diff --git a/refpolicy/policy/modules/admin/consoletype.te b/refpolicy/policy/modules/admin/consoletype.te
index 1b117a0..e7ab89a 100644
--- a/refpolicy/policy/modules/admin/consoletype.te
+++ b/refpolicy/policy/modules/admin/consoletype.te
@@ -9,8 +9,8 @@ policy_module(consoletype, 1.0)
 
 type consoletype_t;
 type consoletype_exec_t;
-domain_make_init_domain(consoletype_t,consoletype_exec_t)
-domain_make_system_domain(consoletype_t,consoletype_exec_t)
+init_make_init_domain(consoletype_t,consoletype_exec_t)
+init_make_system_domain(consoletype_t,consoletype_exec_t)
 role system_r types consoletype_t;
 
 ########################################
diff --git a/refpolicy/policy/modules/admin/netutils.te b/refpolicy/policy/modules/admin/netutils.te
index 92ca0bd..060c777 100644
--- a/refpolicy/policy/modules/admin/netutils.te
+++ b/refpolicy/policy/modules/admin/netutils.te
@@ -9,7 +9,7 @@ policy_module(devices,1.0)
 
 type netutils_t;
 type netutils_exec_t;
-domain_make_system_domain(netutils_t,netutils_exec_t)
+init_make_system_domain(netutils_t,netutils_exec_t)
 role system_r types netutils_t;
 
 type netutils_tmp_t;
@@ -17,12 +17,12 @@ files_make_temporary_file(netutils_tmp_t)
 
 type ping_t; #, nscd_client_domain;
 type ping_exec_t;
-domain_make_system_domain(ping_t,ping_exec_t)
+init_make_system_domain(ping_t,ping_exec_t)
 role system_r types ping_t;
 
 type traceroute_t; #, nscd_client_domain;
 type traceroute_exec_t;
-domain_make_system_domain(traceroute_t,traceroute_exec_t)
+init_make_system_domain(traceroute_t,traceroute_exec_t)
 role system_r types traceroute_t;
 
 #
diff --git a/refpolicy/policy/modules/admin/usermanage.te b/refpolicy/policy/modules/admin/usermanage.te
index 6b95a66..c3457c4 100644
--- a/refpolicy/policy/modules/admin/usermanage.te
+++ b/refpolicy/policy/modules/admin/usermanage.te
@@ -33,7 +33,7 @@ files_make_temporary_file(crack_tmp_t)
 type groupadd_t; #, nscd_client_domain;
 type groupadd_exec_t;
 kernel_make_object_identity_change_constraint_exception(groupadd_t)
-domain_make_system_domain(groupadd_t,groupadd_exec_t)
+init_make_system_domain(groupadd_t,groupadd_exec_t)
 role system_r types groupadd_t;
 
 type passwd_t;
@@ -55,7 +55,7 @@ files_make_file(sysadm_passwd_tmp_t)
 type useradd_t; # nscd_client_domain;
 type useradd_exec_t;
 kernel_make_object_identity_change_constraint_exception(useradd_t)
-domain_make_system_domain(useradd_t,useradd_exec_t)
+init_make_system_domain(useradd_t,useradd_exec_t)
 role system_r types useradd_t;
 
 ########################################
diff --git a/refpolicy/policy/modules/kernel/kernel.if b/refpolicy/policy/modules/kernel/kernel.if
index 3bea5c3..9d6420c 100644
--- a/refpolicy/policy/modules/kernel/kernel.if
+++ b/refpolicy/policy/modules/kernel/kernel.if
@@ -2,6 +2,24 @@
 
 ########################################
 #
+# kernel_make_userland_entrypoint(domain,entrypoint)
+#
+define(`kernel_make_userland_entrypoint',`
+requires_block_template(`$0'_depend)
+allow kernel_t $2:file { getattr read execute };
+allow kernel_t $1:process transition;
+type_transition kernel_t $2:process $1;
+dontaudit kernel_t $1:process { noatsecure siginh rlimitinh };
+')
+
+define(`kernel_make_userland_entrypoint_depend',`
+type kernel_t;
+class process { transition noatsecure siginh rlimitinh };
+class file { getattr read execute };
+')
+
+########################################
+#
 # kernel_share_state(domain)
 #
 define(`kernel_share_state',`
@@ -1071,24 +1089,6 @@ class lnk_file { getattr read };
 
 ########################################
 #
-# kernel_transition_from(domain,entrypoint)
-#
-define(`kernel_transition_from',`
-requires_block_template(`$0'_depend)
-allow kernel_t $2:file { getattr read execute };
-allow kernel_t $1:process transition;
-type_transition kernel_t $2:process $1;
-dontaudit kernel_t $1:process { noatsecure siginh rlimitinh };
-')
-
-define(`kernel_transition_from_depend',`
-type kernel_t;
-class file { getattr read execute };
-class process transition;
-')
-
-########################################
-#
 # kernel_sigchld_from(domain)
 #
 define(`kernel_sigchld_from',`
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index bca41c4..05939c0 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -18,7 +18,7 @@ files_make_file(cron_spool_t)
 
 type crond_t; #, privmail, nscd_client_domain
 type crond_exec_t;
-domain_make_daemon_domain(crond_t,crond_exec_t)
+init_make_daemon_domain(crond_t,crond_exec_t)
 domain_make_file_descriptors_widely_inheritable(crond_t)
 
 type crond_log_t;
@@ -35,7 +35,7 @@ files_make_file(crontab_exec_t)
 
 type system_cron_spool_t;
 type system_crond_t; #, privmail, nscd_client_domain;
-domain_make_daemon_domain(system_crond_t,anacron_exec_t)
+init_make_daemon_domain(system_crond_t,anacron_exec_t)
 corecommands_make_shell_entrypoint(system_crond_t)
 role system_r types system_crond_t;
 
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index 7cdb652..0200795 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -142,7 +142,7 @@ define(`mta_per_userdomain_template_depend',`
 #
 define(`mta_make_mailserver_domain',`
 requires_block_template(`$0'_depend)
-domain_make_daemon_domain($1,$2)
+init_make_daemon_domain($1,$2)
 typeattribute $1 mailserver_domain;
 ')
 
diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te
index 843edfb..f187620 100644
--- a/refpolicy/policy/modules/services/mta.te
+++ b/refpolicy/policy/modules/services/mta.te
@@ -32,7 +32,7 @@ tunable_policy(`targeted_policy',`',`
 optional_policy(`sendmail.te', `
 domain_make_entrypoint_file(system_mail_t,sendmail_exec_t)
 ', `
-domain_make_system_domain(system_mail_t,sendmail_exec_t)
+init_make_system_domain(system_mail_t,sendmail_exec_t)
 ') dnl end if sendmail
 ') dnl end targeted_policy
 
diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te
index c52265f..c1f35ed 100644
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@@ -25,7 +25,7 @@ files_make_file(login_exec_t)
 
 type pam_console_t;
 type pam_console_exec_t;
-domain_make_system_domain(pam_console_t,pam_console_exec_t)
+init_make_system_domain(pam_console_t,pam_console_exec_t)
 role system_r types pam_console_t;
 
 domain_make_entrypoint_file(pam_console_t,pam_console_exec_t)
diff --git a/refpolicy/policy/modules/system/clock.te b/refpolicy/policy/modules/system/clock.te
index cf39327..3bd5bf7 100644
--- a/refpolicy/policy/modules/system/clock.te
+++ b/refpolicy/policy/modules/system/clock.te
@@ -12,7 +12,7 @@ files_make_file(adjtime_t)
 
 type hwclock_t;
 type hwclock_exec_t;
-domain_make_system_domain(hwclock_t,hwclock_exec_t)
+init_make_system_domain(hwclock_t,hwclock_exec_t)
 role system_r types hwclock_t;
 
 ########################################
diff --git a/refpolicy/policy/modules/system/domain.if b/refpolicy/policy/modules/system/domain.if
index d7a8821..69c8de8 100644
--- a/refpolicy/policy/modules/system/domain.if
+++ b/refpolicy/policy/modules/system/domain.if
@@ -64,60 +64,6 @@ class file entrypoint;
 
 ########################################
 #
-# domain_make_init_domain(domain,entrypointfile)
-#
-define(`domain_make_init_domain',`
-requires_block_template(`$0'_depend)
-domain_make_domain($1)
-domain_make_entrypoint_file($1,$2)
-typeattribute $1 init_domain;
-typeattribute $2 init_domain_entry;
-role system_r types $1;
-')
-
-define(`domain_make_init_domain_depend',`
-attribute init_domain, init_domain_entry;
-role system_r;
-')
-
-########################################
-#
-# domain_make_daemon_domain(domain,entrypointfile)
-#
-define(`domain_make_daemon_domain',`
-requires_block_template(`$0'_depend)
-domain_make_domain($1)
-domain_make_entrypoint_file($1,$2)
-typeattribute $1 daemon_domain;
-typeattribute $2 daemon_domain_entry;
-role system_r types $1;
-')
-
-define(`domain_make_daemon_domain_depend',`
-attribute init_domain, init_domain_entry;
-role system_r;
-')
-
-########################################
-#
-# domain_make_system_domain(domain,entrypointfile)
-#
-define(`domain_make_system_domain',`
-requires_block_template(`$0'_depend)
-domain_make_domain($1)
-domain_make_entrypoint_file($1,$2)
-typeattribute $1 system_domain;
-typeattribute $2 system_domain_entry;
-role system_r types $1;
-')
-
-define(`domain_make_system_domain_depend',`
-attribute system_domain, system_domain_entry;
-role system_r;
-')
-
-########################################
-#
 # domain_make_file_descriptors_widely_inheritable(domain)
 #
 define(`domain_make_file_descriptors_widely_inheritable',`
@@ -159,60 +105,6 @@ class fd use;
 
 ########################################
 #
-# domain_all_init_domains_transition(domain)
-#
-define(`domain_all_init_domains_transition',`
-requires_block_template(`$0'_depend)
-allow $1 init_domain:process transition;
-allow $1 init_domain_entry:file { getattr read execute };
-dontaudit $1 init_domain:process { noatsecure siginh rlimitinh };
-')
-
-define(`domain_all_init_domains_transition_depend',`
-attribute init_domain, init_domain_entry;
-class process { transition noatsecure siginh rlimitinh };
-class file { getattr read execute };
-')
-
-########################################
-#
-# domain_all_daemon_domains_transition(domain)
-#
-define(`domain_all_daemon_domains_transition',`
-requires_block_template(`$0'_depend)
-allow $1 daemon_domain:process transition;
-allow $1 daemon_domain_entry:file { getattr read execute };
-allow daemon_domain $1:fd use;
-allow $1 daemon_domain:process { noatsecure siginh rlimitinh };
-')
-
-define(`domain_all_daemon_domains_transition_depend',`
-attribute daemon_domain, daemon_domain_entry;
-class process { transition noatsecure siginh rlimitinh };
-class file { getattr read execute };
-')
-
-########################################
-#
-# domain_all_system_domains_transition(domain)
-#
-define(`domain_all_system_domains_transition',`
-requires_block_template(`$0'_depend)
-allow $1 system_domain:process transition;
-allow $1 system_domain_entry:file { getattr read execute };
-allow system_domain $1:fd use;
-allow $1 system_domain:process { noatsecure siginh rlimitinh };
-')
-
-define(`domain_all_system_domains_transition_depend',`
-attribute system_domain, system_domain_entry;
-class process { transition noatsecure siginh rlimitinh };
-class file { getattr read execute };
-')
-
-
-########################################
-#
 # domain_signal_all_domains(domain)
 #
 define(`domain_signal_all_domains',`
diff --git a/refpolicy/policy/modules/system/domain.te b/refpolicy/policy/modules/system/domain.te
index 62eeef5..fb2c54a 100644
--- a/refpolicy/policy/modules/system/domain.te
+++ b/refpolicy/policy/modules/system/domain.te
@@ -8,20 +8,6 @@ attribute domain;
 # entrypoint executables
 attribute entry_type;
 
-# processes started by init itself
-attribute init_domain;
-attribute init_domain_entry;
-
-# short running processes started by init scripts,
-# such as mount, usually for initializing the system
-attribute system_domain;
-attribute system_domain_entry;
-
-# long running application processes started by 
-# init scripts, such as sshd
-attribute daemon_domain;
-attribute daemon_domain_entry;
-
 # widely-inheritable file descriptors
 attribute privfd;
 
diff --git a/refpolicy/policy/modules/system/getty.te b/refpolicy/policy/modules/system/getty.te
index ca2feb1..09a7a0b 100644
--- a/refpolicy/policy/modules/system/getty.te
+++ b/refpolicy/policy/modules/system/getty.te
@@ -4,7 +4,7 @@ policy_module(getty,1.0)
 
 type getty_t;
 type getty_exec_t;
-domain_make_init_domain(getty_t,getty_exec_t)
+init_make_init_domain(getty_t,getty_exec_t)
 domain_make_file_descriptors_widely_inheritable(getty_t)
 
 type getty_etc_t;
diff --git a/refpolicy/policy/modules/system/hostname.te b/refpolicy/policy/modules/system/hostname.te
index dd3ebe2..f5c9f26 100644
--- a/refpolicy/policy/modules/system/hostname.te
+++ b/refpolicy/policy/modules/system/hostname.te
@@ -9,7 +9,7 @@ policy_module(hostname,1.0)
 
 type hostname_t;
 type hostname_exec_t;
-domain_make_system_domain(hostname_t,hostname_exec_t)
+init_make_system_domain(hostname_t,hostname_exec_t)
 role system_r types hostname_t;
 
 
diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te
index 10e5d1b..cad4a31 100644
--- a/refpolicy/policy/modules/system/hotplug.te
+++ b/refpolicy/policy/modules/system/hotplug.te
@@ -9,7 +9,8 @@ policy_module(hotplug, 1.0)
 
 type hotplug_t;
 type hotplug_exec_t;
-domain_make_system_domain(hotplug_t,hotplug_exec_t)
+kernel_make_userland_entrypoint(hotplug_t,hotplug_exec_t)
+init_make_system_domain(hotplug_t,hotplug_exec_t)
 
 type hotplug_etc_t; #, usercanread;
 files_make_file(hotplug_etc_t)
@@ -46,7 +47,6 @@ kernel_read_kernel_sysctl(hotplug_t)
 kernel_read_hardware_state(hotplug_t)
 kernel_read_network_sysctl(hotplug_t)
 kernel_read_usb_hardware_state(hotplug_t)
-kernel_transition_from(hotplug_t,hotplug_exec_t)
 
 bootloader_read_kernel_modules(hotplug_t)
 
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index 23b3877..a701982 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -2,6 +2,78 @@
 
 ########################################
 #
+# init_make_init_domain(domain,entrypointfile)
+#
+define(`init_make_init_domain',`
+requires_block_template(`$0'_depend)
+domain_make_domain($1)
+domain_make_entrypoint_file($1,$2)
+role system_r types $1;
+allow init_t $1:process transition;
+allow init_t $2:file { getattr read execute };
+dontaudit init_t $1:process { noatsecure siginh rlimitinh };
+type_transition init_t $2:process $1;
+')
+
+define(`init_make_init_domain_depend',`
+type init_t;
+class file { getattr read execute };
+class fd use;
+class process { transition noatsecure siginh rlimitinh };
+role system_r;
+')
+
+########################################
+#
+# init_make_daemon_domain(domain,entrypointfile)
+#
+define(`init_make_daemon_domain',`
+requires_block_template(`$0'_depend)
+domain_make_domain($1)
+domain_make_entrypoint_file($1,$2)
+role system_r types $1;
+allow initrc_t $1:process transition;
+allow initrc_t $2:file { getattr read execute };
+dontaudit initrc_t $1:process { noatsecure siginh rlimitinh };
+allow $1 initrc_t:fd use;
+type_transition initrc_t $2:process $1;
+')
+
+define(`init_make_daemon_domain_depend',`
+type initrc_t;
+class file { getattr read execute };
+class fd use;
+class process { transition noatsecure siginh rlimitinh };
+role system_r;
+')
+
+########################################
+#
+# init_make_system_domain(domain,entrypointfile)
+#
+define(`init_make_system_domain',`
+requires_block_template(`$0'_depend)
+domain_make_domain($1)
+domain_make_entrypoint_file($1,$2)
+role system_r types $1;
+allow initrc_t $1:process transition;
+allow initrc_t $2:file { getattr read execute };
+dontaudit initrc_t $1:process { noatsecure siginh rlimitinh };
+allow $1 initrc_t:fd use;
+type_transition initrc_t $2:process $1;
+')
+
+define(`init_make_system_domain_depend',`
+type initrc_t;
+class file { getattr read execute };
+class fd use;
+class process { transition noatsecure siginh rlimitinh };
+role system_r;
+')
+
+
+########################################
+#
 # init_transition(domain)
 #
 define(`init_transition',`
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 396fe27..bccab0a 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -18,6 +18,7 @@ role system_r types init_t;
 # init_exec_t is the type of the init program.
 #
 type init_exec_t;
+kernel_make_userland_entrypoint(init_t,init_exec_t)
 domain_make_entrypoint_file(init_t,init_exec_t)
 
 #
@@ -82,7 +83,6 @@ allow init_t initrc_exec_t:file { getattr read execute };
 
 allow init_t self:fifo_file { read write ioctl };
 
-kernel_transition_from(init_t,init_exec_t)
 kernel_sigchld_from(init_t)
 
 # If you load a new policy that removes active domains, processes can
@@ -100,7 +100,6 @@ terminal_use_all_terminals(init_t)
 
 domain_signal_all_domains(init_t)
 domain_kill_all_domains(init_t)
-domain_all_init_domains_transition(init_t)
 
 files_modify_system_runtime_data(init_t)
 
@@ -233,8 +232,6 @@ bootloader_read_kernel_symbol_table(initrc_t)
 
 domain_kill_all_domains(initrc_t)
 domain_read_all_domains_process_state(initrc_t)
-domain_all_daemon_domains_transition(initrc_t)
-domain_all_system_domains_transition(initrc_t)
 domain_use_widely_inheritable_file_descriptors(initrc_t)
 
 libraries_modify_dynamic_loader_cache(initrc_t)
diff --git a/refpolicy/policy/modules/system/iptables.te b/refpolicy/policy/modules/system/iptables.te
index 85c5274..065686e 100644
--- a/refpolicy/policy/modules/system/iptables.te
+++ b/refpolicy/policy/modules/system/iptables.te
@@ -9,7 +9,7 @@ policy_module(iptables, 1.0)
 
 type iptables_t;
 type iptables_exec_t;
-domain_make_system_domain(iptables_t,iptables_exec_t)
+init_make_system_domain(iptables_t,iptables_exec_t)
 role system_r types iptables_t;
 
 type iptables_tmp_t;
diff --git a/refpolicy/policy/modules/system/locallogin.te b/refpolicy/policy/modules/system/locallogin.te
index d9bd857..699519b 100644
--- a/refpolicy/policy/modules/system/locallogin.te
+++ b/refpolicy/policy/modules/system/locallogin.te
@@ -24,8 +24,8 @@ type sulogin_exec_t;
 kernel_make_object_identity_change_constraint_exception(sulogin_t)
 kernel_make_process_identity_change_constraint_exception(sulogin_t)
 kernel_make_role_change_constraint_exception(sulogin_t)
-domain_make_init_domain(sulogin_t,sulogin_exec_t)
-domain_make_system_domain(sulogin_t,sulogin_exec_t)
+init_make_init_domain(sulogin_t,sulogin_exec_t)
+init_make_system_domain(sulogin_t,sulogin_exec_t)
 domain_make_file_descriptors_widely_inheritable(sulogin_t)
 
 role system_r types sulogin_t;
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index 33c518b..b7e3700 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -9,7 +9,7 @@ files_make_file(devlog_t)
 
 type klogd_t;
 type klogd_exec_t;
-domain_make_daemon_domain(klogd_t,klogd_exec_t)
+init_make_daemon_domain(klogd_t,klogd_exec_t)
 
 type klogd_tmp_t;
 files_make_temporary_file(klogd_tmp_t)
@@ -19,7 +19,7 @@ files_make_daemon_runtime_file(klogd_var_run_t)
 
 type syslogd_t;
 type syslogd_exec_t;
-domain_make_daemon_domain(syslogd_t,syslogd_exec_t)
+init_make_daemon_domain(syslogd_t,syslogd_exec_t)
 
 type syslogd_tmp_t;
 files_make_temporary_file(syslogd_tmp_t)
diff --git a/refpolicy/policy/modules/system/lvm.te b/refpolicy/policy/modules/system/lvm.te
index 196e78d..2b6a3ff 100644
--- a/refpolicy/policy/modules/system/lvm.te
+++ b/refpolicy/policy/modules/system/lvm.te
@@ -9,7 +9,7 @@ policy_module(lvm,1.0)
 
 type lvm_t;
 type lvm_exec_t;
-domain_make_system_domain(lvm_t,lvm_exec_t)
+init_make_system_domain(lvm_t,lvm_exec_t)
 # needs privowner because it assigns the identity system_u to device nodes
 # but runs as the identity of the sysadmin
 kernel_make_object_identity_change_constraint_exception(lvm_t)
diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te
index c09291b..2af4e81 100644
--- a/refpolicy/policy/modules/system/modutils.te
+++ b/refpolicy/policy/modules/system/modutils.te
@@ -17,17 +17,18 @@ files_make_file(modules_dep_t)
 
 type insmod_t;
 type insmod_exec_t;
-domain_make_system_domain(insmod_t,insmod_exec_t)
+kernel_make_userland_entrypoint(insmod_t,insmod_exec_t)
+init_make_system_domain(insmod_t,insmod_exec_t)
 role system_r types insmod_t;
 
 type depmod_t;
 type depmod_exec_t;
-domain_make_system_domain(depmod_t,depmod_exec_t)
+init_make_system_domain(depmod_t,depmod_exec_t)
 role system_r types depmod_t;
 
 type update_modules_t;
 type update_modules_exec_t;
-domain_make_system_domain(update_modules_t,update_modules_exec_t)
+init_make_system_domain(update_modules_t,update_modules_exec_t)
 role system_r types update_modules_t;
 
 type update_modules_tmp_t;
@@ -49,8 +50,6 @@ allow insmod_t { modules_conf_t modules_dep_t }:file { getattr read };
 
 allow insmod_t insmod_exec_t:file { getattr read execute execute_no_trans };
 
-kernel_transition_from(insmod_t,insmod_exec_t)
-
 kernel_load_module(insmod_t)
 
 # Rules for /proc/sys/kernel/tainted
diff --git a/refpolicy/policy/modules/system/mount.te b/refpolicy/policy/modules/system/mount.te
index e8f256f..f3d0d8d 100644
--- a/refpolicy/policy/modules/system/mount.te
+++ b/refpolicy/policy/modules/system/mount.te
@@ -2,7 +2,7 @@
 
 type mount_t;
 type mount_exec_t;
-domain_make_system_domain(mount_t,mount_exec_t)
+init_make_system_domain(mount_t,mount_exec_t)
 role system_r types mount_t;
 
 type mount_tmp_t;
diff --git a/refpolicy/policy/modules/system/selinux.te b/refpolicy/policy/modules/system/selinux.te
index 7f03aab..f04ed99 100644
--- a/refpolicy/policy/modules/system/selinux.te
+++ b/refpolicy/policy/modules/system/selinux.te
@@ -67,7 +67,7 @@ files_make_file(policy_src_t)
 type restorecon_t, can_relabelto_binary_policy;
 type restorecon_exec_t;
 kernel_make_object_identity_change_constraint_exception(restorecon_t)
-domain_make_system_domain(restorecon_t,restorecon_exec_t)
+init_make_system_domain(restorecon_t,restorecon_exec_t)
 role system_r types restorecon_t;
 
 #
diff --git a/refpolicy/policy/modules/system/selinuxutil.te b/refpolicy/policy/modules/system/selinuxutil.te
index 7f03aab..f04ed99 100644
--- a/refpolicy/policy/modules/system/selinuxutil.te
+++ b/refpolicy/policy/modules/system/selinuxutil.te
@@ -67,7 +67,7 @@ files_make_file(policy_src_t)
 type restorecon_t, can_relabelto_binary_policy;
 type restorecon_exec_t;
 kernel_make_object_identity_change_constraint_exception(restorecon_t)
-domain_make_system_domain(restorecon_t,restorecon_exec_t)
+init_make_system_domain(restorecon_t,restorecon_exec_t)
 role system_r types restorecon_t;
 
 #
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index e8818fc..b9a48af 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -9,7 +9,7 @@ policy_module(sysnetwork,1.0)
 
 type dhcpc_t;
 type dhcpc_exec_t;
-domain_make_daemon_domain(dhcpc_t,dhcpc_exec_t)
+init_make_daemon_domain(dhcpc_t,dhcpc_exec_t)
 role system_r types dhcpc_t;
 
 type dhcpc_state_t;
@@ -23,7 +23,7 @@ files_make_daemon_runtime_file(dhcpc_var_run_t)
 
 type ifconfig_t;
 type ifconfig_exec_t;
-domain_make_system_domain(ifconfig_t, ifconfig_exec_t)
+init_make_system_domain(ifconfig_t, ifconfig_exec_t)
 role system_r types ifconfig_t;
 
 type net_conf_t alias resolv_conf_t;
diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te
index 57598ff..974b819 100644
--- a/refpolicy/policy/modules/system/udev.te
+++ b/refpolicy/policy/modules/system/udev.te
@@ -10,8 +10,9 @@ policy_module(udev,1.0)
 type udev_t; # nscd_client_domain
 type udev_exec_t;
 type udev_helper_exec_t;
+kernel_make_userland_entrypoint(udev_t,udev_exec_t)
 kernel_make_object_identity_change_constraint_exception(udev_t)
-domain_make_daemon_domain(udev_t,udev_exec_t)
+init_make_daemon_domain(udev_t,udev_exec_t)
 domain_make_entrypoint_file(udev_t,udev_helper_exec_t)
 domain_make_file_descriptors_widely_inheritable(udev_t)
 
@@ -74,7 +75,6 @@ kernel_compute_selinux_av(udev_t)
 kernel_compute_create(udev_t)
 kernel_compute_relabel(udev_t)
 kernel_compute_reachable_user_contexts(udev_t)
-kernel_transition_from(udev_t,udev_exec_t)
 
 devices_manage_device_nodes(udev_t)