diff --git a/refpolicy/policy/modules/kernel/devices.if b/refpolicy/policy/modules/kernel/devices.if
index 0ae11653..83e5dc29 100644
--- a/refpolicy/policy/modules/kernel/devices.if
+++ b/refpolicy/policy/modules/kernel/devices.if
@@ -251,24 +251,6 @@ interface(`dev_dontaudit_setattr_generic_blk_file',`
dontaudit $1 device_t:blk_file setattr;
')
-########################################
-##
-## Allow read, write, create, and delete for generic
-## block files.
-##
-##
-## Domain allowed access.
-##
-#
-interface(`dev_manage_generic_blk_file',`
- gen_require(`
- type device_t;
- ')
-
- allow $1 device_t:dir rw_dir_perms;
- allow $1 device_t:blk_file create_file_perms;
-')
-
########################################
##
## Allow read, write, and create for generic character device files.
diff --git a/refpolicy/policy/modules/kernel/files.if b/refpolicy/policy/modules/kernel/files.if
index b78d9613..b178766c 100644
--- a/refpolicy/policy/modules/kernel/files.if
+++ b/refpolicy/policy/modules/kernel/files.if
@@ -300,10 +300,9 @@ interface(`files_search_all',`
## Domain allowed access.
##
#
-interface(`files_list_all_dirs',`
+interface(`files_list_all',`
gen_require(`
attribute file_type;
- class dir r_dir_perms;
')
allow $1 file_type:dir r_dir_perms;
@@ -2044,23 +2043,6 @@ interface(`files_dontaudit_getattr_tmp_dir',`
dontaudit $1 tmp_t:dir getattr;
')
-########################################
-##
-## Allow domain to getattr on /tmp directory.
-##
-##
-## The type of the process performing this action.
-##
-#
-interface(`files_getattr_tmp_dir',`
- gen_require(`
- type tmp_t;
- class dir getattr;
- ')
-
- allow $1 tmp_t:dir getattr;
-')
-
########################################
##
## Search the tmp directory (/tmp).
diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if
index f089669e..f0f72559 100644
--- a/refpolicy/policy/modules/kernel/filesystem.if
+++ b/refpolicy/policy/modules/kernel/filesystem.if
@@ -651,24 +651,6 @@ interface(`fs_execute_cifs_files',`
can_exec($1, cifs_t)
')
-########################################
-##
-## Do not audit attempts to read or
-## write files on a CIFS or SMB filesystems.
-##
-##
-## The type of the domain to not audit.
-##
-#
-interface(`fs_dontaudit_read_cifs_files',`
- gen_require(`
- type cifs_t;
- class file { read write };
- ')
-
- dontaudit $1 cifs_t:file { read write };
-')
-
########################################
##
## Create, read, write, and delete directories
diff --git a/refpolicy/policy/modules/kernel/kernel.if b/refpolicy/policy/modules/kernel/kernel.if
index 5510188c..9f254441 100644
--- a/refpolicy/policy/modules/kernel/kernel.if
+++ b/refpolicy/policy/modules/kernel/kernel.if
@@ -1817,24 +1817,6 @@ interface(`kernel_read_file_from',`
allow kernel_t $1:file r_file_perms;
')
-########################################
-##
-## Allow the kernel to search the
-## specified directory.
-##
-##
-## Directory type to search.
-##
-#
-interface(`kernel_search_from',`
- gen_require(`
- type kernel_t;
- class dir search;
- ')
-
- allow kernel_t $1:dir search;
-')
-
########################################
##
## Use the specified types for /lib directory
diff --git a/refpolicy/policy/modules/kernel/storage.if b/refpolicy/policy/modules/kernel/storage.if
index a437aee4..c6c34fb6 100644
--- a/refpolicy/policy/modules/kernel/storage.if
+++ b/refpolicy/policy/modules/kernel/storage.if
@@ -361,24 +361,6 @@ interface(`storage_write_scsi_generic',`
typeattribute $1 scsi_generic_write;
')
-########################################
-##
-## Get attributes of the device nodes
-## for the SCSI generic inerface.
-##
-##
-## The type of the process performing this action.
-##
-#
-interface(`storage_getattr_scsi_generic',`
- gen_require(`
- type scsi_generic_device_t;
- ')
-
- dev_list_all_dev_nodes($1)
- allow $1 scsi_generic_device_t:chr_file getattr;
-')
-
########################################
##
## Set attributes of the device nodes
diff --git a/refpolicy/policy/modules/kernel/terminal.if b/refpolicy/policy/modules/kernel/terminal.if
index f4c7fc66..3dcd01cb 100644
--- a/refpolicy/policy/modules/kernel/terminal.if
+++ b/refpolicy/policy/modules/kernel/terminal.if
@@ -640,23 +640,6 @@ interface(`term_reset_tty_labels',`
allow $1 tty_device_t:chr_file relabelto;
')
-########################################
-##
-## Do not audit attempts to get the attributes
-## of unallocated ttys.
-##
-##
-## Domain allowed access.
-##
-#
-interface(`term_dontaudit_getattr_unallocated_ttys',`
- gen_require(`
- type tty_device_t;
- ')
-
- dontaudit $1 tty_device_t:chr_file getattr;
-')
-
########################################
##
## Write to unallocated ttys.
diff --git a/refpolicy/policy/modules/services/ppp.if b/refpolicy/policy/modules/services/ppp.if
index aa5e4d95..b73fe4ee 100644
--- a/refpolicy/policy/modules/services/ppp.if
+++ b/refpolicy/policy/modules/services/ppp.if
@@ -35,7 +35,7 @@ interface(`ppp_dontaudit_use_fd',`
########################################
##
-## Allow domain to send sigchld to parent of PPP domain type.
+## Send a SIGCHLD signal to PPP.
##
##
## Domain allowed access.
@@ -66,22 +66,6 @@ interface(`ppp_signal',`
allow $1 pppd_t:process signal;
')
-########################################
-##
-## Send a SIGCHLD signal to PPP.
-##
-##
-## Domain allowed access.
-##
-#
-interface(`ppp_sigchld',`
- gen_require(`
- type pppd_t;
- ')
-
- allow $1 pppd_t:process sigchld;
-')
-
########################################
##
## Execute domain in the ppp domain.
diff --git a/refpolicy/policy/modules/services/samba.if b/refpolicy/policy/modules/services/samba.if
index 34b6d488..fd422c88 100644
--- a/refpolicy/policy/modules/services/samba.if
+++ b/refpolicy/policy/modules/services/samba.if
@@ -327,23 +327,6 @@ interface(`samba_read_winbind_pid',`
allow $1 winbind_var_run_t:file r_file_perms;
')
-########################################
-##
-## Allow the specified domain to read the winbind pid files.
-##
-##
-## Domain allowed access.
-##
-#
-interface(`samba_read_winbind_pid',`
- gen_require(`
- type winbind_var_run_t;
- ')
-
- files_search_pids($1)
- allow $1 winbind_var_run_t:file r_file_perms;
-')
-
########################################
##
## Connect to winbind.
diff --git a/refpolicy/policy/modules/services/squid.if b/refpolicy/policy/modules/services/squid.if
index 397a3a6d..10497bfc 100644
--- a/refpolicy/policy/modules/services/squid.if
+++ b/refpolicy/policy/modules/services/squid.if
@@ -11,9 +11,6 @@
interface(`squid_domtrans',`
gen_require(`
type squid_t, squid_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
corecmd_search_sbin($1)
@@ -36,34 +33,12 @@ interface(`squid_domtrans',`
interface(`squid_read_config',`
gen_require(`
type squid_conf_t;
- class file r_file_perms;
')
files_search_etc($1)
allow $1 squid_conf_t:file r_file_perms;
')
-########################################
-##
-## Create, read, write, and delete
-## squid logs.
-##
-##
-## Domain allowed access.
-##
-#
-interface(`squid_manage_logs',`
- gen_require(`
- type squid_log_t;
- class dir rw_dir_perms;
- class file create_file_perms;
- ')
-
- logging_search_logs($1)
- allow $1 squid_log_t:dir rw_dir_perms;
- allow $1 squid_log_t:file create_file_perms;
-')
-
########################################
##
## Append squid logs.
@@ -112,8 +87,6 @@ interface(`squid_append_log',`
interface(`squid_manage_logs',`
gen_require(`
type squid_log_t;
- class dir rw_dir_perms;
- class file create_file_perms;
')
logging_search_logs($1)
@@ -132,7 +105,6 @@ interface(`squid_manage_logs',`
interface(`squid_use',`
gen_require(`
type squid_t;
- class tcp_socket { connectto acceptfrom recvfrom };
')
allow $1 squid_t:tcp_socket { connectto recvfrom };
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index 73bfa568..7c08d2cb 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -440,40 +440,6 @@ interface(`init_write_script_pipe',`
allow $1 initrc_t:fifo_file write;
')
-########################################
-##
-## Allow the specified domain to connect to
-## init scripts with a unix domain stream socket.
-##
-##
-## Domain allowed access.
-##
-#
-interface(`init_unix_connect_script',`
- gen_require(`
- type initrc_t;
- ')
-
- allow $1 initrc_t:unix_stream_socket connectto;
-')
-
-########################################
-##
-## Dont audit the specified domain connecting to
-## init scripts with a unix domain stream socket.
-##
-##
-## Domain allowed access.
-##
-#
-interface(`init_dontaudit_unix_connect_script',`
- gen_require(`
- type initrc_t;
- ')
-
- dontaudit $1 initrc_t:unix_stream_socket connectto;
-')
-
########################################
##
## Get the attribute of init script entrypoint files.
@@ -690,6 +656,23 @@ interface(`init_unix_connect_script',`
allow $1 initrc_t:unix_stream_socket connectto;
')
+########################################
+##
+## Dont audit the specified domain connecting to
+## init scripts with a unix domain stream socket.
+##
+##
+## Domain allowed access.
+##
+#
+interface(`init_dontaudit_unix_connect_script',`
+ gen_require(`
+ type initrc_t;
+ ')
+
+ dontaudit $1 initrc_t:unix_stream_socket connectto;
+')
+
########################################
##
## Send and receive messages from