domain.
-##	</summary>
-## </param>
-## <param name="entry_point">
-##	<summary>
-##	Type of the program to be used as an entry point to this domain.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`init_daemon_domain',`
-	gen_require(`
-		attribute direct_run_init, direct_init, direct_init_entry;
-		type initrc_t;
-		type init_t;
-		role system_r;
-		attribute daemon;
-		attribute initrc_transition_domain;
-	')
-
-	typeattribute $1 daemon;
-
-	domain_type($1)
-	domain_entry_file($1,$2)
-
-	role system_r types $1;
-
-	domtrans_pattern(initrc_t,$2,$1)
-	allow initrc_t $1:process siginh;
-	allow $1 initrc_transition_domain:fifo_file rw_inherited_fifo_file_perms;
-	allow $1 initrc_transition_domain:fd use;
-
-	tunable_policy(`init_upstart || init_systemd',`
-		# Handle upstart direct transition to a executable
-		domtrans_pattern(init_t,$2,$1)
-		allow init_t $1:process siginh;
-	')
-
-	tunable_policy(`init_systemd',`
-		allow init_t $1:unix_stream_socket create_stream_socket_perms;
-		allow $1 init_t:unix_dgram_socket sendto;
-	')
-
-	# daemons started from init will
-	# inherit fds from init for the console
-	init_dontaudit_use_fds($1)
-	term_dontaudit_use_console($1)
-
-	# init script ptys are the stdin/out/err 
-	# when using run_init
-	init_use_script_ptys($1)
-
-	ifdef(`direct_sysadm_daemon',`
-		domtrans_pattern(direct_run_init,$2,$1)
-		allow direct_run_init $1:process { noatsecure siginh rlimitinh };
-
-		typeattribute $1 direct_init;
-		typeattribute $2 direct_init_entry;
-
-		userdom_dontaudit_use_user_terminals($1)
-	')
-
-	ifdef(`hide_broken_symptoms',`
-		# RHEL4 systems seem to have a stray
-		# fds open from the initrd
-		ifdef(`distro_rhel4',`
-			kernel_dontaudit_use_fds($1)
-		')
-	')
-
-	optional_policy(`
-		nscd_socket_use($1)
-	')
-')
-
-########################################
-## <summary>
-##	Create a domain for long running processes
-##	(daemons/services) which are started by init scripts,
-##	running at a specified MLS/MCS range.
-## </summary>
-## <desc>
-##	<p>
-##	Create a domain for long running processes (daemons/services)
-##	which are started by init scripts, running at a specified
-##	MLS/MCS range. Short running processes
-##	should use the init_ranged_system_domain() interface instead.
-##	Typically all long running processes started by an init
-##	script (usually in /etc/init.d) will need to use this
-##	interface if they need to run in a specific MLS/MCS range.
-##	</p>
-##	<p>
-##	The types will be made usable as a domain and file, making
-##	calls to domain_type() and files_type() redundant.
-##	</p>
-##	<p>
-##	If the policy build option TYPE is standard (MLS and MCS disabled),
-##	this interface has the same behavior as init_daemon_domain().
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Type to be used as a daemon domain.
-##	</summary>
-## </param>
-## <param name="entry_point">
-##	<summary>
-##	Type of the program to be used as an entry point to this domain.
-##	</summary>
-## </param>
-## <param name="range">
-##	<summary>
-##	MLS/MCS range for the domain.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`init_ranged_daemon_domain',`
-	gen_require(`
-		type initrc_t;
-	')
-
-#	init_daemon_domain($1,$2)
-
-	ifdef(`enable_mcs',`
-		range_transition initrc_t $2:process $3;
-	')
-
-	ifdef(`enable_mls',`
-		range_transition initrc_t $2:process $3;
-		mls_rangetrans_target($1)
-	')
-')
-
-########################################
-## <summary>
-##	Create a domain for short running processes
-##	which are started by init scripts.
-## </summary>
-## <desc>
-##	<p>
-##	Create a domain for long running processes (daemons/services)
-##	which are started by init scripts. These are generally applications that
-##	are used to initialize the system during boot.
-##	Long running processes
-##	should use the init_daemon_domain() interface instead.
-##	Typically all short running processes started by an init
-##	script (usually in /etc/init.d) will need to use this
-##	interface.  
-##	</p>
-##	<p>
-##	The types will be made usable as a domain and file, making
-##	calls to domain_type() and files_type() redundant.
-##	</p>
-##	<p>
-##	If the process must also run in a specific MLS/MCS level,
-##	the init_ranged_system_domain() should be used instead.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Type to be used as a system domain.
-##	</summary>
-## </param>
-## <param name="entry_point">
-##	<summary>
-##	Type of the program to be used as an entry point to this domain.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`init_system_domain',`
-	gen_require(`
-		type init_t;
-		type initrc_t;
-		role system_r;
-		attribute initrc_transition_domain;
-	')
-
-	application_domain($1,$2)
-
-	role system_r types $1;
-
-	domtrans_pattern(initrc_t,$2,$1)
-	allow initrc_t $1:process siginh;
-	allow $1 initrc_transition_domain:fifo_file rw_inherited_fifo_file_perms;
-	allow $1 initrc_transition_domain:fd use;
-
-	tunable_policy(`init_systemd',`
-		# Handle upstart/systemd direct transition to a executable
-		domtrans_pattern(init_t,$2,$1)
-		allow init_t $1:process siginh;
-		allow init_t $1:unix_stream_socket create_stream_socket_perms;
-		allow $1 init_t:unix_dgram_socket sendto;
-	')
-
-	ifdef(`hide_broken_symptoms',`
-		# RHEL4 systems seem to have a stray
-		# fds open from the initrd
-		ifdef(`distro_rhel4',`
-			kernel_dontaudit_use_fds($1)
-		')
-	')
-
-	userdom_dontaudit_search_user_home_dirs($1)
-	userdom_dontaudit_rw_stream($1)
-	userdom_dontaudit_write_user_tmp_files($1)
-
-	tunable_policy(`allow_daemons_use_tty',`
-	   term_use_all_ttys($1)
-	   term_use_all_ptys($1)
-	',`
-	   term_dontaudit_use_all_ttys($1)
-	   term_dontaudit_use_all_ptys($1)
-	')
-
-	# these apps are often redirect output to random log files
-	logging_inherit_append_all_logs($1)
-
-	optional_policy(`
-		cron_rw_pipes($1)
-	')
-
-	optional_policy(`
-		xserver_dontaudit_append_xdm_home_files($1)
-	')
-
-	optional_policy(`
-		unconfined_dontaudit_rw_pipes($1)
-		unconfined_dontaudit_rw_stream($1)
-		userdom_dontaudit_read_user_tmp_files($1)
-	')
-
-	init_rw_script_stream_sockets($1)
-')
-
-########################################
-## <summary>
-##	Create a domain for short running processes
-##	which are started by init scripts.
-## </summary>
-## <desc>
-##	<p>
-##	Create a domain for long running processes (daemons/services)
-##	which are started by init scripts.
-##	These are generally applications that
-##	are used to initialize the system during boot.
-##	Long running processes
-##	should use the init_ranged_system_domain() interface instead.
-##	Typically all short running processes started by an init
-##	script (usually in /etc/init.d) will need to use this
-##	interface if they need to run in a specific MLS/MCS range.
-##	</p>
-##	<p>
-##	The types will be made usable as a domain and file, making
-##	calls to domain_type() and files_type() redundant.
-##	</p>
-##	<p>
-##	If the policy build option TYPE is standard (MLS and MCS disabled),
-##	this interface has the same behavior as init_system_domain().
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Type to be used as a system domain.
-##	</summary>
-## </param>
-## <param name="entry_point">
-##	<summary>
-##	Type of the program to be used as an entry point to this domain.
-##	</summary>
-## </param>
-## <param name="range">
-##	<summary>
-##	Range for the domain.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`init_ranged_system_domain',`
-	gen_require(`
-		type initrc_t;
-	')
-
-	init_system_domain($1,$2)
-
-	ifdef(`enable_mcs',`
-		range_transition initrc_t $2:process $3;
-	')
-
-	ifdef(`enable_mls',`
-		range_transition initrc_t $2:process $3;
-	')
-')
-
-########################################
-## <summary>
-##	Execute init (/sbin/init) with a domain transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`init_domtrans',`
-	gen_require(`
-		type init_t, init_exec_t;
-	')
-
-	domtrans_pattern($1, init_exec_t, init_t)
-')
-
-########################################
-## <summary>
-##	Execute the init program in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`init_exec',`
-	gen_require(`
-		type init_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, init_exec_t)
-')
-
-########################################
-## <summary>
-##	Get the process group of init.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_getpgid',`
-	gen_require(`
-		type init_t;
-	')
-
-	allow $1 init_t:process getpgid;
-')
-
-########################################
-## <summary>
-##	Send init a null signal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_signull',`
-	gen_require(`
-		type init_t;
-	')
-
-	allow $1 init_t:process signull;
-')
-
-########################################
-## <summary>
-##	Send init a SIGCHLD signal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_sigchld',`
-	gen_require(`
-		type init_t;
-	')
-
-	allow $1 init_t:process sigchld;
-')
-
-########################################
-## <summary>
-##	Inherit and use file descriptors from init.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to inherit file
-##	descriptors from the init program (process ID 1).
-##	Typically the only file descriptors to be
-##	inherited from init are for the console.
-##	This does not allow the domain any access to
-##	the object to which the file descriptors references.
-##	</p>
-##	<p>
-##	Related interfaces:
-##	</p>
-##	<ul>
-##		<li>init_dontaudit_use_fds()</li>
-##		<li>term_dontaudit_use_console()</li>
-##		<li>term_use_console()</li>
-##	</ul>
-##	<p>
-##	Example usage:
-##	</p>
-##	<p>
-##	init_use_fds(mydomain_t)
-##	term_use_console(mydomain_t)
-##	</p>
-##	<p>
-##	Normally, processes that can inherit these file
-##	descriptors (usually services) write messages to the
-##	system log instead of writing to the console.
-##	Therefore, in many cases, this access should
-##	dontaudited instead.
-##	</p>
-##	<p>
-##	Example dontaudit usage:
-##	</p>
-##	<p>
-##	init_dontaudit_use_fds(mydomain_t)
-##	term_dontaudit_use_console(mydomain_t)
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="1"/>
-#
-interface(`init_use_fds',`
-	gen_require(`
-		type init_t;
-	')
-
-	allow $1 init_t:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to inherit file
-##	descriptors from init.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`init_dontaudit_use_fds',`
-	gen_require(`
-		type init_t;
-	')
-
-	dontaudit $1 init_t:fd use;
-')
-
-########################################
-## <summary>
-##	Send UDP network traffic to init.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_udp_send',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Get the attributes of initctl.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_getattr_initctl',`
-	gen_require(`
-		type initctl_t;
-	')
-
-	allow $1 initctl_t:fifo_file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the
-##	attributes of initctl.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`init_dontaudit_getattr_initctl',`
-	gen_require(`
-		type initctl_t;
-	')
-
-	dontaudit $1 initctl_t:fifo_file getattr;
-')
-
-########################################
-## <summary>
-##	Write to initctl.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_write_initctl',`
-	gen_require(`
-		type initctl_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 initctl_t:fifo_file write;
-')
-
-########################################
-## <summary>
-##	Use telinit (Read and write initctl).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`init_telinit',`
-	gen_require(`
-		type initctl_t;
-	')
-
-	corecmd_exec_bin($1)
-
-	dev_list_all_dev_nodes($1)
-	allow $1 initctl_t:fifo_file rw_fifo_file_perms;
-
-	init_exec($1)
-
-	tunable_policy(`init_upstart || init_systemd',`
-		gen_require(`
-			type init_t;
-		')
-
-		allow $1 init_t:process signal;
-		# upstart uses a datagram socket instead of initctl pipe
-		allow $1 self:unix_dgram_socket create_socket_perms;
-		allow $1 init_t:unix_dgram_socket sendto;
-		#576913
-		allow $1 init_t:unix_stream_socket connectto;
-	')
-')
-
-########################################
-## <summary>
-##	Read and write initctl.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_rw_initctl',`
-	gen_require(`
-		type initctl_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 initctl_t:fifo_file rw_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and
-##	write initctl.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_dontaudit_rw_initctl',`
-	gen_require(`
-		type initctl_t;
-	')
-
-	dontaudit $1 initctl_t:fifo_file { read write };
-')
-
-########################################
-## <summary>
-##	Make init scripts an entry point for
-##	the specified domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-# cjp: added for gentoo integrated run_init
-interface(`init_script_file_entry_type',`
-	gen_require(`
-		type initrc_exec_t;
-	')
-
-	domain_entry_file($1, initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute init scripts with a specified domain transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`init_spec_domtrans_script',`
-	gen_require(`
-		type initrc_t;
-		attribute init_script_file_type;
-	')
-
-	files_list_etc($1)
-	spec_domtrans_pattern($1, init_script_file_type, initrc_t)
-
-	ifdef(`enable_mcs',`
-		range_transition $1 init_script_file_type:process s0;
-	')
-
-	ifdef(`enable_mls',`
-		range_transition $1 init_script_file_type:process s0 - mls_systemhigh;
-	')
-')
-
-########################################
-## <summary>
-##	Execute init scripts with an automatic domain transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`init_domtrans_script',`
-	gen_require(`
-		type initrc_t;
-		attribute init_script_file_type;
-		attribute initrc_transition_domain;
-	')
-	typeattribute $1 initrc_transition_domain;
-
-	files_list_etc($1)
-	domtrans_pattern($1, init_script_file_type, initrc_t)
-
-	ifdef(`enable_mcs',`
-		range_transition $1 init_script_file_type:process s0;
-	')
-
-	ifdef(`enable_mls',`
-		range_transition $1 init_script_file_type:process s0 - mls_systemhigh;
-	')
-')
-
-########################################
-## <summary>
-##	Execute a file in a bin directory
-##	in the initrc_t domain 
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_bin_domtrans_spec',`
-	gen_require(`
-		type initrc_t;
-	')
-
-	corecmd_bin_domtrans($1, initrc_t)
-')
-
-########################################
-## <summary>
-##	Execute a init script in a specified domain.
-## </summary>
-## <desc>
-##	<p>
-##	Execute a init script in a specified domain.
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-## </desc>
-## <param name="source_domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	Domain to transition to.
-##	</summary>
-## </param>
-# cjp: added for gentoo integrated run_init
-interface(`init_script_file_domtrans',`
-	gen_require(`
-		type initrc_exec_t;
-	')
-
-	files_list_etc($1)
-	domain_auto_trans($1, initrc_exec_t,$2)
-')
-
-########################################
-## <summary>
-##	Transition to the init script domain
-##	on a specified labeled init script.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="init_script_file">
-##	<summary>
-##	Labeled init script file.
-##	</summary>
-## </param>
-#
-interface(`init_labeled_script_domtrans',`
-	gen_require(`
-		type initrc_t;
-		attribute initrc_transition_domain;
-	')
-
-	typeattribute $1 initrc_transition_domain;
-	# service script searches all filesystems via mountpoint
-	fs_search_all($1)
-	domtrans_pattern($1, $2, initrc_t)
-	files_search_etc($1)
-')
-
-#########################################
-## <summary>
-##	Transition to the init script domain
-## 	for all labeled init script types
-## </summary>
-## <param name="domain">
-## 	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`init_all_labeled_script_domtrans',`
-	gen_require(`
-		attribute init_script_file_type;
-	')
-
-	init_labeled_script_domtrans($1, init_script_file_type)
-')
-
-########################################
-## <summary>
-##	Start and stop daemon programs directly.
-## </summary>
-## <desc>
-##	<p>
-##	Start and stop daemon programs directly
-##	in the traditional "/etc/init.d/daemon start"
-##	style, and do not require run_init.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be performing this action.
-##	</summary>
-## </param>
-#
-interface(`init_run_daemon',`
-	gen_require(`
-		attribute direct_run_init, direct_init, direct_init_entry;
-		role system_r;
-	')
-
-	typeattribute $1 direct_run_init;
-	role_transition $2 direct_init_entry system_r;
-')
-
-########################################
-## <summary>
-##	Read the process state (/proc/pid) of init.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_read_state',`
-	gen_require(`
-		attribute init_t;
-	')
-
-	allow $1 init_t:dir search_dir_perms;
-	allow $1 init_t:file read_file_perms;
-	allow $1 init_t:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Ptrace init
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`init_ptrace',`
-	gen_require(`
-		attribute init_t;
-	')
-
-	allow $1 init_t:process ptrace;
-')
-
-########################################
-## <summary>
-##	Write an init script unnamed pipe.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_write_script_pipes',`
-	gen_require(`
-		type initrc_t;
-	')
-
-	allow $1 initrc_t:fifo_file write;
-')
-
-########################################
-## <summary>
-##	Get the attribute of init script entrypoint files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_getattr_script_files',`
-	gen_require(`
-		type initrc_exec_t;
-	')
-
-	files_list_etc($1)
-	allow $1 initrc_exec_t:file getattr;
-')
-
-########################################
-## <summary>
-##	Read init scripts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_read_script_files',`
-	gen_require(`
-		type initrc_exec_t;
-	')
-
-	files_search_etc($1)
-	allow $1 initrc_exec_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute init scripts in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_exec_script_files',`
-	gen_require(`
-		type initrc_exec_t;
-	')
-
-	files_list_etc($1)
-	can_exec($1, initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Get the attribute of all init script entrypoint files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_getattr_all_script_files',`
-	gen_require(`
-		attribute init_script_file_type;
-	')
-
-	files_list_etc($1)
-	allow $1 init_script_file_type:file getattr;
-')
-
-########################################
-## <summary>
-##	Read all init script files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_read_all_script_files',`
-	gen_require(`
-		attribute init_script_file_type;
-	')
-
-	files_search_etc($1)
-	allow $1 init_script_file_type:file read_file_perms;
-')
-
-#######################################
-## <summary>
-##	Dontaudit read all init script files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`init_dontaudit_read_all_script_files',`
-	gen_require(`
-		attribute init_script_file_type;
-	')
-
-	dontaudit $1 init_script_file_type:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute all init scripts in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_exec_all_script_files',`
-	gen_require(`
-		attribute init_script_file_type;
-	')
-
-	files_list_etc($1)
-	can_exec($1, init_script_file_type)
-')
-
-########################################
-## <summary>
-##	Read the process state (/proc/pid) of the init scripts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_read_script_state',`
-	gen_require(`
-		type initrc_t;
-	')
-
-	kernel_search_proc($1)
-	ps_process_pattern($1, initrc_t)
-')
-
-########################################
-## <summary>
-##	Inherit and use init script file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_use_script_fds',`
-	gen_require(`
-		type initrc_t;
-	')
-
-	allow $1 initrc_t:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to inherit
-##	init script file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`init_dontaudit_use_script_fds',`
-	gen_require(`
-		type initrc_t;
-	')
-
-	dontaudit $1 initrc_t:fd use;
-')
-
-########################################
-## <summary>
-##	Get the process group ID of init scripts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_getpgid_script',`
-	gen_require(`
-		type initrc_t;
-	')
-
-	allow $1 initrc_t:process getpgid;
-')
-
-########################################
-## <summary>
-##	Send SIGCHLD signals to init scripts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_sigchld_script',`
-	gen_require(`
-		type initrc_t;
-	')
-
-	allow $1 initrc_t:process sigchld;
-')
-
-########################################
-## <summary>
-##	Send generic signals to init scripts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_signal_script',`
-	gen_require(`
-		type initrc_t;
-	')
-
-	allow $1 initrc_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send null signals to init scripts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_signull_script',`
-	gen_require(`
-		type initrc_t;
-	')
-
-	allow $1 initrc_t:process signull;
-')
-
-########################################
-## <summary>
-##	Read and write init script unnamed pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_rw_script_pipes',`
-	gen_require(`
-		type initrc_t;
-	')
-
-	allow $1 initrc_t:fifo_file { read write };
-')
-
-########################################
-## <summary>
-##	Send UDP network traffic to init scripts.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_udp_send_script',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to connect to
-##	init scripts with a unix socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_stream_connect_script',`
-	gen_require(`
-		type initrc_t;
-	')
-
-	allow $1 initrc_t:unix_stream_socket connectto;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read/write to
-##	init scripts with a unix domain stream sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_rw_script_stream_sockets',`
-	gen_require(`
-		type initrc_t;
-	')
-
-	allow $1 initrc_t:unix_stream_socket rw_socket_perms;
-')
-
-########################################
-## <summary>
-##	Dont audit the specified domain connecting to
-##	init scripts with a unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`init_dontaudit_stream_connect_script',`
-	gen_require(`
-		type initrc_t;
-	')
-
-	dontaudit $1 initrc_t:unix_stream_socket connectto;
-')
-########################################
-## <summary>
-##	Send messages to init scripts over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_dbus_send_script',`
-	gen_require(`
-		type initrc_t;
-		class dbus send_msg;
-	')
-
-	allow $1 initrc_t:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	init over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_dbus_chat',`
-	gen_require(`
-		type init_t;
-		class dbus send_msg;
-	')
-
-	allow $1 init_t:dbus send_msg;
-	allow init_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	init scripts over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_dbus_chat_script',`
-	gen_require(`
-		type initrc_t;
-		class dbus send_msg;
-	')
-
-	allow $1 initrc_t:dbus send_msg;
-	allow initrc_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Read and write the init script pty.
-## </summary>
-## <desc>
-##	<p>
-##	Read and write the init script pty.  This
-##	pty is generally opened by the open_init_pty
-##	portion of the run_init program so that the
-##	daemon does not require direct access to
-##	the administrator terminal.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_use_script_ptys',`
-	gen_require(`
-		type initrc_devpts_t;
-	')
-
-	term_list_ptys($1)
-	allow $1 initrc_devpts_t:chr_file { rw_term_perms lock append };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and
-##	write the init script pty.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`init_dontaudit_use_script_ptys',`
-	gen_require(`
-		type initrc_devpts_t;
-	')
-
-	dontaudit $1 initrc_devpts_t:chr_file { rw_term_perms lock append };
-')
-
-########################################
-## <summary>
-##	Get the attributes of init script
-##	status files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_getattr_script_status_files',`
-	gen_require(`
-		type initrc_state_t;
-	')
-
-	getattr_files_pattern($1, initrc_state_t, initrc_state_t)
-')
-
-########################################
-## <summary>
-##	Manage init script
-##	status files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_manage_script_status_files',`
-	gen_require(`
-		type initrc_state_t;
-	')
-
-	manage_files_pattern($1, initrc_state_t, initrc_state_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read init script
-##	status files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`init_dontaudit_read_script_status_files',`
-	gen_require(`
-		type initrc_state_t;
-	')
-
-	dontaudit $1 initrc_state_t:dir search_dir_perms;
-	dontaudit $1 initrc_state_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Read init script temporary data.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_read_script_tmp_files',`
-	gen_require(`
-		type initrc_tmp_t;
-	')
-
-	files_search_tmp($1)
-	read_files_pattern($1, initrc_tmp_t, initrc_tmp_t)
-')
-
-########################################
-## <summary>
-##	Read and write init script temporary data.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_rw_script_tmp_files',`
-	gen_require(`
-		type initrc_tmp_t;
-	')
-
-	files_search_tmp($1)
-	rw_files_pattern($1, initrc_tmp_t, initrc_tmp_t)
-')
-
-########################################
-## <summary>
-##	Create files in a init script
-##	temporary data directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="file_type">
-##	<summary>
-##	The type of the object to be created
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The object class.
-##	</summary>
-## </param>
-#
-interface(`init_script_tmp_filetrans',`
-	gen_require(`
-		type initrc_tmp_t;
-	')
-
-	files_search_tmp($1)
-	filetrans_pattern($1, initrc_tmp_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Get the attributes of init script process id files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_getattr_utmp',`
-	gen_require(`
-		type initrc_var_run_t;
-	')
-
-	allow $1 initrc_var_run_t:file getattr;
-')
-
-########################################
-## <summary>
-##	Read utmp.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_read_utmp',`
-	gen_require(`
-		type initrc_var_run_t;
-	')
-
-	files_list_pids($1)
-	allow $1 initrc_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write utmp.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`init_dontaudit_write_utmp',`
-	gen_require(`
-		type initrc_var_run_t;
-	')
-
-	dontaudit $1 initrc_var_run_t:file { write lock };
-')
-
-########################################
-## <summary>
-##	Write to utmp.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_write_utmp',`
-	gen_require(`
-		type initrc_var_run_t;
-	')
-
-	files_list_pids($1)
-	allow $1 initrc_var_run_t:file { getattr open write };
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to lock 
-##	init script pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`init_dontaudit_lock_utmp',`
-	gen_require(`
-		type initrc_var_run_t;
-	')
-
-	dontaudit $1 initrc_var_run_t:file lock;
-')
-
-########################################
-## <summary>
-##	Read and write utmp.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_rw_utmp',`
-	gen_require(`
-		type initrc_var_run_t;
-	')
-
-	files_list_pids($1)
-	allow $1 initrc_var_run_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write utmp.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`init_dontaudit_rw_utmp',`
-	gen_require(`
-		type initrc_var_run_t;
-	')
-
-	dontaudit $1 initrc_var_run_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete utmp.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_manage_utmp',`
-	gen_require(`
-		type initrc_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 initrc_var_run_t:file manage_file_perms;
-')
-
-########################################
-## <summary>
-##	Create files in /var/run with the
-##	utmp file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_pid_filetrans_utmp',`
-	gen_require(`
-		type initrc_var_run_t;
-	')
-
-	files_pid_filetrans($1, initrc_var_run_t, file)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to connect to daemon with a tcp socket
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_tcp_recvfrom_all_daemons',`
-	gen_require(`
-		attribute daemon;
-	')
-
-	corenet_tcp_recvfrom_labeled($1, daemon)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to connect to daemon with a udp socket
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_udp_recvfrom_all_daemons',`
-	gen_require(`
-		attribute daemon;
-	')
-	corenet_udp_recvfrom_labeled($1, daemon)
-')
-
-########################################
-## <summary>
-##	Transition to system_r when execute an init script
-## </summary>
-## <desc>
-##      <p>
-##	Execute a init script in a specified role
-##      </p>
-##      <p>
-##      No interprocess communication (signals, pipes,
-##      etc.) is provided by this interface since
-##      the domains are not owned by this module.
-##      </p>
-## </desc>
-## <param name="source_role">
-##	<summary>
-##	Role to transition from.
-##	</summary>
-## </param>
-#
-interface(`init_script_role_transition',`
-	gen_require(`
-		attribute init_script_file_type;
-	')
-
-	role_transition $1 init_script_file_type system_r;
-')
-
-########################################
-## <summary>
-##	dontaudit read and write an leaked init scrip file descriptors
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_dontaudit_script_leaks',`
-	gen_require(`
-		type initrc_t;
-	')
-
-	dontaudit $1 initrc_t:tcp_socket { read write };
-	dontaudit $1 initrc_t:udp_socket { read write };
-	dontaudit $1 initrc_t:unix_dgram_socket { read write };
-	dontaudit $1 initrc_t:unix_stream_socket { read write };
-	dontaudit $1 initrc_t:shm rw_shm_perms;
-	init_dontaudit_use_script_ptys($1)
-	init_dontaudit_use_script_fds($1)
-')
-
-
-########################################
-## <summary>
-##	Allow the specified domain to connect to
-##	the init process with a unix socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_stream_connect',`
-	gen_require(`
-		type init_t;
-	')
-
-	allow $1 init_t:unix_stream_socket connectto;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read/write to
-##	init with a unix domain stream sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_rw_stream_sockets',`
-	gen_require(`
-		type init_t;
-	')
-
-	allow $1 init_t:unix_stream_socket rw_stream_socket_perms;
-')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
deleted file mode 100644
index 532ff21..0000000
--- a/policy/modules/system/init.te
+++ /dev/null
@@ -1,1134 +0,0 @@
-policy_module(init, 1.15.3)
-
-gen_require(`
-	class passwd rootok;
-')
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Enable support for upstart as the init program.
-## </p>
-## </desc>
-gen_tunable(init_upstart, false)
-
-## <desc>
-## <p>
-## Enable support for systemd as the init program.
-## </p>
-## </desc>
-gen_tunable(init_systemd, false)
-
-## <desc>
-## <p>
-## Allow all daemons the ability to read/write terminals
-## </p>
-## </desc>
-gen_tunable(allow_daemons_use_tty, false)
-
-## <desc>
-## <p>
-## Allow all daemons to write corefiles to /
-## </p>
-## </desc>
-gen_tunable(allow_daemons_dump_core, false)
-
-# used for direct running of init scripts
-# by admin domains
-attribute direct_run_init;
-attribute direct_init;
-attribute direct_init_entry;
-
-attribute init_script_domain_type;
-attribute init_script_file_type;
-attribute init_run_all_scripts_domain;
-attribute initrc_transition_domain;
-
-# Mark process types as daemons
-attribute daemon;
-
-#
-# init_t is the domain of the init process.
-#
-type init_t, initrc_transition_domain;
-type init_exec_t;
-domain_type(init_t)
-domain_entry_file(init_t, init_exec_t)
-kernel_domtrans_to(init_t, init_exec_t)
-role system_r types init_t;
-
-#
-# init_var_run_t is the type for /var/run/shutdown.pid.
-#
-type init_var_run_t;
-files_pid_file(init_var_run_t)
-
-#
-# initctl_t is the type of the named pipe created
-# by init during initialization.  This pipe is used
-# to communicate with init.
-#
-type initctl_t;
-files_type(initctl_t)
-mls_trusted_object(initctl_t)
-
-type initrc_t, init_script_domain_type, init_run_all_scripts_domain;
-type initrc_exec_t, init_script_file_type;
-domain_type(initrc_t)
-domain_entry_file(initrc_t, initrc_exec_t)
-role system_r types initrc_t;
-# should be part of the true block
-# of the below init_upstart tunable
-# but this has a typeattribute in it
-corecmd_shell_entry_type(initrc_t)
-corecmd_bin_entry_type(initrc_t)
-
-type initrc_devpts_t;
-term_pty(initrc_devpts_t)
-files_type(initrc_devpts_t)
-
-type initrc_state_t;
-files_type(initrc_state_t)
-
-type initrc_tmp_t;
-files_tmp_file(initrc_tmp_t)
-
-type initrc_var_run_t;
-files_pid_file(initrc_var_run_t)
-
-ifdef(`enable_mls',`
-	kernel_ranged_domtrans_to(init_t, init_exec_t, s0 - mls_systemhigh)
-')
-
-########################################
-#
-# Init local policy
-#
-
-# Use capabilities. old rule:
-allow init_t self:capability ~{ audit_control audit_write sys_module };
-# is ~sys_module really needed? observed:
-# sys_boot
-# sys_tty_config
-# kill: now provided by domain_kill_all_domains()
-# setuid (from /sbin/shutdown)
-# sys_chroot (from /usr/bin/chroot): now provided by corecmd_chroot_exec_chroot()
-
-allow init_t self:fifo_file rw_fifo_file_perms;
-
-# Re-exec itself
-can_exec(init_t, init_exec_t)
-
-allow init_t initrc_t:unix_stream_socket { connectto rw_stream_socket_perms };
-allow initrc_t init_t:unix_stream_socket { connectto rw_stream_socket_perms };
-allow initrc_t init_t:fifo_file rw_fifo_file_perms;
-
-# For /var/run/shutdown.pid.
-allow init_t init_var_run_t:file manage_file_perms;
-files_pid_filetrans(init_t, init_var_run_t, file)
-
-allow init_t initctl_t:fifo_file manage_fifo_file_perms;
-dev_filetrans(init_t, initctl_t, fifo_file)
-
-# Modify utmp.
-allow init_t initrc_var_run_t:file { rw_file_perms setattr };
-
-kernel_read_system_state(init_t)
-kernel_share_state(init_t)
-kernel_stream_connect(init_t)
-
-corecmd_exec_chroot(init_t)
-corecmd_exec_bin(init_t)
-
-dev_read_sysfs(init_t)
-dev_read_urand(init_t)
-# Early devtmpfs
-dev_rw_generic_chr_files(init_t)
-
-domain_getpgid_all_domains(init_t)
-domain_kill_all_domains(init_t)
-domain_signal_all_domains(init_t)
-domain_signull_all_domains(init_t)
-domain_sigstop_all_domains(init_t)
-domain_sigstop_all_domains(init_t)
-domain_sigchld_all_domains(init_t)
-domain_read_all_domains_state(init_t)
-
-files_read_etc_files(init_t)
-files_read_all_pids(init_t)
-files_rw_generic_pids(init_t)
-files_dontaudit_search_isid_type_dirs(init_t)
-files_manage_etc_runtime_files(init_t)
-files_etc_filetrans_etc_runtime(init_t, file)
-# Run /etc/X11/prefdm:
-files_exec_etc_files(init_t)
-# file descriptors inherited from the rootfs:
-files_dontaudit_rw_root_files(init_t)
-files_dontaudit_rw_root_chr_files(init_t)
-
-fs_list_inotifyfs(init_t)
-# cjp: this may be related to /dev/log
-fs_write_ramfs_sockets(init_t)
-
-mcs_process_set_categories(init_t)
-mcs_killall(init_t)
-
-mls_file_read_all_levels(init_t)
-mls_file_write_all_levels(init_t)
-mls_process_write_down(init_t)
-mls_fd_use_all_levels(init_t)
-
-selinux_set_all_booleans(init_t)
-
-term_use_all_terms(init_t)
-
-# Run init scripts.
-init_domtrans_script(init_t)
-
-libs_rw_ld_so_cache(init_t)
-
-logging_send_syslog_msg(init_t)
-logging_send_audit_msgs(init_t)
-logging_rw_generic_logs(init_t)
-
-seutil_read_config(init_t)
-
-miscfiles_read_localization(init_t)
-
-allow init_t self:process setsched;
-
-ifdef(`distro_gentoo',`
-	allow init_t self:process { getcap setcap };
-')
-
-ifdef(`distro_redhat',`
-	fs_read_tmpfs_symlinks(init_t)
-	fs_rw_tmpfs_chr_files(init_t)
-	fs_tmpfs_filetrans(init_t, initctl_t, fifo_file)
-')
-
-tunable_policy(`init_upstart || init_systemd',`
-	corecmd_shell_domtrans(init_t, initrc_t)
-',`
-	# Run the shell in the sysadm role for single-user mode.
-	# causes problems with upstart
-	sysadm_shell_domtrans(init_t)
-')
-
-storage_raw_rw_fixed_disk(init_t)
-modutils_domtrans_insmod(init_t)
-
-tunable_policy(`init_systemd',`
-	allow init_t self:unix_dgram_socket { create_socket_perms sendto };
-	allow init_t self:process { setsockcreate setfscreate };
-	allow init_t self:unix_stream_socket { create_stream_socket_perms connectto };
-	allow init_t self:netlink_kobject_uevent_socket create_socket_perms; 
-	# Until systemd is fixed
-	allow daemon init_t:socket_class_set { getopt read getattr ioctl setopt write };
-	allow init_t self:netlink_route_socket create_netlink_socket_perms;
-
-	kernel_list_unlabeled(init_t)
-	kernel_read_network_state(init_t)
-	kernel_unmount_debugfs(init_t)
-
-	dev_write_kmsg(init_t)
-	dev_rw_autofs(init_t)
-	dev_manage_generic_dirs(init_t)
-	dev_manage_generic_files(init_t)
-	dev_read_generic_chr_files(init_t)
-	dev_relabelfrom_generic_chr_files(init_t)
-	dev_relabel_autofs_dev(init_t)
-	dev_manage_sysfs_dirs(init_t)
-	dev_filetrans_named_dev(init_t)
-
-	files_mounton_all_mountpoints(init_t)
-	files_manage_all_pids_dirs(init_t)
-
-	fs_manage_cgroup_dirs(init_t)
-	fs_manage_hugetlbfs_dirs(init_t)
-	fs_manage_tmpfs_dirs(init_t)
-	fs_mount_all_fs(init_t)
-	fs_list_auto_mountpoints(init_t)
-	fs_read_cgroup_files(init_t)
-	fs_write_cgroup_files(init_t)
-	fs_search_cgroup_dirs(daemon)
-
-	selinux_compute_create_context(init_t)
-	selinux_validate_context(init_t)
-	selinux_unmount_fs(init_t)
-
-	storage_getattr_removable_dev(init_t)
-
-	init_read_script_state(init_t)
-
-	seutil_read_file_contexts(init_t)
-')
-
-optional_policy(`
-	auth_rw_login_records(init_t)
-')
-
-optional_policy(`
-	consolekit_manage_log(init_t)
-')
-
-optional_policy(`
-	dbus_connect_system_bus(init_t)
-	dbus_system_bus_client(init_t)
-	dbus_delete_pid_files(init_t)
-')
-
-optional_policy(`
-	# /var/run/dovecot/login/ssl-parameters.dat is a hard link to
-	# /var/lib/dovecot/ssl-parameters.dat and init tries to clean up
-	# the directory. But we do not want to allow this.
-	# The master process of dovecot will manage this file.
-	dovecot_dontaudit_unlink_lib_files(initrc_t)
-')
-
-optional_policy(`
-	nscd_socket_use(init_t)
-')
-
-optional_policy(`
-	plymouthd_stream_connect(init_t)
-	plymouthd_exec_plymouth(init_t)
-')
-
-optional_policy(`
-	sssd_stream_connect(init_t)
-')
-
-optional_policy(`
-	udev_read_db(init_t)
-')
-
-optional_policy(`
-	unconfined_domain(init_t)
-')
-
-########################################
-#
-# Init script local policy
-#
-
-allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
-allow initrc_t self:capability ~{ audit_control audit_write sys_admin sys_module };
-dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
-allow initrc_t self:passwd rootok;
-allow initrc_t self:key manage_key_perms;
-
-# Allow IPC with self
-allow initrc_t self:unix_dgram_socket create_socket_perms;
-allow initrc_t self:unix_stream_socket { create listen accept ioctl read getattr write setattr append bind connect getopt setopt shutdown connectto };
-allow initrc_t self:tcp_socket create_stream_socket_perms;
-allow initrc_t self:udp_socket create_socket_perms;
-allow initrc_t self:fifo_file rw_file_perms;
-
-allow initrc_t initrc_devpts_t:chr_file rw_term_perms;
-term_create_pty(initrc_t, initrc_devpts_t)
-
-# Going to single user mode
-init_telinit(initrc_t)
-
-can_exec(initrc_t, init_script_file_type)
-
-domtrans_pattern(init_run_all_scripts_domain, initrc_exec_t, initrc_t)
-
-manage_dirs_pattern(initrc_t, initrc_state_t, initrc_state_t)
-manage_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
-manage_lnk_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
-manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
-
-allow initrc_t initrc_var_run_t:file manage_file_perms;
-files_pid_filetrans(initrc_t, initrc_var_run_t, file)
-files_manage_generic_pids_symlinks(initrc_t)
-
-can_exec(initrc_t, initrc_tmp_t)
-manage_files_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t)
-manage_dirs_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t)
-manage_lnk_files_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t)
-files_tmp_filetrans(initrc_t, initrc_tmp_t, { file dir })
-
-init_write_initctl(initrc_t)
-
-kernel_read_system_state(initrc_t)
-kernel_read_software_raid_state(initrc_t)
-kernel_read_network_state(initrc_t)
-kernel_read_ring_buffer(initrc_t)
-kernel_change_ring_buffer_level(initrc_t)
-kernel_clear_ring_buffer(initrc_t)
-kernel_get_sysvipc_info(initrc_t)
-kernel_read_all_sysctls(initrc_t)
-kernel_request_load_module(initrc_t)
-kernel_rw_all_sysctls(initrc_t)
-# for lsof which is used by alsa shutdown:
-kernel_dontaudit_getattr_message_if(initrc_t)
-kernel_stream_connect(initrc_t)
-files_read_kernel_modules(initrc_t)
-files_read_config_files(initrc_t)
-files_read_var_lib_symlinks(initrc_t)
-files_setattr_pid_dirs(initrc_t)
-
-files_read_kernel_symbol_table(initrc_t)
-files_exec_etc_files(initrc_t)
-files_manage_etc_symlinks(initrc_t)
-files_manage_system_conf_files(initrc_t)
-
-fs_manage_tmpfs_dirs(initrc_t)
-fs_tmpfs_filetrans(initrc_t, initrc_state_t, file)
-
-corecmd_exec_all_executables(initrc_t)
-
-corenet_all_recvfrom_unlabeled(initrc_t)
-corenet_all_recvfrom_netlabel(initrc_t)
-corenet_tcp_sendrecv_all_if(initrc_t)
-corenet_udp_sendrecv_all_if(initrc_t)
-corenet_tcp_sendrecv_all_nodes(initrc_t)
-corenet_udp_sendrecv_all_nodes(initrc_t)
-corenet_tcp_sendrecv_all_ports(initrc_t)
-corenet_udp_sendrecv_all_ports(initrc_t)
-corenet_tcp_connect_all_ports(initrc_t)
-corenet_sendrecv_all_client_packets(initrc_t)
-
-dev_read_rand(initrc_t)
-dev_read_urand(initrc_t)
-dev_write_kmsg(initrc_t)
-dev_write_rand(initrc_t)
-dev_write_urand(initrc_t)
-dev_rw_sysfs(initrc_t)
-dev_list_usbfs(initrc_t)
-dev_read_framebuffer(initrc_t)
-dev_write_framebuffer(initrc_t)
-dev_read_realtime_clock(initrc_t)
-dev_read_sound_mixer(initrc_t)
-dev_write_sound_mixer(initrc_t)
-dev_setattr_all_chr_files(initrc_t)
-dev_rw_lvm_control(initrc_t)
-dev_rw_generic_chr_files(initrc_t)
-dev_delete_lvm_control_dev(initrc_t)
-dev_manage_generic_symlinks(initrc_t)
-dev_manage_generic_files(initrc_t)
-# Wants to remove udev.tbl:
-dev_delete_generic_symlinks(initrc_t)
-dev_getattr_all_blk_files(initrc_t)
-dev_getattr_all_chr_files(initrc_t)
-dev_rw_xserver_misc(initrc_t)
-
-domain_kill_all_domains(initrc_t)
-domain_signal_all_domains(initrc_t)
-domain_signull_all_domains(initrc_t)
-domain_sigstop_all_domains(initrc_t)
-domain_sigstop_all_domains(initrc_t)
-domain_sigchld_all_domains(initrc_t)
-domain_read_all_domains_state(initrc_t)
-domain_getattr_all_domains(initrc_t)
-domain_dontaudit_ptrace_all_domains(initrc_t)
-domain_getsession_all_domains(initrc_t)
-domain_use_interactive_fds(initrc_t)
-# for lsof which is used by alsa shutdown:
-domain_dontaudit_getattr_all_udp_sockets(initrc_t)
-domain_dontaudit_getattr_all_tcp_sockets(initrc_t)
-domain_dontaudit_getattr_all_dgram_sockets(initrc_t)
-domain_dontaudit_getattr_all_pipes(initrc_t)
-
-files_getattr_all_dirs(initrc_t)
-files_getattr_all_files(initrc_t)
-files_getattr_all_symlinks(initrc_t)
-files_getattr_all_pipes(initrc_t)
-files_getattr_all_sockets(initrc_t)
-files_purge_tmp(initrc_t)
-files_manage_all_locks(initrc_t)
-files_manage_boot_files(initrc_t)
-files_read_all_pids(initrc_t)
-files_delete_root_files(initrc_t)
-files_delete_all_pids(initrc_t)
-files_delete_all_pid_dirs(initrc_t)
-files_read_etc_files(initrc_t)
-files_manage_etc_runtime_files(initrc_t)
-files_etc_filetrans_etc_runtime(initrc_t, file)
-files_exec_etc_files(initrc_t)
-files_read_usr_files(initrc_t)
-files_manage_urandom_seed(initrc_t)
-files_manage_generic_spool(initrc_t)
-# Mount and unmount file systems.
-# cjp: not sure why these are here; should use mount policy
-files_list_isid_type_dirs(initrc_t)
-files_mounton_isid_type_dirs(initrc_t)
-files_list_default(initrc_t)
-files_mounton_default(initrc_t)
-files_manage_mnt_dirs(initrc_t)
-files_manage_mnt_files(initrc_t)
-
-fs_delete_cgroup_dirs(initrc_t)
-fs_list_cgroup_dirs(initrc_t)
-fs_rw_cgroup_files(initrc_t)
-fs_list_inotifyfs(initrc_t)
-fs_register_binary_executable_type(initrc_t)
-# rhgb-console writes to ramfs
-fs_write_ramfs_pipes(initrc_t)
-# cjp: not sure why these are here; should use mount policy
-fs_mount_all_fs(initrc_t)
-fs_unmount_all_fs(initrc_t)
-fs_remount_all_fs(initrc_t)
-fs_getattr_all_fs(initrc_t)
-fs_search_all(initrc_t)
-fs_getattr_nfsd_files(initrc_t)
-
-# initrc_t needs to do a pidof which requires ptrace
-mcs_ptrace_all(initrc_t)
-mcs_killall(initrc_t)
-mcs_process_set_categories(initrc_t)
-
-mls_file_read_all_levels(initrc_t)
-mls_file_write_all_levels(initrc_t)
-mls_process_read_up(initrc_t)
-mls_process_write_down(initrc_t)
-mls_rangetrans_source(initrc_t)
-mls_fd_share_all_levels(initrc_t)
-mls_socket_write_to_clearance(initrc_t)
-
-selinux_get_enforce_mode(initrc_t)
-
-storage_getattr_fixed_disk_dev(initrc_t)
-storage_setattr_fixed_disk_dev(initrc_t)
-storage_setattr_removable_dev(initrc_t)
-
-term_use_all_terms(initrc_t)
-term_reset_tty_labels(initrc_t)
-
-auth_rw_login_records(initrc_t)
-auth_setattr_login_records(initrc_t)
-auth_rw_lastlog(initrc_t)
-auth_read_pam_pid(initrc_t)
-auth_delete_pam_pid(initrc_t)
-auth_delete_pam_console_data(initrc_t)
-auth_use_nsswitch(initrc_t)
-auth_manage_faillog(initrc_t)
-
-libs_rw_ld_so_cache(initrc_t)
-libs_exec_lib_files(initrc_t)
-libs_exec_ld_so(initrc_t)
-
-logging_send_audit_msgs(initrc_t)
-logging_send_syslog_msg(initrc_t)
-logging_manage_generic_logs(initrc_t)
-logging_read_all_logs(initrc_t)
-logging_append_all_logs(initrc_t)
-logging_read_audit_config(initrc_t)
-
-miscfiles_read_localization(initrc_t)
-# slapd needs to read cert files from its initscript
-miscfiles_manage_generic_cert_files(initrc_t)
-
-modutils_read_module_config(initrc_t)
-modutils_domtrans_insmod(initrc_t)
-
-seutil_read_config(initrc_t)
-
-userdom_read_admin_home_files(initrc_t)
-userdom_read_user_home_content_files(initrc_t)
-# Allow access to the sysadm TTYs. Note that this will give access to the
-# TTYs to any process in the initrc_t domain. Therefore, daemons and such
-# started from init should be placed in their own domain.
-userdom_use_user_terminals(initrc_t)
-
-ifdef(`distro_debian',`
-	dev_setattr_generic_dirs(initrc_t)
-
-	fs_tmpfs_filetrans(initrc_t, initrc_var_run_t, dir)
-
-	# for storing state under /dev/shm
-	fs_setattr_tmpfs_dirs(initrc_t)
-	storage_manage_fixed_disk(initrc_t)
-	storage_tmpfs_filetrans_fixed_disk(initrc_t)
-
-	files_setattr_etc_dirs(initrc_t)
-')
-
-ifdef(`distro_gentoo',`
-	kernel_dontaudit_getattr_core_if(initrc_t)
-
-	# seed udev /dev
-	allow initrc_t self:process setfscreate;
-	dev_create_null_dev(initrc_t)
-	dev_create_zero_dev(initrc_t)
-	dev_create_generic_dirs(initrc_t)
-	term_create_console_dev(initrc_t)
-
-	# unfortunately /sbin/rc does stupid tricks
-	# with /dev/.rcboot to decide if we are in
-	# early init
-	dev_create_generic_dirs(initrc_t)
-	dev_delete_generic_dirs(initrc_t)
-
-	# allow bootmisc to create /var/lock/.keep.
-	files_manage_generic_locks(initrc_t)
-
-	# openrc uses tmpfs for its state data
-	fs_tmpfs_filetrans(initrc_t, initrc_state_t, { dir file fifo_file lnk_file })
-
-	# init scripts touch this
-	clock_dontaudit_write_adjtime(initrc_t)
-
-	logging_send_audit_msgs(initrc_t)
-
-	# for integrated run_init to read run_init_type.
-	# happens during boot (/sbin/rc execs init scripts)
-	seutil_read_default_contexts(initrc_t)
-
-	# /lib/rcscripts/net/system.sh rewrites resolv.conf :(
-	sysnet_create_config(initrc_t)
-	sysnet_write_config(initrc_t)
-	sysnet_setattr_config(initrc_t)
-
-	optional_policy(`
-		arpwatch_manage_data_files(initrc_t)
-	')
-
-	optional_policy(`
-		dhcpd_setattr_state_files(initrc_t)
-	')
-')
-
-ifdef(`distro_redhat',`
-	# this is from kmodule, which should get its own policy:
-	allow initrc_t self:capability sys_admin;
-
-	allow initrc_t self:process setfscreate;
-
-	# Red Hat systems seem to have a stray
-	# fd open from the initrd
-	kernel_use_fds(initrc_t)
-	files_dontaudit_read_root_files(initrc_t)
-
-	# These seem to be from the initrd
-	# during device initialization:
-	dev_create_generic_dirs(initrc_t)
-	dev_rwx_zero(initrc_t)
-	dev_rx_raw_memory(initrc_t)
-	dev_wx_raw_memory(initrc_t)
-	storage_raw_read_fixed_disk(initrc_t)
-	storage_raw_write_fixed_disk(initrc_t)
-
-	files_create_boot_dirs(initrc_t)
-	files_create_boot_flag(initrc_t)
-	files_rw_boot_symlinks(initrc_t)
-	# wants to read /.fonts directory
-	files_read_default_files(initrc_t)
-	files_mountpoint(initrc_tmp_t)
-	# Needs to cp localtime to /var dirs
-	files_write_var_dirs(initrc_t)
-
-	fs_read_tmpfs_symlinks(initrc_t)
-	fs_rw_tmpfs_chr_files(initrc_t)
-
-	storage_manage_fixed_disk(initrc_t)
-	storage_dev_filetrans_fixed_disk(initrc_t)
-	storage_getattr_removable_dev(initrc_t)
-
-	# readahead asks for these
-	auth_dontaudit_read_shadow(initrc_t)
-
-	# init scripts cp /etc/localtime over other directories localtime
-	miscfiles_rw_localization(initrc_t)
-	miscfiles_setattr_localization(initrc_t)
-	miscfiles_relabel_localization(initrc_t)
-
-	miscfiles_read_fonts(initrc_t)
-	miscfiles_read_hwdata(initrc_t)
-
-	optional_policy(`
-		alsa_manage_rw_config(initrc_t)
-	')
-
-	optional_policy(`
-		bind_manage_config_dirs(initrc_t)
-		bind_write_config(initrc_t)
-		bind_setattr_zone_dirs(initrc_t)
-	')
-
-	optional_policy(`
-		gnome_manage_gconf_config(initrc_t)
-	')
-
-	optional_policy(`
-		ldap_read_db_files(initrc_t)
-	')
-
-	optional_policy(`
-		pulseaudio_stream_connect(initrc_t)
-	')
-
-	optional_policy(`
-		#for /etc/rc.d/init.d/nfs to create /etc/exports
-		rpc_write_exports(initrc_t)
-		rpc_manage_nfs_state_data(initrc_t)
-	')
-	optional_policy(`
-		rpcbind_stream_connect(initrc_t)
-	')
-
-	optional_policy(`
-		sysnet_rw_dhcp_config(initrc_t)
-		sysnet_manage_config(initrc_t)
-		sysnet_manage_dhcpc_state(initrc_t)
-		sysnet_relabelfrom_dhcpc_state(initrc_t)
-		sysnet_relabelfrom_net_conf(initrc_t)
-		sysnet_relabelto_net_conf(initrc_t)
-	')
-
-	optional_policy(`
-		xserver_delete_log(initrc_t)
-	')
-')
-
-ifdef(`distro_suse',`
-	optional_policy(`
-		# set permissions on /tmp/.X11-unix
-		xserver_setattr_xdm_tmp_dirs(initrc_t)
-	')
-')
-
-domain_dontaudit_use_interactive_fds(daemon)
-
-userdom_dontaudit_list_admin_dir(daemon)
-userdom_dontaudit_search_user_tmp(daemon)
-
-tunable_policy(`allow_daemons_use_tty',`
-	term_use_unallocated_ttys(daemon)
-	term_use_generic_ptys(daemon)
-	term_use_all_ttys(daemon)
-	term_use_all_ptys(daemon)
-',`
-	term_dontaudit_use_unallocated_ttys(daemon)
-	term_dontaudit_use_generic_ptys(daemon)
-	term_dontaudit_use_all_ttys(daemon)
-	term_dontaudit_use_all_ptys(daemon)
- ')
- 
-# system-config-services causes avc messages that should be dontaudited
-tunable_policy(`allow_daemons_dump_core',`
-	files_manage_root_files(daemon)
-')
-
-optional_policy(`
-	unconfined_dontaudit_rw_pipes(daemon)
-	unconfined_dontaudit_rw_stream(daemon)
-	userdom_dontaudit_read_user_tmp_files(daemon)
-	userdom_dontaudit_write_user_tmp_files(daemon)
-')
- 
-optional_policy(`
-	amavis_search_lib(initrc_t)
-	amavis_setattr_pid_files(initrc_t)
-')
-
-optional_policy(`
-	dev_rw_apm_bios(initrc_t)
-')
-
-optional_policy(`
-	apache_read_config(initrc_t)
-	apache_list_modules(initrc_t)
-	# webmin seems to cause this.
-	apache_search_sys_content(daemon)
-')
-
-optional_policy(`
-	bind_read_config(initrc_t)
-
-	# for chmod in start script
-	bind_setattr_pid_dirs(initrc_t)
-')
-
-optional_policy(`
-	dev_read_usbfs(initrc_t)
-	bluetooth_read_config(initrc_t)
-')
-
-optional_policy(`
-	cgroup_stream_connect_cgred(initrc_t)
-	domain_setpriority_all_domains(initrc_t)
-')
-
-optional_policy(`
-	clamav_read_config(initrc_t)
-')
-
-optional_policy(`
-	cpucontrol_stub(initrc_t)
-	dev_getattr_cpu_dev(initrc_t)
-')
-
-optional_policy(`
-	chronyd_append_keys(initrc_t)
-	chronyd_read_keys(initrc_t)
-')
-
-optional_policy(`
-	dev_getattr_printer_dev(initrc_t)
-
-	cups_read_log(initrc_t)
-	cups_read_rw_config(initrc_t)
-#cups init script clears error log
-	cups_write_log(initrc_t)
-')
-
-optional_policy(`
-	daemontools_manage_svc(initrc_t)
-')
-
-optional_policy(`
-	dbus_connect_system_bus(initrc_t)
-	dbus_system_bus_client(initrc_t)
-	dbus_read_config(initrc_t)
-	dbus_manage_lib_files(initrc_t)
-
-	init_dbus_chat(initrc_t)
-
-	optional_policy(`
-		consolekit_dbus_chat(initrc_t)
-	')
-
-	optional_policy(`
-		networkmanager_dbus_chat(initrc_t)
-	')
-
-	optional_policy(`
-		policykit_dbus_chat(initrc_t)
-	')
-')
-
-optional_policy(`
-	# /var/run/dovecot/login/ssl-parameters.dat is a hard link to
-	# /var/lib/dovecot/ssl-parameters.dat and init tries to clean up
-	# the directory. But we do not want to allow this.
-	# The master process of dovecot will manage this file.
-	dovecot_dontaudit_unlink_lib_files(initrc_t)
-')
-
-optional_policy(`
-	ftp_read_config(initrc_t)
-')
-
-optional_policy(`
-	gpm_setattr_gpmctl(initrc_t)
-')
-
-optional_policy(`
-	hal_write_log(initrc_t)
-')
-
-optional_policy(`
-	dev_read_usbfs(initrc_t)
-
-	# init scripts run /etc/hotplug/usb.rc
-	hotplug_read_config(initrc_t)
-
-	modutils_read_module_deps(initrc_t)
-')
-
-optional_policy(`
-	inn_exec_config(initrc_t)
-')
-
-optional_policy(`
-	ipsec_read_config(initrc_t)
-	ipsec_manage_pid(initrc_t)
-')
-
-optional_policy(`
-	iscsi_stream_connect(initrc_t)
-	iscsi_read_lib_files(initrc_t)
-')
-
-optional_policy(`
-	kerberos_use(initrc_t)
-')
-
-optional_policy(`
-	ldap_read_config(initrc_t)
-	ldap_list_db(initrc_t)
-')
-
-optional_policy(`
-	loadkeys_exec(initrc_t)
-')
-
-optional_policy(`
-	# in emergency/recovery situations use sulogin
-	locallogin_domtrans_sulogin(initrc_t)
-')
-
-optional_policy(`
-	# This is needed to permit chown to read /var/spool/lpd/lp.
-	# This is opens up security more than necessary; this means that ANYTHING
-	# running in the initrc_t domain can read the printer spool directory.
-	# Perhaps executing /etc/rc.d/init.d/lpd should transition
-	# to domain lpd_t, instead of waiting for executing lpd.
-	lpd_list_spool(initrc_t)
-
-	lpd_read_config(initrc_t)
-')
-
-optional_policy(`
-	#allow initrc_t lvm_control_t:chr_file unlink;
-
-	dev_read_lvm_control(initrc_t)
-	dev_create_generic_chr_files(initrc_t)
-
-	lvm_read_config(initrc_t)
-')
-
-optional_policy(`
-	mailman_list_data(initrc_t)
-	mailman_read_data_symlinks(initrc_t)
-')
-
-optional_policy(`
-        milter_delete_dkim_pid_files(initrc_t)
-	milter_setattr_all_dirs(initrc_t)
-')
-
-optional_policy(`
-	mta_read_config(initrc_t)
-	mta_write_config(initrc_t)
-	mta_dontaudit_read_spool_symlinks(initrc_t)
-')
-
-optional_policy(`
-	ifdef(`distro_redhat',`
-		mysql_manage_db_dirs(initrc_t)
-	')
-
-	mysql_stream_connect(initrc_t)
-	mysql_write_log(initrc_t)
-	mysql_read_config(initrc_t)
-')
-
-optional_policy(`
-	nis_list_var_yp(initrc_t)
-')
-
-optional_policy(`
-	openvpn_read_config(initrc_t)
-')
-
-optional_policy(`
-	plymouthd_stream_connect(initrc_t)
-')
-
-optional_policy(`
-	postgresql_manage_db(initrc_t)
-	postgresql_read_config(initrc_t)
-')
-
-optional_policy(`
-	postfix_list_spool(initrc_t)
-')
-
-optional_policy(`
-	puppet_rw_tmp(initrc_t)
-')
-
-optional_policy(`
-	quota_manage_flags(initrc_t)
-')
-
-optional_policy(`
-	raid_manage_mdadm_pid(initrc_t)
-')
-
-optional_policy(`
-	ricci_manage_lib_files(initrc_t)
-')
-
-optional_policy(`
-	fs_write_ramfs_sockets(initrc_t)
-	fs_search_ramfs(initrc_t)
-
-	rhgb_rw_stream_sockets(initrc_t)
-	rhgb_stream_connect(initrc_t)
-')
-
-optional_policy(`
-	rpc_read_exports(initrc_t)
-')
-
-optional_policy(`
-	# bash tries to access a block device in the initrd
-	kernel_dontaudit_getattr_unlabeled_blk_files(initrc_t)
-
-	# for a bug in rm
-	files_dontaudit_write_all_pids(initrc_t)
-
-	# bash tries ioctl for some reason
-	files_dontaudit_ioctl_all_pids(initrc_t)
-
-')
-
-optional_policy(`
-	samba_rw_config(initrc_t)
-	samba_read_winbind_pid(initrc_t)
-')
-
-optional_policy(`
-    # shorewall-init script run /var/lib/shorewall/firewall
-    shorewall_domtrans_lib(initrc_t)
-')
-
-optional_policy(`
-	squid_read_config(initrc_t)
-	squid_manage_logs(initrc_t)
-')
-
-ifdef(`enabled_mls',`
-optional_policy(`
-	# allow init scripts to su
-	su_restricted_domain_template(initrc, initrc_t, system_r)
-')
-')
-
-optional_policy(`
-	ssh_dontaudit_read_server_keys(initrc_t)
-	ssh_setattr_key_files(initrc_t)
-')
-
-optional_policy(`
-	sysnet_read_dhcpc_state(initrc_t)
-')
-
-optional_policy(`
-	udev_rw_db(initrc_t)
-	udev_manage_pid_files(initrc_t)
-	udev_manage_rules_files(initrc_t)
-')
-
-optional_policy(`
-	uml_setattr_util_sockets(initrc_t)
-')
-
-optional_policy(`
-	virt_manage_cache(initrc_t)
-	virt_manage_lib_files(initrc_t)
-')
-
-# Cron jobs used to start and stop services
-optional_policy(`
-	cron_rw_pipes(daemon)
-	cron_rw_inherited_user_spool_files(daemon)
-')
-
-optional_policy(`
-	unconfined_domain(initrc_t)
-	domain_role_change_exemption(initrc_t)
-
-	ifdef(`distro_redhat',`
-		# system-config-services causes avc messages that should be dontaudited
-		unconfined_dontaudit_rw_pipes(daemon)
-	')
-
-	optional_policy(`
-		mono_domtrans(initrc_t)
-	')
-
-	# Allow SELinux aware applications to request rpm_script_t execution
-	rpm_transition_script(initrc_t)
-
-	
-	optional_policy(`
-		gen_require(`
-			type unconfined_execmem_t, execmem_exec_t;		
-		')
-		init_system_domain(unconfined_execmem_t, execmem_exec_t)
-	')
-
-	optional_policy(`
-		rtkit_scheduled(initrc_t)
-	')
-')
-
-optional_policy(`
-	rpm_delete_db(initrc_t)
-')
-
-optional_policy(`
-	vmware_read_system_config(initrc_t)
-	vmware_append_system_config(initrc_t)
-')
-
-optional_policy(`
-	miscfiles_manage_fonts(initrc_t)
-
-	# cjp: is this really needed?
-	xfs_read_sockets(initrc_t)
-')
-
-optional_policy(`
-	# Set device ownerships/modes.
-	xserver_setattr_console_pipes(initrc_t)
-
-	# init script wants to check if it needs to update windowmanagerlist
-	xserver_read_xdm_rw_config(initrc_t)
-')
-
-optional_policy(`
-	zebra_read_config(initrc_t)
-')
-
-userdom_inherit_append_user_home_content_files(daemon)
-userdom_inherit_append_user_tmp_files(daemon)
-userdom_dontaudit_rw_stream(daemon)
-
-logging_append_all_logs(daemon)
-
-optional_policy(`
-	# sudo service restart causes this 
-	unconfined_signull(daemon)
-')
-
-
-optional_policy(`
-	xserver_dontaudit_append_xdm_home_files(daemon)
-	tunable_policy(`use_nfs_home_dirs',`
-		fs_dontaudit_rw_nfs_files(daemon)
-	')
-	tunable_policy(`use_samba_home_dirs',`
-		fs_dontaudit_rw_cifs_files(daemon)
-	')
-')
-
-init_rw_script_stream_sockets(daemon)
-
-optional_policy(`
-	fail2ban_read_lib_files(daemon)
-')
-
-init_rw_stream_sockets(daemon)
-
-ifdef(`hide_broken_symptoms',`
-optional_policy(`
-gen_require(`
-	type system_dbusd_var_run_t;
-	type fsadm_t;
-	type avahi_var_run_t;
-')
-
-fs_list_auto_mountpoints(fsadm_t)
-
-fs_list_auto_mountpoints(lvm_t)
-fs_list_hugetlbfs(lvm_t)
-
-allow init_t avahi_var_run_t:dir { write add_name };
-allow init_t avahi_var_run_t:sock_file create;
-
-allow init_t system_dbusd_var_run_t:dir { write add_name };
-allow init_t system_dbusd_var_run_t:sock_file create;
-
-')
-')
diff --git a/policy/modules/system/ipsec.fc b/policy/modules/system/ipsec.fc
deleted file mode 100644
index 942bea1..0000000
--- a/policy/modules/system/ipsec.fc
+++ /dev/null
@@ -1,46 +0,0 @@
-/etc/rc\.d/init\.d/ipsec	--	gen_context(system_u:object_r:ipsec_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/racoon	--	gen_context(system_u:object_r:ipsec_initrc_exec_t,s0)
-
-/etc/ipsec\.secrets		--	gen_context(system_u:object_r:ipsec_key_file_t,s0)
-/etc/ipsec\.conf		--	gen_context(system_u:object_r:ipsec_conf_file_t,s0)
-/etc/racoon/psk\.txt		--	gen_context(system_u:object_r:ipsec_key_file_t,s0)
-
-/etc/racoon(/.*)?			gen_context(system_u:object_r:ipsec_conf_file_t,s0)
-/etc/racoon/certs(/.*)?			gen_context(system_u:object_r:ipsec_key_file_t,s0)
-
-/etc/ipsec\.d(/.*)?			gen_context(system_u:object_r:ipsec_key_file_t,s0)
-
-/sbin/setkey			--	gen_context(system_u:object_r:setkey_exec_t,s0)
-
-/usr/lib(64)?/ipsec/_plutoload	-- 	gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
-/usr/lib(64)?/ipsec/_plutorun	--	gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
-/usr/lib(64)?/ipsec/eroute	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
-/usr/lib(64)?/ipsec/klipsdebug	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
-/usr/lib(64)?/ipsec/pluto	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
-/usr/lib(64)?/ipsec/spi		--	gen_context(system_u:object_r:ipsec_exec_t,s0)
-
-/usr/libexec/ipsec/_plutoload	-- 	gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
-/usr/libexec/ipsec/_plutorun	--	gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
-/usr/libexec/ipsec/eroute	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
-/usr/libexec/ipsec/klipsdebug	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
-/usr/libexec/ipsec/pluto	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
-/usr/libexec/ipsec/spi		--	gen_context(system_u:object_r:ipsec_exec_t,s0)
-/usr/libexec/nm-openswan-service	-- 	gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
-
-/usr/local/lib(64)?/ipsec/eroute --	gen_context(system_u:object_r:ipsec_exec_t,s0)
-/usr/local/lib(64)?/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0)
-/usr/local/lib(64)?/ipsec/pluto --	gen_context(system_u:object_r:ipsec_exec_t,s0)
-/usr/local/lib(64)?/ipsec/spi	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
-
-/usr/sbin/ipsec			-- 	gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
-/usr/sbin/racoon		--	gen_context(system_u:object_r:racoon_exec_t,s0)
-/usr/sbin/setkey		--	gen_context(system_u:object_r:setkey_exec_t,s0)
-
-/var/lock/subsys/ipsec		--	gen_context(system_u:object_r:ipsec_mgmt_lock_t,s0)
-
-/var/log/pluto\.log		--	gen_context(system_u:object_r:ipsec_log_t,s0)
-
-/var/racoon(/.*)?			gen_context(system_u:object_r:ipsec_var_run_t,s0)
-
-/var/run/pluto(/.*)?			gen_context(system_u:object_r:ipsec_var_run_t,s0)
-/var/run/racoon\.pid		--	gen_context(system_u:object_r:ipsec_var_run_t,s0)
diff --git a/policy/modules/system/ipsec.if b/policy/modules/system/ipsec.if
deleted file mode 100644
index cba1b30..0000000
--- a/policy/modules/system/ipsec.if
+++ /dev/null
@@ -1,371 +0,0 @@
-## <summary>TCP/IP encryption</summary>
-
-########################################
-## <summary>
-##	Execute ipsec in the ipsec domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ipsec_domtrans',`
-	gen_require(`
-		type ipsec_t, ipsec_exec_t;
-	')
-
-	domtrans_pattern($1, ipsec_exec_t, ipsec_t)
-')
-
-########################################
-## <summary>
-##	Execute ipsec in the ipsec mgmt domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ipsec_domtrans_mgmt',`
-	gen_require(`
-		type ipsec_mgmt_t, ipsec_mgmt_exec_t;
-	')
-
-	domtrans_pattern($1, ipsec_mgmt_exec_t, ipsec_mgmt_t)
-')
-
-########################################
-## <summary>
-##	Connect to IPSEC using a unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ipsec_stream_connect',`
-	gen_require(`
-		type ipsec_t, ipsec_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, ipsec_var_run_t, ipsec_var_run_t, ipsec_t)
-')
-
-########################################
-## <summary>
-##	Connect to racoon using a unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ipsec_stream_connect_racoon',`
-	gen_require(`
-		type racoon_t, ipsec_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, ipsec_var_run_t, ipsec_var_run_t, racoon_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of an IPSEC key socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ipsec_getattr_key_sockets',`
-	gen_require(`
-		type ipsec_t;
-	')
-
-	allow $1 ipsec_t:key_socket getattr;
-')
-
-########################################
-## <summary>
-##	Execute the IPSEC management program in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ipsec_exec_mgmt',`
-	gen_require(`
-		type ipsec_exec_t;
-	')
-
-	can_exec($1, ipsec_exec_t)
-')
-
-########################################
-## <summary>
-##	Read the IPSEC configuration
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ipsec_read_config',`
-	gen_require(`
-		type ipsec_conf_file_t;
-	')
-
-	files_search_etc($1)
-	allow $1 ipsec_conf_file_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Match the default SPD entry.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ipsec_match_default_spd',`
-	gen_require(`
-		type ipsec_spd_t;
-	')
-
-	allow $1 ipsec_spd_t:association polmatch;
-	allow $1 self:association sendto;
-')
-
-########################################
-## <summary>
-##	Set the context of a SPD entry to
-##	the default context.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ipsec_setcontext_default_spd',`
-	gen_require(`
-		type ipsec_spd_t;
-	')
-
-	allow $1 ipsec_spd_t:association setcontext;
-')
-
-########################################
-## <summary>
-##	write the ipsec_var_run_t files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ipsec_write_pid',`
-	gen_require(`
-		type ipsec_var_run_t;
-	')
-
-	files_search_pids($1)
-	write_files_pattern($1, ipsec_var_run_t, ipsec_var_run_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete the IPSEC pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ipsec_manage_pid',`
-	gen_require(`
-		type ipsec_var_run_t;
-	')
-
-	files_search_pids($1)
-	manage_files_pattern($1, ipsec_var_run_t, ipsec_var_run_t)
-')
-
-########################################
-## <summary>
-##	Execute racoon in the racoon domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ipsec_domtrans_racoon',`
-	gen_require(`
-		type racoon_t, racoon_exec_t;
-	')
-
-	domtrans_pattern($1, racoon_exec_t, racoon_t)
-')
-
-########################################
-## <summary>
-##	Execute racoon and allow the specified role the domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ipsec_run_racoon',`
-	gen_require(`
-		type racoon_t;
-	')
-
-	ipsec_domtrans_racoon($1)
-	role $2 types racoon_t;
-')
-
-########################################
-## <summary>
-##	Execute setkey in the setkey domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ipsec_domtrans_setkey',`
-	gen_require(`
-		type setkey_t, setkey_exec_t;
-	')
-
-	domtrans_pattern($1, setkey_exec_t, setkey_t)
-')
-
-########################################
-## <summary>
-##	Execute setkey and allow the specified role the domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access..
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ipsec_run_setkey',`
-	gen_require(`
-		type setkey_t;
-	')
-
-	ipsec_domtrans_setkey($1)
-	role $2 types setkey_t;
-')
-
-########################################
-## <summary>
-##	Send ipsec mgmt a signal
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-#
-interface(`ipsec_signal_mgmt',`
-	gen_require(`
-		type ipsec_mgmt_t;
-	')
-
-	allow $1 ipsec_mgmt_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send ipsec mgmt a signull
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-#
-interface(`ipsec_signull_mgmt',`
-	gen_require(`
-		type ipsec_mgmt_t;
-	')
-
-	allow $1 ipsec_mgmt_t:process signull;
-')
-
-########################################
-## <summary>
-##	Send ipsec mgmt a kill signal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-#
-interface(`ipsec_kill_mgmt',`
-	gen_require(`
-		type ipsec_mgmt_t;
-	')
-
-	allow $1 ipsec_mgmt_t:process sigkill;
-')
-
-######################################
-## <summary>
-##      Send and receive messages from
-##      ipsec-mgmt over dbus.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`ipsec_mgmt_dbus_chat',`
-        gen_require(`
-                type ipsec_mgmt_t;
-                class dbus send_msg;
-        ')
-
-        allow $1 ipsec_mgmt_t:dbus send_msg;
-        allow ipsec_mgmt_t $1:dbus send_msg;
-')
diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te
deleted file mode 100644
index 6de1ab4..0000000
--- a/policy/modules/system/ipsec.te
+++ /dev/null
@@ -1,464 +0,0 @@
-policy_module(ipsec, 1.11.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Allow racoon to read shadow
-## </p>
-## </desc>
-gen_tunable(racoon_read_shadow, false)
-
-type ipsec_t;
-type ipsec_exec_t;
-init_daemon_domain(ipsec_t, ipsec_exec_t)
-role system_r types ipsec_t;
-
-# type for ipsec configuration file(s) - not for keys
-type ipsec_conf_file_t;
-files_type(ipsec_conf_file_t)
-
-type ipsec_initrc_exec_t;
-init_script_file(ipsec_initrc_exec_t)
-
-# type for file(s) containing ipsec keys - RSA or preshared
-type ipsec_key_file_t;
-files_type(ipsec_key_file_t)
-
-type ipsec_log_t;
-logging_log_file(ipsec_log_t)
-
-# Default type for IPSEC SPD entries
-type ipsec_spd_t;
-
-type ipsec_tmp_t;
-files_tmp_file(ipsec_tmp_t)
-
-# type for runtime files, including pluto.ctl
-type ipsec_var_run_t;
-files_pid_file(ipsec_var_run_t)
-
-type ipsec_mgmt_t;
-type ipsec_mgmt_exec_t;
-init_system_domain(ipsec_mgmt_t, ipsec_mgmt_exec_t)
-corecmd_shell_entry_type(ipsec_mgmt_t)
-role system_r types ipsec_mgmt_t;
-
-type ipsec_mgmt_lock_t;
-files_lock_file(ipsec_mgmt_lock_t)
-
-type ipsec_mgmt_var_run_t;
-files_pid_file(ipsec_mgmt_var_run_t)
-
-type racoon_t;
-type racoon_exec_t;
-init_daemon_domain(racoon_t, racoon_exec_t)
-role system_r types racoon_t;
-
-type racoon_tmp_t;
-files_tmp_file(racoon_tmp_t)
-
-type setkey_t;
-type setkey_exec_t;
-init_system_domain(setkey_t, setkey_exec_t)
-role system_r types setkey_t;
-
-########################################
-#
-# ipsec Local policy
-#
-
-allow ipsec_t self:capability { net_admin dac_override dac_read_search setpcap sys_nice };
-dontaudit ipsec_t self:capability { sys_ptrace sys_tty_config };
-allow ipsec_t self:process { getcap setcap getsched signal setsched };
-allow ipsec_t self:tcp_socket create_stream_socket_perms;
-allow ipsec_t self:udp_socket create_socket_perms;
-allow ipsec_t self:key_socket create_socket_perms;
-allow ipsec_t self:fifo_file read_fifo_file_perms;
-allow ipsec_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_write };
-
-allow ipsec_t ipsec_initrc_exec_t:file read_file_perms;
-
-allow ipsec_t ipsec_conf_file_t:dir list_dir_perms;
-read_files_pattern(ipsec_t, ipsec_conf_file_t, ipsec_conf_file_t)
-read_lnk_files_pattern(ipsec_t, ipsec_conf_file_t, ipsec_conf_file_t)
-
-allow ipsec_t ipsec_key_file_t:dir list_dir_perms;
-manage_files_pattern(ipsec_t, ipsec_key_file_t, ipsec_key_file_t)
-read_lnk_files_pattern(ipsec_t, ipsec_key_file_t, ipsec_key_file_t)
-
-manage_dirs_pattern(ipsec_t, ipsec_tmp_t, ipsec_tmp_t)
-manage_files_pattern(ipsec_t, ipsec_tmp_t, ipsec_tmp_t)
-files_tmp_filetrans(ipsec_t, ipsec_tmp_t, { dir file }) 
-
-manage_dirs_pattern(ipsec_t, ipsec_var_run_t, ipsec_var_run_t)
-manage_files_pattern(ipsec_t, ipsec_var_run_t, ipsec_var_run_t)
-manage_sock_files_pattern(ipsec_t, ipsec_var_run_t, ipsec_var_run_t)
-files_pid_filetrans(ipsec_t, ipsec_var_run_t, { dir file sock_file })
-
-can_exec(ipsec_t, ipsec_mgmt_exec_t)
-
-# pluto runs an updown script (by calling popen()!) as this is by default
-# a shell script, we need to find a way to make things work without
-# letting all sorts of stuff possibly be run...
-# so try flipping back into the ipsec_mgmt_t domain
-corecmd_shell_domtrans(ipsec_t, ipsec_mgmt_t)
-allow ipsec_mgmt_t ipsec_t:fd use;
-allow ipsec_mgmt_t ipsec_t:fifo_file rw_fifo_file_perms;
-allow ipsec_mgmt_t ipsec_t:unix_stream_socket { read write };
-allow ipsec_mgmt_t ipsec_t:process sigchld;
-
-kernel_read_kernel_sysctls(ipsec_t)
-kernel_list_proc(ipsec_t)
-kernel_read_proc_symlinks(ipsec_t)
-# allow pluto to access /proc/net/ipsec_eroute;
-kernel_read_system_state(ipsec_t)
-kernel_read_network_state(ipsec_t)
-kernel_read_software_raid_state(ipsec_t)
-kernel_request_load_module(ipsec_t)
-kernel_getattr_core_if(ipsec_t)
-kernel_getattr_message_if(ipsec_t)
-
-corecmd_exec_shell(ipsec_t)
-corecmd_exec_bin(ipsec_t)
-
-# Pluto needs network access
-corenet_all_recvfrom_unlabeled(ipsec_t)
-corenet_tcp_sendrecv_all_if(ipsec_t)
-corenet_raw_sendrecv_all_if(ipsec_t)
-corenet_tcp_sendrecv_all_nodes(ipsec_t)
-corenet_raw_sendrecv_all_nodes(ipsec_t)
-corenet_tcp_sendrecv_all_ports(ipsec_t)
-corenet_tcp_bind_all_nodes(ipsec_t)
-corenet_udp_bind_all_nodes(ipsec_t)
-corenet_tcp_bind_reserved_port(ipsec_t)
-corenet_tcp_bind_isakmp_port(ipsec_t)
-corenet_udp_bind_isakmp_port(ipsec_t)
-corenet_udp_bind_ipsecnat_port(ipsec_t)
-corenet_sendrecv_generic_server_packets(ipsec_t)
-corenet_sendrecv_isakmp_server_packets(ipsec_t)
-
-dev_read_sysfs(ipsec_t)
-dev_read_rand(ipsec_t)
-dev_read_urand(ipsec_t)
-
-domain_use_interactive_fds(ipsec_t)
-
-files_list_tmp(ipsec_t)
-files_read_etc_files(ipsec_t)
-files_read_usr_files(ipsec_t)
-files_dontaudit_search_home(ipsec_t)
-
-fs_getattr_all_fs(ipsec_t)
-fs_search_auto_mountpoints(ipsec_t)
-
-term_use_console(ipsec_t)
-term_dontaudit_use_all_ttys(ipsec_t)
-
-auth_use_nsswitch(ipsec_t)
-
-init_use_fds(ipsec_t)
-init_use_script_ptys(ipsec_t)
-
-logging_send_syslog_msg(ipsec_t)
-
-miscfiles_read_localization(ipsec_t)
-
-sysnet_domtrans_ifconfig(ipsec_t)
-sysnet_manage_config(ipsec_t)
-sysnet_etc_filetrans_config(ipsec_t)
-
-userdom_dontaudit_use_unpriv_user_fds(ipsec_t)
-userdom_dontaudit_search_user_home_dirs(ipsec_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(ipsec_t)
-')
-
-optional_policy(`
-	udev_read_db(ipsec_t)
-')
-
-########################################
-#
-# ipsec_mgmt Local policy
-#
-
-allow ipsec_mgmt_t self:capability { dac_override dac_read_search net_admin setpcap sys_nice };
-dontaudit ipsec_mgmt_t self:capability { sys_ptrace sys_tty_config };
-allow ipsec_mgmt_t self:process { getsched ptrace setrlimit setsched signal };
-allow ipsec_mgmt_t self:unix_stream_socket create_stream_socket_perms;
-allow ipsec_mgmt_t self:tcp_socket create_stream_socket_perms;
-allow ipsec_mgmt_t self:udp_socket create_socket_perms;
-allow ipsec_mgmt_t self:key_socket create_socket_perms;
-allow ipsec_mgmt_t self:fifo_file rw_fifo_file_perms;
-
-allow ipsec_mgmt_t ipsec_mgmt_lock_t:file manage_file_perms;
-files_lock_filetrans(ipsec_mgmt_t, ipsec_mgmt_lock_t, file)
-
-manage_dirs_pattern(ipsec_mgmt_t, ipsec_tmp_t, ipsec_tmp_t)
-manage_files_pattern(ipsec_mgmt_t, ipsec_tmp_t, ipsec_tmp_t)
-files_tmp_filetrans(ipsec_mgmt_t, ipsec_tmp_t, { dir file }) 
-
-manage_files_pattern(ipsec_mgmt_t, ipsec_log_t, ipsec_log_t)
-logging_log_filetrans(ipsec_mgmt_t, ipsec_log_t, file)
-
-allow ipsec_mgmt_t ipsec_mgmt_var_run_t:file manage_file_perms;
-files_pid_filetrans(ipsec_mgmt_t, ipsec_mgmt_var_run_t, file)
-
-manage_files_pattern(ipsec_mgmt_t, ipsec_var_run_t, ipsec_var_run_t)
-manage_lnk_files_pattern(ipsec_mgmt_t, ipsec_var_run_t, ipsec_var_run_t)
-
-allow ipsec_mgmt_t ipsec_var_run_t:sock_file manage_sock_file_perms;
-files_pid_filetrans(ipsec_mgmt_t, ipsec_var_run_t, sock_file)
-
-# _realsetup needs to be able to cat /var/run/pluto.pid,
-# run ps on that pid, and delete the file
-read_files_pattern(ipsec_mgmt_t, ipsec_t, ipsec_t)
-read_lnk_files_pattern(ipsec_mgmt_t, ipsec_t, ipsec_t)
-
-# logger, running in ipsec_mgmt_t needs to use sockets
-allow ipsec_mgmt_t self:unix_dgram_socket { create connect write };
-allow ipsec_mgmt_t ipsec_t:unix_dgram_socket { create connect write };
-
-allow ipsec_mgmt_t ipsec_conf_file_t:file read_file_perms;
-
-manage_files_pattern(ipsec_mgmt_t, ipsec_key_file_t, ipsec_key_file_t)
-manage_lnk_files_pattern(ipsec_mgmt_t, ipsec_key_file_t, ipsec_key_file_t)
-
-# whack needs to connect to pluto
-stream_connect_pattern(ipsec_mgmt_t, ipsec_var_run_t, ipsec_var_run_t, ipsec_t)
-
-can_exec(ipsec_mgmt_t, ipsec_mgmt_exec_t)
-allow ipsec_mgmt_t ipsec_mgmt_exec_t:lnk_file read;
-
-domtrans_pattern(ipsec_mgmt_t, ipsec_exec_t, ipsec_t)
-
-kernel_rw_net_sysctls(ipsec_mgmt_t)
-# allow pluto to access /proc/net/ipsec_eroute;
-kernel_read_system_state(ipsec_mgmt_t)
-kernel_read_network_state(ipsec_mgmt_t)
-kernel_read_software_raid_state(ipsec_mgmt_t)
-kernel_read_kernel_sysctls(ipsec_mgmt_t)
-kernel_getattr_core_if(ipsec_mgmt_t)
-kernel_getattr_message_if(ipsec_mgmt_t)
-
-# don't audit using of lsof
-dontaudit ipsec_mgmt_t self:capability sys_ptrace;
-
-domain_dontaudit_getattr_all_sockets(ipsec_mgmt_t)
-domain_dontaudit_getattr_all_pipes(ipsec_mgmt_t)
-
-dev_dontaudit_getattr_all_blk_files(ipsec_mgmt_t)
-dev_dontaudit_getattr_all_chr_files(ipsec_mgmt_t)
-
-files_dontaudit_getattr_all_files(ipsec_mgmt_t)
-files_dontaudit_getattr_all_sockets(ipsec_mgmt_t)
-files_read_kernel_symbol_table(ipsec_mgmt_t)
-files_getattr_kernel_modules(ipsec_mgmt_t)
-
-# the default updown script wants to run route
-# the ipsec wrapper wants to run /usr/bin/logger (should we put
-# it in its own domain?)
-corecmd_exec_bin(ipsec_mgmt_t)
-corecmd_exec_shell(ipsec_mgmt_t)
-
-dev_read_rand(ipsec_mgmt_t)
-dev_read_urand(ipsec_mgmt_t)
-
-domain_use_interactive_fds(ipsec_mgmt_t)
-# denials when ps tries to search /proc. Do not audit these denials.
-domain_dontaudit_read_all_domains_state(ipsec_mgmt_t)
-# suppress audit messages about unnecessary socket access
-# cjp: this seems excessive
-domain_dontaudit_rw_all_udp_sockets(ipsec_mgmt_t)
-domain_dontaudit_rw_all_key_sockets(ipsec_mgmt_t)
-
-files_read_etc_files(ipsec_mgmt_t)
-files_exec_etc_files(ipsec_mgmt_t)
-files_read_etc_runtime_files(ipsec_mgmt_t)
-files_read_usr_files(ipsec_mgmt_t)
-files_dontaudit_getattr_default_dirs(ipsec_mgmt_t)
-files_dontaudit_getattr_default_files(ipsec_mgmt_t)
-files_list_tmp(ipsec_mgmt_t)
-
-fs_getattr_xattr_fs(ipsec_mgmt_t)
-fs_list_tmpfs(ipsec_mgmt_t)
-
-term_use_console(ipsec_mgmt_t)
-term_use_all_terms(ipsec_mgmt_t)
-
-auth_dontaudit_read_login_records(ipsec_mgmt_t)
-
-init_read_utmp(ipsec_mgmt_t)
-init_use_script_ptys(ipsec_mgmt_t)
-init_exec_script_files(ipsec_mgmt_t)
-init_use_fds(ipsec_mgmt_t)
-init_labeled_script_domtrans(ipsec_mgmt_t, ipsec_initrc_exec_t)
-
-logging_send_syslog_msg(ipsec_mgmt_t)
-
-miscfiles_read_localization(ipsec_mgmt_t)
-
-modutils_domtrans_insmod(ipsec_mgmt_t)
-
-seutil_dontaudit_search_config(ipsec_mgmt_t)
-
-sysnet_manage_config(ipsec_mgmt_t)
-sysnet_domtrans_ifconfig(ipsec_mgmt_t)
-sysnet_etc_filetrans_config(ipsec_mgmt_t)
-
-userdom_use_user_terminals(ipsec_mgmt_t)
-
-optional_policy(`
-	consoletype_exec(ipsec_mgmt_t)
-')
-
-optional_policy(`
-        hostname_exec(ipsec_mgmt_t)
-')
-
-optional_policy(`
-        dbus_system_bus_client(ipsec_mgmt_t)
-        dbus_connect_system_bus(ipsec_mgmt_t)
-
-	optional_policy(`
-	        networkmanager_dbus_chat(ipsec_mgmt_t)
-	')
-')
-
-optional_policy(`
-        iptables_domtrans(ipsec_mgmt_t)
-')
-
-optional_policy(`
-	nscd_socket_use(ipsec_mgmt_t)
-')
-
-ifdef(`TODO',`
-# ideally it would not need this.  It wants to write to /root/.rnd
-file_type_auto_trans(ipsec_mgmt_t, sysadm_home_dir_t, sysadm_home_t, file)
-
-allow ipsec_mgmt_t dev_fs:file_class_set getattr;
-') dnl end TODO
-
-########################################
-#
-# Racoon local policy
-#
-
-allow racoon_t self:capability { net_admin net_bind_service };
-allow racoon_t self:netlink_route_socket create_netlink_socket_perms;
-allow racoon_t self:unix_dgram_socket { connect create ioctl write };
-allow racoon_t self:netlink_selinux_socket { bind create read };
-allow racoon_t self:udp_socket create_socket_perms;
-allow racoon_t self:key_socket create_socket_perms;
-allow racoon_t self:fifo_file rw_fifo_file_perms;
-
-manage_dirs_pattern(racoon_t, racoon_tmp_t, racoon_tmp_t)
-manage_files_pattern(racoon_t, racoon_tmp_t, racoon_tmp_t)
-files_tmp_filetrans(racoon_t, racoon_tmp_t, { dir file })
-
-can_exec(racoon_t, racoon_exec_t)
-
-can_exec(racoon_t, setkey_exec_t)
-
-# manage pid file
-manage_files_pattern(racoon_t, ipsec_var_run_t, ipsec_var_run_t)
-manage_sock_files_pattern(racoon_t, ipsec_var_run_t, ipsec_var_run_t)
-files_pid_filetrans(racoon_t, ipsec_var_run_t, file)
-
-allow racoon_t ipsec_conf_file_t:dir list_dir_perms;
-read_files_pattern(racoon_t, ipsec_conf_file_t, ipsec_conf_file_t)
-read_lnk_files_pattern(racoon_t, ipsec_conf_file_t, ipsec_conf_file_t)
-
-allow racoon_t ipsec_key_file_t:dir list_dir_perms;
-read_files_pattern(racoon_t, ipsec_key_file_t, ipsec_key_file_t)
-read_lnk_files_pattern(racoon_t, ipsec_key_file_t, ipsec_key_file_t)
-
-kernel_read_system_state(racoon_t)
-kernel_read_network_state(racoon_t)
-kernel_request_load_module(racoon_t)
-
-corecmd_exec_shell(racoon_t)
-corecmd_exec_bin(racoon_t)
-
-corenet_all_recvfrom_unlabeled(racoon_t)
-corenet_tcp_sendrecv_all_if(racoon_t)
-corenet_udp_sendrecv_all_if(racoon_t)
-corenet_tcp_sendrecv_all_nodes(racoon_t)
-corenet_udp_sendrecv_all_nodes(racoon_t)
-corenet_tcp_bind_all_nodes(racoon_t)
-corenet_udp_bind_all_nodes(racoon_t)
-corenet_udp_bind_isakmp_port(racoon_t)
-corenet_udp_bind_ipsecnat_port(racoon_t)
-
-dev_read_urand(racoon_t)
-
-# allow racoon to set contexts on ipsec policy and SAs
-domain_ipsec_setcontext_all_domains(racoon_t)
-
-files_read_etc_files(racoon_t)
-
-fs_dontaudit_getattr_xattr_fs(racoon_t)
-
-# allow racoon to use avc_has_perm to check context on proposed SA
-selinux_compute_access_vector(racoon_t)
-
-auth_use_nsswitch(racoon_t)
-
-ipsec_setcontext_default_spd(racoon_t)
-
-locallogin_use_fds(racoon_t)
-
-logging_send_syslog_msg(racoon_t)
-logging_send_audit_msgs(racoon_t)
-
-miscfiles_read_localization(racoon_t)
-
-sysnet_exec_ifconfig(racoon_t)
-
-auth_use_pam(racoon_t)
-
-auth_can_read_shadow_passwords(racoon_t)
-tunable_policy(`racoon_read_shadow',`
-	auth_tunable_read_shadow(racoon_t)
-')
-
-########################################
-#
-# Setkey local policy
-#
-
-allow setkey_t self:capability net_admin;
-allow setkey_t self:key_socket create_socket_perms;
-allow setkey_t self:netlink_route_socket create_netlink_socket_perms;
-
-allow setkey_t ipsec_conf_file_t:dir list_dir_perms;
-read_files_pattern(setkey_t, ipsec_conf_file_t, ipsec_conf_file_t)
-read_lnk_files_pattern(setkey_t, ipsec_conf_file_t, ipsec_conf_file_t)
-
-kernel_request_load_module(setkey_t)
-
-# allow setkey utility to set contexts on SA's and policy
-domain_ipsec_setcontext_all_domains(setkey_t)
-
-files_read_etc_files(setkey_t)
-
-init_dontaudit_use_fds(setkey_t)
-init_read_script_tmp_files(setkey_t)
-
-# allow setkey to set the context for ipsec SAs and policy.
-ipsec_setcontext_default_spd(setkey_t)
-
-locallogin_use_fds(setkey_t)
-
-miscfiles_read_localization(setkey_t)
-
-seutil_read_config(setkey_t)
-
-userdom_use_user_terminals(setkey_t)
-userdom_read_user_tmp_files(setkey_t)
diff --git a/policy/modules/system/iptables.fc b/policy/modules/system/iptables.fc
deleted file mode 100644
index fd99a6e..0000000
--- a/policy/modules/system/iptables.fc
+++ /dev/null
@@ -1,20 +0,0 @@
-/etc/rc\.d/init\.d/ip6?tables	--	gen_context(system_u:object_r:iptables_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/ebtables		--  gen_context(system_u:object_r:iptables_initrc_exec_t,s0)
-
-/sbin/ipchains.*		--	gen_context(system_u:object_r:iptables_exec_t,s0)
-/sbin/ip6?tables		--	gen_context(system_u:object_r:iptables_exec_t,s0)
-/sbin/ip6?tables-restore	--	gen_context(system_u:object_r:iptables_exec_t,s0)
-/sbin/ip6?tables-multi		--	gen_context(system_u:object_r:iptables_exec_t,s0)
-
-/sbin/ebtables			--  gen_context(system_u:object_r:iptables_exec_t,s0)
-/sbin/ebtables-restore	--  gen_context(system_u:object_r:iptables_exec_t,s0)
-
-/sbin/ipvsadm           --  gen_context(system_u:object_r:iptables_exec_t,s0)
-/sbin/ipvsadm-restore   --  gen_context(system_u:object_r:iptables_exec_t,s0)
-/sbin/ipvsadm-save      --  gen_context(system_u:object_r:iptables_exec_t,s0)
-
-
-/usr/sbin/ipchains.*		--	gen_context(system_u:object_r:iptables_exec_t,s0)
-/usr/sbin/iptables		--	gen_context(system_u:object_r:iptables_exec_t,s0)
-/usr/sbin/iptables-multi 	--	gen_context(system_u:object_r:iptables_exec_t,s0)
-/usr/sbin/iptables-restore	--	gen_context(system_u:object_r:iptables_exec_t,s0)
diff --git a/policy/modules/system/iptables.if b/policy/modules/system/iptables.if
deleted file mode 100644
index 59bfb17..0000000
--- a/policy/modules/system/iptables.if
+++ /dev/null
@@ -1,171 +0,0 @@
-## <summary>Policy for iptables.</summary>
-
-########################################
-## <summary>
-##	Execute iptables in the iptables domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`iptables_domtrans',`
-	gen_require(`
-		type iptables_t, iptables_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, iptables_exec_t, iptables_t)
-
-	ifdef(`hide_broken_symptoms', `
-	        dontaudit iptables_t $1:socket_class_set { read write };
-	')
-')
-
-########################################
-## <summary>
-##	Execute iptables in the iptables domain, and
-##	allow the specified role the iptables domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`iptables_run',`
-	gen_require(`
-		type iptables_t;
-	')
-
-	iptables_domtrans($1)
-	role $2 types iptables_t;
-
-	sysnet_run_ifconfig(iptables_t, $2)
-
-	optional_policy(`
-		modutils_run_insmod(iptables_t, $2)
-	')
-')
-
-########################################
-## <summary>
-##	Execute iptables in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`iptables_exec',`
-	gen_require(`
-		type iptables_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, iptables_exec_t)
-')
-
-#####################################
-## <summary>
-##	Execute iptables in the iptables domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`iptables_initrc_domtrans',`
-	gen_require(`
-		type iptables_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, iptables_initrc_exec_t)
-')
-
-#####################################
-## <summary>
-##	Set the attributes of iptables config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`iptables_setattr_config',`
-	gen_require(`
-		type iptables_conf_t;
-	')
-
-	files_search_etc($1)
-	allow $1 iptables_conf_t:file setattr;
-')
-
-#####################################
-## <summary>
-##	Read iptables config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`iptables_read_config',`
-	gen_require(`
-		type iptables_conf_t;
-	')
-
-	files_search_etc($1)
-	allow $1 iptables_conf_t:dir list_dir_perms;
-	read_files_pattern($1, iptables_conf_t, iptables_conf_t)
-')
-
-#####################################
-## <summary>
-##	Create files in /etc with the type used for
-##	the iptables config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`iptables_etc_filetrans_config',`
-	gen_require(`
-		type iptables_conf_t;
-	')
-
-	files_etc_filetrans($1, iptables_conf_t, file)
-')
-
-###################################
-## <summary>
-##	Manage iptables config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`iptables_manage_config',`
-	gen_require(`
-		type iptables_conf_t;
-		type etc_t;
-	')
-
-	files_search_etc($1)
-	manage_files_pattern($1, iptables_conf_t, iptables_conf_t)
-')
diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te
deleted file mode 100644
index bce3aea..0000000
--- a/policy/modules/system/iptables.te
+++ /dev/null
@@ -1,143 +0,0 @@
-policy_module(iptables, 1.11.0)
-
-########################################
-#
-# Declarations
-#
-
-type iptables_t;
-type iptables_exec_t;
-init_system_domain(iptables_t, iptables_exec_t)
-role system_r types iptables_t;
-
-type iptables_initrc_exec_t;
-init_script_file(iptables_initrc_exec_t)
-
-type iptables_tmp_t;
-files_tmp_file(iptables_tmp_t)
-
-type iptables_var_run_t;
-files_pid_file(iptables_var_run_t)
-
-########################################
-#
-# Iptables local policy
-#
-
-allow iptables_t self:capability { dac_read_search dac_override net_admin net_raw };
-dontaudit iptables_t self:capability sys_tty_config;
-allow iptables_t self:fifo_file rw_fifo_file_perms;
-allow iptables_t self:process { sigchld sigkill sigstop signull signal };
-# needed by ipvsadm
-allow iptables_t self:netlink_socket create_socket_perms;
-allow iptables_t self:rawip_socket create_socket_perms;
-
-files_manage_system_conf_files(iptables_t)
-files_etc_filetrans_system_conf(iptables_t)
-
-manage_files_pattern(iptables_t, iptables_var_run_t, iptables_var_run_t)
-files_pid_filetrans(iptables_t, iptables_var_run_t, file)
-
-can_exec(iptables_t, iptables_exec_t)
-
-allow iptables_t iptables_tmp_t:dir manage_dir_perms;
-allow iptables_t iptables_tmp_t:file manage_file_perms;
-files_tmp_filetrans(iptables_t, iptables_tmp_t, { file dir })
-
-kernel_request_load_module(iptables_t)
-kernel_read_system_state(iptables_t)
-kernel_read_network_state(iptables_t)
-kernel_read_kernel_sysctls(iptables_t)
-kernel_read_modprobe_sysctls(iptables_t)
-kernel_use_fds(iptables_t)
-
-# needed by ipvsadm
-corecmd_exec_bin(iptables_t)
-corecmd_exec_shell(iptables_t)
-
-corenet_relabelto_all_packets(iptables_t)
-corenet_dontaudit_rw_tun_tap_dev(iptables_t)
-
-dev_read_sysfs(iptables_t)
-ifdef(`hide_broken_symptoms',`
-	dev_dontaudit_write_mtrr(iptables_t)
-')
-
-fs_getattr_xattr_fs(iptables_t)
-fs_search_auto_mountpoints(iptables_t)
-fs_list_inotifyfs(iptables_t)
-
-mls_file_read_all_levels(iptables_t)
-
-term_dontaudit_use_console(iptables_t)
-term_use_all_terms(iptables_t)
-
-domain_use_interactive_fds(iptables_t)
-
-files_read_etc_files(iptables_t)
-files_read_etc_runtime_files(iptables_t)
-files_read_usr_files(iptables_t)
-
-auth_use_nsswitch(iptables_t)
-
-init_use_fds(iptables_t)
-init_use_script_ptys(iptables_t)
-# to allow rules to be saved on reboot:
-init_rw_script_tmp_files(iptables_t)
-init_rw_script_stream_sockets(iptables_t)
-init_dontaudit_script_leaks(iptables_t)
-
-logging_send_syslog_msg(iptables_t)
-
-miscfiles_read_localization(iptables_t)
-
-sysnet_domtrans_ifconfig(iptables_t)
-sysnet_dns_name_resolve(iptables_t)
-
-userdom_use_user_terminals(iptables_t)
-userdom_use_all_users_fds(iptables_t)
-
-optional_policy(`
-	fail2ban_append_log(iptables_t)
-	fail2ban_dontaudit_leaks(iptables_t)
-')
-
-optional_policy(`
-	firstboot_use_fds(iptables_t)
-	firstboot_rw_pipes(iptables_t)
-')
-
-optional_policy(`
-	modutils_domtrans_insmod(iptables_t)
-')
-
-optional_policy(`
-	# for iptables -L
-	nis_use_ypbind(iptables_t)
-')
-
-optional_policy(`
-	ppp_dontaudit_use_fds(iptables_t)
-')
-
-optional_policy(`
-	psad_rw_tmp_files(iptables_t)
-	psad_write_log(iptables_t)
-')
-
-optional_policy(`
-	rhgb_dontaudit_use_ptys(iptables_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(iptables_t)
-')
-
-optional_policy(`
-	shorewall_rw_lib_files(iptables_t)
-	shorewall_read_tmp_files(iptables_t)
-')
-
-optional_policy(`
-	udev_read_db(iptables_t)
-')
diff --git a/policy/modules/system/iscsi.fc b/policy/modules/system/iscsi.fc
deleted file mode 100644
index 14d9670..0000000
--- a/policy/modules/system/iscsi.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-/sbin/iscsid		--	gen_context(system_u:object_r:iscsid_exec_t,s0)
-/sbin/brcm_iscsiuio	--	gen_context(system_u:object_r:iscsid_exec_t,s0)
-
-/var/lib/iscsi(/.*)?		gen_context(system_u:object_r:iscsi_var_lib_t,s0)
-/var/lock/iscsi(/.*)?		gen_context(system_u:object_r:iscsi_lock_t,s0)
-/var/log/brcm-iscsi\.log --	gen_context(system_u:object_r:iscsi_log_t,s0)
-/var/run/iscsid\.pid	--	gen_context(system_u:object_r:iscsi_var_run_t,s0)
diff --git a/policy/modules/system/iscsi.if b/policy/modules/system/iscsi.if
deleted file mode 100644
index ad0b864..0000000
--- a/policy/modules/system/iscsi.if
+++ /dev/null
@@ -1,76 +0,0 @@
-## <summary>Establish connections to iSCSI devices</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run iscsid.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`iscsid_domtrans',`
-	gen_require(`
-		type iscsid_t, iscsid_exec_t;
-	')
-
-	domtrans_pattern($1, iscsid_exec_t, iscsid_t)
-')
-
-########################################
-## <summary>
-##	Connect to ISCSI using a unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`iscsi_stream_connect',`
-	gen_require(`
-		type iscsid_t, iscsi_var_lib_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, iscsi_var_lib_t, iscsi_var_lib_t, iscsid_t)
-')
-
-########################################
-## <summary>
-##	Read iscsi lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`iscsi_read_lib_files',`
-	gen_require(`
-		type iscsi_var_lib_t;
-	')
-
-	read_files_pattern($1, iscsi_var_lib_t, iscsi_var_lib_t)
-	allow $1 iscsi_var_lib_t:dir list_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Manage iscsid sempaphores.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`iscsi_manage_semaphores',`
-	gen_require(`
-		type iscsid_t;
-	')
-
-	allow $1 iscsid_t:sem create_sem_perms;
-')
diff --git a/policy/modules/system/iscsi.te b/policy/modules/system/iscsi.te
deleted file mode 100644
index 3ab3a47..0000000
--- a/policy/modules/system/iscsi.te
+++ /dev/null
@@ -1,97 +0,0 @@
-policy_module(iscsi, 1.7.0)
-
-########################################
-#
-# Declarations
-#
-
-type iscsid_t;
-type iscsid_exec_t;
-domain_type(iscsid_t)
-init_daemon_domain(iscsid_t, iscsid_exec_t)
-
-type iscsi_lock_t;
-files_lock_file(iscsi_lock_t)
-
-type iscsi_log_t;
-logging_log_file(iscsi_log_t)
-
-type iscsi_tmp_t;
-files_tmp_file(iscsi_tmp_t)
-
-type iscsi_var_lib_t;
-files_type(iscsi_var_lib_t)
-
-type iscsi_var_run_t;
-files_pid_file(iscsi_var_run_t)
-
-########################################
-#
-# iscsid local policy
-#
-
-allow iscsid_t self:capability { dac_override ipc_lock net_admin net_raw sys_admin sys_nice sys_resource };
-allow iscsid_t self:process { setrlimit setsched signal };
-allow iscsid_t self:fifo_file rw_fifo_file_perms;
-allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow iscsid_t self:unix_dgram_socket create_socket_perms;
-allow iscsid_t self:sem create_sem_perms;
-allow iscsid_t self:shm create_shm_perms;
-allow iscsid_t self:netlink_socket create_socket_perms;
-allow iscsid_t self:netlink_kobject_uevent_socket create_socket_perms; 
-allow iscsid_t self:netlink_route_socket rw_netlink_socket_perms;
-allow iscsid_t self:tcp_socket create_stream_socket_perms;
-
-can_exec(iscsid_t, iscsid_exec_t)
-
-manage_files_pattern(iscsid_t, iscsi_lock_t, iscsi_lock_t)
-files_lock_filetrans(iscsid_t, iscsi_lock_t, file)
-
-manage_files_pattern(iscsid_t, iscsi_log_t, iscsi_log_t)
-logging_log_filetrans(iscsid_t, iscsi_log_t, file)
-
-manage_dirs_pattern(iscsid_t, iscsi_tmp_t, iscsi_tmp_t)
-manage_files_pattern(iscsid_t, iscsi_tmp_t, iscsi_tmp_t)
-fs_tmpfs_filetrans(iscsid_t, iscsi_tmp_t, { dir file } )
-
-allow iscsid_t iscsi_var_lib_t:dir list_dir_perms;
-read_files_pattern(iscsid_t, iscsi_var_lib_t, iscsi_var_lib_t)
-read_lnk_files_pattern(iscsid_t, iscsi_var_lib_t, iscsi_var_lib_t)
-files_search_var_lib(iscsid_t)
-
-manage_files_pattern(iscsid_t, iscsi_var_run_t, iscsi_var_run_t)
-files_pid_filetrans(iscsid_t, iscsi_var_run_t, file)
-
-kernel_read_network_state(iscsid_t)
-kernel_read_system_state(iscsid_t)
-
-corenet_all_recvfrom_unlabeled(iscsid_t)
-corenet_all_recvfrom_netlabel(iscsid_t)
-corenet_tcp_sendrecv_generic_if(iscsid_t)
-corenet_tcp_sendrecv_generic_node(iscsid_t)
-corenet_tcp_sendrecv_all_ports(iscsid_t)
-corenet_tcp_connect_http_port(iscsid_t)
-corenet_tcp_connect_iscsi_port(iscsid_t)
-corenet_tcp_connect_isns_port(iscsid_t)
-
-dev_rw_sysfs(iscsid_t)
-dev_rw_userio_dev(iscsid_t)
-dev_read_raw_memory(iscsid_t)
-dev_write_raw_memory(iscsid_t)
-
-domain_use_interactive_fds(iscsid_t)
-domain_dontaudit_read_all_domains_state(iscsid_t)
-
-files_read_etc_files(iscsid_t)
-
-auth_use_nsswitch(iscsid_t)
-
-init_stream_connect_script(iscsid_t)
-
-logging_send_syslog_msg(iscsid_t)
-
-miscfiles_read_localization(iscsid_t)
-
-optional_policy(`
-	tgtd_manage_semaphores(iscsid_t)
-')
diff --git a/policy/modules/system/kdump.fc b/policy/modules/system/kdump.fc
deleted file mode 100644
index c66934f..0000000
--- a/policy/modules/system/kdump.fc
+++ /dev/null
@@ -1,5 +0,0 @@
-/etc/kdump\.conf	--	gen_context(system_u:object_r:kdump_etc_t,s0)
-/etc/rc\.d/init\.d/kdump --	gen_context(system_u:object_r:kdump_initrc_exec_t,s0)
-
-/sbin/kdump		--	gen_context(system_u:object_r:kdump_exec_t,s0)
-/sbin/kexec		--	gen_context(system_u:object_r:kdump_exec_t,s0)
diff --git a/policy/modules/system/kdump.if b/policy/modules/system/kdump.if
deleted file mode 100644
index 672d323..0000000
--- a/policy/modules/system/kdump.if
+++ /dev/null
@@ -1,111 +0,0 @@
-## <summary>Kernel crash dumping mechanism</summary>
-
-######################################
-## <summary>
-##	Execute kdump in the kdump domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`kdump_domtrans',`
-	gen_require(`
-		type kdump_t, kdump_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, kdump_exec_t, kdump_t)
-')
-
-#######################################
-## <summary>
-##	Execute kdump in the kdump domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`kdump_initrc_domtrans',`
-	gen_require(`
-		type kdump_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, kdump_initrc_exec_t)
-')
-
-#####################################
-## <summary>
-##	Read kdump configuration file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kdump_read_config',`
-	gen_require(`
-		type kdump_etc_t;
-	')
-
-	files_search_etc($1)
-	allow $1 kdump_etc_t:file read_file_perms;
-')
-
-####################################
-## <summary>
-##	Manage kdump configuration file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`kdump_manage_config',`
-	gen_require(`
-		type kdump_etc_t;
-	')
-
-	files_search_etc($1)
-	allow $1 kdump_etc_t:file manage_file_perms;
-')
-
-######################################
-## <summary>
-##	All of the rules required to administrate 
-##	an kdump environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed to manage the kdump domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`kdump_admin',`
-	gen_require(`
-		type kdump_t, kdump_etc_t;
-		type kdump_initrc_exec_t;
-	')
-
-	allow $1 kdump_t:process { ptrace signal_perms };
-	ps_process_pattern($1, kdump_t)
-
-	init_labeled_script_domtrans($1, kdump_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 kdump_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, kdump_etc_t)
-')
diff --git a/policy/modules/system/kdump.te b/policy/modules/system/kdump.te
deleted file mode 100644
index 7682697..0000000
--- a/policy/modules/system/kdump.te
+++ /dev/null
@@ -1,38 +0,0 @@
-policy_module(kdump, 1.1.0)
-
-#######################################
-#
-# Declarations
-#
-
-type kdump_t;
-type kdump_exec_t;
-init_system_domain(kdump_t, kdump_exec_t)
-
-type kdump_etc_t;
-files_config_file(kdump_etc_t)
-
-type kdump_initrc_exec_t;
-init_script_file(kdump_initrc_exec_t)
-
-#####################################
-#
-# kdump local policy
-#
-
-allow kdump_t self:capability { sys_boot dac_override };
-
-read_files_pattern(kdump_t, kdump_etc_t, kdump_etc_t)
-
-files_read_etc_runtime_files(kdump_t)
-files_read_kernel_img(kdump_t)
-
-kernel_read_system_state(kdump_t)
-kernel_read_core_if(kdump_t)
-kernel_read_debugfs(kdump_t)
-kernel_request_load_module(kdump_t)
-
-dev_read_framebuffer(kdump_t)
-dev_read_sysfs(kdump_t)
-
-term_use_console(kdump_t)
diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc
deleted file mode 100644
index 1d2236b..0000000
--- a/policy/modules/system/libraries.fc
+++ /dev/null
@@ -1,463 +0,0 @@
-#
-# /emul
-#
-ifdef(`distro_debian',`
-/emul/ia32-linux/usr(/.*)?/lib(/.*)?		gen_context(system_u:object_r:lib_t,s0)
-/emul/ia32-linux/usr(/.*)?/lib(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0)
-/emul/ia32-linux/lib(/.*)?			gen_context(system_u:object_r:lib_t,s0)
-/emul/ia32-linux/lib(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
-')
-
-ifdef(`distro_gentoo',`
-/emul/linux/x86/usr(/.*)?/lib(/.*)?		gen_context(system_u:object_r:lib_t,s0)
-/emul/linux/x86/lib(/.*)?			gen_context(system_u:object_r:lib_t,s0)
-/emul/linux/x86/lib(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
-')
-
-ifdef(`distro_redhat',`
-/emul/ia32-linux/usr(/.*)?/lib(/.*)?		gen_context(system_u:object_r:lib_t,s0)
-/emul/ia32-linux/usr(/.*)?/java/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:lib_t,s0)
-/emul/ia32-linux/usr(/.*)?/java/.*\.jar	--	gen_context(system_u:object_r:lib_t,s0)
-/emul/ia32-linux/usr(/.*)?/java/.*\.jsa	--	gen_context(system_u:object_r:lib_t,s0)
-/emul/ia32-linux/usr(/.*)?/lib(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0)
-/emul/ia32-linux/lib(/.*)?			gen_context(system_u:object_r:lib_t,s0)
-/emul/ia32-linux/lib(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
-')
-
-#
-# /etc
-#
-/etc/ld\.so\.cache			--	gen_context(system_u:object_r:ld_so_cache_t,s0)
-/etc/ld\.so\.preload			--	gen_context(system_u:object_r:ld_so_cache_t,s0)
-
-/etc/ppp/plugins/rp-pppoe\.so 		--	gen_context(system_u:object_r:lib_t,s0)
-
-#
-# /lib(64)?
-#
-/lib					-d	gen_context(system_u:object_r:lib_t,s0)
-/lib/.*						gen_context(system_u:object_r:lib_t,s0)
-/lib64					-d	gen_context(system_u:object_r:lib_t,s0)
-/lib64/.*					gen_context(system_u:object_r:lib_t,s0)
-/lib/ld-[^/]*\.so(\.[^/]*)*		--	gen_context(system_u:object_r:ld_so_t,s0)
-/lib64/ld-[^/]*\.so(\.[^/]*)*		--	gen_context(system_u:object_r:ld_so_t,s0)
-
-/lib/security/pam_poldi\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/lib64/security/pam_poldi\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-ifdef(`distro_debian',`
-/lib32					-l	gen_context(system_u:object_r:lib_t,s0)
-/lib64					-l	gen_context(system_u:object_r:lib_t,s0)
-')
-
-ifdef(`distro_gentoo',`
-/lib					-l	gen_context(system_u:object_r:lib_t,s0)
-/lib32					-d	gen_context(system_u:object_r:lib_t,s0)
-/lib32/.*					gen_context(system_u:object_r:lib_t,s0)
-/lib32/ld-[^/]*\.so(\.[^/]*)*		--	gen_context(system_u:object_r:ld_so_t,s0)
-')
-
-#
-# /opt
-#
-/opt/.*\.so					gen_context(system_u:object_r:lib_t,s0)
-/opt/(.*/)?lib(/.*)?				gen_context(system_u:object_r:lib_t,s0)
-/opt/(.*/)?lib64(/.*)?				gen_context(system_u:object_r:lib_t,s0)
-/opt/(.*/)?java/.+\.jar			--	gen_context(system_u:object_r:lib_t,s0)
-/opt/(.*/)?jre.*/.+\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/(.*/)?jre/.+\.jar			--	gen_context(system_u:object_r:lib_t,s0)
-
-/opt/(.*/)?/RealPlayer/.+\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-# despite the extensions, they are actually libs
-/opt/Acrobat[5-9]/Reader/intellinux/plugins/.*\.api -- gen_context(system_u:object_r:lib_t,s0)
-
-/opt/Komodo-Edit-5/lib/python/lib/python2.6/lib-dynload/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-ifdef(`distro_gentoo',`
-# despite the extensions, they are actually libs
-/opt/Acrobat[5-9]/Reader/intellinux/plug_ins/.*\.api -- gen_context(system_u:object_r:lib_t,s0)
-/opt/Acrobat[5-9]/Reader/intellinux/plug_ins3d/.*\.x3d -- gen_context(system_u:object_r:lib_t,s0)
-/opt/Acrobat[5-9]/Reader/intellinux/SPPlugins/.*\.ap[il] -- gen_context(system_u:object_r:lib_t,s0)
-
-/opt/netscape/plugins(/.*)?			gen_context(system_u:object_r:lib_t,s0)
-/opt/netscape/plugins/libflashplayer\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/netscape/plugins/nppdf\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/RealPlayer/codecs(/.*)?			gen_context(system_u:object_r:lib_t,s0)
-/opt/RealPlayer/common(/.*)?			gen_context(system_u:object_r:lib_t,s0)
-/opt/RealPlayer/lib(/.*)?			gen_context(system_u:object_r:lib_t,s0)
-/opt/RealPlayer/mozilla(/.*)?			gen_context(system_u:object_r:lib_t,s0)
-/opt/RealPlayer/plugins(/.*)?			gen_context(system_u:object_r:lib_t,s0)
-')
-
-ifdef(`distro_redhat',`
-/opt/Adobe(/.*?)/nppdf\.so 		-- 	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/Adobe/Reader.?/Reader/intellinux/plug_ins/.*\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/Adobe/Reader.?/Reader/intellinux/SPPlugins/.*\.ap[il] -- gen_context(system_u:object_r:lib_t,s0)
-/opt/cisco-vpnclient/lib/libvpnapi\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/cx.*/lib/wine/.+\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/f-secure/fspms/libexec/librapi\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/ibm/java.*/jre/.+\.jar		--	gen_context(system_u:object_r:lib_t,s0)
-/opt/ibm/java.*/jre/.+\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/ibm/java.*/jre/bin/.+\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-')
-
-#
-# /sbin
-#
-/sbin/ldconfig				--	gen_context(system_u:object_r:ldconfig_exec_t,s0)
-
-#
-# /usr
-#
-/usr/(.*/)?/HelixPlayer/.+\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/(.*/)?/RealPlayer/.+\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/(.*/)?java/.+\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/(.*/)?java/.+\.jar			--	gen_context(system_u:object_r:lib_t,s0)
-/usr/(.*/)?java/.+\.jsa			--	gen_context(system_u:object_r:lib_t,s0)
-
-/usr/(.*/)?lib(/.*)?				gen_context(system_u:object_r:lib_t,s0)
-/usr/(.*/)?lib64(/.*)?				gen_context(system_u:object_r:lib_t,s0)
-
-/usr/(.*/)?lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0)
-
-/usr/(.*/)?nvidia/.+\.so(\..*)?		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib64/altivec/libavcodec\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/cedega/.+\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/vlc/video_chroma/libi420_rgb_mmx_plugin\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/vlc/codec/librealvideo_plugin\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/vlc/codec/libdmo_plugin\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/vlc/codec/librealvideo_plugin\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/vlc/.*\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libtfmessbsp\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/xorg/libGL\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/X11R6/lib/libGL\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libGL\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/catalyst/.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libADM5.*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libatiadlxx\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/win32/.*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib/ADM_plugins/videoFilter/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/(.*/)?lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?(/.*)?/nvidia/.+\.so(\..*)? --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libsipphoneapi\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ati-fglrx/.+\.so(\..*)?	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/fglrx/.*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libjs\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/sse2/libx264\.so(\.[^/]*)* 	-- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libzita-convolver\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?(/.*)?/libnvidia.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?(/.*)?/nvidia_drv.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/nero/plug-ins/libMP3\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/nvidia/libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/xorg/modules/glesx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/(local/)?.*\.so(\.[^/]*)*		--	gen_context(system_u:object_r:lib_t,s0)
-/usr/(local/)?lib(64)?/wine/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/(local/)?lib(64)?/(sse2/)?libfame-.*\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/NX/lib/libXcomp\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/NX/lib/libjpeg\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/X11R6/lib/libXvMCNVIDIA\.so.* 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/xorg/modules/drivers/fglrx_drv\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/xorg/modules/drivers/nvidia_drv\.o -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/xorg/modules/extensions/nvidia(-[^/]*)?/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/xorg/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/x11R6/lib/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-ifdef(`distro_debian',`
-/usr/lib32				-l	gen_context(system_u:object_r:lib_t,s0)
-')
-
-ifdef(`distro_gentoo',`
-/usr/lib				-l	gen_context(system_u:object_r:lib_t,s0)
-')
-
-ifdef(`distro_redhat',`
-/usr/share/rhn/rhn_applet/eggtrayiconmodule\.so -- gen_context(system_u:object_r:lib_t,s0)
-
-# The following are libraries with text relocations in need of execmod permissions
-# Some of them should be fixed and removed from this list
-
-# Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv
-# 	HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php
-HOME_DIR/.*/plugins/nppdf\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/allegro/(.*/)?alleg-vga\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/firefox-[^/]*/extensions(/.*)?/libqfaservices.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/firefox-[^/]*/plugins/nppdf.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/firefox/plugins/libractrl\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/libFLAC\.so.*			--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/libfglrx_gamma\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/mozilla/plugins/nppdf\.so 	-- 	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/maxima/[^/]+/binary-gcl/maxima	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib64/maxima/[^/]+/binary-gcl/maxima --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/mozilla/plugins/libvlcplugin\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/nx/libXcomp\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/nx/libjpeg\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/VBoxVMM\.so			--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib64/mozilla/plugins/libvlcplugin\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/libstdc\+\+\.so\.2\.7\.2\.8 --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libg\+\+\.so\.2\.7\.2\.8	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libgpac\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libglide3\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libglide3-v[0-9]*\.so.* 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/helix/plugins/[^/]*\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/helix/codecs/[^/]*\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/X11R6/lib/libfglrx_gamma\.so.* 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libHermes\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/valgrind/hp2ps		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/valgrind/stage2		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/valgrind/vg.*\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/.*/program/libicudata\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/.*/program/libsts645li\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/.*/program/libvclplug_gen645li\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/.*/program/libwrp645li\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/.*/program/libswd680li\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/.*/program/librecentfile\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/.*/program/libsvx680li\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/.*/program/libcomphelp4gcc3\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/.*/program/libsoffice\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/(.*/)?pcsc/drivers(/.*)?/lib(cm2020|cm4000|SCR24x)\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-# Fedora Extras packages: ladspa, imlib2, ocaml
-/usr/lib(64)?/ladspa/analogue_osc_1416\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ladspa/bandpass_a_iir_1893\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ladspa/bandpass_iir_1892\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ladspa/butterworth_1902\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ladspa/fm_osc_1415\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ladspa/gsm_1215\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ladspa/gverb_1216\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ladspa/hermes_filter_1200\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ladspa/highpass_iir_1890\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ladspa/lowpass_iir_1891\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ladspa/notch_iir_1894\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ladspa/pitch_scale_1193\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ladspa/pitch_scale_1194\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ladspa/sc1_1425\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ladspa/sc2_1426\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ladspa/sc3_1427\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ladspa/sc4_1882\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ladspa/se4_1883\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/sane/libsane-epkowa\.so.* --  gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ocaml/stublibs/dllnums\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-# Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
-/usr/lib(64)?.*/libmpg123\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/local(/.*)?/libmpg123\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/codecs/drv[1-9c]\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/local/lib/codecs/drv[1-9c]\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-HOME_DIR/.*/plugins/nppdf\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-HOME_DIR/.mozilla/plugins/nprhapengine\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/.*/nprhapengine\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/local/(.*/)?nprhapengine\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-# Jai, Sun Microsystems (Jpackage SPRM)
-/usr/lib(64)?/libmlib_jai\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libdivxdecore\.so\.0	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libdivxencore\.so\.0	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/libdvdcss\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/python2.4/site-packages/M2Crypto/__m2crypto\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-# vmware
-/usr/lib(64)?/vmware/lib(/.*)?/libgdk-x11-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/vmware/(.*/)?VmPerl\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/vmware/lib(/.*)?/libvmware-gksu.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/(virtualbox(-ose)?/)?(components/)?VBox.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/virtualbox/.*\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-# Java, Sun Microsystems (JPackage SRPM)
-/usr/(.*/)?jre.*/.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/(.*/)?jre.*/.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/(local/)?Adobe/(.*/)?intellinux/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/(local/)?Adobe/(.*/)?intellinux/sidecars/* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/(local/)?acroread/(.*/)?intellinux/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/(local/)?Adobe/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/(local/)?acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/(local/)?Adobe/.*\.api		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/(local/)?lib/xchat/plugins/systray\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/(local/)?matlab.*/bin/glnx86/libmwlapack\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/(local/)?matlab.*/bin/glnx86/(libmw(lapack|mathutil|services)|lapack|libmkl)\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/(local/)?matlab.*/sys/os/glnx86/libtermcap\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib/acroread/(.*/)?sidecars/*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/acroread/(.*/)?nppdf\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/acroread/.+\.api		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/acroread/(.*/)?ADMPlugin\.apl	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/.*/program(/.*)?\.so		gen_context(system_u:object_r:lib_t,s0)
-/usr/lib64/.*/program(/.*)?\.so		gen_context(system_u:object_r:lib_t,s0)
-') dnl end distro_redhat
-
-#
-# /var
-#
-/var/cache/ldconfig(/.*)?			gen_context(system_u:object_r:ldconfig_cache_t,s0)
-
-/var/ftp/lib(64)?(/.*)?				gen_context(system_u:object_r:lib_t,s0)
-/var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:ld_so_t,s0)
-
-/var/mailman/pythonlib(/.*)?/.+\.so(\..*)? --	gen_context(system_u:object_r:lib_t,s0)
-
-/usr/lib(64)?/pgsql/.*\.so.*		--	gen_context(system_u:object_r:lib_t,s0)
-/usr/lib(64)?/pgsql/test/regress/.*\.so.*		--	gen_context(system_u:object_r:lib_t,s0)
-/var/lib/spamassassin/compiled/.*\.so.*    --     gen_context(system_u:object_r:lib_t,s0)
-
-ifdef(`distro_suse',`
-/var/lib/samba/bin/.+\.so(\.[^/]*)*	-l	gen_context(system_u:object_r:lib_t,s0)
-')
-
-/usr/share/hplip/prnt/plugins(/.*)?		gen_context(system_u:object_r:lib_t,s0)
-/usr/share/squeezeboxserver/CPAN/arch/.+\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/var/spool/postfix/lib(64)?(/.*)? 		gen_context(system_u:object_r:lib_t,s0)
-/var/spool/postfix/usr(/.*)?			gen_context(system_u:object_r:lib_t,s0)
-/var/spool/postfix/lib(64)?/ld.*\.so.*	--	gen_context(system_u:object_r:ld_so_t,s0)
-
-/usr/lib(64)?/libmyth[^/]+\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/mythtv/filters/.*\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib/jvm/java(.*/)bin(/.*)?/.*\.so 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib64/jvm/java(.*/)bin(/.*)?/.*\.so 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib/oracle/.*/lib/libnnz10\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/opt/altera9.1/quartus/linux/libccl_err\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/opt/novell/groupwise/client/lib/libgwapijni\.so\.1	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/sse2/.*\.so.*    --     gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/i686/.*\.so.*    --     gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/local/google-earth/.*\.so.*    --     gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/googleearth/.*\.so.*    --     gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/google-earth/.*\.so.*    --     gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/google-earth/.*\.so.*    --     gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/google-earth/.*\.so.*    --     gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/google/.*\.so.*    --     gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/nspluginwrapper/np.*\.so	-- gen_context(system_u:object_r:lib_t,s0)
-
-/usr/lib/oracle/.*/lib/libnnz.*\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/oracle(64)?/.*/lib/libclntsh\.so(\.[^/]*)*	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/opt/(.*/)?oracle/(.*/)?libnnz.*\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libnnz11.so(\.[^/]*)*	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libxvidcore\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-
-/opt/matlab.*\.so(\.[^/]*)*		gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/matlab.*\.so(\.[^/]*)*		gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/local/matlab.*\.so(\.[^/]*)*	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/local/matlab.*\.so(\.[^/]*)*	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/local/Zend/lib/ZendExtensionManager\.so	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib/libcncpmslld328\.so(\.[^/]*)*	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/ICAClient/.*\.so(\.[^/]*)*	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/midori/.*\.so(\.[^/]*)*	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/libav.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/xine/plugins/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/yafaray/libDarkSky.so 	   --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/libpostproc\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/libswscale\.so.*		 --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib/libADM.*\.so.*			 --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/gstreamer-.*/[^/]*\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-HOME_DIR/\.gstreamer-.*/plugins/.*\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/libx264\.so(\.[^/]*)* 	-- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/libmp3lame\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libmpeg2\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-ifdef(`fixed',`
-/usr/lib(64)?/libavfilter\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libavdevice\.so.*	 --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libavformat.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libavcodec.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libavutil.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libdv\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libGLU\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libgsm\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libImlib2\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libjackserver\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/X11R6/lib/libOSMesa.*\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libOSMesa.*\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libSDL-.*\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/xulrunner-[^/]*/libgtkembedmoz\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/xulrunner-[^/]*/libxul\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-# Flash plugin, Macromedia
-HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/.*/libflashplayer\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/local/(.*/)?libflashplayer\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/php/modules/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/xorg/modules/dri/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/X11R6/lib/modules/dri/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/dri/.+\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/httpd/modules/libphp5\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-')
-/opt/VBoxGuestAdditions.*/lib/VBox.*\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/nmm/liba52\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/lampp/lib/libct\.so.* 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/lampp/lib/.*\.so.* 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/VirtualBox(/.*)?/VBox.*\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/chromium-browser/.*\.so 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/local/zend/lib/apache2/libphp5\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/python.*/site-packages/pymedia/muxer\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/local/games/darwinia/lib/libSDL.*\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/ocp-.*/mixclip\.so		     --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/octagaplayer/libapplication\.so		     --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/AutoScan/usr/lib/libvte\.so.*			     --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/bin/bsnes		     --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib/firefox/plugins/libractrl\.so	     --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/libGLcore\.so.*	     --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/libkmplayercommon\.so.*	     --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/opt/Unify/SQLBase/libgptsblmsui11\.so.*	     --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/opt/real/RealPlayer/plugins(/.*)?	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/opt/real/RealPlayer/codecs(/.*)?	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib(64)?/vdpau/libvdpau_nvidia\.so.*  --	gen_context(system_u:object_r:textrel_shlib_t,s0)	
-
-/usr/lib(64)?/libGTL.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-/usr/lib/nsr/(.*/)?.*\.so		-- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/lgtonmc/bin/.*\.so(\.[0-9])?  	--  gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/google/picasa/.*\.dll	--  gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/google/picasa/.*\.yti	--  gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --git a/policy/modules/system/libraries.if b/policy/modules/system/libraries.if
deleted file mode 100644
index 8b174c8..0000000
--- a/policy/modules/system/libraries.if
+++ /dev/null
@@ -1,518 +0,0 @@
-## <summary>Policy for system libraries.</summary>
-
-########################################
-## <summary>
-##	Execute ldconfig in the ldconfig domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`libs_domtrans_ldconfig',`
-	gen_require(`
-		type ldconfig_t, ldconfig_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, ldconfig_exec_t, ldconfig_t)
-')
-
-########################################
-## <summary>
-##	Execute ldconfig in the ldconfig domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the ldconfig domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`libs_run_ldconfig',`
-	gen_require(`
-		type ldconfig_t;
-	')
-
-	libs_domtrans_ldconfig($1)
-	role $2 types ldconfig_t;
-')
-
-########################################
-## <summary>
-##	Execute ldconfig in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-## 	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`libs_exec_ldconfig',`
-	gen_require(`
-		type ldconfig_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, ldconfig_exec_t)
-')
-
-########################################
-## <summary>
-##	Use the dynamic link/loader for automatic loading
-##	of shared libraries.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`libs_use_ld_so',`
-	gen_require(`
-		type lib_t, ld_so_t, ld_so_cache_t;
-	')
-
-	files_list_etc($1)
-	allow $1 lib_t:dir list_dir_perms;
-
-	read_lnk_files_pattern($1, lib_t, { lib_t ld_so_t })
-	mmap_files_pattern($1, lib_t, ld_so_t)
-
-	allow $1 ld_so_cache_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Use the dynamic link/loader for automatic loading
-##	of shared libraries with legacy support.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`libs_legacy_use_ld_so',`
-	gen_require(`
-		type ld_so_t, ld_so_cache_t;
-	')
-
-	libs_use_ld_so($1)
-	allow $1 ld_so_t:file execmod;
-	allow $1 ld_so_cache_t:file execute;
-')
-
-########################################
-## <summary>
-##	Execute the dynamic link/loader in the caller's domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`libs_exec_ld_so',`
-	gen_require(`
-		type lib_t, ld_so_t;
-	')
-
-	allow $1 lib_t:dir list_dir_perms;
-	read_lnk_files_pattern($1, lib_t, { lib_t ld_so_t })
-	exec_files_pattern($1, lib_t, ld_so_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete the
-##	dynamic link/loader.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for prelink
-interface(`libs_manage_ld_so',`
-	gen_require(`
-		type lib_t, ld_so_t;
-	')
-
-	manage_files_pattern($1, lib_t, ld_so_t)
-')
-
-########################################
-## <summary>
-##	Relabel to and from the type used for
-##	the dynamic link/loader.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for prelink
-interface(`libs_relabel_ld_so',`
-	gen_require(`
-		type lib_t, ld_so_t;
-	')
-
-	relabel_files_pattern($1, lib_t, ld_so_t)
-')
-
-########################################
-## <summary>
-##	Modify the dynamic link/loader's cached listing
-##	of shared libraries.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`libs_rw_ld_so_cache',`
-	gen_require(`
-		type ld_so_cache_t;
-	')
-
-	files_list_etc($1)
-	allow $1 ld_so_cache_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Search library directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`libs_search_lib',`
-	gen_require(`
-		type lib_t;
-	')
-
-	allow $1 lib_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write to library directories.
-## </summary>
-## <desc>
-##	<p>
-##	Do not audit attempts to write to library directories.
-##	Typically this is used to quiet attempts to recompile
-##	python byte code.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`libs_dontaudit_write_lib_dirs',`
-	gen_require(`
-		type lib_t;
-	')
-
-	dontaudit $1 lib_t:dir write;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete library directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`libs_manage_lib_dirs',`
-	gen_require(`
-		type lib_t;
-	')
-
-	allow $1 lib_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read files in the library directories, such
-##	as static libraries.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`libs_read_lib_files',`
-	gen_require(`
-		type lib_t;
-	')
-
-	files_list_usr($1)
-	list_dirs_pattern($1, lib_t, lib_t)
-	read_files_pattern($1, lib_t, lib_t)
-	read_lnk_files_pattern($1, lib_t, lib_t)
-')
-
-########################################
-## <summary>
-##	Execute library scripts in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`libs_exec_lib_files',`
-	gen_require(`
-		type lib_t;
-	')
-
-	files_search_usr($1)
-	allow $1 lib_t:dir list_dir_perms;
-	read_lnk_files_pattern($1, lib_t, lib_t)
-	exec_files_pattern($1, lib_t, lib_t)
-')
-
-########################################
-## <summary>
-##	Load and execute functions from generic
-##	lib files as shared libraries.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`libs_use_lib_files',`
-	refpolicywarn(`$0($*) has been deprecated, use libs_use_shared_libs() instead.')
-	libs_use_shared_libs($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete generic
-##	files in library directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for prelink
-interface(`libs_manage_lib_files',`
-	gen_require(`
-		type lib_t;
-	')
-
-	manage_files_pattern($1, lib_t, lib_t)
-')
-
-########################################
-## <summary>
-##	Relabel files to the type used in library directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`libs_relabelto_lib_files',`
-	gen_require(`
-		type lib_t;
-	')
-
-	relabelto_files_pattern($1, lib_t, lib_t)
-')
-
-########################################
-## <summary>
-##	Relabel to and from the type used
-##	for generic lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for prelink
-interface(`libs_relabel_lib_files',`
-	gen_require(`
-		type lib_t;
-	')
-
-	relabel_files_pattern($1, lib_t, lib_t)
-')
-
-########################################
-## <summary>
-##	Delete generic symlinks in library directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for prelink
-interface(`libs_delete_lib_symlinks',`
-	gen_require(`
-		type lib_t;
-	')
-
-	delete_lnk_files_pattern($1, lib_t, lib_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete shared libraries.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for prelink
-interface(`libs_manage_shared_libs',`
-	gen_require(`
-		type lib_t, textrel_shlib_t;
-	')
-
-	manage_files_pattern($1, lib_t, { lib_t textrel_shlib_t })
-')
-
-########################################
-## <summary>
-##	Load and execute functions from shared libraries.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`libs_use_shared_libs',`
-	gen_require(`
-		type lib_t, textrel_shlib_t;
-	')
-
-	files_search_usr($1)
-	allow $1 lib_t:dir list_dir_perms;
-	read_lnk_files_pattern($1, lib_t, { lib_t textrel_shlib_t })
-	mmap_files_pattern($1, lib_t, { lib_t textrel_shlib_t })
-	allow $1 textrel_shlib_t:file execmod;
-')
-
-########################################
-## <summary>
-##	Load and execute functions from shared libraries,
-##	with legacy support.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`libs_legacy_use_shared_libs',`
-	gen_require(`
-		type lib_t;
-	')
-
-	libs_use_shared_libs($1)
-	allow $1 lib_t:file execmod;
-')
-
-########################################
-## <summary>
-##	Relabel to and from the type used for
-##	shared libraries.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: added for prelink
-interface(`libs_relabel_shared_libs',`
-	gen_require(`
-		type lib_t, textrel_shlib_t;
-	')
-
-	relabel_files_pattern($1, lib_t, { lib_t textrel_shlib_t })
-')
-
-########################################
-## <summary>
-##	Create an object in lib directories, with
-##	the shared libraries type using a type transition.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="object">
-##	<summary>
-##	The object class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`lib_filetrans_shared_lib',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Create an object in lib directories, with
-##	the shared libraries type using a type transition.  (Deprecated)
-## </summary>
-## <desc>
-##	<p>
-##	Create an object in lib directories, with
-##	the shared libraries type using a type transition.  (Deprecated)
-##	</p>
-##	<p>
-##	lib_filetrans_shared_lib() should be used instead.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="object">
-##	<summary>
-##	The object class of the object being created.
-##	</summary>
-## </param>
-#
-interface(`files_lib_filetrans_shared_lib',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
deleted file mode 100644
index 99d7f60..0000000
--- a/policy/modules/system/libraries.te
+++ /dev/null
@@ -1,157 +0,0 @@
-policy_module(libraries, 2.7.0)
-
-########################################
-#
-# Declarations
-#
-
-#
-# ld_so_cache_t is the type of /etc/ld.so.cache.
-#
-type ld_so_cache_t;
-files_type(ld_so_cache_t)
-
-#
-# ld_so_t is the type of the system dynamic loaders.
-#
-type ld_so_t;
-files_type(ld_so_t)
-
-type ldconfig_t;
-type ldconfig_exec_t;
-init_system_domain(ldconfig_t, ldconfig_exec_t)
-role system_r types ldconfig_t;
-
-type ldconfig_cache_t;
-files_type(ldconfig_cache_t)
-
-type ldconfig_tmp_t;
-files_tmp_file(ldconfig_tmp_t)
-
-#
-# lib_t is the type of files in the system lib directories.
-#
-type lib_t alias shlib_t;
-files_type(lib_t)
-
-#
-# textrel_shlib_t is the type of shared objects in the system lib
-# directories, which require text relocation.
-#
-type textrel_shlib_t alias texrel_shlib_t;
-files_type(textrel_shlib_t)
-
-ifdef(`distro_gentoo',`
-	# openrc unfortunately mounts a tmpfs
-	# at /lib/rc/
-	files_mountpoint(lib_t)
-')
-
-optional_policy(`
-	postgresql_loadable_module(lib_t)
-	postgresql_loadable_module(textrel_shlib_t)
-')
-
-########################################
-#
-# ldconfig local policy
-#
-
-allow ldconfig_t self:capability { dac_override sys_chroot };
-
-manage_files_pattern(ldconfig_t, ldconfig_cache_t, ldconfig_cache_t)
-
-manage_files_pattern(ldconfig_t, ld_so_cache_t, ld_so_cache_t)
-files_etc_filetrans(ldconfig_t, ld_so_cache_t, file)
-
-manage_dirs_pattern(ldconfig_t, ldconfig_tmp_t, ldconfig_tmp_t)
-manage_files_pattern(ldconfig_t, ldconfig_tmp_t, ldconfig_tmp_t)
-manage_lnk_files_pattern(ldconfig_t, ldconfig_tmp_t, ldconfig_tmp_t)
-files_tmp_filetrans(ldconfig_t, ldconfig_tmp_t, { file dir lnk_file })
-
-manage_lnk_files_pattern(ldconfig_t, lib_t, lib_t)
-
-kernel_read_system_state(ldconfig_t)
-
-fs_getattr_xattr_fs(ldconfig_t)
-
-corecmd_search_bin(ldconfig_t)
-
-domain_use_interactive_fds(ldconfig_t)
-
-files_search_home(ldconfig_t)
-files_search_var_lib(ldconfig_t)
-files_read_etc_files(ldconfig_t)
-files_read_usr_files(ldconfig_t)
-files_search_tmp(ldconfig_t)
-files_search_usr(ldconfig_t)
-# for when /etc/ld.so.cache is mislabeled:
-files_delete_etc_files(ldconfig_t)
-
-init_use_script_ptys(ldconfig_t)
-init_read_script_tmp_files(ldconfig_t)
-
-miscfiles_read_localization(ldconfig_t)
-
-logging_send_syslog_msg(ldconfig_t)
-
-term_use_console(ldconfig_t)
-userdom_use_user_terminals(ldconfig_t)
-userdom_use_all_users_fds(ldconfig_t)
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(ldconfig_t)
-	')
-')
-
-userdom_manage_user_home_content_files(ldconfig_t)
-userdom_manage_user_tmp_files(ldconfig_t)
-userdom_manage_user_tmp_symlinks(ldconfig_t)
-
-ifdef(`hide_broken_symptoms',`
-	ifdef(`distro_gentoo',`
-		# leaked fds from portage
-		files_dontaudit_rw_var_files(ldconfig_t)
-
-		optional_policy(`
-			portage_dontaudit_search_tmp(ldconfig_t)
-			portage_dontaudit_rw_tmp_files(ldconfig_t)
-		')
-	')
-
-	optional_policy(`
-		unconfined_dontaudit_rw_tcp_sockets(ldconfig_t)
-	')
-')
-
-optional_policy(`
-	# dontaudit access to /usr/lib/apache, normal programs cannot read these libs anyway
-	apache_dontaudit_search_modules(ldconfig_t)
-')
-
-optional_policy(`
-	apt_rw_pipes(ldconfig_t)
-	apt_use_fds(ldconfig_t)
-	apt_use_ptys(ldconfig_t)
-')
-
-optional_policy(`
-	gnome_append_generic_cache_files(ldconfig_t)
-')
-
-optional_policy(`
-	puppet_rw_tmp(ldconfig_t)
-')
-
-optional_policy(`
-	# When you install a kernel the postinstall builds a initrd image in tmp 
-	# and executes ldconfig on it. If you dont allow this kernel installs 
-	# blow up.
-	rpm_manage_script_tmp_files(ldconfig_t)
-')
-
-optional_policy(`
-	unconfined_domain(ldconfig_t)
-')
-
diff --git a/policy/modules/system/locallogin.fc b/policy/modules/system/locallogin.fc
deleted file mode 100644
index be6a81b..0000000
--- a/policy/modules/system/locallogin.fc
+++ /dev/null
@@ -1,3 +0,0 @@
-
-/sbin/sulogin		--	gen_context(system_u:object_r:sulogin_exec_t,s0)
-/sbin/sushell		--	gen_context(system_u:object_r:sulogin_exec_t,s0)
diff --git a/policy/modules/system/locallogin.if b/policy/modules/system/locallogin.if
deleted file mode 100644
index 0e3c2a9..0000000
--- a/policy/modules/system/locallogin.if
+++ /dev/null
@@ -1,131 +0,0 @@
-## <summary>Policy for local logins.</summary>
-
-########################################
-## <summary>
-##	Execute local logins in the local login domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`locallogin_domtrans',`
-	gen_require(`
-		type local_login_t;
-	')
-
-	auth_domtrans_login_program($1, local_login_t)
-
-	ifdef(`enable_mcs',`
-		auth_ranged_domtrans_login_program($1, local_login_t, s0 - mcs_systemhigh)
-	')
-')
-
-########################################
-## <summary>
-##	Allow processes to inherit local login file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`locallogin_use_fds',`
-	gen_require(`
-		type local_login_t;
-	')
-
-	allow $1 local_login_t:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to inherit local login file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`locallogin_dontaudit_use_fds',`
-	gen_require(`
-		type local_login_t;
-	')
-
-	dontaudit $1 local_login_t:fd use;
-')
-
-########################################
-## <summary>
-##	Send a null signal to local login processes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`locallogin_signull',`
-	gen_require(`
-		type local_login_t;
-	')
-
-	allow $1 local_login_t:process signull;
-')
-
-########################################
-## <summary>
-##	Search for key.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`locallogin_search_keys',`
-	gen_require(`
-		type local_login_t;
-	')
-
-	allow $1 local_login_t:key search;
-')
-
-########################################
-## <summary>
-##	Allow link to the local_login key ring.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`locallogin_link_keys',`
-	gen_require(`
-		type local_login_t;
-	')
-
-	allow $1 local_login_t:key link;
-')
-
-########################################
-## <summary>
-##	Execute local logins in the local login domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`locallogin_domtrans_sulogin',`
-	gen_require(`
-		type sulogin_exec_t, sulogin_t;
-	')
-
-	domtrans_pattern($1, sulogin_exec_t, sulogin_t)
-')
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
deleted file mode 100644
index 26e9f79..0000000
--- a/policy/modules/system/locallogin.te
+++ /dev/null
@@ -1,271 +0,0 @@
-policy_module(locallogin, 1.10.0)
-
-########################################
-#
-# Declarations
-#
-
-type local_login_t;
-domain_interactive_fd(local_login_t)
-auth_login_pgm_domain(local_login_t)
-auth_login_entry_type(local_login_t)
-
-type local_login_lock_t;
-files_lock_file(local_login_lock_t)
-
-type local_login_tmp_t;
-files_tmp_file(local_login_tmp_t)
-files_poly_parent(local_login_tmp_t)
-
-type sulogin_t;
-type sulogin_exec_t;
-domain_obj_id_change_exemption(sulogin_t)
-domain_subj_id_change_exemption(sulogin_t)
-domain_role_change_exemption(sulogin_t)
-domain_interactive_fd(sulogin_t)
-init_domain(sulogin_t, sulogin_exec_t)
-init_system_domain(sulogin_t, sulogin_exec_t)
-role system_r types sulogin_t;
-
-########################################
-#
-# Local login local policy
-#
-
-allow local_login_t self:capability { dac_override chown fowner fsetid kill setgid setuid sys_admin sys_nice sys_ptrace sys_resource sys_tty_config };
-allow local_login_t self:process ~{ ptrace setcurrent setfscreate execmem execstack execheap };
-allow local_login_t self:fd use;
-allow local_login_t self:fifo_file rw_fifo_file_perms;
-allow local_login_t self:sock_file read_sock_file_perms;
-allow local_login_t self:unix_dgram_socket create_socket_perms;
-allow local_login_t self:unix_stream_socket create_stream_socket_perms;
-allow local_login_t self:unix_dgram_socket sendto;
-allow local_login_t self:unix_stream_socket connectto;
-allow local_login_t self:shm create_shm_perms;
-allow local_login_t self:sem create_sem_perms;
-allow local_login_t self:msgq create_msgq_perms;
-allow local_login_t self:msg { send receive };
-allow local_login_t self:key { search write link };
-
-allow local_login_t local_login_lock_t:file manage_file_perms;
-files_lock_filetrans(local_login_t, local_login_lock_t, file)
-
-allow local_login_t local_login_tmp_t:dir manage_dir_perms;
-allow local_login_t local_login_tmp_t:file manage_file_perms;
-files_tmp_filetrans(local_login_t, local_login_tmp_t, { file dir })
-
-kernel_read_system_state(local_login_t)
-kernel_read_kernel_sysctls(local_login_t)
-kernel_search_key(local_login_t)
-kernel_link_key(local_login_t)
-
-corecmd_list_bin(local_login_t)
-corecmd_read_bin_symlinks(local_login_t)
-# cjp: these are probably not needed:
-corecmd_read_bin_files(local_login_t)
-corecmd_read_bin_pipes(local_login_t)
-corecmd_read_bin_sockets(local_login_t)
-
-dev_setattr_mouse_dev(local_login_t)
-dev_getattr_mouse_dev(local_login_t)
-dev_getattr_power_mgmt_dev(local_login_t)
-dev_setattr_power_mgmt_dev(local_login_t)
-dev_getattr_sound_dev(local_login_t)
-dev_setattr_sound_dev(local_login_t)
-dev_rw_generic_usb_dev(local_login_t)
-dev_read_video_dev(local_login_t)
-dev_dontaudit_getattr_apm_bios_dev(local_login_t)
-dev_dontaudit_setattr_apm_bios_dev(local_login_t)
-dev_dontaudit_read_framebuffer(local_login_t)
-dev_dontaudit_setattr_framebuffer_dev(local_login_t)
-dev_dontaudit_getattr_generic_blk_files(local_login_t)
-dev_dontaudit_setattr_generic_blk_files(local_login_t)
-dev_dontaudit_getattr_generic_chr_files(local_login_t)
-dev_dontaudit_setattr_generic_chr_files(local_login_t)
-dev_dontaudit_setattr_generic_symlinks(local_login_t)
-dev_dontaudit_getattr_misc_dev(local_login_t)
-dev_dontaudit_setattr_misc_dev(local_login_t)
-dev_dontaudit_getattr_scanner_dev(local_login_t)
-dev_dontaudit_setattr_scanner_dev(local_login_t)
-dev_dontaudit_search_sysfs(local_login_t)
-dev_dontaudit_getattr_video_dev(local_login_t)
-dev_dontaudit_setattr_video_dev(local_login_t)
-
-domain_read_all_entry_files(local_login_t)
-
-files_read_etc_files(local_login_t)
-files_read_etc_runtime_files(local_login_t)
-files_read_usr_files(local_login_t)
-files_list_mnt(local_login_t)
-files_list_world_readable(local_login_t)
-files_read_world_readable_files(local_login_t)
-files_read_world_readable_symlinks(local_login_t)
-files_read_world_readable_pipes(local_login_t)
-files_read_world_readable_sockets(local_login_t)
-# for when /var/mail is a symlink
-files_read_var_symlinks(local_login_t)
-
-fs_search_auto_mountpoints(local_login_t)
-
-storage_dontaudit_getattr_fixed_disk_dev(local_login_t)
-storage_dontaudit_setattr_fixed_disk_dev(local_login_t)
-storage_dontaudit_getattr_removable_dev(local_login_t)
-storage_dontaudit_setattr_removable_dev(local_login_t)
-
-term_use_all_ttys(local_login_t)
-term_use_unallocated_ttys(local_login_t)
-term_relabel_unallocated_ttys(local_login_t)
-term_relabel_all_ttys(local_login_t)
-term_setattr_all_ttys(local_login_t)
-term_setattr_unallocated_ttys(local_login_t)
-
-auth_rw_login_records(local_login_t)
-auth_rw_faillog(local_login_t)
-auth_manage_pam_pid(local_login_t)
-auth_manage_pam_console_data(local_login_t)
-auth_domtrans_pam_console(local_login_t)
-
-init_dontaudit_use_fds(local_login_t)
-init_stream_connect(local_login_t)
-
-miscfiles_read_localization(local_login_t)
-
-userdom_spec_domtrans_all_users(local_login_t)
-userdom_signal_all_users(local_login_t)
-userdom_search_user_home_content(local_login_t)
-userdom_use_unpriv_users_fds(local_login_t)
-userdom_sigchld_all_users(local_login_t)
-userdom_create_all_users_keys(local_login_t)
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(local_login_t)
-	')
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_read_nfs_files(local_login_t)
-	fs_read_nfs_symlinks(local_login_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_read_cifs_files(local_login_t)
-	fs_read_cifs_symlinks(local_login_t)
-')
-
-tunable_policy(`allow_console_login',`
-     term_use_console(local_login_t)
-     term_relabel_console(local_login_t)
-     term_setattr_console(local_login_t)
-')
-
-optional_policy(`
-	alsa_domtrans(local_login_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(local_login_t)
-
-	consolekit_dbus_chat(local_login_t)
-')
-
-optional_policy(`
-	gpm_getattr_gpmctl(local_login_t)
-	gpm_setattr_gpmctl(local_login_t)
-')
-
-optional_policy(`
-	# Search for mail spool file.
-	mta_getattr_spool(local_login_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(local_login_t)
-')
-
-optional_policy(`
-	nscd_socket_use(local_login_t)
-')
-
-optional_policy(`
-	unconfined_shell_domtrans(local_login_t)
-')
-
-optional_policy(`
-	usermanage_read_crack_db(local_login_t)
-')
-
-optional_policy(`
-	xserver_read_xdm_tmp_files(local_login_t)
-	xserver_rw_xdm_tmp_files(local_login_t)
-')
-
-#################################
-# 
-# Sulogin local policy
-#
-
-allow sulogin_t self:capability dac_override;
-allow sulogin_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow sulogin_t self:fd use;
-allow sulogin_t self:fifo_file rw_fifo_file_perms;
-allow sulogin_t self:unix_dgram_socket create_socket_perms;
-allow sulogin_t self:unix_stream_socket create_stream_socket_perms;
-allow sulogin_t self:unix_dgram_socket sendto;
-allow sulogin_t self:unix_stream_socket connectto;
-allow sulogin_t self:shm create_shm_perms;
-allow sulogin_t self:sem create_sem_perms;
-allow sulogin_t self:msgq create_msgq_perms;
-allow sulogin_t self:msg { send receive };
-
-kernel_read_system_state(sulogin_t)
-
-fs_search_auto_mountpoints(sulogin_t)
-fs_rw_tmpfs_chr_files(sulogin_t)
-
-files_read_etc_files(sulogin_t)
-# because file systems are not mounted:
-files_dontaudit_search_isid_type_dirs(sulogin_t)
-
-auth_read_shadow(sulogin_t)
-auth_use_nsswitch(sulogin_t)
-
-init_getpgid_script(sulogin_t)
-
-logging_send_syslog_msg(sulogin_t)
-
-seutil_read_config(sulogin_t)
-seutil_read_default_contexts(sulogin_t)
-
-userdom_use_unpriv_users_fds(sulogin_t)
-
-userdom_search_user_home_dirs(sulogin_t)
-userdom_use_user_ptys(sulogin_t)
-
-term_use_console(sulogin_t)
-term_use_unallocated_ttys(sulogin_t)
-
-ifdef(`enable_mls',`
-	sysadm_shell_domtrans(sulogin_t)
-',`
-	optional_policy(`
-		unconfined_shell_domtrans(sulogin_t)
-	')
-')
-
-# suse and debian do not use pam with sulogin...
-ifdef(`distro_suse', `define(`sulogin_no_pam')')
-ifdef(`distro_debian', `define(`sulogin_no_pam')')
-
-allow sulogin_t self:capability sys_tty_config;
-ifdef(`sulogin_no_pam', `
-	init_getpgid(sulogin_t)
-', `
-	allow sulogin_t self:process setexec;
-	selinux_get_fs_mount(sulogin_t)
-	selinux_validate_context(sulogin_t)
-	selinux_compute_access_vector(sulogin_t)
-	selinux_compute_create_context(sulogin_t)
-	selinux_compute_relabel_context(sulogin_t)
-	selinux_compute_user_contexts(sulogin_t)
-')
diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
deleted file mode 100644
index ca6409c..0000000
--- a/policy/modules/system/logging.fc
+++ /dev/null
@@ -1,80 +0,0 @@
-/dev/log		-s	gen_context(system_u:object_r:devlog_t,s0)
-
-/etc/rsyslog.conf		gen_context(system_u:object_r:syslog_conf_t,s0)
-/etc/syslog.conf		gen_context(system_u:object_r:syslog_conf_t,s0)
-/etc/audit(/.*)?		gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)
-/etc/rc\.d/init\.d/auditd --	gen_context(system_u:object_r:auditd_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/rsyslog --	gen_context(system_u:object_r:syslogd_initrc_exec_t,s0)
-
-/sbin/audispd		--	gen_context(system_u:object_r:audisp_exec_t,s0)
-/sbin/audisp-remote	--	gen_context(system_u:object_r:audisp_remote_exec_t,s0)
-/sbin/auditctl		--	gen_context(system_u:object_r:auditctl_exec_t,s0)
-/sbin/auditd		--	gen_context(system_u:object_r:auditd_exec_t,s0)
-/sbin/klogd		--	gen_context(system_u:object_r:klogd_exec_t,s0)
-/sbin/minilogd		--	gen_context(system_u:object_r:syslogd_exec_t,s0)
-/sbin/rklogd		--	gen_context(system_u:object_r:klogd_exec_t,s0)
-/sbin/rsyslogd		--	gen_context(system_u:object_r:syslogd_exec_t,s0)
-/sbin/syslogd		--	gen_context(system_u:object_r:syslogd_exec_t,s0)
-/sbin/syslog-ng		--	gen_context(system_u:object_r:syslogd_exec_t,s0)
-
-/opt/zimbra/log(/.*)?		gen_context(system_u:object_r:var_log_t,s0)
-
-/usr/local/centreon/log(/.*)?	gen_context(system_u:object_r:var_log_t,s0)
-
-/usr/sbin/klogd		--	gen_context(system_u:object_r:klogd_exec_t,s0)
-/usr/sbin/metalog	--	gen_context(system_u:object_r:syslogd_exec_t,s0)
-/usr/sbin/rklogd	--	gen_context(system_u:object_r:klogd_exec_t,s0)
-/usr/sbin/rsyslogd	--	gen_context(system_u:object_r:syslogd_exec_t,s0)
-/usr/sbin/syslog-ng	--	gen_context(system_u:object_r:syslogd_exec_t,s0)
-/usr/sbin/syslogd	--	gen_context(system_u:object_r:syslogd_exec_t,s0)
-
-/var/lib/syslog-ng(/.*)? 	gen_context(system_u:object_r:syslogd_var_lib_t,s0)
-/var/lib/syslog(/.*)?		gen_context(system_u:object_r:syslogd_var_lib_t,s0)
-/var/lib/syslog-ng.persist --	gen_context(system_u:object_r:syslogd_var_lib_t,s0)
-
-ifdef(`distro_suse', `
-/var/lib/stunnel/dev/log -s	gen_context(system_u:object_r:devlog_t,s0)
-')
-
-/var/axfrdns/log/main(/.*)?	gen_context(system_u:object_r:var_log_t,s0)
-/var/dnscache/log/main(/.*)?	gen_context(system_u:object_r:var_log_t,s0)
-/var/cfengine/outputs(/.*)?	gen_context(system_u:object_r:var_log_t,s0)
-
-/var/log		-d	gen_context(system_u:object_r:var_log_t,s0-mls_systemhigh)
-/var/log/.*			gen_context(system_u:object_r:var_log_t,s0)
-/var/log/messages[^/]*		gen_context(system_u:object_r:var_log_t,mls_systemhigh)
-/var/log/secure[^/]*		gen_context(system_u:object_r:var_log_t,mls_systemhigh)
-/var/log/cron[^/]*		gen_context(system_u:object_r:var_log_t,mls_systemhigh)
-/var/log/maillog[^/]*		gen_context(system_u:object_r:var_log_t,mls_systemhigh)
-/var/log/spooler[^/]*		gen_context(system_u:object_r:var_log_t,mls_systemhigh)
-/var/log/audit(/.*)?		gen_context(system_u:object_r:auditd_log_t,mls_systemhigh)
-/var/log/syslog-ng(/.*)? 	gen_context(system_u:object_r:syslogd_var_run_t,s0)
-
-ifndef(`distro_gentoo',`
-/var/log/audit\.log	--	gen_context(system_u:object_r:auditd_log_t,mls_systemhigh)
-')
-
-ifdef(`distro_redhat',`
-/var/named/chroot/var/log -d	gen_context(system_u:object_r:var_log_t,s0)
-/var/named/chroot/dev/log -s	gen_context(system_u:object_r:devlog_t,s0)
-')
-
-/var/run/audit_events	-s	gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
-/var/run/audispd_events	-s	gen_context(system_u:object_r:audisp_var_run_t,mls_systemhigh)
-/var/run/auditd\.pid	--	gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
-/var/run/auditd_sock	-s	gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
-/var/run/klogd\.pid	--	gen_context(system_u:object_r:klogd_var_run_t,s0)
-/var/run/log		-s	gen_context(system_u:object_r:devlog_t,s0)
-/var/run/metalog\.pid	--	gen_context(system_u:object_r:syslogd_var_run_t,s0)
-/var/run/syslogd\.pid	--	gen_context(system_u:object_r:syslogd_var_run_t,s0)
-/var/run/syslog-ng.ctl	--	gen_context(system_u:object_r:syslogd_var_run_t,s0)
-/var/run/syslog-ng(/.*)?	gen_context(system_u:object_r:syslogd_var_run_t,s0)
-
-/var/spool/bacula/log(/.*)? 	gen_context(system_u:object_r:var_log_t,s0)
-/var/spool/postfix/pid	-d	gen_context(system_u:object_r:var_run_t,s0)
-/var/spool/plymouth/boot.log	gen_context(system_u:object_r:var_log_t,s0)
-/var/spool/rsyslog(/.*)? 	gen_context(system_u:object_r:var_log_t,s0)
-
-/var/tinydns/log/main(/.*)?	gen_context(system_u:object_r:var_log_t,s0)
-
-/var/webmin(/.*)?		gen_context(system_u:object_r:var_log_t,s0)
diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
deleted file mode 100644
index 453377e..0000000
--- a/policy/modules/system/logging.if
+++ /dev/null
@@ -1,1065 +0,0 @@
-## <summary>Policy for the kernel message logger and system logging daemon.</summary>
-
-########################################
-## <summary>
-##	Make the specified type usable for log files
-##	in a filesystem.
-## </summary>
-## <desc>
-##	<p>
-##	Make the specified type usable for log files in a filesystem.
-##	This will also make the type usable for files, making 
-##	calls to files_type() redundant.  Failure to use this interface
-##	for a log file type may result in problems with log
-##	rotation, log analysis, and log monitoring programs.
-##	</p>
-##	<p>
-##	Related interfaces:
-##	</p>
-##	<ul>
-##		<li>logging_log_filetrans()</li>
-##	</ul>
-##	<p>
-##	Example usage with a domain that can create
-##	and append to a private log file stored in the
-##	general directories (e.g., /var/log):
-##	</p>
-##	<p>
-##	type mylogfile_t;
-##	logging_log_file(mylogfile_t)
-##	allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms };
-##	logging_log_filetrans(mydomain_t, mylogfile_t, file)
-##	</p>
-## </desc>
-## <param name="type">
-##	<summary>
-##	Type to be used for files.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`logging_log_file',`
-	gen_require(`
-		attribute logfile;
-	')
-
-	files_type($1)
-	files_associate_tmp($1)
-	fs_associate_tmpfs($1)
-	typeattribute $1 logfile;
-')
-
-#######################################
-## <summary>
-##	Send audit messages.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logging_send_audit_msgs',`
-	allow $1 self:capability audit_write;
-	allow $1 self:netlink_audit_socket { r_netlink_socket_perms nlmsg_relay };
-')
-
-#######################################
-## <summary>
-##	dontaudit attempts to send audit messages.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`logging_dontaudit_send_audit_msgs',`
-	dontaudit $1 self:capability audit_write;
-	dontaudit $1 self:netlink_audit_socket { r_netlink_socket_perms nlmsg_relay };
-')
-
-########################################
-## <summary>
-##	Set login uid
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logging_set_loginuid',`
-	allow $1 self:capability audit_control;
-	allow $1 self:netlink_audit_socket { r_netlink_socket_perms nlmsg_relay };
-')
-
-########################################
-## <summary>
-##	Set tty auditing
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logging_set_tty_audit',`
-	allow $1 self:netlink_audit_socket { r_netlink_socket_perms nlmsg_tty_audit };
-')
-
-########################################
-## <summary>
-##	Set up audit
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logging_set_audit_parameters',`
-	allow $1 self:capability { audit_write audit_control };
-	allow $1 self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
-')
-
-########################################
-## <summary>
-##	Read the audit log.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`logging_read_audit_log',`
-	gen_require(`
-		type auditd_log_t;
-	')
-
-	files_search_var($1)
-	read_files_pattern($1, auditd_log_t, auditd_log_t)
-	allow $1 auditd_log_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Execute auditctl in the auditctl domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`logging_domtrans_auditctl',`
-	gen_require(`
-		type auditctl_t, auditctl_exec_t;
-	')
-
-	domtrans_pattern($1, auditctl_exec_t, auditctl_t)
-')
-
-########################################
-## <summary>
-##	Execute auditctl in the auditctl domain, and
-##	allow the specified role the auditctl domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`logging_run_auditctl',`
-	gen_require(`
-		type auditctl_t;
-	')
-
-	logging_domtrans_auditctl($1)
-	role $2 types auditctl_t;
-')
-
-########################################
-## <summary>
-##	Execute auditd in the auditd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`logging_domtrans_auditd',`
-	gen_require(`
-		type auditd_t, auditd_exec_t;
-	')
-
-	domtrans_pattern($1, auditd_exec_t, auditd_t)
-')
-
-########################################
-## <summary>
-##	Execute auditd in the auditd domain, and
-##	allow the specified role the auditd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`logging_run_auditd',`
-	gen_require(`
-		type auditd_t;
-	')
-
-	logging_domtrans_auditd($1)
-	role $2 types auditd_t;
-')
-
-########################################
-## <summary>
-##	Connect to auditdstored over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logging_stream_connect_auditd',`
-	refpolicywarn(`$0($*) has been deprecated, logging_stream_connect_dispatcher() should be used instead.')
-	logging_stream_connect_dispatcher($1)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run the audit dispatcher.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`logging_domtrans_dispatcher',`
-	gen_require(`
-		type audisp_t, audisp_exec_t;
-	')
-
-	domtrans_pattern($1, audisp_exec_t, audisp_t)
-')
-
-########################################
-## <summary>
-##	Signal the audit dispatcher.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`logging_signal_dispatcher',`
-	gen_require(`
-		type audisp_t;
-	')
-
-	allow $1 audisp_t:process signal;
-')
-
-########################################
-## <summary>
-##	Create a domain for processes
-##	which can be started by the system audit dispatcher
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Type to be used as a domain.
-##	</summary>
-## </param>
-## <param name="entry_point">
-##	<summary>
-##	Type of the program to be used as an entry point to this domain.
-##	</summary>
-## </param>
-#
-interface(`logging_dispatcher_domain',`
-	gen_require(`
-		type audisp_t;
-		role system_r;
-	')
-
-	domain_type($1)
-	domain_entry_file($1, $2)
-
-	role system_r types $1;
-
-	domtrans_pattern(audisp_t, $2, $1)
-	allow audisp_t $1:process { sigkill sigstop signull signal };
-
-	allow audisp_t $2:file getattr;
-	allow $1 audisp_t:unix_stream_socket rw_socket_perms;
-')
-
-########################################
-## <summary>
-##	Connect to the audit dispatcher over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logging_stream_connect_dispatcher',`
-	gen_require(`
-		type audisp_t, audisp_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, audisp_var_run_t, audisp_var_run_t, audisp_t)
-')
-
-########################################
-## <summary>
-##	Manage the auditd configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`logging_manage_audit_config',`
-	gen_require(`
-		type auditd_etc_t;
-	')
-
-	files_search_etc($1)
-	manage_files_pattern($1, auditd_etc_t, auditd_etc_t)
-')
-
-########################################
-## <summary>
-##	Manage the audit log.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`logging_manage_audit_log',`
-	gen_require(`
-		type auditd_log_t;
-	')
-
-	files_search_var($1)
-	manage_dirs_pattern($1, auditd_log_t, auditd_log_t)
-	manage_files_pattern($1, auditd_log_t, auditd_log_t)
-')
-
-########################################
-## <summary>
-##	Execute klogd in the klog domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`logging_domtrans_klog',`
-	gen_require(`
-		type klogd_t, klogd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, klogd_exec_t, klogd_t)
-')
-
-########################################
-## <summary>
-##	Check if syslogd is executable.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logging_check_exec_syslog',`
-	gen_require(`
-		type syslogd_exec_t;
-	')
-
-	corecmd_list_bin($1)
-	corecmd_read_bin_symlinks($1)
-	allow $1 syslogd_exec_t:file execute;
-')
-
-########################################
-## <summary>
-##	Execute syslogd in the syslog domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`logging_domtrans_syslog',`
-	gen_require(`
-		type syslogd_t, syslogd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, syslogd_exec_t, syslogd_t)
-')
-
-########################################
-## <summary>
-##	Create an object in the log directory, with a private type.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to create an object
-##	in the general system log directories (e.g., /var/log)
-##	with a private type.  Typically this is used for creating
-##	private log files in /var/log with the private type instead
-##	of the general system log type. To accomplish this goal,
-##	either the program must be SELinux-aware, or use this interface.
-##	</p>
-##	<p>
-##	Related interfaces:
-##	</p>
-##	<ul>
-##		<li>logging_log_file()</li>
-##	</ul>
-##	<p>
-##	Example usage with a domain that can create
-##	and append to a private log file stored in the
-##	general directories (e.g., /var/log):
-##	</p>
-##	<p>
-##	type mylogfile_t;
-##	logging_log_file(mylogfile_t)
-##	allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms };
-##	logging_log_filetrans(mydomain_t, mylogfile_t, file)
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private type">
-##	<summary>
-##	The type of the object to be created.
-##	</summary>
-## </param>
-## <param name="object">
-##	<summary>
-##	The object class of the object being created.
-##	</summary>
-## </param>
-## <infoflow type="write" weight="10"/>
-#
-interface(`logging_log_filetrans',`
-	gen_require(`
-		type var_log_t;
-	')
-
-	files_search_var($1)
-	filetrans_pattern($1, var_log_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Send system log messages.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to connect to the
-##	system log service (syslog), to send messages be added to
-##	the system logs. Typically this is used by services
-##	that do not have their own log file in /var/log.
-##	</p>
-##	<p>
-##	This does not allow messages to be sent to
-##	the auditing system.
-##	</p>
-##	<p>
-##	Programs which use the libc function syslog() will
-##	require this access.
-##	</p>
-##	<p>
-##	Related interfaces:
-##	</p>
-##	<ul>
-##		<li>logging_send_audit_msgs()</li>
-##	</ul>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logging_send_syslog_msg',`
-	gen_require(`
-		type syslogd_t, devlog_t;
-	')
-
-	allow $1 devlog_t:lnk_file read_lnk_file_perms;
-	allow $1 devlog_t:sock_file write_sock_file_perms;
-
-	# the type of socket depends on the syslog daemon
-	allow $1 syslogd_t:unix_dgram_socket sendto;
-	allow $1 syslogd_t:unix_stream_socket connectto;
-	allow $1 self:unix_dgram_socket create_socket_perms;
-	allow $1 self:unix_stream_socket create_socket_perms;
-
-	# If syslog is down, the glibc syslog() function
-	# will write to the console.
-	term_write_console($1)
-	term_dontaudit_read_console($1)
-')
-
-########################################
-## <summary>
-##	Connect to the syslog control unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logging_stream_connect_syslog',`
-	gen_require(`
-		type syslogd_t, syslogd_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, syslogd_var_run_t, syslogd_var_run_t, syslogd_t)
-')
-
-########################################
-## <summary>
-##	Read the auditd configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`logging_read_audit_config',`
-	gen_require(`
-		type auditd_etc_t;
-	')
-
-	files_search_etc($1)
-	read_files_pattern($1, auditd_etc_t, auditd_etc_t)
-	allow $1 auditd_etc_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	dontaudit search of auditd configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`logging_dontaudit_search_audit_config',`
-	gen_require(`
-		type auditd_etc_t;
-	')
-
-	dontaudit $1 auditd_etc_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read syslog configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`logging_read_syslog_config',`
-	gen_require(`
-		type syslog_conf_t;
-	')
-
-	allow $1 syslog_conf_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Allows the domain to open a file in the
-##	log directory, but does not allow the listing
-##	of the contents of the log directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logging_search_logs',`
-	gen_require(`
-		type var_log_t;
-	')
-
-	files_search_var($1)
-	allow $1 var_log_t:dir search_dir_perms;
-')
-
-#######################################
-## <summary>
-##	Do not audit attempts to search the var log directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain not to audit.
-##	</summary>
-## </param>
-#
-interface(`logging_dontaudit_search_logs',`
-	gen_require(`
-		type var_log_t;
-	')
-
-	dontaudit $1 var_log_t:dir search_dir_perms;
-')
-
-#######################################
-## <summary>
-##	List the contents of the generic log directory (/var/log).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logging_list_logs',`
-	gen_require(`
-		type var_log_t;
-	')
-
-	files_search_var($1)
-	allow $1 var_log_t:dir list_dir_perms;
-')
-
-#######################################
-## <summary>
-##	Read and write the generic log directory (/var/log).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logging_rw_generic_log_dirs',`
-	gen_require(`
-		type var_log_t;
-	')
-
-	files_search_var($1)
-	allow $1 var_log_t:dir rw_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the atttributes
-##	of any log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`logging_dontaudit_getattr_all_logs',`
-	gen_require(`
-		attribute logfile;
-	')
-
-	dontaudit $1 logfile:file getattr;
-')
-
-########################################
-## <summary>
-##	Append to all log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logging_append_all_logs',`
-	gen_require(`
-		attribute logfile;
-		type var_log_t;
-	')
-
-	files_search_var($1)
-	append_files_pattern($1, logfile, logfile)
-')
-
-########################################
-## <summary>
-##	Append to all log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logging_inherit_append_all_logs',`
-	gen_require(`
-		attribute logfile;
-	')
-
-	allow $1 logfile:file { getattr append };
-')
-
-########################################
-## <summary>
-##	Read all log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`logging_read_all_logs',`
-	gen_require(`
-		attribute logfile;
-	')
-
-	files_search_var($1)
-	allow $1 logfile:dir list_dir_perms;
-	read_files_pattern($1, logfile, logfile)
-')
-
-########################################
-## <summary>
-##	Execute all log files in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: not sure why this is needed.  This was added
-# because of logrotate.
-interface(`logging_exec_all_logs',`
-	gen_require(`
-		attribute logfile;
-	')
-
-	files_search_var($1)
-	allow $1 logfile:dir list_dir_perms;
-	can_exec($1, logfile)
-')
-
-########################################
-## <summary>
-##	read/write to all log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logging_rw_all_logs',`
-	gen_require(`
-		attribute logfile;
-	')
-
-	files_search_var($1)
-	rw_files_pattern($1, logfile, logfile)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete all log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`logging_manage_all_logs',`
-	gen_require(`
-		attribute logfile;
-	')
-
-	files_search_var($1)
-	manage_files_pattern($1, logfile, logfile)
-	manage_lnk_files_pattern($1, logfile, logfile)
-')
-
-########################################
-## <summary>
-##	Read generic log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`logging_read_generic_logs',`
-	gen_require(`
-		type var_log_t;
-	')
-
-	files_search_var($1)
-	allow $1 var_log_t:dir list_dir_perms;
-	read_files_pattern($1, var_log_t, var_log_t)
-')
-
-########################################
-## <summary>
-##	Write generic log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logging_write_generic_logs',`
-	gen_require(`
-		type var_log_t;
-	')
-
-	files_search_var($1)
-	allow $1 var_log_t:dir list_dir_perms;
-	write_files_pattern($1, var_log_t, var_log_t)
-')
-
-########################################
-## <summary>
-##	Dontaudit Write generic log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`logging_dontaudit_write_generic_logs',`
-	gen_require(`
-		type var_log_t;
-	')
-
-	dontaudit $1 var_log_t:file write;
-')
-
-########################################
-## <summary>
-##	Read and write generic log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`logging_rw_generic_logs',`
-	gen_require(`
-		type var_log_t;
-	')
-
-	files_search_var($1)
-	allow $1 var_log_t:dir list_dir_perms;
-	rw_files_pattern($1, var_log_t, var_log_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	generic log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`logging_manage_generic_logs',`
-	gen_require(`
-		type var_log_t;
-	')
-
-	files_search_var($1)
-	manage_files_pattern($1, var_log_t, var_log_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	the audit environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	User role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`logging_admin_audit',`
-	gen_require(`
-		type auditd_t, auditd_etc_t, auditd_log_t;
-		type auditd_var_run_t;
-		type auditd_initrc_exec_t;
-	')
-
-	allow $1 auditd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, auditd_t)
-
-	manage_dirs_pattern($1, auditd_etc_t, auditd_etc_t)
-	manage_files_pattern($1, auditd_etc_t, auditd_etc_t)
-
-	manage_dirs_pattern($1, auditd_log_t, auditd_log_t)
-	manage_files_pattern($1, auditd_log_t, auditd_log_t)
-
-	manage_dirs_pattern($1, auditd_var_run_t, auditd_var_run_t)
-	manage_files_pattern($1, auditd_var_run_t, auditd_var_run_t)
-
-	logging_run_auditctl($1, $2)
-
-	init_labeled_script_domtrans($1, auditd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 auditd_initrc_exec_t system_r;
-	allow $2 system_r;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	the syslog environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	User role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`logging_admin_syslog',`
-	gen_require(`
-		type syslogd_t, klogd_t, syslog_conf_t;
-		type syslogd_tmp_t, syslogd_var_lib_t;
-		type syslogd_var_run_t, klogd_var_run_t;
-		type klogd_tmp_t, var_log_t;
-		type syslogd_initrc_exec_t;
-	')
-
-	allow $1 syslogd_t:process { ptrace signal_perms };
-	allow $1 klogd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, syslogd_t)
-	ps_process_pattern($1, klogd_t)
-
-	manage_dirs_pattern($1, klogd_var_run_t, klogd_var_run_t)
-	manage_files_pattern($1, klogd_var_run_t, klogd_var_run_t)
-
-	manage_dirs_pattern($1, klogd_tmp_t, klogd_tmp_t)
-	manage_files_pattern($1, klogd_tmp_t, klogd_tmp_t)
-
-	manage_dirs_pattern($1, syslogd_tmp_t, syslogd_tmp_t)
-	manage_files_pattern($1, syslogd_tmp_t, syslogd_tmp_t)
-
-	manage_dirs_pattern($1, syslog_conf_t, syslog_conf_t)
-	manage_files_pattern($1, syslog_conf_t, syslog_conf_t)
-	files_etc_filetrans($1, syslog_conf_t, file)
-
-	manage_dirs_pattern($1, syslogd_var_lib_t, syslogd_var_lib_t)
-	manage_files_pattern($1, syslogd_var_lib_t, syslogd_var_lib_t)
-
-	manage_dirs_pattern($1, syslogd_var_run_t, syslogd_var_run_t)
-	manage_files_pattern($1, syslogd_var_run_t, syslogd_var_run_t)
-
-	logging_manage_all_logs($1)
-	allow $1 logfile:dir relabel_dir_perms;
-	allow $1 logfile:file relabel_file_perms;
-
-	init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 syslogd_initrc_exec_t system_r;
-	allow $2 system_r;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	the logging environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	User role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`logging_admin',`
-	logging_admin_audit($1, $2)
-	logging_admin_syslog($1, $2)
-')
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
deleted file mode 100644
index 4762f02..0000000
--- a/policy/modules/system/logging.te
+++ /dev/null
@@ -1,531 +0,0 @@
-policy_module(logging, 1.16.0)
-
-########################################
-#
-# Declarations
-#
-
-attribute logfile;
-
-type auditctl_t;
-type auditctl_exec_t;
-init_system_domain(auditctl_t, auditctl_exec_t)
-role system_r types auditctl_t;
-
-type auditd_etc_t;
-files_security_file(auditd_etc_t)
-
-type auditd_log_t;
-files_security_file(auditd_log_t)
-files_security_mountpoint(auditd_log_t)
-
-type auditd_t;
-type auditd_exec_t;
-init_daemon_domain(auditd_t, auditd_exec_t)
-
-type auditd_initrc_exec_t;
-init_script_file(auditd_initrc_exec_t)
-
-type auditd_var_run_t;
-files_pid_file(auditd_var_run_t)
-
-type audisp_t;
-type audisp_exec_t;
-init_system_domain(audisp_t, audisp_exec_t)
-
-type audisp_var_run_t;
-files_pid_file(audisp_var_run_t)
-
-type audisp_remote_t;
-type audisp_remote_exec_t;
-logging_dispatcher_domain(audisp_remote_t, audisp_remote_exec_t)
-
-type devlog_t;
-files_type(devlog_t)
-mls_trusted_object(devlog_t)
-
-type klogd_t;
-type klogd_exec_t;
-init_daemon_domain(klogd_t, klogd_exec_t)
-
-type klogd_tmp_t;
-files_tmp_file(klogd_tmp_t)
-
-type klogd_var_run_t;
-files_pid_file(klogd_var_run_t)
-
-type syslog_conf_t;
-files_type(syslog_conf_t)
-
-type syslogd_t;
-type syslogd_exec_t;
-init_daemon_domain(syslogd_t, syslogd_exec_t)
-mls_trusted_object(syslogd_t)
-
-type syslogd_initrc_exec_t;
-init_script_file(syslogd_initrc_exec_t)
-
-type syslogd_tmp_t;
-files_tmp_file(syslogd_tmp_t)
-
-type syslogd_var_lib_t;
-files_type(syslogd_var_lib_t)
-
-type syslogd_var_run_t;
-files_pid_file(syslogd_var_run_t)
-
-type var_log_t;
-logging_log_file(var_log_t)
-files_mountpoint(var_log_t)
-
-ifdef(`enable_mls',`
-	init_ranged_daemon_domain(auditd_t, auditd_exec_t, mls_systemhigh)
-	init_ranged_daemon_domain(syslogd_t, syslogd_exec_t, mls_systemhigh)
-')
-
-########################################
-#
-# Auditctl local policy
-#
-
-allow auditctl_t self:capability { fsetid dac_read_search dac_override };
-allow auditctl_t self:netlink_audit_socket nlmsg_readpriv;
-
-read_files_pattern(auditctl_t, auditd_etc_t, auditd_etc_t)
-allow auditctl_t auditd_etc_t:dir list_dir_perms;
-
-# Needed for adding watches
-files_getattr_all_dirs(auditctl_t)
-files_getattr_all_files(auditctl_t)
-files_read_etc_files(auditctl_t)
-
-kernel_read_kernel_sysctls(auditctl_t)
-kernel_read_proc_symlinks(auditctl_t)
-kernel_setsched(auditctl_t)
-
-domain_read_all_domains_state(auditctl_t)
-domain_use_interactive_fds(auditctl_t)
-
-mls_file_read_all_levels(auditctl_t)
-
-term_use_all_terms(auditctl_t)
-
-init_dontaudit_use_fds(auditctl_t)
-
-locallogin_dontaudit_use_fds(auditctl_t)
-
-logging_set_audit_parameters(auditctl_t)
-logging_send_syslog_msg(auditctl_t)
-
-########################################
-#
-# Auditd local policy
-#
-
-allow auditd_t self:capability { chown fsetid sys_nice sys_resource };
-dontaudit auditd_t self:capability sys_tty_config;
-allow auditd_t self:process { getcap signal_perms setcap setpgid setsched };
-allow auditd_t self:file rw_file_perms;
-allow auditd_t self:unix_dgram_socket create_socket_perms;
-allow auditd_t self:fifo_file rw_fifo_file_perms;
-allow auditd_t self:tcp_socket create_stream_socket_perms;
-
-allow auditd_t auditd_etc_t:dir list_dir_perms;
-allow auditd_t auditd_etc_t:file read_file_perms;
-
-manage_files_pattern(auditd_t, auditd_log_t, auditd_log_t)
-manage_lnk_files_pattern(auditd_t, auditd_log_t, auditd_log_t)
-allow auditd_t var_log_t:dir search_dir_perms;
-
-manage_files_pattern(auditd_t, auditd_var_run_t, auditd_var_run_t)
-manage_sock_files_pattern(auditd_t, auditd_var_run_t, auditd_var_run_t)
-files_pid_filetrans(auditd_t, auditd_var_run_t, { file sock_file })
-
-kernel_read_kernel_sysctls(auditd_t)
-# Needs to be able to run dispatcher.  see /etc/audit/auditd.conf
-# Probably want a transition, and a new auditd_helper app
-kernel_read_system_state(auditd_t)
-
-dev_read_sysfs(auditd_t)
-
-fs_getattr_all_fs(auditd_t)
-fs_search_auto_mountpoints(auditd_t)
-fs_rw_anon_inodefs_files(auditd_t)
-
-selinux_search_fs(auditctl_t)
-
-corenet_all_recvfrom_unlabeled(auditd_t)
-corenet_all_recvfrom_netlabel(auditd_t)
-corenet_tcp_sendrecv_generic_if(auditd_t)
-corenet_tcp_sendrecv_generic_node(auditd_t)
-corenet_tcp_sendrecv_all_ports(auditd_t)
-corenet_tcp_bind_generic_node(auditd_t)
-corenet_tcp_bind_audit_port(auditd_t)
-corenet_sendrecv_audit_server_packets(auditd_t)
-
-# Needs to be able to run dispatcher.  see /etc/audit/auditd.conf
-# Probably want a transition, and a new auditd_helper app
-corecmd_exec_bin(auditd_t)
-corecmd_exec_shell(auditd_t)
-
-domain_use_interactive_fds(auditd_t)
-
-files_read_etc_files(auditd_t)
-files_list_usr(auditd_t)
-
-init_telinit(auditd_t)
-
-logging_set_audit_parameters(auditd_t)
-logging_send_syslog_msg(auditd_t)
-logging_domtrans_dispatcher(auditd_t)
-logging_signal_dispatcher(auditd_t)
-
-auth_use_nsswitch(auditd_t)
-
-miscfiles_read_localization(auditd_t)
-
-mls_file_read_all_levels(auditd_t)
-mls_file_write_all_levels(auditd_t) # Need to be able to write to /var/run/ directory
-
-seutil_dontaudit_read_config(auditd_t)
-
-sysnet_dns_name_resolve(auditd_t)
-
-userdom_use_user_terminals(auditd_t)
-userdom_dontaudit_use_unpriv_user_fds(auditd_t)
-userdom_dontaudit_search_user_home_dirs(auditd_t)
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(auditd_t)
-	')
-')
-
-optional_policy(`
-	mta_send_mail(auditd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(auditd_t)
-')
-
-optional_policy(`
-	udev_read_db(auditd_t)
-')
-
-########################################
-#
-# audit dispatcher local policy
-#
-
-allow audisp_t self:capability { dac_override setpcap sys_nice };
-allow audisp_t self:process { getcap signal_perms setcap setsched };
-allow audisp_t self:fifo_file rw_fifo_file_perms;
-allow audisp_t self:unix_stream_socket create_stream_socket_perms;
-allow audisp_t self:unix_dgram_socket create_socket_perms;
-
-allow audisp_t auditd_t:unix_stream_socket rw_socket_perms;
-
-manage_sock_files_pattern(audisp_t, audisp_var_run_t, audisp_var_run_t)
-files_pid_filetrans(audisp_t, audisp_var_run_t, sock_file)
-
-corecmd_exec_bin(audisp_t)
-corecmd_exec_shell(audisp_t)
-
-domain_use_interactive_fds(audisp_t)
-
-files_read_etc_files(audisp_t)
-files_read_etc_runtime_files(audisp_t)
-
-mls_file_read_all_levels(audisp_t)
-mls_file_write_all_levels(audisp_t)
-mls_socket_write_all_levels(audisp_t)
-mls_dbus_send_all_levels(audisp_t)
-
-auth_use_nsswitch(audisp_t)
-
-logging_send_syslog_msg(audisp_t)
-
-miscfiles_read_localization(audisp_t)
-
-sysnet_dns_name_resolve(audisp_t)
-
-optional_policy(`
-	dbus_system_bus_client(audisp_t)
-
-	optional_policy(`
-		setroubleshoot_dbus_chat(audisp_t)
-	')
-')
-
-########################################
-#
-# Audit remote logger local policy
-#
-allow audisp_remote_t self:capability { setuid  setpcap };
-allow audisp_remote_t self:process { getcap setcap };
-allow audisp_remote_t self:tcp_socket create_socket_perms;
-allow audisp_remote_t var_log_t:dir search_dir_perms;
-
-corecmd_exec_bin(audisp_remote_t)
-
-corenet_all_recvfrom_unlabeled(audisp_remote_t)
-corenet_all_recvfrom_netlabel(audisp_remote_t)
-corenet_tcp_sendrecv_generic_if(audisp_remote_t)
-corenet_tcp_sendrecv_generic_node(audisp_remote_t)
-corenet_tcp_sendrecv_all_ports(audisp_remote_t)
-corenet_tcp_bind_audit_port(audisp_remote_t)
-corenet_tcp_bind_generic_node(audisp_remote_t)
-corenet_tcp_connect_audit_port(audisp_remote_t)
-corenet_sendrecv_audit_client_packets(audisp_remote_t)
-
-files_read_etc_files(audisp_remote_t)
-
-logging_send_syslog_msg(audisp_remote_t)
-logging_send_audit_msgs(audisp_remote_t)
-
-auth_use_nsswitch(audisp_remote_t)
-
-miscfiles_read_localization(audisp_remote_t)
-
-init_telinit(audisp_remote_t)
-init_read_utmp(audisp_remote_t)
-init_dontaudit_write_utmp(audisp_remote_t)
-
-sysnet_dns_name_resolve(audisp_remote_t)
-
-########################################
-#
-# klogd local policy
-#
-
-allow klogd_t self:capability sys_admin;
-dontaudit klogd_t self:capability { sys_resource sys_tty_config };
-allow klogd_t self:process signal_perms;
-
-manage_dirs_pattern(klogd_t, klogd_tmp_t, klogd_tmp_t)
-manage_files_pattern(klogd_t, klogd_tmp_t, klogd_tmp_t)
-files_tmp_filetrans(klogd_t, klogd_tmp_t,{ file dir })
-
-manage_files_pattern(klogd_t, klogd_var_run_t, klogd_var_run_t)
-files_pid_filetrans(klogd_t, klogd_var_run_t, file)
-
-kernel_read_system_state(klogd_t)
-kernel_read_messages(klogd_t)
-kernel_read_kernel_sysctls(klogd_t)
-# Control syslog and console logging
-kernel_clear_ring_buffer(klogd_t)
-kernel_change_ring_buffer_level(klogd_t)
-
-files_read_kernel_symbol_table(klogd_t)
-
-dev_read_raw_memory(klogd_t)
-dev_read_sysfs(klogd_t)
-
-fs_getattr_all_fs(klogd_t)
-fs_search_auto_mountpoints(klogd_t)
-
-domain_use_interactive_fds(klogd_t)
-
-files_read_etc_runtime_files(klogd_t)
-# read /etc/nsswitch.conf
-files_read_etc_files(klogd_t)
-
-logging_send_syslog_msg(klogd_t)
-
-miscfiles_read_localization(klogd_t)
-
-mls_file_read_all_levels(klogd_t)
-
-userdom_dontaudit_search_user_home_dirs(klogd_t)
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(klogd_t)
-	')
-')
-
-optional_policy(`
-	udev_read_db(klogd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(klogd_t)
-')
-
-########################################
-#
-# syslogd local policy
-#
-
-# chown fsetid for syslog-ng
-# sys_admin for the integrated klog of syslog-ng and metalog
-# cjp: why net_admin!
-allow syslogd_t self:capability { dac_override sys_resource sys_tty_config net_admin sys_admin chown fsetid };
-dontaudit syslogd_t self:capability sys_tty_config;
-# setpgid for metalog
-# setrlimit for syslog-ng
-allow syslogd_t self:process { signal_perms setpgid setrlimit };
-# receive messages to be logged
-allow syslogd_t self:unix_dgram_socket create_socket_perms;
-allow syslogd_t self:unix_stream_socket create_stream_socket_perms;
-allow syslogd_t self:unix_dgram_socket sendto;
-allow syslogd_t self:fifo_file rw_fifo_file_perms;
-allow syslogd_t self:udp_socket create_socket_perms;
-allow syslogd_t self:tcp_socket create_stream_socket_perms;
-
-allow syslogd_t syslog_conf_t:file read_file_perms;
-
-# Create and bind to /dev/log or /var/run/log.
-allow syslogd_t devlog_t:sock_file manage_sock_file_perms;
-files_pid_filetrans(syslogd_t, devlog_t, sock_file)
-
-# create/append log files.
-manage_files_pattern(syslogd_t, var_log_t, var_log_t)
-rw_fifo_files_pattern(syslogd_t, var_log_t, var_log_t)
-
-# Allow access for syslog-ng
-allow syslogd_t var_log_t:dir { create setattr };
-
-# manage temporary files
-manage_dirs_pattern(syslogd_t, syslogd_tmp_t, syslogd_tmp_t)
-manage_files_pattern(syslogd_t, syslogd_tmp_t, syslogd_tmp_t)
-files_tmp_filetrans(syslogd_t, syslogd_tmp_t, { dir file })
-
-manage_sock_files_pattern(syslogd_t, syslogd_var_lib_t, syslogd_var_lib_t)
-manage_files_pattern(syslogd_t, syslogd_var_lib_t, syslogd_var_lib_t)
-files_search_var_lib(syslogd_t)
-
-manage_dirs_pattern(syslogd_t, syslogd_var_run_t, syslogd_var_run_t)
-manage_files_pattern(syslogd_t, syslogd_var_run_t, syslogd_var_run_t)
-manage_sock_files_pattern(syslogd_t, syslogd_var_run_t, syslogd_var_run_t)
-files_pid_filetrans(syslogd_t, syslogd_var_run_t, { file dir })
-
-# manage pid file
-manage_files_pattern(syslogd_t, syslogd_var_run_t, syslogd_var_run_t)
-files_pid_filetrans(syslogd_t, syslogd_var_run_t, file)
-
-kernel_read_system_state(syslogd_t)
-kernel_read_kernel_sysctls(syslogd_t)
-kernel_read_proc_symlinks(syslogd_t)
-# Allow access to /proc/kmsg for syslog-ng
-kernel_read_messages(syslogd_t)
-kernel_clear_ring_buffer(syslogd_t)
-kernel_change_ring_buffer_level(syslogd_t)
-
-corenet_all_recvfrom_unlabeled(syslogd_t)
-corenet_all_recvfrom_netlabel(syslogd_t)
-corenet_udp_sendrecv_generic_if(syslogd_t)
-corenet_udp_sendrecv_generic_node(syslogd_t)
-corenet_udp_sendrecv_all_ports(syslogd_t)
-corenet_udp_bind_generic_node(syslogd_t)
-corenet_udp_bind_syslogd_port(syslogd_t)
-# syslog-ng can listen and connect on tcp port 514 (rsh)
-corenet_tcp_sendrecv_generic_if(syslogd_t)
-corenet_tcp_sendrecv_generic_node(syslogd_t)
-corenet_tcp_sendrecv_all_ports(syslogd_t)
-corenet_tcp_bind_generic_node(syslogd_t)
-corenet_tcp_bind_rsh_port(syslogd_t)
-corenet_tcp_connect_rsh_port(syslogd_t)
-# Allow users to define additional syslog ports to connect to
-corenet_tcp_bind_syslogd_port(syslogd_t)
-corenet_tcp_connect_syslogd_port(syslogd_t)
-corenet_tcp_connect_postgresql_port(syslogd_t)
-corenet_tcp_connect_mysqld_port(syslogd_t)
-
-# syslog-ng can send or receive logs
-corenet_sendrecv_syslogd_client_packets(syslogd_t)
-corenet_sendrecv_syslogd_server_packets(syslogd_t)
-corenet_sendrecv_postgresql_client_packets(syslogd_t)
-corenet_sendrecv_mysqld_client_packets(syslogd_t)
-
-dev_filetrans(syslogd_t, devlog_t, sock_file)
-dev_read_sysfs(syslogd_t)
-dev_read_rand(syslogd_t)
-
-domain_use_interactive_fds(syslogd_t)
-
-files_read_etc_files(syslogd_t)
-files_read_usr_files(syslogd_t)
-files_read_var_files(syslogd_t)
-files_read_etc_runtime_files(syslogd_t)
-# /initrd is not umounted before minilog starts
-files_dontaudit_search_isid_type_dirs(syslogd_t)
-files_read_kernel_symbol_table(syslogd_t)
-
-fs_getattr_all_fs(syslogd_t)
-fs_search_auto_mountpoints(syslogd_t)
-
-mls_file_write_all_levels(syslogd_t) # Need to be able to write to /var/run/ and /var/log directories
-
-term_write_console(syslogd_t)
-# Allow syslog to a terminal
-term_write_unallocated_ttys(syslogd_t)
-
-# for sending messages to logged in users
-init_read_utmp(syslogd_t)
-init_dontaudit_write_utmp(syslogd_t)
-term_write_all_ttys(syslogd_t)
-
-auth_use_nsswitch(syslogd_t)
-
-init_use_fds(syslogd_t)
-
-# cjp: this doesnt make sense
-logging_send_syslog_msg(syslogd_t)
-
-miscfiles_read_localization(syslogd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(syslogd_t)
-userdom_dontaudit_search_user_home_dirs(syslogd_t)
-
-ifdef(`distro_gentoo',`
-	# default gentoo syslog-ng config appends kernel
-	# and high priority messages to /dev/tty12
-	term_append_unallocated_ttys(syslogd_t)
-	term_dontaudit_setattr_unallocated_ttys(syslogd_t)
-')
-
-ifdef(`distro_suse',`
-	# suse creates a /dev/log under /var/lib/stunnel for chrooted stunnel
-	files_var_lib_filetrans(syslogd_t, devlog_t, sock_file)
-')
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(syslogd_t)
-	')
-')
-
-optional_policy(`
-	bind_search_cache(syslogd_t)
-')
-
-optional_policy(`
-	inn_manage_log(syslogd_t)
-')
-
-optional_policy(`
-	mysql_stream_connect(syslogd_t)
-')
-
-optional_policy(`
-	postgresql_stream_connect(syslogd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(syslogd_t)
-')
-
-optional_policy(`
-    daemontools_search_svc_dir(syslogd_t)
-')
-
-optional_policy(`
-	udev_read_db(syslogd_t)
-')
-
-optional_policy(`
-	# log to the xconsole
-	xserver_rw_console(syslogd_t)
-')
diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc
deleted file mode 100644
index 31efcb2..0000000
--- a/policy/modules/system/lvm.fc
+++ /dev/null
@@ -1,103 +0,0 @@
-
-# LVM creates lock files in /var before /var is mounted
-# configure LVM to put lockfiles in /etc/lvm/lock instead
-# for this policy to work (unless you have no separate /var)
-
-#
-# /bin
-#
-ifdef(`distro_gentoo',`
-/bin/cryptsetup		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-')
-
-#
-# /etc
-#
-/etc/lvm(/.*)?			gen_context(system_u:object_r:lvm_etc_t,s0)
-/etc/lvm/\.cache	--	gen_context(system_u:object_r:lvm_metadata_t,s0)
-/etc/lvm/cache(/.*)?		gen_context(system_u:object_r:lvm_metadata_t,s0)
-/etc/lvm/archive(/.*)?		gen_context(system_u:object_r:lvm_metadata_t,s0)
-/etc/lvm/backup(/.*)?		gen_context(system_u:object_r:lvm_metadata_t,s0)
-/etc/lvm/lock(/.*)?		gen_context(system_u:object_r:lvm_lock_t,s0)
-
-/etc/lvmtab(/.*)?		gen_context(system_u:object_r:lvm_metadata_t,s0)
-/etc/lvmtab\.d(/.*)?		gen_context(system_u:object_r:lvm_metadata_t,s0)
-
-#
-# /lib
-#
-/lib/lvm-10/.*		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/lib/lvm-200/.*		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/lib/udev/udisks-lvm-pv-export	--	gen_context(system_u:object_r:lvm_exec_t,s0)
-
-#
-# /sbin
-#
-/sbin/mount\.crypt	--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/cryptsetup	--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/dmraid		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/dmsetup		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/dmsetup\.static	--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/e2fsadm		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/lvchange		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/lvcreate		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/lvdisplay		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/lvextend		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/lvm		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/lvm\.static	--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/lvmchange		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/lvmdiskscan	--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/lvmiopversion	--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/lvmsadc		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/lvmsar		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/lvreduce		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/lvremove		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/lvrename		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/lvresize		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/lvs		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/lvscan		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/multipathd	--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/multipath\.static	--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/pvchange		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/pvcreate		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/pvdata		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/pvdisplay		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/pvmove		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/pvremove		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/pvs		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/pvscan		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgcfgbackup	--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgcfgrestore	--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgchange		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgchange\.static	--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgck		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgcreate		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgdisplay		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgexport		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgextend		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgimport		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgmerge		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgmknodes		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgreduce		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgremove		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgrename		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgs		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgscan		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgscan\.static	--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgsplit		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-/sbin/vgwrapper		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-
-#
-# /usr
-#
-/usr/sbin/clvmd		--	gen_context(system_u:object_r:clvmd_exec_t,s0)
-/usr/sbin/lvm		--	gen_context(system_u:object_r:lvm_exec_t,s0)
-
-#
-# /var
-#
-/var/cache/multipathd(/.*)?	gen_context(system_u:object_r:lvm_metadata_t,s0)
-/var/lib/multipath(/.*)?	gen_context(system_u:object_r:lvm_var_lib_t,s0)
-/var/lock/lvm(/.*)?		gen_context(system_u:object_r:lvm_lock_t,s0)
-/var/run/multipathd\.sock -s	gen_context(system_u:object_r:lvm_var_run_t,s0)
-/var/run/dmevent.*		gen_context(system_u:object_r:lvm_var_run_t,s0)
diff --git a/policy/modules/system/lvm.if b/policy/modules/system/lvm.if
deleted file mode 100644
index b4f0663..0000000
--- a/policy/modules/system/lvm.if
+++ /dev/null
@@ -1,143 +0,0 @@
-## <summary>Policy for logical volume management programs.</summary>
-
-########################################
-## <summary>
-##	Execute lvm programs in the lvm domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`lvm_domtrans',`
-	gen_require(`
-		type lvm_t, lvm_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, lvm_exec_t, lvm_t)
-')
-
-########################################
-## <summary>
-##	Execute lvm programs in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`lvm_exec',`
-	gen_require(`
-		type lvm_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, lvm_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute lvm programs in the lvm domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to allow the LVM domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`lvm_run',`
-	gen_require(`
-		type lvm_t;
-	')
-
-	lvm_domtrans($1)
-	role $2 types lvm_t;
-')
-
-########################################
-## <summary>
-##	Read LVM configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`lvm_read_config',`
-	gen_require(`
-		type lvm_etc_t;
-	')
-
-	files_search_etc($1)
-	allow $1 lvm_etc_t:dir list_dir_perms;
-	read_files_pattern($1, lvm_etc_t, lvm_etc_t)
-')
-
-########################################
-## <summary>
-##	Manage LVM configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`lvm_manage_config',`
-	gen_require(`
-		type lvm_etc_t;
-	')
-
-	files_search_etc($1)
-	manage_dirs_pattern($1, lvm_etc_t, lvm_etc_t)
-	manage_files_pattern($1, lvm_etc_t, lvm_etc_t)
-')
-
-######################################
-## <summary>
-##	Execute a domain transition to run clvmd.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`lvm_domtrans_clvmd',`
-	gen_require(`
-		type clvmd_t, clvmd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, clvmd_exec_t, clvmd_t)
-')
-
-########################################
-## <summary>
-##	Read and write to lvm temporary file system.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`lvm_rw_clvmd_tmpfs_files',`
-	gen_require(`
-		type clvmd_tmpfs_t;
-	')
-
-	allow $1 clvmd_tmpfs_t:file rw_file_perms;
-')
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
deleted file mode 100644
index 7f649d5..0000000
--- a/policy/modules/system/lvm.te
+++ /dev/null
@@ -1,378 +0,0 @@
-policy_module(lvm, 1.12.0)
-
-########################################
-#
-# Declarations
-#
-
-type clvmd_t;
-type clvmd_exec_t;
-init_daemon_domain(clvmd_t, clvmd_exec_t)
-
-type clvmd_initrc_exec_t;
-init_script_file(clvmd_initrc_exec_t)
-
-type clmvd_tmpfs_t;
-files_tmpfs_file(clmvd_tmpfs_t)
-
-type clvmd_var_run_t;
-files_pid_file(clvmd_var_run_t)
-
-type lvm_t;
-type lvm_exec_t;
-init_system_domain(lvm_t, lvm_exec_t)
-# needs privowner because it assigns the identity system_u to device nodes
-# but runs as the identity of the sysadmin
-domain_obj_id_change_exemption(lvm_t)
-role system_r types lvm_t;
-
-type lvm_etc_t;
-files_type(lvm_etc_t)
-
-type lvm_lock_t;
-files_lock_file(lvm_lock_t)
-
-type lvm_metadata_t;
-files_type(lvm_metadata_t)
-
-type lvm_var_lib_t;
-files_type(lvm_var_lib_t)
-
-type lvm_var_run_t;
-files_pid_file(lvm_var_run_t)
-
-type lvm_tmp_t;
-files_tmp_file(lvm_tmp_t)
-
-########################################
-#
-# Cluster LVM daemon local policy
-#
-
-allow clvmd_t self:capability { sys_nice chown ipc_lock sys_admin mknod };
-dontaudit clvmd_t self:capability sys_tty_config;
-allow clvmd_t self:process { signal_perms setsched };
-dontaudit clvmd_t self:process ptrace;
-allow clvmd_t self:socket create_socket_perms;
-allow clvmd_t self:fifo_file rw_fifo_file_perms;
-allow clvmd_t self:unix_stream_socket { connectto create_stream_socket_perms };
-allow clvmd_t self:tcp_socket create_stream_socket_perms;
-allow clvmd_t self:udp_socket create_socket_perms;
-
-manage_dirs_pattern(clvmd_t, clmvd_tmpfs_t, clmvd_tmpfs_t)
-manage_files_pattern(clvmd_t, clmvd_tmpfs_t,clmvd_tmpfs_t)
-fs_tmpfs_filetrans(clvmd_t, clmvd_tmpfs_t, { dir file })
-
-manage_files_pattern(clvmd_t, clvmd_var_run_t, clvmd_var_run_t)
-files_pid_filetrans(clvmd_t, clvmd_var_run_t, file)
-
-read_files_pattern(clvmd_t, lvm_metadata_t, lvm_metadata_t)
-
-kernel_read_kernel_sysctls(clvmd_t)
-kernel_read_system_state(clvmd_t)
-kernel_list_proc(clvmd_t)
-kernel_read_proc_symlinks(clvmd_t)
-kernel_search_debugfs(clvmd_t)
-kernel_dontaudit_getattr_core_if(clvmd_t)
-
-corecmd_exec_shell(clvmd_t)
-corecmd_getattr_bin_files(clvmd_t)
-
-corenet_all_recvfrom_unlabeled(clvmd_t)
-corenet_all_recvfrom_netlabel(clvmd_t)
-corenet_tcp_sendrecv_generic_if(clvmd_t)
-corenet_udp_sendrecv_generic_if(clvmd_t)
-corenet_raw_sendrecv_generic_if(clvmd_t)
-corenet_tcp_sendrecv_generic_node(clvmd_t)
-corenet_udp_sendrecv_generic_node(clvmd_t)
-corenet_raw_sendrecv_generic_node(clvmd_t)
-corenet_tcp_sendrecv_all_ports(clvmd_t)
-corenet_udp_sendrecv_all_ports(clvmd_t)
-corenet_tcp_bind_generic_node(clvmd_t)
-corenet_tcp_bind_reserved_port(clvmd_t)
-corenet_dontaudit_tcp_bind_all_reserved_ports(clvmd_t)
-corenet_sendrecv_generic_server_packets(clvmd_t)
-
-dev_read_sysfs(clvmd_t)
-dev_manage_generic_symlinks(clvmd_t)
-dev_relabel_generic_dev_dirs(clvmd_t)
-dev_manage_generic_blk_files(clvmd_t)
-dev_manage_generic_chr_files(clvmd_t)
-dev_rw_lvm_control(clvmd_t)
-dev_dontaudit_getattr_all_blk_files(clvmd_t)
-dev_dontaudit_getattr_all_chr_files(clvmd_t)
-dev_create_generic_dirs(clvmd_t)
-dev_delete_generic_dirs(clvmd_t)
-
-files_read_etc_files(clvmd_t)
-files_list_usr(clvmd_t)
-
-fs_getattr_all_fs(clvmd_t)
-fs_search_auto_mountpoints(clvmd_t)
-fs_dontaudit_list_tmpfs(clvmd_t)
-fs_dontaudit_read_removable_files(clvmd_t)
-fs_rw_anon_inodefs_files(clvmd_t)
-
-storage_dontaudit_getattr_removable_dev(clvmd_t)
-storage_manage_fixed_disk(clvmd_t)
-storage_dev_filetrans_fixed_disk(clvmd_t)
-storage_relabel_fixed_disk(clvmd_t)
-storage_raw_read_fixed_disk(clvmd_t)
-
-domain_use_interactive_fds(clvmd_t)
-
-auth_use_nsswitch(clvmd_t)
-
-init_dontaudit_getattr_initctl(clvmd_t)
-
-logging_send_syslog_msg(clvmd_t)
-
-miscfiles_read_localization(clvmd_t)
-
-seutil_dontaudit_search_config(clvmd_t)
-seutil_sigchld_newrole(clvmd_t)
-seutil_read_config(clvmd_t)
-seutil_read_file_contexts(clvmd_t)
-seutil_search_default_contexts(clvmd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(clvmd_t)
-userdom_dontaudit_search_user_home_dirs(clvmd_t)
-
-lvm_domtrans(clvmd_t)
-lvm_read_config(clvmd_t)
-
-ifdef(`distro_redhat',`
-	optional_policy(`
-		unconfined_domain(clvmd_t)
-	')
-')
-
-optional_policy(`
-	aisexec_stream_connect(clvmd_t)
-	corosync_stream_connect(clvmd_t)
-')
-
-optional_policy(`
-	ccs_stream_connect(clvmd_t)
-')
-
-optional_policy(`
-	gpm_dontaudit_getattr_gpmctl(clvmd_t)
-')
-
-optional_policy(`
-	ricci_dontaudit_rw_modcluster_pipes(clvmd_t)
-	ricci_dontaudit_use_modcluster_fds(clvmd_t)
-')
-
-optional_policy(`
-	udev_read_db(clvmd_t)
-')
-
-########################################
-#
-# LVM Local policy
-#
-
-# DAC overrides and mknod for modifying /dev entries (vgmknodes)
-# rawio needed for dmraid
-# net_admin for multipath
-allow lvm_t self:capability { dac_override fowner ipc_lock sys_admin sys_nice mknod chown sys_resource sys_rawio net_admin };
-dontaudit lvm_t self:capability sys_tty_config;
-allow lvm_t self:process { sigchld sigkill sigstop signull signal };
-# LVM will complain a lot if it cannot set its priority.
-allow lvm_t self:process setsched;
-allow lvm_t self:sem create_sem_perms;
-allow lvm_t self:file rw_file_perms;
-allow lvm_t self:fifo_file manage_fifo_file_perms;
-allow lvm_t self:unix_dgram_socket create_socket_perms;
-allow lvm_t self:netlink_kobject_uevent_socket create_socket_perms;
-
-allow lvm_t self:unix_stream_socket { connectto create_stream_socket_perms };
-allow lvm_t clvmd_t:unix_stream_socket { connectto rw_socket_perms };
-
-manage_dirs_pattern(lvm_t, lvm_tmp_t, lvm_tmp_t)
-manage_files_pattern(lvm_t, lvm_tmp_t, lvm_tmp_t)
-files_tmp_filetrans(lvm_t, lvm_tmp_t, { file dir })
-
-# /lib/lvm-<version> holds the actual LVM binaries (and symlinks)
-read_files_pattern(lvm_t, lvm_exec_t, lvm_exec_t)
-read_lnk_files_pattern(lvm_t, lvm_exec_t, lvm_exec_t)
-
-# LVM is split into many individual binaries
-can_exec(lvm_t, lvm_exec_t)
-
-# Creating lock files
-manage_files_pattern(lvm_t, lvm_lock_t, lvm_lock_t)
-files_lock_filetrans(lvm_t, lvm_lock_t, file)
-
-manage_dirs_pattern(lvm_t, lvm_var_lib_t, lvm_var_lib_t)
-manage_files_pattern(lvm_t, lvm_var_lib_t, lvm_var_lib_t)
-files_var_lib_filetrans(lvm_t, lvm_var_lib_t, { dir file })
-
-manage_dirs_pattern(lvm_t, lvm_var_run_t, lvm_var_run_t)
-manage_files_pattern(lvm_t, lvm_var_run_t, lvm_var_run_t)
-manage_sock_files_pattern(lvm_t, lvm_var_run_t, lvm_var_run_t)
-files_pid_filetrans(lvm_t, lvm_var_run_t, { file sock_file })
-
-read_files_pattern(lvm_t, lvm_etc_t, lvm_etc_t)
-read_lnk_files_pattern(lvm_t, lvm_etc_t, lvm_etc_t)
-# Write to /etc/lvm, /etc/lvmtab, /etc/lvmtab.d
-manage_files_pattern(lvm_t, lvm_metadata_t, lvm_metadata_t)
-filetrans_pattern(lvm_t, lvm_etc_t, lvm_metadata_t, file)
-files_etc_filetrans(lvm_t, lvm_metadata_t, file)
-files_search_mnt(lvm_t)
-
-kernel_get_sysvipc_info(lvm_t)
-kernel_read_system_state(lvm_t)
-kernel_read_kernel_sysctls(lvm_t)
-# Read system variables in /proc/sys
-kernel_read_kernel_sysctls(lvm_t)
-# it has no reason to need this
-kernel_dontaudit_getattr_core_if(lvm_t)
-kernel_use_fds(lvm_t)
-kernel_request_load_module(lvm_t)
-kernel_search_debugfs(lvm_t)
-
-corecmd_exec_bin(lvm_t)
-corecmd_exec_shell(lvm_t)
-
-dev_create_generic_chr_files(lvm_t)
-dev_delete_generic_dirs(lvm_t)
-dev_read_rand(lvm_t)
-dev_read_urand(lvm_t)
-dev_rw_lvm_control(lvm_t)
-dev_manage_generic_symlinks(lvm_t)
-dev_relabel_generic_dev_dirs(lvm_t)
-dev_manage_generic_blk_files(lvm_t)
-# Read /sys/block. Device mapper metadata is kept there.
-dev_read_sysfs(lvm_t)
-# cjp: this has no effect since LVM does not
-# have lnk_file relabelto for anything else.
-# perhaps this should be blk_files?
-dev_relabel_generic_symlinks(lvm_t)
-# LVM (vgscan) scans for devices by stating every file in /dev and applying a regex...
-dev_dontaudit_read_all_chr_files(lvm_t)
-dev_dontaudit_read_all_blk_files(lvm_t)
-dev_dontaudit_getattr_generic_chr_files(lvm_t)
-dev_dontaudit_getattr_generic_blk_files(lvm_t)
-dev_dontaudit_getattr_generic_pipes(lvm_t)
-dev_create_generic_dirs(lvm_t)
-dev_rw_generic_files(lvm_t)
-
-domain_use_interactive_fds(lvm_t)
-domain_read_all_domains_state(lvm_t)
-
-files_read_usr_files(lvm_t)
-files_read_etc_files(lvm_t)
-files_read_etc_runtime_files(lvm_t)
-# for when /usr is not mounted:
-files_dontaudit_search_isid_type_dirs(lvm_t)
-files_dontaudit_getattr_tmpfs_files(lvm_t)
-
-fs_getattr_all_fs(lvm_t)
-fs_search_auto_mountpoints(lvm_t)
-fs_list_tmpfs(lvm_t)
-fs_read_tmpfs_symlinks(lvm_t)
-fs_dontaudit_read_removable_files(lvm_t)
-fs_dontaudit_getattr_tmpfs_files(lvm_t)
-fs_rw_anon_inodefs_files(lvm_t)
-
-mls_file_read_all_levels(lvm_t)
-mls_file_write_to_clearance(lvm_t)
-mls_file_upgrade(lvm_t)
-
-selinux_get_fs_mount(lvm_t)
-selinux_validate_context(lvm_t)
-selinux_compute_access_vector(lvm_t)
-selinux_compute_create_context(lvm_t)
-selinux_compute_relabel_context(lvm_t)
-selinux_compute_user_contexts(lvm_t)
-
-storage_relabel_fixed_disk(lvm_t)
-storage_dontaudit_read_removable_device(lvm_t)
-# LVM creates block devices in /dev/mapper or /dev/<vg>
-# depending on its version
-# LVM(2) needs to create directores (/dev/mapper, /dev/<vg>)
-# and links from /dev/<vg> to /dev/mapper/<vg>-<lv>
-# cjp: need create interface here for fixed disk create
-storage_dev_filetrans_fixed_disk(lvm_t)
-# Access raw devices and old /dev/lvm (c 109,0).  Is this needed?
-storage_manage_fixed_disk(lvm_t)
-
-term_use_all_terms(lvm_t)
-
-init_use_fds(lvm_t)
-init_dontaudit_getattr_initctl(lvm_t)
-init_use_script_ptys(lvm_t)
-init_read_script_state(lvm_t)
-
-logging_send_syslog_msg(lvm_t)
-
-miscfiles_read_localization(lvm_t)
-
-seutil_read_config(lvm_t)
-seutil_read_file_contexts(lvm_t)
-seutil_search_default_contexts(lvm_t)
-seutil_sigchld_newrole(lvm_t)
-
-userdom_use_user_terminals(lvm_t)
-
-ifdef(`distro_redhat',`
-	# this is from the initrd:
-	files_rw_isid_type_dirs(lvm_t)
-
-	optional_policy(`
-		unconfined_domain(lvm_t)
-	')
-')
-
-optional_policy(`
-	aisexec_stream_connect(lvm_t)
-	corosync_stream_connect(lvm_t)
-')
-
-optional_policy(`
-	bootloader_rw_tmp_files(lvm_t)
-')
-
-optional_policy(`
-	ccs_stream_connect(lvm_t)
-')
-
-optional_policy(`
-	gpm_dontaudit_getattr_gpmctl(lvm_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(lvm_t)
-
-	optional_policy(`
-		hal_dbus_chat(lvm_t)
-	')
-')
-
-optional_policy(`
-	livecd_rw_semaphores(lvm_t)
-')
-
-optional_policy(`
-	modutils_domtrans_insmod(lvm_t)
-')
-
-optional_policy(`
-	rpm_manage_script_tmp_files(lvm_t)
-')
-
-optional_policy(`
-	udev_read_db(lvm_t)
-')
-
-optional_policy(`
-	virt_manage_images(lvm_t)
-')
-
-optional_policy(`
-	xen_append_log(lvm_t)
-	xen_dontaudit_rw_unix_stream_sockets(lvm_t)
-')
diff --git a/policy/modules/system/metadata.xml b/policy/modules/system/metadata.xml
deleted file mode 100644
index 4866e97..0000000
--- a/policy/modules/system/metadata.xml
+++ /dev/null
@@ -1,3 +0,0 @@
-<summary>
-	Policy modules for system functions from init to multi-user login.
-</summary>
diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
deleted file mode 100644
index a8bd9fe..0000000
--- a/policy/modules/system/miscfiles.fc
+++ /dev/null
@@ -1,94 +0,0 @@
-#
-# /emul
-#
-ifdef(`distro_gentoo',`
-/emul/linux/x86/usr/(X11R6/)?lib/X11/locale(/.*)? gen_context(system_u:object_r:locale_t,s0)
-')
-
-#
-# /etc
-#
-/etc/avahi/etc/localtime --	gen_context(system_u:object_r:locale_t,s0)
-/etc/localtime		--	gen_context(system_u:object_r:locale_t,s0)
-/etc/timezone		--	gen_context(system_u:object_r:locale_t,s0)
-/etc/pki(/.*)?			gen_context(system_u:object_r:cert_t,s0)
-/etc/httpd/alias/[^/]*\.db(\.[^/]*)*	-- 	gen_context(system_u:object_r:cert_t,s0)
-
-ifdef(`distro_redhat',`
-/etc/sysconfig/clock	--	gen_context(system_u:object_r:locale_t,s0)
-')
-
-#
-# /opt
-#
-/opt/(.*/)?man(/.*)?		gen_context(system_u:object_r:man_t,s0)
-
-#
-# /srv
-#
-/srv/([^/]*/)?ftp(/.*)?		gen_context(system_u:object_r:public_content_t,s0)
-/srv/([^/]*/)?rsync(/.*)?	gen_context(system_u:object_r:public_content_t,s0)
-
-#
-# /usr
-#
-/usr/lib/locale(/.*)?		gen_context(system_u:object_r:locale_t,s0)
-
-/usr/lib(64)?/perl5/man(/.*)?	gen_context(system_u:object_r:man_t,s0)
-
-/usr/local/man(/.*)?		gen_context(system_u:object_r:man_t,s0)
-/usr/local/share/man(/.*)?	gen_context(system_u:object_r:man_t,s0)
-
-/usr/local/share/fonts(/.*)?	gen_context(system_u:object_r:fonts_t,s0)
-
-/usr/man(/.*)?			gen_context(system_u:object_r:man_t,s0)
-
-/usr/share/fonts(/.*)?		gen_context(system_u:object_r:fonts_t,s0)
-/usr/share/X11/fonts(/.*)?	gen_context(system_u:object_r:fonts_t,s0)
-/usr/share/ghostscript/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
-/usr/share/locale(/.*)?		gen_context(system_u:object_r:locale_t,s0)
-/usr/share/man(/.*)?		gen_context(system_u:object_r:man_t,s0)
-/usr/share/X11/locale(/.*)?	gen_context(system_u:object_r:locale_t,s0)
-/usr/share/zoneinfo(/.*)?	gen_context(system_u:object_r:locale_t,s0)
-
-/usr/share/ssl/certs(/.*)?	gen_context(system_u:object_r:cert_t,s0)
-/usr/share/ssl/private(/.*)?	gen_context(system_u:object_r:cert_t,s0)
-
-/usr/X11R6/lib/X11/fonts(/.*)?	gen_context(system_u:object_r:fonts_t,s0)
-
-/usr/X11R6/man(/.*)?		gen_context(system_u:object_r:man_t,s0)
-
-ifdef(`distro_gentoo',`
-/usr/share/misc/(pci|usb)\.ids -- gen_context(system_u:object_r:hwdata_t,s0)
-')
-
-ifdef(`distro_redhat',`
-/usr/share/hwdata(/.*)?		gen_context(system_u:object_r:hwdata_t,s0)
-')
-
-#
-# /var
-#
-/var/ftp(/.*)?			gen_context(system_u:object_r:public_content_t,s0)
-
-/var/lib/texmf(/.*)?		gen_context(system_u:object_r:tetex_data_t,s0)
-
-/var/cache/fontconfig(/.*)?	gen_context(system_u:object_r:fonts_cache_t,s0)
-/var/cache/fonts(/.*)?		gen_context(system_u:object_r:tetex_data_t,s0)
-/var/cache/man(/.*)?		gen_context(system_u:object_r:man_t,s0)
-
-/var/named/chroot/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0)
-
-/var/spool/abrt-upload(/.*)?    gen_context(system_u:object_r:public_content_rw_t,s0)
-
-/var/spool/texmf(/.*)?		gen_context(system_u:object_r:tetex_data_t,s0)
-
-ifdef(`distro_debian',`
-/var/lib/msttcorefonts(/.*)?	gen_context(system_u:object_r:fonts_t,s0)
-/var/lib/usbutils(/.*)?		gen_context(system_u:object_r:hwdata_t,s0)
-')
-
-ifdef(`distro_redhat',`
-/var/empty/sshd/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
-/var/spool/postfix/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
-')
diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
deleted file mode 100644
index 926ba65..0000000
--- a/policy/modules/system/miscfiles.if
+++ /dev/null
@@ -1,771 +0,0 @@
-## <summary>Miscelaneous files.</summary>
-
-########################################
-## <summary>
-##	Make the specified type usable as a cert file.
-## </summary>
-## <desc>
-##	<p>
-##	Make the specified type usable for cert files.
-##	This will also make the type usable for files, making
-##	calls to files_type() redundant.  Failure to use this interface
-##	for a temporary file may result in problems with
-##	cert management tools.
-##	</p>
-##	<p>
-##	Related interfaces:
-##	</p>
-##	<ul>
-##		<li>files_type()</li>
-##	</ul>
-##	<p>
-##	Example:
-##	</p>
-##	<p>
-##	type mycertfile_t;
-##	cert_type(mycertfile_t)
-##	allow mydomain_t mycertfile_t:file read_file_perms;
-##	files_search_etc(mydomain_t)
-##	</p>
-## </desc>
-## <param name="type">
-##	<summary>
-##	Type to be used for files.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`miscfiles_cert_type',`
-	gen_require(`
-		attribute cert_type;
-	')
-
-	typeattribute $1 cert_type;
-	files_type($1)
-')
-
-########################################
-## <summary>
-##	Read all SSL certificates.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`miscfiles_read_all_certs',`
-	gen_require(`
-		attribute cert_type;
-	')
-
-	allow $1 cert_type:dir list_dir_perms;
-	read_files_pattern($1, cert_type, cert_type)
-	read_lnk_files_pattern($1, cert_type, cert_type)
-')
-
-########################################
-## <summary>
-##	Read generic SSL certificates.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`miscfiles_read_generic_certs',`
-	gen_require(`
-		type cert_t;
-	')
-
-	allow $1 cert_t:dir list_dir_perms;
-	read_files_pattern($1, cert_t, cert_t)
-	read_lnk_files_pattern($1, cert_t, cert_t)
-')
-
-########################################
-## <summary>
-##	Manage generic SSL certificates.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_manage_generic_cert_dirs',`
-	gen_require(`
-		type cert_t;
-	')
-
-	manage_dirs_pattern($1, cert_t, cert_t)
-')
-
-########################################
-## <summary>
-##	Manage generic SSL certificates.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`miscfiles_manage_generic_cert_files',`
-	gen_require(`
-		type cert_t;
-	')
-
-	manage_files_pattern($1, cert_t, cert_t)
-	read_lnk_files_pattern($1, cert_t, cert_t)
-')
-
-########################################
-## <summary>
-##	Read SSL certificates.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_read_certs',`
-	miscfiles_read_generic_certs($1)
-	refpolicywarn(`$0() has been deprecated, please use miscfiles_read_generic_certs() instead.')
-')
-
-########################################
-## <summary>
-##	Manage SSL certificates.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_manage_cert_dirs',`
-	miscfiles_manage_generic_cert_dirs($1)
-	refpolicywarn(`$0() has been deprecated, please use miscfiles_manage_generic_cert_dirs() instead.')
-')
-
-########################################
-## <summary>
-##	Manage SSL certificates.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_manage_cert_files',`
-	miscfiles_manage_generic_cert_files($1)
-	refpolicywarn(`$0() has been deprecated, please use miscfiles_manage_generic_cert_files() instead.')
-')
-
-########################################
-## <summary>
-##	Read fonts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`miscfiles_read_fonts',`
-	gen_require(`
-		type fonts_t, fonts_cache_t;
-	')
-
-	# cjp: fonts can be in either of these dirs
-	files_search_usr($1)
-	libs_search_lib($1)
-
-	allow $1 fonts_t:dir list_dir_perms;
-	read_files_pattern($1, fonts_t, fonts_t)
-	read_lnk_files_pattern($1, fonts_t, fonts_t)
-
-	allow $1 fonts_cache_t:dir list_dir_perms;
-	read_files_pattern($1, fonts_cache_t, fonts_cache_t)
-	read_lnk_files_pattern($1, fonts_cache_t, fonts_cache_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes on a fonts directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`miscfiles_setattr_fonts_dirs',`
-	gen_require(`
-		type fonts_t;
-	')
-
-	allow $1 fonts_t:dir setattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to set the attributes
-##	on a fonts directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`miscfiles_dontaudit_setattr_fonts_dirs',`
-	gen_require(`
-		type fonts_t;
-	')
-
-	dontaudit $1 fonts_t:dir setattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write fonts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`miscfiles_dontaudit_write_fonts',`
-	gen_require(`
-		type fonts_t;
-	')
-
-	dontaudit $1 fonts_t:dir { write setattr };
-	dontaudit $1 fonts_t:file write;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete fonts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`miscfiles_manage_fonts',`
-	gen_require(`
-		type fonts_t;
-	')
-
-	# cjp: fonts can be in either of these dirs
-	files_search_usr($1)
-	libs_search_lib($1)
-
-	manage_dirs_pattern($1, fonts_t, fonts_t)
-	manage_files_pattern($1, fonts_t, fonts_t)
-	manage_lnk_files_pattern($1, fonts_t, fonts_t)
-')
-
-########################################
-## <summary>
-##	Set the attributes on a fonts cache directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_setattr_fonts_cache_dirs',`
-	gen_require(`
-		type fonts_cache_t;
-	')
-
-	allow $1 fonts_cache_t:dir setattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to set the attributes
-##	on a fonts cache directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_dontaudit_setattr_fonts_cache_dirs',`
-	gen_require(`
-		type fonts_cache_t;
-	')
-
-	dontaudit $1 fonts_cache_t:dir setattr;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete fonts cache.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`miscfiles_manage_fonts_cache',`
-	gen_require(`
-		type fonts_cache_t;
-	')
-
-	files_search_var($1)
-
-	manage_dirs_pattern($1, fonts_cache_t, fonts_cache_t)
-	manage_files_pattern($1, fonts_cache_t, fonts_cache_t)
-	manage_lnk_files_pattern($1, fonts_cache_t, fonts_cache_t)
-')
-
-########################################
-## <summary>
-##	Read hardware identification data.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_read_hwdata',`
-	gen_require(`
-		type hwdata_t;
-	')
-
-	allow $1 hwdata_t:dir list_dir_perms;
-	read_files_pattern($1, hwdata_t, hwdata_t)
-	read_lnk_files_pattern($1, hwdata_t, hwdata_t)
-')
-
-########################################
-## <summary>
-##	Allow process to setattr localization info
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_setattr_localization',`
-	gen_require(`
-		type locale_t;
-	')
-
-	files_search_usr($1)
-	allow $1 locale_t:dir list_dir_perms;
-	allow $1 locale_t:file setattr;
-')
-
-########################################
-## <summary>
-##	Allow process to read localization information.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to read the localization files.
-##	This is typically for time zone configuration files, such as
-##	/etc/localtime and files in /usr/share/zoneinfo.
-##	Typically, any domain which needs to know the GMT/UTC
-##	offset of the current timezone will need access
-##	to these files. Generally, it should be safe for any
-##	domain to read these files.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`miscfiles_read_localization',`
-	gen_require(`
-		type locale_t;
-	')
-
-	files_read_etc_symlinks($1)
-	files_search_usr($1)
-	allow $1 locale_t:dir list_dir_perms;
-	read_files_pattern($1, locale_t, locale_t)
-	read_lnk_files_pattern($1, locale_t, locale_t)
-')
-
-########################################
-## <summary>
-##	Allow process to write localization info
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_rw_localization',`
-	gen_require(`
-		type locale_t;
-	')
-
-	files_search_usr($1)
-	allow $1 locale_t:dir list_dir_perms;
-	rw_files_pattern($1, locale_t, locale_t)
-')
-
-########################################
-## <summary>
-##	Allow process to relabel localization info
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_relabel_localization',`
-	gen_require(`
-		type locale_t;
-	')
-
-	files_search_usr($1)
-	relabel_files_pattern($1, locale_t, locale_t)
-')
-
-########################################
-## <summary>
-##	Allow process to read legacy time localization info
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_legacy_read_localization',`
-	gen_require(`
-		type locale_t;
-	')
-
-	miscfiles_read_localization($1)
-	allow $1 locale_t:file execute;
-')
-
-########################################
-## <summary>
-##	Search man pages.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_search_man_pages',`
-	gen_require(`
-		type man_t;
-	')
-
-	allow $1 man_t:dir search_dir_perms;
-	files_search_usr($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search man pages.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_dontaudit_search_man_pages',`
-	gen_require(`
-		type man_t;
-	')
-
-	dontaudit $1 man_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read man pages
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`miscfiles_read_man_pages',`
-	gen_require(`
-		type man_t;
-	')
-
-	files_search_usr($1)
-	allow $1 man_t:dir list_dir_perms;
-	read_files_pattern($1, man_t, man_t)
-	read_lnk_files_pattern($1, man_t, man_t)
-')
-
-########################################
-## <summary>
-##	Delete man pages
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-# cjp: added for tmpreaper
-#
-interface(`miscfiles_delete_man_pages',`
-	gen_require(`
-		type man_t;
-	')
-
-	files_search_usr($1)
-
-	allow $1 man_t:dir setattr;
-	# RH bug #309351
-	allow $1 man_t:dir list_dir_perms;
-	delete_dirs_pattern($1, man_t, man_t)
-	delete_files_pattern($1, man_t, man_t)
-	delete_lnk_files_pattern($1, man_t, man_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete man pages
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_manage_man_pages',`
-	gen_require(`
-		type man_t;
-	')
-
-	files_search_usr($1)
-	manage_dirs_pattern($1, man_t, man_t)
-	manage_files_pattern($1, man_t, man_t)
-	read_lnk_files_pattern($1, man_t, man_t)
-')
-
-########################################
-## <summary>
-##	Read public files used for file
-##	transfer services.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`miscfiles_read_public_files',`
-	gen_require(`
-		type public_content_t, public_content_rw_t;
-	')
-
-	allow $1 { public_content_t public_content_rw_t }:dir list_dir_perms;
-	read_files_pattern($1, { public_content_t public_content_rw_t }, { public_content_t public_content_rw_t })
-	read_lnk_files_pattern($1, { public_content_t public_content_rw_t }, { public_content_t public_content_rw_t })
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete public files
-##	and directories used for file transfer services.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`miscfiles_manage_public_files',`
-	gen_require(`
-		type public_content_rw_t;
-	')
-
-	manage_dirs_pattern($1, public_content_rw_t, public_content_rw_t)
-	manage_files_pattern($1, public_content_rw_t, public_content_rw_t)
-	manage_lnk_files_pattern($1, public_content_rw_t, public_content_rw_t)
-')
-
-########################################
-## <summary>
-##	Read TeX data
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_read_tetex_data',`
-	gen_require(`
-		type tetex_data_t;
-	')
-
-	files_search_var($1)
-	files_search_var_lib($1)
-
-	# cjp: TeX data can be in either of the above dirs
-	allow $1 tetex_data_t:dir list_dir_perms;
-	read_files_pattern($1, tetex_data_t, tetex_data_t)
-	read_lnk_files_pattern($1, tetex_data_t, tetex_data_t)
-')
-
-########################################
-## <summary>
-##	Execute TeX data programs in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_exec_tetex_data',`
-	gen_require(`
-		type fonts_t;
-		type tetex_data_t;
-	')
-
-	files_search_var($1)
-	files_search_var_lib($1)
-
-	# cjp: TeX data can be in either of the above dirs
-	allow $1 tetex_data_t:dir list_dir_perms;
-	exec_files_pattern($1, tetex_data_t, tetex_data_t)
-')
-
-########################################
-## <summary>
-##	Let test files be an entry point for
-##	a specified domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_domain_entry_test_files',`
-	gen_require(`
-		type test_file_t;
-	')
-
-	domain_entry_file($1, test_file_t)
-')
-
-########################################
-## <summary>
-##	Read test files and directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_read_test_files',`
-	gen_require(`
-		type test_file_t;
-	')
-
-	read_files_pattern($1, test_file_t, test_file_t)
-	read_lnk_files_pattern($1, test_file_t, test_file_t)
-')
-
-########################################
-## <summary>
-##	Execute test files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_exec_test_files',`
-	gen_require(`
-		type test_file_t;
-	')
-
-	exec_files_pattern($1, test_file_t, test_file_t)
-	read_lnk_files_pattern($1, test_file_t, test_file_t)
-')
-
-########################################
-## <summary>
-##	Execute test files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`miscfiles_etc_filetrans_localization',`
-	gen_require(`
-		type locale_t;
-	')
-
-	files_etc_filetrans($1, locale_t, file)
-
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete localization
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`miscfiles_manage_localization',`
-	gen_require(`
-		type locale_t;
-	')
-
-	manage_dirs_pattern($1, locale_t, locale_t)
-	manage_files_pattern($1, locale_t, locale_t)
-	manage_lnk_files_pattern($1, locale_t, locale_t)
-')
-
diff --git a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te
deleted file mode 100644
index 59c70bf..0000000
--- a/policy/modules/system/miscfiles.te
+++ /dev/null
@@ -1,62 +0,0 @@
-policy_module(miscfiles, 1.8.1)
-
-########################################
-#
-# Declarations
-#
-attribute cert_type;
-
-#
-# cert_t is the type of files in the system certs directories.
-#
-type cert_t;
-miscfiles_cert_type(cert_t)
-
-#
-# fonts_t is the type of various font
-# files in /usr
-#
-type fonts_t;
-files_type(fonts_t)
-
-type fonts_cache_t;
-files_type(fonts_cache_t)
-
-#
-# type for /usr/share/hwdata
-#
-type hwdata_t;
-files_type(hwdata_t)
-
-#
-# locale_t is the type for system localization
-#
-type locale_t;
-files_type(locale_t)
-
-#
-# man_t is the type for the man directories.
-#
-type man_t alias catman_t;
-files_type(man_t)
-
-#
-# Types for public content
-#
-type public_content_t; #, customizable;
-files_type(public_content_t)
-
-type public_content_rw_t; #, customizable;
-files_type(public_content_rw_t)
-
-#
-# Base type for the tests directory.
-#
-type test_file_t;
-files_type(test_file_t)
-
-#
-# for /var/{spool,lib}/texmf index files
-#
-type tetex_data_t;
-files_tmp_file(tetex_data_t)
diff --git a/policy/modules/system/modutils.fc b/policy/modules/system/modutils.fc
deleted file mode 100644
index 532181a..0000000
--- a/policy/modules/system/modutils.fc
+++ /dev/null
@@ -1,24 +0,0 @@
-
-/etc/modules\.conf.*	--	gen_context(system_u:object_r:modules_conf_t,s0)
-/etc/modprobe\.conf.*	--	gen_context(system_u:object_r:modules_conf_t,s0)
-/etc/modprobe\.d(/.*)?		gen_context(system_u:object_r:modules_conf_t,s0)
-
-ifdef(`distro_gentoo',`
-# gentoo init scripts still manage this file
-# even if devfs is off
-/etc/modprobe.devfs.*	--	gen_context(system_u:object_r:modules_conf_t,s0)
-')
-
-/lib/modules/[^/]+/modules\..+ -- gen_context(system_u:object_r:modules_dep_t,s0)
-/lib64/modules/[^/]+/modules\..+ -- gen_context(system_u:object_r:modules_dep_t,s0)
-
-/lib/modules/modprobe\.conf -- gen_context(system_u:object_r:modules_conf_t,s0)
-/lib64/modules/modprobe\.conf -- gen_context(system_u:object_r:modules_conf_t,s0)
-
-/sbin/depmod.*		--	gen_context(system_u:object_r:depmod_exec_t,s0)
-/sbin/generate-modprobe\.conf -- gen_context(system_u:object_r:update_modules_exec_t,s0)
-/sbin/insmod.*		--	gen_context(system_u:object_r:insmod_exec_t,s0)
-/sbin/modprobe.*	--	gen_context(system_u:object_r:insmod_exec_t,s0)
-/sbin/modules-update	--	gen_context(system_u:object_r:update_modules_exec_t,s0)
-/sbin/rmmod.*		--	gen_context(system_u:object_r:insmod_exec_t,s0)
-/sbin/update-modules	--	gen_context(system_u:object_r:update_modules_exec_t,s0)
diff --git a/policy/modules/system/modutils.if b/policy/modules/system/modutils.if
deleted file mode 100644
index def8d5a..0000000
--- a/policy/modules/system/modutils.if
+++ /dev/null
@@ -1,357 +0,0 @@
-## <summary>Policy for kernel module utilities</summary>
-
-######################################
-## <summary>
-##	Getattr the dependencies of kernel modules.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`modutils_getattr_module_deps',`
-	gen_require(`
-		type modules_dep_t;
-	')
-
-	getattr_files_pattern($1, modules_object_t, modules_dep_t)
-')
-
-########################################
-## <summary>
-##	Read the dependencies of kernel modules.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`modutils_read_module_deps',`
-	gen_require(`
-		type modules_dep_t;
-	')
-
-	files_list_kernel_modules($1)
-	allow $1 modules_dep_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	list the configuration options used when
-##	loading modules.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`modutils_list_module_config',`
-	gen_require(`
-		type modules_conf_t;
-	')
-
-	list_dirs_pattern($1, modules_conf_t, modules_conf_t)
-')
-
-########################################
-## <summary>
-##	Read the configuration options used when
-##	loading modules.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`modutils_read_module_config',`
-	gen_require(`
-		type modules_conf_t;
-	')
-
-	# This file type can be in /etc or
-	# /lib(64)?/modules
-	files_search_etc($1)
-	files_search_boot($1)
-
-	read_files_pattern($1, modules_conf_t, modules_conf_t)
-	read_lnk_files_pattern($1, modules_conf_t, modules_conf_t)
-')
-
-########################################
-## <summary>
-##	Rename a file with the configuration options used when
-##	loading modules.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`modutils_rename_module_config',`
-	gen_require(`
-		type modules_conf_t;
-	')
-
-	rename_files_pattern($1, modules_conf_t, modules_conf_t)
-')
-
-########################################
-## <summary>
-##	Unlink a file with the configuration options used when
-##	loading modules.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`modutils_delete_module_config',`
-	gen_require(`
-		type modules_conf_t;
-	')
-
-	delete_files_pattern($1, modules_conf_t, modules_conf_t)
-')
-
-########################################
-## <summary>
-##	Manage files with the configuration options used when
-##	loading modules.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`modutils_manage_module_config',`
-	gen_require(`
-		type modules_conf_t;
-	')
-
-	manage_files_pattern($1, modules_conf_t, modules_conf_t)
-')
-
-########################################
-## <summary>
-##	Unconditionally execute insmod in the insmod domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-# cjp: this is added for pppd, due to nested
-# conditionals not working.
-interface(`modutils_domtrans_insmod_uncond',`
-	gen_require(`
-		type insmod_t, insmod_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, insmod_exec_t, insmod_t)
-')
-
-########################################
-## <summary>
-##	Execute insmod in the insmod domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`modutils_domtrans_insmod',`
-	gen_require(`
-		bool secure_mode_insmod;
-	')
-
-	if (!secure_mode_insmod) {
-		modutils_domtrans_insmod_uncond($1)
-	}
-')
-
-########################################
-## <summary>
-##	Execute insmod in the insmod domain, and
-##	allow the specified role the insmod domain,
-##	and use the caller's terminal.  Has a sigchld
-##	backchannel.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`modutils_run_insmod',`
-	gen_require(`
-		type insmod_t;
-	')
-
-	modutils_domtrans_insmod($1)
-	role $2 types insmod_t;
-')
-
-########################################
-## <summary>
-##	Execute insmod in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`modutils_exec_insmod',`
-	gen_require(`
-		type insmod_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, insmod_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute depmod in the depmod domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`modutils_domtrans_depmod',`
-	gen_require(`
-		type depmod_t, depmod_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, depmod_exec_t, depmod_t)
-')
-
-########################################
-## <summary>
-##	Execute depmod in the depmod domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`modutils_run_depmod',`
-	gen_require(`
-		type depmod_t, insmod_t;
-	')
-
-	modutils_domtrans_depmod($1)
-	role $2 types depmod_t;
-')
-
-########################################
-## <summary>
-##	Execute depmod in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`modutils_exec_depmod',`
-	gen_require(`
-		type depmod_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, depmod_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute depmod in the depmod domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`modutils_domtrans_update_mods',`
-	gen_require(`
-		type update_modules_t, update_modules_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, update_modules_exec_t, update_modules_t)
-')
-
-########################################
-## <summary>
-##	Execute update_modules in the update_modules domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`modutils_run_update_mods',`
-	gen_require(`
-		type update_modules_t;
-	')
-
-	modutils_domtrans_update_mods($1)
-	role $2 types update_modules_t;
-
-	modutils_run_insmod(update_modules_t, $2)
-')
-
-########################################
-## <summary>
-##	Execute update_modules in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`modutils_exec_update_mods',`
-	gen_require(`
-		type update_modules_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, update_modules_exec_t)
-')
diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
deleted file mode 100644
index 9abf3b1..0000000
--- a/policy/modules/system/modutils.te
+++ /dev/null
@@ -1,340 +0,0 @@
-policy_module(modutils, 1.10.0)
-
-gen_require(`
-	bool secure_mode_insmod;
-')
-
-########################################
-#
-# Declarations
-#
-
-type depmod_t;
-type depmod_exec_t;
-init_system_domain(depmod_t, depmod_exec_t)
-role system_r types depmod_t;
-
-type insmod_t;
-type insmod_exec_t;
-application_domain(insmod_t, insmod_exec_t)
-mls_file_write_all_levels(insmod_t)
-mls_process_write_down(insmod_t)
-role system_r types insmod_t;
-
-# module loading config
-type modules_conf_t;
-files_type(modules_conf_t)
-
-# module dependencies
-type modules_dep_t;
-files_type(modules_dep_t)
-
-type update_modules_t;
-type update_modules_exec_t;
-init_system_domain(update_modules_t, update_modules_exec_t)
-role system_r types update_modules_t;
-
-type update_modules_tmp_t;
-files_tmp_file(update_modules_tmp_t)
-
-########################################
-#
-# depmod local policy
-#
-
-can_exec(depmod_t, depmod_exec_t)
-
-# Read conf.modules.
-read_files_pattern(depmod_t, modules_conf_t, modules_conf_t)
-
-allow depmod_t modules_dep_t:file manage_file_perms;
-files_kernel_modules_filetrans(depmod_t, modules_dep_t, file)
-
-kernel_read_system_state(depmod_t)
-
-corecmd_search_bin(depmod_t)
-
-domain_use_interactive_fds(depmod_t)
-
-files_delete_kernel_modules(depmod_t)
-files_read_kernel_symbol_table(depmod_t)
-files_read_kernel_modules(depmod_t)
-files_read_etc_runtime_files(depmod_t)
-files_read_etc_files(depmod_t)
-files_read_usr_src_files(depmod_t)
-files_list_usr(depmod_t)
-files_append_var_files(depmod_t)
-files_read_boot_files(depmod_t)
-
-fs_getattr_xattr_fs(depmod_t)
-
-term_use_console(depmod_t)
-
-init_use_fds(depmod_t)
-init_use_script_fds(depmod_t)
-init_use_script_ptys(depmod_t)
-
-userdom_use_user_terminals(depmod_t)
-# Read System.map from home directories.
-files_list_home(depmod_t)
-userdom_read_user_home_content_files(depmod_t)
-userdom_manage_user_tmp_files(depmod_t)
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(depmod_t)
-	')
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_read_nfs_files(depmod_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_read_cifs_files(depmod_t)
-')
-
-optional_policy(`
-	rpm_rw_pipes(depmod_t)
-	rpm_manage_script_tmp_files(depmod_t)
-')
-
-optional_policy(`
-	# Read System.map from home directories.
-	unconfined_domain(depmod_t)
-')
-
-########################################
-#
-# insmod local policy
-#
-
-allow insmod_t self:capability { dac_override mknod net_raw sys_nice sys_tty_config };
-allow insmod_t self:process { execmem sigchld sigkill sigstop signull signal };
-
-allow insmod_t self:udp_socket create_socket_perms;
-allow insmod_t self:rawip_socket create_socket_perms;
-
-# Read module config and dependency information
-list_dirs_pattern(insmod_t, modules_conf_t, modules_conf_t)
-read_files_pattern(insmod_t, modules_conf_t, modules_conf_t)
-list_dirs_pattern(insmod_t, modules_dep_t, modules_dep_t)
-read_files_pattern(insmod_t, modules_dep_t, modules_dep_t)
-
-can_exec(insmod_t, insmod_exec_t)
-
-kernel_load_module(insmod_t)
-kernel_read_system_state(insmod_t)
-kernel_read_network_state(insmod_t)
-kernel_write_proc_files(insmod_t)
-kernel_mount_debugfs(insmod_t)
-kernel_mount_kvmfs(insmod_t)
-kernel_read_debugfs(insmod_t)
-kernel_request_load_module(insmod_t)
-# Rules for /proc/sys/kernel/tainted
-kernel_read_kernel_sysctls(insmod_t)
-kernel_rw_kernel_sysctl(insmod_t)
-kernel_read_hotplug_sysctls(insmod_t)
-kernel_setsched(insmod_t)
-
-corecmd_exec_bin(insmod_t)
-corecmd_exec_shell(insmod_t)
-
-dev_rw_sysfs(insmod_t)
-dev_search_usbfs(insmod_t)
-dev_rw_mtrr(insmod_t)
-dev_read_urand(insmod_t)
-dev_rw_agp(insmod_t)
-dev_read_sound(insmod_t)
-dev_write_sound(insmod_t)
-dev_rw_apm_bios(insmod_t)
-dev_create_generic_chr_files(insmod_t)
-
-domain_signal_all_domains(insmod_t)
-domain_use_interactive_fds(insmod_t)
-
-files_read_kernel_modules(insmod_t)
-files_read_etc_runtime_files(insmod_t)
-files_read_etc_files(insmod_t)
-files_read_usr_files(insmod_t)
-files_exec_etc_files(insmod_t)
-# for nscd:
-files_dontaudit_search_pids(insmod_t)
-# for when /var is not mounted early in the boot:
-files_dontaudit_search_isid_type_dirs(insmod_t)
-# for locking: (cjp: ????)
-files_write_kernel_modules(insmod_t)
-
-fs_getattr_xattr_fs(insmod_t)
-fs_dontaudit_use_tmpfs_chr_dev(insmod_t)
-fs_mount_rpc_pipefs(insmod_t)
-fs_search_rpc(insmod_t)
-
-init_rw_initctl(insmod_t)
-init_use_fds(insmod_t)
-init_use_script_fds(insmod_t)
-init_use_script_ptys(insmod_t)
-init_spec_domtrans_script(insmod_t)
-init_rw_script_tmp_files(insmod_t)
-
-logging_send_syslog_msg(insmod_t)
-logging_search_logs(insmod_t)
-
-miscfiles_read_localization(insmod_t)
-
-seutil_read_file_contexts(insmod_t)
-
-term_use_all_terms(insmod_t)
-userdom_dontaudit_search_user_home_dirs(insmod_t)
-
-if( ! secure_mode_insmod ) {
-	kernel_domtrans_to(insmod_t, insmod_exec_t)
-}
-
-optional_policy(`
-	alsa_domtrans(insmod_t)
-')
-
-optional_policy(`
-	firstboot_dontaudit_rw_pipes(insmod_t)
-	firstboot_dontaudit_rw_stream_sockets(insmod_t)
-')
-
-optional_policy(`
-	firewallgui_dontaudit_rw_pipes(insmod_t)
-')
-
-optional_policy(`
-	hal_write_log(insmod_t)
-')
-
-optional_policy(`
-	hotplug_search_config(insmod_t)
-')
-
-optional_policy(`
-	mount_domtrans(insmod_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(insmod_t)
-')
-
-optional_policy(`
-	nscd_socket_use(insmod_t)
-')
-
-optional_policy(`
-	fs_manage_ramfs_files(insmod_t)
-
-	rhgb_use_fds(insmod_t)
-	rhgb_dontaudit_use_ptys(insmod_t)
-
-	xserver_dontaudit_write_log(insmod_t)
-	xserver_stream_connect(insmod_t)
-	xserver_dontaudit_rw_stream_sockets(insmod_t)
-
-	ifdef(`hide_broken_symptoms',`
-		xserver_dontaudit_rw_tcp_sockets(insmod_t)
-	')
-')
-
-optional_policy(`
-	rpm_rw_pipes(insmod_t)
-')
-
-optional_policy(`
-	unconfined_domain(insmod_t)
-	unconfined_dontaudit_rw_pipes(insmod_t)
-')
-
-optional_policy(`
-	virt_dontaudit_write_pipes(insmod_t)
-')
-
-optional_policy(`
-	# cjp: why is this needed:
-	dev_rw_xserver_misc(insmod_t)
-
-	xserver_getattr_log(insmod_t)
-')
-
-#################################
-#
-# update-modules local policy
-#
-
-allow update_modules_t self:fifo_file rw_fifo_file_perms;
-
-allow update_modules_t modules_dep_t:file rw_file_perms;
-
-can_exec(update_modules_t, insmod_exec_t)
-can_exec(update_modules_t, update_modules_exec_t)
-
-# manage module loading configuration
-manage_files_pattern(update_modules_t, modules_conf_t, modules_conf_t)
-files_kernel_modules_filetrans(update_modules_t, modules_conf_t, file)
-files_etc_filetrans(update_modules_t, modules_conf_t, file)
-
-# transition to depmod
-domain_auto_trans(update_modules_t, depmod_exec_t, depmod_t)
-allow update_modules_t depmod_t:fd use;
-allow depmod_t update_modules_t:fd use;
-allow depmod_t update_modules_t:fifo_file rw_file_perms;
-allow depmod_t update_modules_t:process sigchld;
-
-manage_dirs_pattern(update_modules_t, update_modules_tmp_t, update_modules_tmp_t)
-manage_files_pattern(update_modules_t, update_modules_tmp_t, update_modules_tmp_t)
-files_tmp_filetrans(update_modules_t, update_modules_tmp_t, { file dir })
-
-kernel_read_kernel_sysctls(update_modules_t)
-kernel_read_system_state(update_modules_t)
-
-corecmd_exec_bin(update_modules_t)
-corecmd_exec_shell(update_modules_t)
-
-dev_read_urand(update_modules_t)
-
-domain_use_interactive_fds(update_modules_t)
-
-files_read_etc_runtime_files(update_modules_t)
-files_read_etc_files(update_modules_t)
-files_exec_etc_files(update_modules_t)
-
-fs_getattr_xattr_fs(update_modules_t)
-
-term_use_console(update_modules_t)
-
-init_use_fds(update_modules_t)
-init_use_script_fds(update_modules_t)
-init_use_script_ptys(update_modules_t)
-
-logging_send_syslog_msg(update_modules_t)
-
-miscfiles_read_localization(update_modules_t)
-
-userdom_use_user_terminals(update_modules_t)
-userdom_dontaudit_search_user_home_dirs(update_modules_t)
-
-ifdef(`distro_gentoo',`
-	files_search_pids(update_modules_t)
-	files_getattr_usr_src_files(update_modules_t)
-	files_list_isid_type_dirs(update_modules_t) # /var
-
-	# update-modules on Gentoo throws errors when run because it
-	# sources /etc/init.d/functions.sh, which always scans
-	# /var/lib/init.d to set SOFTLEVEL environment var.
-	# This is never used by update-modules.
-	files_dontaudit_search_var_lib(update_modules_t)
-	init_dontaudit_read_script_status_files(update_modules_t)
-
-	optional_policy(`
-		consoletype_exec(update_modules_t)
-	')
-')
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(update_modules_t)
-	')
-')
diff --git a/policy/modules/system/mount.fc b/policy/modules/system/mount.fc
deleted file mode 100644
index e3d06fd..0000000
--- a/policy/modules/system/mount.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-/bin/mount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
-/bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
-/sbin/mount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
-/sbin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
-/bin/fusermount    		--      gen_context(system_u:object_r:fusermount_exec_t,s0)
-/usr/bin/fusermount		--	gen_context(system_u:object_r:fusermount_exec_t,s0)
-/usr/sbin/showmount		--  gen_context(system_u:object_r:showmount_exec_t,s0)
-
-/var/cache/davfs2(/.*)?		gen_context(system_u:object_r:mount_var_run_t,s0)
-/var/run/davfs2(/.*)?		gen_context(system_u:object_r:mount_var_run_t,s0)
diff --git a/policy/modules/system/mount.if b/policy/modules/system/mount.if
deleted file mode 100644
index 3490497..0000000
--- a/policy/modules/system/mount.if
+++ /dev/null
@@ -1,340 +0,0 @@
-## <summary>Policy for mount.</summary>
-
-########################################
-## <summary>
-##	Execute mount in the mount domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`mount_domtrans',`
-	gen_require(`
-		type mount_t, mount_exec_t;
-	')
-
-	domtrans_pattern($1, mount_exec_t, mount_t)
-	mount_domtrans_fusermount($1)
-
-ifdef(`hide_broken_symptoms', `
-	dontaudit mount_t $1:unix_stream_socket { read write };
-	dontaudit mount_t $1:tcp_socket  { read write };
-	dontaudit mount_t $1:udp_socket { read write };
-')
-
-')
-
-########################################
-## <summary>
-##	Execute mount in the mount domain, and
-##	allow the specified role the mount domain,
-##	and use the caller's terminal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mount_run',`
-	gen_require(`
-		type mount_t;
-	')
-
-	mount_domtrans($1)
-	role $2 types mount_t;
-
-	optional_policy(`
-		fstools_run(mount_t, $2)
-	')
-
-	# Needed for mount crypt https://bugzilla.redhat.com/show_bug.cgi?id=418711
-	optional_policy(`
-		lvm_run(mount_t, $2)
-	')
-
-	optional_policy(`
-		modutils_run_insmod(mount_t, $2)
-	')
-
-	optional_policy(`
-		rpc_run_rpcd(mount_t, $2)
-	')
-
-	optional_policy(`
-		samba_run_smbmount(mount_t, $2)
-	')
-')
-
-########################################
-## <summary>
-##	Execute fusermount in the mount domain, and
-##	allow the specified role the mount domain,
-##	and use the caller's terminal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed the mount domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mount_run_fusermount',`
-	gen_require(`
-		type mount_t;
-	')
-
-	mount_domtrans_fusermount($1)
-	role $2 types mount_t;
-
-	fstools_run(mount_t, $2)
-')
-
-########################################
-## <summary>
-##	Execute mount in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mount_exec',`
-	gen_require(`
-		type mount_exec_t;
-	')
-
-	# cjp: this should be removed:
-	allow $1 mount_exec_t:dir list_dir_perms;
-
-	allow $1 mount_exec_t:lnk_file read_lnk_file_perms;
-	can_exec($1, mount_exec_t)
-')
-
-########################################
-## <summary>
-##	Send a generic signal to mount.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mount_signal',`
-	gen_require(`
-		type mount_t;
-		type unconfined_mount_t;
-	')
-
-	allow $1 mount_t:process signal;
-	allow $1 unconfined_mount_t:process signal;
-')
-
-########################################
-## <summary>
-##	Use file descriptors for mount.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mount_use_fds',`
-	gen_require(`
-		type mount_t;
-	')
-
-	allow $1 mount_t:fd use; 
-')
-
-########################################
-## <summary>
-##	Allow the mount domain to send nfs requests for mounting
-##	network drives
-## </summary>
-## <desc>
-##	<p>
-##	Allow the mount domain to send nfs requests for mounting
-##	network drives
-##	</p>
-##	<p>
-##	This interface has been deprecated as these rules were
-##	a side effect of leaked mount file descriptors.  This
-##	interface has no effect.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mount_send_nfs_client_request',`
-	refpolicywarn(`$0($*) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Execute mount in the unconfined mount domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`mount_domtrans_unconfined',`
-	gen_require(`
-		type unconfined_mount_t, mount_exec_t;
-	')
-
-	domtrans_pattern($1, mount_exec_t, unconfined_mount_t)
-')
-
-########################################
-## <summary>
-##	Execute mount in the unconfined mount domain, and
-##	allow the specified role the unconfined mount domain,
-##	and use the caller's terminal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`mount_run_unconfined',`
-	gen_require(`
-		type unconfined_mount_t;
-	')
-
-	mount_domtrans_unconfined($1)
-	role $2 types unconfined_mount_t;
-
-	optional_policy(`
-		rpc_run_rpcd(unconfined_mount_t, $2)
-	')
-
-	optional_policy(`
-		samba_run_smbmount(unconfined_mount_t, $2)
-	')
-')
-
-########################################
-## <summary>
-##	Execute fusermount in the mount domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mount_domtrans_fusermount',`
-	gen_require(`
-		type mount_t, fusermount_exec_t;
-	')
-
-	domtrans_pattern($1, fusermount_exec_t, mount_t)
-')
-
-########################################
-## <summary>
-##	Execute fusermount.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mount_exec_fusermount',`
-	gen_require(`
-		type fusermount_exec_t;
-	')
-
-	can_exec($1, fusermount_exec_t)
-')
-
-########################################
-## <summary>
-##	dontaudit Execute fusermount.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`mount_dontaudit_exec_fusermount',`
-	gen_require(`
-		type fusermount_exec_t;
-	')
-
-	dontaudit $1 fusermount_exec_t:file exec_file_perms;
-')
-
-######################################
-## <summary>
-##  Execute a domain transition to run showmount.
-## </summary>
-## <param name="domain">
-## <summary>
-##  Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`mount_domtrans_showmount',`
-    gen_require(`
-        type showmount_t, showmount_exec_t;
-    ')
-
-    domtrans_pattern($1, showmount_exec_t, showmount_t)
-')
-
-######################################
-## <summary>
-##  Execute showmount in the showmount domain, and
-##  allow the specified role the showmount domain.
-## </summary>
-## <param name="domain">
-##  <summary>
-##  Domain allowed access
-##  </summary>
-## </param>
-## <param name="role">
-##  <summary>
-##  The role to be allowed the showmount domain.
-##  </summary>
-## </param>
-#
-interface(`mount_run_showmount',`
-    gen_require(`
-        type showmount_t;
-    ')
-
-    mount_domtrans_showmount($1)
-    role $2 types showmount_t;
-')
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
deleted file mode 100644
index 8848e14..0000000
--- a/policy/modules/system/mount.te
+++ /dev/null
@@ -1,351 +0,0 @@
-policy_module(mount, 1.11.1)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Allow the mount command to mount any directory or file.
-## </p>
-## </desc>
-gen_tunable(allow_mount_anyfile, false)
-
-type mount_t;
-type mount_exec_t;
-init_system_domain(mount_t, mount_exec_t)
-role system_r types mount_t;
-
-type fusermount_exec_t;
-domain_entry_file(mount_t, fusermount_exec_t)
-
-typealias mount_t alias mount_ntfs_t;
-typealias mount_exec_t alias mount_ntfs_exec_t;
-
-type mount_loopback_t; # customizable
-files_type(mount_loopback_t)
-typealias mount_loopback_t alias mount_loop_t;
-
-type mount_tmp_t;
-files_tmp_file(mount_tmp_t)
-
-# causes problems with interfaces when
-# this is optionally declared in monolithic
-# policy--duplicate type declaration
-type unconfined_mount_t;
-application_domain(unconfined_mount_t, mount_exec_t)
-role system_r types unconfined_mount_t;
-
-type mount_var_run_t;
-files_pid_file(mount_var_run_t)
-
-# showmount - show mount information for an NFS server
-
-type showmount_t;
-type showmount_exec_t;
-application_domain(showmount_t, showmount_exec_t)
-role system_r types showmount_t;
-
-########################################
-#
-# mount local policy
-#
-
-# setuid/setgid needed to mount cifs 
-allow mount_t self:capability { fsetid ipc_lock setpcap sys_rawio sys_resource sys_admin dac_override dac_read_search chown sys_tty_config setuid setgid };
-allow mount_t self:process { getcap getsched ptrace setcap setrlimit signal };
-allow mount_t self:fifo_file rw_fifo_file_perms;
-allow mount_t self:unix_stream_socket create_stream_socket_perms;
-allow mount_t self:unix_dgram_socket create_socket_perms; 
-
-allow mount_t mount_loopback_t:file read_file_perms;
-
-allow mount_t mount_tmp_t:file manage_file_perms;
-allow mount_t mount_tmp_t:dir manage_dir_perms;
-
-can_exec(mount_t, mount_exec_t)
-
-files_tmp_filetrans(mount_t, mount_tmp_t, { file dir })
-
-manage_dirs_pattern(mount_t,mount_var_run_t,mount_var_run_t)
-manage_files_pattern(mount_t,mount_var_run_t,mount_var_run_t)
-files_pid_filetrans(mount_t,mount_var_run_t,dir)
-files_var_filetrans(mount_t,mount_var_run_t,dir)
-
-# In order to mount reiserfs_t
-kernel_dontaudit_getattr_core_if(mount_t)
-kernel_list_unlabeled(mount_t)
-kernel_mount_unlabeled(mount_t)
-kernel_unmount_unlabeled(mount_t)
-kernel_read_system_state(mount_t)
-kernel_read_network_state(mount_t)
-kernel_read_kernel_sysctls(mount_t)
-kernel_manage_debugfs(mount_t)
-kernel_setsched(mount_t)
-kernel_use_fds(mount_t)
-kernel_request_load_module(mount_t)
-
-# required for mount.smbfs
-corecmd_exec_bin(mount_t)
-
-dev_getattr_generic_blk_files(mount_t)
-dev_getattr_all_blk_files(mount_t)
-dev_list_all_dev_nodes(mount_t)
-dev_read_usbfs(mount_t)
-dev_read_rand(mount_t)
-dev_read_sysfs(mount_t)
-dev_rw_lvm_control(mount_t)
-dev_dontaudit_getattr_all_chr_files(mount_t)
-dev_dontaudit_getattr_memory_dev(mount_t)
-dev_getattr_sound_dev(mount_t)
-ifdef(`hide_broken_symptoms',`
-	dev_rw_generic_blk_files(mount_t)
-')
-# Early devtmpfs, before udev relabel
-dev_dontaudit_rw_generic_chr_files(mount_t)
-
-domain_use_interactive_fds(mount_t)
-domain_dontaudit_search_all_domains_state(mount_t)
-
-files_search_all(mount_t)
-files_read_etc_files(mount_t)
-files_manage_etc_runtime_files(mount_t)
-files_etc_filetrans_etc_runtime(mount_t, file)
-# for when /etc/mtab loses its type
-files_delete_etc_files(mount_t)
-files_mounton_all_mountpoints(mount_t)
-# ntfs-3g checks whether the mountpoint is writable before mounting
-files_write_all_mountpoints(mount_t)
-files_unmount_rootfs(mount_t)
-
-# These rules need to be generalized.  Only admin, initrc should have it:
-files_relabel_all_file_type_fs(mount_t)
-files_mount_all_file_type_fs(mount_t)
-files_unmount_all_file_type_fs(mount_t)
-files_read_isid_type_files(mount_t)
-# For reading cert files
-files_read_usr_files(mount_t)
-files_list_mnt(mount_t)
-
-fs_list_all(mount_t)
-fs_getattr_all_fs(mount_t)
-fs_mount_all_fs(mount_t)
-fs_unmount_all_fs(mount_t)
-fs_remount_all_fs(mount_t)
-fs_relabelfrom_all_fs(mount_t)
-fs_rw_anon_inodefs_files(mount_t)
-fs_rw_tmpfs_chr_files(mount_t)
-fs_rw_nfsd_fs(mount_t)
-fs_manage_tmpfs_dirs(mount_t)
-fs_read_tmpfs_symlinks(mount_t)
-fs_read_fusefs_files(mount_t)
-fs_manage_nfs_dirs(mount_t)
-fs_read_nfs_symlinks(mount_t)
-fs_manage_cgroup_dirs(mount_t)
-fs_manage_cgroup_files(mount_t)
-
-mls_file_read_all_levels(mount_t)
-mls_file_write_all_levels(mount_t)
-
-selinux_get_enforce_mode(mount_t)
-selinux_dontaudit_write_fs(mount_t)
-
-storage_raw_read_fixed_disk(mount_t)
-storage_raw_write_fixed_disk(mount_t)
-storage_raw_read_removable_device(mount_t)
-storage_raw_write_removable_device(mount_t)
-storage_rw_fuse(mount_t)
-
-term_use_all_terms(mount_t)
-
-auth_use_nsswitch(mount_t)
-
-init_use_fds(mount_t)
-init_use_script_ptys(mount_t)
-init_dontaudit_getattr_initctl(mount_t)
-init_stream_connect_script(mount_t)
-init_rw_script_stream_sockets(mount_t)
-
-logging_send_syslog_msg(mount_t)
-
-miscfiles_read_localization(mount_t)
-
-sysnet_use_portmap(mount_t)
-
-seutil_read_config(mount_t)
-
-userdom_use_all_users_fds(mount_t)
-userdom_manage_user_home_content_dirs(mount_t)
-userdom_read_user_home_content_symlinks(mount_t)
-
-optional_policy(`
-	abrt_rw_fifo_file(mount_t)
-')
-
-ifdef(`distro_redhat',`
-	optional_policy(`
-		auth_read_pam_console_data(mount_t)
-		# mount config by default sets fscontext=removable_t
-		fs_relabelfrom_dos_fs(mount_t)
-	')
-')
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(mount_t)
-	')
-')
-
-corecmd_exec_shell(mount_t)
-
-modutils_domtrans_insmod(mount_t)
-
-fstools_domtrans(mount_t)
-
-tunable_policy(`allow_mount_anyfile',`
-	auth_read_all_dirs_except_shadow(mount_t)
-	auth_read_all_files_except_shadow(mount_t)
-	files_mounton_non_security(mount_t)
-	files_rw_all_inherited_files(mount_t)
-')
-
-optional_policy(`
-	# for nfs
-	corenet_all_recvfrom_unlabeled(mount_t)
-	corenet_all_recvfrom_netlabel(mount_t)
-	corenet_tcp_sendrecv_all_if(mount_t)
-	corenet_raw_sendrecv_all_if(mount_t)
-	corenet_udp_sendrecv_all_if(mount_t)
-	corenet_tcp_sendrecv_all_nodes(mount_t)
-	corenet_raw_sendrecv_all_nodes(mount_t)
-	corenet_udp_sendrecv_all_nodes(mount_t)
-	corenet_tcp_sendrecv_all_ports(mount_t)
-	corenet_udp_sendrecv_all_ports(mount_t)
-	corenet_tcp_bind_all_nodes(mount_t)
-	corenet_udp_bind_all_nodes(mount_t)
-	corenet_tcp_bind_generic_port(mount_t)
-	corenet_udp_bind_generic_port(mount_t)
-	corenet_tcp_bind_reserved_port(mount_t)
-	corenet_udp_bind_reserved_port(mount_t)
-	corenet_tcp_bind_all_rpc_ports(mount_t)
-	corenet_udp_bind_all_rpc_ports(mount_t)
-	corenet_dontaudit_tcp_bind_all_reserved_ports(mount_t)
-	corenet_dontaudit_udp_bind_all_reserved_ports(mount_t)
-	corenet_tcp_connect_all_ports(mount_t)
-
-	fs_search_rpc(mount_t)
-
-	rpc_stub(mount_t)
-
-	rpc_domtrans_rpcd(mount_t)
-')
-
-optional_policy(`
-	apm_use_fds(mount_t)
-')
-
-optional_policy(`
-	cron_system_entry(mount_t, mount_exec_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(mount_t)
-
-	optional_policy(`
-		hal_dbus_chat(mount_t)
-	')
-')
-
-
-optional_policy(`
-	hal_write_log(mount_t)
-	hal_use_fds(mount_t)
-	hal_dontaudit_rw_pipes(mount_t)
-')
-
-optional_policy(`
-	ifdef(`hide_broken_symptoms',`
-		# for a bug in the X server
-		rhgb_dontaudit_rw_stream_sockets(mount_t)
-		term_dontaudit_use_ptmx(mount_t)
-	')
-')
-
-optional_policy(`
-	livecd_rw_tmp_files(mount_t)
-')
-
-# Needed for mount crypt https://bugzilla.redhat.com/show_bug.cgi?id=418711
-optional_policy(`
-	lvm_domtrans(mount_t)
-')
-
-# for kernel package installation
-optional_policy(`
-	rpm_rw_pipes(mount_t)
-	rpm_dontaudit_leaks(mount_t)
-')
-
-optional_policy(`
-	samba_domtrans_smbmount(mount_t)
-	samba_read_config(mount_t)
-')
-
-optional_policy(`
-	ssh_exec(mount_t)
-')
-
-optional_policy(`
-	usbmuxd_stream_connect(mount_t)
-')
-
-optional_policy(`
-	vmware_exec_host(mount_t)
-')
-
-########################################
-#
-# Unconfined mount local policy
-#
-
-optional_policy(`
-	unconfined_domain_noaudit(unconfined_mount_t)
-')
-
-optional_policy(`
-	userdom_unpriv_usertype(unconfined, unconfined_mount_t)
-	files_etc_filetrans_etc_runtime(unconfined_mount_t, file)
-')
-
-######################################
-#
-# showmount local policy
-#
-
-allow showmount_t self:tcp_socket create_stream_socket_perms;
-allow showmount_t self:udp_socket create_socket_perms;
-
-kernel_read_system_state(showmount_t)
-
-corenet_all_recvfrom_unlabeled(showmount_t)
-corenet_all_recvfrom_netlabel(showmount_t)
-corenet_tcp_sendrecv_generic_if(showmount_t)
-corenet_udp_sendrecv_generic_if(showmount_t)
-corenet_tcp_sendrecv_generic_node(showmount_t)
-corenet_udp_sendrecv_generic_node(showmount_t)
-corenet_tcp_sendrecv_all_ports(showmount_t)
-corenet_udp_sendrecv_all_ports(showmount_t)
-corenet_tcp_bind_generic_node(showmount_t)
-corenet_udp_bind_generic_node(showmount_t)
-corenet_tcp_bind_all_rpc_ports(showmount_t)
-corenet_udp_bind_all_rpc_ports(showmount_t)
-corenet_tcp_connect_all_ports(showmount_t)
-
-files_read_etc_files(showmount_t)
-
-miscfiles_read_localization(showmount_t)
-
-sysnet_dns_name_resolve(showmount_t)
-
-userdom_use_user_terminals(showmount_t)
diff --git a/policy/modules/system/netlabel.fc b/policy/modules/system/netlabel.fc
deleted file mode 100644
index b263a8a..0000000
--- a/policy/modules/system/netlabel.fc
+++ /dev/null
@@ -1 +0,0 @@
-/sbin/netlabelctl	--	gen_context(system_u:object_r:netlabel_mgmt_exec_t,s0)
diff --git a/policy/modules/system/netlabel.if b/policy/modules/system/netlabel.if
deleted file mode 100644
index 8cfaa75..0000000
--- a/policy/modules/system/netlabel.if
+++ /dev/null
@@ -1,46 +0,0 @@
-## <summary>NetLabel/CIPSO labeled networking management</summary>
-
-########################################
-## <summary>
-##	Execute netlabel_mgmt in the netlabel_mgmt domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`netlabel_domtrans_mgmt',`
-	gen_require(`
-		type netlabel_mgmt_t, netlabel_mgmt_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, netlabel_mgmt_exec_t, netlabel_mgmt_t)
-')
-
-########################################
-## <summary>
-##	Execute netlabel_mgmt in the netlabel_mgmt domain, and
-##	allow the specified role the netlabel_mgmt domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`netlabel_run_mgmt',`
-	gen_require(`
-		type netlabel_mgmt_t;
-	')
-
-	netlabel_domtrans_mgmt($1)
-	role $2 types netlabel_mgmt_t;
-')
diff --git a/policy/modules/system/netlabel.te b/policy/modules/system/netlabel.te
deleted file mode 100644
index cbbda4a..0000000
--- a/policy/modules/system/netlabel.te
+++ /dev/null
@@ -1,28 +0,0 @@
-policy_module(netlabel, 1.3.0)
-
-########################################
-#
-# Declarations
-#
-
-type netlabel_mgmt_t;
-type netlabel_mgmt_exec_t;
-application_domain(netlabel_mgmt_t, netlabel_mgmt_exec_t)
-role system_r types netlabel_mgmt_t;
-
-########################################
-#
-# NetLabel Management Tools Local policy
-#
-
-# modify the network subsystem configuration
-allow netlabel_mgmt_t self:capability net_admin;
-allow netlabel_mgmt_t self:netlink_socket create_socket_perms;
-
-kernel_read_network_state(netlabel_mgmt_t)
-
-files_read_etc_files(netlabel_mgmt_t)
-
-seutil_use_newrole_fds(netlabel_mgmt_t)
-
-userdom_use_user_terminals(netlabel_mgmt_t)
diff --git a/policy/modules/system/pcmcia.fc b/policy/modules/system/pcmcia.fc
deleted file mode 100644
index 9cf0e56..0000000
--- a/policy/modules/system/pcmcia.fc
+++ /dev/null
@@ -1,10 +0,0 @@
-
-/etc/apm/event\.d/pcmcia --	gen_context(system_u:object_r:cardmgr_exec_t,s0)
-
-/sbin/cardctl		--	gen_context(system_u:object_r:cardctl_exec_t,s0)
-/sbin/cardmgr		--	gen_context(system_u:object_r:cardmgr_exec_t,s0)
-
-/var/lib/pcmcia(/.*)?		gen_context(system_u:object_r:cardmgr_var_run_t,s0)
-
-/var/run/cardmgr\.pid	--	gen_context(system_u:object_r:cardmgr_var_run_t,s0)
-/var/run/stab		--	gen_context(system_u:object_r:cardmgr_var_run_t,s0)
diff --git a/policy/modules/system/pcmcia.if b/policy/modules/system/pcmcia.if
deleted file mode 100644
index aef445d..0000000
--- a/policy/modules/system/pcmcia.if
+++ /dev/null
@@ -1,156 +0,0 @@
-## <summary>PCMCIA card management services</summary>
-
-########################################
-## <summary>
-##	PCMCIA stub interface.  No access allowed.
-## </summary>
-## <param name="domain" unused="true">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pcmcia_stub',`
-	gen_require(`
-		type cardmgr_t;
-	')
-')
-
-########################################
-## <summary>
-##	Execute cardmgr in the cardmgr domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`pcmcia_domtrans_cardmgr',`
-	gen_require(`
-		type cardmgr_t, cardmgr_exec_t;
-	')
-
-	domtrans_pattern($1, cardmgr_exec_t, cardmgr_t)
-')
-
-########################################
-## <summary>
-##	Inherit and use file descriptors from cardmgr.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pcmcia_use_cardmgr_fds',`
-	gen_require(`
-		type cardmgr_t;
-	')
-
-	allow $1 cardmgr_t:fd use;
-')
-
-########################################
-## <summary>
-##	Execute cardctl in the cardmgr domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`pcmcia_domtrans_cardctl',`
-	gen_require(`
-		type cardmgr_t, cardctl_exec_t;
-	')
-
-	domtrans_pattern($1, cardctl_exec_t, cardmgr_t)
-')
-
-########################################
-## <summary>
-##	Execute cardmgr in the cardctl domain, and
-##	allow the specified role the cardmgr domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`pcmcia_run_cardctl',`
-	gen_require(`
-		type cardmgr_t;
-	')
-
-	pcmcia_domtrans_cardctl($1)
-	role $2 types cardmgr_t;
-')
-
-########################################
-## <summary>
-##	Read cardmgr pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pcmcia_read_pid',`
-	gen_require(`
-		type cardmgr_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, cardmgr_var_run_t, cardmgr_var_run_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	cardmgr pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pcmcia_manage_pid',`
-	gen_require(`
-		type cardmgr_var_run_t;
-	')
-
-	files_search_pids($1)
-	manage_files_pattern($1, cardmgr_var_run_t, cardmgr_var_run_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	cardmgr runtime character nodes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`pcmcia_manage_pid_chr_files',`
-	gen_require(`
-		type cardmgr_var_run_t;
-	')
-
-	files_search_pids($1)
-	manage_chr_files_pattern($1, cardmgr_var_run_t, cardmgr_var_run_t)
-')
diff --git a/policy/modules/system/pcmcia.te b/policy/modules/system/pcmcia.te
deleted file mode 100644
index 4d06ae3..0000000
--- a/policy/modules/system/pcmcia.te
+++ /dev/null
@@ -1,137 +0,0 @@
-policy_module(pcmcia, 1.6.0)
-
-########################################
-#
-# Declarations
-#
-
-type cardmgr_t;
-type cardmgr_exec_t;
-init_daemon_domain(cardmgr_t, cardmgr_exec_t)
-
-# Create symbolic links in /dev.
-# cjp: this should probably be eliminated
-type cardmgr_lnk_t;
-files_type(cardmgr_lnk_t)
-
-type cardmgr_var_lib_t;
-files_type(cardmgr_var_lib_t)
-
-type cardmgr_var_run_t;
-files_pid_file(cardmgr_var_run_t)
-
-type cardctl_exec_t;
-application_domain(cardmgr_t, cardctl_exec_t)
-
-########################################
-#
-# Local policy
-#
-
-# Use capabilities (net_admin for route), setuid for cardctl
-allow cardmgr_t self:capability { dac_read_search dac_override setuid net_admin sys_admin sys_nice sys_tty_config mknod };
-dontaudit cardmgr_t self:capability sys_tty_config;
-allow cardmgr_t self:process signal_perms;
-allow cardmgr_t self:fifo_file rw_fifo_file_perms;
-allow cardmgr_t self:unix_dgram_socket create_socket_perms;
-allow cardmgr_t self:unix_stream_socket create_socket_perms;
-
-allow cardmgr_t cardmgr_lnk_t:lnk_file manage_lnk_file_perms;
-dev_filetrans(cardmgr_t, cardmgr_lnk_t, lnk_file)
-
-# Create stab file
-manage_files_pattern(cardmgr_t, cardmgr_var_lib_t, cardmgr_var_lib_t)
-files_var_lib_filetrans(cardmgr_t, cardmgr_var_lib_t, file)
-
-allow cardmgr_t cardmgr_var_run_t:file manage_file_perms;
-files_pid_filetrans(cardmgr_t, cardmgr_var_run_t, file)
-
-kernel_read_system_state(cardmgr_t)
-kernel_read_kernel_sysctls(cardmgr_t)
-kernel_dontaudit_getattr_message_if(cardmgr_t)
-
-corecmd_exec_all_executables(cardmgr_t)
-
-dev_read_sysfs(cardmgr_t)
-dev_manage_cardmgr_dev(cardmgr_t)
-dev_filetrans_cardmgr(cardmgr_t)
-dev_getattr_all_chr_files(cardmgr_t)
-dev_getattr_all_blk_files(cardmgr_t)
-# for SSP
-dev_read_urand(cardmgr_t)
-
-domain_use_interactive_fds(cardmgr_t)
-# Read /proc/PID directories for all domains (for fuser).
-domain_read_confined_domains_state(cardmgr_t)
-domain_getattr_confined_domains(cardmgr_t)
-domain_dontaudit_ptrace_confined_domains(cardmgr_t)
-# cjp: these look excessive:
-domain_dontaudit_getattr_all_pipes(cardmgr_t)
-domain_dontaudit_getattr_all_sockets(cardmgr_t)
-
-files_search_kernel_modules(cardmgr_t)
-files_list_usr(cardmgr_t)
-files_search_home(cardmgr_t)
-files_read_etc_runtime_files(cardmgr_t)
-files_exec_etc_files(cardmgr_t)
-# for /var/lib/misc/pcmcia-scheme
-# would be better to have it in a different type if I knew how it was created..
-files_read_var_lib_files(cardmgr_t)
-# cjp: these look excessive:
-files_dontaudit_getattr_all_dirs(cardmgr_t)
-files_dontaudit_getattr_all_files(cardmgr_t)
-files_dontaudit_getattr_all_symlinks(cardmgr_t)
-files_dontaudit_getattr_all_pipes(cardmgr_t)
-files_dontaudit_getattr_all_sockets(cardmgr_t)
-
-fs_getattr_all_fs(cardmgr_t)
-fs_search_auto_mountpoints(cardmgr_t)
-
-term_use_unallocated_ttys(cardmgr_t)
-term_getattr_all_ttys(cardmgr_t)
-term_dontaudit_getattr_all_ptys(cardmgr_t)
-
-libs_exec_ld_so(cardmgr_t)
-libs_exec_lib_files(cardmgr_t)
-
-logging_send_syslog_msg(cardmgr_t)
-
-miscfiles_read_localization(cardmgr_t)
-
-modutils_domtrans_insmod(cardmgr_t)
-
-sysnet_domtrans_ifconfig(cardmgr_t)
-# for /etc/resolv.conf
-sysnet_etc_filetrans_config(cardmgr_t)
-sysnet_manage_config(cardmgr_t)
-
-userdom_use_user_terminals(cardmgr_t)
-userdom_dontaudit_use_unpriv_user_fds(cardmgr_t)
-userdom_dontaudit_search_user_home_dirs(cardmgr_t)
-
-optional_policy(`
-	seutil_dontaudit_read_config(cardmgr_t)
-	seutil_sigchld_newrole(cardmgr_t)
-')
-
-optional_policy(`
-	sysnet_domtrans_dhcpc(cardmgr_t)
-
-	sysnet_read_dhcpc_pid(cardmgr_t)
-	sysnet_delete_dhcpc_pid(cardmgr_t)
-	sysnet_kill_dhcpc(cardmgr_t)
-	sysnet_sigchld_dhcpc(cardmgr_t)
-	sysnet_signal_dhcpc(cardmgr_t)
-	sysnet_signull_dhcpc(cardmgr_t)
-	sysnet_sigstop_dhcpc(cardmgr_t)
-')
-
-optional_policy(`
-	udev_read_db(cardmgr_t)
-')
-
-# Create device files in /tmp.
-# cjp: why is this created all over the place?
-files_pid_filetrans(cardmgr_t, cardmgr_dev_t, { chr_file blk_file })
-files_tmp_filetrans(cardmgr_t, cardmgr_dev_t, { chr_file blk_file })
-filetrans_pattern(cardmgr_t, cardmgr_var_run_t, cardmgr_dev_t, { chr_file blk_file })
diff --git a/policy/modules/system/raid.fc b/policy/modules/system/raid.fc
deleted file mode 100644
index 42d3890..0000000
--- a/policy/modules/system/raid.fc
+++ /dev/null
@@ -1,7 +0,0 @@
-/dev/.mdadm\.map	--	gen_context(system_u:object_r:mdadm_var_run_t,s0)
-/dev/md(/.*)?			gen_context(system_u:object_r:mdadm_var_run_t,s0)
-
-/sbin/mdadm		--	gen_context(system_u:object_r:mdadm_exec_t,s0)
-/sbin/mdmpd		--	gen_context(system_u:object_r:mdadm_exec_t,s0)
-
-/var/run/mdadm(/.*)?		gen_context(system_u:object_r:mdadm_var_run_t,s0)
diff --git a/policy/modules/system/raid.if b/policy/modules/system/raid.if
deleted file mode 100644
index c817fda..0000000
--- a/policy/modules/system/raid.if
+++ /dev/null
@@ -1,49 +0,0 @@
-## <summary>RAID array management tools</summary>
-
-########################################
-## <summary>
-##	Execute software raid tools in the mdadm domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`raid_domtrans_mdadm',`
-	gen_require(`
-		type mdadm_t, mdadm_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, mdadm_exec_t, mdadm_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete the mdadm pid files.
-## </summary>
-## <desc>
-##	<p>
-##	Create, read, write, and delete the mdadm pid files.
-##	</p>
-##	<p>
-##	Added for use in the init module.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`raid_manage_mdadm_pid',`
-	gen_require(`
-		type mdadm_var_run_t;
-	')
-
-	# FIXME: maybe should have a type_transition.  not
-	# clear what this is doing, from the original
-	# mdadm policy
-	allow $1 mdadm_var_run_t:file manage_file_perms;
-')
diff --git a/policy/modules/system/raid.te b/policy/modules/system/raid.te
deleted file mode 100644
index 6500830..0000000
--- a/policy/modules/system/raid.te
+++ /dev/null
@@ -1,100 +0,0 @@
-policy_module(raid, 1.10.0)
-
-########################################
-#
-# Declarations
-#
-
-type mdadm_t;
-type mdadm_exec_t;
-init_daemon_domain(mdadm_t, mdadm_exec_t)
-role system_r types mdadm_t;
-
-type mdadm_var_run_t alias mdadm_map_t;
-files_pid_file(mdadm_var_run_t)
-dev_associate(mdadm_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow mdadm_t self:capability { dac_override sys_admin ipc_lock };
-dontaudit mdadm_t self:capability sys_tty_config;
-allow mdadm_t self:process { sigchld sigkill sigstop signull signal };
-allow mdadm_t self:fifo_file rw_fifo_file_perms;
-
-manage_dirs_pattern(mdadm_t, mdadm_var_run_t, mdadm_var_run_t)
-manage_files_pattern(mdadm_t, mdadm_var_run_t, mdadm_var_run_t)
-manage_sock_files_pattern(mdadm_t, mdadm_var_run_t, mdadm_var_run_t)
-files_pid_filetrans(mdadm_t, mdadm_var_run_t, { file dir })
-dev_filetrans(mdadm_t, mdadm_var_run_t, { file dir sock_file })
-
-kernel_read_system_state(mdadm_t)
-kernel_read_kernel_sysctls(mdadm_t)
-kernel_rw_software_raid_state(mdadm_t)
-kernel_getattr_core_if(mdadm_t)
-
-# Helper program access
-corecmd_exec_bin(mdadm_t)
-corecmd_exec_shell(mdadm_t)
-
-dev_read_sysfs(mdadm_t)
-# Ignore attempts to read every device file
-dev_dontaudit_getattr_all_blk_files(mdadm_t)
-dev_dontaudit_getattr_all_chr_files(mdadm_t)
-dev_dontaudit_getattr_generic_files(mdadm_t)
-dev_dontaudit_getattr_generic_chr_files(mdadm_t)
-dev_dontaudit_getattr_generic_blk_files(mdadm_t)
-dev_read_realtime_clock(mdadm_t)
-# unfortunately needed for DMI decoding:
-dev_read_raw_memory(mdadm_t)
-dev_read_generic_files(mdadm_t)
-
-domain_use_interactive_fds(mdadm_t)
-
-files_read_etc_files(mdadm_t)
-files_read_etc_runtime_files(mdadm_t)
-files_dontaudit_getattr_tmpfs_files(mdadm_t)
-
-fs_list_hugetlbfs(mdadm_t)
-fs_list_auto_mountpoints(mdadm_t)
-fs_dontaudit_list_tmpfs(mdadm_t)
-
-mls_file_read_all_levels(mdadm_t)
-mls_file_write_all_levels(mdadm_t)
-
-# RAID block device access
-storage_manage_fixed_disk(mdadm_t)
-storage_dev_filetrans_fixed_disk(mdadm_t)
-storage_read_scsi_generic(mdadm_t)
-
-term_dontaudit_list_ptys(mdadm_t)
-
-init_dontaudit_getattr_initctl(mdadm_t)
-
-logging_send_syslog_msg(mdadm_t)
-
-miscfiles_read_localization(mdadm_t)
-
-userdom_dontaudit_use_unpriv_user_fds(mdadm_t)
-userdom_dontaudit_search_user_home_content(mdadm_t)
-userdom_dontaudit_use_user_terminals(mdadm_t)
-
-mta_send_mail(mdadm_t)
-
-optional_policy(`
-	gpm_dontaudit_getattr_gpmctl(mdadm_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(mdadm_t)
-')
-
-optional_policy(`
-	udev_read_db(mdadm_t)
-')
-
-optional_policy(`
-	unconfined_domain(mdadm_t)
-')
diff --git a/policy/modules/system/selinuxutil.fc b/policy/modules/system/selinuxutil.fc
deleted file mode 100644
index 9e81136..0000000
--- a/policy/modules/system/selinuxutil.fc
+++ /dev/null
@@ -1,57 +0,0 @@
-# SELinux userland utilities
-
-#
-# /etc
-#
-/etc/selinux(/.*)?			gen_context(system_u:object_r:selinux_config_t,s0)
-/etc/selinux/([^/]*/)?contexts(/.*)?	gen_context(system_u:object_r:default_context_t,s0)
-/etc/selinux/([^/]*/)?contexts/files(/.*)? gen_context(system_u:object_r:file_context_t,s0)
-/etc/selinux/([^/]*/)?policy(/.*)?	gen_context(system_u:object_r:semanage_store_t,s0)
-/etc/selinux/([^/]*/)?setrans\.conf --	gen_context(system_u:object_r:selinux_config_t,mls_systemhigh)
-/etc/selinux/([^/]*/)?seusers	--	gen_context(system_u:object_r:selinux_config_t,s0)
-/etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
-/etc/selinux/([^/]*/)?modules/semanage\.read\.LOCK -- gen_context(system_u:object_r:semanage_read_lock_t,s0)
-/etc/selinux/([^/]*/)?modules/semanage\.trans\.LOCK -- gen_context(system_u:object_r:semanage_trans_lock_t,s0)
-/etc/selinux/([^/]*/)?users(/.*)? --	gen_context(system_u:object_r:selinux_config_t,s0)
-
-#
-# /root
-#
-/root/\.default_contexts	-- 	gen_context(system_u:object_r:default_context_t,s0)
-
-#
-# /sbin
-#
-/sbin/load_policy		--	gen_context(system_u:object_r:load_policy_exec_t,s0)
-/sbin/restorecon		--	gen_context(system_u:object_r:setfiles_exec_t,s0)
-/sbin/setfiles.*		--	gen_context(system_u:object_r:setfiles_exec_t,s0)
-
-#
-# /usr
-#
-/usr/bin/checkpolicy		--	gen_context(system_u:object_r:checkpolicy_exec_t,s0)
-/usr/bin/newrole		--	gen_context(system_u:object_r:newrole_exec_t,s0)
-
-/usr/lib(64)?/selinux(/.*)?		gen_context(system_u:object_r:policy_src_t,s0)
-
-/usr/sbin/load_policy		--	gen_context(system_u:object_r:load_policy_exec_t,s0)
-/usr/sbin/restorecond		--	gen_context(system_u:object_r:restorecond_exec_t,s0)
-/usr/sbin/run_init		--	gen_context(system_u:object_r:run_init_exec_t,s0)
-/usr/sbin/setfiles.*		--	gen_context(system_u:object_r:setfiles_exec_t,s0)
-/usr/sbin/setsebool		--	gen_context(system_u:object_r:setsebool_exec_t,s0)
-/usr/sbin/semanage		--	gen_context(system_u:object_r:semanage_exec_t,s0)
-/usr/sbin/semodule		--	gen_context(system_u:object_r:semanage_exec_t,s0)
-/usr/share/system-config-selinux/system-config-selinux-dbus\.py		--	gen_context(system_u:object_r:semanage_exec_t,s0)
-
-#
-# /var/run
-#
-/var/run/restorecond\.pid	--	gen_context(system_u:object_r:restorecond_var_run_t,s0)
-
-#
-# /var/lib
-#
-/var/lib/selinux(/.*)?			gen_context(system_u:object_r:selinux_var_lib_t,s0)
-
-/etc/share/selinux/targeted(/.*)?	gen_context(system_u:object_r:semanage_store_t,s0)
-/etc/share/selinux/mls(/.*)?		gen_context(system_u:object_r:semanage_store_t,s0)
diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
deleted file mode 100644
index bbaa8cf..0000000
--- a/policy/modules/system/selinuxutil.if
+++ /dev/null
@@ -1,1491 +0,0 @@
-## <summary>Policy for SELinux policy and userland applications.</summary>
-
-#######################################
-## <summary>
-##	Execute checkpolicy in the checkpolicy domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`seutil_domtrans_checkpolicy',`
-	gen_require(`
-		type checkpolicy_t, checkpolicy_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, checkpolicy_exec_t, checkpolicy_t)
-')
-
-########################################
-## <summary>
-##	Execute checkpolicy in the checkpolicy domain, and
-##	allow the specified role the checkpolicy domain,
-##	and use the caller's terminal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_run_checkpolicy',`
-	gen_require(`
-		type checkpolicy_t;
-	')
-
-	seutil_domtrans_checkpolicy($1)
-	role $2 types checkpolicy_t;
-')
-
-########################################
-## <summary>
-##	Execute checkpolicy in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_exec_checkpolicy',`
-	gen_require(`
-		type checkpolicy_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	can_exec($1, checkpolicy_exec_t)
-')
-
-#######################################
-## <summary>
-##	Execute load_policy in the load_policy domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`seutil_domtrans_loadpolicy',`
-	gen_require(`
-		type load_policy_t, load_policy_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, load_policy_exec_t, load_policy_t)
-
-	ifdef(`hide_broken_symptoms', `
-		dontaudit load_policy_t $1:socket_class_set { read write };
-	')
-')
-
-########################################
-## <summary>
-##	Execute load_policy in the load_policy domain, and
-##	allow the specified role the load_policy domain,
-##	and use the caller's terminal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_run_loadpolicy',`
-	gen_require(`
-		type load_policy_t;
-	')
-
-	seutil_domtrans_loadpolicy($1)
-	role $2 types load_policy_t;
-')
-
-########################################
-## <summary>
-##	Execute load_policy in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_exec_loadpolicy',`
-	gen_require(`
-		type load_policy_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, load_policy_exec_t)
-')
-
-########################################
-## <summary>
-##	Read the load_policy program file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_read_loadpolicy',`
-	gen_require(`
-		type load_policy_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	allow $1 load_policy_exec_t:file read_file_perms;
-')
-
-#######################################
-## <summary>
-##	Execute newrole in the newole domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`seutil_domtrans_newrole',`
-	gen_require(`
-		type newrole_t, newrole_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, newrole_exec_t, newrole_t)
-')
-
-########################################
-## <summary>
-##	Execute newrole in the newrole domain, and
-##	allow the specified role the newrole domain,
-##	and use the caller's terminal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_run_newrole',`
-	gen_require(`
-		type newrole_t;
-	')
-
-	seutil_domtrans_newrole($1)
-	role $2 types newrole_t;
-
-	auth_run_upd_passwd(newrole_t, $2)
-')
-
-########################################
-## <summary>
-##	Execute newrole in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_exec_newrole',`
-	gen_require(`
-		type newrole_t, newrole_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	can_exec($1, newrole_exec_t)
-')
-
-########################################
-## <summary>
-##	Do not audit the caller attempts to send
-##	a signal to newrole.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`seutil_dontaudit_signal_newrole',`
-	gen_require(`
-		type newrole_t;
-	')
-
-	dontaudit $1 newrole_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send a SIGCHLD signal to newrole.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to send a SIGCHLD
-##	signal to newrole.  This signal is automatically
-##	sent from a process that is terminating to
-##	its parent.  This may be needed by domains
-##	that are executed from newrole.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="write" weight="1"/>
-#
-interface(`seutil_sigchld_newrole',`
-	gen_require(`
-		type newrole_t;
-	')
-
-	allow $1 newrole_t:process sigchld;
-')
-
-########################################
-## <summary>
-##	Inherit and use newrole file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_use_newrole_fds',`
-	gen_require(`
-		type newrole_t;
-	')
-
-	allow $1 newrole_t:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to inherit and use
-##	newrole file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`seutil_dontaudit_use_newrole_fds',`
-	gen_require(`
-		type newrole_t;
-	')
-
-	dontaudit $1 newrole_t:fd use;
-')
-
-#######################################
-## <summary>
-##	Execute restorecon in the restorecon domain.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`seutil_domtrans_restorecon',`
-	refpolicywarn(`$0($*) has been deprecated, please use seutil_domtrans_setfiles() instead.')
-	seutil_domtrans_setfiles($1)
-')
-
-########################################
-## <summary>
-##	Execute restorecon in the restorecon domain, and
-##	allow the specified role the restorecon domain,
-##	and use the caller's terminal.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_run_restorecon',`
-	refpolicywarn(`$0($*) has been deprecated, please use seutil_run_setfiles() instead.')
-	seutil_run_setfiles($1,$2)
-')
-
-########################################
-## <summary>
-##	Execute restorecon in the caller domain.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_exec_restorecon',`
-	refpolicywarn(`$0($*) has been deprecated, please use seutil_exec_setfiles() instead.')
-	seutil_exec_setfiles($1)
-')
-
-########################################
-## <summary>
-##	Execute restorecond in the caller domain. 
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_exec_restorecond',`
-	gen_require(`
-		type restorecond_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	can_exec($1, restorecond_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute run_init in the run_init domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`seutil_domtrans_runinit',`
-	gen_require(`
-		type run_init_t, run_init_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, run_init_exec_t, run_init_t)
-')
-
-########################################
-## <summary>
-##	Execute init scripts in the run_init domain.
-## </summary>
-## <desc>
-##	<p>
-##	Execute init scripts in the run_init domain.
-##	This is used for the Gentoo integrated run_init.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`seutil_init_script_domtrans_runinit',`
-	gen_require(`
-		type run_init_t;
-	')
-
-	init_script_file_domtrans($1, run_init_t)
-
-	allow run_init_t $1:fd use;
-	allow run_init_t $1:fifo_file rw_file_perms;
-	allow run_init_t $1:process sigchld;
-')
-
-########################################
-## <summary>
-##	Execute run_init in the run_init domain, and
-##	allow the specified role the run_init domain,
-##	and use the caller's terminal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_run_runinit',`
-	gen_require(`
-		type run_init_t;
-		role system_r;
-	')
-
-	auth_run_chk_passwd(run_init_t, $2)
-	seutil_domtrans_runinit($1)
-	role $2 types run_init_t;
-
-	allow $2 system_r;
-')
-
-########################################
-## <summary>
-##	Execute init scripts in the run_init domain, and
-##	allow the specified role the run_init domain,
-##	and use the caller's terminal.
-## </summary>
-## <desc>
-##	<p>
-##	Execute init scripts in the run_init domain, and
-##	allow the specified role the run_init domain,
-##	and use the caller's terminal.
-##	</p>
-##	<p>
-##	This is used for the Gentoo integrated run_init.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_init_script_run_runinit',`
-	gen_require(`
-		type run_init_t;
-		role system_r;
-	')
-
-	auth_run_chk_passwd(run_init_t, $2)
-	seutil_init_script_domtrans_runinit($1)
-	role $2 types run_init_t;
-
-	allow $2 system_r;
-')
-
-########################################
-## <summary>
-##	Inherit and use run_init file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_use_runinit_fds',`
-	gen_require(`
-		type run_init_t;
-	')
-
-	allow $1 run_init_t:fd use;
-')
-
-########################################
-## <summary>
-##	Execute setfiles in the setfiles domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`seutil_domtrans_setfiles',`
-	gen_require(`
-		type setfiles_t, setfiles_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, setfiles_exec_t, setfiles_t)
-
-	ifdef(`hide_broken_symptoms', `
-		dontaudit setfiles_t $1:socket_class_set { read write };
-	')
-')
-
-########################################
-## <summary>
-##	Execute setfiles in the setfiles domain, and
-##	allow the specified role the setfiles domain,
-##	and use the caller's terminal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_run_setfiles',`
-	gen_require(`
-		type setfiles_t;
-	')
-
-	seutil_domtrans_setfiles($1)
-	role $2 types setfiles_t;
-')
-
-########################################
-## <summary>
-##	Execute setfiles in the setfiles domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_domtrans_setfiles_mac',`
-	gen_require(`
-		type setfiles_mac_t, setfiles_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, setfiles_exec_t, setfiles_mac_t)
-')
-
-########################################
-## <summary>
-##	Execute setfiles in the setfiles_mac domain, and
-##	allow the specified role the setfiles_mac domain,
-##	and use the caller's terminal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed the setfiles_mac domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_run_setfiles_mac',`
-	gen_require(`
-		type setfiles_mac_t;
-	')
-
-	seutil_domtrans_setfiles_mac($1)
-	role $2 types setfiles_mac_t;
-')
-
-########################################
-## <summary>
-##	Execute setfiles in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_exec_setfiles',`
-	gen_require(`
-		type setfiles_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	can_exec($1, setfiles_exec_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search the SELinux
-##	configuration directory (/etc/selinux).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`seutil_dontaudit_search_config',`
-	gen_require(`
-		type selinux_config_t;
-	')
-
-	dontaudit $1 selinux_config_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read the SELinux
-##	userland configuration (/etc/selinux).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`seutil_dontaudit_read_config',`
-	gen_require(`
-		type selinux_config_t;
-	')
-
-	dontaudit $1 selinux_config_t:dir search_dir_perms;
-	dontaudit $1 selinux_config_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Read the general SELinux configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_read_config',`
-	gen_require(`
-		type selinux_config_t;
-	')
-
-	files_search_etc($1)
-	allow $1 selinux_config_t:dir list_dir_perms;
-	read_files_pattern($1, selinux_config_t, selinux_config_t)
-	read_lnk_files_pattern($1, selinux_config_t, selinux_config_t)
-')
-
-########################################
-## <summary>
-##	Read and write the general SELinux configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_rw_config',`
-	gen_require(`
-		type selinux_config_t;
-	')
-
-	files_search_etc($1)
-	allow $1 selinux_config_t:dir list_dir_perms;
-	rw_files_pattern($1, selinux_config_t, selinux_config_t)
-')
-
-#######################################
-## <summary>
-##	Create, read, write, and delete
-##	the general selinux configuration files.  (Deprecated)
-## </summary>
-## <desc>
-##	<p>
-##	Create, read, write, and delete
-##	the general selinux configuration files.
-##	</p>
-##	<p>
-##	This interface has been deprecated, please
-##	use the seutil_manage_config() interface instead.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_manage_selinux_config',`
-	refpolicywarn(`$0($*) has been deprecated. Please use seutil_manage_config() instead.')
-	seutil_manage_config($1)
-')
-
-#######################################
-## <summary>
-##	Create, read, write, and delete
-##	the general selinux configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_manage_config',`
-	gen_require(`
-		type selinux_config_t;
-	')
-
-	files_search_etc($1)
-	manage_dirs_pattern($1, selinux_config_t, selinux_config_t)
-	manage_files_pattern($1, selinux_config_t, selinux_config_t)
-	read_lnk_files_pattern($1, selinux_config_t, selinux_config_t)
-')
-
-#######################################
-## <summary>
-##	Create, read, write, and delete
-##	the general selinux configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_manage_config_dirs',`
-	gen_require(`
-		type selinux_config_t;
-	')
-
-	files_search_etc($1)
-	allow $1 selinux_config_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Search the policy directory with default_context files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_search_default_contexts',`
-	gen_require(`
-		type selinux_config_t, default_context_t;
-	')
-
-	files_search_etc($1)
-	search_dirs_pattern($1, selinux_config_t, default_context_t)
-')
-
-########################################
-## <summary>
-##	Read the default_contexts files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_read_default_contexts',`
-	gen_require(`
-		type selinux_config_t, default_context_t;
-	')
-
-	files_search_etc($1)
-	allow $1 selinux_config_t:dir search_dir_perms;
-	allow $1 default_context_t:dir list_dir_perms;
-	read_files_pattern($1, default_context_t, default_context_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete the default_contexts files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_manage_default_contexts',`
-	gen_require(`
-		type selinux_config_t, default_context_t;
-	')
-
-	files_search_etc($1)
-	allow $1 selinux_config_t:dir search_dir_perms;
-	manage_files_pattern($1, default_context_t, default_context_t)
-')
-
-########################################
-## <summary>
-##	Read the file_contexts files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_read_file_contexts',`
-	gen_require(`
-		type selinux_config_t, default_context_t, file_context_t;
-	')
-
-	files_search_etc($1)
-	allow $1 { selinux_config_t default_context_t }:dir search_dir_perms;
-	read_files_pattern($1, file_context_t, file_context_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read the file_contexts files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_dontaudit_read_file_contexts',`
-	gen_require(`
-		type selinux_config_t, default_context_t, file_context_t;
-	')
-
-	dontaudit $1 { selinux_config_t default_context_t file_context_t }:dir search_dir_perms;
-	dontaudit $1 file_context_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write the file_contexts files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_rw_file_contexts',`
-	gen_require(`
-		type selinux_config_t, file_context_t, default_context_t;
-	')
-
-	files_search_etc($1)
-	allow $1 { selinux_config_t default_context_t }:dir search_dir_perms;
-	rw_files_pattern($1, file_context_t, file_context_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete the file_contexts files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_manage_file_contexts',`
-	gen_require(`
-		type selinux_config_t, file_context_t, default_context_t;
-	')
-
-	files_search_etc($1)
-	allow $1 { selinux_config_t default_context_t }:dir search_dir_perms;
-	manage_files_pattern($1, file_context_t, file_context_t)
-')
-
-########################################
-## <summary>
-##	Read the SELinux binary policy.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_read_bin_policy',`
-	gen_require(`
-		type selinux_config_t, policy_config_t;
-	')
-
-	files_search_etc($1)
-	allow $1 selinux_config_t:dir search_dir_perms;
-	read_files_pattern($1, policy_config_t, policy_config_t)
-')
-
-########################################
-## <summary>
-##	Create the SELinux binary policy.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_create_bin_policy',`
-	gen_require(`
-#		attribute can_write_binary_policy;
-		type selinux_config_t, policy_config_t;
-	')
-
-	files_search_etc($1)
-	allow $1 selinux_config_t:dir search_dir_perms;
-	create_files_pattern($1, policy_config_t, policy_config_t)
-	write_files_pattern($1, policy_config_t, policy_config_t)
-#	typeattribute $1 can_write_binary_policy;
-')
-
-########################################
-## <summary>
-##	Allow the caller to relabel a file to the binary policy type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_relabelto_bin_policy',`
-	gen_require(`
-		attribute can_relabelto_binary_policy;
-		type policy_config_t;
-	')
-
-	allow $1 policy_config_t:file relabelto;
-	typeattribute $1 can_relabelto_binary_policy;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete the SELinux
-##	binary policy.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_manage_bin_policy',`
-	gen_require(`
-		attribute can_write_binary_policy;
-		type selinux_config_t, policy_config_t;
-	')
-
-	files_search_etc($1)
-	allow $1 selinux_config_t:dir search_dir_perms;
-	manage_files_pattern($1, policy_config_t, policy_config_t)
-	typeattribute $1 can_write_binary_policy;
-')
-
-########################################
-## <summary>
-##	Read SELinux policy source files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_read_src_policy',`
-	gen_require(`
-		type selinux_config_t, policy_src_t;
-	')
-
-	files_search_etc($1)
-	list_dirs_pattern($1, selinux_config_t, policy_src_t)
-	read_files_pattern($1, policy_src_t, policy_src_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete SELinux
-##	policy source files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_manage_src_policy',`
-	gen_require(`
-		type selinux_config_t, policy_src_t;
-	')
-
-	files_search_etc($1)
-	allow $1 selinux_config_t:dir search_dir_perms;
-	manage_dirs_pattern($1, policy_src_t, policy_src_t)
-	manage_files_pattern($1, policy_src_t, policy_src_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run semanage.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`seutil_domtrans_semanage',`
-	gen_require(`
-		type semanage_t, semanage_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, semanage_exec_t, semanage_t)
-
-	ifdef(`hide_broken_symptoms', `
-		dontaudit semanage_t $1:socket_class_set { read write };
-	')
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run setsebool.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`seutil_domtrans_setsebool',`
-	gen_require(`
-		type setsebool_t, setsebool_exec_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_bin($1)
-	domtrans_pattern($1, setsebool_exec_t, setsebool_t)
-')
-
-########################################
-## <summary>
-##	Execute semanage in the semanage domain, and
-##	allow the specified role the semanage domain,
-##	and use the caller's terminal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_run_semanage',`
-	gen_require(`
-		type semanage_t;
-	')
-
-	seutil_domtrans_semanage($1)
-	seutil_run_setfiles(semanage_t, $2)
-	seutil_run_loadpolicy(semanage_t, $2)
-	role $2 types semanage_t;
-')
-
-########################################
-## <summary>
-##	Execute setsebool in the semanage domain, and
-##	allow the specified role the semanage domain,
-##	and use the caller's terminal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed the setsebool domain.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`seutil_run_setsebool',`
-	gen_require(`
-		type semanage_t;
-	')
-
-	seutil_domtrans_setsebool($1)
-	role $2 types setsebool_t;
-')
-
-########################################
-## <summary>
-##	Full management of the semanage
-##	module store.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_read_module_store',`
-	gen_require(`
-		type selinux_config_t, semanage_store_t;
-	')
-
-	files_search_etc($1)
-	list_dirs_pattern($1, selinux_config_t, semanage_store_t)
-	read_files_pattern($1, semanage_store_t, semanage_store_t)
-')
-
-########################################
-## <summary>
-##	Full management of the semanage
-##	module store.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_manage_module_store',`
-	gen_require(`
-		type selinux_config_t, semanage_store_t;
-	')
-
-	files_search_etc($1)
-	manage_dirs_pattern($1, selinux_config_t, semanage_store_t)
-	manage_files_pattern($1, semanage_store_t, semanage_store_t)
-	filetrans_pattern($1, selinux_config_t, semanage_store_t, dir)
-')
-
-#######################################
-## <summary>
-##	Get read lock on module store
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_get_semanage_read_lock',`
-	gen_require(`
-		type selinux_config_t, semanage_read_lock_t;
-	')
-
-	files_search_etc($1)
-	rw_files_pattern($1, selinux_config_t, semanage_read_lock_t)
-')
-
-#######################################
-## <summary>
-##	Get trans lock on module store
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_get_semanage_trans_lock',`
-	gen_require(`
-		type selinux_config_t, semanage_trans_lock_t;
-	')
-
-	files_search_etc($1)
-	rw_files_pattern($1, selinux_config_t, semanage_trans_lock_t)
-')
-
-########################################
-## <summary>
-##	SELinux-enabled program access for
-##	libselinux-linked programs.
-## </summary>
-## <desc>
-##	<p>
-##	SELinux-enabled programs are typically
-##	linked to the libselinux library.  This
-##	interface will allow access required for
-##	the libselinux constructor to function.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_libselinux_linked',`
-	selinux_get_fs_mount($1)
-	seutil_read_config($1)
-')
-
-########################################
-## <summary>
-##	Do not audit SELinux-enabled program access for
-##	libselinux-linked programs.
-## </summary>
-## <desc>
-##	<p>
-##	SELinux-enabled programs are typically
-##	linked to the libselinux library.  This
-##	interface will dontaudit access required for
-##	the libselinux constructor to function.
-##	</p>
-##	<p>
-##	Generally this should not be used on anything
-##	but simple SELinux-enabled programs that do not
-##	rely on data initialized by the libselinux
-##	constructor.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`seutil_dontaudit_libselinux_linked',`
-	selinux_dontaudit_get_fs_mount($1)
-	seutil_dontaudit_read_config($1)
-')
-
-#######################################
-## <summary>
-##	All rules necessary to run semanage command
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_semanage_policy',`
-	gen_require(`
-		type semanage_tmp_t;
-		type policy_config_t;
-	')
-	allow $1 self:capability { dac_override sys_resource };
-	dontaudit $1 self:capability sys_tty_config;
-	allow $1 self:process signal;
-	allow $1 self:unix_stream_socket create_stream_socket_perms;
-	allow $1 self:unix_dgram_socket create_socket_perms;
-	logging_send_audit_msgs($1)
-
-	# Running genhomedircon requires this for finding all users
-	auth_use_nsswitch($1)
-
-	allow $1 policy_config_t:file { read write };
-
-	allow $1 semanage_tmp_t:dir manage_dir_perms;
-	allow $1 semanage_tmp_t:file manage_file_perms;
-	files_tmp_filetrans($1, semanage_tmp_t, { file dir })
-
-	kernel_read_system_state($1)
-	kernel_read_kernel_sysctls($1)
-
-	corecmd_exec_bin($1)
-	corecmd_exec_shell($1)
-
-	dev_read_urand($1)
-
-	domain_use_interactive_fds($1)
-
-	files_read_etc_files($1)
-	files_read_etc_runtime_files($1)
-	files_read_usr_files($1)
-	files_list_pids($1)
-	fs_list_inotifyfs($1)
-	fs_getattr_all_fs($1)
-
-	mls_file_write_all_levels($1)
-	mls_file_read_all_levels($1)
-
-	selinux_getattr_fs($1)
-	selinux_validate_context($1)
-	selinux_get_enforce_mode($1)
-
-	term_use_all_terms($1)
-
-	locallogin_use_fds($1)
-
-	logging_send_syslog_msg($1)
-
-	miscfiles_read_localization($1)
-
-	seutil_search_default_contexts($1)
-	seutil_domtrans_loadpolicy($1)
-	seutil_read_config($1)
-	seutil_manage_bin_policy($1)
-	seutil_use_newrole_fds($1)
-	seutil_manage_module_store($1)
-	seutil_get_semanage_trans_lock($1)
-	seutil_get_semanage_read_lock($1)
-
-	userdom_dontaudit_write_user_home_content_files($1)
-
-')
-
-
-#######################################
-## <summary>
-##	All rules necessary to run setfiles command
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`seutil_setfiles',`
-
-allow $1 self:capability { dac_override dac_read_search fowner };
-dontaudit $1 self:capability sys_tty_config;
-allow $1 self:fifo_file rw_file_perms;
-dontaudit $1 self:dir relabelfrom;
-dontaudit $1 self:file relabelfrom;
-dontaudit $1 self:lnk_file relabelfrom;
-
-
-allow $1 { policy_src_t policy_config_t file_context_t default_context_t }:dir list_dir_perms;
-allow $1 { policy_src_t policy_config_t file_context_t default_context_t }:file read_file_perms;
-allow $1 { policy_src_t policy_config_t file_context_t default_context_t }:lnk_file { read_lnk_file_perms ioctl lock };
-
-logging_send_audit_msgs($1)
-
-kernel_read_system_state($1)
-kernel_relabelfrom_unlabeled_dirs($1)
-kernel_relabelfrom_unlabeled_files($1)
-kernel_relabelfrom_unlabeled_symlinks($1)
-kernel_relabelfrom_unlabeled_pipes($1)
-kernel_relabelfrom_unlabeled_sockets($1)
-kernel_use_fds($1)
-kernel_rw_pipes($1)
-kernel_rw_unix_dgram_sockets($1)
-kernel_dontaudit_list_all_proc($1)
-kernel_read_all_sysctls($1)
-kernel_read_network_state_symlinks($1)
-
-dev_relabel_all_dev_nodes($1)
-
-domain_use_interactive_fds($1)
-domain_read_all_domains_state($1)
- 
-files_read_etc_runtime_files($1)
-files_read_etc_files($1)
-files_list_all($1)
-files_relabel_all_files($1)
-files_list_isid_type_dirs($1)
-files_read_isid_type_files($1)
-files_dontaudit_read_all_symlinks($1)
-
-fs_getattr_xattr_fs($1)
-fs_list_all($1)
-fs_getattr_all_files($1)
-fs_search_auto_mountpoints($1)
-fs_relabelfrom_noxattr_fs($1)
-
-mls_file_read_all_levels($1)
-mls_file_write_all_levels($1)
-mls_file_upgrade($1)
-mls_file_downgrade($1)
-
-selinux_validate_context($1)
-selinux_compute_access_vector($1)
-selinux_compute_create_context($1)
-selinux_compute_relabel_context($1)
-selinux_compute_user_contexts($1)
-
-term_use_all_terms($1)
-
-# this is to satisfy the assertion:
-auth_relabelto_shadow($1)
-
-init_use_fds($1)
-init_use_script_fds($1)
-init_use_script_ptys($1)
-init_exec_script_files($1)
-
-logging_send_syslog_msg($1)
-
-miscfiles_read_localization($1)
-
-seutil_libselinux_linked($1)
-
-userdom_use_all_users_fds($1)
-# for config files in a home directory
-userdom_read_user_home_content_files($1)
-
-ifdef(`distro_debian',`
-	# udev tmpfs is populated with static device nodes
-	# and then relabeled afterwards; thus
-	# /dev/console has the tmpfs type
-	fs_rw_tmpfs_chr_files($1)
-')
-
-ifdef(`distro_redhat',`
-	fs_rw_tmpfs_chr_files($1)
-	fs_rw_tmpfs_blk_files($1)
-	fs_relabel_tmpfs_blk_file($1)
-	fs_relabel_tmpfs_chr_file($1)
-')
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain($1)
-	')
-')
-
-optional_policy(`
-	hotplug_use_fds($1)
-')
-')
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
deleted file mode 100644
index edee963..0000000
--- a/policy/modules/system/selinuxutil.te
+++ /dev/null
@@ -1,541 +0,0 @@
-policy_module(selinuxutil, 1.14.0)
-
-gen_require(`
-	bool secure_mode;
-')
-
-########################################
-#
-# Declarations
-#
-
-attribute can_write_binary_policy;
-attribute can_relabelto_binary_policy;
-
-#
-# selinux_config_t is the type applied to
-# /etc/selinux/config
-#
-# cjp: this is out of order due to rules
-# in the domain_type interface
-# (fix dup decl)
-type selinux_config_t;
-files_type(selinux_config_t)
-
-type selinux_var_lib_t;
-files_type(selinux_var_lib_t)
-
-type checkpolicy_t, can_write_binary_policy;
-type checkpolicy_exec_t;
-application_domain(checkpolicy_t, checkpolicy_exec_t)
-role system_r types checkpolicy_t;
-
-#
-# default_context_t is the type applied to
-# /etc/selinux/*/contexts/*
-#
-type default_context_t;
-files_type(default_context_t) 
-
-#
-# file_context_t is the type applied to
-# /etc/selinux/*/contexts/files
-#
-type file_context_t;
-files_type(file_context_t)
-
-type load_policy_t;
-type load_policy_exec_t;
-application_domain(load_policy_t, load_policy_exec_t)
-role system_r types load_policy_t;
-
-type newrole_t;
-type newrole_exec_t;
-application_domain(newrole_t, newrole_exec_t)
-domain_role_change_exemption(newrole_t)
-domain_obj_id_change_exemption(newrole_t)
-domain_interactive_fd(newrole_t)
-
-#
-# policy_config_t is the type of /etc/security/selinux/*
-# the security server policy configuration.
-#
-#type policy_config_t;
-#files_type(policy_config_t)
-typealias semanage_store_t alias policy_config_t;
-
-neverallow ~can_relabelto_binary_policy policy_config_t:file relabelto;
-#neverallow ~can_write_binary_policy policy_config_t:file { write append };
-
-#
-# policy_src_t is the type of the policy source
-# files.
-#
-type policy_src_t;
-files_type(policy_src_t)
-
-type restorecond_t;
-type restorecond_exec_t;
-init_daemon_domain(restorecond_t, restorecond_exec_t)
-domain_obj_id_change_exemption(restorecond_t)
-
-type restorecond_var_run_t;
-files_pid_file(restorecond_var_run_t)
-
-type run_init_t;
-type run_init_exec_t;
-application_domain(run_init_t, run_init_exec_t)
-domain_system_change_exemption(run_init_t)
-role system_r types run_init_t;
-
-type semanage_t;
-type semanage_exec_t;
-application_domain(semanage_t, semanage_exec_t)
-dbus_system_domain(semanage_t, semanage_exec_t)
-domain_interactive_fd(semanage_t)
-role system_r types semanage_t;
-
-type setsebool_t;
-type setsebool_exec_t;
-init_system_domain(setsebool_t, setsebool_exec_t)
-
-type semanage_store_t;
-files_type(semanage_store_t)
-
-type semanage_read_lock_t;
-files_type(semanage_read_lock_t)
-
-type semanage_tmp_t; 
-files_tmp_file(semanage_tmp_t)
-
-type semanage_trans_lock_t; 
-files_type(semanage_trans_lock_t)
-
-type setfiles_t alias restorecon_t, can_relabelto_binary_policy;
-type setfiles_exec_t alias restorecon_exec_t;
-init_system_domain(setfiles_t, setfiles_exec_t)
-domain_obj_id_change_exemption(setfiles_t)
-
-type setfiles_mac_t;
-domain_type(setfiles_mac_t)
-domain_entry_file(setfiles_mac_t, setfiles_exec_t)
-domain_obj_id_change_exemption(setfiles_mac_t)
-
-########################################
-#
-# Checkpolicy local policy
-#
-
-allow checkpolicy_t self:capability dac_override;
-
-# able to create and modify binary policy files
-manage_files_pattern(checkpolicy_t, policy_config_t, policy_config_t)
-
-# allow test policies to be created in src directories
-filetrans_add_pattern(checkpolicy_t, policy_src_t, policy_config_t, file)
-
-# only allow read of policy source files
-read_files_pattern(checkpolicy_t, policy_src_t, policy_src_t)
-read_lnk_files_pattern(checkpolicy_t, policy_src_t, policy_src_t)
-allow checkpolicy_t selinux_config_t:dir search_dir_perms;
-
-domain_use_interactive_fds(checkpolicy_t)
-
-files_list_usr(checkpolicy_t)
-# directory search permissions for path to source and binary policy files
-files_search_etc(checkpolicy_t)
-
-fs_getattr_xattr_fs(checkpolicy_t)
-
-term_use_console(checkpolicy_t)
-
-init_use_fds(checkpolicy_t)
-init_use_script_ptys(checkpolicy_t)
-
-userdom_use_user_terminals(checkpolicy_t)
-userdom_use_all_users_fds(checkpolicy_t)
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(checkpolicy_t)
-	')
-')
-
-########################################
-#
-# Load_policy local policy
-#
-
-allow load_policy_t self:capability dac_override;
-
-# only allow read of policy config files
-read_files_pattern(load_policy_t,{ policy_src_t policy_config_t },policy_config_t)
-
-domain_use_interactive_fds(load_policy_t)
-
-# for mcs.conf
-files_read_etc_files(load_policy_t)
-files_read_etc_runtime_files(load_policy_t)
-
-fs_getattr_xattr_fs(load_policy_t)
-
-mls_file_read_all_levels(load_policy_t)
-
-selinux_load_policy(load_policy_t)
-selinux_set_all_booleans(load_policy_t)
-
-term_use_console(load_policy_t)
-term_list_ptys(load_policy_t)
-
-init_use_script_fds(load_policy_t)
-init_use_script_ptys(load_policy_t)
-init_write_script_pipes(load_policy_t)
-
-miscfiles_read_localization(load_policy_t)
-
-seutil_libselinux_linked(load_policy_t)
-
-userdom_use_user_terminals(load_policy_t)
-userdom_use_all_users_fds(load_policy_t)
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(load_policy_t)
-	')
-')
-
-ifdef(`hide_broken_symptoms',`
-	# cjp: cover up stray file descriptors.
-	dontaudit load_policy_t selinux_config_t:file write;
-
-	optional_policy(`
-		unconfined_dontaudit_read_pipes(load_policy_t)
-	')
-')
-
-########################################
-#
-# Newrole local policy
-#
-
-allow newrole_t self:capability { fowner setuid setgid dac_override };
-allow newrole_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
-allow newrole_t self:process setexec;
-allow newrole_t self:fd use;
-allow newrole_t self:fifo_file rw_fifo_file_perms;
-allow newrole_t self:sock_file read_sock_file_perms;
-allow newrole_t self:shm create_shm_perms;
-allow newrole_t self:sem create_sem_perms;
-allow newrole_t self:msgq create_msgq_perms;
-allow newrole_t self:msg { send receive };
-allow newrole_t self:unix_dgram_socket sendto;
-allow newrole_t self:unix_stream_socket { create_stream_socket_perms connectto };
-logging_send_audit_msgs(newrole_t)
-
-read_files_pattern(newrole_t, default_context_t, default_context_t)
-read_lnk_files_pattern(newrole_t, default_context_t, default_context_t)
-
-kernel_read_system_state(newrole_t)
-kernel_read_kernel_sysctls(newrole_t)
-
-corecmd_list_bin(newrole_t)
-corecmd_read_bin_symlinks(newrole_t)
-
-dev_read_urand(newrole_t)
-
-domain_use_interactive_fds(newrole_t)
-# for when the user types "exec newrole" at the command line:
-domain_sigchld_interactive_fds(newrole_t)
-
-files_read_etc_files(newrole_t)
-files_read_var_files(newrole_t)
-files_read_var_symlinks(newrole_t)
-
-fs_getattr_xattr_fs(newrole_t)
-fs_search_auto_mountpoints(newrole_t)
-
-mls_file_read_all_levels(newrole_t)
-mls_file_write_all_levels(newrole_t)
-mls_file_upgrade(newrole_t)
-mls_file_downgrade(newrole_t)
-mls_process_set_level(newrole_t)
-mls_fd_share_all_levels(newrole_t)
-
-selinux_validate_context(newrole_t)
-selinux_compute_access_vector(newrole_t)
-selinux_compute_create_context(newrole_t)
-selinux_compute_relabel_context(newrole_t)
-selinux_compute_user_contexts(newrole_t)
-
-term_use_all_ttys(newrole_t)
-term_use_all_ptys(newrole_t)
-term_relabel_all_ttys(newrole_t)
-term_relabel_all_ptys(newrole_t)
-term_getattr_unallocated_ttys(newrole_t)
-term_dontaudit_use_unallocated_ttys(newrole_t)
-
-auth_use_pam(newrole_t)
-
-# Write to utmp.
-init_rw_utmp(newrole_t)
-init_use_fds(newrole_t)
-
-miscfiles_read_localization(newrole_t)
-
-seutil_libselinux_linked(newrole_t)
-
-userdom_use_unpriv_users_fds(newrole_t)
-# for some PAM modules and for cwd
-userdom_dontaudit_search_user_home_content(newrole_t)
-userdom_search_user_home_dirs(newrole_t)
-
-optional_policy(`
-	xserver_dontaudit_exec_xauth(newrole_t)
-')
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(newrole_t)
-	')
-')
-
-# if secure mode is enabled, then newrole
-# can only transition to unprivileged users
-if(secure_mode) {
-	userdom_spec_domtrans_unpriv_users(newrole_t)
-} else {
-	userdom_spec_domtrans_all_users(newrole_t)
-}
-
-tunable_policy(`allow_polyinstantiation',`
-	files_polyinstantiate_all(newrole_t)
-')
-
-########################################
-#
-# Restorecond local policy
-#
-
-allow restorecond_t self:capability { dac_override dac_read_search fowner };
-allow restorecond_t self:fifo_file rw_fifo_file_perms;
-
-allow restorecond_t restorecond_var_run_t:file manage_file_perms;
-files_pid_filetrans(restorecond_t, restorecond_var_run_t, file)
-
-kernel_use_fds(restorecond_t)
-kernel_rw_pipes(restorecond_t)
-kernel_read_system_state(restorecond_t)
-
-files_dontaudit_read_all_symlinks(restorecond_t)
-
-fs_relabelfrom_noxattr_fs(restorecond_t)
-fs_dontaudit_list_nfs(restorecond_t)
-fs_getattr_xattr_fs(restorecond_t)
-fs_list_inotifyfs(restorecond_t)
-
-selinux_validate_context(restorecond_t)
-selinux_compute_access_vector(restorecond_t)
-selinux_compute_create_context(restorecond_t)
-selinux_compute_relabel_context(restorecond_t)
-selinux_compute_user_contexts(restorecond_t)
-
-auth_relabel_all_files_except_shadow(restorecond_t )
-auth_read_all_files_except_shadow(restorecond_t)
-auth_use_nsswitch(restorecond_t)
-
-locallogin_dontaudit_use_fds(restorecond_t)
-
-logging_send_syslog_msg(restorecond_t)
-
-miscfiles_read_localization(restorecond_t)
-
-seutil_libselinux_linked(restorecond_t)
-
-userdom_read_user_home_content_symlinks(restorecond_t)
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(restorecond_t)
-	')
-')
-
-optional_policy(`
-	rpm_use_script_fds(restorecond_t)
-')
-
-#################################
-#
-# Run_init local policy
-#
-
-allow run_init_t self:process setexec;
-allow run_init_t self:capability setuid;
-allow run_init_t self:fifo_file rw_file_perms;
-logging_send_audit_msgs(run_init_t)
-
-# often the administrator runs such programs from a directory that is owned
-# by a different user or has restrictive SE permissions, do not want to audit
-# the failed access to the current directory
-dontaudit run_init_t self:capability { dac_override dac_read_search };
-
-corecmd_exec_bin(run_init_t)
-corecmd_exec_shell(run_init_t)
-
-dev_dontaudit_list_all_dev_nodes(run_init_t)
-
-domain_use_interactive_fds(run_init_t)
-
-files_read_etc_files(run_init_t)
-files_dontaudit_search_all_dirs(run_init_t)
-
-fs_getattr_xattr_fs(run_init_t)
-
-mls_rangetrans_source(run_init_t)
-
-selinux_validate_context(run_init_t)
-selinux_compute_access_vector(run_init_t)
-selinux_compute_create_context(run_init_t)
-selinux_compute_relabel_context(run_init_t)
-selinux_compute_user_contexts(run_init_t)
-
-auth_use_nsswitch(run_init_t)
-auth_domtrans_chk_passwd(run_init_t)
-auth_domtrans_upd_passwd(run_init_t)
-auth_dontaudit_read_shadow(run_init_t)
-
-init_spec_domtrans_script(run_init_t)
-# for utmp
-init_rw_utmp(run_init_t)
-
-logging_send_syslog_msg(run_init_t)
-
-miscfiles_read_localization(run_init_t)
-
-seutil_libselinux_linked(run_init_t)
-seutil_read_default_contexts(run_init_t)
-
-userdom_use_user_terminals(run_init_t)
-
-ifndef(`direct_sysadm_daemon',`
-	ifdef(`distro_gentoo',`
-		# Gentoo integrated run_init:
-		init_script_file_entry_type(run_init_t)
-	')
-')
-
-optional_policy(`
-	rpm_domtrans(run_init_t)
-')
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(run_init_t)
-	')
-')
-
-optional_policy(`
-	daemontools_domtrans_start(run_init_t)
-')
-
-########################################
-#
-# semodule local policy
-#
-
-seutil_semanage_policy(semanage_t)
-allow semanage_t self:fifo_file rw_fifo_file_perms;
-
-manage_dirs_pattern(semanage_t, selinux_var_lib_t,  selinux_var_lib_t)
-manage_files_pattern(semanage_t, selinux_var_lib_t,  selinux_var_lib_t)
-
-selinux_set_all_booleans(semanage_t)
-can_exec(semanage_t, semanage_exec_t)
-
-# Admins are creating pp files in random locations
-auth_read_all_files_except_shadow(semanage_t)
-
-seutil_manage_file_contexts(semanage_t)
-seutil_manage_config(semanage_t)
-seutil_domtrans_setfiles(semanage_t)
-
-# netfilter_contexts:
-seutil_manage_default_contexts(semanage_t)
-
-ifdef(`distro_debian',`
-	files_read_var_lib_files(semanage_t)
-	files_read_var_lib_symlinks(semanage_t)
-')
-
-optional_policy(`
-	setrans_initrc_domtrans(semanage_t)
-        domain_system_change_exemption(semanage_t)
-	consoletype_exec(semanage_t)
-')
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(semanage_t)
-	')
-')
-
-optional_policy(`
-	#signal mcstrans on reload
-	init_spec_domtrans_script(semanage_t)
-')
-
-# cjp: need a more general way to handle this:
-ifdef(`enable_mls',`
-	# read secadm tmp files
-',`
-	# Handle pp files created in homedir and /tmp
-	userdom_read_user_home_content_files(semanage_t)
-	userdom_read_user_tmp_files(semanage_t)
-')
-
-userdom_search_admin_dir(semanage_t)
-
-####################################n####
-#
-# setsebool local policy
-#
-seutil_semanage_policy(setsebool_t)
-selinux_set_all_booleans(setsebool_t)
-
-init_dontaudit_use_fds(setsebool_t)
-
-# Bug in semanage
-seutil_domtrans_setfiles(setsebool_t)
-seutil_manage_file_contexts(setsebool_t)
-seutil_manage_default_contexts(setsebool_t)
-seutil_manage_config(setsebool_t)
-
-########################################
-#
-# Setfiles local policy
-#
-
-seutil_setfiles(setfiles_t)
-# During boot in Rawhide
-term_use_generic_ptys(setfiles_t)
-
-seutil_setfiles(setfiles_mac_t)
-allow setfiles_mac_t self:capability2 mac_admin;
-kernel_relabelto_unlabeled(setfiles_mac_t)
-
-optional_policy(`
-	files_dontaudit_write_isid_chr_files(setfiles_mac_t)
-	livecd_dontaudit_leaks(setfiles_mac_t)
-	livecd_rw_tmp_files(setfiles_mac_t)
-	dev_dontaudit_write_all_chr_files(setfiles_mac_t)
-')
-
-ifdef(`hide_broken_symptoms',`
-	optional_policy(`
-		setroubleshoot_fixit_dontaudit_leaks(setfiles_t)
-		setroubleshoot_fixit_dontaudit_leaks(setsebool_t)
-	')
-')
-
-optional_policy(`
-	unconfined_domain(setfiles_mac_t)
-')
diff --git a/policy/modules/system/setrans.fc b/policy/modules/system/setrans.fc
deleted file mode 100644
index bea4629..0000000
--- a/policy/modules/system/setrans.fc
+++ /dev/null
@@ -1,5 +0,0 @@
-/etc/rc\.d/init\.d/mcstrans --	gen_context(system_u:object_r:setrans_initrc_exec_t,s0)
-
-/sbin/mcstransd		--	gen_context(system_u:object_r:setrans_exec_t,s0)
-
-/var/run/setrans(/.*)?		gen_context(system_u:object_r:setrans_var_run_t,mls_systemhigh)
diff --git a/policy/modules/system/setrans.if b/policy/modules/system/setrans.if
deleted file mode 100644
index efa9c27..0000000
--- a/policy/modules/system/setrans.if
+++ /dev/null
@@ -1,42 +0,0 @@
-## <summary>SELinux MLS/MCS label translation service.</summary>
-
-########################################
-## <summary>
-##	Execute setrans server in the setrans domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-#
-interface(`setrans_initrc_domtrans',`
-	gen_require(`
-		type setrans_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, setrans_initrc_exec_t)
-')
-
-#######################################
-## <summary>
-##	Allow a domain to translate contexts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`setrans_translate_context',`
-	gen_require(`
-		type setrans_t, setrans_var_run_t;
-		class context translate;
-	')
-
-	allow $1 self:unix_stream_socket create_stream_socket_perms;
-	allow $1 setrans_t:context translate;
-	stream_connect_pattern($1, setrans_var_run_t, setrans_var_run_t, setrans_t)
-	files_list_pids($1)
-')
diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te
deleted file mode 100644
index 4488c6d..0000000
--- a/policy/modules/system/setrans.te
+++ /dev/null
@@ -1,88 +0,0 @@
-policy_module(setrans, 1.7.0)
-
-gen_require(`
-	class context contains;
-')
-
-########################################
-#
-# Declarations
-#
-
-type setrans_t;
-type setrans_exec_t;
-init_daemon_domain(setrans_t, setrans_exec_t)
-mls_trusted_object(setrans_t)
-
-type setrans_initrc_exec_t;
-init_script_file(setrans_initrc_exec_t)
-
-type setrans_var_run_t;
-files_pid_file(setrans_var_run_t)
-mls_trusted_object(setrans_var_run_t)
-
-ifdef(`enable_mcs',`
-	init_ranged_daemon_domain(setrans_t, setrans_exec_t, s0 - mcs_systemhigh)
-')
-
-ifdef(`enable_mls',`
-	init_ranged_daemon_domain(setrans_t, setrans_exec_t, mls_systemhigh)
-')
-
-########################################
-#
-# setrans local policy
-#
-
-allow setrans_t self:capability sys_resource;
-allow setrans_t self:process { setrlimit getcap setcap signal_perms };
-allow setrans_t self:unix_stream_socket create_stream_socket_perms;
-allow setrans_t self:unix_dgram_socket create_socket_perms;
-allow setrans_t self:netlink_selinux_socket create_socket_perms;
-allow setrans_t self:context contains;
-
-can_exec(setrans_t, setrans_exec_t)
-corecmd_search_bin(setrans_t)
-
-# create unix domain socket in /var
-manage_dirs_pattern(setrans_t, setrans_var_run_t, setrans_var_run_t)
-manage_files_pattern(setrans_t, setrans_var_run_t, setrans_var_run_t)
-manage_sock_files_pattern(setrans_t, setrans_var_run_t, setrans_var_run_t)
-files_pid_filetrans(setrans_t, setrans_var_run_t, { file dir })
-
-kernel_read_kernel_sysctls(setrans_t)
-kernel_read_proc_symlinks(setrans_t)
-
-# allow performing getpidcon() on all processes
-domain_read_all_domains_state(setrans_t)
-domain_dontaudit_search_all_domains_state(setrans_t)
-domain_getattr_all_domains(setrans_t)
-domain_getsession_all_domains(setrans_t)
-
-files_read_etc_runtime_files(setrans_t)
-
-mls_file_read_all_levels(setrans_t)
-mls_file_write_all_levels(setrans_t)
-mls_net_receive_all_levels(setrans_t)
-mls_socket_write_all_levels(setrans_t)
-mls_process_read_up(setrans_t)
-mls_socket_read_all_levels(setrans_t)
-
-selinux_compute_access_vector(setrans_t)
-
-term_dontaudit_use_generic_ptys(setrans_t)
-term_dontaudit_use_unallocated_ttys(setrans_t)
-
-init_dontaudit_use_script_ptys(setrans_t)
-
-locallogin_dontaudit_use_fds(setrans_t)
-
-logging_send_syslog_msg(setrans_t)
-
-miscfiles_read_localization(setrans_t)
-
-seutil_read_config(setrans_t)
-
-optional_policy(`
-	rpm_use_script_fds(setrans_t)
-')
diff --git a/policy/modules/system/sosreport.fc b/policy/modules/system/sosreport.fc
deleted file mode 100644
index 0928140..0000000
--- a/policy/modules/system/sosreport.fc
+++ /dev/null
@@ -1,2 +0,0 @@
-
-/usr/sbin/sosreport	--	gen_context(system_u:object_r:sosreport_exec_t,s0)
diff --git a/policy/modules/system/sosreport.if b/policy/modules/system/sosreport.if
deleted file mode 100644
index fec3374..0000000
--- a/policy/modules/system/sosreport.if
+++ /dev/null
@@ -1,131 +0,0 @@
-
-## <summary>policy for sosreport</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run sosreport.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`sosreport_domtrans',`
-	gen_require(`
-		type sosreport_t, sosreport_exec_t;
-	')
-
-	domtrans_pattern($1, sosreport_exec_t, sosreport_t)
-')
-
-
-########################################
-## <summary>
-##	Execute sosreport in the sosreport domain, and
-##	allow the specified role the sosreport domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed the sosreport domain.
-##	</summary>
-## </param>
-#
-interface(`sosreport_run',`
-	gen_require(`
-		type sosreport_t;
-	')
-
-	sosreport_domtrans($1)
-	role $2 types sosreport_t;
-')
-
-########################################
-## <summary>
-##	Role access for sosreport
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`sosreport_role',`
-	gen_require(`
-              type sosreport_t;
-	')
-
-	role $1 types sosreport_t;
-
-	sosreport_domtrans($2)
-
-	ps_process_pattern($2, sosreport_t)
-	allow $2 sosreport_t:process signal;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read
-##	sosreport tmp files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sosreport_read_tmp_files',`
-	gen_require(`
-		type sosreport_tmp_t;
-	')
-
-	files_search_tmp($1)
-	read_files_pattern($1, sosreport_tmp_t, sosreport_tmp_t)
-')
-
-########################################
-## <summary>
-##	Delete sosreport tmp files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sosreport_delete_tmp_files',`
-	gen_require(`
-		type sosreport_tmp_t;
-	')
-
-	files_delete_tmp_dir_entry($1)
-	delete_files_pattern($1, sosreport_tmp_t, sosreport_tmp_t)
-')
-
-########################################
-## <summary>
-##	Append sosreport tmp files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sosreport_append_tmp_files',`
-	gen_require(`
-		type sosreport_tmp_t;
-	')
-
-	allow $1 sosreport_tmp_t:file append;
-')
diff --git a/policy/modules/system/sosreport.te b/policy/modules/system/sosreport.te
deleted file mode 100644
index c15bcea..0000000
--- a/policy/modules/system/sosreport.te
+++ /dev/null
@@ -1,154 +0,0 @@
-policy_module(sosreport,1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type sosreport_t;
-type sosreport_exec_t;
-application_domain(sosreport_t, sosreport_exec_t)
-role system_r types sosreport_t;
-
-type sosreport_tmp_t;
-files_tmp_file(sosreport_tmp_t)
-
-type sosreport_tmpfs_t;
-files_tmpfs_file(sosreport_tmpfs_t)
-
-########################################
-#
-# sosreport local policy
-#
-
-allow sosreport_t self:capability { kill net_admin net_raw setuid sys_admin sys_nice sys_ptrace dac_override };
-allow sosreport_t self:process { setsched signull };
-
-allow sosreport_t self:fifo_file rw_fifo_file_perms;
-allow sosreport_t self:tcp_socket create_stream_socket_perms;
-allow sosreport_t self:udp_socket create_socket_perms;
-allow sosreport_t self:unix_dgram_socket create_socket_perms;
-allow sosreport_t self:netlink_route_socket r_netlink_socket_perms;
-allow sosreport_t self:unix_stream_socket create_stream_socket_perms;
-
-# sosreport tmp files 
-manage_dirs_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t)
-manage_files_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t)
-manage_lnk_files_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t)
-files_tmp_filetrans(sosreport_t, sosreport_tmp_t, { file dir })
-
-manage_files_pattern(sosreport_t, sosreport_tmpfs_t, sosreport_tmpfs_t)
-fs_tmpfs_filetrans(sosreport_t, sosreport_tmpfs_t,file)
-
-kernel_read_network_state(sosreport_t)
-kernel_read_all_sysctls(sosreport_t)
-kernel_read_software_raid_state(sosreport_t)
-kernel_search_debugfs(sosreport_t)
-kernel_read_messages(sosreport_t)
-
-corecmd_exec_all_executables(sosreport_t)
-
-dev_getattr_all_chr_files(sosreport_t)
-dev_getattr_all_blk_files(sosreport_t)
-dev_getattr_generic_chr_files(sosreport_t)
-dev_getattr_generic_blk_files(sosreport_t)
-dev_getattr_mtrr_dev(sosreport_t)
-
-dev_read_rand(sosreport_t)
-dev_read_urand(sosreport_t)
-dev_read_raw_memory(sosreport_t)
-dev_read_sysfs(sosreport_t)
-
-domain_getattr_all_domains(sosreport_t)
-domain_read_all_domains_state(sosreport_t)
-domain_getattr_all_sockets(sosreport_t)
-domain_getattr_all_pipes(sosreport_t)
-domain_signull_all_domains(sosreport_t)
-
-# for blkid.tab
-files_manage_etc_runtime_files(sosreport_t)
-files_etc_filetrans_etc_runtime(sosreport_t, file)
-
-files_getattr_all_sockets(sosreport_t)
-files_exec_etc_files(sosreport_t)
-files_list_all(sosreport_t)
-files_read_config_files(sosreport_t)
-files_read_etc_files(sosreport_t)
-files_read_generic_tmp_files(sosreport_t)
-files_read_usr_files(sosreport_t)
-files_read_var_lib_files(sosreport_t)
-files_read_var_symlinks(sosreport_t)
-files_read_kernel_modules(sosreport_t)
-files_read_all_symlinks(sosreport_t)
-
-fs_getattr_all_fs(sosreport_t)
-fs_list_inotifyfs(sosreport_t)
-
-# cjp: some config files do not have configfile attribute
-# sosreport needs to read various files on system
-auth_read_all_files_except_shadow(sosreport_t)
-auth_use_nsswitch(sosreport_t)
-
-init_domtrans_script(sosreport_t)
-
-libs_domtrans_ldconfig(sosreport_t)
-
-logging_read_all_logs(sosreport_t)
-logging_send_syslog_msg(sosreport_t)
-
-miscfiles_read_localization(sosreport_t)
-
-# needed by modinfo
-modutils_read_module_deps(sosreport_t)
-
-sysnet_read_config(sosreport_t)
-
-optional_policy(`
-	abrt_manage_pid_files(sosreport_t)
-')
-
-optional_policy(`
-	cups_stream_connect(sosreport_t)
-')
-
-optional_policy(`
-	dmesg_domtrans(sosreport_t)
-')
-
-optional_policy(`
-	fstools_domtrans(sosreport_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(sosreport_t)
-
-	optional_policy(`
-		hal_dbus_chat(sosreport_t)
-	')
-')
-
-optional_policy(`
-    lvm_domtrans(sosreport_t)
-')
-
-optional_policy(`
-	mount_domtrans(sosreport_t)
-')
-
-optional_policy(`
-	pulseaudio_stream_connect(sosreport_t)
-')
-
-optional_policy(`
-    rpm_exec(sosreport_t)
-    rpm_dontaudit_manage_db(sosreport_t)
-    rpm_read_db(sosreport_t)
-')
-
-optional_policy(`
-	xserver_stream_connect(sosreport_t)
-')
-
-optional_policy(`
-	unconfined_domain(sosreport_t)
-')
diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc
deleted file mode 100644
index 4bb3158..0000000
--- a/policy/modules/system/sysnetwork.fc
+++ /dev/null
@@ -1,68 +0,0 @@
-
-#
-# /bin
-#
-/bin/ip			--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
-
-#
-# /etc
-#
-/etc/dhclient.*conf	--	gen_context(system_u:object_r:dhcp_etc_t,s0)
-/etc/dhclient-script	--	gen_context(system_u:object_r:dhcp_etc_t,s0)
-/etc/dhcpc.*			gen_context(system_u:object_r:dhcp_etc_t,s0)
-/etc/dhcpd\.conf	--	gen_context(system_u:object_r:dhcp_etc_t,s0)
-/etc/dhcp/dhcpd\.conf	--	gen_context(system_u:object_r:dhcp_etc_t,s0)
-/etc/ethers		--	gen_context(system_u:object_r:net_conf_t,s0)
-/etc/hosts		--	gen_context(system_u:object_r:net_conf_t,s0)
-/etc/hosts\.deny.*	--	gen_context(system_u:object_r:net_conf_t,s0)
-/etc/denyhosts.*	--	gen_context(system_u:object_r:net_conf_t,s0)
-/etc/resolv\.conf.*	--	gen_context(system_u:object_r:net_conf_t,s0)
-/etc/yp\.conf.*		--	gen_context(system_u:object_r:net_conf_t,s0)
-
-/etc/dhcp3(/.*)?		gen_context(system_u:object_r:dhcp_etc_t,s0)
-/etc/dhcp3?/dhclient.*		gen_context(system_u:object_r:dhcp_etc_t,s0)
-
-ifdef(`distro_redhat',`
-/etc/sysconfig/network-scripts/.*resolv\.conf -- gen_context(system_u:object_r:net_conf_t,s0)
-/etc/sysconfig/networking(/.*)? gen_context(system_u:object_r:net_conf_t,s0)
-/etc/sysconfig/network-scripts(/.*)?  gen_context(system_u:object_r:net_conf_t,s0)
-')
-
-#
-# /sbin
-#
-/sbin/dhclient.*	--	gen_context(system_u:object_r:dhcpc_exec_t,s0)
-/sbin/dhcdbd		--	gen_context(system_u:object_r:dhcpc_exec_t,s0)
-/sbin/dhcpcd		--	gen_context(system_u:object_r:dhcpc_exec_t,s0)
-/sbin/ethtool		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
-/sbin/ifconfig		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
-/sbin/ip		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
-/sbin/ipx_configure	--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
-/sbin/ipx_interface	--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
-/sbin/ipx_internal_net	--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
-/sbin/iwconfig		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
-/sbin/mii-tool		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
-/sbin/pump		--	gen_context(system_u:object_r:dhcpc_exec_t,s0)
-/sbin/tc		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
-
-#
-# /usr
-#
-/usr/sbin/tc		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
-
-#
-# /var
-#
-/var/lib/dhcp3?		-d	gen_context(system_u:object_r:dhcp_state_t,s0)
-/var/lib/dhcp3?/dhclient.*	gen_context(system_u:object_r:dhcpc_state_t,s0)
-/var/lib/dhcpcd(/.*)?		gen_context(system_u:object_r:dhcpc_state_t,s0)
-/var/lib/dhclient(/.*)?		gen_context(system_u:object_r:dhcpc_state_t,s0)
-/var/lib/wifiroamd(/.*)?	gen_context(system_u:object_r:dhcpc_state_t,s0)
-
-/var/run/dhclient.*	--	gen_context(system_u:object_r:dhcpc_var_run_t,s0)
-
-ifdef(`distro_gentoo',`
-/var/lib/dhcpc(/.*)?		gen_context(system_u:object_r:dhcpc_state_t,s0)
-')
-
-/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
deleted file mode 100644
index 350d003..0000000
--- a/policy/modules/system/sysnetwork.if
+++ /dev/null
@@ -1,877 +0,0 @@
-## <summary>Policy for network configuration: ifconfig and dhcp client.</summary>
-
-#######################################
-## <summary>
-##	Execute dhcp client in dhcpc domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`sysnet_domtrans_dhcpc',`
-	gen_require(`
-		type dhcpc_t, dhcpc_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, dhcpc_exec_t, dhcpc_t)
-')
-
-########################################
-## <summary>
-##	Execute DHCP clients in the dhcpc domain, and
-##	allow the specified role the dhcpc domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`sysnet_run_dhcpc',`
-	gen_require(`
-		type dhcpc_t;
-	')
-
-	sysnet_domtrans_dhcpc($1)
-	role $2 types dhcpc_t;
-
-	modutils_run_insmod(dhcpc_t, $2)
-
-	sysnet_run_ifconfig(dhcpc_t, $2)
-
-	optional_policy(`
-		consoletype_run(dhcpc_t, $2)
-	')
-
-	optional_policy(`
-		hostname_run(dhcpc_t, $2)
-	')
-
-	optional_policy(`
-		netutils_run(dhcpc_t, $2)
-		netutils_run_ping(dhcpc_t, $2)
-	')
-
-	optional_policy(`
-		networkmanager_run(dhcpc_t, $2)
-	')
-
-	optional_policy(`
-		nis_run_ypbind(dhcpc_t, $2)
-	')
-
-	optional_policy(`
-		nscd_run(dhcpc_t, $2)
-	')
-
-	optional_policy(`
-		ntp_run(dhcpc_t, $2)
-	')
-
-	seutil_run_setfiles(dhcpc_t, $2)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to use
-##	the dhcp file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`sysnet_dontaudit_use_dhcpc_fds',`
-	gen_require(`
-		type dhcpc_t;
-	')
-
-	dontaudit $1 dhcpc_t:fd use;
-')
-
-########################################
-## <summary>
-##	Send a SIGCHLD signal to the dhcp client.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_sigchld_dhcpc',`
-	gen_require(`
-		type dhcpc_t;
-	')
-
-	allow $1 dhcpc_t:process sigchld;
-')
-
-########################################
-## <summary>
-##	Send a kill signal to the dhcp client.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`sysnet_kill_dhcpc',`
-	gen_require(`
-		type dhcpc_t;
-	')
-
-	allow $1 dhcpc_t:process sigkill;
-')
-
-########################################
-## <summary>
-##	Send a SIGSTOP signal to the dhcp client.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_sigstop_dhcpc',`
-	gen_require(`
-		type dhcpc_t;
-	')
-
-	allow $1 dhcpc_t:process sigstop;
-')
-
-########################################
-## <summary>
-##	Send a null signal to the dhcp client.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_signull_dhcpc',`
-	gen_require(`
-		type dhcpc_t;
-	')
-
-	allow $1 dhcpc_t:process signull;
-')
-
-########################################
-## <summary>
-##	Send a generic signal to the dhcp client.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`sysnet_signal_dhcpc',`
-	gen_require(`
-		type dhcpc_t;
-	')
-
-	allow $1 dhcpc_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send and receive messages from
-##	dhcpc over dbus.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_dbus_chat_dhcpc',`
-	gen_require(`
-		type dhcpc_t;
-		class dbus send_msg;
-	')
-
-	allow $1 dhcpc_t:dbus send_msg;
-	allow dhcpc_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Read and write dhcp configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_rw_dhcp_config',`
-	gen_require(`
-		type dhcp_etc_t;
-	')
-
-	files_search_etc($1)
-	allow $1 dhcp_etc_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Read dhcp client state files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_read_dhcpc_state',`
-	gen_require(`
-		type dhcpc_state_t;
-	')
-
-	read_files_pattern($1, dhcpc_state_t, dhcpc_state_t)
-')
-
-#######################################
-## <summary>
-##	Delete the dhcp client state files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_delete_dhcpc_state',`
-	gen_require(`
-		type dhcpc_state_t;
-	')
-
-	delete_files_pattern($1, dhcpc_state_t, dhcpc_state_t)
-')
-
-########################################
-## <summary>
-##	Allow caller to relabel dhcpc_state files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_relabelfrom_dhcpc_state',`
-
-	gen_require(`
-		type dhcpc_state_t;
-	')
-
-	allow $1 dhcpc_state_t:file relabelfrom;
-')
-
-#######################################
-## <summary>
-##	Manage the dhcp client state files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_manage_dhcpc_state',`
-	gen_require(`
-		type dhcpc_state_t;
-	')
-
-	manage_files_pattern($1, dhcpc_state_t, dhcpc_state_t)
-')
-
-#######################################
-## <summary>
-##	Set the attributes of network config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_setattr_config',`
-	gen_require(`
-		type net_conf_t;
-	')
-
-	files_search_etc($1)
-	allow $1 net_conf_t:file setattr;
-')
-
-#######################################
-## <summary>
-##      Allow caller to relabel net_conf files
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`sysnet_relabelfrom_net_conf',`
-
-        gen_require(`
-                type net_conf_t;
-        ')
-
-        allow $1 net_conf_t:file relabelfrom;
-')
-
-######################################
-## <summary>
-##      Allow caller to relabel net_conf files
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`sysnet_relabelto_net_conf',`
-
-        gen_require(`
-                type net_conf_t;
-        ')
-
-        allow $1 net_conf_t:file relabelto;
-')
-
-#######################################
-## <summary>
-##	Read network config files.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to read the
-##	general network configuration files.  A
-##	common example of this is the
-##	/etc/resolv.conf file, which has domain
-##	name system (DNS) server IP addresses.
-##	Typically, most networking processes will
-##	require	the access provided by this interface.
-##	</p>
-##	<p>
-##	Higher-level interfaces which involve
-##	networking will generally call this interface,
-##	for example:
-##	</p>
-##	<ul>
-##		<li>sysnet_dns_name_resolve()</li>
-##		<li>sysnet_use_ldap()</li>
-##		<li>sysnet_use_portmap()</li>
-##	</ul>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_read_config',`
-	gen_require(`
-		type net_conf_t;
-	')
-
-	files_search_etc($1)
-	allow $1 net_conf_t:file read_file_perms;
-
-	ifdef(`distro_redhat',`
-		allow $1 net_conf_t:dir list_dir_perms;
-		read_files_pattern($1, net_conf_t, net_conf_t)
-	')
-')
-
-#######################################
-## <summary>
-##	Do not audit attempts to read network config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`sysnet_dontaudit_read_config',`
-	gen_require(`
-		type net_conf_t;
-	')
-
-	dontaudit $1 net_conf_t:file read_file_perms;
-')
-
-#######################################
-## <summary>
-##	Write network config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_write_config',`
-	gen_require(`
-		type net_conf_t;
-	')
-
-	files_search_etc($1)
-	allow $1 net_conf_t:file write_file_perms;
-')
-
-#######################################
-## <summary>
-##	Create network config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_create_config',`
-	gen_require(`
-		type net_conf_t;
-	')
-
-	files_search_etc($1)
-	allow $1 net_conf_t:file create_file_perms;
-')
-
-#######################################
-## <summary>
-##	Create files in /etc with the type used for
-##	the network config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_etc_filetrans_config',`
-	gen_require(`
-		type net_conf_t;
-	')
-
-	files_etc_filetrans($1, net_conf_t, file)
-')
-
-#######################################
-## <summary>
-##	Create, read, write, and delete network config files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_manage_config',`
-	gen_require(`
-		type net_conf_t;
-	')
-
-	allow $1 net_conf_t:dir list_dir_perms;
-	manage_files_pattern($1, net_conf_t, net_conf_t)
-')
-
-#######################################
-## <summary>
-##	Read the dhcp client pid file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_read_dhcpc_pid',`
-	gen_require(`
-		type dhcpc_var_run_t;
-	')
-
-	files_list_pids($1)
-	allow $1 dhcpc_var_run_t:file read_file_perms;
-')
-
-#######################################
-## <summary>
-##	Delete the dhcp client pid file.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_delete_dhcpc_pid',`
-	gen_require(`
-		type dhcpc_var_run_t;
-	')
-
-	files_rw_pid_dirs($1)
-	allow $1 dhcpc_var_run_t:file unlink;
-')
-
-#######################################
-## <summary>
-##	Execute ifconfig in the ifconfig domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`sysnet_domtrans_ifconfig',`
-	gen_require(`
-		type ifconfig_t, ifconfig_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, ifconfig_exec_t, ifconfig_t)
-	ifdef(`hide_broken_symptoms', `
-	        dontaudit ifconfig_t $1:socket_class_set { read write };
-	')
-
-')
-
-########################################
-## <summary>
-##	Execute ifconfig in the ifconfig domain, and
-##	allow the specified role the ifconfig domain,
-##	and use the caller's terminal.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`sysnet_run_ifconfig',`
-	gen_require(`
-		type ifconfig_t;
-	')
-
-	corecmd_search_bin($1)
-	sysnet_domtrans_ifconfig($1)
-	role $2 types ifconfig_t;
-')
-
-#######################################
-## <summary>
-##	Execute ifconfig in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_exec_ifconfig',`
-	gen_require(`
-		type ifconfig_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, ifconfig_exec_t)
-')
-
-########################################
-## <summary>
-##	Send a generic signal to ifconfig.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`sysnet_signal_ifconfig',`
-	gen_require(`
-		type ifconfig_t;
-	')
-
-	allow $1 ifconfig_t:process signal;
-')
-
-########################################
-## <summary>
-##	Send a kill signal to iconfig.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`sysnet_kill_ifconfig',`
-	gen_require(`
-		type ifconfig_t;
-	')
-
-	allow $1 ifconfig_t:process sigkill;
-')
-
-########################################
-## <summary>
-##	Read the DHCP configuration files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_read_dhcp_config',`
-	gen_require(`
-		type dhcp_etc_t;
-	')
-
-	files_search_etc($1)
-	allow $1 dhcp_etc_t:dir list_dir_perms;
-	read_files_pattern($1, dhcp_etc_t, dhcp_etc_t)
-')
-
-########################################
-## <summary>
-##	Search the DHCP state data directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_search_dhcp_state',`
-	gen_require(`
-		type dhcp_state_t;
-	')
-
-	files_search_var_lib($1)
-	allow $1 dhcp_state_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create DHCP state data.
-## </summary>
-## <desc>
-##	<p>
-##	Create DHCP state data.
-##	</p>
-##	<p>
-##	This is added for DHCP server, as
-##	the server and client put their state
-##	files in the same directory.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="file_type">
-##	<summary>
-##	The type of the object to be created
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The object class.
-##	</summary>
-## </param>
-#
-interface(`sysnet_dhcp_state_filetrans',`
-	gen_require(`
-		type dhcp_state_t;
-	')
-
-	files_search_var_lib($1)
-	filetrans_pattern($1, dhcp_state_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Perform a DNS name resolution.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`sysnet_dns_name_resolve',`
-	gen_require(`
-		type net_conf_t;
-	')
-
-	allow $1 self:tcp_socket create_socket_perms;
-	allow $1 self:udp_socket create_socket_perms;
-	allow $1 self:netlink_route_socket r_netlink_socket_perms;
-
-	corenet_all_recvfrom_unlabeled($1)
-	corenet_all_recvfrom_netlabel($1)
-	corenet_tcp_sendrecv_generic_if($1)
-	corenet_udp_sendrecv_generic_if($1)
-	corenet_tcp_sendrecv_generic_node($1)
-	corenet_udp_sendrecv_generic_node($1)
-	corenet_tcp_sendrecv_dns_port($1)
-	corenet_udp_sendrecv_dns_port($1)
-	corenet_tcp_connect_dns_port($1)
-	corenet_sendrecv_dns_client_packets($1)
-
-	sysnet_read_config($1)
-
-	optional_policy(`
-		avahi_stream_connect($1)
-	')
-
-	optional_policy(`
-		nscd_socket_use($1)
-	')
-')
-
-########################################
-## <summary>
-##	Connect and use a LDAP server.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_use_ldap',`
-	gen_require(`
-		type net_conf_t;
-	')		
-
-	allow $1 self:tcp_socket create_socket_perms;
-
-	corenet_all_recvfrom_unlabeled($1)
-	corenet_all_recvfrom_netlabel($1)
-	corenet_tcp_sendrecv_generic_if($1)
-	corenet_tcp_sendrecv_generic_node($1)
-	corenet_tcp_sendrecv_ldap_port($1)
-	corenet_tcp_connect_ldap_port($1)
-	corenet_sendrecv_ldap_client_packets($1)
-
-	files_search_etc($1)
-	allow $1 net_conf_t:file read_file_perms;
-	# LDAP Configuration using encrypted requires
-	dev_read_urand($1)
-')
-
-########################################
-## <summary>
-##	Connect and use remote port mappers.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`sysnet_use_portmap',`
-	gen_require(`
-		type net_conf_t;
-	')		
-
-	allow $1 self:tcp_socket create_socket_perms;
-	allow $1 self:udp_socket create_socket_perms;
-
-	corenet_all_recvfrom_unlabeled($1)
-	corenet_all_recvfrom_netlabel($1)
-	corenet_tcp_sendrecv_generic_if($1)
-	corenet_udp_sendrecv_generic_if($1)
-	corenet_tcp_sendrecv_generic_node($1)
-	corenet_udp_sendrecv_generic_node($1)
-	corenet_tcp_sendrecv_portmap_port($1)
-	corenet_udp_sendrecv_portmap_port($1)
-	corenet_tcp_connect_portmap_port($1)
-	corenet_sendrecv_portmap_client_packets($1)
-
-	files_search_etc($1)
-	allow $1 net_conf_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to use
-##	the dhcp file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The domain sending the SIGCHLD.
-##	</summary>
-## </param>
-#
-interface(`sysnet_dontaudit_dhcpc_use_fds',`
-	gen_require(`
-		type dhcpc_t;
-	')
-
-	dontaudit $1 dhcpc_t:fd use;
-')
-
-########################################
-## <summary>
-##	Transition to system_r when execute an dhclient script
-## </summary>
-## <desc>
-##      <p>
-##	Execute dhclient script in a specified role
-##      </p>
-##      <p>
-##      No interprocess communication (signals, pipes,
-##      etc.) is provided by this interface since
-##      the domains are not owned by this module.
-##      </p>
-## </desc>
-## <param name="source_role">
-##	<summary>
-##	Role to transition from.
-##	</summary>
-## </param>
-interface(`sysnet_role_transition_dhcpc',`
-	gen_require(`
-		type dhcpc_exec_t;
-	')
-
-	role_transition $1 dhcpc_exec_t system_r;
-')
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
deleted file mode 100644
index 3663802..0000000
--- a/policy/modules/system/sysnetwork.te
+++ /dev/null
@@ -1,411 +0,0 @@
-policy_module(sysnetwork, 1.11.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Allow dhcpc client applications to execute iptables commands
-## </p>
-## </desc>
-gen_tunable(dhcpc_exec_iptables, false)
-
-# this is shared between dhcpc and dhcpd:
-type dhcp_etc_t;
-typealias dhcp_etc_t alias { etc_dhcp_t etc_dhcpc_t etc_dhcpd_t };
-files_config_file(dhcp_etc_t)
-
-# this is shared between dhcpc and dhcpd:
-type dhcp_state_t;
-files_type(dhcp_state_t)
-
-type dhcpc_t;
-type dhcpc_exec_t;
-init_daemon_domain(dhcpc_t, dhcpc_exec_t)
-role system_r types dhcpc_t;
-
-type dhcpc_helper_exec_t;
-init_script_file(dhcpc_helper_exec_t)
-
-type dhcpc_state_t;
-files_type(dhcpc_state_t)
-
-type dhcpc_tmp_t;
-files_tmp_file(dhcpc_tmp_t)
-
-type dhcpc_var_run_t;
-files_pid_file(dhcpc_var_run_t)
-
-type ifconfig_t;
-type ifconfig_exec_t;
-init_system_domain(ifconfig_t, ifconfig_exec_t)
-role system_r types ifconfig_t;
-
-type net_conf_t alias resolv_conf_t;
-files_type(net_conf_t)
-
-########################################
-#
-# DHCP client local policy
-#
-allow dhcpc_t self:capability { dac_override fsetid net_admin net_raw net_bind_service setpcap sys_nice sys_resource sys_tty_config };
-dontaudit dhcpc_t self:capability { sys_tty_config sys_ptrace };
-# for access("/etc/bashrc", X_OK) on Red Hat
-dontaudit dhcpc_t self:capability { dac_read_search sys_module };
-allow dhcpc_t self:process { getsched getcap setcap setfscreate ptrace signal_perms };
-
-allow dhcpc_t self:fifo_file rw_fifo_file_perms;
-allow dhcpc_t self:tcp_socket create_stream_socket_perms;
-allow dhcpc_t self:udp_socket create_socket_perms;
-allow dhcpc_t self:packet_socket create_socket_perms;
-allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read };
-
-allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
-read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t)
-exec_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t)
-
-allow dhcpc_t dhcp_state_t:file read_file_perms;
-allow dhcpc_t dhcp_state_t:file relabel_file_perms;
-
-manage_files_pattern(dhcpc_t, dhcpc_state_t, dhcpc_state_t)
-filetrans_pattern(dhcpc_t, dhcp_state_t, dhcpc_state_t, file)
-allow dhcpc_t dhcpc_state_t:file relabel_file_perms;
-
-# create pid file
-manage_files_pattern(dhcpc_t, dhcpc_var_run_t, dhcpc_var_run_t)
-files_pid_filetrans(dhcpc_t, dhcpc_var_run_t, file)
-
-# Allow read/write to /etc/resolv.conf and /etc/ntp.conf. Note that any files
-# in /etc created by dhcpcd will be labelled net_conf_t.
-allow dhcpc_t net_conf_t:file manage_file_perms;
-allow dhcpc_t net_conf_t:file relabel_file_perms;
-sysnet_manage_config(dhcpc_t)
-files_etc_filetrans(dhcpc_t, net_conf_t, file)
-
-# create temp files
-manage_dirs_pattern(dhcpc_t, dhcpc_tmp_t, dhcpc_tmp_t)
-manage_files_pattern(dhcpc_t, dhcpc_tmp_t, dhcpc_tmp_t)
-files_tmp_filetrans(dhcpc_t, dhcpc_tmp_t, { file dir })
-
-can_exec(dhcpc_t, dhcpc_exec_t)
-
-# transition to ifconfig
-domtrans_pattern(dhcpc_t, ifconfig_exec_t, ifconfig_t)
-
-kernel_read_system_state(dhcpc_t)
-kernel_read_network_state(dhcpc_t)
-kernel_search_network_sysctl(dhcpc_t)
-kernel_read_kernel_sysctls(dhcpc_t)
-kernel_request_load_module(dhcpc_t)
-kernel_use_fds(dhcpc_t)
-
-corecmd_exec_bin(dhcpc_t)
-corecmd_exec_shell(dhcpc_t)
-
-corenet_all_recvfrom_unlabeled(dhcpc_t)
-corenet_all_recvfrom_netlabel(dhcpc_t)
-corenet_tcp_sendrecv_all_if(dhcpc_t)
-corenet_raw_sendrecv_all_if(dhcpc_t)
-corenet_udp_sendrecv_all_if(dhcpc_t)
-corenet_tcp_sendrecv_all_nodes(dhcpc_t)
-corenet_raw_sendrecv_all_nodes(dhcpc_t)
-corenet_udp_sendrecv_all_nodes(dhcpc_t)
-corenet_tcp_sendrecv_all_ports(dhcpc_t)
-corenet_udp_sendrecv_all_ports(dhcpc_t)
-corenet_tcp_bind_all_nodes(dhcpc_t)
-corenet_udp_bind_all_nodes(dhcpc_t)
-corenet_udp_bind_dhcpc_port(dhcpc_t)
-corenet_tcp_connect_all_ports(dhcpc_t)
-corenet_sendrecv_dhcpd_client_packets(dhcpc_t)
-corenet_sendrecv_dhcpc_server_packets(dhcpc_t)
-corenet_dontaudit_udp_bind_all_reserved_ports(dhcpc_t)
-corenet_udp_bind_all_unreserved_ports(dhcpc_t)	
-
-dev_read_sysfs(dhcpc_t)
-# for SSP:
-dev_read_urand(dhcpc_t)
-
-domain_obj_id_change_exemption(dhcpc_t)
-domain_use_interactive_fds(dhcpc_t)
-domain_dontaudit_read_all_domains_state(dhcpc_t)
-
-files_read_etc_files(dhcpc_t)
-files_read_etc_runtime_files(dhcpc_t)
-files_read_usr_files(dhcpc_t)
-files_search_home(dhcpc_t)
-files_search_var_lib(dhcpc_t)
-files_dontaudit_search_locks(dhcpc_t)
-files_getattr_generic_locks(dhcpc_t)
-
-fs_getattr_all_fs(dhcpc_t)
-fs_search_auto_mountpoints(dhcpc_t)
-
-term_dontaudit_use_all_ttys(dhcpc_t)
-term_dontaudit_use_all_ptys(dhcpc_t)
-term_dontaudit_use_unallocated_ttys(dhcpc_t)
-term_dontaudit_use_generic_ptys(dhcpc_t)
-
-init_rw_utmp(dhcpc_t)
-init_stream_connect(dhcpc_t)
-
-logging_send_syslog_msg(dhcpc_t)
-
-miscfiles_read_localization(dhcpc_t)
-
-modutils_domtrans_insmod(dhcpc_t)
-
-userdom_use_user_terminals(dhcpc_t)
-userdom_dontaudit_search_user_home_dirs(dhcpc_t)
-
-ifdef(`distro_redhat', `
-	files_exec_etc_files(dhcpc_t)
-')
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(dhcpc_t)
-	')
-')
-
-optional_policy(`
-	consoletype_domtrans(dhcpc_t)
-')
-
-optional_policy(`
-	chronyd_initrc_domtrans(dhcpc_t)
-')
-
-optional_policy(`
-	init_dbus_chat_script(dhcpc_t)
-
-	dbus_system_bus_client(dhcpc_t)
-	dbus_connect_system_bus(dhcpc_t)
-
-	optional_policy(`
-		networkmanager_dbus_chat(dhcpc_t)
-	')
-')
-
-optional_policy(`
-	hostname_domtrans(dhcpc_t)
-')
-
-optional_policy(`
-	hal_dontaudit_rw_dgram_sockets(dhcpc_t)
-	hal_dontaudit_read_pid_files(dhcpc_t)
-	hal_dontaudit_write_log(dhcpc_t)
-')
-
-optional_policy(`
-	hotplug_getattr_config_dirs(dhcpc_t)
-	hotplug_search_config(dhcpc_t)
-
-	ifdef(`distro_redhat',`
-		logging_domtrans_syslog(dhcpc_t)
-	')
-')
-
-# for the dhcp client to run ping to check IP addresses
-optional_policy(`
-	netutils_domtrans_ping(dhcpc_t)
-	netutils_domtrans(dhcpc_t)
-',`
-	allow dhcpc_t self:capability setuid;
-	allow dhcpc_t self:rawip_socket create_socket_perms;
-')
-
-optional_policy(`
-	networkmanager_domtrans(dhcpc_t)
-	networkmanager_read_pid_files(dhcpc_t)
-	networkmanager_read_lib_files(dhcpc_t)
-')
-
-optional_policy(`
-	nis_initrc_domtrans_ypbind(dhcpc_t)
-	nis_read_ypbind_pid(dhcpc_t)
-')
-
-optional_policy(`
-	nscd_initrc_domtrans(dhcpc_t)
-	nscd_domtrans(dhcpc_t)
-	nscd_read_pid(dhcpc_t)
-')
-
-optional_policy(`
-	ntp_initrc_domtrans(dhcpc_t)
-')
-
-optional_policy(`
-	pcmcia_stub(dhcpc_t)
-	dev_rw_cardmgr(dhcpc_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(dhcpc_t)
-	seutil_dontaudit_search_config(dhcpc_t)
-	seutil_domtrans_setfiles(dhcpc_t)
-')
-
-optional_policy(`
-	udev_read_db(dhcpc_t)
-')
-
-optional_policy(`
-	userdom_use_all_users_fds(dhcpc_t)
-')
-
-optional_policy(`
-	vmware_append_log(dhcpc_t)
-')
-
-optional_policy(`
-	kernel_read_xen_state(dhcpc_t)
-	kernel_write_xen_state(dhcpc_t)
-	xen_append_log(dhcpc_t)
-	xen_dontaudit_rw_unix_stream_sockets(dhcpc_t)
-')
-
-########################################
-#
-# Ifconfig local policy
-#
-
-allow ifconfig_t self:capability { net_raw net_admin sys_tty_config };
-allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
-allow ifconfig_t self:fd use;
-allow ifconfig_t self:fifo_file rw_fifo_file_perms;
-allow ifconfig_t self:sock_file read_sock_file_perms;
-allow ifconfig_t self:socket create_socket_perms;
-allow ifconfig_t self:unix_dgram_socket create_socket_perms;
-allow ifconfig_t self:unix_stream_socket create_stream_socket_perms;
-allow ifconfig_t self:unix_dgram_socket sendto;
-allow ifconfig_t self:unix_stream_socket connectto;
-allow ifconfig_t self:shm create_shm_perms;
-allow ifconfig_t self:sem create_sem_perms;
-allow ifconfig_t self:msgq create_msgq_perms;
-allow ifconfig_t self:msg { send receive };
-# Create UDP sockets, necessary when called from dhcpc
-allow ifconfig_t self:udp_socket create_socket_perms;
-# for /sbin/ip
-allow ifconfig_t self:packet_socket create_socket_perms;
-allow ifconfig_t self:netlink_route_socket create_netlink_socket_perms;
-allow ifconfig_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_read };
-allow ifconfig_t self:tcp_socket { create ioctl };
-
-kernel_use_fds(ifconfig_t)
-kernel_read_system_state(ifconfig_t)
-kernel_read_network_state(ifconfig_t)
-kernel_request_load_module(ifconfig_t)
-kernel_search_network_sysctl(ifconfig_t)
-kernel_rw_net_sysctls(ifconfig_t)
-
-corenet_rw_tun_tap_dev(ifconfig_t)
-
-dev_read_sysfs(ifconfig_t)
-# for IPSEC setup:
-dev_read_urand(ifconfig_t)
-
-domain_use_interactive_fds(ifconfig_t)
-
-read_files_pattern(ifconfig_t, dhcpc_state_t, dhcpc_state_t)
-
-files_read_etc_files(ifconfig_t)
-files_read_etc_runtime_files(ifconfig_t)
-files_read_usr_files(ifconfig_t)
-
-fs_getattr_xattr_fs(ifconfig_t)
-fs_search_auto_mountpoints(ifconfig_t)
-
-selinux_dontaudit_getattr_fs(ifconfig_t)
-
-term_dontaudit_use_console(ifconfig_t)
-term_dontaudit_use_all_ttys(ifconfig_t)
-term_dontaudit_use_all_ptys(ifconfig_t)
-term_dontaudit_use_ptmx(ifconfig_t)
-term_dontaudit_use_generic_ptys(ifconfig_t)
-
-files_dontaudit_read_root_files(ifconfig_t)
-
-init_use_fds(ifconfig_t)
-init_use_script_ptys(ifconfig_t)
-
-libs_read_lib_files(ifconfig_t)
-
-logging_send_syslog_msg(ifconfig_t)
-
-miscfiles_read_localization(ifconfig_t)
-
-modutils_domtrans_insmod(ifconfig_t)
-
-seutil_use_runinit_fds(ifconfig_t)
-
-sysnet_dns_name_resolve(ifconfig_t)
-
-userdom_use_user_terminals(ifconfig_t)
-userdom_use_all_users_fds(ifconfig_t)
-
-ifdef(`distro_ubuntu',`
-	optional_policy(`
-		unconfined_domain(ifconfig_t)
-	')
-')
-
-optional_policy(`
-	brctl_domtrans(ifconfig_t)
-')
-
-ifdef(`hide_broken_symptoms',`
-	optional_policy(`
-		dev_dontaudit_rw_cardmgr(ifconfig_t)
-	')
-
-	optional_policy(`
-		udev_dontaudit_rw_dgram_sockets(ifconfig_t)
-	')
-')
-
-optional_policy(`
-	hal_dontaudit_rw_pipes(ifconfig_t)
-	hal_dontaudit_rw_dgram_sockets(ifconfig_t)
-	hal_dontaudit_read_pid_files(ifconfig_t)
-	hal_write_log(ifconfig_t)
-')
-
-optional_policy(`
-	ipsec_write_pid(ifconfig_t)
-')
-
-optional_policy(`
-	netutils_domtrans(dhcpc_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(ifconfig_t)
-')
-
-optional_policy(`
-	ppp_use_fds(ifconfig_t)
-')
-
-optional_policy(`
-	unconfined_dontaudit_rw_pipes(ifconfig_t)
-')
-
-optional_policy(`
-	vmware_append_log(ifconfig_t)
-')
-
-optional_policy(`
-	kernel_read_xen_state(ifconfig_t)
-	kernel_write_xen_state(ifconfig_t)
-	xen_append_log(ifconfig_t)
-	xen_dontaudit_rw_unix_stream_sockets(ifconfig_t)
-')
-
-optional_policy(`
-	tunable_policy(`dhcpc_exec_iptables',`
-		iptables_domtrans(dhcpc_t)
-	')
-')
diff --git a/policy/modules/system/udev.fc b/policy/modules/system/udev.fc
deleted file mode 100644
index 44fe366..0000000
--- a/policy/modules/system/udev.fc
+++ /dev/null
@@ -1,25 +0,0 @@
-/dev/\.udev(/.*)? --	gen_context(system_u:object_r:udev_tbl_t,s0)
-/dev/\.udevdb	--	gen_context(system_u:object_r:udev_tbl_t,s0)
-/dev/udev\.tbl	--	gen_context(system_u:object_r:udev_tbl_t,s0)
-
-/etc/dev\.d/.+	--	gen_context(system_u:object_r:udev_helper_exec_t,s0)
-
-/etc/hotplug\.d/default/udev.* -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
-
-/etc/udev/rules.d(/.*)? gen_context(system_u:object_r:udev_rules_t,s0)
-/etc/udev/scripts/.+ --	gen_context(system_u:object_r:udev_helper_exec_t,s0)
-
-/lib/udev/udev-acl --	gen_context(system_u:object_r:udev_exec_t,s0)
-
-/sbin/start_udev --	gen_context(system_u:object_r:udev_exec_t,s0)
-/sbin/udev	--	gen_context(system_u:object_r:udev_exec_t,s0)
-/sbin/udevadm	--	gen_context(system_u:object_r:udev_exec_t,s0)
-/sbin/udevd	--	gen_context(system_u:object_r:udev_exec_t,s0)
-/sbin/udevsend	--	gen_context(system_u:object_r:udev_exec_t,s0)
-/sbin/udevstart	--	gen_context(system_u:object_r:udev_exec_t,s0)
-/sbin/wait_for_sysfs -- gen_context(system_u:object_r:udev_exec_t,s0)
-
-/usr/bin/udevinfo --	gen_context(system_u:object_r:udev_exec_t,s0)
-
-/var/run/PackageKit/udev(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0)
-/var/run/libgpod(/.*)?	        gen_context(system_u:object_r:udev_var_run_t,s0)    
diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if
deleted file mode 100644
index 5b277ea..0000000
--- a/policy/modules/system/udev.if
+++ /dev/null
@@ -1,233 +0,0 @@
-## <summary>Policy for udev.</summary>
-
-########################################
-## <summary>
-##	Send generic signals to udev.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`udev_signal',`
-	gen_require(`
-		type udev_t;
-	')
-
-	allow $1 udev_t:process signal;
-')
-
-########################################
-## <summary>
-##	Execute udev in the udev domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`udev_domtrans',`
-	gen_require(`
-		type udev_t, udev_exec_t;
-	')
-
-	domtrans_pattern($1, udev_exec_t, udev_t)
-	allow $1 udev_t:process noatsecure;
-')
-
-########################################
-## <summary>
-##	Execute udev in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`udev_exec',`
-	gen_require(`
-		type udev_exec_t;
-	')
-
-	can_exec($1, udev_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute a udev helper in the udev domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`udev_helper_domtrans',`
-	gen_require(`
-		type udev_t, udev_helper_exec_t;
-	')
-
-	domtrans_pattern($1, udev_helper_exec_t, udev_t)
-')
-
-########################################
-## <summary>
-##	Allow process to read udev process state.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`udev_read_state',`
-	gen_require(`
-		type udev_t;
-	')
-
-	kernel_search_proc($1)
-	ps_process_pattern($1, udev_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to inherit a
-##	udev file descriptor.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`udev_dontaudit_use_fds',`
-	gen_require(`
-		type udev_t;
-	')
-
-	dontaudit $1 udev_t:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read or write
-##	to a udev unix datagram socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`udev_dontaudit_rw_dgram_sockets',`
-	gen_require(`
-		type udev_t;
-	')
-
-	dontaudit $1 udev_t:unix_dgram_socket { read write };
-')
-
-########################################
-## <summary>
-##	Manage udev rules files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`udev_manage_rules_files',`
-	gen_require(`
-		type udev_rules_t;
-	')
-
-	manage_files_pattern($1, udev_rules_t, udev_rules_t)
-')
-
-########################################
-## <summary>
-##	Do not audit search of udev database directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`udev_dontaudit_search_db',`
-	gen_require(`
-		type udev_tbl_t;
-	')
-
-	dontaudit $1 udev_tbl_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read the udev device table.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to read the udev device table.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="read" weight="10"/>
-#
-interface(`udev_read_db',`
-	gen_require(`
-		type udev_tbl_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 udev_tbl_t:dir list_dir_perms;
-	read_files_pattern($1, udev_tbl_t, udev_tbl_t)
-	read_lnk_files_pattern($1, udev_tbl_t, udev_tbl_t)
-')
-
-########################################
-## <summary>
-##	Allow process to modify list of devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`udev_rw_db',`
-	gen_require(`
-		type udev_tbl_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 udev_tbl_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	udev pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`udev_manage_pid_files',`
-	gen_require(`
-		type udev_var_run_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, udev_var_run_t, udev_var_run_t)
-')
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
deleted file mode 100644
index 4867243..0000000
--- a/policy/modules/system/udev.te
+++ /dev/null
@@ -1,317 +0,0 @@
-policy_module(udev, 1.12.0)
-
-########################################
-#
-# Declarations
-#
-
-type udev_t;
-type udev_exec_t;
-type udev_helper_exec_t;
-kernel_domtrans_to(udev_t, udev_exec_t)
-domain_obj_id_change_exemption(udev_t)
-domain_entry_file(udev_t, udev_helper_exec_t)
-domain_interactive_fd(udev_t)
-init_daemon_domain(udev_t, udev_exec_t)
-
-type udev_etc_t alias etc_udev_t;
-files_config_file(udev_etc_t)
-
-type udev_tbl_t alias udev_tdb_t;
-files_type(udev_tbl_t)
-
-type udev_rules_t;
-files_type(udev_rules_t)
-
-type udev_var_run_t;
-files_pid_file(udev_var_run_t)
-
-ifdef(`enable_mcs',`
-	kernel_ranged_domtrans_to(udev_t, udev_exec_t, s0 - mcs_systemhigh)
-	init_ranged_daemon_domain(udev_t, udev_exec_t, s0 - mcs_systemhigh)
-')
-
-########################################
-#
-# Local policy
-#
-
-allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid sys_admin mknod net_raw net_admin sys_nice sys_rawio sys_resource setuid setgid sys_nice sys_ptrace };
-dontaudit udev_t self:capability sys_tty_config;
-allow udev_t self:process ~{ setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow udev_t self:process { execmem setfscreate };
-allow udev_t self:fd use;
-allow udev_t self:fifo_file rw_fifo_file_perms;
-allow udev_t self:sock_file read_sock_file_perms;
-allow udev_t self:shm create_shm_perms;
-allow udev_t self:sem create_sem_perms;
-allow udev_t self:msgq create_msgq_perms;
-allow udev_t self:msg { send receive };
-allow udev_t self:unix_stream_socket { listen accept };
-allow udev_t self:unix_dgram_socket sendto;
-allow udev_t self:unix_stream_socket connectto;
-allow udev_t self:netlink_kobject_uevent_socket create_socket_perms;
-allow udev_t self:rawip_socket create_socket_perms;
-allow udev_t self:netlink_socket create_socket_perms;
-
-allow udev_t udev_exec_t:file write;
-can_exec(udev_t, udev_exec_t)
-
-allow udev_t udev_helper_exec_t:dir list_dir_perms;
-can_exec(udev_t, udev_helper_exec_t)
-
-# read udev config
-allow udev_t udev_etc_t:file read_file_perms;
-
-# create udev database in /dev/.udevdb
-allow udev_t udev_tbl_t:file manage_file_perms;
-dev_filetrans(udev_t, udev_tbl_t, file)
-
-list_dirs_pattern(udev_t, udev_rules_t, udev_rules_t)
-read_files_pattern(udev_t, udev_rules_t, udev_rules_t)
-
-manage_dirs_pattern(udev_t, udev_var_run_t, udev_var_run_t)
-manage_files_pattern(udev_t, udev_var_run_t, udev_var_run_t)
-manage_lnk_files_pattern(udev_t, udev_var_run_t, udev_var_run_t)
-files_pid_filetrans(udev_t, udev_var_run_t, { file dir })
-
-kernel_read_system_state(udev_t)
-kernel_request_load_module(udev_t)
-kernel_getattr_core_if(udev_t)
-kernel_use_fds(udev_t)
-kernel_read_device_sysctls(udev_t)
-kernel_read_hotplug_sysctls(udev_t)
-kernel_read_modprobe_sysctls(udev_t)
-kernel_read_kernel_sysctls(udev_t)
-kernel_rw_hotplug_sysctls(udev_t)
-kernel_rw_unix_dgram_sockets(udev_t)
-kernel_dgram_send(udev_t)
-kernel_signal(udev_t)
-kernel_search_debugfs(udev_t)
-
-#https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235182
-kernel_rw_net_sysctls(udev_t)
-kernel_read_network_state(udev_t)
-kernel_read_software_raid_state(udev_t)
-
-corecmd_exec_all_executables(udev_t)
-
-dev_rw_sysfs(udev_t)
-dev_manage_all_dev_nodes(udev_t)
-dev_rw_generic_files(udev_t)
-dev_delete_generic_files(udev_t)
-dev_search_usbfs(udev_t)
-dev_relabel_all_dev_nodes(udev_t)
-# udev_node.c/node_symlink() symlink labels are explicitly
-# preserved, instead of short circuiting the relabel
-dev_relabel_generic_symlinks(udev_t)
-dev_manage_generic_symlinks(udev_t)
-
-domain_read_all_domains_state(udev_t)
-domain_dontaudit_ptrace_all_domains(udev_t) #pidof triggers these
-
-files_read_usr_files(udev_t)
-files_read_etc_runtime_files(udev_t)
-
-# console_init manages files in /etc/sysconfig
-files_manage_etc_files(udev_t)
-files_exec_etc_files(udev_t)
-files_dontaudit_search_isid_type_dirs(udev_t)
-files_getattr_generic_locks(udev_t)
-files_search_mnt(udev_t)
-files_list_tmp(udev_t)
-
-fs_getattr_all_fs(udev_t)
-fs_list_inotifyfs(udev_t)
-fs_rw_anon_inodefs_files(udev_t)
-fs_list_auto_mountpoints(udev_t)
-fs_list_hugetlbfs(udev_t)
-
-mcs_ptrace_all(udev_t)
-
-mls_file_read_all_levels(udev_t)
-mls_file_write_all_levels(udev_t)
-mls_file_upgrade(udev_t)
-mls_file_downgrade(udev_t)
-mls_process_write_down(udev_t)
-
-selinux_get_fs_mount(udev_t)
-selinux_validate_context(udev_t)
-selinux_compute_access_vector(udev_t)
-selinux_compute_create_context(udev_t)
-selinux_compute_relabel_context(udev_t)
-selinux_compute_user_contexts(udev_t)
-
-auth_read_pam_console_data(udev_t)
-auth_domtrans_pam_console(udev_t)
-auth_use_nsswitch(udev_t)
-
-init_read_utmp(udev_t)
-init_dontaudit_write_utmp(udev_t)
-init_getattr_initctl(udev_t)
-
-logging_search_logs(udev_t)
-logging_send_syslog_msg(udev_t)
-logging_send_audit_msgs(udev_t)
-
-miscfiles_read_localization(udev_t)
-miscfiles_read_hwdata(udev_t)
-
-modutils_domtrans_insmod(udev_t)
-# read modules.inputmap:
-modutils_read_module_deps(udev_t)
-
-seutil_read_config(udev_t)
-seutil_read_default_contexts(udev_t)
-seutil_read_file_contexts(udev_t)
-seutil_domtrans_setfiles(udev_t)
-
-sysnet_domtrans_ifconfig(udev_t)
-sysnet_domtrans_dhcpc(udev_t)
-sysnet_rw_dhcp_config(udev_t)
-sysnet_read_dhcpc_pid(udev_t)
-sysnet_delete_dhcpc_pid(udev_t)
-sysnet_signal_dhcpc(udev_t)
-sysnet_manage_config(udev_t)
-sysnet_etc_filetrans_config(udev_t)
-
-userdom_dontaudit_search_user_home_content(udev_t)
-
-ifdef(`distro_gentoo',`
-	# during boot, init scripts use /dev/.rcsysinit
-	# existance to determine if we are in early booting
-	init_getattr_script_status_files(udev_t)
-')
-
-ifdef(`distro_redhat',`
-	fs_manage_tmpfs_dirs(udev_t)
-	fs_manage_tmpfs_files(udev_t)
-	fs_manage_tmpfs_symlinks(udev_t)
-	fs_manage_tmpfs_sockets(udev_t)
-	fs_manage_tmpfs_blk_files(udev_t)
-	fs_manage_tmpfs_chr_files(udev_t)
-	fs_relabel_tmpfs_blk_file(udev_t)
-	fs_relabel_tmpfs_chr_file(udev_t)
-	fs_manage_hugetlbfs_dirs(udev_t)
-
-	term_search_ptys(udev_t)
-
-	# for arping used for static IP addresses on PCMCIA ethernet
-	netutils_domtrans(udev_t)
-
-	optional_policy(`
-		unconfined_domain(udev_t)
-	')
-')
-
-optional_policy(`
-	alsa_domtrans(udev_t)
-	alsa_read_lib(udev_t)
-	alsa_read_rw_config(udev_t)
-')
-
-optional_policy(`
-	bluetooth_domtrans(udev_t)
-')
-
-optional_policy(`
-	brctl_domtrans(udev_t)
-')
-
-optional_policy(`
-	clock_domtrans(udev_t)
-')
-
-optional_policy(`
-	consolekit_read_pid_files(udev_t)
-')
-
-optional_policy(`
-	consoletype_exec(udev_t)
-')
-
-optional_policy(`
-	cups_domtrans_config(udev_t)
-	cups_read_config(udev_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(udev_t)
-')
-
-optional_policy(`
-	devicekit_read_pid_files(udev_t)
-	devicekit_dgram_send(udev_t)
-')
-
-optional_policy(`
-	gnome_read_home_config(udev_t)
-')
-
-optional_policy(`
-	lvm_domtrans(udev_t)
-')
-
-optional_policy(`
-	fstools_domtrans(udev_t)
-')
-
-optional_policy(`
-	hal_dgram_send(udev_t)
-
-	ifdef(`hide_broken_symptoms',`
-		hal_dontaudit_rw_dgram_sockets(udev_t)
-	')
-')
-
-optional_policy(`
-	hotplug_read_config(udev_t)
-	# usb.agent searches /var/run/usb
-	hotplug_search_pids(udev_t)
-')
-
-optional_policy(`
-	mount_domtrans(udev_t)
-')
-
-optional_policy(`
-	networkmanager_dbus_chat(udev_t)
-')
-
-optional_policy(`
-	openct_read_pid_files(udev_t)
-	openct_domtrans(udev_t)
-')
-
-optional_policy(`
-	pcscd_read_pub_files(udev_t)
-	pcscd_domtrans(udev_t)
-')
-
-optional_policy(`
-	raid_domtrans_mdadm(udev_t)
-')
-
-optional_policy(`
-	usbmuxd_domtrans(udev_t)
-	usbmuxd_stream_connect(udev_t)
-')
-
-optional_policy(`
-	unconfined_signal(udev_t)
-')
-
-optional_policy(`
-	vbetool_domtrans(udev_t)
-')
-
-optional_policy(`
-	kernel_write_xen_state(udev_t)
-	kernel_read_xen_state(udev_t)
-	xen_manage_log(udev_t)
-	xen_read_image_files(udev_t)
-')
-
-optional_policy(`
-	xserver_read_xdm_pid(udev_t)
-')
diff --git a/policy/modules/system/unconfined.fc b/policy/modules/system/unconfined.fc
deleted file mode 100644
index 8b34dbc..0000000
--- a/policy/modules/system/unconfined.fc
+++ /dev/null
@@ -1 +0,0 @@
-# Add programs here which should not be confined by SELinux
diff --git a/policy/modules/system/unconfined.if b/policy/modules/system/unconfined.if
deleted file mode 100644
index c6e8ffe..0000000
--- a/policy/modules/system/unconfined.if
+++ /dev/null
@@ -1,192 +0,0 @@
-## <summary>The unconfined domain.</summary>
-
-########################################
-## <summary>
-##	Make the specified domain unconfined.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to make unconfined.
-##	</summary>
-## </param>
-#
-interface(`unconfined_domain_noaudit',`
-	gen_require(`
-		class dbus all_dbus_perms;
-		class nscd all_nscd_perms;
-		class passwd all_passwd_perms;
-	')
-
-	# Use any Linux capability.
-	allow $1 self:capability all_capabilities;
-	allow $1 self:fifo_file manage_fifo_file_perms;
-
-	# Transition to myself, to make get_ordered_context_list happy.
-	allow $1 self:process transition;
-
-	# Write access is for setting attributes under /proc/self/attr.
-	allow $1 self:file rw_file_perms;
-	allow $1 self:dir rw_dir_perms;
-
-	# Userland object managers
-	allow $1 self:nscd all_nscd_perms;
-	allow $1 self:dbus all_dbus_perms;
-	allow $1 self:passwd all_passwd_perms;
-	allow $1 self:association all_association_perms;
-	allow $1 self:socket_class_set create_socket_perms;
-
-	kernel_unconfined($1)
-	corenet_unconfined($1)
-	dev_unconfined($1)
-	domain_unconfined($1)
-	domain_dontaudit_read_all_domains_state($1)
-	domain_dontaudit_ptrace_all_domains($1)
-	files_unconfined($1)
-	fs_unconfined($1)
-	selinux_unconfined($1)
-
-	domain_mmap_low($1)
-
-	mls_file_read_all_levels($1)
-
-	ubac_process_exempt($1)
-
-	tunable_policy(`allow_execheap',`
-		# Allow making the stack executable via mprotect.
-		allow $1 self:process execheap;
-	')
-
-	tunable_policy(`allow_execmem',`
-		# Allow making anonymous memory executable, e.g. 
-		# for runtime-code generation or executable stack.
-		allow $1 self:process execmem;
-	')
-
-	tunable_policy(`allow_execstack',`
-		# Allow making the stack executable via mprotect;
-		# execstack implies execmem;
-		allow $1 self:process { execstack execmem };
-#		auditallow $1 self:process execstack;
-	')
-
-	optional_policy(`
-		auth_unconfined($1)
-	')
-
-	optional_policy(`
-		# Communicate via dbusd.
-		dbus_system_bus_unconfined($1)
-		dbus_unconfined($1)
-	')
-
-	optional_policy(`
-		ipsec_setcontext_default_spd($1)
-		ipsec_match_default_spd($1)
-	')
-
-	optional_policy(`
-		nscd_unconfined($1)
-	')
-
-	optional_policy(`
-		postgresql_unconfined($1)
-	')
-
-	optional_policy(`
-		seutil_create_bin_policy($1)
-		seutil_relabelto_bin_policy($1)
-	')
-
-	optional_policy(`
-		storage_unconfined($1)
-	')
-
-	optional_policy(`
-		xserver_unconfined($1)
-	')
-')
-
-########################################
-## <summary>
-##	Make the specified domain unconfined and
-##	audit executable heap usage.
-## </summary>
-## <desc>
-##	<p>
-##	Make the specified domain unconfined and
-##	audit executable heap usage.  With exception
-##	of memory protections, usage of this interface
-##	will result in the level of access the domain has
-##	is like SELinux	was not being used.
-##	</p>
-##	<p>
-##	Only completely trusted domains should use this interface.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to make unconfined.
-##	</summary>
-## </param>
-#
-interface(`unconfined_domain',`
-	gen_require(`
-		attribute unconfined_services;
-	')	
-
-	unconfined_domain_noaudit($1)
-
-	tunable_policy(`allow_execheap',`
-		auditallow $1 self:process execheap;
-	')
-')
-
-########################################
-## <summary>
-##	Add an alias type to the unconfined domain.  (Deprecated)
-## </summary>
-## <desc>
-##	<p>
-##	Add an alias type to the unconfined domain.  (Deprecated)
-##	</p>
-##	<p>
-##	This is added to support targeted policy.  Its
-##	use should be limited.  It has no effect
-##	on the strict policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	New alias of the unconfined domain.
-##	</summary>
-## </param>
-#
-interface(`unconfined_alias_domain',`
-	refpolicywarn(`$0($1) has been deprecated.')
-')
-
-########################################
-## <summary>
-##	Add an alias type to the unconfined execmem
-##	program file type.  (Deprecated)
-## </summary>
-## <desc>
-##	<p>
-##	Add an alias type to the unconfined execmem
-##	program file type.  (Deprecated)
-##	</p>
-##	<p>
-##	This is added to support targeted policy.  Its
-##	use should be limited.  It has no effect
-##	on the strict policy.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	New alias of the unconfined execmem program type.
-##	</summary>
-## </param>
-#
-interface(`unconfined_execmem_alias_program',`
-	refpolicywarn(`$0($1) has been deprecated.')
-')
diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
deleted file mode 100644
index 4474379..0000000
--- a/policy/modules/system/unconfined.te
+++ /dev/null
@@ -1,8 +0,0 @@
-policy_module(unconfined, 3.2.0)
-
-########################################
-#
-# Declarations
-#
-attribute unconfined_services;
-
diff --git a/policy/modules/system/userdomain.fc b/policy/modules/system/userdomain.fc
deleted file mode 100644
index 392d1ee..0000000
--- a/policy/modules/system/userdomain.fc
+++ /dev/null
@@ -1,17 +0,0 @@
-HOME_DIR	-d	gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
-HOME_DIR	-l	gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
-HOME_DIR/.+		gen_context(system_u:object_r:user_home_t,s0)
-/tmp/gconfd-USER -d	gen_context(system_u:object_r:user_tmp_t,s0)
-/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
-/root/\.cert(/.*)?	gen_context(system_u:object_r:home_cert_t,s0)
-/root/\.debug(/.*)?	<<none>>
-/dev/shm/pulse-shm.*	gen_context(system_u:object_r:user_tmpfs_t,s0)
-/dev/shm/mono.*		gen_context(system_u:object_r:user_tmpfs_t,s0)
-HOME_DIR/bin(/.*)?	gen_context(system_u:object_r:home_bin_t,s0)
-HOME_DIR/local/bin(/.*)?	gen_context(system_u:object_r:home_bin_t,s0)
-HOME_DIR/Audio(/.*)?    gen_context(system_u:object_r:audio_home_t,s0)
-HOME_DIR/Music(/.*)?    gen_context(system_u:object_r:audio_home_t,s0)
-HOME_DIR/\.cert(/.*)?	gen_context(system_u:object_r:home_cert_t,s0)
-HOME_DIR/\.pki(/.*)?		gen_context(system_u:object_r:home_cert_t,s0)
-HOME_DIR/\.gvfs(/.*)?	<<none>>
-HOME_DIR/\.debug(/.*)?	<<none>>
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
deleted file mode 100644
index 54365f8..0000000
--- a/policy/modules/system/userdomain.if
+++ /dev/null
@@ -1,4324 +0,0 @@
-## <summary>Policy for user domains</summary>
-
-#######################################
-## <summary>
-##	The template containing the most basic rules common to all users.
-## </summary>
-## <desc>
-##	<p>
-##	The template containing the most basic rules common to all users.
-##	</p>
-##	<p>
-##	This template creates a user domain, types, and
-##	rules for the user's tty and pty.
-##	</p>
-## </desc>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <rolebase/>
-#
-template(`userdom_base_user_template',`
-
-	gen_require(`
-		attribute userdomain;
-		type user_devpts_t, user_tty_device_t;
-		class context contains;
-	')
-
-	attribute $1_file_type;
-	attribute $1_usertype;
-
-	type $1_t, userdomain, $1_usertype;
-	domain_type($1_t)
-	corecmd_shell_entry_type($1_t)
-	corecmd_bin_entry_type($1_t)
-	domain_user_exemption_target($1_t)
-	ubac_constrained($1_t)
-	role $1_r types $1_t;
-	allow system_r $1_r;
-
-	term_user_pty($1_t, user_devpts_t)
-
-	term_user_tty($1_t, user_tty_device_t)
-	term_dontaudit_getattr_generic_ptys($1_t)
-
-	allow $1_usertype $1_usertype:process { ptrace signal_perms getsched setsched share getpgid setpgid getcap setcap getsession getattr };
-	allow $1_usertype $1_usertype:fd use;
-	allow $1_usertype $1_t:key { create view read write search link setattr };
-
-	allow $1_usertype $1_usertype:fifo_file rw_fifo_file_perms;
-	allow $1_usertype $1_usertype:unix_dgram_socket { create_socket_perms sendto };
-	allow $1_usertype $1_usertype:unix_stream_socket { create_stream_socket_perms connectto };
-	allow $1_usertype $1_usertype:shm create_shm_perms;
-	allow $1_usertype $1_usertype:sem create_sem_perms;
-	allow $1_usertype $1_usertype:msgq create_msgq_perms;
-	allow $1_usertype $1_usertype:msg { send receive };
-	allow $1_usertype $1_usertype:context contains;
-	dontaudit $1_usertype $1_usertype:socket create;
-
-	allow $1_usertype user_devpts_t:chr_file { setattr rw_chr_file_perms };
-	term_create_pty($1_usertype, user_devpts_t)
-	# avoid annoying messages on terminal hangup on role change
-	dontaudit $1_usertype user_devpts_t:chr_file ioctl;
-
-	allow $1_usertype user_tty_device_t:chr_file { setattr rw_chr_file_perms };
-	# avoid annoying messages on terminal hangup on role change
-	dontaudit $1_usertype user_tty_device_t:chr_file ioctl;
-
-	application_exec_all($1_usertype)
-
-	kernel_read_kernel_sysctls($1_usertype)
-	kernel_read_all_sysctls($1_usertype)
-	kernel_dontaudit_list_unlabeled($1_usertype)
-	kernel_dontaudit_getattr_unlabeled_files($1_usertype)
-	kernel_dontaudit_getattr_unlabeled_symlinks($1_usertype)
-	kernel_dontaudit_getattr_unlabeled_pipes($1_usertype)
-	kernel_dontaudit_getattr_unlabeled_sockets($1_usertype)
-	kernel_dontaudit_getattr_unlabeled_blk_files($1_usertype)
-	kernel_dontaudit_getattr_unlabeled_chr_files($1_usertype)
-	kernel_dontaudit_list_proc($1_usertype)
-
-	dev_dontaudit_getattr_all_blk_files($1_usertype)
-	dev_dontaudit_getattr_all_chr_files($1_usertype)
-	dev_getattr_mtrr_dev($1_t)
-
-	# When the user domain runs ps, there will be a number of access
-	# denials when ps tries to search /proc. Do not audit these denials.
-	domain_dontaudit_read_all_domains_state($1_usertype)
-	domain_dontaudit_getattr_all_domains($1_usertype)
-	domain_dontaudit_getsession_all_domains($1_usertype)
-
-	files_read_etc_files($1_usertype)
-	files_list_mnt($1_usertype)
-	files_read_mnt_files($1_usertype)
-	files_read_etc_runtime_files($1_usertype)
-	files_read_usr_files($1_usertype)
-	files_read_usr_src_files($1_usertype)
-	# Read directories and files with the readable_t type.
-	# This type is a general type for "world"-readable files.
-	files_list_world_readable($1_usertype)
-	files_read_world_readable_files($1_usertype)
-	files_read_world_readable_symlinks($1_usertype)
-	files_read_world_readable_pipes($1_usertype)
-	files_read_world_readable_sockets($1_usertype)
-	# old broswer_domain():
-	files_dontaudit_getattr_all_dirs($1_usertype)
-	files_dontaudit_list_non_security($1_usertype)
-	files_dontaudit_getattr_all_files($1_usertype)
-	files_dontaudit_getattr_non_security_symlinks($1_usertype)
-	files_dontaudit_getattr_non_security_pipes($1_usertype)
-	files_dontaudit_getattr_non_security_sockets($1_usertype)
-
-	files_exec_usr_files($1_t)
-
-	fs_list_cgroup_dirs($1_usertype)
-	fs_dontaudit_rw_cgroup_files($1_usertype)
-
-	storage_rw_fuse($1_usertype)
-
-	auth_use_nsswitch($1_usertype)
-
-	init_stream_connect($1_usertype)
-	# The library functions always try to open read-write first,
-	# then fall back to read-only if it fails. 
-	init_dontaudit_rw_utmp($1_usertype)
-
-	libs_exec_ld_so($1_usertype)
-
-	miscfiles_read_localization($1_t)
-	miscfiles_read_generic_certs($1_t)
-
-	miscfiles_read_all_certs($1_usertype)
-	miscfiles_read_localization($1_usertype)
-	miscfiles_read_man_pages($1_usertype)
-	miscfiles_read_public_files($1_usertype)
-
-	tunable_policy(`allow_execmem',`
-		# Allow loading DSOs that require executable stack.
-		allow $1_t self:process execmem;
-	')
-
-	tunable_policy(`allow_execmem && allow_execstack',`
-		# Allow making the stack executable via mprotect.
-		allow $1_t self:process execstack;
-	')
-
-	optional_policy(`
-		fs_list_cgroup_dirs($1_usertype)
-	')
-
-	optional_policy(`
-		ssh_rw_stream_sockets($1_usertype)
-		ssh_delete_tmp($1_t)
-		ssh_signal($1_t)
-	')
-')
-
-#######################################
-## <summary>
-##	Allow a home directory for which the
-##	role has read-only access.
-## </summary>
-## <desc>
-##	<p>
-##	Allow a home directory for which the
-##	role has read-only access.
-##	</p>
-##	<p>
-##	This does not allow execute access.
-##	</p>
-## </desc>
-## <param name="role">
-##	<summary>
-##	The user role
-##	</summary>
-## </param>
-## <param name="userdomain">
-##	<summary>
-##	The user domain
-##	</summary>
-## </param>
-## <rolebase/>
-#
-interface(`userdom_ro_home_role',`
-	gen_require(`
-		type user_home_t, user_home_dir_t;
-	')
-
-	role $1 types { user_home_t user_home_dir_t };
-
-	##############################
-	#
-	# Domain access to home dir
-	#
-
-	type_member $2 user_home_dir_t:dir user_home_dir_t;
-
-	# read-only home directory
-	allow $2 user_home_dir_t:dir list_dir_perms;
-	allow $2 user_home_t:dir list_dir_perms;
-	allow $2 user_home_t:file entrypoint;
-	read_files_pattern($2, { user_home_t user_home_dir_t }, user_home_t)
-	read_lnk_files_pattern($2, { user_home_t user_home_dir_t }, user_home_t)
-	read_fifo_files_pattern($2, { user_home_t user_home_dir_t }, user_home_t)
-	read_sock_files_pattern($2, { user_home_t user_home_dir_t }, user_home_t)
-	files_list_home($2)
-
-')
-
-#######################################
-## <summary>
-##	Allow a home directory for which the
-##	role has full access.
-## </summary>
-## <desc>
-##	<p>
-##	Allow a home directory for which the
-##	role has full access.
-##	</p>
-##	<p>
-##	This does not allow execute access.
-##	</p>
-## </desc>
-## <param name="role">
-##	<summary>
-##	The user role
-##	</summary>
-## </param>
-## <param name="userdomain">
-##	<summary>
-##	The user domain
-##	</summary>
-## </param>
-## <rolebase/>
-#
-interface(`userdom_manage_home_role',`
-	gen_require(`
-		type user_home_t, user_home_dir_t;
-		attribute user_home_type;
-	')
-
-	role $1 types { user_home_type user_home_dir_t };
-
-	##############################
-	#
-	# Domain access to home dir
-	#
-
-	type_member $2 user_home_dir_t:dir user_home_dir_t;
-
-	# full control of the home directory
-	allow $2 user_home_t:dir mounton;
-	allow $2 user_home_t:file entrypoint;
-
-	allow $2 user_home_type:dir_file_class_set { relabelto relabelfrom };
-	allow $2 user_home_dir_t:lnk_file read_lnk_file_perms;
-	manage_dirs_pattern($2, { user_home_dir_t user_home_type }, user_home_type)
-	manage_files_pattern($2, { user_home_dir_t user_home_type }, user_home_type)
-	manage_lnk_files_pattern($2, { user_home_dir_t user_home_type }, user_home_type)
-	manage_sock_files_pattern($2, { user_home_dir_t user_home_type }, user_home_type)
-	manage_fifo_files_pattern($2, { user_home_dir_t user_home_type }, user_home_type)
-	relabel_dirs_pattern($2, { user_home_dir_t user_home_type }, user_home_type)
-	relabel_files_pattern($2, { user_home_dir_t user_home_type }, user_home_type)
-	relabel_lnk_files_pattern($2, { user_home_dir_t user_home_type }, user_home_type)
-	relabel_sock_files_pattern($2, { user_home_dir_t user_home_type }, user_home_type)
-	relabel_fifo_files_pattern($2, { user_home_dir_t user_home_type }, user_home_type)
-	filetrans_pattern($2, user_home_dir_t, user_home_t, { dir file lnk_file sock_file fifo_file })
-	files_list_home($2)
-
-	# cjp: this should probably be removed:
-	allow $2 user_home_dir_t:dir { manage_dir_perms relabel_dir_perms };
-
-	tunable_policy(`use_nfs_home_dirs',`
-		fs_mount_nfs($2)
-		fs_mounton_nfs($2)
-		fs_manage_nfs_dirs($2)
-		fs_manage_nfs_files($2)
-		fs_manage_nfs_symlinks($2)
-		fs_manage_nfs_named_sockets($2)
-		fs_manage_nfs_named_pipes($2)
-	')
-
-	tunable_policy(`use_samba_home_dirs',`
-		fs_mount_cifs($2)
-		fs_mounton_cifs($2)
-		fs_manage_cifs_dirs($2)
-		fs_manage_cifs_files($2)
-		fs_manage_cifs_symlinks($2)
-		fs_manage_cifs_named_sockets($2)
-		fs_manage_cifs_named_pipes($2)
-	')
-')
-
-#######################################
-## <summary>
-##	Manage user temporary files
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolebase/>
-#
-interface(`userdom_manage_tmp_role',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	role $1 types user_tmp_t;
-
-	files_poly_member_tmp($2, user_tmp_t)
-
-	manage_dirs_pattern($2, user_tmp_t, user_tmp_t)
-	manage_files_pattern($2, user_tmp_t, user_tmp_t)
-	manage_lnk_files_pattern($2, user_tmp_t, user_tmp_t)
-	manage_sock_files_pattern($2, user_tmp_t, user_tmp_t)
-	manage_fifo_files_pattern($2, user_tmp_t, user_tmp_t)
-	files_tmp_filetrans($2, user_tmp_t, { dir file lnk_file sock_file fifo_file })
-	relabel_files_pattern($2, user_tmp_t, user_tmp_t)
-')
-
-#######################################
-## <summary>
-##	Dontaudit search of user bin dirs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_search_user_bin_dirs',`
-	gen_require(`
-		type home_bin_t;
-	')
-
-	dontaudit $1 home_bin_t:dir search_dir_perms;
-')
-
-#######################################
-## <summary>
-##	Execute user bin files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_exec_user_bin_files',`
-	gen_require(`
-		attribute user_home_type;
-		type home_bin_t, user_home_dir_t;
-	')
-
-	exec_files_pattern($1, { user_home_dir_t user_home_type }, home_bin_t)
-	files_search_home($1)
-')
-
-#######################################
-## <summary>
-##	The execute access user temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolebase/>
-#
-interface(`userdom_exec_user_tmp_files',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	exec_files_pattern($1, user_tmp_t, user_tmp_t)
-	dontaudit $1 user_tmp_t:sock_file execute;
-	files_search_tmp($1)
-')
-
-#######################################
-## <summary>
-##	Role access for the user tmpfs type
-##	that the user has full access.
-## </summary>
-## <desc>
-##	<p>
-##	Role access for the user tmpfs type
-##	that the user has full access.
-##	</p>
-##	<p>
-##	This does not allow execute access.
-##	</p>
-## </desc>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`userdom_manage_tmpfs_role',`
-	gen_require(`
-		type user_tmpfs_t;
-	')
-
-	role $1 types user_tmpfs_t;
-
-	manage_dirs_pattern($2, user_tmpfs_t, user_tmpfs_t)
-	manage_files_pattern($2, user_tmpfs_t, user_tmpfs_t)
-	manage_lnk_files_pattern($2, user_tmpfs_t, user_tmpfs_t)
-	manage_sock_files_pattern($2, user_tmpfs_t, user_tmpfs_t)
-	manage_fifo_files_pattern($2, user_tmpfs_t, user_tmpfs_t)
-	fs_tmpfs_filetrans($2, user_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-')
-
-#######################################
-## <summary>
-##	The interface allowing the user basic
-##	network permissions
-## </summary>
-## <param name="userdomain">
-##	<summary>
-##	The user domain 
-##	</summary>
-## </param>
-## <rolebase/>
-#
-interface(`userdom_basic_networking',`
-
-	allow $1 self:tcp_socket create_stream_socket_perms;
-	allow $1 self:udp_socket create_socket_perms;
-
-	corenet_all_recvfrom_unlabeled($1)
-	corenet_all_recvfrom_netlabel($1)
-	corenet_tcp_sendrecv_generic_if($1)
-	corenet_udp_sendrecv_generic_if($1)
-	corenet_tcp_sendrecv_generic_node($1)
-	corenet_udp_sendrecv_generic_node($1)
-	corenet_tcp_sendrecv_all_ports($1)
-	corenet_udp_sendrecv_all_ports($1)
-	corenet_tcp_connect_all_ports($1)
-	corenet_sendrecv_all_client_packets($1)
-
-	optional_policy(`
-		init_tcp_recvfrom_all_daemons($1)
-		init_udp_recvfrom_all_daemons($1)
-	')
-
-	optional_policy(`
-		ipsec_match_default_spd($1)
-	')
-
-')
-
-#######################################
-## <summary>
-##	The template for creating a user xwindows client.  (Deprecated)
-## </summary>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <rolebase/>
-#
-template(`userdom_xwindows_client_template',`
-	refpolicywarn(`$0() has been deprecated, please use xserver_role() instead.')
-	gen_require(`
-		type $1_t, user_tmpfs_t;
-	')
-
-	dev_rw_xserver_misc($1_t)
-	dev_rw_power_management($1_t)
-	dev_read_input($1_t)
-	dev_read_misc($1_t)
-	dev_write_misc($1_t)
-	# open office is looking for the following
-	dev_getattr_agp_dev($1_t)
-	dev_dontaudit_rw_dri($1_t)
-	# GNOME checks for usb and other devices:
-	dev_rw_usbfs($1_t)
-	dev_rw_generic_usb_dev($1_t)
-
-	xserver_user_x_domain_template($1, $1_t, user_tmpfs_t)
-	xserver_xsession_entry_type($1_t)
-	xserver_dontaudit_write_log($1_t)
-	xserver_stream_connect_xdm($1_t)
-	# certain apps want to read xdm.pid file
-	xserver_read_xdm_pid($1_t)
-	# gnome-session creates socket under /tmp/.ICE-unix/
-	xserver_create_xdm_tmp_sockets($1_t)
-	# Needed for escd, remove if we get escd policy
-	xserver_manage_xdm_tmp_files($1_t)
-')
-
-#######################################
-## <summary>
-##	The template for allowing the user to change passwords.
-## </summary>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <rolebase/>
-#
-template(`userdom_change_password_template',`
-	gen_require(`
-		type $1_t;
-		role $1_r;
-	')
-
-	optional_policy(`
-		usermanage_run_chfn($1_t,$1_r)
-		usermanage_run_passwd($1_t,$1_r)
-	')
-')
-
-#######################################
-## <summary>
-##	The template containing rules common to unprivileged
-##	users and administrative users.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a user domain, types, and
-##	rules for the user's tty, pty, tmp, and tmpfs files.
-##	</p>
-## </desc>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-#
-template(`userdom_common_user_template',`
-	gen_require(`
-		attribute unpriv_userdomain;
-	')
-
-	userdom_basic_networking($1_usertype)
-
-	##############################
-	#
-	# User domain Local policy
-	#
-
-	# evolution and gnome-session try to create a netlink socket
-	dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
-	dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
-	allow $1_t self:netlink_kobject_uevent_socket create_socket_perms;
-	allow $1_t self:socket create_socket_perms;
-
-	allow $1_usertype unpriv_userdomain:fd use;
-
-	kernel_read_system_state($1_usertype)
-	kernel_read_network_state($1_usertype)
-	kernel_read_net_sysctls($1_usertype)
-	# Very permissive allowing every domain to see every type:
-	kernel_get_sysvipc_info($1_usertype)
-	# Find CDROM devices:
-	kernel_read_device_sysctls($1_usertype)
-	kernel_request_load_module($1_usertype)
-
-	corenet_udp_bind_generic_node($1_usertype)
-	corenet_udp_bind_generic_port($1_usertype)
-
-	dev_read_rand($1_usertype)
-	dev_write_sound($1_usertype)
-	dev_read_sound($1_usertype)
-	dev_read_sound_mixer($1_usertype)
-	dev_write_sound_mixer($1_usertype)
-
-	files_exec_etc_files($1_usertype)
-	files_search_locks($1_usertype)
-	# Check to see if cdrom is mounted
-	files_search_mnt($1_usertype)
-	# cjp: perhaps should cut back on file reads:
-	files_read_var_files($1_usertype)
-	files_read_var_symlinks($1_usertype)
-	files_read_generic_spool($1_usertype)
-	files_read_var_lib_files($1_usertype)
-	# Stat lost+found.
-	files_getattr_lost_found_dirs($1_usertype)
-	files_read_config_files($1_usertype)
-	fs_read_noxattr_fs_files($1_usertype)
-	fs_read_noxattr_fs_symlinks($1_usertype)
-	fs_rw_cgroup_files($1_usertype)
-
-	logging_send_syslog_msg($1_usertype)
-	logging_send_audit_msgs($1_usertype)
-	selinux_get_enforce_mode($1_usertype)
-
-	# cjp: some of this probably can be removed
-	selinux_get_fs_mount($1_usertype)
-	selinux_validate_context($1_usertype)
-	selinux_compute_access_vector($1_usertype)
-	selinux_compute_create_context($1_usertype)
-	selinux_compute_relabel_context($1_usertype)
-	selinux_compute_user_contexts($1_usertype)
-
-	# for eject
-	storage_getattr_fixed_disk_dev($1_usertype)
-
-	auth_read_login_records($1_usertype)
-	auth_run_pam($1_t,$1_r)
-	auth_run_utempter($1_t,$1_r)
-
-	init_read_utmp($1_usertype)
-
-	seutil_read_file_contexts($1_usertype)
-	seutil_read_default_contexts($1_usertype)
-	seutil_run_newrole($1_t,$1_r)
-	seutil_exec_checkpolicy($1_t)
-	seutil_exec_setfiles($1_usertype)
-	# for when the network connection is killed
-	# this is needed when a login role can change
-	# to this one.
-	seutil_dontaudit_signal_newrole($1_t)
-
-	tunable_policy(`user_direct_mouse',`
-		dev_read_mouse($1_usertype)
-	')
-
-	tunable_policy(`user_ttyfile_stat',`
-		term_getattr_all_ttys($1_t)
-	')
-
-	optional_policy(`
-		alsa_read_rw_config($1_usertype)
-	')
-
-	optional_policy(`
-		# Allow graphical boot to check battery lifespan
-		apm_stream_connect($1_usertype)
-	')
-
-	optional_policy(`
-		canna_stream_connect($1_usertype)
-	')
-
-	optional_policy(`
-		chrome_role($1_r, $1_usertype)
-	')
-
-	optional_policy(`
-		dbus_system_bus_client($1_usertype)
-
-		allow $1_usertype $1_usertype:dbus  send_msg;
-
-		optional_policy(`
-			avahi_dbus_chat($1_usertype)
-		')
-
-		optional_policy(`
-			policykit_dbus_chat($1_usertype)
-		')
-
-		optional_policy(`
-			bluetooth_dbus_chat($1_usertype)
-		')
-
-		optional_policy(`
-			consolekit_dbus_chat($1_usertype)
-			consolekit_read_log($1_usertype)
-		')
-
-		optional_policy(`
-			devicekit_dbus_chat($1_usertype)
-			devicekit_dbus_chat_power($1_usertype)
-			devicekit_dbus_chat_disk($1_usertype)
-		')
-
-		optional_policy(`
-			evolution_dbus_chat($1_usertype)
-			evolution_alarm_dbus_chat($1_usertype)
-		')
-
-		optional_policy(`
-			gnome_dbus_chat_gconfdefault($1_usertype)
-		')
-
-		optional_policy(`
-			hal_dbus_chat($1_usertype)
-		')
-
-		optional_policy(`
-			modemmanager_dbus_chat($1_usertype)
-		')
-
-		optional_policy(`
-			networkmanager_dbus_chat($1_usertype)
-			networkmanager_read_lib_files($1_usertype)
-		')
-
-		optional_policy(`
-			vpn_dbus_chat($1_usertype)
-		')
-	')
-
-	optional_policy(`
-		git_session_role($1_r, $1_usertype)
-	')
-
-	optional_policy(`
-		inetd_use_fds($1_usertype)
-		inetd_rw_tcp_sockets($1_usertype)
-	')
-
-	optional_policy(`
-		inn_read_config($1_usertype)
-		inn_read_news_lib($1_usertype)
-		inn_read_news_spool($1_usertype)
-	')
-
-	optional_policy(`
-		locate_read_lib_files($1_usertype)
-	')
-
-	# for running depmod as part of the kernel packaging process
-	optional_policy(`
-		modutils_read_module_config($1_usertype)
-	')
-
-	optional_policy(`
-		mta_rw_spool($1_usertype)
-		mta_manage_queue($1_usertype)
-	')
-
-	optional_policy(`
-		nsplugin_role($1_r, $1_usertype)
-	')
-
-	optional_policy(`
-		tunable_policy(`allow_user_mysql_connect',`
-			mysql_stream_connect($1_t)
-		')
-	')
-
-	optional_policy(`
-		# to allow monitoring of pcmcia status
-		pcmcia_read_pid($1_usertype)
-	')
-
-	optional_policy(`
-		pcscd_read_pub_files($1_usertype)
-		pcscd_stream_connect($1_usertype)
-	')
-
-	optional_policy(`
-		tunable_policy(`allow_user_postgresql_connect',`
-			postgresql_stream_connect($1_usertype)
-			postgresql_tcp_connect($1_usertype)
-		')
-	')
-
-	optional_policy(`
-		resmgr_stream_connect($1_usertype)
-	')
-
-	optional_policy(`
-		rpc_dontaudit_getattr_exports($1_usertype)
-		rpc_manage_nfs_rw_content($1_usertype)
-	')
-
-	optional_policy(`
-		rpcbind_stream_connect($1_usertype)
-	')
-
-	optional_policy(`
-		samba_stream_connect_winbind($1_usertype)
-	')
-
-	optional_policy(`
-		sandbox_transition($1_usertype, $1_r)
-	')
-
-	optional_policy(`
-		seunshare_role_template($1, $1_r, $1_t)
-	')
-
-	optional_policy(`
-		slrnpull_search_spool($1_usertype)
-	')
-
-')
-
-#######################################
-## <summary>
-##	The template for creating a login user.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a user domain, types, and
-##	rules for the user's tty, pty, home directories,
-##	tmp, and tmpfs files.
-##	</p>
-## </desc>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-#
-template(`userdom_login_user_template', `
-	gen_require(`
-		class context contains;
-	')
-
-	userdom_base_user_template($1)
-
-	userdom_manage_home_role($1_r, $1_usertype)
-
-	userdom_manage_tmp_role($1_r, $1_usertype)
-	userdom_manage_tmpfs_role($1_r, $1_usertype)
-
-	ifelse(`$1',`unconfined',`',`
-		gen_tunable(allow_$1_exec_content, true)
-
-		tunable_policy(`allow_$1_exec_content',`
-			userdom_exec_user_tmp_files($1_usertype)
-			userdom_exec_user_home_content_files($1_usertype)
-		')
-		tunable_policy(`allow_$1_exec_content && use_nfs_home_dirs',`
-                        fs_exec_nfs_files($1_usertype)
-		')
-
-		tunable_policy(`allow_$1_exec_content && use_samba_home_dirs',`
-			fs_exec_cifs_files($1_usertype)
-		')
-	')
-
-	userdom_change_password_template($1)
-
-	##############################
-	#
-	# User domain Local policy
-	#
-
-	allow $1_t self:capability { setgid chown fowner };
-	dontaudit $1_t self:capability { sys_nice fsetid };
-
-	allow $1_t self:process ~{ setcurrent setexec setrlimit execmem execstack execheap };
-	dontaudit $1_t self:process setrlimit;
-	dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
-
-	allow $1_t self:context contains;
-
-	kernel_dontaudit_read_system_state($1_usertype)
-	kernel_dontaudit_list_all_proc($1_usertype)
-
-	dev_read_sysfs($1_usertype)
-	dev_read_urand($1_usertype)
-
-	domain_use_interactive_fds($1_usertype)
-	# Command completion can fire hundreds of denials
-	domain_dontaudit_exec_all_entry_files($1_usertype)
-
-	files_dontaudit_list_default($1_usertype)
-	files_dontaudit_read_default_files($1_usertype)
-	# Stat lost+found.
-	files_getattr_lost_found_dirs($1_usertype)
-
-	fs_get_all_fs_quotas($1_usertype)
-	fs_getattr_all_fs($1_usertype)
-	fs_search_all($1_usertype)
-	fs_list_inotifyfs($1_usertype)
-	fs_rw_anon_inodefs_files($1_usertype)
-
-	auth_dontaudit_write_login_records($1_t)
-	auth_rw_cache($1_t)
-
-	# Stop warnings about access to /dev/console
-	init_dontaudit_use_fds($1_usertype)
-	init_dontaudit_use_script_fds($1_usertype)
-
-	libs_exec_lib_files($1_usertype)
-
-	logging_dontaudit_getattr_all_logs($1_usertype)
-
-	# for running TeX programs
-	miscfiles_read_tetex_data($1_usertype)
-	miscfiles_exec_tetex_data($1_usertype)
-
-	seutil_read_config($1_usertype)
-
-	optional_policy(`
-		cups_read_config($1_usertype)
-		cups_stream_connect($1_usertype)
-		cups_stream_connect_ptal($1_usertype)
-	')
-
-	optional_policy(`
-		kerberos_use($1_usertype)
-		kerberos_connect_524($1_usertype)
-	')
-
-	optional_policy(`
-		mta_dontaudit_read_spool_symlinks($1_usertype)
-	')
-
-	optional_policy(`
-		quota_dontaudit_getattr_db($1_usertype)
-	')
-
-	optional_policy(`
-		rpm_read_db($1_usertype)
-		rpm_dontaudit_manage_db($1_usertype)
-		rpm_read_cache($1_usertype)
-	')
-
-	optional_policy(`
-		oddjob_run_mkhomedir($1_t, $1_r)
-	')
-')
-
-#######################################
-## <summary>
-##	The template for creating a unprivileged login user.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a user domain, types, and
-##	rules for the user's tty, pty, home directories,
-##	tmp, and tmpfs files.
-##	</p>
-## </desc>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-#
-template(`userdom_restricted_user_template',`
-	gen_require(`
-		attribute unpriv_userdomain;
-	')
-
-	userdom_login_user_template($1)
-
-	typeattribute $1_t unpriv_userdomain;
-	domain_interactive_fd($1_t)
-
-	allow $1_usertype self:netlink_kobject_uevent_socket create_socket_perms;
-	dontaudit $1_usertype self:netlink_audit_socket create_socket_perms;
-
-	##############################
-	#
-	# Local policy
-	#
-
-	optional_policy(`
-		loadkeys_run($1_t,$1_r)
-	')
-')
-
-#######################################
-## <summary>
-##	The template for creating a unprivileged xwindows login user.
-## </summary>
-## <desc>
-##	<p>
-##	The template for creating a unprivileged xwindows login user.
-##	</p>
-##	<p>
-##	This template creates a user domain, types, and
-##	rules for the user's tty, pty, home directories,
-##	tmp, and tmpfs files.
-##	</p>
-## </desc>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-#
-template(`userdom_restricted_xwindows_user_template',`
-
-	userdom_restricted_user_template($1)
-
-	##############################
-	#
-	# Local policy
-	#
-
-	auth_role($1_r, $1_t)
-	auth_search_pam_console_data($1_usertype)
-	auth_dontaudit_read_login_records($1_usertype)
-
-	dev_read_sound($1_usertype)
-	dev_write_sound($1_usertype)
-	# gnome keyring wants to read this.
-	dev_dontaudit_read_rand($1_usertype)
-	# temporarily allow since openoffice requires this
-	dev_read_rand($1_usertype)
-
-	dev_read_video_dev($1_usertype)
-	dev_write_video_dev($1_usertype)
-	dev_rw_wireless($1_usertype)
-
-	tunable_policy(`user_rw_noexattrfile',`
-		dev_rw_usbfs($1_t)
-		dev_rw_generic_usb_dev($1_usertype)
-
-		fs_manage_noxattr_fs_files($1_usertype)
-		fs_manage_noxattr_fs_dirs($1_usertype)
-		fs_manage_dos_dirs($1_usertype)
-		fs_manage_dos_files($1_usertype)
-		storage_raw_read_removable_device($1_usertype)
-		storage_raw_write_removable_device($1_usertype)
-	')
-
-	logging_send_syslog_msg($1_usertype)
-	logging_dontaudit_send_audit_msgs($1_t)
-
-	# Need to to this just so screensaver will work. Should be moved to screensaver domain
-	logging_send_audit_msgs($1_t)
-	selinux_get_enforce_mode($1_t)
-	seutil_exec_restorecond($1_t)
-	seutil_read_file_contexts($1_t)
-	seutil_read_default_contexts($1_t)
-
-	xserver_restricted_role($1_r, $1_t)
-
-	optional_policy(`
-		alsa_read_rw_config($1_usertype)
-	')
-
-	optional_policy(`
-		dbus_role_template($1, $1_r, $1_usertype)
-		dbus_system_bus_client($1_usertype)
-		allow $1_usertype $1_usertype:dbus send_msg;
-
-		optional_policy(`
-			abrt_dbus_chat($1_usertype)
-			abrt_run_helper($1_usertype, $1_r)
-		')
-
-		optional_policy(`
-			consolekit_dontaudit_read_log($1_usertype)
-			consolekit_dbus_chat($1_usertype)
-		')
-
-		optional_policy(`
-			cups_dbus_chat($1_usertype)
-			cups_dbus_chat_config($1_usertype)
-		')
-
-		optional_policy(`
-			devicekit_dbus_chat($1_usertype)
-			devicekit_dbus_chat_disk($1_usertype)
-			devicekit_dbus_chat_power($1_usertype)
-		')
-
-		optional_policy(`
-			fprintd_dbus_chat($1_t)
-		')
-	')
-
-	optional_policy(`
-		openoffice_role_template($1, $1_r, $1_usertype)
-	')
-
-	optional_policy(`
-		policykit_role($1_r, $1_usertype)
-	')
-
-	optional_policy(`
-		pulseaudio_role($1_r, $1_usertype)
-	')
-
-	optional_policy(`
-		rtkit_scheduled($1_usertype)
-	')
-
-	optional_policy(`
-		setroubleshoot_dontaudit_stream_connect($1_t)
-        ')
-
-	optional_policy(`
-		udev_read_db($1_usertype)
-        ')
-
-	optional_policy(`
-		wm_role_template($1, $1_r, $1_t)
-	')
-')
-
-#######################################
-## <summary>
-##	The template for creating a unprivileged user roughly
-##	equivalent to a regular linux user.
-## </summary>
-## <desc>
-##	<p>
-##	The template for creating a unprivileged user roughly
-##	equivalent to a regular linux user.
-##	</p>
-##	<p>
-##	This template creates a user domain, types, and
-##	rules for the user's tty, pty, home directories,
-##	tmp, and tmpfs files.
-##	</p>
-## </desc>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-#
-template(`userdom_unpriv_user_template', `
-
-	##############################
-	#
-	# Declarations
-	#
-
-	# Inherit rules for ordinary users.
-	userdom_restricted_xwindows_user_template($1)
-	userdom_common_user_template($1)
-
-	##############################
-	#
-	# Local policy
-	#
-
-	# port access is audited even if dac would not have allowed it, so dontaudit it here
-#	corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
-	# Need the following rule to allow users to run vpnc
-	corenet_tcp_bind_xserver_port($1_t)
-	corenet_tcp_bind_all_nodes($1_usertype)
-
-	storage_rw_fuse($1_t)
-
-	miscfiles_read_hwdata($1_usertype)
-
-	# Allow users to run TCP servers (bind to ports and accept connection from
-	# the same domain and outside users) disabling this forces FTP passive mode
-	# and may change other protocols
-	tunable_policy(`user_tcp_server',`
-		corenet_tcp_bind_all_unreserved_ports($1_usertype)
-	')
-
-	tunable_policy(`user_setrlimit',`
-		allow $1_usertype self:process setrlimit;
-	')
-
-	optional_policy(`
-		cdrecord_role($1_r, $1_t)
-	')
-
-	optional_policy(`
-		cron_role($1_r, $1_t)
-	')
-
-	optional_policy(`
-		games_rw_data($1_usertype)
-	')
-
-	optional_policy(`
-		gpg_role($1_r, $1_usertype)
-	')
-
-	optional_policy(`
-		gnomeclock_dbus_chat($1_t)
-	')
-
-	optional_policy(`
-		gpm_stream_connect($1_usertype)
-	')
-
-	optional_policy(`
-		execmem_role_template($1, $1_r, $1_t)
-	')
-
-	optional_policy(`
-		java_role_template($1, $1_r, $1_t)
-	')
-
-	optional_policy(`
-		mono_role_template($1, $1_r, $1_t)
-	')
-
-	optional_policy(`
-		mount_run_fusermount($1_t, $1_r)
-	')
-
-	optional_policy(`
-		wine_role_template($1, $1_r, $1_t)
-	')
-
-	optional_policy(`
-		postfix_run_postdrop($1_t, $1_r)
-	')
-
-	# Run pppd in pppd_t by default for user
-	optional_policy(`
-		ppp_run_cond($1_t, $1_r)
-	')
-')
-
-#######################################
-## <summary>
-##	The template for creating an administrative user.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a user domain, types, and
-##	rules for the user's tty, pty, home directories,
-##	tmp, and tmpfs files.
-##	</p>
-##	<p>
-##	The privileges given to administrative users are:
-##	<ul>
-##		<li>Raw disk access</li>
-##		<li>Set all sysctls</li>
-##		<li>All kernel ring buffer controls</li>
-##		<li>Create, read, write, and delete all files but shadow</li>
-##		<li>Manage source and binary format SELinux policy</li>
-##		<li>Run insmod</li>
-##	</ul>
-##	</p>
-## </desc>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., sysadm
-##	is the prefix for sysadm_t).
-##	</summary>
-## </param>
-#
-template(`userdom_admin_user_template',`
-	gen_require(`
-		attribute admindomain;
-		class passwd { passwd chfn chsh rootok crontab };
-	')
-
-	##############################
-	#
-	# Declarations
-	#
-
-	# Inherit rules for ordinary users.
-	userdom_login_user_template($1)
-	userdom_common_user_template($1)
-
-	domain_obj_id_change_exemption($1_t)
-	role system_r types $1_t;
-
-	typeattribute $1_t admindomain;
-
-	ifdef(`direct_sysadm_daemon',`
-		domain_system_change_exemption($1_t)
-	')
-
-	##############################
-	#
-	# $1_t local policy
-	#
-
-	allow $1_t self:capability ~{ sys_module audit_control audit_write };
-	allow $1_t self:process { setexec setfscreate };
-	allow $1_t self:netlink_audit_socket nlmsg_readpriv;
-	allow $1_t self:tun_socket create;
-	# Set password information for other users.
-	allow $1_t self:passwd { passwd chfn chsh };
-	# Skip authentication when pam_rootok is specified.
-	allow $1_t self:passwd rootok;
-
-	# Manipulate other users crontab.
-	allow $1_t self:passwd crontab;
-
-	kernel_read_software_raid_state($1_t)
-	kernel_getattr_core_if($1_t)
-	kernel_getattr_message_if($1_t)
-	kernel_change_ring_buffer_level($1_t)
-	kernel_clear_ring_buffer($1_t)
-	kernel_read_ring_buffer($1_t)
-	kernel_get_sysvipc_info($1_t)
-	kernel_rw_all_sysctls($1_t)
-	# signal unlabeled processes:
-	kernel_kill_unlabeled($1_t)
-	kernel_signal_unlabeled($1_t)
-	kernel_sigstop_unlabeled($1_t)
-	kernel_signull_unlabeled($1_t)
-	kernel_sigchld_unlabeled($1_t)
-	kernel_signal($1_t)
-
-	corenet_tcp_bind_generic_port($1_t)
-	# allow setting up tunnels
-	corenet_rw_tun_tap_dev($1_t)
-
-	dev_getattr_generic_blk_files($1_t)
-	dev_getattr_generic_chr_files($1_t)
-	# for lsof
-	dev_getattr_mtrr_dev($1_t)
-	# Allow MAKEDEV to work
-	dev_create_all_blk_files($1_t)
-	dev_create_all_chr_files($1_t)
-	dev_delete_all_blk_files($1_t)
-	dev_delete_all_chr_files($1_t)
-	dev_rename_all_blk_files($1_t)
-	dev_rename_all_chr_files($1_t)
-	dev_create_generic_symlinks($1_t)
-
-	domain_setpriority_all_domains($1_t)
-	domain_read_all_domains_state($1_t)
-	domain_getattr_all_domains($1_t)
-	domain_dontaudit_ptrace_all_domains($1_t)
-	# signal all domains:
-	domain_kill_all_domains($1_t)
-	domain_signal_all_domains($1_t)
-	domain_signull_all_domains($1_t)
-	domain_sigstop_all_domains($1_t)
-	domain_sigstop_all_domains($1_t)
-	domain_sigchld_all_domains($1_t)
-	# for lsof
-	domain_getattr_all_sockets($1_t)
-	domain_dontaudit_getattr_all_sockets($1_t)
-
-	files_exec_usr_src_files($1_t)
-
-	fs_getattr_all_fs($1_t)
-	fs_getattr_all_files($1_t)
-	fs_list_all($1_t)
-	fs_set_all_quotas($1_t)
-	fs_exec_noxattr($1_t)
-
-	storage_raw_read_removable_device($1_t)
-	storage_raw_write_removable_device($1_t)
-
-	term_use_all_terms($1_t)
-
-	auth_getattr_shadow($1_t)
-	# Manage almost all files
-	auth_manage_all_files_except_shadow($1_t)
-	# Relabel almost all files
-	auth_relabel_all_files_except_shadow($1_t)
-
-	init_telinit($1_t)
-
-	logging_send_syslog_msg($1_t)
-
-	modutils_domtrans_insmod($1_t)
-	modutils_domtrans_depmod($1_t)
-
-	# The following rule is temporary until such time that a complete
-	# policy management infrastructure is in place so that an administrator
-	# cannot directly manipulate policy files with arbitrary programs.
-	seutil_manage_src_policy($1_t)
-	# Violates the goal of limiting write access to checkpolicy.
-	# But presently necessary for installing the file_contexts file.
-	seutil_manage_bin_policy($1_t)
-
-	userdom_manage_user_home_content_dirs($1_t)
-	userdom_manage_user_home_content_files($1_t)
-	userdom_manage_user_home_content_symlinks($1_t)
-	userdom_manage_user_home_content_pipes($1_t)
-	userdom_manage_user_home_content_sockets($1_t)
-	userdom_user_home_dir_filetrans_user_home_content($1_t, { dir file lnk_file fifo_file sock_file })
-
-	tunable_policy(`user_rw_noexattrfile',`
-		fs_manage_noxattr_fs_files($1_t)
-		fs_manage_noxattr_fs_dirs($1_t)
-	',`
-		fs_read_noxattr_fs_files($1_t)
-	')
-
-	optional_policy(`
-		postgresql_unconfined($1_t)
-	')
-
-	optional_policy(`
-		userhelper_exec($1_t)
-	')
-')
-
-########################################
-## <summary>
-##	Allow user to run as a secadm
-## </summary>
-## <desc>
-##	<p>
-##	Create objects in a user home directory
-##	with an automatic type transition to
-##	a specified private type.
-##	</p>
-##	<p>
-##	This is a templated interface, and should only
-##	be called from a per-userdomain template.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role  of the object to create.
-##	</summary>
-## </param>
-#
-template(`userdom_security_admin_template',`
-	allow $1 self:capability { dac_read_search dac_override };
-
-	corecmd_exec_shell($1)
-
-	domain_obj_id_change_exemption($1)
-
-	dev_relabel_all_dev_nodes($1)
-
-	files_create_boot_flag($1)
-	files_create_default_dir($1)
-	files_root_filetrans_default($1, dir)
-
-	# Necessary for managing /boot/efi
-	fs_manage_dos_files($1)
-
-	mls_process_read_up($1)
-	mls_file_read_all_levels($1)
-	mls_file_upgrade($1)
-	mls_file_downgrade($1)
-
-	selinux_set_enforce_mode($1)
-	selinux_set_all_booleans($1)
-	selinux_set_parameters($1)
-
-	auth_relabel_all_files_except_shadow($1)
-	auth_relabel_shadow($1)
-
-	init_exec($1)
-
-	logging_send_syslog_msg($1)
-	logging_read_audit_log($1)
-	logging_read_generic_logs($1)
-	logging_read_audit_config($1)
-
-	seutil_manage_bin_policy($1)
-	seutil_run_checkpolicy($1,$2)
-	seutil_run_loadpolicy($1,$2)
-	seutil_run_semanage($1,$2)
-	seutil_run_setsebool($1,$2)
-	seutil_run_setfiles($1, $2)
-
-	optional_policy(`
-		aide_run($1,$2)
-	')
-
-	optional_policy(`
-		consoletype_exec($1)
-	')
-
-	optional_policy(`
-		dmesg_exec($1)
-	')
-
-	optional_policy(`	
-		ipsec_run_setkey($1,$2)
-	')
-
-	optional_policy(`
-		netlabel_run_mgmt($1,$2)
-	')
-')
-
-########################################
-## <summary>
-##	Make the specified type usable in a
-##	user home directory.
-## </summary>
-## <param name="type">
-##	<summary>
-##	Type to be used as a file in the
-##	user home directory.
-##	</summary>
-## </param>
-#
-interface(`userdom_user_home_content',`
-	gen_require(`
-		type user_home_t;
-		attribute user_home_type;
-	')
-
-	allow $1 user_home_t:filesystem associate;
-	files_type($1)
-	ubac_constrained($1)
-
-	files_poly_member($1)
-	typeattribute $1  user_home_type;
-')
-
-########################################
-## <summary>
-##	Allow domain to attach to TUN devices created by administrative users.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_attach_admin_tun_iface',`
-	gen_require(`
-		attribute admindomain;
-	')
-
-	allow $1 admindomain:tun_socket relabelfrom;
-	allow $1 self:tun_socket relabelto;
-')
-
-########################################
-## <summary>
-##	Set the attributes of a user pty.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_setattr_user_ptys',`
-	gen_require(`
-		type user_devpts_t;
-	')
-
-	allow $1 user_devpts_t:chr_file setattr_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Create a user pty.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_create_user_pty',`
-	gen_require(`
-		type user_devpts_t;
-	')
-
-	term_create_pty($1, user_devpts_t)
-')
-
-########################################
-## <summary>
-##	Get the attributes of user home directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_getattr_user_home_dirs',`
-	gen_require(`
-		type user_home_dir_t;
-	')
-
-	allow $1 user_home_dir_t:dir getattr_dir_perms;
-	files_search_home($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes of user home directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_getattr_user_home_dirs',`
-	gen_require(`
-		type user_home_dir_t;
-	')
-
-	dontaudit $1 user_home_dir_t:dir getattr_dir_perms;
-')
-
-########################################
-## <summary>
-##	Search user home directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_search_user_home_dirs',`
-	gen_require(`
-		type user_home_dir_t;
-	')
-
-	allow $1 user_home_dir_t:dir search_dir_perms;
-	allow $1 user_home_dir_t:lnk_file read_lnk_file_perms;
-	files_search_home($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search user home directories.
-## </summary>
-## <desc>
-##	<p>
-##	Do not audit attempts to search user home directories.
-##	This will supress SELinux denial messages when the specified
-##	domain is denied the permission to search these directories.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`userdom_dontaudit_search_user_home_dirs',`
-	gen_require(`
-		type user_home_dir_t;
-	')
-
-	dontaudit $1 user_home_dir_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	List user home directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_list_user_home_dirs',`
-	gen_require(`
-		type user_home_dir_t;
-	')
-
-	allow $1 user_home_dir_t:dir list_dir_perms;
-	files_search_home($1)
-
-	tunable_policy(`use_nfs_home_dirs',`
-		fs_list_nfs($1)
-	')
-
-	tunable_policy(`use_samba_home_dirs',`
-		fs_list_cifs($1)
-	')
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to list user home subdirectories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_list_user_home_dirs',`
-	gen_require(`
-		type user_home_dir_t;
-		type user_home_t;
-	')
-
-	dontaudit $1 user_home_dir_t:dir list_dir_perms;
-	dontaudit $1 user_home_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create user home directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_create_user_home_dirs',`
-	gen_require(`
-		type user_home_dir_t;
-	')
-
-	allow $1 user_home_dir_t:dir create_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create user home directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_manage_user_home_dirs',`
-	gen_require(`
-		type user_home_dir_t;
-	')
-
-	allow $1 user_home_dir_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Relabel to user home directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_relabelto_user_home_dirs',`
-	gen_require(`
-		type user_home_dir_t;
-	')
-
-	allow $1 user_home_dir_t:dir relabelto;
-')
-
-
-########################################
-## <summary>
-##	Relabel to user home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_relabelto_user_home_files',`
-	gen_require(`
-		type user_home_t;
-	')
-
-	allow $1 user_home_t:file relabelto;
-')
-########################################
-## <summary>
-##	Relabel user home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_relabel_user_home_files',`
-	gen_require(`
-		type user_home_t;
-	')
-
-	allow $1 user_home_t:file relabel_file_perms;
-')
-
-########################################
-## <summary>
-##	Create directories in the home dir root with
-##	the user home directory type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_home_filetrans_user_home_dir',`
-	gen_require(`
-		type user_home_dir_t;
-	')
-
-	files_home_filetrans($1, user_home_dir_t, dir)
-')
-
-########################################
-## <summary>
-##	Do a domain transition to the specified
-##	domain when executing a program in the
-##	user home directory.
-## </summary>
-## <desc>
-##	<p>
-##	Do a domain transition to the specified
-##	domain when executing a program in the
-##	user home directory.
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-## </desc>
-## <param name="source_domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	Domain to transition to.
-##	</summary>
-## </param>
-#
-interface(`userdom_user_home_domtrans',`
-	gen_require(`
-		type user_home_dir_t, user_home_t;
-	')
-
-	domain_auto_trans($1, user_home_t, $2)
-	allow $1 user_home_dir_t:dir search_dir_perms;
-	files_search_home($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search user home content directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_search_user_home_content',`
-	gen_require(`
-		type user_home_t;
-	')
-
-	dontaudit $1 user_home_t:dir search_dir_perms;
-	fs_dontaudit_list_nfs($1)
-	fs_dontaudit_list_cifs($1)
-')
-
-########################################
-## <summary>
-##	List contents of users home directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_list_user_home_content',`
-	gen_require(`
-		type user_home_dir_t;
-		attribute user_home_type;
-	')
-
-	files_list_home($1)
-	allow $1 { user_home_dir_t user_home_type }:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete directories
-##	in a user home subdirectory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_manage_user_home_content_dirs',`
-	gen_require(`
-		type user_home_dir_t, user_home_t;
-	')
-
-	manage_dirs_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
-	files_search_home($1)
-')
-
-########################################
-## <summary>
-##	Delete directories in a user home subdirectory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_delete_user_home_content_dirs',`
-	gen_require(`
-		type user_home_t;
-	')
-
-	allow $1 user_home_t:dir delete_dir_perms;
-')
-
-########################################
-## <summary>
-##	Set the attributes of user home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`userdom_setattr_user_home_content_files',`
-	gen_require(`
-		type user_home_t;
-	')
-
-	allow $1 user_home_t:file setattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to set the
-##	attributes of user home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_setattr_user_home_content_files',`
-	gen_require(`
-		type user_home_t;
-	')
-
-	dontaudit $1 user_home_t:file setattr_file_perms;
-')
-
-########################################
-## <summary>
-##	Mmap user home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_mmap_user_home_content_files',`
-	gen_require(`
-		type user_home_dir_t, user_home_t;
-	')
-
-	mmap_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
-	files_search_home($1)
-')
-
-########################################
-## <summary>
-##	Read user home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_read_user_home_content_files',`
-	gen_require(`
-		type user_home_dir_t, user_home_t;
-	')
-
-	list_dirs_pattern($1, { user_home_dir_t user_home_t }, { user_home_dir_t user_home_t })
-	read_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
-	files_search_home($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to getattr user home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_getattr_user_home_content',`
-	gen_require(`
-		attribute user_home_type;
-	')
-
-	dontaudit $1 user_home_type:dir getattr;
-	dontaudit $1 user_home_type:file getattr;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read user home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_read_user_home_content_files',`
-	gen_require(`
-		attribute user_home_type;
-		type user_home_dir_t;
-	')
-
-	dontaudit $1 user_home_dir_t:dir list_dir_perms;
-	dontaudit $1 user_home_type:dir list_dir_perms;
-	dontaudit $1 user_home_type:file read_file_perms;
-	dontaudit $1 user_home_type:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to append user home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_append_user_home_content_files',`
-	gen_require(`
-		type user_home_t;
-	')
-
-	dontaudit $1 user_home_t:file append_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write user home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_write_user_home_content_files',`
-	gen_require(`
-		type user_home_t;
-	')
-
-	dontaudit $1 user_home_t:file write_file_perms;
-')
-
-########################################
-## <summary>
-##	Delete files in a user home subdirectory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_delete_user_home_content_files',`
-	gen_require(`
-		type user_home_t;
-	')
-
-	allow $1 user_home_t:file delete_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write user home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_relabel_user_home_content_files',`
-	gen_require(`
-		type user_home_t;
-	')
-
-	dontaudit $1 user_home_t:file relabel_file_perms;
-')
-
-########################################
-## <summary>
-##	Read user home subdirectory symbolic links.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_read_user_home_content_symlinks',`
-	gen_require(`
-		type user_home_dir_t, user_home_t;
-	')
-
-	allow $1 { user_home_dir_t user_home_t }:lnk_file  read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Execute user home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`userdom_exec_user_home_content_files',`
-	gen_require(`
-		type user_home_dir_t;
-		attribute user_home_type;
-	')
-
-	files_search_home($1)
-	exec_files_pattern($1, { user_home_dir_t user_home_type }, user_home_type)
-	dontaudit $1 user_home_type:sock_file execute;
-	')
-
-########################################
-## <summary>
-##	Do not audit attempts to execute user home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_exec_user_home_content_files',`
-	gen_require(`
-		type user_home_t;
-	')
-
-	dontaudit $1 user_home_t:file exec_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete files
-##	in a user home subdirectory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_manage_user_home_content_files',`
-	gen_require(`
-		type user_home_dir_t, user_home_t;
-	')
-
-	manage_files_pattern($1, user_home_t, user_home_t)
-	allow $1 user_home_dir_t:dir search_dir_perms;
-	files_search_home($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to create, read, write, and delete directories
-##	in a user home subdirectory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_manage_user_home_content_dirs',`
-	gen_require(`
-		type user_home_dir_t, user_home_t;
-	')
-
-	dontaudit $1 user_home_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete symbolic links
-##	in a user home subdirectory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_manage_user_home_content_symlinks',`
-	gen_require(`
-		type user_home_dir_t, user_home_t;
-	')
-
-	manage_lnk_files_pattern($1, user_home_t, user_home_t)
-	allow $1 user_home_dir_t:dir search_dir_perms;
-	files_search_home($1)
-')
-
-########################################
-## <summary>
-##	Delete symbolic links in a user home directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_delete_user_home_content_symlinks',`
-	gen_require(`
-		type user_home_t;
-	')
-
-	allow $1 user_home_t:lnk_file delete_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete named pipes
-##	in a user home subdirectory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_manage_user_home_content_pipes',`
-	gen_require(`
-		type user_home_dir_t, user_home_t;
-	')
-
-	manage_fifo_files_pattern($1, user_home_t, user_home_t)
-	allow $1 user_home_dir_t:dir search_dir_perms;
-	files_search_home($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete named sockets
-##	in a user home subdirectory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_manage_user_home_content_sockets',`
-	gen_require(`
-		type user_home_dir_t, user_home_t;
-	')
-
-	allow $1 user_home_dir_t:dir search_dir_perms;
-	manage_sock_files_pattern($1, user_home_t, user_home_t)
-	files_search_home($1)
-')
-
-########################################
-## <summary>
-##	Create objects in a user home directory
-##	with an automatic type transition to
-##	a specified private type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private_type">
-##	<summary>
-##	The type of the object to create.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The class of the object to be created.
-##	</summary>
-## </param>
-#
-interface(`userdom_user_home_dir_filetrans',`
-	gen_require(`
-		type user_home_dir_t;
-	')
-
-	filetrans_pattern($1, user_home_dir_t, $2, $3)
-	files_search_home($1)
-')
-
-########################################
-## <summary>
-##	Create objects in a user home directory
-##	with an automatic type transition to
-##	a specified private type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private_type">
-##	<summary>
-##	The type of the object to create.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The class of the object to be created.
-##	</summary>
-## </param>
-#
-interface(`userdom_user_home_content_filetrans',`
-	gen_require(`
-		type user_home_dir_t, user_home_t;
-	')
-
-	filetrans_pattern($1, user_home_t, $2, $3)
-	allow $1 user_home_dir_t:dir search_dir_perms;
-	files_search_home($1)
-')
-
-########################################
-## <summary>
-##	Create objects in a user home directory
-##	with an automatic type transition to
-##	the user home file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The class of the object to be created.
-##	</summary>
-## </param>
-#
-interface(`userdom_user_home_dir_filetrans_user_home_content',`
-	gen_require(`
-		type user_home_dir_t, user_home_t;
-	')
-
-	filetrans_pattern($1, user_home_dir_t, user_home_t, $2)
-	files_search_home($1)
-')
-
-########################################
-## <summary>
-##	Write to user temporary named sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_write_user_tmp_sockets',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	allow $1 user_tmp_t:sock_file write_sock_file_perms;
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	List user temporary directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_list_user_tmp',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	allow $1 user_tmp_t:dir list_dir_perms;
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to list user
-##	temporary directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_list_user_tmp',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	dontaudit $1 user_tmp_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to manage users
-##	temporary directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_manage_user_tmp_dirs',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	dontaudit $1 user_tmp_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read user temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_read_user_tmp_files',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	read_files_pattern($1, user_tmp_t, user_tmp_t)
-	allow $1 user_tmp_t:dir list_dir_perms;
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read users
-##	temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_read_user_tmp_files',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	dontaudit $1 user_tmp_t:file read_inherited_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to append users
-##	temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_append_user_tmp_files',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	dontaudit $1 user_tmp_t:file append_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write user temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_rw_user_tmp_files',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	allow $1 user_tmp_t:dir list_dir_perms;
-	rw_files_pattern($1, user_tmp_t, user_tmp_t)
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to manage users
-##	temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_manage_user_tmp_files',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	dontaudit $1 user_tmp_t:file manage_file_perms;
-')
-
-########################################
-## <summary>
-##	Read user temporary symbolic links.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_read_user_tmp_symlinks',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	read_lnk_files_pattern($1, user_tmp_t, user_tmp_t)
-	allow $1 user_tmp_t:dir list_dir_perms;
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete user
-##	temporary directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_manage_user_tmp_dirs',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	manage_dirs_pattern($1, user_tmp_t, user_tmp_t)
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete user
-##	temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_manage_user_tmp_files',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	manage_files_pattern($1, user_tmp_t, user_tmp_t)
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete user
-##	temporary symbolic links.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_manage_user_tmp_symlinks',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	manage_lnk_files_pattern($1, user_tmp_t, user_tmp_t)
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete user
-##	temporary named pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_manage_user_tmp_pipes',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	manage_fifo_files_pattern($1, user_tmp_t, user_tmp_t)
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete user
-##	temporary named sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_manage_user_tmp_sockets',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	manage_sock_files_pattern($1, user_tmp_t, user_tmp_t)
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	Create objects in a user temporary directory
-##	with an automatic type transition to
-##	a specified private type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private_type">
-##	<summary>
-##	The type of the object to create.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The class of the object to be created.
-##	</summary>
-## </param>
-#
-interface(`userdom_user_tmp_filetrans',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	filetrans_pattern($1, user_tmp_t, $2, $3)
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	Create objects in the temporary directory
-##	with an automatic type transition to
-##	the user temporary type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The class of the object to be created.
-##	</summary>
-## </param>
-#
-interface(`userdom_tmp_filetrans_user_tmp',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	files_tmp_filetrans($1, user_tmp_t, $2)
-')
-
-########################################
-## <summary>
-##	Read user tmpfs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_read_user_tmpfs_files',`
-	gen_require(`
-		type user_tmpfs_t;
-	')
-
-	read_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
-	read_lnk_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
-	allow $1 user_tmpfs_t:dir list_dir_perms;
-	fs_search_tmpfs($1)
-')
-
-########################################
-## <summary>
-##	Read/Write user tmpfs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_rw_user_tmpfs_files',`
-	gen_require(`
-		type user_tmpfs_t;
-	')
-
-	rw_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
-	read_lnk_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
-	allow $1 user_tmpfs_t:dir list_dir_perms;
-	fs_search_tmpfs($1)
-')
-
-########################################
-## <summary>
-##	Get the attributes of a user domain tty.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_getattr_user_ttys',`
-	gen_require(`
-		type user_tty_device_t;
-	')
-
-	allow $1 user_tty_device_t:chr_file getattr_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes of a user domain tty.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_getattr_user_ttys',`
-	gen_require(`
-		type user_tty_device_t;
-	')
-
-	dontaudit $1 user_tty_device_t:chr_file getattr_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Set the attributes of a user domain tty.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_setattr_user_ttys',`
-	gen_require(`
-		type user_tty_device_t;
-	')
-
-	allow $1 user_tty_device_t:chr_file setattr_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to set the attributes of a user domain tty.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_setattr_user_ttys',`
-	gen_require(`
-		type user_tty_device_t;
-	')
-
-	dontaudit $1 user_tty_device_t:chr_file setattr_chr_file_perms;
-')
-
-########################################
-## <summary>
-##	Read and write a user domain tty.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_use_user_ttys',`
-	gen_require(`
-		type user_tty_device_t;
-	')
-
-	allow $1 user_tty_device_t:chr_file rw_term_perms;
-')
-
-########################################
-## <summary>
-##	Read and write a user domain pty.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_use_user_ptys',`
-	gen_require(`
-		type user_devpts_t;
-	')
-
-	allow $1 user_devpts_t:chr_file rw_term_perms;
-')
-
-########################################
-## <summary>
-##	Read and write a user TTYs and PTYs.
-## </summary>
-## <desc>
-##	<p>
-##	Allow the specified domain to read and write user
-##	TTYs and PTYs. This will allow the domain to
-##	interact with the user via the terminal. Typically
-##	all interactive applications will require this
-##	access.
-##	</p>
-##	<p>
-##	However, this also allows the applications to spy
-##	on user sessions or inject information into the
-##	user session.  Thus, this access should likely
-##	not be allowed for non-interactive domains.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <infoflow type="both" weight="10"/>
-#
-interface(`userdom_use_user_terminals',`
-	gen_require(`
-		type user_tty_device_t, user_devpts_t;
-	')
-
-	allow $1 user_tty_device_t:chr_file rw_term_perms;
-	allow $1 user_devpts_t:chr_file rw_term_perms;
-	term_list_ptys($1)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write
-##	a user domain tty and pty.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_use_user_terminals',`
-	gen_require(`
-		type user_tty_device_t, user_devpts_t;
-	')
-
-	dontaudit $1 user_tty_device_t:chr_file rw_term_perms;
-	dontaudit $1 user_devpts_t:chr_file rw_term_perms;
-')
-
-########################################
-## <summary>
-##	Execute a shell in all user domains.  This
-##	is an explicit transition, requiring the
-##	caller to use setexeccon().
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`userdom_spec_domtrans_all_users',`
-	gen_require(`
-		attribute userdomain;
-	')
-
-	corecmd_shell_spec_domtrans($1, userdomain)
-	allow userdomain $1:fd use;
-	allow userdomain $1:fifo_file rw_file_perms;
-	allow userdomain $1:process sigchld;
-')
-
-########################################
-## <summary>
-##	Execute an Xserver session in all unprivileged user domains.  This
-##	is an explicit transition, requiring the
-##	caller to use setexeccon().
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`userdom_xsession_spec_domtrans_all_users',`
-	gen_require(`
-		attribute userdomain;
-	')
-
-	xserver_xsession_spec_domtrans($1, userdomain)
-	allow userdomain $1:fd use;
-	allow userdomain $1:fifo_file rw_file_perms;
-	allow userdomain $1:process sigchld;
-')
-
-########################################
-## <summary>
-##	Execute a shell in all unprivileged user domains.  This
-##	is an explicit transition, requiring the
-##	caller to use setexeccon().
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`userdom_spec_domtrans_unpriv_users',`
-	gen_require(`
-		attribute unpriv_userdomain;
-	')
-
-	corecmd_shell_spec_domtrans($1, unpriv_userdomain)
-	allow unpriv_userdomain $1:fd use;
-	allow unpriv_userdomain $1:fifo_file rw_file_perms;
-	allow unpriv_userdomain $1:process sigchld;
-')
-
-########################################
-## <summary>
-##	Execute an Xserver session in all unprivileged user domains.  This
-##	is an explicit transition, requiring the
-##	caller to use setexeccon().
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`userdom_xsession_spec_domtrans_unpriv_users',`
-	gen_require(`
-		attribute unpriv_userdomain;
-	')
-
-	xserver_xsession_spec_domtrans($1, unpriv_userdomain)
-	allow unpriv_userdomain $1:fd use;
-	allow unpriv_userdomain $1:fifo_file rw_file_perms;
-	allow unpriv_userdomain $1:process sigchld;
-')
-
-########################################
-## <summary>
-##	Manage unpriviledged user SysV sempaphores.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_manage_unpriv_user_semaphores',`
-	gen_require(`
-		attribute unpriv_userdomain;
-	')
-
-	allow $1 unpriv_userdomain:sem create_sem_perms;
-')
-
-########################################
-## <summary>
-##	Manage unpriviledged user SysV shared
-##	memory segments.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_manage_unpriv_user_shared_mem',`
-	gen_require(`
-		attribute unpriv_userdomain;
-	')
-
-	allow $1 unpriv_userdomain:shm create_shm_perms;
-')
-
-########################################
-## <summary>
-##	Execute bin_t in the unprivileged user domains. This
-##	is an explicit transition, requiring the
-##	caller to use setexeccon().
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`userdom_bin_spec_domtrans_unpriv_users',`
-	gen_require(`
-		attribute unpriv_userdomain;
-	')
-
-	corecmd_bin_spec_domtrans($1, unpriv_userdomain)
-	allow unpriv_userdomain $1:fd use;
-	allow unpriv_userdomain $1:fifo_file rw_file_perms;
-	allow unpriv_userdomain $1:process sigchld;
-')
-
-########################################
-## <summary>
-##	Execute all entrypoint files in unprivileged user
-##	domains. This is an explicit transition, requiring the
-##	caller to use setexeccon().
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_entry_spec_domtrans_unpriv_users',`
-	gen_require(`
-		attribute unpriv_userdomain;
-	')
-
-	domain_entry_file_spec_domtrans($1, unpriv_userdomain)
-	allow unpriv_userdomain $1:fd use;
-	allow unpriv_userdomain $1:fifo_file rw_fifo_file_perms;
-	allow unpriv_userdomain $1:process sigchld;
-')
-
-########################################
-## <summary>
-##	Search users home directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_search_user_home_content',`
-	gen_require(`
-		type user_home_dir_t;
-		attribute user_home_type;
-	')
-
-	files_list_home($1)
-	allow $1 { user_home_dir_t user_home_type }:dir search_dir_perms;
-	allow $1 { user_home_dir_t user_home_type }:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Send general signals to unprivileged user domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_signal_unpriv_users',`
-	gen_require(`
-		attribute unpriv_userdomain;
-	')
-
-	allow $1 unpriv_userdomain:process signal;
-')
-
-########################################
-## <summary>
-##	Inherit the file descriptors from unprivileged user domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_use_unpriv_users_fds',`
-	gen_require(`
-		attribute unpriv_userdomain;
-	')
-
-	allow $1 unpriv_userdomain:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to inherit the file descriptors
-##	from unprivileged user domains.
-## </summary>
-## <desc>
-##	<p>
-##	Do not audit attempts to inherit the file descriptors
-##	from unprivileged user domains. This will supress
-##	SELinux denial messages when the specified domain is denied
-##	the permission to inherit these file descriptors.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-## <infoflow type="none"/>
-#
-interface(`userdom_dontaudit_use_unpriv_user_fds',`
-	gen_require(`
-		attribute unpriv_userdomain;
-	')
-
-	dontaudit $1 unpriv_userdomain:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to use user ptys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_use_user_ptys',`
-	gen_require(`
-		type user_devpts_t;
-	')
-
-	dontaudit $1 user_devpts_t:chr_file rw_inherited_file_perms;
-')
-
-########################################
-## <summary>
-##	Relabel files to unprivileged user pty types.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_relabelto_user_ptys',`
-	gen_require(`
-		type user_devpts_t;
-	')
-
-	allow $1 user_devpts_t:chr_file relabelto;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to relabel files from
-##	user pty types.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_relabelfrom_user_ptys',`
-	gen_require(`
-		type user_devpts_t;
-	')
-
-	dontaudit $1 user_devpts_t:chr_file relabelfrom;
-')
-
-########################################
-## <summary>
-##	Write all users files in /tmp
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_write_user_tmp_files',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	write_files_pattern($1, user_tmp_t, user_tmp_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to write users
-##	temporary files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_write_user_tmp_files',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	dontaudit $1 user_tmp_t:file write;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read/write users
-##	temporary fifo files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_rw_user_tmp_pipes',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	dontaudit $1 user_tmp_t:fifo_file rw_inherited_fifo_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to use user ttys.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_use_user_ttys',`
-	gen_require(`
-		type user_tty_device_t;
-	')
-
-	dontaudit $1 user_tty_device_t:chr_file rw_file_perms;
-')
-
-########################################
-## <summary>
-##	Read the process state of all user domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_read_all_users_state',`
-	gen_require(`
-		attribute userdomain;
-	')
-
-	read_files_pattern($1, userdomain, userdomain)
-	read_lnk_files_pattern($1,userdomain,userdomain)
-	kernel_search_proc($1)
-')
-
-########################################
-## <summary>
-##	Get the attributes of all user domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_getattr_all_users',`
-	gen_require(`
-		attribute userdomain;
-	')
-
-	allow $1 userdomain:process getattr;
-')
-
-########################################
-## <summary>
-##	Inherit the file descriptors from all user domains
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_use_all_users_fds',`
-	gen_require(`
-		attribute userdomain;
-	')
-
-	allow $1 userdomain:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to inherit the file
-##	descriptors from any user domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_use_all_users_fds',`
-	gen_require(`
-		attribute userdomain;
-	')
-
-	dontaudit $1 userdomain:fd use;
-')
-
-########################################
-## <summary>
-##	Send general signals to all user domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_signal_all_users',`
-	gen_require(`
-		attribute userdomain;
-	')
-
-	allow $1 userdomain:process signal;
-')
-
-########################################
-## <summary>
-##	Send a SIGCHLD signal to all user domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_sigchld_all_users',`
-	gen_require(`
-		attribute userdomain;
-	')
-
-	allow $1 userdomain:process sigchld;
-')
-
-########################################
-## <summary>
-##	Create keys for all user domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_create_all_users_keys',`
-	gen_require(`
-		attribute userdomain;
-	')
-
-	allow $1 userdomain:key create;
-')
-
-########################################
-## <summary>
-##	Send a dbus message to all user domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_dbus_send_all_users',`
-	gen_require(`
-		attribute userdomain;
-		class dbus send_msg;
-	')
-
-	allow $1 userdomain:dbus send_msg;
-')
-
-########################################
-## <summary>
-##	Allow apps to set rlimits on userdomain
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_set_rlimitnh',`
-	gen_require(`
-		attribute userdomain;
-	')
-
-	allow $1 userdomain:process rlimitinh;
-')
-
-########################################
-## <summary>
-##	Define this type as a Allow apps to set rlimits on userdomain
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="userdomain_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-## </summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-template(`userdom_unpriv_usertype',`
-	gen_require(`
-		attribute unpriv_userdomain, userdomain;
-		attribute $1_usertype;
-	')
-	typeattribute $2  $1_usertype;
-	typeattribute $2  unpriv_userdomain;
-	typeattribute $2  userdomain;
-
-	ubac_constrained($2)
-')
-
-########################################
-## <summary>
-##	Connect to users over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_stream_connect',`
-	gen_require(`
-		type user_tmp_t;
-		attribute userdomain;
-	')
-
-	stream_connect_pattern($1, user_tmp_t, user_tmp_t, userdomain)
-')
-
-########################################
-## <summary>
-##	Ptrace user domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_ptrace_all_users',`
-	gen_require(`
-		attribute userdomain;
-	')
-
-	allow $1 userdomain:process ptrace;
-')
-
-########################################
-## <summary>
-##	dontaudit Search /root
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_search_admin_dir',`
-	gen_require(`
-		type admin_home_t;
-	')
-
-	dontaudit $1 admin_home_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	dontaudit list /root
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_list_admin_dir',`
-	gen_require(`
-		type admin_home_t;
-	')
-
-	dontaudit $1 admin_home_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Allow domain to  list /root
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_list_admin_dir',`
-	gen_require(`
-		type admin_home_t;
-	')
-
-	allow $1 admin_home_t:dir list_dir_perms;
-')
-
-########################################
-## <summary>
-##	Allow Search /root
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_search_admin_dir',`
-	gen_require(`
-		type admin_home_t;
-	')
-
-	allow $1 admin_home_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	RW unpriviledged user SysV sempaphores.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_rw_semaphores',`
-	gen_require(`
-		attribute unpriv_userdomain;
-	')
-
-	allow $1 unpriv_userdomain:sem rw_sem_perms;
-')
-
-########################################
-## <summary>
-##	Send a message to unpriv users over a unix domain
-##	datagram socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_dgram_send',`
-	gen_require(`
-		attribute unpriv_userdomain;
-	')
-
-	allow $1 unpriv_userdomain:unix_dgram_socket sendto;
-')
-
-######################################
-## <summary>
-##      Send a message to users over a unix domain
-##      datagram socket.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`userdom_users_dgram_send',`
-        gen_require(`
-                 attribute userdomain;
-      ')
-
-       allow $1 userdomain:unix_dgram_socket sendto;
-')
-
-#######################################
-## <summary>
-##	Allow execmod on files in homedirectory 
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolebase/>
-#
-interface(`userdom_execmod_user_home_files',`
-	gen_require(`
-		type user_home_type;
-	')
-
-	allow $1 user_home_type:file execmod;
-')
-
-########################################
-## <summary>
-##	Read admin home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`userdom_read_admin_home_files',`
-	gen_require(`
-		type admin_home_t;
-	')
-
-	read_files_pattern($1, admin_home_t, admin_home_t)
-')
-
-########################################
-## <summary>
-##	Execute admin home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`userdom_exec_admin_home_files',`
-	gen_require(`
-		type admin_home_t;
-	')
-
-	exec_files_pattern($1, admin_home_t, admin_home_t)
-')
-
-########################################
-## <summary>
-##	Append files inherited
-##	in the /root directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_inherit_append_admin_home_files',`
-	gen_require(`
-		type admin_home_t;
-	')
-
-	allow $1 admin_home_t:file { getattr append };
-')
-
-
-#######################################
-## <summary>
-##	Manage all files/directories in the homedir
-## </summary>
-## <param name="userdomain">
-##	<summary>
-##	The user domain
-##	</summary>
-## </param>
-## <rolebase/>
-#
-interface(`userdom_manage_user_home_content',`
-	gen_require(`
-		type user_home_dir_t, user_home_t;
-		attribute user_home_type;
-	')
-
-	files_list_home($1)
-	manage_dirs_pattern($1, { user_home_dir_t user_home_type }, user_home_type)
-	manage_files_pattern($1, { user_home_dir_t user_home_type }, user_home_type)
-	manage_lnk_files_pattern($1, { user_home_dir_t user_home_type }, user_home_type)
-	manage_sock_files_pattern($1, { user_home_dir_t user_home_type }, user_home_type)
-	manage_fifo_files_pattern($1, { user_home_dir_t user_home_type }, user_home_type)
-	filetrans_pattern($1, user_home_dir_t, user_home_t, { dir file lnk_file sock_file fifo_file })
-
-')
-
-
-########################################
-## <summary>
-##	Create objects in a user home directory
-##	with an automatic type transition to
-##	the user home file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The class of the object to be created.
-##	</summary>
-## </param>
-#
-interface(`userdom_user_home_dir_filetrans_pattern',`
-	gen_require(`
-		type user_home_dir_t, user_home_t;
-	')
-
-	type_transition $1 user_home_dir_t:$2 user_home_t;
-')
-
-########################################
-## <summary>
-##	Create objects in the /root directory
-##	with an automatic type transition to
-##	a specified private type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private_type">
-##	<summary>
-##	The type of the object to create.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The class of the object to be created.
-##	</summary>
-## </param>
-#
-interface(`userdom_admin_home_dir_filetrans',`
-	gen_require(`
-		type admin_home_t;
-	')
-
-	filetrans_pattern($1, admin_home_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Send signull to unprivileged user domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_signull_unpriv_users',`
-	gen_require(`
-		attribute unpriv_userdomain;
-	')
-
-	allow $1 unpriv_userdomain:process signull;
-')
-
-########################################
-## <summary>
-##	Write all users files in /tmp
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_write_user_tmp_dirs',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	write_files_pattern($1, user_tmp_t, user_tmp_t)
-')
-
-########################################
-## <summary>
-##	Manage keys for all user domains.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_manage_all_users_keys',`
-	gen_require(`
-		attribute userdomain;
-	')
-
-	allow $1 userdomain:key manage_key_perms;
-')
-
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write
-##	unserdomain stream.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_rw_stream',`
-	gen_require(`
-		attribute userdomain;
-	')
-
-	dontaudit $1 userdomain:unix_stream_socket rw_socket_perms;
-')
-
-########################################
-## <summary>
-##	Append files
-##	in a user home subdirectory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_append_user_home_content_files',`
-	gen_require(`
-		type user_home_dir_t, user_home_t;
-	')
-
-	append_files_pattern($1, user_home_t, user_home_t)
-	allow $1 user_home_dir_t:dir search_dir_perms;
-	files_search_home($1)
-')
-
-########################################
-## <summary>
-##	Read files inherited
-##	in a user home subdirectory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_read_inherited_user_home_content_files',`
-	gen_require(`
-		attribute user_home_type;
-	')
-
-	allow $1 user_home_type:file { getattr read };
-')
-
-########################################
-## <summary>
-##	Append files inherited
-##	in a user home subdirectory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_inherit_append_user_home_content_files',`
-	gen_require(`
-		type user_home_t;
-	')
-
-	allow $1 user_home_t:file { getattr append };
-')
-
-########################################
-## <summary>
-##	Append files inherited
-##	in a user tmp files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_inherit_append_user_tmp_files',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	allow $1 user_tmp_t:file { getattr append };
-')
-
-######################################
-## <summary>
-##      Read audio files in the users homedir.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-## <rolecap/>
-#
-interface(`userdom_read_home_audio_files',`
-        gen_require(`
-                type audio_home_t;
-        ')
-
-        userdom_search_user_home_dirs($1)
-        allow $1 audio_home_t:dir list_dir_perms;
-        read_files_pattern($1, audio_home_t, audio_home_t)
-        read_lnk_files_pattern($1, audio_home_t, audio_home_t)
-')
-
-########################################
-## <summary>
-##	Read system SSL certificates in the users homedir.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`userdom_read_home_certs',`
-	gen_require(`
-		type home_cert_t;
-	')
-
-	userdom_search_user_home_dirs($1)
-	allow $1 home_cert_t:dir list_dir_perms;
-	read_files_pattern($1, home_cert_t, home_cert_t)
-	read_lnk_files_pattern($1, home_cert_t, home_cert_t)
-')
-
-########################################
-## <summary>
-##	dontaudit Search getatrr /root files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_getattr_admin_home_files',`
-	gen_require(`
-		type admin_home_t;
-	')
-
-	dontaudit $1 admin_home_t:file getattr;
-')
-
-########################################
-## <summary>
-##	dontaudit read /root lnk files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_read_admin_home_lnk_files',`
-	gen_require(`
-		type admin_home_t;
-	')
-
-	dontaudit $1 admin_home_t:lnk_file read;
-')
-
-########################################
-## <summary>
-##	dontaudit read /root files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_read_admin_home_files',`
-	gen_require(`
-		type admin_home_t;
-	')
-
-	dontaudit $1 admin_home_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete user
-##	temporary chr files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_manage_user_tmp_chr_files',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	manage_chr_files_pattern($1, user_tmp_t, user_tmp_t)
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete user
-##	temporary blk files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_manage_user_tmp_blk_files',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	manage_blk_files_pattern($1, user_tmp_t, user_tmp_t)
-	files_search_tmp($1)
-')
-
-########################################
-## <summary>
-##	Dontaudit attempt to set attributes on  user temporary directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_setattr_user_tmp',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	dontaudit $1 user_tmp_t:dir setattr;
-')
-
-########################################
-## <summary>
-##	Write all inherited users files in /tmp
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_write_inherited_user_tmp_files',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	allow $1 user_tmp_t:file write;
-')
-
-########################################
-## <summary>
-##	Delete all users files in /tmp
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_delete_user_tmp_files',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	allow $1 user_tmp_t:file delete_file_perms;
-')
-
-########################################
-## <summary>
-##	Delete user tmpfs files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_delete_user_tmpfs_files',`
-	gen_require(`
-		type user_tmpfs_t;
-	')
-
-	allow $1 user_tmpfs_t:file delete_file_perms;
-')
-
-########################################
-## <summary>
-##	Read/Write unpriviledged user SysV shared
-##	memory segments.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`userdom_rw_unpriv_user_shared_mem',`
-	gen_require(`
-		attribute unpriv_userdomain;
-	')
-
-	allow $1 unpriv_userdomain:shm rw_shm_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to search user
-##	temporary directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`userdom_dontaudit_search_user_tmp',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	dontaudit $1 user_tmp_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Execute a file in a user home directory
-##	in the specified domain.
-## </summary>
-## <desc>
-##	<p>
-##	Execute a file in a user home directory
-##	in the specified domain.
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the new process.
-##	</summary>
-## </param>
-#
-interface(`userdom_domtrans_user_home',`
-	gen_require(`
-		type user_home_t;
-	')
-
-	read_lnk_files_pattern($1, user_home_t, user_home_t)
-	domain_transition_pattern($1, user_home_t, $2)
-	type_transition $1 user_home_t:process $2;
-')
-
-########################################
-## <summary>
-##	Execute a file in a user tmp directory
-##	in the specified domain.
-## </summary>
-## <desc>
-##	<p>
-##	Execute a file in a user tmp directory
-##	in the specified domain.
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the new process.
-##	</summary>
-## </param>
-#
-interface(`userdom_domtrans_user_tmp',`
-	gen_require(`
-		type user_tmp_t;
-	')
-
-	files_search_tmp($1)
-	read_lnk_files_pattern($1, user_tmp_t, user_tmp_t)
-	domain_transition_pattern($1, user_tmp_t, $2)
-	type_transition $1 user_tmp_t:process $2;
-')
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
deleted file mode 100644
index 0aa5ce3..0000000
--- a/policy/modules/system/userdomain.te
+++ /dev/null
@@ -1,137 +0,0 @@
-policy_module(userdomain, 4.4.3)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Allow users to connect to mysql
-## </p>
-## </desc>
-gen_tunable(allow_user_mysql_connect, false)
-
-## <desc>
-## <p>
-## Allow users to connect to PostgreSQL
-## </p>
-## </desc>
-gen_tunable(allow_user_postgresql_connect, false)
-
-## <desc>
-## <p>
-## Allow regular users direct mouse access
-## </p>
-## </desc>
-gen_tunable(user_direct_mouse, false)
-
-## <desc>
-## <p>
-## Allow users to read system messages.
-## </p>
-## </desc>
-gen_tunable(user_dmesg, false)
-
-## <desc>
-## <p>
-## Allow user to r/w files on filesystems
-## that do not have extended attributes (FAT, CDROM, FLOPPY)
-## </p>
-## </desc>
-gen_tunable(user_rw_noexattrfile, false)
-
-## <desc>
-## <p>
-## Allow user processes to change their priority 
-## </p>
-## </desc>
-gen_tunable(user_setrlimit, false)
-
-## <desc>
-## <p>
-## Allow w to display everyone
-## </p>
-## </desc>
-gen_tunable(user_ttyfile_stat, false)
-
-attribute admindomain;
-
-# all user domains
-attribute userdomain;
-
-# unprivileged user domains
-attribute unpriv_userdomain;
-
-attribute untrusted_content_type;
-attribute untrusted_content_tmp_type;
-
-# unprivileged user domains
-attribute user_home_type;
-
-type admin_home_t;
-files_type(admin_home_t)
-files_associate_tmp(admin_home_t)
-fs_associate_tmpfs(admin_home_t)
-files_mountpoint(admin_home_t)
-
-type user_home_dir_t alias { staff_home_dir_t sysadm_home_dir_t secadm_home_dir_t auditadm_home_dir_t unconfined_home_dir_t };
-fs_associate_tmpfs(user_home_dir_t)
-files_type(user_home_dir_t)
-files_mountpoint(user_home_dir_t)
-files_associate_tmp(user_home_dir_t)
-files_poly(user_home_dir_t)
-files_poly_member(user_home_dir_t)
-files_poly_parent(user_home_dir_t)
-ubac_constrained(user_home_dir_t)
-
-type user_home_t alias { staff_home_t sysadm_home_t secadm_home_t auditadm_home_t unconfined_home_t };
-typealias user_home_t alias { staff_untrusted_content_t sysadm_untrusted_content_t secadm_untrusted_content_t auditadm_untrusted_content_t unconfined_untrusted_content_t };
-typeattribute user_home_t user_home_type;
-userdom_user_home_content(user_home_t)
-fs_associate_tmpfs(user_home_t)
-files_associate_tmp(user_home_t)
-files_poly_member(user_home_t)
-files_poly_parent(user_home_t)
-files_mountpoint(user_home_t)
-ubac_constrained(user_home_t)
-
-type user_devpts_t alias { staff_devpts_t sysadm_devpts_t secadm_devpts_t auditadm_devpts_t unconfined_devpts_t };
-dev_node(user_devpts_t)
-files_type(user_devpts_t)
-ubac_constrained(user_devpts_t)
-
-type user_tmp_t alias { winbind_tmp_t sshd_tmp_t staff_tmp_t sysadm_tmp_t secadm_tmp_t auditadm_tmp_t unconfined_tmp_t };
-typealias user_tmp_t alias { staff_untrusted_content_tmp_t sysadm_untrusted_content_tmp_t secadm_untrusted_content_tmp_t auditadm_untrusted_content_tmp_t unconfined_untrusted_content_tmp_t };
-files_tmp_file(user_tmp_t)
-userdom_user_home_content(user_tmp_t)
-
-type user_tmpfs_t alias { staff_tmpfs_t sysadm_tmpfs_t secadm_tmpfs_t auditadm_tmpfs_t unconfined_tmpfs_t };
-files_tmpfs_file(user_tmpfs_t)
-userdom_user_home_content(user_tmpfs_t)
-
-type user_tty_device_t alias { staff_tty_device_t sysadm_tty_device_t secadm_tty_device_t auditadm_tty_device_t unconfined_tty_device_t };
-dev_node(user_tty_device_t)
-ubac_constrained(user_tty_device_t)
-
-type audio_home_t;
-userdom_user_home_content(audio_home_t)
-ubac_constrained(audio_home_t)
-
-type home_bin_t;
-userdom_user_home_content(home_bin_t)
-ubac_constrained(home_bin_t)
-
-type home_cert_t;
-miscfiles_cert_type(home_cert_t)
-userdom_user_home_content(home_cert_t)
-ubac_constrained(home_cert_t)
-
-tunable_policy(`allow_console_login',`
-	term_use_console(userdomain)
-')
-
-allow userdomain userdomain:process signull;
-
-# Nautilus causes this avc
-dontaudit unpriv_userdomain self:dir setattr;
diff --git a/policy/modules/system/xen.fc b/policy/modules/system/xen.fc
deleted file mode 100644
index 744fa64..0000000
--- a/policy/modules/system/xen.fc
+++ /dev/null
@@ -1,37 +0,0 @@
-/dev/xen/tapctrl.*	-p	gen_context(system_u:object_r:xenctl_t,s0)
-
-/usr/sbin/evtchnd	--	gen_context(system_u:object_r:evtchnd_exec_t,s0)
-
-ifdef(`distro_debian',`
-/usr/lib/xen-[^/]*/bin/xenconsoled -- gen_context(system_u:object_r:xenconsoled_exec_t,s0)
-/usr/lib/xen-[^/]*/bin/xend --	gen_context(system_u:object_r:xend_exec_t,s0)
-/usr/lib/xen-[^/]*/bin/xenstored -- gen_context(system_u:object_r:xenstored_exec_t,s0)
-/usr/lib/xen-[^/]*/bin/xm --	gen_context(system_u:object_r:xm_exec_t,s0)
-',`
-/usr/sbin/xenconsoled	--	gen_context(system_u:object_r:xenconsoled_exec_t,s0)
-/usr/sbin/xend		--	gen_context(system_u:object_r:xend_exec_t,s0)
-/usr/sbin/xenstored	--	gen_context(system_u:object_r:xenstored_exec_t,s0)
-/usr/sbin/xm		--	gen_context(system_u:object_r:xm_exec_t,s0)
-')
-
-/var/lib/xen(/.*)?		gen_context(system_u:object_r:xend_var_lib_t,s0)
-/var/lib/xen/images(/.*)?	gen_context(system_u:object_r:xen_image_t,s0)
-/var/lib/xend(/.*)?		gen_context(system_u:object_r:xend_var_lib_t,s0)
-/var/lib/xenstored(/.*)?	gen_context(system_u:object_r:xenstored_var_lib_t,s0)
-
-/var/log/evtchnd\.log	--	gen_context(system_u:object_r:evtchnd_var_log_t,s0)
-/var/log/xen(/.*)?		gen_context(system_u:object_r:xend_var_log_t,s0)
-/var/log/xen-hotplug\.log --	gen_context(system_u:object_r:xend_var_log_t,s0)
-/var/log/xend\.log	--	gen_context(system_u:object_r:xend_var_log_t,s0)
-/var/log/xend-debug\.log --	gen_context(system_u:object_r:xend_var_log_t,s0)
-
-/var/run/evtchnd	-s	gen_context(system_u:object_r:evtchnd_var_run_t,s0)
-/var/run/evtchnd\.pid	--	gen_context(system_u:object_r:evtchnd_var_run_t,s0)
-/var/run/xenconsoled\.pid --	gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
-/var/run/xend(/.*)?		gen_context(system_u:object_r:xend_var_run_t,s0)
-/var/run/xend\.pid	--	gen_context(system_u:object_r:xend_var_run_t,s0)
-/var/run/xenner(/.*)?		gen_context(system_u:object_r:xend_var_run_t,s0)
-/var/run/xenstore\.pid	--	gen_context(system_u:object_r:xenstored_var_run_t,s0)
-/var/run/xenstored(/.*)?	gen_context(system_u:object_r:xenstored_var_run_t,s0)
-
-/xen(/.*)?			gen_context(system_u:object_r:xen_image_t,s0)
diff --git a/policy/modules/system/xen.if b/policy/modules/system/xen.if
deleted file mode 100644
index 4aa96c6..0000000
--- a/policy/modules/system/xen.if
+++ /dev/null
@@ -1,259 +0,0 @@
-## <summary>Xen hypervisor</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run xend.
-## </summary>
-## <param name="domain">
-## 	<summary>
-##	Domain allowed to transition.
-## 	</summary>
-## </param>
-#
-interface(`xen_domtrans',`
-	gen_require(`
-		type xend_t, xend_exec_t;
-	')
-
-	domtrans_pattern($1, xend_exec_t, xend_t)
-')
-
-########################################
-## <summary>
-##	Inherit and use xen file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xen_use_fds',`
-	gen_require(`
-		type xend_t;
-	')
-
-	allow $1 xend_t:fd use;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to inherit
-##	xen file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`xen_dontaudit_use_fds',`
-	gen_require(`
-		type xend_t;
-	')
-
-	dontaudit $1 xend_t:fd use;
-')
-
-########################################
-## <summary>
-##	Read xend image files.
-## </summary>
-## <param name="domain">
-## 	<summary>
-##	Domain allowed access.
-## 	</summary>
-## </param>
-#
-interface(`xen_read_image_files',`
-	gen_require(`
-		type xen_image_t, xend_var_lib_t;
-	')
-
-	files_list_var_lib($1)
-
-	list_dirs_pattern($1, xend_var_lib_t, xend_var_lib_t)
-	read_files_pattern($1, { xend_var_lib_t xen_image_t }, xen_image_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read/write
-##	xend image files.
-## </summary>
-## <param name="domain">
-## 	<summary>
-##	Domain allowed access.
-## 	</summary>
-## </param>
-#
-interface(`xen_manage_image_dirs',`
-	gen_require(`
-		type xend_var_lib_t;
-	')
-
-	files_list_var_lib($1)
-	manage_dirs_pattern($1, xend_var_lib_t, xend_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read/write
-##	xend image files.
-## </summary>
-## <param name="domain">
-## 	<summary>
-##	Domain allowed to transition.
-## 	</summary>
-## </param>
-#
-interface(`xen_rw_image_files',`
-	gen_require(`
-		type xen_image_t, xend_var_lib_t;
-	')
-
-	files_list_var_lib($1)
-	allow $1 xend_var_lib_t:dir search_dir_perms;
-	rw_files_pattern($1, xen_image_t, xen_image_t)
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to append
-##	xend log files.
-## </summary>
-## <param name="domain">
-## 	<summary>
-##	Domain allowed access.
-## 	</summary>
-## </param>
-#
-interface(`xen_append_log',`
-	gen_require(`
-		type xend_var_log_t;
-	')
-
-	logging_search_logs($1)
-	append_files_pattern($1, xend_var_log_t, xend_var_log_t)
-	dontaudit $1 xend_var_log_t:file write;
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete the
-##	xend log files.
-## </summary>
-## <param name="domain">
-## 	<summary>
-##	Domain allowed access.
-## 	</summary>
-## </param>
-#
-interface(`xen_manage_log',`
-	gen_require(`
-		type xend_var_log_t;
-	')
-
-	logging_search_logs($1)
-	manage_dirs_pattern($1, xend_var_log_t, xend_var_log_t)
-	manage_files_pattern($1, xend_var_log_t, xend_var_log_t)
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to read and write
-##	Xen unix domain stream sockets.  These
-##	are leaked file descriptors.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`xen_dontaudit_rw_unix_stream_sockets',`
-	gen_require(`
-		type xend_t;
-	')
-
-	dontaudit $1 xend_t:unix_stream_socket { read write };
-')
-
-########################################
-## <summary>
-##	Connect to xenstored over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xen_stream_connect_xenstore',`
-	gen_require(`
-		type xenstored_t, xenstored_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, xenstored_var_run_t, xenstored_var_run_t, xenstored_t)
-')
-
-########################################
-## <summary>
-##	Connect to xend over an unix domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xen_stream_connect',`
-	gen_require(`
-		type xend_t, xend_var_run_t, xend_var_lib_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, xend_var_run_t, xend_var_run_t, xend_t)
-
-	files_search_var_lib($1)
-	stream_connect_pattern($1, xend_var_lib_t, xend_var_lib_t, xend_t)
-')
-
-########################################
-## <summary>
-##	Execute a domain transition to run xm.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`xen_domtrans_xm',`
-	gen_require(`
-		type xm_t, xm_exec_t;
-		attribute virsh_transition_domain;
-	')
-	typeattribute $1 virsh_transition_domain;
-	domtrans_pattern($1, xm_exec_t, xm_t)
-')
-
-########################################
-## <summary>
-##	Connect to xm over an unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`xen_stream_connect_xm',`
-	gen_require(`
-		type xm_t, xenstored_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, xenstored_var_run_t, xenstored_var_run_t, xm_t)
-')
diff --git a/policy/modules/system/xen.te b/policy/modules/system/xen.te
deleted file mode 100644
index 600d43f..0000000
--- a/policy/modules/system/xen.te
+++ /dev/null
@@ -1,386 +0,0 @@
-policy_module(xen, 1.10.0)
-
-########################################
-#
-# Declarations
-#
-attribute xm_transition_domain;
-
-## <desc>
-## <p>
-## Allow xen to manage nfs files
-## </p>
-## </desc>
-gen_tunable(xen_use_nfs, false)
-
-type evtchnd_t;
-type evtchnd_exec_t;
-init_daemon_domain(evtchnd_t, evtchnd_exec_t)
-
-# log files
-type evtchnd_var_log_t;
-logging_log_file(evtchnd_var_log_t)
-
-# pid files
-type evtchnd_var_run_t;
-files_pid_file(evtchnd_var_run_t)
-
-# console ptys
-type xen_devpts_t;
-term_pty(xen_devpts_t)
-files_type(xen_devpts_t)
-
-# Xen Image files
-type xen_image_t; # customizable
-files_type(xen_image_t)
-# xen_image_t can be assigned to blk devices
-dev_node(xen_image_t)
-virt_image(xen_image_t)
-
-type xenctl_t;
-files_type(xenctl_t)
-
-type xend_t;
-type xend_exec_t;
-domain_type(xend_t)
-init_daemon_domain(xend_t, xend_exec_t)
-
-# tmp files
-type xend_tmp_t;
-files_tmp_file(xend_tmp_t)
-
-# var/lib files
-type xend_var_lib_t;
-files_type(xend_var_lib_t)
-# for mounting an NFS store
-files_mountpoint(xend_var_lib_t)
-
-# log files
-type xend_var_log_t;
-logging_log_file(xend_var_log_t)
-
-# pid files
-type xend_var_run_t;
-files_pid_file(xend_var_run_t)
-files_mountpoint(xend_var_run_t)
-
-type xenstored_t;
-type xenstored_exec_t;
-init_daemon_domain(xenstored_t, xenstored_exec_t)
-
-type xenstored_tmp_t;
-files_tmp_file(xenstored_tmp_t)
-
-# var/lib files
-type xenstored_var_lib_t;
-files_type(xenstored_var_lib_t)
-
-# log files
-type xenstored_var_log_t;
-logging_log_file(xenstored_var_log_t)
-
-# pid files
-type xenstored_var_run_t;
-files_pid_file(xenstored_var_run_t)
-
-type xenconsoled_t;
-type xenconsoled_exec_t;
-init_daemon_domain(xenconsoled_t, xenconsoled_exec_t)
-
-# pid files
-type xenconsoled_var_run_t;
-files_pid_file(xenconsoled_var_run_t)
-
-#######################################
-#
-# evtchnd local policy
-#
-
-manage_dirs_pattern(evtchnd_t, evtchnd_var_log_t, evtchnd_var_log_t)
-manage_files_pattern(evtchnd_t, evtchnd_var_log_t, evtchnd_var_log_t)
-logging_log_filetrans(evtchnd_t, evtchnd_var_log_t, { file dir })
-
-manage_dirs_pattern(evtchnd_t, evtchnd_var_run_t, evtchnd_var_run_t)
-manage_files_pattern(evtchnd_t, evtchnd_var_run_t, evtchnd_var_run_t)
-manage_sock_files_pattern(evtchnd_t, evtchnd_var_run_t, evtchnd_var_run_t)
-files_pid_filetrans(evtchnd_t, evtchnd_var_run_t, { file sock_file dir })
-
-########################################
-#
-# xend local policy
-#
-
-allow xend_t self:capability { mknod dac_override ipc_lock net_admin setuid sys_admin sys_nice sys_ptrace sys_tty_config net_raw };
-dontaudit xend_t self:capability { sys_ptrace };
-allow xend_t self:process { signal sigkill };
-dontaudit xend_t self:process ptrace;
-# internal communication is often done using fifo and unix sockets.
-allow xend_t self:fifo_file rw_fifo_file_perms;
-allow xend_t self:unix_stream_socket create_stream_socket_perms;
-allow xend_t self:unix_dgram_socket create_socket_perms;
-allow xend_t self:netlink_route_socket r_netlink_socket_perms;
-allow xend_t self:tcp_socket create_stream_socket_perms;
-allow xend_t self:packet_socket create_socket_perms;
-
-allow xend_t xen_image_t:dir list_dir_perms;
-manage_dirs_pattern(xend_t, xen_image_t, xen_image_t)
-manage_files_pattern(xend_t, xen_image_t, xen_image_t)
-read_lnk_files_pattern(xend_t, xen_image_t, xen_image_t)
-rw_blk_files_pattern(xend_t, xen_image_t, xen_image_t)
-
-allow xend_t xenctl_t:fifo_file manage_fifo_file_perms;
-dev_filetrans(xend_t, xenctl_t, fifo_file)
-
-manage_files_pattern(xend_t, xend_tmp_t, xend_tmp_t)
-manage_dirs_pattern(xend_t, xend_tmp_t, xend_tmp_t)
-files_tmp_filetrans(xend_t, xend_tmp_t, { file dir })
-
-# pid file
-manage_dirs_pattern(xend_t, xend_var_run_t, xend_var_run_t)
-manage_files_pattern(xend_t, xend_var_run_t, xend_var_run_t)
-manage_sock_files_pattern(xend_t, xend_var_run_t, xend_var_run_t)
-manage_fifo_files_pattern(xend_t, xend_var_run_t, xend_var_run_t)
-files_pid_filetrans(xend_t, xend_var_run_t, { file sock_file fifo_file dir })
-
-# log files
-manage_dirs_pattern(xend_t, xend_var_log_t, xend_var_log_t)
-manage_files_pattern(xend_t, xend_var_log_t, xend_var_log_t)
-manage_sock_files_pattern(xend_t, xend_var_log_t, xend_var_log_t)
-logging_log_filetrans(xend_t, xend_var_log_t, { sock_file file dir })
-
-# var/lib files for xend
-manage_dirs_pattern(xend_t, xend_var_lib_t, xend_var_lib_t)
-manage_files_pattern(xend_t, xend_var_lib_t, xend_var_lib_t)
-manage_sock_files_pattern(xend_t, xend_var_lib_t, xend_var_lib_t)
-manage_fifo_files_pattern(xend_t, xend_var_lib_t, xend_var_lib_t)
-files_var_lib_filetrans(xend_t, xend_var_lib_t, { file dir })
-
-# transition to store
-domtrans_pattern(xend_t, xenstored_exec_t, xenstored_t)
-
-# transition to console
-domtrans_pattern(xend_t, xenconsoled_exec_t, xenconsoled_t)
-
-kernel_read_kernel_sysctls(xend_t)
-kernel_read_system_state(xend_t)
-kernel_write_xen_state(xend_t)
-kernel_read_xen_state(xend_t)
-kernel_rw_net_sysctls(xend_t)
-kernel_read_network_state(xend_t)
-
-corecmd_exec_bin(xend_t)
-corecmd_exec_shell(xend_t)
-
-corenet_all_recvfrom_unlabeled(xend_t)
-corenet_all_recvfrom_netlabel(xend_t)
-corenet_tcp_sendrecv_generic_if(xend_t)
-corenet_tcp_sendrecv_generic_node(xend_t)
-corenet_tcp_sendrecv_all_ports(xend_t)
-corenet_tcp_bind_generic_node(xend_t)
-corenet_tcp_bind_xen_port(xend_t)
-corenet_tcp_bind_soundd_port(xend_t)
-corenet_tcp_bind_generic_port(xend_t)
-corenet_tcp_bind_vnc_port(xend_t)
-corenet_tcp_connect_xserver_port(xend_t)
-corenet_tcp_connect_xen_port(xend_t)
-corenet_sendrecv_xserver_client_packets(xend_t)
-corenet_sendrecv_xen_server_packets(xend_t)
-corenet_sendrecv_xen_client_packets(xend_t)
-corenet_sendrecv_soundd_server_packets(xend_t)
-corenet_rw_tun_tap_dev(xend_t)
-
-dev_read_urand(xend_t)
-dev_manage_xen(xend_t)
-dev_filetrans_xen(xend_t)
-dev_rw_sysfs(xend_t)
-dev_rw_xen(xend_t)
-
-domain_read_all_domains_state(xend_t)
-domain_dontaudit_read_all_domains_state(xend_t)
-domain_dontaudit_ptrace_all_domains(xend_t)
-
-files_read_etc_files(xend_t)
-files_read_kernel_symbol_table(xend_t)
-files_read_kernel_img(xend_t)
-files_manage_etc_runtime_files(xend_t)
-files_etc_filetrans_etc_runtime(xend_t, file)
-files_read_usr_files(xend_t)
-files_read_default_symlinks(xend_t)
-
-storage_raw_read_fixed_disk(xend_t)
-storage_raw_write_fixed_disk(xend_t)
-storage_raw_read_removable_device(xend_t)
-
-term_getattr_all_ptys(xend_t)
-term_use_generic_ptys(xend_t)
-term_use_ptmx(xend_t)
-term_getattr_pty_fs(xend_t)
-
-init_stream_connect_script(xend_t)
-
-locallogin_dontaudit_use_fds(xend_t)
-
-logging_send_syslog_msg(xend_t)
-
-lvm_domtrans(xend_t)
-
-miscfiles_read_localization(xend_t)
-miscfiles_read_hwdata(xend_t)
-
-mount_domtrans(xend_t)
-
-sysnet_domtrans_dhcpc(xend_t)
-sysnet_signal_dhcpc(xend_t)
-sysnet_domtrans_ifconfig(xend_t)
-sysnet_dns_name_resolve(xend_t)
-sysnet_delete_dhcpc_pid(xend_t)
-sysnet_read_dhcpc_pid(xend_t)
-sysnet_rw_dhcp_config(xend_t)
-
-userdom_dontaudit_search_user_home_dirs(xend_t)
-
-xen_stream_connect_xenstore(xend_t)
-
-netutils_domtrans(xend_t)
-
-virt_read_config(xend_t)
-
-optional_policy(`
-	brctl_domtrans(xend_t)
-')
-
-optional_policy(`
-	consoletype_exec(xend_t)
-')
-
-########################################
-#
-# Xen console local policy
-#
-
-allow xenconsoled_t self:capability { dac_override fsetid ipc_lock };
-allow xenconsoled_t self:process setrlimit;
-allow xenconsoled_t self:unix_stream_socket create_stream_socket_perms;
-allow xenconsoled_t self:fifo_file rw_fifo_file_perms;
-
-allow xenconsoled_t xen_devpts_t:chr_file rw_term_perms;
-
-# pid file
-manage_files_pattern(xenconsoled_t, xenconsoled_var_run_t, xenconsoled_var_run_t)
-manage_sock_files_pattern(xenconsoled_t, xenconsoled_var_run_t, xenconsoled_var_run_t)
-files_pid_filetrans(xenconsoled_t, xenconsoled_var_run_t, { file sock_file })
-
-kernel_read_kernel_sysctls(xenconsoled_t)
-kernel_write_xen_state(xenconsoled_t)
-kernel_read_xen_state(xenconsoled_t)
-
-dev_manage_xen(xenconsoled_t)
-dev_filetrans_xen(xenconsoled_t)
-dev_rw_sysfs(xenconsoled_t)
-
-domain_dontaudit_ptrace_all_domains(xenconsoled_t)
-
-files_read_etc_files(xenconsoled_t)
-files_read_usr_files(xenconsoled_t)
-
-fs_list_tmpfs(xenconsoled_t)
-fs_manage_xenfs_dirs(xenconsoled_t)
-fs_manage_xenfs_files(xenconsoled_t)
-
-term_create_pty(xenconsoled_t, xen_devpts_t)
-term_use_generic_ptys(xenconsoled_t)
-term_use_console(xenconsoled_t)
-
-init_use_fds(xenconsoled_t)
-init_use_script_ptys(xenconsoled_t)
-
-miscfiles_read_localization(xenconsoled_t)
-
-xen_manage_log(xenconsoled_t)
-xen_stream_connect_xenstore(xenconsoled_t)
-
-optional_policy(`
-	ptchown_domtrans(xenconsoled_t)
-')
-
-########################################
-#
-# Xen store local policy
-#
-
-allow xenstored_t self:capability { dac_override mknod ipc_lock sys_resource };
-allow xenstored_t self:unix_stream_socket create_stream_socket_perms;
-allow xenstored_t self:unix_dgram_socket create_socket_perms;
-
-manage_files_pattern(xenstored_t, xenstored_tmp_t, xenstored_tmp_t)
-manage_dirs_pattern(xenstored_t, xenstored_tmp_t, xenstored_tmp_t)
-files_tmp_filetrans(xenstored_t, xenstored_tmp_t, { file dir })
-
-# pid file
-manage_dirs_pattern(xenstored_t, xenstored_var_run_t, xenstored_var_run_t)
-manage_files_pattern(xenstored_t, xenstored_var_run_t, xenstored_var_run_t)
-manage_sock_files_pattern(xenstored_t, xenstored_var_run_t, xenstored_var_run_t)
-files_pid_filetrans(xenstored_t, xenstored_var_run_t, { file sock_file dir })
-
-# log files
-manage_dirs_pattern(xenstored_t, xenstored_var_log_t, xenstored_var_log_t)
-manage_files_pattern(xenstored_t, xenstored_var_log_t, xenstored_var_log_t)
-manage_sock_files_pattern(xenstored_t, xenstored_var_log_t, xenstored_var_log_t)
-logging_log_filetrans(xenstored_t, xenstored_var_log_t, { sock_file file dir })
-
-# var/lib files for xenstored
-manage_dirs_pattern(xenstored_t, xenstored_var_lib_t, xenstored_var_lib_t)
-manage_files_pattern(xenstored_t, xenstored_var_lib_t, xenstored_var_lib_t)
-manage_sock_files_pattern(xenstored_t, xenstored_var_lib_t, xenstored_var_lib_t)
-files_var_lib_filetrans(xenstored_t, xenstored_var_lib_t, { file dir sock_file })
-
-stream_connect_pattern(xenstored_t, evtchnd_var_run_t, evtchnd_var_run_t, evtchnd_t)
-
-kernel_write_xen_state(xenstored_t)
-kernel_read_xen_state(xenstored_t)
-
-dev_create_generic_dirs(xenstored_t)
-dev_manage_xen(xenstored_t)
-dev_filetrans_xen(xenstored_t)
-dev_rw_xen(xenstored_t)
-dev_read_sysfs(xenstored_t)
-
-files_read_usr_files(xenstored_t)
-
-fs_search_xenfs(xenstored_t)
-fs_manage_xenfs_files(xenstored_t)
-
-storage_raw_read_fixed_disk(xenstored_t)
-storage_raw_write_fixed_disk(xenstored_t)
-storage_raw_read_removable_device(xenstored_t)
-
-term_use_generic_ptys(xenstored_t)
-term_use_console(xenconsoled_t)
-
-init_use_fds(xenstored_t)
-init_use_script_ptys(xenstored_t)
-
-logging_send_syslog_msg(xenstored_t)
-
-miscfiles_read_localization(xenstored_t)
-
-xen_append_log(xenstored_t)
-
-########################################
-#
-# SSH component local policy
-#
-optional_policy(`
-	#Should have a boolean wrapping these
-	fs_list_auto_mountpoints(xend_t)
-	files_search_mnt(xend_t)
-	fs_getattr_all_fs(xend_t)
-	fs_read_dos_files(xend_t)
-	fs_manage_xenfs_dirs(xend_t)
-	fs_manage_xenfs_files(xend_t)
-
-	tunable_policy(`xen_use_nfs',`
-		fs_manage_nfs_files(xend_t)
-		fs_read_nfs_symlinks(xend_t)
-	')
-')
diff --git a/policy/policy_capabilities b/policy/policy_capabilities
deleted file mode 100644
index db3cbca..0000000
--- a/policy/policy_capabilities
+++ /dev/null
@@ -1,33 +0,0 @@
-#
-# This file contains the policy capabilites
-# that are enabled in this policy, not a
-# declaration of DAC capabilites such as
-# dac_override.
-#
-# The affected object classes and their
-# permissions should also be listed in
-# the comments for each capability.
-#
-
-# Enable additional networking access control for
-# labeled networking peers.
-#
-# Checks enabled:
-# node: sendto recvfrom
-# netif: ingress egress
-# peer: recv
-#
-policycap network_peer_controls;
-
-# Enable additional access controls for opening
-# a file (and similar objects).
-#
-# Checks enabled:
-# dir: open
-# file: open
-# fifo_file: open
-# sock_file: open
-# chr_file: open
-# blk_file: open
-#
-policycap open_perms;
diff --git a/policy/rolemap b/policy/rolemap
deleted file mode 100644
index c1de37e..0000000
--- a/policy/rolemap
+++ /dev/null
@@ -1,13 +0,0 @@
-#
-# This file contains the mappings
-# used for per-role template
-# infrastructure.  Each line describes
-# the prefix and user domain type
-# corresponding to each role.
-#
-# syntax: role prefix user_domain
-#
-
-# This support has been deprecated and
-# will be removed in the future.  Note:  No
-# per-role templates exist in refpolicy.
diff --git a/policy/support/file_patterns.spt b/policy/support/file_patterns.spt
deleted file mode 100644
index 4719351..0000000
--- a/policy/support/file_patterns.spt
+++ /dev/null
@@ -1,553 +0,0 @@
-#
-# Directory patterns (dir)
-#
-# Parameters:
-# 1. domain type
-# 2. container (directory) type
-# 3. directory type
-#
-define(`getattr_dirs_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:dir getattr_dir_perms;
-')
-
-define(`setattr_dirs_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:dir setattr_dir_perms;
-')
-
-define(`search_dirs_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:dir search_dir_perms;
-')
-
-define(`list_dirs_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:dir list_dir_perms;
-')
-
-define(`add_entry_dirs_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:dir add_entry_dir_perms;
-')
-
-define(`del_entry_dirs_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:dir del_entry_dir_perms;
-')
-
-define(`rw_dirs_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:dir { add_entry_dir_perms del_entry_dir_perms };
-')
-
-define(`create_dirs_pattern',`
-	allow $1 $2:dir add_entry_dir_perms;
-	allow $1 $3:dir create_dir_perms;
-')
-
-define(`delete_dirs_pattern',`
-	allow $1 $2:dir del_entry_dir_perms;
-	allow $1 $3:dir delete_dir_perms;
-')
-
-define(`rename_dirs_pattern',`
-	allow $1 $2:dir rw_dir_perms;
-	allow $1 $3:dir rename_dir_perms;
-')
-
-define(`manage_dirs_pattern',`
-	allow $1 $2:dir rw_dir_perms;
-	allow $1 $3:dir manage_dir_perms;
-')
-
-define(`relabelfrom_dirs_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:dir relabelfrom_dir_perms;
-')
-
-define(`relabelto_dirs_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:dir relabelto_dir_perms;
-')
-
-define(`relabel_dirs_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:dir relabel_dir_perms;
-')
-
-#
-# Regular file patterns (file)
-#
-# Parameters:
-# 1. domain type
-# 2. container (directory) type
-# 3. file type
-#
-define(`getattr_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:file getattr_file_perms;
-')
-
-define(`setattr_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:file setattr_file_perms;
-')
-
-define(`read_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:file read_file_perms;
-')
-
-define(`mmap_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:file mmap_file_perms;
-')
-
-define(`exec_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:file exec_file_perms;
-')
-
-define(`append_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:file append_file_perms;
-')
-
-define(`write_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:file write_file_perms;
-')
-
-define(`rw_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:file rw_file_perms;
-')
-
-define(`create_files_pattern',`
-	allow $1 $2:dir add_entry_dir_perms;
-	allow $1 $3:file create_file_perms;
-')
-
-define(`delete_files_pattern',`
-	allow $1 $2:dir del_entry_dir_perms;
-	allow $1 $3:file delete_file_perms;
-')
-
-define(`rename_files_pattern',`
-	allow $1 $2:dir rw_dir_perms;
-	allow $1 $3:file rename_file_perms;
-')
-
-define(`manage_files_pattern',`
-	allow $1 $2:dir rw_dir_perms;
-	allow $1 $3:file manage_file_perms;
-')
-
-define(`relabelfrom_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:file relabelfrom_file_perms;
-')
-
-define(`relabelto_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:file relabelto_file_perms;
-')
-
-define(`relabel_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:file relabel_file_perms;
-')
-
-#
-# Symbolic link patterns (lnk_file)
-#
-# Parameters:
-# 1. domain type
-# 2. container (directory) type
-# 3. file type
-#
-define(`getattr_lnk_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:lnk_file getattr_lnk_file_perms;
-')
-
-define(`setattr_lnk_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:lnk_file setattr_lnk_file_perms;
-')
-
-define(`read_lnk_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:lnk_file read_lnk_file_perms;
-')
-
-define(`append_lnk_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:lnk_file append_lnk_file_perms;
-')
-
-define(`write_lnk_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:lnk_file write_lnk_file_perms;
-')
-
-define(`rw_lnk_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:lnk_file rw_lnk_file_perms;
-')
-
-define(`create_lnk_files_pattern',`
-	allow $1 $2:dir add_entry_dir_perms;
-	allow $1 $3:lnk_file create_lnk_file_perms;
-')
-
-define(`delete_lnk_files_pattern',`
-	allow $1 $2:dir del_entry_dir_perms;
-	allow $1 $3:lnk_file delete_lnk_file_perms;
-')
-
-define(`rename_lnk_files_pattern',`
-	allow $1 $2:dir rw_dir_perms;
-	allow $1 $3:lnk_file rename_lnk_file_perms;
-')
-
-define(`manage_lnk_files_pattern',`
-	allow $1 $2:dir rw_dir_perms;
-	allow $1 $3:lnk_file manage_lnk_file_perms;
-')
-
-define(`relabelfrom_lnk_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:lnk_file relabelfrom_lnk_file_perms;
-')
-
-define(`relabelto_lnk_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:lnk_file relabelto_lnk_file_perms;
-')
-
-define(`relabel_lnk_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:lnk_file relabel_lnk_file_perms;
-')
-
-#
-# (Un)named Pipes/FIFO patterns (fifo_file)
-#
-# Parameters:
-# 1. domain type
-# 2. container (directory) type
-# 3. file type
-#
-define(`getattr_fifo_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:fifo_file getattr_fifo_file_perms;
-')
-
-define(`setattr_fifo_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:fifo_file setattr_fifo_file_perms;
-')
-
-define(`read_fifo_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:fifo_file read_fifo_file_perms;
-')
-
-define(`append_fifo_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:fifo_file append_fifo_file_perms;
-')
-
-define(`write_fifo_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:fifo_file write_fifo_file_perms;
-')
-
-define(`rw_fifo_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:fifo_file rw_fifo_file_perms;
-')
-
-define(`create_fifo_files_pattern',`
-	allow $1 $2:dir add_entry_dir_perms;
-	allow $1 $3:fifo_file create_fifo_file_perms;
-')
-
-define(`delete_fifo_files_pattern',`
-	allow $1 $2:dir del_entry_dir_perms;
-	allow $1 $3:fifo_file delete_fifo_file_perms;
-')
-
-define(`rename_fifo_files_pattern',`
-	allow $1 $2:dir rw_dir_perms;
-	allow $1 $3:fifo_file rename_fifo_file_perms;
-')
-
-define(`manage_fifo_files_pattern',`
-	allow $1 $2:dir rw_dir_perms;
-	allow $1 $3:fifo_file manage_fifo_file_perms;
-')
-
-define(`relabelfrom_fifo_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:fifo_file relabelfrom_fifo_file_perms;
-')
-
-define(`relabelto_fifo_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:fifo_file relabelto_fifo_file_perms;
-')
-
-define(`relabel_fifo_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:fifo_file relabel_fifo_file_perms;
-')
-
-#
-# (Un)named sockets patterns (sock_file)
-#
-# Parameters:
-# 1. domain type
-# 2. container (directory) type
-# 3. file type
-#
-define(`getattr_sock_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:sock_file getattr_sock_file_perms;
-')
-
-define(`setattr_sock_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:sock_file setattr_sock_file_perms;
-')
-
-define(`read_sock_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:sock_file read_sock_file_perms;
-')
-
-define(`write_sock_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:sock_file write_sock_file_perms;
-')
-
-define(`rw_sock_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:sock_file rw_sock_file_perms;
-')
-
-define(`create_sock_files_pattern',`
-	allow $1 $2:dir add_entry_dir_perms;
-	allow $1 $3:sock_file create_sock_file_perms;
-')
-
-define(`delete_sock_files_pattern',`
-	allow $1 $2:dir del_entry_dir_perms;
-	allow $1 $3:sock_file delete_sock_file_perms;
-')
-
-define(`rename_sock_files_pattern',`
-	allow $1 $2:dir rw_dir_perms;
-	allow $1 $3:sock_file rename_sock_file_perms;
-')
-
-define(`manage_sock_files_pattern',`
-	allow $1 $2:dir rw_dir_perms;
-	allow $1 $3:sock_file manage_sock_file_perms;
-')
-
-define(`relabelfrom_sock_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:sock_file relabelfrom_sock_file_perms;
-')
-
-define(`relabelto_sock_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:sock_file relabelto_sock_file_perms;
-')
-
-define(`relabel_sock_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:sock_file relabel_sock_file_perms;
-')
-
-#
-# Block device node patterns (blk_file)
-#
-# Parameters:
-# 1. domain type
-# 2. container (directory) type
-# 3. file type
-#
-define(`getattr_blk_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:blk_file getattr_blk_file_perms;
-')
-
-define(`setattr_blk_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:blk_file setattr_blk_file_perms;
-')
-
-define(`read_blk_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:blk_file read_blk_file_perms;
-')
-
-define(`append_blk_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:blk_file append_blk_file_perms;
-')
-
-define(`write_blk_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:blk_file write_blk_file_perms;
-')
-
-define(`rw_blk_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:blk_file rw_blk_file_perms;
-')
-
-define(`create_blk_files_pattern',`
-	allow $1 self:capability mknod;
-	allow $1 $2:dir add_entry_dir_perms;
-	allow $1 $3:blk_file create_blk_file_perms;
-')
-
-define(`delete_blk_files_pattern',`
-	allow $1 $2:dir del_entry_dir_perms;
-	allow $1 $3:blk_file delete_blk_file_perms;
-')
-
-define(`rename_blk_files_pattern',`
-	allow $1 $2:dir rw_dir_perms;
-	allow $1 $3:blk_file rename_blk_file_perms;
-')
-
-define(`manage_blk_files_pattern',`
-	allow $1 self:capability mknod;
-	allow $1 $2:dir rw_dir_perms;
-	allow $1 $3:blk_file manage_blk_file_perms;
-')
-
-define(`relabelfrom_blk_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:blk_file relabelfrom_blk_file_perms;
-')
-
-define(`relabelto_blk_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:blk_file relabelto_blk_file_perms;
-')
-
-define(`relabel_blk_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:blk_file relabel_blk_file_perms;
-')
-
-#
-# Character device node patterns (chr_file)
-#
-# Parameters:
-# 1. domain type
-# 2. container (directory) type
-# 3. file type
-#
-define(`getattr_chr_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:chr_file getattr_chr_file_perms;
-')
-
-define(`setattr_chr_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:chr_file setattr_chr_file_perms;
-')
-
-define(`read_chr_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:chr_file read_chr_file_perms;
-')
-
-define(`append_chr_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:chr_file append_chr_file_perms;
-')
-
-define(`write_chr_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:chr_file write_chr_file_perms;
-')
-
-define(`rw_chr_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:chr_file rw_chr_file_perms;
-')
-
-define(`create_chr_files_pattern',`
-	allow $1 self:capability mknod;
-	allow $1 $2:dir add_entry_dir_perms;
-	allow $1 $3:chr_file create_chr_file_perms;
-')
-
-define(`delete_chr_files_pattern',`
-	allow $1 $2:dir del_entry_dir_perms;
-	allow $1 $3:chr_file delete_chr_file_perms;
-')
-
-define(`rename_chr_files_pattern',`
-	allow $1 $2:dir rw_dir_perms;
-	allow $1 $3:chr_file rename_chr_file_perms;
-')
-
-define(`manage_chr_files_pattern',`
-	allow $1 self:capability mknod;
-	allow $1 $2:dir rw_dir_perms;
-	allow $1 $3:chr_file manage_chr_file_perms;
-')
-
-define(`relabelfrom_chr_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:chr_file relabelfrom_chr_file_perms;
-')
-
-define(`relabelto_chr_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:chr_file relabelto_chr_file_perms;
-')
-
-define(`relabel_chr_files_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:chr_file relabel_chr_file_perms;
-')
-
-#
-# File type_transition patterns
-#
-# pattern(domain,dirtype,newtype,class(es))
-#
-define(`filetrans_add_pattern',`
-	allow $1 $2:dir { list_dir_perms add_entry_dir_perms };
-	type_transition $1 $2:$4 $3;
-')
-
-define(`filetrans_pattern',`
-	allow $1 $2:dir rw_dir_perms;
-	type_transition $1 $2:$4 $3 $5;
-')
-
-define(`admin_pattern',`
-        manage_dirs_pattern($1,$2,$2)
-        manage_files_pattern($1,$2,$2)
-        manage_lnk_files_pattern($1,$2,$2)
-        manage_fifo_files_pattern($1,$2,$2)
-        manage_sock_files_pattern($1,$2,$2)
-
-        relabel_dirs_pattern($1,$2,$2)
-        relabel_files_pattern($1,$2,$2)
-        relabel_lnk_files_pattern($1,$2,$2)
-        relabel_fifo_files_pattern($1,$2,$2)
-        relabel_sock_files_pattern($1,$2,$2)
-')
diff --git a/policy/support/ipc_patterns.spt b/policy/support/ipc_patterns.spt
deleted file mode 100644
index 310f9ef..0000000
--- a/policy/support/ipc_patterns.spt
+++ /dev/null
@@ -1,14 +0,0 @@
-#
-# unix domain socket patterns
-#
-define(`stream_connect_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:sock_file write_sock_file_perms;
-	allow $1 $4:unix_stream_socket connectto;
-')
-
-define(`dgram_send_pattern',`
-	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:sock_file write_sock_file_perms;
-	allow $1 $4:unix_dgram_socket sendto;
-')
diff --git a/policy/support/loadable_module.spt b/policy/support/loadable_module.spt
deleted file mode 100644
index 1fe3ab3..0000000
--- a/policy/support/loadable_module.spt
+++ /dev/null
@@ -1,151 +0,0 @@
-########################################
-#
-# Macros for switching between source policy
-# and loadable policy module support
-#
-
-##############################
-#
-# For adding the module statement
-#
-define(`policy_module',`
-	ifndef(`self_contained_policy',`
-		module $1 $2;
-
-		require {
-			role system_r;
-			all_kernel_class_perms
-
-			ifdef(`enable_mcs',`
-				decl_sens(0,0)
-				decl_cats(0,decr(mcs_num_cats))
-			')
-
-			ifdef(`enable_mls',`
-				decl_sens(0,decr(mls_num_sens))
-				decl_cats(0,decr(mls_num_cats))
-			')
-		}
-	')
-')
-
-##############################
-#
-# For use in interfaces, to optionally insert a require block
-#
-define(`gen_require',`
-	ifdef(`self_contained_policy',`
-		ifdef(`__in_optional_policy',`
-			require {
-				$1
-			} # end require
-		')
-	',`
-		require {
-			$1
-		} # end require
-	')
-')
-
-# helper function, since m4 wont expand macros
-# if a line is a comment (#):
-define(`policy_m4_comment',`
-##### $2 depth: $1
-')dnl
-
-##############################
-#
-# In the future interfaces should be in loadable modules
-#
-# template(name,rules)
-#
-define(`template',` dnl
-	ifdef(`$1',`refpolicyerr(`duplicate definition of $1(). Original definition on '$1.) define(`__if_error')',`define(`$1',__line__)') dnl
-	`define(`$1',` dnl
-	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
-	policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar)) dnl
-	$2 dnl
-	popdef(`policy_call_depth') dnl
-	policy_m4_comment(policy_call_depth,end `$1'(dollarsstar)) dnl
-	'')
-')
-
-##############################
-#
-# In the future interfaces should be in loadable modules
-#
-# interface(name,rules)
-#
-define(`interface',` dnl
-	ifdef(`$1',`refpolicyerr(`duplicate definition of $1(). Original definition on '$1.) define(`__if_error')',`define(`$1',__line__)') dnl
-	`define(`$1',` dnl
-	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
-	policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar)) dnl
-	$2
-	popdef(`policy_call_depth') dnl
-	policy_m4_comment(policy_call_depth,end `$1'(dollarsstar)) dnl
-	'')
-')
-
-define(`policy_call_depth',0)
-
-##############################
-#
-# Optional policy handling
-#
-define(`optional_policy',`
-	ifelse(regexp(`$1',`\W'),`-1',`
-		refpolicywarn(`deprecated use of module name ($1) as first parameter of optional_policy() block.')
-		optional_policy(shift($*))
-	',`
-		optional {`'pushdef(`__in_optional_policy')
-			$1
-		ifelse(`$2',`',`',`} else {
-			$2
-		')}`'popdef(`__in_optional_policy')`'ifndef(`__in_optional_policy',` # end optional')
-	')
-')
-
-##############################
-#
-# Determine if we should use the default
-# tunable value as specified by the policy
-# or if the override value should be used
-#
-define(`dflt_or_overr',`ifdef(`$1',$1,$2)')
-
-##############################
-#
-# Extract booleans out of an expression.
-# This needs to be reworked so expressions
-# with parentheses can work.
-
-define(`declare_required_symbols',`
-ifelse(regexp($1, `\w'), -1, `', `dnl
-bool regexp($1, `\(\w+\)', `\1');
-declare_required_symbols(regexp($1, `\w+\(.*\)', `\1'))dnl
-') dnl
-')
-
-##############################
-#
-# Tunable declaration
-#
-define(`gen_tunable',`
-	bool $1 dflt_or_overr(`$1'_conf,$2);
-')
-
-##############################
-#
-# Tunable policy handling
-#
-define(`tunable_policy',`
-	gen_require(`
-		declare_required_symbols(`$1')
-	')
-	if (`$1') {
-		$2
-	ifelse(`$3',`',`',`} else {
-		$3
-	')}
-')
diff --git a/policy/support/misc_macros.spt b/policy/support/misc_macros.spt
deleted file mode 100644
index 4ca5688..0000000
--- a/policy/support/misc_macros.spt
+++ /dev/null
@@ -1,78 +0,0 @@
-
-########################################
-#
-# Helper macros
-#
-
-#
-# shiftn(num,list...)
-#
-# shift the list num times
-#
-define(`shiftn',`ifelse($1,0,`shift($*)',`shiftn(decr($1),shift(shift($*)))')')
-
-#
-# ifndef(expr,true_block,false_block)
-#
-# m4 does not have this.
-#
-define(`ifndef',`ifdef(`$1',`$3',`$2')')
-
-#
-# __endline__
-#
-# dummy macro to insert a newline.  used for 
-# errprint, so the close parentheses can be
-# indented correctly.
-#
-define(`__endline__',`
-')
-
-########################################
-#
-# refpolwarn(message)
-#
-# print a warning message
-#
-define(`refpolicywarn',`errprint(__file__:__line__: Warning: `$1'__endline__)')
-
-########################################
-#
-# refpolerr(message)
-#
-# print an error message.  does not
-# make anything fail.
-#
-define(`refpolicyerr',`errprint(__file__:__line__: Error: `$1'__endline__)')
-
-########################################
-#
-# gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_categories])
-#
-define(`gen_user',`dnl
-ifdef(`users_extra',`dnl
-ifelse(`$2',,,`user $1 prefix $2;')
-',`dnl
-user $1 roles { $3 }`'ifdef(`enable_mls', ` level $4 range $5')`'ifdef(`enable_mcs',` level s0 range s0`'ifelse(`$6',,,` - s0:$6')');
-')dnl
-')
-
-########################################
-#
-# gen_context(context,mls_sensitivity,[mcs_categories])
-#
-define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'ifdef(`enable_mcs',`:s0`'ifelse(`$3',,,`:$3')')')dnl
-
-########################################
-#
-# can_exec(domain,executable)
-#
-define(`can_exec',`allow $1 $2:file { mmap_file_perms ioctl lock execute_no_trans };')
-
-########################################
-#
-# gen_bool(name,default_value)
-#
-define(`gen_bool',`
-	bool $1 dflt_or_overr(`$1'_conf,$2);
-')
diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt
deleted file mode 100644
index df6b5de..0000000
--- a/policy/support/misc_patterns.spt
+++ /dev/null
@@ -1,68 +0,0 @@
-#
-# Specified domain transition patterns
-#
-define(`domain_transition_pattern',`
-	allow $1 $2:file { getattr open read execute };
-	allow $1 $3:process transition;
-	dontaudit $1 $3:process { noatsecure siginh rlimitinh };
-')
-
-# compatibility:
-define(`domain_trans',`domain_transition_pattern($*)')
-
-define(`spec_domtrans_pattern',`
-	allow $1 self:process setexec;
-	domain_transition_pattern($1,$2,$3)
-
-	allow $3 $1:fd use;
-	allow $3 $1:fifo_file rw_inherited_fifo_file_perms;
-	allow $3 $1:process sigchld;
-')
-
-#
-# Automatic domain transition patterns
-#
-define(`domain_auto_transition_pattern',`
-	domain_transition_pattern($1,$2,$3)
-	type_transition $1 $2:process $3;
-')
-
-# compatibility:
-define(`domain_auto_trans',`domain_auto_transition_pattern($*)')
-
-define(`domtrans_pattern',`
-	domain_auto_transition_pattern($1,$2,$3)
-
-	allow $3 $1:fd use;
-	allow $3 $1:fifo_file rw_inherited_fifo_file_perms;
-	allow $3 $1:process sigchld;
-
-	ifdef(`hide_broken_symptoms', `
-		dontaudit $3 $1:socket_class_set { read write };
-	')
-')
-
-#
-# Dynamic transition pattern
-#
-define(`dyntrans_pattern',`
-	allow $1 self:process setcurrent;
-	allow $1 $2:process dyntransition;
-	allow $2 $1:process sigchld;
-')
-
-#
-# Other process permissions
-#
-define(`send_audit_msgs_pattern',`
-	refpolicywarn(`$0($*) has been deprecated, please use logging_send_audit_msgs($1) instead.')
-	allow $1 self:capability audit_write;
-	allow $1 self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
-')
-
-define(`ps_process_pattern',`
-	allow $1 $2:dir list_dir_perms;
-	allow $1 $2:file read_file_perms;
-	allow $1 $2:lnk_file read_lnk_file_perms;
-	allow $1 $2:process getattr;
-')
diff --git a/policy/support/mls_mcs_macros.spt b/policy/support/mls_mcs_macros.spt
deleted file mode 100644
index 7593e20..0000000
--- a/policy/support/mls_mcs_macros.spt
+++ /dev/null
@@ -1,57 +0,0 @@
-########################################
-#
-# gen_cats(N)
-#
-# declares categores c0 to c(N-1)
-#
-define(`decl_cats',`dnl
-category c$1;
-ifelse(`$1',`$2',,`decl_cats(incr($1),$2)')dnl
-')
-
-define(`gen_cats',`decl_cats(0,decr($1))')
-
-########################################
-#
-# gen_sens(N)
-#
-# declares sensitivites s0 to s(N-1) with dominance
-# in increasing numeric order with s0 lowest, s(N-1) highest
-#
-define(`decl_sens',`dnl
-sensitivity s$1;
-ifelse(`$1',`$2',,`decl_sens(incr($1),$2)')dnl
-')
-
-define(`gen_dominance',`s$1 ifelse(`$1',`$2',,`gen_dominance(incr($1),$2)')')
-
-define(`gen_sens',`
-# Each sensitivity has a name and zero or more aliases.
-decl_sens(0,decr($1))
-
-# Define the ordering of the sensitivity levels (least to greatest)
-dominance { gen_dominance(0,decr($1)) }
-')
-
-########################################
-#
-# gen_levels(N,M)
-#
-# levels from s0 to (N-1) with categories c0 to (M-1)
-#
-define(`decl_levels',`dnl
-level s$1:c0.c$3;
-ifelse(`$1',`$2',,`decl_levels(incr($1),$2,$3)')dnl
-')
-
-define(`gen_levels',`decl_levels(0,decr($1),decr($2))')
-
-########################################
-#
-# Basic level names for system low and high
-#
-define(`mls_systemlow',`s0')
-define(`mls_systemhigh',`s`'decr(mls_num_sens):c0.c`'decr(mls_num_cats)')
-define(`mcs_systemlow',`s0')
-define(`mcs_systemhigh',`s0:c0.c`'decr(mcs_num_cats)')
-define(`mcs_allcats',`c0.c`'decr(mcs_num_cats)')
diff --git a/policy/support/obj_perm_sets.spt b/policy/support/obj_perm_sets.spt
deleted file mode 100644
index d9b0868..0000000
--- a/policy/support/obj_perm_sets.spt
+++ /dev/null
@@ -1,337 +0,0 @@
-########################################
-# 
-# Support macros for sets of object classes and permissions
-#
-# This file should only have object class and permission set macros - they
-# can only reference object classes and/or permissions.
-
-#
-# All directory and file classes
-#
-define(`dir_file_class_set', `{ dir file lnk_file sock_file fifo_file chr_file blk_file }')
-
-#
-# All non-directory file classes.
-#
-define(`file_class_set', `{ file lnk_file sock_file fifo_file chr_file blk_file }')
-
-#
-# Non-device file classes.
-#
-define(`notdevfile_class_set', `{ file lnk_file sock_file fifo_file }')
-
-#
-# Device file classes.
-#
-define(`devfile_class_set', `{ chr_file blk_file }')
-
-#
-# All socket classes.
-#
-define(`socket_class_set', `{ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket }')
-
-
-#
-# Datagram socket classes.
-# 
-define(`dgram_socket_class_set', `{ udp_socket unix_dgram_socket }')
-
-#
-# Stream socket classes.
-#
-define(`stream_socket_class_set', `{ tcp_socket unix_stream_socket }')
-
-#
-# Unprivileged socket classes (exclude rawip, netlink, packet).
-#
-define(`unpriv_socket_class_set', `{ tcp_socket udp_socket unix_stream_socket unix_dgram_socket }')
-
-########################################
-# 
-# Macros for sets of permissions
-#
-
-# 
-# Permissions for getting file attributes.
-#
-define(`stat_file_perms', `{ getattr } refpolicywarn(`$0 is deprecated please use getattr_file_perms instead.')')
-
-# 
-# Permissions for executing files.
-#
-define(`x_file_perms', `{ getattr open execute } refpolicywarn(`$0 is deprecated please use { getattr execute } instead.')')
-
-# 
-# Permissions for reading files and their attributes.
-#
-define(`r_file_perms', `{ open read getattr lock ioctl } refpolicywarn(`$0 is deprecated please use read_file_perms instead.')')
-
-# 
-# Permissions for reading and executing files.
-#
-define(`rx_file_perms', `{ open read getattr lock execute ioctl } refpolicywarn(`$0 is deprecated please use { mmap_file_perms ioctl lock } instead.')')
-
-# 
-# Permissions for reading and appending to files.
-#
-define(`ra_file_perms', `{ open ioctl read getattr lock append } refpolicywarn(`$0 is deprecated please use { read_file_perms append_file_perms } instead.')')
-
-#
-# Permissions for linking, unlinking and renaming files.
-# 
-define(`link_file_perms', `{ getattr link unlink rename } refpolicywarn(`$0 is deprecated please use { getattr link unlink rename } instead.')')
-
-#
-# Permissions for creating lnk_files.
-#
-define(`create_lnk_perms', `{ create read write getattr setattr link unlink rename } refpolicywarn(`$0 is deprecated please use manage_lnk_file_perms instead.')')
-
-# 
-# Permissions for reading directories and their attributes.
-#
-define(`r_dir_perms', `{ open read getattr lock search ioctl } refpolicywarn(`$0 is deprecated please use list_dir_perms instead.')')
-
-# 
-# Permissions for reading and adding names to directories.
-#
-define(`ra_dir_perms', `{ open read getattr lock search ioctl add_name write } refpolicywarn(`$0 is deprecated please use { list_dir_perms add_entry_dir_perms } instead.')')
-
-
-#
-# Permissions to mount and unmount file systems.
-#
-define(`mount_fs_perms', `{ mount remount unmount getattr }')
-
-#
-# Permissions for using sockets.
-# 
-define(`rw_socket_perms', `{ ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }')
-
-#
-# Permissions for creating and using sockets.
-# 
-define(`create_socket_perms', `{ create rw_socket_perms }')
-
-#
-# Permissions for using stream sockets.
-# 
-define(`rw_stream_socket_perms', `{ rw_socket_perms listen accept }')
-
-#
-# Permissions for creating and using stream sockets.
-# 
-define(`create_stream_socket_perms', `{ create_socket_perms listen accept }')
-
-#
-# Permissions for creating and using sockets.
-# 
-define(`connected_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
-
-#
-# Permissions for creating and using sockets.
-# 
-define(`connected_stream_socket_perms', `{ connected_socket_perms listen accept }')
-
-
-#
-# Permissions for creating and using netlink sockets.
-# 
-define(`create_netlink_socket_perms', `{ create_socket_perms nlmsg_read nlmsg_write }')
-
-#
-# Permissions for using netlink sockets for operations that modify state.
-# 
-define(`rw_netlink_socket_perms', `{ create_socket_perms nlmsg_read nlmsg_write }')
-
-#
-# Permissions for using netlink sockets for operations that observe state.
-# 
-define(`r_netlink_socket_perms', `{ create_socket_perms nlmsg_read }')
-
-#
-# Permissions for sending all signals.
-#
-define(`signal_perms', `{ sigchld sigkill sigstop signull signal }')
-
-#
-# Permissions for sending and receiving network packets.
-#
-define(`packet_perms', `{ tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send }')
-
-#
-# Permissions for using System V IPC
-#
-define(`r_sem_perms', `{ associate getattr read unix_read }')
-define(`rw_sem_perms', `{ associate getattr read write unix_read unix_write }')
-define(`create_sem_perms', `{ associate getattr setattr create destroy read write unix_read unix_write }')
-define(`r_msgq_perms', `{ associate getattr read unix_read }')
-define(`rw_msgq_perms', `{ associate getattr read write enqueue unix_read unix_write }')
-define(`create_msgq_perms', `{ associate getattr setattr create destroy read write enqueue unix_read unix_write }')
-define(`r_shm_perms', `{ associate getattr read unix_read }')
-define(`rw_shm_perms', `{ associate getattr read write lock unix_read unix_write }')
-define(`create_shm_perms', `{ associate getattr setattr create destroy read write lock unix_read unix_write }')
-
-########################################
-#
-# New permission sets
-#
-
-#
-# Directory (dir)
-#
-define(`getattr_dir_perms',`{ getattr }')
-define(`setattr_dir_perms',`{ setattr }')
-define(`search_dir_perms',`{ getattr search open }')
-define(`list_dir_perms',`{ getattr search open read lock ioctl }')
-define(`add_entry_dir_perms',`{ getattr search open lock ioctl write add_name }')
-define(`del_entry_dir_perms',`{ getattr search open lock ioctl write remove_name }')
-define(`rw_dir_perms', `{ open read getattr lock search ioctl add_name remove_name write }')
-define(`create_dir_perms',`{ getattr create }')
-define(`rename_dir_perms',`{ getattr rename }')
-define(`delete_dir_perms',`{ getattr rmdir }')
-define(`manage_dir_perms',`{ create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl }')
-define(`relabelfrom_dir_perms',`{ getattr relabelfrom }')
-define(`relabelto_dir_perms',`{ getattr relabelto }')
-define(`relabel_dir_perms',`{ getattr relabelfrom relabelto }')
-
-#
-# Regular file (file)
-#
-define(`getattr_file_perms',`{ getattr }')
-define(`setattr_file_perms',`{ setattr }')
-define(`read_inherited_file_perms',`{ getattr read ioctl lock }')
-define(`read_file_perms',`{ open read_inherited_file_perms }')
-define(`mmap_file_perms',`{ getattr open read execute ioctl }')
-define(`exec_file_perms',`{ getattr open read execute ioctl execute_no_trans }')
-define(`append_file_perms',`{ getattr open append lock ioctl }')
-define(`write_file_perms',`{ getattr open write append lock ioctl }')
-define(`rw_inherited_file_perms',`{ getattr read write append ioctl lock }')
-define(`rw_file_perms',`{ open rw_inherited_file_perms }')
-define(`create_file_perms',`{ getattr create open }')
-define(`rename_file_perms',`{ getattr rename }')
-define(`delete_file_perms',`{ getattr unlink }')
-define(`manage_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }')
-define(`relabelfrom_file_perms',`{ getattr relabelfrom }')
-define(`relabelto_file_perms',`{ getattr relabelto }')
-define(`relabel_file_perms',`{ getattr relabelfrom relabelto }')
-
-#
-# Symbolic link (lnk_file)
-#
-define(`getattr_lnk_file_perms',`{ getattr }')
-define(`setattr_lnk_file_perms',`{ setattr }')
-define(`read_lnk_file_perms',`{ getattr read }')
-define(`append_lnk_file_perms',`{ getattr append lock ioctl }')
-define(`write_lnk_file_perms',`{ getattr append write lock ioctl }')
-define(`rw_lnk_file_perms',`{ getattr read write lock ioctl }')
-define(`create_lnk_file_perms',`{ create getattr }')
-define(`rename_lnk_file_perms',`{ getattr rename }')
-define(`delete_lnk_file_perms',`{ getattr unlink }')
-define(`manage_lnk_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }')
-define(`relabelfrom_lnk_file_perms',`{ getattr relabelfrom }')
-define(`relabelto_lnk_file_perms',`{ getattr relabelto }')
-define(`relabel_lnk_file_perms',`{ getattr relabelfrom relabelto }')
-
-#
-# (Un)named Pipes/FIFOs (fifo_file)
-#
-define(`getattr_fifo_file_perms',`{ getattr }')
-define(`setattr_fifo_file_perms',`{ setattr }')
-define(`read_fifo_file_perms',`{ getattr open read lock ioctl }')
-define(`append_fifo_file_perms',`{ getattr open append lock ioctl }')
-define(`write_fifo_file_perms',`{ getattr open write append lock ioctl }')
-define(`rw_inherited_fifo_file_perms',`{ getattr read write append ioctl lock }')
-define(`rw_fifo_file_perms',`{ open rw_inherited_fifo_file_perms }')
-define(`create_fifo_file_perms',`{ getattr create open }')
-define(`rename_fifo_file_perms',`{ getattr rename }')
-define(`delete_fifo_file_perms',`{ getattr unlink }')
-define(`manage_fifo_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }')
-define(`relabelfrom_fifo_file_perms',`{ getattr relabelfrom }')
-define(`relabelto_fifo_file_perms',`{ getattr relabelto }')
-define(`relabel_fifo_file_perms',`{ getattr relabelfrom relabelto }')
-
-#
-# (Un)named Sockets (sock_file)
-#
-define(`getattr_sock_file_perms',`{ getattr }')
-define(`setattr_sock_file_perms',`{ setattr }')
-define(`read_sock_file_perms',`{ getattr open read }')
-define(`write_sock_file_perms',`{ getattr write open append }')
-define(`rw_inherited_sock_file_perms',`{ getattr read write append }')
-define(`rw_sock_file_perms',`{ open rw_inherited_sock_file_perms }')
-define(`create_sock_file_perms',`{ getattr create open }')
-define(`rename_sock_file_perms',`{ getattr rename }')
-define(`delete_sock_file_perms',`{ getattr unlink }')
-define(`manage_sock_file_perms',`{ create open getattr setattr read write rename link unlink ioctl lock append }')
-define(`relabelfrom_sock_file_perms',`{ getattr relabelfrom }')
-define(`relabelto_sock_file_perms',`{ getattr relabelto }')
-define(`relabel_sock_file_perms',`{ getattr relabelfrom relabelto }')
-
-#
-# Block device nodes (blk_file)
-#
-define(`getattr_blk_file_perms',`{ getattr }')
-define(`setattr_blk_file_perms',`{ setattr }')
-define(`read_blk_file_perms',`{ getattr open read lock ioctl }')
-define(`append_blk_file_perms',`{ getattr open append lock ioctl }')
-define(`write_blk_file_perms',`{ getattr open write append lock ioctl }')
-define(`rw_inherited_blk_file_perms',`{ getattr read write append ioctl lock }')
-define(`rw_blk_file_perms',`{ open rw_inherited_blk_file_perms }')
-define(`create_blk_file_perms',`{ getattr create }')
-define(`rename_blk_file_perms',`{ getattr rename }')
-define(`delete_blk_file_perms',`{ getattr unlink }')
-define(`manage_blk_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }')
-define(`relabelfrom_blk_file_perms',`{ getattr relabelfrom }')
-define(`relabelto_blk_file_perms',`{ getattr relabelto }')
-define(`relabel_blk_file_perms',`{ getattr relabelfrom relabelto }')
-
-#
-# Character device nodes (chr_file)
-#
-define(`getattr_chr_file_perms',`{ getattr }')
-define(`setattr_chr_file_perms',`{ setattr }')
-define(`read_chr_file_perms',`{ getattr open read lock ioctl }')
-define(`append_chr_file_perms',`{ getattr open append lock ioctl }')
-define(`write_chr_file_perms',`{ getattr open write append lock ioctl }')
-define(`rw_inherited_chr_file_perms',`{ getattr read write append ioctl lock }')
-define(`rw_chr_file_perms',`{ open rw_inherited_chr_file_perms }')
-define(`create_chr_file_perms',`{ getattr create }')
-define(`rename_chr_file_perms',`{ getattr rename }')
-define(`delete_chr_file_perms',`{ getattr unlink }')
-define(`manage_chr_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }')
-define(`relabelfrom_chr_file_perms',`{ getattr relabelfrom }')
-define(`relabelto_chr_file_perms',`{ getattr relabelto }')
-define(`relabel_chr_file_perms',`{ getattr relabelfrom relabelto }')
-
-########################################
-#
-# Special permission sets
-#
-
-#
-# Use (read and write) terminals
-#
-define(`rw_inherited_term_perms', `{ getattr open read write ioctl append }')
-define(`rw_term_perms', `{ open rw_inherited_term_perms }')
-
-#
-# Sockets
-#
-define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
-define(`server_stream_socket_perms', `{ client_stream_socket_perms listen accept }')
-
-#
-# Keys
-#
-define(`manage_key_perms', `{ create link read search setattr view write } ')
-
-#
-# All 
-#
-define(`all_capabilities', `{ chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap }
-')
-
-define(`all_nscd_perms', `{ getserv getpwd getgrp gethost getstat admin shmempwd shmemgrp shmemhost shmemserv } ')
-define(`all_dbus_perms', `{ acquire_svc send_msg } ')
-define(`all_passwd_perms', `{ passwd chfn chsh rootok crontab } ')
-define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')
diff --git a/policy/users b/policy/users
deleted file mode 100644
index be2a04c..0000000
--- a/policy/users
+++ /dev/null
@@ -1,38 +0,0 @@
-##################################
-#
-# Core User configuration.
-#
-
-#
-# gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_catetories])
-#
-# Note: Identities without a prefix will not be listed
-# in the users_extra file used by genhomedircon.
-
-#
-# system_u is the user identity for system processes and objects.
-# There should be no corresponding Unix user identity for system,
-# and a user process should never be assigned the system user
-# identity.
-#
-gen_user(system_u,, system_r unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats)
-
-#
-# user_u is a generic user identity for Linux users who have no
-# SELinux user identity defined.  The modified daemons will use
-# this user identity in the security context if there is no matching
-# SELinux user identity for a Linux user.  If you do not want to
-# permit any access to such users, then remove this entry.
-#
-gen_user(user_u, user, user_r, s0, s0)
-gen_user(staff_u, user, staff_r system_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
-gen_user(sysadm_u, user, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
-
-#
-# The following users correspond to Unix identities.
-# These identities are typically assigned as the user attribute
-# when login starts the user shell.  Users with access to the sysadm_r
-# role should use the staff_r role instead of the user_r role when
-# not in the sysadm_r.
-#
-gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)