diff --git a/refpolicy/policy/support/misc_macros.spt b/refpolicy/policy/support/misc_macros.spt
new file mode 100644
index 0000000..37f25d9
--- /dev/null
+++ b/refpolicy/policy/support/misc_macros.spt
@@ -0,0 +1,20 @@
+
+########################################
+#
+# Helper macros
+#
+
+#
+# shiftn(num,list...)
+#
+# shift the list num times
+#
+define(`shiftn',`ifelse($1,0,`shift($*)',`shiftn(decr($1),shift(shift($*)))')')
+
+########################################
+#
+# gen_con(context,sensitivity)
+#
+# Optionally put the sensitivity for the file
+#
+define(`context_template',`ifdef(`enable_mls',`$1:$2',`$1')') dnl
diff --git a/refpolicy/policy/support/obj_perm_sets.spt b/refpolicy/policy/support/obj_perm_sets.spt
new file mode 100644
index 0000000..f85c928
--- /dev/null
+++ b/refpolicy/policy/support/obj_perm_sets.spt
@@ -0,0 +1,192 @@
+########################################
+# 
+# Support macros for sets of object classes and permissions
+#
+# This file should only have object class and permission set macros - they
+# can only reference object classes and/or permissions.
+
+#
+# All directory and file classes
+#
+define(`dir_file_class_set', `{ dir file lnk_file sock_file fifo_file chr_file blk_file }')
+
+#
+# All non-directory file classes.
+#
+define(`file_class_set', `{ file lnk_file sock_file fifo_file chr_file blk_file }')
+
+#
+# Non-device file classes.
+#
+define(`notdevfile_class_set', `{ file lnk_file sock_file fifo_file }')
+
+#
+# Device file classes.
+#
+define(`devfile_class_set', `{ chr_file blk_file }')
+
+#
+# All socket classes.
+#
+define(`socket_class_set', `{ tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket }')
+
+
+#
+# Datagram socket classes.
+# 
+define(`dgram_socket_class_set', `{ udp_socket unix_dgram_socket }')
+
+#
+# Stream socket classes.
+#
+define(`stream_socket_class_set', `{ tcp_socket unix_stream_socket }')
+
+#
+# Unprivileged socket classes (exclude rawip, netlink, packet).
+#
+define(`unpriv_socket_class_set', `{ tcp_socket udp_socket unix_stream_socket unix_dgram_socket }')
+
+########################################
+# 
+# Macros for sets of permissions
+#
+
+# 
+# Permissions for getting file attributes.
+#
+define(`stat_file_perms', `{ getattr }')
+
+# 
+# Permissions for executing files.
+#
+define(`x_file_perms', `{ getattr execute }')
+
+# 
+# Permissions for reading files and their attributes.
+#
+define(`r_file_perms', `{ read getattr lock ioctl }')
+
+# 
+# Permissions for reading and executing files.
+#
+define(`rx_file_perms', `{ read getattr lock execute ioctl }')
+
+# 
+# Permissions for reading and writing files and their attributes.
+#
+define(`rw_file_perms', `{ ioctl read getattr lock write append }')
+
+# 
+# Permissions for reading and appending to files.
+#
+define(`ra_file_perms', `{ ioctl read getattr lock append }')
+
+#
+# Permissions for linking, unlinking and renaming files.
+# 
+define(`link_file_perms', `{ getattr link unlink rename }')
+
+#
+# Permissions for creating lnk_files.
+#
+define(`create_lnk_perms', `{ create read getattr setattr link unlink rename }')
+
+#
+# Permissions for creating and using files.
+# 
+define(`create_file_perms', `{ create ioctl read getattr lock write setattr append link unlink rename }')
+
+# 
+# Permissions for reading directories and their attributes.
+#
+define(`r_dir_perms', `{ read getattr lock search ioctl }')
+
+# 
+# Permissions for reading and writing directories and their attributes.
+#
+define(`rw_dir_perms', `{ read getattr lock search ioctl add_name remove_name write }')
+
+# 
+# Permissions for reading and adding names to directories.
+#
+define(`ra_dir_perms', `{ read getattr lock search ioctl add_name write }')
+
+
+#
+# Permissions for creating and using directories.
+# 
+define(`create_dir_perms', `{ create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir }')
+
+#
+# Permissions to mount and unmount file systems.
+#
+define(`mount_fs_perms', `{ mount remount unmount getattr }')
+
+#
+# Permissions for using sockets.
+# 
+define(`rw_socket_perms', `{ ioctl read getattr write setattr append bind connect getopt setopt shutdown }')
+
+#
+# Permissions for creating and using sockets.
+# 
+define(`create_socket_perms', `{ create rw_socket_perms }')
+
+#
+# Permissions for using stream sockets.
+# 
+define(`rw_stream_socket_perms', `{ rw_socket_perms listen accept }')
+
+#
+# Permissions for creating and using stream sockets.
+# 
+define(`create_stream_socket_perms', `{ create_socket_perms listen accept }')
+
+#
+# Permissions for creating and using sockets.
+# 
+define(`connected_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
+
+#
+# Permissions for creating and using sockets.
+# 
+define(`connected_stream_socket_perms', `{ connected_socket_perms listen accept }')
+
+
+#
+# Permissions for creating and using netlink sockets.
+# 
+define(`create_netlink_socket_perms', `{ create_socket_perms nlmsg_read nlmsg_write }')
+
+#
+# Permissions for using netlink sockets for operations that modify state.
+# 
+define(`rw_netlink_socket_perms', `{ create_socket_perms nlmsg_read nlmsg_write }')
+
+#
+# Permissions for using netlink sockets for operations that observe state.
+# 
+define(`r_netlink_socket_perms', `{ create_socket_perms nlmsg_read }')
+
+#
+# Permissions for sending all signals.
+#
+define(`signal_perms', `{ sigchld sigkill sigstop signull signal }')
+
+#
+# Permissions for sending and receiving network packets.
+#
+define(`packet_perms', `{ tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send }')
+
+#
+# Permissions for using System V IPC
+#
+define(`r_sem_perms', `{ associate getattr read unix_read }')
+define(`rw_sem_perms', `{ associate getattr read write unix_read unix_write }')
+define(`create_sem_perms', `{ associate getattr setattr create destroy read write unix_read unix_write }')
+define(`r_msgq_perms', `{ associate getattr read unix_read }')
+define(`rw_msgq_perms', `{ associate getattr read write enqueue unix_read unix_write }')
+define(`create_msgq_perms', `{ associate getattr setattr create destroy read write enqueue unix_read unix_write }')
+define(`r_shm_perms', `{ associate getattr read unix_read }')
+define(`rw_shm_perms', `{ associate getattr read write lock unix_read unix_write }')
+define(`create_shm_perms', `{ associate getattr setattr create destroy read write lock unix_read unix_write }')
diff --git a/refpolicy/policy/support/sets.spt b/refpolicy/policy/support/sets.spt
deleted file mode 100644
index 9d26d80..0000000
--- a/refpolicy/policy/support/sets.spt
+++ /dev/null
@@ -1,190 +0,0 @@
-########################################
-# 
-# Macros for sets of object classes
-#
-
-#
-# All directory and file classes
-#
-define(`dir_file_class_set', `{ dir file lnk_file sock_file fifo_file chr_file blk_file }')
-
-#
-# All non-directory file classes.
-#
-define(`file_class_set', `{ file lnk_file sock_file fifo_file chr_file blk_file }')
-
-#
-# Non-device file classes.
-#
-define(`notdevfile_class_set', `{ file lnk_file sock_file fifo_file }')
-
-#
-# Device file classes.
-#
-define(`devfile_class_set', `{ chr_file blk_file }')
-
-#
-# All socket classes.
-#
-define(`socket_class_set', `{ tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket }')
-
-
-#
-# Datagram socket classes.
-# 
-define(`dgram_socket_class_set', `{ udp_socket unix_dgram_socket }')
-
-#
-# Stream socket classes.
-#
-define(`stream_socket_class_set', `{ tcp_socket unix_stream_socket }')
-
-#
-# Unprivileged socket classes (exclude rawip, netlink, packet).
-#
-define(`unpriv_socket_class_set', `{ tcp_socket udp_socket unix_stream_socket unix_dgram_socket }')
-
-########################################
-# 
-# Macros for sets of permissions
-#
-
-# 
-# Permissions for getting file attributes.
-#
-define(`stat_file_perms', `{ getattr }')
-
-# 
-# Permissions for executing files.
-#
-define(`x_file_perms', `{ getattr execute }')
-
-# 
-# Permissions for reading files and their attributes.
-#
-define(`r_file_perms', `{ read getattr lock ioctl }')
-
-# 
-# Permissions for reading and executing files.
-#
-define(`rx_file_perms', `{ read getattr lock execute ioctl }')
-
-# 
-# Permissions for reading and writing files and their attributes.
-#
-define(`rw_file_perms', `{ ioctl read getattr lock write append }')
-
-# 
-# Permissions for reading and appending to files.
-#
-define(`ra_file_perms', `{ ioctl read getattr lock append }')
-
-#
-# Permissions for linking, unlinking and renaming files.
-# 
-define(`link_file_perms', `{ getattr link unlink rename }')
-
-#
-# Permissions for creating lnk_files.
-#
-define(`create_lnk_perms', `{ create read getattr setattr link unlink rename }')
-
-#
-# Permissions for creating and using files.
-# 
-define(`create_file_perms', `{ create ioctl read getattr lock write setattr append link unlink rename }')
-
-# 
-# Permissions for reading directories and their attributes.
-#
-define(`r_dir_perms', `{ read getattr lock search ioctl }')
-
-# 
-# Permissions for reading and writing directories and their attributes.
-#
-define(`rw_dir_perms', `{ read getattr lock search ioctl add_name remove_name write }')
-
-# 
-# Permissions for reading and adding names to directories.
-#
-define(`ra_dir_perms', `{ read getattr lock search ioctl add_name write }')
-
-
-#
-# Permissions for creating and using directories.
-# 
-define(`create_dir_perms', `{ create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir }')
-
-#
-# Permissions to mount and unmount file systems.
-#
-define(`mount_fs_perms', `{ mount remount unmount getattr }')
-
-#
-# Permissions for using sockets.
-# 
-define(`rw_socket_perms', `{ ioctl read getattr write setattr append bind connect getopt setopt shutdown }')
-
-#
-# Permissions for creating and using sockets.
-# 
-define(`create_socket_perms', `{ create rw_socket_perms }')
-
-#
-# Permissions for using stream sockets.
-# 
-define(`rw_stream_socket_perms', `{ rw_socket_perms listen accept }')
-
-#
-# Permissions for creating and using stream sockets.
-# 
-define(`create_stream_socket_perms', `{ create_socket_perms listen accept }')
-
-#
-# Permissions for creating and using sockets.
-# 
-define(`connected_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
-
-#
-# Permissions for creating and using sockets.
-# 
-define(`connected_stream_socket_perms', `{ connected_socket_perms listen accept }')
-
-
-#
-# Permissions for creating and using netlink sockets.
-# 
-define(`create_netlink_socket_perms', `{ create_socket_perms nlmsg_read nlmsg_write }')
-
-#
-# Permissions for using netlink sockets for operations that modify state.
-# 
-define(`rw_netlink_socket_perms', `{ create_socket_perms nlmsg_read nlmsg_write }')
-
-#
-# Permissions for using netlink sockets for operations that observe state.
-# 
-define(`r_netlink_socket_perms', `{ create_socket_perms nlmsg_read }')
-
-#
-# Permissions for sending all signals.
-#
-define(`signal_perms', `{ sigchld sigkill sigstop signull signal }')
-
-#
-# Permissions for sending and receiving network packets.
-#
-define(`packet_perms', `{ tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send }')
-
-#
-# Permissions for using System V IPC
-#
-define(`r_sem_perms', `{ associate getattr read unix_read }')
-define(`rw_sem_perms', `{ associate getattr read write unix_read unix_write }')
-define(`create_sem_perms', `{ associate getattr setattr create destroy read write unix_read unix_write }')
-define(`r_msgq_perms', `{ associate getattr read unix_read }')
-define(`rw_msgq_perms', `{ associate getattr read write enqueue unix_read unix_write }')
-define(`create_msgq_perms', `{ associate getattr setattr create destroy read write enqueue unix_read unix_write }')
-define(`r_shm_perms', `{ associate getattr read unix_read }')
-define(`rw_shm_perms', `{ associate getattr read write lock unix_read unix_write }')
-define(`create_shm_perms', `{ associate getattr setattr create destroy read write lock unix_read unix_write }')
diff --git a/refpolicy/policy/support/support_macros b/refpolicy/policy/support/support_macros
deleted file mode 100644
index 1f2ea80..0000000
--- a/refpolicy/policy/support/support_macros
+++ /dev/null
@@ -1,28 +0,0 @@
-
-########################################
-#
-# Helper macros
-#
-
-#
-# shiftn(num,list...)
-#
-# shift the list num times
-#
-define(`shiftn',`ifelse($1,0,`shift($*)',`shiftn(decr($1),shift(shift($*)))')')
-
-########################################
-#
-# context_template(context,sensitivity)
-#
-# Optionally put the sensitivity for the file
-#
-define(`context_template',`ifdef(`enable_mls',`$1:$2',`$1')') dnl
-
-########################################
-#
-# user_mls(level,range)
-#
-define(`user_mls',`ifdef(`enable_mls',`level $1 range $2')') dnl
-
-define(`can_exec',`allow $1 $2:file { getattr read execute execute_no_trans };')