diff --git a/policy/modules/apps/qemu.if b/policy/modules/apps/qemu.if
index 09483f6..8596352 100644
--- a/policy/modules/apps/qemu.if
+++ b/policy/modules/apps/qemu.if
@@ -1,5 +1,103 @@
 ## <summary>QEMU machine emulator and virtualizer</summary>
 
+########################################
+## <summary>
+##	Creates types and rules for a basic
+##	qemu process domain.
+## </summary>
+## <param name="prefix">
+##	<summary>
+##	Prefix for the domain.
+##	</summary>
+## </param>
+#
+template(`qemu_domain_template',`
+
+	##############################
+	#
+	# Local Policy
+	#
+
+	type $1_t;
+	domain_type($1_t)
+
+	type $1_tmp_t;
+	files_tmp_file($1_tmp_t)
+
+	##############################
+	#
+	# Local Policy
+	#
+
+	allow $1_t self:capability { dac_read_search dac_override };
+	allow $1_t self:process { execstack execmem signal getsched };
+	allow $1_t self:fifo_file rw_file_perms;
+	allow $1_t self:shm create_shm_perms;
+	allow $1_t self:unix_stream_socket create_stream_socket_perms;
+	allow $1_t self:tcp_socket create_stream_socket_perms;
+	allow $1_t self:tun_socket create;
+
+	manage_dirs_pattern($1_t, $1_tmp_t, $1_tmp_t)
+	manage_files_pattern($1_t, $1_tmp_t, $1_tmp_t)
+	files_tmp_filetrans($1_t, $1_tmp_t, { file dir })
+
+	kernel_read_system_state($1_t)
+
+	corenet_all_recvfrom_unlabeled($1_t)
+	corenet_all_recvfrom_netlabel($1_t)
+	corenet_tcp_sendrecv_generic_if($1_t)
+	corenet_tcp_sendrecv_generic_node($1_t)
+	corenet_tcp_sendrecv_all_ports($1_t)
+	corenet_tcp_bind_generic_node($1_t)
+	corenet_tcp_bind_vnc_port($1_t)
+	corenet_rw_tun_tap_dev($1_t)
+
+#	dev_rw_kvm($1_t)
+
+	domain_use_interactive_fds($1_t)
+
+	files_read_etc_files($1_t)
+	files_read_usr_files($1_t)
+	files_read_var_files($1_t)
+	files_search_all($1_t)
+
+	fs_list_inotifyfs($1_t)
+	fs_rw_anon_inodefs_files($1_t)
+	fs_rw_tmpfs_files($1_t)
+
+	storage_raw_write_removable_device($1_t)
+	storage_raw_read_removable_device($1_t)
+
+	term_use_ptmx($1_t)
+	term_getattr_pty_fs($1_t)
+	term_use_generic_ptys($1_t)
+
+	miscfiles_read_localization($1_t)
+
+	sysnet_read_config($1_t)
+
+	userdom_use_user_terminals($1_t)
+	userdom_attach_admin_tun_iface($1_t)
+
+	optional_policy(`
+		samba_domtrans_smbd($1_t)
+	')
+
+	optional_policy(`
+		virt_manage_images($1_t)
+		virt_read_config($1_t)
+		virt_read_lib_files($1_t)
+		virt_attach_tun_iface($1_t)
+	')
+
+	optional_policy(`
+		xserver_stream_connect($1_t)
+		xserver_read_xdm_tmp_files($1_t)
+		xserver_read_xdm_pid($1_t)
+#		xserver_xdm_rw_shm($1_t)
+	')
+')
+
 #######################################
 ## <summary>
 ##	The per role template for the qemu module.
@@ -175,104 +273,6 @@ interface(`qemu_domtrans_unconfined',`
 
 ########################################
 ## <summary>
-##	Creates types and rules for a basic
-##	qemu process domain.
-## </summary>
-## <param name="prefix">
-##	<summary>
-##	Prefix for the domain.
-##	</summary>
-## </param>
-#
-template(`qemu_domain_template',`
-
-	##############################
-	#
-	# Local Policy
-	#
-
-	type $1_t;
-	domain_type($1_t)
-
-	type $1_tmp_t;
-	files_tmp_file($1_tmp_t)
-
-	##############################
-	#
-	# Local Policy
-	#
-
-	allow $1_t self:capability { dac_read_search dac_override };
-	allow $1_t self:process { execstack execmem signal getsched };
-	allow $1_t self:fifo_file rw_file_perms;
-	allow $1_t self:shm create_shm_perms;
-	allow $1_t self:unix_stream_socket create_stream_socket_perms;
-	allow $1_t self:tcp_socket create_stream_socket_perms;
-	allow $1_t self:tun_socket create;
-
-	manage_dirs_pattern($1_t, $1_tmp_t, $1_tmp_t)
-	manage_files_pattern($1_t, $1_tmp_t, $1_tmp_t)
-	files_tmp_filetrans($1_t, $1_tmp_t, { file dir })
-
-	kernel_read_system_state($1_t)
-
-	corenet_all_recvfrom_unlabeled($1_t)
-	corenet_all_recvfrom_netlabel($1_t)
-	corenet_tcp_sendrecv_generic_if($1_t)
-	corenet_tcp_sendrecv_generic_node($1_t)
-	corenet_tcp_sendrecv_all_ports($1_t)
-	corenet_tcp_bind_generic_node($1_t)
-	corenet_tcp_bind_vnc_port($1_t)
-	corenet_rw_tun_tap_dev($1_t)
-
-#	dev_rw_kvm($1_t)
-
-	domain_use_interactive_fds($1_t)
-
-	files_read_etc_files($1_t)
-	files_read_usr_files($1_t)
-	files_read_var_files($1_t)
-	files_search_all($1_t)
-
-	fs_list_inotifyfs($1_t)
-	fs_rw_anon_inodefs_files($1_t)
-	fs_rw_tmpfs_files($1_t)
-
-	storage_raw_write_removable_device($1_t)
-	storage_raw_read_removable_device($1_t)
-
-	term_use_ptmx($1_t)
-	term_getattr_pty_fs($1_t)
-	term_use_generic_ptys($1_t)
-
-	miscfiles_read_localization($1_t)
-
-	sysnet_read_config($1_t)
-
-	userdom_use_user_terminals($1_t)
-	userdom_attach_admin_tun_iface($1_t)
-
-	optional_policy(`
-		samba_domtrans_smbd($1_t)
-	')
-
-	optional_policy(`
-		virt_manage_images($1_t)
-		virt_read_config($1_t)
-		virt_read_lib_files($1_t)
-		virt_attach_tun_iface($1_t)
-	')
-
-	optional_policy(`
-		xserver_stream_connect($1_t)
-		xserver_read_xdm_tmp_files($1_t)
-		xserver_read_xdm_pid($1_t)
-#		xserver_xdm_rw_shm($1_t)
-	')
-')
-
-########################################
-## <summary>
 ##	Manage qemu temporary dirs.
 ## </summary>
 ## <param name="domain">