diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 5bdfa08..3ff5608 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -188,7 +188,7 @@ network_node(unspec, s0, ::, ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)
 type netif_t, netif_type;
 sid netif gen_context(system_u:object_r:netif_t,s0 - s15:c0.c255)
 
-ifdef(`enable_mls',`
+build_option(`enable_mls',`
 network_interface(lo, lo,s0 - s15:c0.c255)
 ')
 
diff --git a/policy/modules/kernel/corenetwork.te.m4 b/policy/modules/kernel/corenetwork.te.m4
index d7a1a27..c8ed292 100644
--- a/policy/modules/kernel/corenetwork.te.m4
+++ b/policy/modules/kernel/corenetwork.te.m4
@@ -5,6 +5,26 @@
 #
 define(`shiftn',`ifelse($1,0,`shift($*)',`shiftn(decr($1),shift(shift($*)))')')
 
+#
+# build_option(option_name,true,[false])
+#
+# makes an ifdef.  hacky quoting changes because with
+# regular quoting, the macros in $2 and $3 will not be expanded
+#
+define(`build_option',`dnl
+changequote([,])dnl
+[ifdef(`$1',`]
+changequote(`,')dnl
+$2
+changequote([,])dnl
+[',`]
+changequote(`,')dnl
+$3
+changequote([,])dnl
+[')]
+changequote(`,')dnl
+')
+
 define(`declare_netifs',`dnl
 netifcon $2 gen_context(system_u:object_r:$1,$3) gen_context(system_u:object_r:unlabeled_t,$3)
 ifelse(`$4',`',`',`declare_netifs($1,shiftn(3,$*))')dnl
@@ -14,7 +34,7 @@ ifelse(`$4',`',`',`declare_netifs($1,shiftn(3,$*))')dnl
 # network_interface(if_name,linux_interface,mls_sensitivity)
 #
 define(`network_interface',`
-gen_require(`type unlabeled_t')
+gen_require(``type unlabeled_t;'')
 type $1_netif_t alias netif_$1_t, netif_type;
 declare_netifs($1_netif_t,shift($*))
 ')