diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index 742d637..d365295 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -1970,6 +1970,25 @@ interface(`files_read_usr_files',`
 
 ########################################
 ## <summary>
+##	Execute generic programs in /usr in the caller domain.
+## </summary>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+#
+interface(`files_exec_usr_files',`
+	gen_require(`
+		type usr_t;
+	')
+
+	allow $1 usr_t:dir r_dir_perms;
+	allow $1 usr_t:lnk_file r_file_perms;
+	can_exec($1,usr_t)
+
+')
+
+########################################
+## <summary>
 ##	Relabel a file to the type used in /usr.
 ## </summary>
 ## <param name="domain">
@@ -2041,18 +2060,15 @@ interface(`files_create_usr',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`files_exec_usr_files',`
+interface(`files_exec_usr_src_files',`
 	gen_require(`
 		type usr_t, src_t;
-		class dir r_dir_perms;
-		class lnk_file r_file_perms;
 	')
 
 	allow $1 usr_t:dir search;
 	allow $1 src_t:dir r_dir_perms;
 	allow $1 src_t:lnk_file r_file_perms;
 	can_exec($1,src_t)
-
 ')
 
 ########################################
@@ -2060,12 +2076,11 @@ interface(`files_exec_usr_files',`
 # files_dontaudit_search_src(domain)
 #
 interface(`files_dontaudit_search_src',`
-        gen_require(`
-                type src_t;
-                class dir search;
-        ')
+	gen_require(`
+		type src_t;
+	')
 
-        allow $1 src_t:dir search;
+	allow $1 src_t:dir search;
 ')
 
 ########################################
@@ -2075,9 +2090,6 @@ interface(`files_dontaudit_search_src',`
 interface(`files_read_usr_src_files',`
 	gen_require(`
 		type usr_t, src_t;
-		class dir r_dir_perms;
-		class file r_file_perms;
-		class lnk_file r_file_perms;
 	')
 
 	allow $1 usr_t:dir search;
@@ -2086,26 +2098,33 @@ interface(`files_read_usr_src_files',`
 ')
 
 ########################################
-#
-# files_search_var(domain)
+## <summary>
+##	Search the contents of /var.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
 #
 interface(`files_search_var',`
 	gen_require(`
 		type var_t;
-		class dir search;
 	')
 
 	allow $1 var_t:dir search;
 ')
 
 ########################################
-#
-# files_dontaudit_search_var(domain)
+## <summary>
+##	Do not audit attempts to search
+##	the contents of /var.
+## </summary>
+## <param name="domain">
+##	Domain to not audit.
+## </param>
 #
 interface(`files_dontaudit_search_var',`
 	gen_require(`
 		type var_t;
-		class dir search;
 	')
 
 	dontaudit $1 var_t:dir search;
@@ -2113,6 +2132,22 @@ interface(`files_dontaudit_search_var',`
 
 ########################################
 ## <summary>
+##	List the contents of /var.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`files_list_var',`
+	gen_require(`
+		type var_t;
+	')
+
+	allow $1 var_t:dir r_dir_perms;
+')
+
+########################################
+## <summary>
 ##	Create, read, write, and delete directories
 ##	in the /var directory.
 ## </summary>
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 55a87ef..bcfde85 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -210,7 +210,6 @@ template(`base_user_template',`
 	domain_dontaudit_getsession_all_domains($1_t)
 
 	files_exec_etc_files($1_t)
-	files_read_usr_src_files($1_t)
 	files_search_locks($1_t)
 	# old broswer_domain():
 	files_dontaudit_list_non_security($1_t)
@@ -868,7 +867,7 @@ template(`admin_user_template',`
 	# for lsof
 	domain_getattr_all_sockets($1_t)
 
-	files_exec_usr_files($1_t)
+	files_exec_usr_src_files($1_t)
 
 	init_use_initctl($1_t)