From 8021cb4f63f3f60c49207df54236f09704cf58f0 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Fri, 23 Mar 2007 23:24:59 +0000
Subject: [PATCH] Merge sbin_t and ls_exec_t into bin_t.

---
 Changelog                                 |   1 +
 policy/modules/admin/acct.if              |   4 +-
 policy/modules/admin/acct.te              |   1 -
 policy/modules/admin/amanda.te            |   1 -
 policy/modules/admin/apt.te               |   1 -
 policy/modules/admin/certwatch.if         |   2 +-
 policy/modules/admin/consoletype.if       |   4 +-
 policy/modules/admin/ddcprobe.te          |   3 +-
 policy/modules/admin/dmesg.if             |   5 +-
 policy/modules/admin/logrotate.te         |   2 -
 policy/modules/admin/logwatch.te          |   4 -
 policy/modules/admin/mrtg.te              |   1 -
 policy/modules/admin/portage.if           |   1 -
 policy/modules/admin/portage.te           |   3 -
 policy/modules/admin/prelink.if           |   2 +-
 policy/modules/admin/prelink.te           |   1 -
 policy/modules/admin/su.if                |   1 -
 policy/modules/admin/sudo.if              |   2 +-
 policy/modules/admin/sxid.te              |   1 -
 policy/modules/admin/tmpreaper.if         |   2 +-
 policy/modules/admin/tripwire.te          |   2 +-
 policy/modules/admin/updfstab.if          |   2 +-
 policy/modules/admin/updfstab.te          |   2 -
 policy/modules/admin/usermanage.if        |   4 +-
 policy/modules/admin/usermanage.te        |   9 -
 policy/modules/admin/vbetool.if           |   2 +-
 policy/modules/apps/ethereal.if           |   2 +-
 policy/modules/apps/evolution.if          |   2 +-
 policy/modules/apps/games.if              |   1 -
 policy/modules/apps/loadkeys.te           |   1 -
 policy/modules/apps/mozilla.if            |   1 -
 policy/modules/apps/screen.if             |   5 -
 policy/modules/apps/thunderbird.if        |   3 +-
 policy/modules/apps/uml.if                |   1 -
 policy/modules/apps/userhelper.if         |   3 -
 policy/modules/apps/usernetctl.te         |   2 -
 policy/modules/apps/yam.if                |   2 +-
 policy/modules/kernel/corecommands.fc     |  42 ++--
 policy/modules/kernel/corecommands.if     | 233 ++++++++++------------
 policy/modules/kernel/corecommands.te     |  18 +-
 policy/modules/kernel/kernel.te           |   2 +-
 policy/modules/services/aide.if           |   2 +-
 policy/modules/services/amavis.te         |   1 -
 policy/modules/services/apache.if         |   4 +-
 policy/modules/services/apache.te         |   1 -
 policy/modules/services/arpwatch.te       |   2 +-
 policy/modules/services/asterisk.te       |   2 +-
 policy/modules/services/automount.if      |   4 +-
 policy/modules/services/automount.te      |   1 -
 policy/modules/services/bind.te           |   2 +-
 policy/modules/services/ccs.te            |   4 +-
 policy/modules/services/cipe.te           |   1 -
 policy/modules/services/courier.te        |   4 +-
 policy/modules/services/cron.if           |   1 -
 policy/modules/services/cron.te           |   4 +-
 policy/modules/services/cups.te           |   3 -
 policy/modules/services/cvs.te            |   1 -
 policy/modules/services/dbus.if           |   5 -
 policy/modules/services/dbus.te           |   9 +-
 policy/modules/services/dcc.if            |   6 +-
 policy/modules/services/ddclient.if       |   2 +-
 policy/modules/services/dhcp.te           |   1 -
 policy/modules/services/distcc.te         |   2 +-
 policy/modules/services/fail2ban.te       |   1 -
 policy/modules/services/finger.te         |   1 -
 policy/modules/services/ftp.if            |   2 +-
 policy/modules/services/ftp.te            |   4 -
 policy/modules/services/gatekeeper.te     |   2 +-
 policy/modules/services/i18n_input.te     |   1 -
 policy/modules/services/inetd.if          |   2 +-
 policy/modules/services/inetd.te          |   2 +-
 policy/modules/services/inn.te            |   2 -
 policy/modules/services/ircd.te           |   2 +-
 policy/modules/services/kerberos.te       |   1 -
 policy/modules/services/lpd.te            |   2 -
 policy/modules/services/mta.if            |   3 +-
 policy/modules/services/nagios.te         |   1 -
 policy/modules/services/networkmanager.te |   2 -
 policy/modules/services/nis.if            |   1 -
 policy/modules/services/nis.te            |   1 -
 policy/modules/services/nscd.if           |   2 +-
 policy/modules/services/nsd.te            |   1 -
 policy/modules/services/ntp.if            |   4 +-
 policy/modules/services/ntp.te            |   2 -
 policy/modules/services/oav.if            |   2 +-
 policy/modules/services/oddjob.te         |   1 -
 policy/modules/services/openvpn.te        |   1 -
 policy/modules/services/pegasus.te        |   1 -
 policy/modules/services/postfix.if        |   4 -
 policy/modules/services/postfix.te        |   7 -
 policy/modules/services/postgresql.te     |   2 -
 policy/modules/services/postgrey.te       |   1 -
 policy/modules/services/ppp.if            |   4 +-
 policy/modules/services/ppp.te            |   1 -
 policy/modules/services/procmail.te       |   2 -
 policy/modules/services/qmail.if          |   4 +-
 policy/modules/services/qmail.te          |   8 +-
 policy/modules/services/radius.te         |   1 -
 policy/modules/services/remotelogin.te    |   5 -
 policy/modules/services/rhgb.te           |   1 -
 policy/modules/services/ricci.te          |   8 +-
 policy/modules/services/rlogin.if         |   2 +-
 policy/modules/services/rpc.te            |   1 -
 policy/modules/services/rshd.te           |   1 -
 policy/modules/services/samba.te          |   2 +-
 policy/modules/services/sendmail.te       |   1 -
 policy/modules/services/setroubleshoot.te |   1 -
 policy/modules/services/snmp.te           |   1 -
 policy/modules/services/spamassassin.if   |  10 -
 policy/modules/services/spamassassin.te   |   1 -
 policy/modules/services/squid.if          |   2 +-
 policy/modules/services/squid.te          |   1 -
 policy/modules/services/ssh.if            |   2 -
 policy/modules/services/sysstat.te        |   1 -
 policy/modules/services/tcpd.te           |   1 -
 policy/modules/services/telnet.te         |   2 +-
 policy/modules/services/ucspitcp.te       |   1 -
 policy/modules/services/uptime.te         |   1 -
 policy/modules/services/uucp.te           |   4 +-
 policy/modules/services/uwimap.if         |   2 +-
 policy/modules/services/watchdog.te       |   1 -
 policy/modules/services/xfs.te            |   1 -
 policy/modules/services/xprint.te         |   2 -
 policy/modules/services/xserver.if        |   1 -
 policy/modules/services/xserver.te        |   1 -
 policy/modules/system/authlogin.if        |   2 +-
 policy/modules/system/authlogin.te        |   2 +-
 policy/modules/system/daemontools.te      |   3 -
 policy/modules/system/fstools.if          |   2 +-
 policy/modules/system/fstools.te          |   5 -
 policy/modules/system/getty.if            |   2 +-
 policy/modules/system/getty.te            |   1 -
 policy/modules/system/hotplug.if          |   4 +-
 policy/modules/system/hotplug.te          |   2 -
 policy/modules/system/init.if             |   2 +-
 policy/modules/system/init.te             |   1 -
 policy/modules/system/ipsec.te            |   1 -
 policy/modules/system/iptables.if         |   4 +-
 policy/modules/system/libraries.if        |   2 +-
 policy/modules/system/locallogin.te       |   5 -
 policy/modules/system/logging.if          |   2 +-
 policy/modules/system/logging.te          |   1 -
 policy/modules/system/lvm.if              |   2 +-
 policy/modules/system/lvm.te              |   6 +-
 policy/modules/system/modutils.if         |  12 +-
 policy/modules/system/modutils.te         |   3 -
 policy/modules/system/mount.te            |   1 -
 policy/modules/system/netlabel.if         |   2 +-
 policy/modules/system/raid.if             |   2 +-
 policy/modules/system/raid.te             |   1 -
 policy/modules/system/selinuxutil.if      |  16 +-
 policy/modules/system/selinuxutil.te      |   1 -
 policy/modules/system/setrans.te          |   2 +-
 policy/modules/system/sysnetwork.if       |   8 +-
 policy/modules/system/sysnetwork.te       |   1 -
 policy/modules/system/userdomain.if       |  43 +---
 policy/modules/system/userdomain.te       |   2 +-
 policy/modules/system/xen.te              |   2 -
 158 files changed, 241 insertions(+), 482 deletions(-)

diff --git a/Changelog b/Changelog
index 6c6c6090..67a18ef3 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Merge sbin_t and ls_exec_t into bin_t.
 - Remove disable_trans booleans.
 - Output different header sets for kernel and userland from flask headers.
 - Marked the pax class as deprecated, changed it to userland so
diff --git a/policy/modules/admin/acct.if b/policy/modules/admin/acct.if
index 7fa62c3b..77b62008 100644
--- a/policy/modules/admin/acct.if
+++ b/policy/modules/admin/acct.if
@@ -15,7 +15,7 @@ interface(`acct_domtrans',`
 		type acct_t, acct_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,acct_exec_t,acct_t)
 ')
 
@@ -34,7 +34,7 @@ interface(`acct_exec',`
 		type acct_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	can_exec($1,acct_exec_t)
 ')
 
diff --git a/policy/modules/admin/acct.te b/policy/modules/admin/acct.te
index 1e53451a..0529bb81 100644
--- a/policy/modules/admin/acct.te
+++ b/policy/modules/admin/acct.te
@@ -44,7 +44,6 @@ fs_getattr_xattr_fs(acct_t)
 
 term_dontaudit_use_console(acct_t)
 
-corecmd_search_sbin(acct_t)
 corecmd_exec_bin(acct_t)
 corecmd_exec_shell(acct_t)
 
diff --git a/policy/modules/admin/amanda.te b/policy/modules/admin/amanda.te
index 6dc9b929..b6ada7dc 100644
--- a/policy/modules/admin/amanda.te
+++ b/policy/modules/admin/amanda.te
@@ -145,7 +145,6 @@ files_getattr_all_pipes(amanda_t)
 files_getattr_all_sockets(amanda_t)
 
 corecmd_exec_shell(amanda_t)
-corecmd_exec_sbin(amanda_t)
 corecmd_exec_bin(amanda_t)
 
 libs_use_ld_so(amanda_t)
diff --git a/policy/modules/admin/apt.te b/policy/modules/admin/apt.te
index e0fa44a4..3a3ba9de 100644
--- a/policy/modules/admin/apt.te
+++ b/policy/modules/admin/apt.te
@@ -71,7 +71,6 @@ kernel_read_kernel_sysctls(apt_t)
 # to launch dpkg-preconfigure
 corecmd_exec_bin(apt_t)
 corecmd_exec_shell(apt_t)
-corecmd_exec_sbin(apt_t)
 
 corenet_non_ipsec_sendrecv(apt_t)
 corenet_tcp_sendrecv_all_if(apt_t)
diff --git a/policy/modules/admin/certwatch.if b/policy/modules/admin/certwatch.if
index 88ea0ba0..535fdd74 100644
--- a/policy/modules/admin/certwatch.if
+++ b/policy/modules/admin/certwatch.if
@@ -16,7 +16,7 @@ interface(`certwatch_domtrans',`
 	')
 
 	files_search_usr($1)
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,certwatch_exec_t,certwatch_t)
 ')
 
diff --git a/policy/modules/admin/consoletype.if b/policy/modules/admin/consoletype.if
index 665fab95..8a719574 100644
--- a/policy/modules/admin/consoletype.if
+++ b/policy/modules/admin/consoletype.if
@@ -17,7 +17,7 @@ interface(`consoletype_domtrans',`
 		type consoletype_t, consoletype_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,consoletype_exec_t,consoletype_t)
 ')
 
@@ -68,6 +68,6 @@ interface(`consoletype_exec',`
 		type consoletype_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	can_exec($1,consoletype_exec_t)
 ')
diff --git a/policy/modules/admin/ddcprobe.te b/policy/modules/admin/ddcprobe.te
index 67982aaa..4b22c6bc 100644
--- a/policy/modules/admin/ddcprobe.te
+++ b/policy/modules/admin/ddcprobe.te
@@ -26,9 +26,8 @@ kernel_change_ring_buffer_level(ddcprobe_t)
 
 files_search_kernel_modules(ddcprobe_t)
 
-corecmd_list_sbin(ddcprobe_t)
 corecmd_list_bin(ddcprobe_t)
-corecmd_exec_sbin(ddcprobe_t)
+corecmd_exec_bin(ddcprobe_t)
 
 dev_read_urand(ddcprobe_t)
 dev_read_raw_memory(ddcprobe_t)
diff --git a/policy/modules/admin/dmesg.if b/policy/modules/admin/dmesg.if
index e1bc9780..dc2a3b63 100644
--- a/policy/modules/admin/dmesg.if
+++ b/policy/modules/admin/dmesg.if
@@ -23,7 +23,7 @@ interface(`dmesg_domtrans',`
 			type dmesg_t, dmesg_exec_t;
 		')
 
-		corecmd_search_sbin($1)
+		corecmd_search_bin($1)
 		domain_auto_trans($1,dmesg_exec_t,dmesg_t)
 
 		allow $1 dmesg_t:fd use;
@@ -54,8 +54,7 @@ interface(`dmesg_exec',`
 			type dmesg_exec_t;
 		')
 
-		corecmd_search_sbin($1)
+		corecmd_search_bin($1)
 		can_exec($1,dmesg_exec_t)
 	')
 ')
-
diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te
index 797d07f0..6fb2b1af 100644
--- a/policy/modules/admin/logrotate.te
+++ b/policy/modules/admin/logrotate.te
@@ -83,9 +83,7 @@ auth_manage_login_records(logrotate_t)
 
 # Run helper programs.
 corecmd_exec_bin(logrotate_t)
-corecmd_exec_sbin(logrotate_t)
 corecmd_exec_shell(logrotate_t)
-corecmd_exec_ls(logrotate_t)
 
 domain_signal_all_domains(logrotate_t)
 domain_use_interactive_fds(logrotate_t)
diff --git a/policy/modules/admin/logwatch.te b/policy/modules/admin/logwatch.te
index 2ab7defd..e318417d 100644
--- a/policy/modules/admin/logwatch.te
+++ b/policy/modules/admin/logwatch.te
@@ -45,12 +45,8 @@ kernel_read_fs_sysctls(logwatch_t)
 kernel_read_kernel_sysctls(logwatch_t)
 kernel_read_system_state(logwatch_t)
 
-corecmd_read_sbin_symlinks(logwatch_t)
-corecmd_read_sbin_files(logwatch_t)
 corecmd_exec_bin(logwatch_t)
-corecmd_exec_sbin(logwatch_t)
 corecmd_exec_shell(logwatch_t)
-corecmd_exec_ls(logwatch_t)
 
 dev_read_urand(logwatch_t)
 dev_search_sysfs(logwatch_t)
diff --git a/policy/modules/admin/mrtg.te b/policy/modules/admin/mrtg.te
index 6dc3ac34..5ec21f4e 100644
--- a/policy/modules/admin/mrtg.te
+++ b/policy/modules/admin/mrtg.te
@@ -61,7 +61,6 @@ kernel_read_network_state(mrtg_t)
 kernel_read_kernel_sysctls(mrtg_t)
 
 corecmd_exec_bin(mrtg_t)
-corecmd_exec_sbin(mrtg_t)
 corecmd_exec_shell(mrtg_t)
 
 corenet_non_ipsec_sendrecv(mrtg_t)
diff --git a/policy/modules/admin/portage.if b/policy/modules/admin/portage.if
index b4bde15d..f486c978 100644
--- a/policy/modules/admin/portage.if
+++ b/policy/modules/admin/portage.if
@@ -241,7 +241,6 @@ interface(`portage_fetch_domain',`
 	kernel_read_kernel_sysctls($1)
 
 	corecmd_exec_bin($1)
-	corecmd_exec_sbin($1)
 
 	corenet_non_ipsec_sendrecv($1)
 	corenet_tcp_sendrecv_generic_if($1)
diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
index be4fd8fe..4335d445 100644
--- a/policy/modules/admin/portage.te
+++ b/policy/modules/admin/portage.te
@@ -88,11 +88,8 @@ kernel_read_system_state(gcc_config_t)
 kernel_read_kernel_sysctls(gcc_config_t)
 
 corecmd_exec_shell(gcc_config_t)
-corecmd_exec_ls(gcc_config_t)
 corecmd_exec_bin(gcc_config_t)
-corecmd_exec_sbin(gcc_config_t)
 corecmd_manage_bin_files(gcc_config_t)
-corecmd_read_sbin_symlinks(gcc_config_t)
 
 files_manage_etc_files(gcc_config_t)
 files_rw_etc_runtime_files(gcc_config_t)
diff --git a/policy/modules/admin/prelink.if b/policy/modules/admin/prelink.if
index 406b4891..78151ee4 100644
--- a/policy/modules/admin/prelink.if
+++ b/policy/modules/admin/prelink.if
@@ -15,7 +15,7 @@ interface(`prelink_domtrans',`
 		type prelink_t, prelink_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1, prelink_exec_t, prelink_t)
 ')
 
diff --git a/policy/modules/admin/prelink.te b/policy/modules/admin/prelink.te
index dcca6665..f016c72e 100644
--- a/policy/modules/admin/prelink.te
+++ b/policy/modules/admin/prelink.te
@@ -55,7 +55,6 @@ kernel_dontaudit_search_sysctl(prelink_t)
 corecmd_manage_all_executables(prelink_t)
 corecmd_relabel_all_executables(prelink_t)
 corecmd_mmap_all_executables(prelink_t)
-corecmd_read_sbin_symlinks(prelink_t)
 corecmd_read_bin_symlinks(prelink_t)
 
 dev_read_urand(prelink_t)
diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
index b6f6a848..1cab5032 100644
--- a/policy/modules/admin/su.if
+++ b/policy/modules/admin/su.if
@@ -208,7 +208,6 @@ template(`su_per_role_template',`
 	auth_use_nsswitch($1_su_t)
 
 	corecmd_search_bin($1_su_t)
-	corecmd_search_sbin($1_su_t)
 
 	domain_use_interactive_fds($1_su_t)
 
diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
index 249c3fca..f3dfaa44 100644
--- a/policy/modules/admin/sudo.if
+++ b/policy/modules/admin/sudo.if
@@ -94,7 +94,7 @@ template(`sudo_per_role_template',`
 	# sudo stores a token in the pam_pid directory
 	auth_manage_pam_pid($1_sudo_t)
 
-	corecmd_read_sbin_symlinks($1_sudo_t)
+	corecmd_read_bin_symlinks($1_sudo_t)
 	corecmd_getattr_all_executables($1_sudo_t)
 
 	domain_use_interactive_fds($1_sudo_t)
diff --git a/policy/modules/admin/sxid.te b/policy/modules/admin/sxid.te
index 08b5738a..ea0bde2a 100644
--- a/policy/modules/admin/sxid.te
+++ b/policy/modules/admin/sxid.te
@@ -40,7 +40,6 @@ kernel_read_system_state(sxid_t)
 kernel_read_kernel_sysctls(sxid_t)
 
 corecmd_exec_bin(sxid_t)
-corecmd_exec_sbin(sxid_t)
 corecmd_exec_shell(sxid_t)
 
 corenet_non_ipsec_sendrecv(sxid_t)
diff --git a/policy/modules/admin/tmpreaper.if b/policy/modules/admin/tmpreaper.if
index d43b1173..1fc0d7a6 100644
--- a/policy/modules/admin/tmpreaper.if
+++ b/policy/modules/admin/tmpreaper.if
@@ -16,6 +16,6 @@ interface(`tmpreaper_exec',`
 	')
 
 	files_search_usr($1)
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	can_exec($1,tmpreaper_exec_t)
 ')
diff --git a/policy/modules/admin/tripwire.te b/policy/modules/admin/tripwire.te
index 04def157..ba031267 100644
--- a/policy/modules/admin/tripwire.te
+++ b/policy/modules/admin/tripwire.te
@@ -74,7 +74,7 @@ kernel_getattr_message_if(tripwire_t)
 kernel_read_kernel_sysctls(tripwire_t)
 
 corecmd_exec_shell(tripwire_t)
-corecmd_exec_sbin(tripwire_t)
+corecmd_exec_bin(tripwire_t)
 
 domain_use_interactive_fds(tripwire_t)
 
diff --git a/policy/modules/admin/updfstab.if b/policy/modules/admin/updfstab.if
index f902aab3..d96bd071 100644
--- a/policy/modules/admin/updfstab.if
+++ b/policy/modules/admin/updfstab.if
@@ -16,6 +16,6 @@ interface(`updfstab_domtrans',`
 	')
 
 	files_search_usr($1)
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,updfstab_exec_t,updfstab_t)
 ')
diff --git a/policy/modules/admin/updfstab.te b/policy/modules/admin/updfstab.te
index 8f423aba..df44c1fc 100644
--- a/policy/modules/admin/updfstab.te
+++ b/policy/modules/admin/updfstab.te
@@ -53,8 +53,6 @@ storage_write_scsi_generic(updfstab_t)
 term_dontaudit_use_console(updfstab_t)
 
 corecmd_exec_bin(updfstab_t)
-corecmd_exec_sbin(updfstab_t)
-corecmd_exec_ls(updfstab_t)
 
 domain_use_interactive_fds(updfstab_t)
 
diff --git a/policy/modules/admin/usermanage.if b/policy/modules/admin/usermanage.if
index 7d0a3943..df6cfed7 100644
--- a/policy/modules/admin/usermanage.if
+++ b/policy/modules/admin/usermanage.if
@@ -67,7 +67,7 @@ interface(`usermanage_domtrans_groupadd',`
 	')
 
 	files_search_usr($1)
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,groupadd_exec_t,groupadd_t)
 ')
 
@@ -226,7 +226,7 @@ interface(`usermanage_domtrans_useradd',`
 	')
 
 	files_search_usr($1)
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,useradd_exec_t,useradd_t)
 ')
 
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index 9e37d63c..01c02fe5 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -101,9 +101,6 @@ dev_read_urand(chfn_t)
 auth_domtrans_chk_passwd(chfn_t)
 auth_dontaudit_read_shadow(chfn_t)
 
-# can exec /sbin/unix_chkpwd
-corecmd_search_bin(chfn_t)
-corecmd_search_sbin(chfn_t)
 # allow checking if a shell is executable
 corecmd_check_exec_shell(chfn_t)
 
@@ -170,7 +167,6 @@ files_read_etc_runtime_files(crack_t)
 files_read_usr_files(crack_t)
 
 corecmd_exec_bin(crack_t)
-corecmd_dontaudit_search_sbin(crack_t)
 
 libs_use_ld_so(crack_t)
 libs_use_shared_libs(crack_t)
@@ -233,7 +229,6 @@ libs_use_shared_libs(groupadd_t)
 
 # Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}.
 corecmd_exec_bin(groupadd_t)
-corecmd_exec_sbin(groupadd_t)
 
 logging_send_syslog_msg(groupadd_t)
 
@@ -401,10 +396,7 @@ auth_manage_shadow(sysadm_passwd_t)
 auth_relabel_shadow(sysadm_passwd_t)
 auth_etc_filetrans_shadow(sysadm_passwd_t)
 
-# allow checking if a shell is executable
-corecmd_check_exec_shell(sysadm_passwd_t)
 # allow vipw to exec the editor
-corecmd_search_sbin(sysadm_passwd_t)
 corecmd_exec_bin(sysadm_passwd_t)
 corecmd_exec_shell(sysadm_passwd_t)
 files_read_usr_files(sysadm_passwd_t)
@@ -470,7 +462,6 @@ kernel_read_kernel_sysctls(useradd_t)
 corecmd_exec_shell(useradd_t)
 # Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}.
 corecmd_exec_bin(useradd_t)
-corecmd_exec_sbin(useradd_t)
 
 domain_use_interactive_fds(useradd_t)
 
diff --git a/policy/modules/admin/vbetool.if b/policy/modules/admin/vbetool.if
index c5faff51..180732ca 100644
--- a/policy/modules/admin/vbetool.if
+++ b/policy/modules/admin/vbetool.if
@@ -15,6 +15,6 @@ interface(`vbetool_domtrans',`
 		type vbetool_t, vbetool_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,vbetool_exec_t,vbetool_t)
 ')
diff --git a/policy/modules/apps/ethereal.if b/policy/modules/apps/ethereal.if
index 2a2e86dc..ed8d8975 100644
--- a/policy/modules/apps/ethereal.if
+++ b/policy/modules/apps/ethereal.if
@@ -76,7 +76,7 @@ template(`ethereal_per_role_template',`
 
 	# Re-execute itself (why?)
 	can_exec($1_ethereal_t, ethereal_exec_t)
-	corecmd_search_sbin($1_ethereal_t)
+	corecmd_search_bin($1_ethereal_t)
 
 	# /home/.ethereal
 	manage_dirs_pattern($1_ethereal_t,$1_ethereal_home_t,$1_ethereal_home_t)
diff --git a/policy/modules/apps/evolution.if b/policy/modules/apps/evolution.if
index 17c8b79a..dee79e05 100644
--- a/policy/modules/apps/evolution.if
+++ b/policy/modules/apps/evolution.if
@@ -187,7 +187,7 @@ template(`evolution_per_role_template',`
 	corecmd_exec_shell($1_evolution_t)
 	# Run various programs
 	corecmd_exec_bin($1_evolution_t)
-	corecmd_exec_sbin($1_evolution_t)
+	corecmd_exec_bin($1_evolution_t)
 
 	corenet_non_ipsec_sendrecv($1_evolution_t)
 	corenet_tcp_sendrecv_generic_if($1_evolution_t)
diff --git a/policy/modules/apps/games.if b/policy/modules/apps/games.if
index 33376169..dedbd6db 100644
--- a/policy/modules/apps/games.if
+++ b/policy/modules/apps/games.if
@@ -90,7 +90,6 @@ template(`games_per_role_template',`
 	kernel_read_system_state($1_games_t)
 
 	corecmd_exec_bin($1_games_t)
-	corecmd_exec_sbin($1_games_t)
 
 	corenet_non_ipsec_sendrecv($1_games_t)
 	corenet_tcp_sendrecv_generic_if($1_games_t)
diff --git a/policy/modules/apps/loadkeys.te b/policy/modules/apps/loadkeys.te
index 6cc288b3..80669fe7 100644
--- a/policy/modules/apps/loadkeys.te
+++ b/policy/modules/apps/loadkeys.te
@@ -34,7 +34,6 @@ ifdef(`targeted_policy',`
 
 	corecmd_exec_bin(loadkeys_t)
 	corecmd_exec_shell(loadkeys_t)
-	corecmd_search_sbin(loadkeys_t)
 
 	files_read_etc_files(loadkeys_t)
 	files_read_etc_runtime_files(loadkeys_t)
diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if
index 2d2990d0..42616176 100644
--- a/policy/modules/apps/mozilla.if
+++ b/policy/modules/apps/mozilla.if
@@ -115,7 +115,6 @@ template(`mozilla_per_role_template',`
 	kernel_read_system_state($1_mozilla_t)
 	kernel_read_net_sysctls($1_mozilla_t)
 
-	corecmd_search_sbin($1_mozilla_t)
 	# Look for plugins 
 	corecmd_list_bin($1_mozilla_t)
 	# for bash - old mozilla binary
diff --git a/policy/modules/apps/screen.if b/policy/modules/apps/screen.if
index ad5c105f..79b57a21 100644
--- a/policy/modules/apps/screen.if
+++ b/policy/modules/apps/screen.if
@@ -107,11 +107,6 @@ template(`screen_per_role_template',`
 	corecmd_read_bin_symlinks($1_screen_t)
 	corecmd_read_bin_pipes($1_screen_t)
 	corecmd_read_bin_sockets($1_screen_t)
-	corecmd_list_sbin($1_screen_t)
-	corecmd_read_sbin_symlinks($1_screen_t)
-	corecmd_read_sbin_files($1_screen_t)
-	corecmd_read_sbin_pipes($1_screen_t)
-	corecmd_read_sbin_sockets($1_screen_t)
 	# Revert to the user domain when a shell is executed.
 	corecmd_shell_domtrans($1_screen_t,$2)
 	corecmd_bin_domtrans($1_screen_t,$2)
diff --git a/policy/modules/apps/thunderbird.if b/policy/modules/apps/thunderbird.if
index 38bde704..7edcec68 100644
--- a/policy/modules/apps/thunderbird.if
+++ b/policy/modules/apps/thunderbird.if
@@ -101,9 +101,8 @@ template(`thunderbird_per_role_template',`
 	kernel_read_net_sysctls($1_thunderbird_t)
 	kernel_read_system_state($1_thunderbird_t)
 	
-	corecmd_exec_shell($1_thunderbird_t)
 	# Startup shellscript
-	corecmd_search_sbin($1_thunderbird_t)
+	corecmd_exec_shell($1_thunderbird_t)
 
 	corenet_non_ipsec_sendrecv($1_thunderbird_t)
 	corenet_tcp_sendrecv_generic_if($1_thunderbird_t)
diff --git a/policy/modules/apps/uml.if b/policy/modules/apps/uml.if
index efa6b07c..8a662d4b 100644
--- a/policy/modules/apps/uml.if
+++ b/policy/modules/apps/uml.if
@@ -151,7 +151,6 @@ template(`uml_per_role_template',`
 
 	# for xterm
 	corecmd_exec_bin($1_uml_t)
-	corecmd_exec_sbin($1_uml_t)
 
 	corenet_non_ipsec_sendrecv($1_uml_t)
 	corenet_tcp_sendrecv_generic_if($1_uml_t)
diff --git a/policy/modules/apps/userhelper.if b/policy/modules/apps/userhelper.if
index 100f1402..dac7b45a 100644
--- a/policy/modules/apps/userhelper.if
+++ b/policy/modules/apps/userhelper.if
@@ -88,7 +88,6 @@ template(`userhelper_per_role_template',`
 	corecmd_exec_shell($1_userhelper_t)
 	# By default, revert to the calling domain when a program is executed
 	corecmd_bin_domtrans($1_userhelper_t,$2)
-	corecmd_sbin_domtrans($1_userhelper_t,$2)
 
 	# Inherit descriptors from the current session.
 	domain_use_interactive_fds($1_userhelper_t)
@@ -152,7 +151,6 @@ template(`userhelper_per_role_template',`
 	userdom_use_unpriv_users_fds($1_userhelper_t)
 	# Allow $1_userhelper_t to transition to user domains.
 	userdom_bin_spec_domtrans_unpriv_users($1_userhelper_t)
-	userdom_sbin_spec_domtrans_unpriv_users($1_userhelper_t)
 	userdom_entry_spec_domtrans_unpriv_users($1_userhelper_t)
 
 	ifdef(`distro_redhat',`
@@ -165,7 +163,6 @@ template(`userhelper_per_role_template',`
 	tunable_policy(`! secure_mode',`
 		#if we are not in secure mode then we can transition to sysadm_t
 		userdom_bin_spec_domtrans_sysadm($1_userhelper_t)
-		userdom_sbin_spec_domtrans_sysadm($1_userhelper_t)
 		userdom_entry_spec_domtrans_sysadm($1_userhelper_t)
 	')
 	
diff --git a/policy/modules/apps/usernetctl.te b/policy/modules/apps/usernetctl.te
index e45c4a73..f2bcebfc 100644
--- a/policy/modules/apps/usernetctl.te
+++ b/policy/modules/apps/usernetctl.te
@@ -37,8 +37,6 @@ kernel_read_kernel_sysctls(usernetctl_t)
 
 corecmd_list_bin(usernetctl_t)
 corecmd_exec_bin(usernetctl_t)
-corecmd_list_sbin(usernetctl_t)
-corecmd_exec_sbin(usernetctl_t)
 corecmd_exec_shell(usernetctl_t)
 
 domain_dontaudit_read_all_domains_state(usernetctl_t)
diff --git a/policy/modules/apps/yam.if b/policy/modules/apps/yam.if
index cb13e774..0b563138 100644
--- a/policy/modules/apps/yam.if
+++ b/policy/modules/apps/yam.if
@@ -15,7 +15,7 @@ interface(`yam_domtrans',`
 		type yam_t, yam_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,yam_exec_t,yam_t)
 ')
 
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index e112a5d5..068d1383 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -8,7 +8,6 @@
 /bin/bash			--	gen_context(system_u:object_r:shell_exec_t,s0)
 /bin/bash2			--	gen_context(system_u:object_r:shell_exec_t,s0)
 /bin/ksh.*			--	gen_context(system_u:object_r:shell_exec_t,s0)
-/bin/ls				--	gen_context(system_u:object_r:ls_exec_t,s0)
 /bin/sash			--	gen_context(system_u:object_r:shell_exec_t,s0)
 /bin/tcsh			--	gen_context(system_u:object_r:shell_exec_t,s0)
 /bin/zsh.*			--	gen_context(system_u:object_r:shell_exec_t,s0)
@@ -16,17 +15,17 @@
 #
 # /dev
 #
-/dev/MAKEDEV			--	gen_context(system_u:object_r:sbin_t,s0)
+/dev/MAKEDEV			--	gen_context(system_u:object_r:bin_t,s0)
 
 #
 # /emul
 #
 ifdef(`distro_redhat',`
 /emul/ia32-linux/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/emul/ia32-linux/sbin(/.*)?		gen_context(system_u:object_r:sbin_t,s0)
+/emul/ia32-linux/sbin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /emul/ia32-linux/usr(/.*)?/bin(/.*)?	gen_context(system_u:object_r:bin_t,s0)
 /emul/ia32-linux/usr(/.*)?/Bin(/.*)? 	gen_context(system_u:object_r:bin_t,s0)
-/emul/ia32-linux/usr(/.*)?/sbin(/.*)?	gen_context(system_u:object_r:sbin_t,s0)
+/emul/ia32-linux/usr(/.*)?/sbin(/.*)?	gen_context(system_u:object_r:bin_t,s0)
 /emul/ia32-linux/usr/libexec(/.*)?	gen_context(system_u:object_r:bin_t,s0)
 ')
 
@@ -37,14 +36,14 @@ ifdef(`distro_redhat',`
 /etc/cipe/ip-up.*		--	gen_context(system_u:object_r:bin_t,s0)
 /etc/cipe/ip-down.*		--	gen_context(system_u:object_r:bin_t,s0)
 
-/etc/hotplug/.*agent		--	gen_context(system_u:object_r:sbin_t,s0)
-/etc/hotplug/.*rc		-- 	gen_context(system_u:object_r:sbin_t,s0)
-/etc/hotplug/hotplug\.functions --	gen_context(system_u:object_r:sbin_t,s0)
-/etc/hotplug\.d/default/default.*	gen_context(system_u:object_r:sbin_t,s0)
+/etc/hotplug/.*agent		--	gen_context(system_u:object_r:bin_t,s0)
+/etc/hotplug/.*rc		-- 	gen_context(system_u:object_r:bin_t,s0)
+/etc/hotplug/hotplug\.functions --	gen_context(system_u:object_r:bin_t,s0)
+/etc/hotplug\.d/default/default.*	gen_context(system_u:object_r:bin_t,s0)
 
 /etc/init\.d/functions		--	gen_context(system_u:object_r:bin_t,s0)
 
-/etc/netplug\.d(/.*)? 	 		gen_context(system_u:object_r:sbin_t,s0)
+/etc/netplug\.d(/.*)? 	 		gen_context(system_u:object_r:bin_t,s0)
 
 /etc/ppp/ip-down\..*		--	gen_context(system_u:object_r:bin_t,s0)
 /etc/ppp/ip-up\..*		--	gen_context(system_u:object_r:bin_t,s0)
@@ -82,7 +81,7 @@ ifdef(`targeted_policy',`
 #
 
 /lib/udev/[^/]*			--	gen_context(system_u:object_r:bin_t,s0)
-/lib/udev/scsi_id		--	gen_context(system_u:object_r:sbin_t,s0)
+/lib/udev/scsi_id		--	gen_context(system_u:object_r:bin_t,s0)
 
 ifdef(`distro_gentoo',`
 /lib/rcscripts/addons(/.*)?		gen_context(system_u:object_r:bin_t,s0)
@@ -94,10 +93,10 @@ ifdef(`distro_gentoo',`
 #
 # /sbin
 #
-/sbin				-d	gen_context(system_u:object_r:sbin_t,s0)
-/sbin/.*				gen_context(system_u:object_r:sbin_t,s0)
-/sbin/mkfs\.cramfs		--	gen_context(system_u:object_r:sbin_t,s0)
-/sbin/insmod_ksymoops_clean	--	gen_context(system_u:object_r:sbin_t,s0)
+/sbin				-d	gen_context(system_u:object_r:bin_t,s0)
+/sbin/.*				gen_context(system_u:object_r:bin_t,s0)
+/sbin/mkfs\.cramfs		--	gen_context(system_u:object_r:bin_t,s0)
+/sbin/insmod_ksymoops_clean	--	gen_context(system_u:object_r:bin_t,s0)
 
 #
 # /opt
@@ -106,7 +105,7 @@ ifdef(`distro_gentoo',`
 
 /opt/(.*/)?libexec(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 
-/opt/(.*/)?sbin(/.*)?			gen_context(system_u:object_r:sbin_t,s0)
+/opt/(.*/)?sbin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 
 ifdef(`distro_gentoo',`
 /opt/RealPlayer/realplay(\.bin)?	gen_context(system_u:object_r:bin_t,s0)
@@ -122,8 +121,8 @@ ifdef(`distro_gentoo',`
 /usr/(.*/)?bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(.*/)?bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 
-/usr/(.*/)?sbin(/.*)?			gen_context(system_u:object_r:sbin_t,s0)
-/usr/lib(.*/)?sbin(/.*)?		gen_context(system_u:object_r:sbin_t,s0)
+/usr/(.*/)?sbin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
+/usr/lib(.*/)?sbin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 
 /usr/lib/ccache/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/pgsql/test/regress/.*\.sh --	gen_context(system_u:object_r:bin_t,s0)
@@ -136,7 +135,7 @@ ifdef(`distro_gentoo',`
 /usr/lib(64)?/cyrus-imapd/.*	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/dpkg/.+		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/emacsen-common/.*		gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/ipsec/.*		--	gen_context(system_u:object_r:sbin_t,s0)
+/usr/lib(64)?/ipsec/.*		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/mailman/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/mailman/mail(/.*)?	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/misc/sftp-server	--	gen_context(system_u:object_r:bin_t,s0)
@@ -148,9 +147,9 @@ ifdef(`distro_gentoo',`
 /usr/lib(64)?/vte/gnome-pty-helper --	gen_context(system_u:object_r:bin_t,s0)
 
 /usr/lib(64)?/debug/bin(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/debug/sbin(/.*)? --	gen_context(system_u:object_r:sbin_t,s0)
+/usr/lib(64)?/debug/sbin(/.*)? --	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/debug/usr/bin(/.*)? --	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/debug/usr/sbin(/.*)? --	gen_context(system_u:object_r:sbin_t,s0)
+/usr/lib(64)?/debug/usr/sbin(/.*)? --	gen_context(system_u:object_r:bin_t,s0)
 
 /usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird -- gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird-bin -- gen_context(system_u:object_r:bin_t,s0)
@@ -164,7 +163,7 @@ ifdef(`distro_gentoo',`
 /usr/libexec(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 /usr/libexec/openssh/sftp-server --	gen_context(system_u:object_r:bin_t,s0)
 
-/usr/local/lib(64)?/ipsec/.*	-- 	gen_context(system_u:object_r:sbin_t,s0)
+/usr/local/lib(64)?/ipsec/.*	-- 	gen_context(system_u:object_r:bin_t,s0)
 
 /usr/sbin/sesh			--	gen_context(system_u:object_r:shell_exec_t,s0)
 
@@ -245,7 +244,6 @@ ifdef(`distro_suse', `
 /var/mailman/bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 
 /var/ftp/bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-/var/ftp/bin/ls			--	gen_context(system_u:object_r:ls_exec_t,s0)
 
 /usr/lib/yp/.+			--	gen_context(system_u:object_r:bin_t,s0)
 
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
index 9c7095cf..cb69796e 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -84,7 +84,7 @@ interface(`corecmd_bin_entry_type',`
 ########################################
 ## <summary>
 ##	Make general progams in sbin an entrypoint for
-##	the specified domain.
+##	the specified domain.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -93,11 +93,8 @@ interface(`corecmd_bin_entry_type',`
 ## </param>
 #
 interface(`corecmd_sbin_entry_type',`
-	gen_require(`
-		type sbin_t;
-	')
-
-	domain_entry_file($1,sbin_t)
+	corecmd_bin_entry_type($1)
+	refpolicywarn(`$0() has been deprecated, please use corecmd_bin_entry_type() instead.')
 ')
 
 ########################################
@@ -136,6 +133,24 @@ interface(`corecmd_search_bin',`
 	search_dirs_pattern($1,bin_t,bin_t)
 ')
 
+########################################
+## <summary>
+##	Do not audit attempts to search the contents of bin directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corecmd_dontaudit_search_bin',`
+	gen_require(`
+		type bin_t;
+	')
+
+	dontaudit $1 bin_t:dir search_dir_perms;
+')
+
 ########################################
 ## <summary>
 ##	List the contents of bin directories.
@@ -154,6 +169,24 @@ interface(`corecmd_list_bin',`
 	list_dirs_pattern($1,bin_t,bin_t)
 ')
 
+########################################
+## <summary>
+##	Do not auidt attempts to write bin directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corecmd_dontaudit_write_bin_dirs',`
+	gen_require(`
+		type bin_t;
+	')
+
+	dontaudit $1 bin_t:dir write;
+')
+
 ########################################
 ## <summary>
 ##	Get the attributes of files in bin directories.
@@ -410,7 +443,7 @@ interface(`corecmd_bin_domtrans',`
 
 ########################################
 ## <summary>
-##	Search the contents of sbin directories.
+##	Search the contents of sbin directories.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -419,17 +452,14 @@ interface(`corecmd_bin_domtrans',`
 ## </param>
 #
 interface(`corecmd_search_sbin',`
-	gen_require(`
-		type sbin_t;
-	')
-
-	allow $1 sbin_t:dir search_dir_perms;
+	corecmd_search_bin($1)
+	refpolicywarn(`$0() has been deprecated, please use corecmd_search_bin() instead.')
 ')
 
 ########################################
 ## <summary>
 ##	Do not audit attempts to search
-##	sbin directories.
+##	sbin directories.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -438,16 +468,13 @@ interface(`corecmd_search_sbin',`
 ## </param>
 #
 interface(`corecmd_dontaudit_search_sbin',`
-	gen_require(`
-		type sbin_t;
-	')
-
-	dontaudit $1 sbin_t:dir search_dir_perms;
+	corecmd_dontaudit_search_bin($1)
+	refpolicywarn(`$0() has been deprecated, please use corecmd_dontaudit_search_bin() instead.')
 ')
 
 ########################################
 ## <summary>
-##	List the contents of sbin directories.
+##	List the contents of sbin directories.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -456,17 +483,14 @@ interface(`corecmd_dontaudit_search_sbin',`
 ## </param>
 #
 interface(`corecmd_list_sbin',`
-	gen_require(`
-		type sbin_t;
-	')
-
-	list_dirs_pattern($1,sbin_t,sbin_t)
+	corecmd_list_bin($1)
+	refpolicywarn(`$0() has been deprecated, please use corecmd_list_bin() instead.')
 ')
 
 ########################################
 ## <summary>
 ##	Do not audit attempts to write
-##	sbin directories.
+##	sbin directories.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -475,16 +499,13 @@ interface(`corecmd_list_sbin',`
 ## </param>
 #
 interface(`corecmd_dontaudit_write_sbin_dirs',`
-	gen_require(`
-		type sbin_t;
-	')
-
-	dontaudit $1 sbin_t:dir write;
+	corecmd_dontaudit_write_bin_dirs($1)
+	refpolicywarn(`$0() has been deprecated, please use corecmd_dontaudit_write_bin_dirs() instead.')
 ')
 
 ########################################
 ## <summary>
-##	Get the attributes of sbin files.
+##	Get the attributes of sbin files.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -493,17 +514,14 @@ interface(`corecmd_dontaudit_write_sbin_dirs',`
 ## </param>
 #
 interface(`corecmd_getattr_sbin_files',`
-	gen_require(`
-		type sbin_t;
-	')
-
-	getattr_files_pattern($1,sbin_t,sbin_t)
+	corecmd_getattr_bin_files($1)
+	refpolicywarn(`$0() has been deprecated, please use corecmd_getattr_bin_files() instead.')
 ')
 
 ########################################
 ## <summary>
 ##	Do not audit attempts to get the attibutes
-##	of sbin files.
+##	of sbin files.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -512,16 +530,13 @@ interface(`corecmd_getattr_sbin_files',`
 ## </param>
 #
 interface(`corecmd_dontaudit_getattr_sbin_files',`
-	gen_require(`
-		type sbin_t;
-	')
-
-	dontaudit $1 sbin_t:file getattr;
+	corecmd_dontaudit_getattr_bin_files($1)
+	refpolicywarn(`$0() has been deprecated, please use corecmd_dontaudit_getattr_bin_files() instead.')
 ')
 
 ########################################
 ## <summary>
-##	Read files in sbin directories.
+##	Read files in sbin directories.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -530,16 +545,13 @@ interface(`corecmd_dontaudit_getattr_sbin_files',`
 ## </param>
 #
 interface(`corecmd_read_sbin_files',`
-	gen_require(`
-		type sbin_t;
-	')
-
-	read_files_pattern($1,sbin_t,sbin_t)
+	corecmd_read_bin_files($1)
+	refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_files() instead.')
 ')
 
 ########################################
 ## <summary>
-##	Read symbolic links in sbin directories.
+##	Read symbolic links in sbin directories.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -548,16 +560,13 @@ interface(`corecmd_read_sbin_files',`
 ## </param>
 #
 interface(`corecmd_read_sbin_symlinks',`
-	gen_require(`
-		type sbin_t;
-	')
-
-	read_lnk_files_pattern($1,sbin_t,sbin_t)
+	corecmd_read_bin_symlinks($1)
+	refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_symlinks() instead.')
 ')
 
 ########################################
 ## <summary>
-##	Read named pipes in sbin directories.
+##	Read named pipes in sbin directories.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -566,16 +575,13 @@ interface(`corecmd_read_sbin_symlinks',`
 ## </param>
 #
 interface(`corecmd_read_sbin_pipes',`
-	gen_require(`
-		type sbin_t;
-	')
-
-	read_fifo_files_pattern($1,sbin_t,sbin_t)
+	corecmd_read_bin_pipes($1)
+	refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_pipes() instead.')
 ')
 
 ########################################
 ## <summary>
-##	Read named sockets in sbin directories.
+##	Read named sockets in sbin directories.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -584,17 +590,14 @@ interface(`corecmd_read_sbin_pipes',`
 ## </param>
 #
 interface(`corecmd_read_sbin_sockets',`
-	gen_require(`
-		type sbin_t;
-	')
-
-	read_sock_files_pattern($1,sbin_t,sbin_t)
+	corecmd_read_bin_sockets($1)
+	refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_sockets() instead.')
 ')
 
 ########################################
 ## <summary>
 ##	Execute generic programs in sbin directories,
-##	in the caller domain.
+##	in the caller domain.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -603,18 +606,13 @@ interface(`corecmd_read_sbin_sockets',`
 ## </param>
 #
 interface(`corecmd_exec_sbin',`
-	gen_require(`
-		type sbin_t;
-	')
-
-	list_dirs_pattern($1,sbin_t,sbin_t)
-	read_lnk_files_pattern($1,sbin_t,sbin_t)
-	can_exec($1,sbin_t)
+	corecmd_exec_bin($1)
+	refpolicywarn(`$0() has been deprecated, please use corecmd_exec_bin() instead.')
 ')
 
 ########################################
 ## <summary>
-##	Create, read, write, and delete sbin files.
+##	Create, read, write, and delete sbin files.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -624,16 +622,13 @@ interface(`corecmd_exec_sbin',`
 #
 # cjp: added for prelink
 interface(`corecmd_manage_sbin_files',`
-	gen_require(`
-		type sbin_t;
-	')
-
-	manage_files_pattern($1,sbin_t,sbin_t)
+	corecmd_manage_bin_files($1)
+	refpolicywarn(`$0() has been deprecated, please use corecmd_manage_bin_files() instead.')
 ')
 
 ########################################
 ## <summary>
-##	Relabel to and from the sbin type.
+##	Relabel to and from the sbin type.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -643,16 +638,13 @@ interface(`corecmd_manage_sbin_files',`
 #
 # cjp: added for prelink
 interface(`corecmd_relabel_sbin_files',`
-	gen_require(`
-		type sbin_t;
-	')
-
-	relabel_files_pattern($1,sbin_t,sbin_t)
+	corecmd_relabel_bin_files($1)
+	refpolicywarn(`$0() has been deprecated, please use corecmd_relabel_bin_files() instead.')
 ')
 
 ########################################
 ## <summary>
-##	Mmap a sbin file as executable.
+##	Mmap a sbin file as executable.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -662,18 +654,14 @@ interface(`corecmd_relabel_sbin_files',`
 #
 # cjp: added for prelink
 interface(`corecmd_mmap_sbin_files',`
-	gen_require(`
-		type sbin_t;
-	')
-
-	allow $1 sbin_t:dir search_dir_perms;
-	allow $1 sbin_t:file { getattr read execute };
+	corecmd_mmap_bin_files($1)
+	refpolicywarn(`$0() has been deprecated, please use corecmd_mmap_bin_files() instead.')
 ')
 
 ########################################
 ## <summary>
 ##	Execute a file in a sbin directory
-##	in the specified domain.
+##	in the specified domain.  (Deprecated)
 ## </summary>
 ## <desc>
 ##	<p>
@@ -681,7 +669,7 @@ interface(`corecmd_mmap_sbin_files',`
 ##	in the specified domain.  This allows
 ##	the specified domain to execute any file
 ##	on these filesystems in the specified
-##	domain.  This is not suggested.
+##	domain.  This is not suggested.  (Deprecated)
 ##	</p>
 ##	<p>
 ##	No interprocess communication (signals, pipes,
@@ -705,12 +693,8 @@ interface(`corecmd_mmap_sbin_files',`
 ## </param>
 #
 interface(`corecmd_sbin_domtrans',`
-	gen_require(`
-		type sbin_t;
-	')
-
-	read_lnk_files_pattern($1,sbin_t,sbin_t)
-	domain_auto_transition_pattern($1,sbin_t,$2)
+	corecmd_bin_domtrans($1,$2,$3)
+	refpolicywarn(`$0() has been deprecated, please use corecmd_bin_domtrans() instead.')
 ')
 
 ########################################
@@ -718,7 +702,7 @@ interface(`corecmd_sbin_domtrans',`
 ##	Execute a file in a sbin directory
 ##	in the specified domain but do not
 ##	do it automatically. This is an explicit
-##	transition, requiring the caller to use setexeccon().
+##	transition, requiring the caller to use setexeccon().  (Deprecated)
 ## </summary>
 ## <desc>
 ##	<p>
@@ -726,7 +710,7 @@ interface(`corecmd_sbin_domtrans',`
 ##	in the specified domain.  This allows
 ##	the specified domain to execute any file
 ##	on these filesystems in the specified
-##	domain.  This is not suggested.
+##	domain.  This is not suggested.  (Deprecated)
 ##	</p>
 ##	<p>
 ##	No interprocess communication (signals, pipes,
@@ -750,12 +734,8 @@ interface(`corecmd_sbin_domtrans',`
 ## </param>
 #
 interface(`corecmd_sbin_spec_domtrans',`
-	gen_require(`
-		type sbin_t;
-	')
-
-	read_lnk_files_pattern($1,sbin_t,sbin_t)
-	domain_transition_pattern($1,sbin_t,$2)
+	corecmd_bin_spec_domtrans($1,$2,$3)
+	refpolicywarn(`$0() has been deprecated, please use corecmd_bin_spec_domtrans() instead.')
 ')
 
 ########################################
@@ -800,7 +780,7 @@ interface(`corecmd_exec_shell',`
 
 ########################################
 ## <summary>
-##	Execute ls in the caller domain.
+##	Execute ls in the caller domain.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -809,13 +789,8 @@ interface(`corecmd_exec_shell',`
 ## </param>
 #
 interface(`corecmd_exec_ls',`
-	gen_require(`
-		type bin_t, ls_exec_t;
-	')
-
-	list_dirs_pattern($1,bin_t,bin_t)
-	read_lnk_files_pattern($1,bin_t,bin_t)
-	can_exec($1,ls_exec_t)
+	corecmd_exec_bin($1)
+	refpolicywarn(`$0() has been deprecated, please use corecmd_exec_bin() instead.')
 ')
 
 ########################################
@@ -925,11 +900,11 @@ interface(`corecmd_exec_chroot',`
 interface(`corecmd_getattr_all_executables',`
 	gen_require(`
 		attribute exec_type;
-		type bin_t, sbin_t;
+		type bin_t;
 	')
 
-	allow $1 { bin_t sbin_t }:dir list_dir_perms;
-	getattr_files_pattern($1,{ bin_t sbin_t },{ bin_t sbin_t })
+	allow $1 bin_t:dir list_dir_perms;
+	getattr_files_pattern($1,bin_t,exec_type)
 ')
 
 ########################################
@@ -946,12 +921,12 @@ interface(`corecmd_getattr_all_executables',`
 interface(`corecmd_exec_all_executables',`
 	gen_require(`
 		attribute exec_type;
-		type bin_t, sbin_t;
+		type bin_t;
 	')
 
 	can_exec($1,exec_type)
-	list_dirs_pattern($1,{ bin_t sbin_t },{ bin_t sbin_t })
-	read_lnk_files_pattern($1,{ bin_t sbin_t },{ bin_t sbin_t })
+	list_dirs_pattern($1,bin_t,bin_t)
+	read_lnk_files_pattern($1,bin_t,exec_type)
 ')
 
 ########################################
@@ -968,11 +943,11 @@ interface(`corecmd_exec_all_executables',`
 interface(`corecmd_manage_all_executables',`
 	gen_require(`
 		attribute exec_type;
-		type bin_t, sbin_t;
+		type bin_t;
 	')
 
-	manage_files_pattern($1,{ bin_t sbin_t },exec_type)
-	manage_lnk_files_pattern($1,{ bin_t sbin_t },{ bin_t sbin_t })
+	manage_files_pattern($1,bin_t,exec_type)
+	manage_lnk_files_pattern($1,bin_t,bin_t)
 ')
 
 ########################################
@@ -989,9 +964,10 @@ interface(`corecmd_manage_all_executables',`
 interface(`corecmd_relabel_all_executables',`
 	gen_require(`
 		attribute exec_type;
+		type bin_t;
 	')
 
-	allow $1 exec_type:file relabel_file_perms;
+	relabel_files_pattern($1,bin_t,exec_type)
 ')
 
 ########################################
@@ -1007,7 +983,8 @@ interface(`corecmd_relabel_all_executables',`
 interface(`corecmd_mmap_all_executables',`
 	gen_require(`
 		attribute exec_type;
+		type bin_t;
 	')
 
-	allow $1 exec_type:file { getattr read execute };
+	mmap_files_pattern($1,bin_t,exec_type)
 ')
diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te
index 2bf8ae00..288e15dc 100644
--- a/policy/modules/kernel/corecommands.te
+++ b/policy/modules/kernel/corecommands.te
@@ -1,5 +1,5 @@
 
-policy_module(corecommands,1.5.3)
+policy_module(corecommands,1.5.4)
 
 ########################################
 #
@@ -12,23 +12,11 @@ policy_module(corecommands,1.5.3)
 attribute exec_type;
 
 #
-# bin_t is the type of files in the system bin directories.
+# bin_t is the type of files in the system bin/sbin directories.
 #
-type bin_t;
+type bin_t alias { ls_exec_t sbin_t };
 corecmd_executable_file(bin_t)
 
-#
-# sbin_t is the type of files in the system sbin directories.
-#
-type sbin_t;
-corecmd_executable_file(sbin_t)
-
-#
-# ls_exec_t is the type of the ls program.
-#
-type ls_exec_t;
-corecmd_executable_file(ls_exec_t)
-
 #
 # shell_exec_t is the type of user shells such as /bin/bash.
 #
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index 81d2a2ab..1e6bbcf5 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -230,7 +230,7 @@ selinux_load_policy(kernel_t)
 term_use_console(kernel_t)
 
 corecmd_exec_shell(kernel_t)
-corecmd_list_sbin(kernel_t)
+corecmd_list_bin(kernel_t)
 # /proc/sys/kernel/modprobe is set to /bin/true if not using modules.
 corecmd_exec_bin(kernel_t)
 
diff --git a/policy/modules/services/aide.if b/policy/modules/services/aide.if
index 2e5f50d0..7f602c52 100644
--- a/policy/modules/services/aide.if
+++ b/policy/modules/services/aide.if
@@ -15,7 +15,7 @@ interface(`aide_domtrans',`
                 type aide_t, aide_exec_t;
         ')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
         domtrans_pattern($1,aide_exec_t,aide_t)
 ')
 
diff --git a/policy/modules/services/amavis.te b/policy/modules/services/amavis.te
index 219112e5..5013665f 100644
--- a/policy/modules/services/amavis.te
+++ b/policy/modules/services/amavis.te
@@ -97,7 +97,6 @@ kernel_dontaudit_read_system_state(amavis_t)
 
 # find perl
 corecmd_exec_bin(amavis_t)
-corecmd_search_sbin(amavis_t)
 
 corenet_non_ipsec_sendrecv(amavis_t)
 corenet_tcp_sendrecv_all_if(amavis_t)
diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if
index 5b389022..f20bbc87 100644
--- a/policy/modules/services/apache.if
+++ b/policy/modules/services/apache.if
@@ -392,7 +392,7 @@ interface(`apache_domtrans',`
 		type httpd_t, httpd_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,httpd_exec_t,httpd_t)
 ')
 
@@ -593,7 +593,7 @@ interface(`apache_domtrans_helper',`
 		type httpd_helper_t, httpd_helper_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,httpd_helper_exec_t,httpd_helper_t)
 ')
 
diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
index abfc256f..c11832c5 100644
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -238,7 +238,6 @@ auth_use_nsswitch(httpd_t)
 
 # execute perl
 corecmd_exec_bin(httpd_t)
-corecmd_exec_sbin(httpd_t)
 corecmd_exec_shell(httpd_t)
 
 domain_use_interactive_fds(httpd_t)
diff --git a/policy/modules/services/arpwatch.te b/policy/modules/services/arpwatch.te
index 892edc9a..cfba06b7 100644
--- a/policy/modules/services/arpwatch.te
+++ b/policy/modules/services/arpwatch.te
@@ -63,7 +63,7 @@ dev_read_sysfs(arpwatch_t)
 fs_getattr_all_fs(arpwatch_t)
 fs_search_auto_mountpoints(arpwatch_t)
 
-corecmd_read_sbin_symlinks(arpwatch_t)
+corecmd_read_bin_symlinks(arpwatch_t)
 
 domain_use_interactive_fds(arpwatch_t)
 
diff --git a/policy/modules/services/asterisk.te b/policy/modules/services/asterisk.te
index 04200a53..b2098dd6 100644
--- a/policy/modules/services/asterisk.te
+++ b/policy/modules/services/asterisk.te
@@ -80,7 +80,7 @@ kernel_read_system_state(asterisk_t)
 kernel_read_kernel_sysctls(asterisk_t)
 
 corecmd_exec_bin(asterisk_t)
-corecmd_search_sbin(asterisk_t)
+corecmd_search_bin(asterisk_t)
 
 corenet_non_ipsec_sendrecv(asterisk_t)
 corenet_tcp_sendrecv_generic_if(asterisk_t)
diff --git a/policy/modules/services/automount.if b/policy/modules/services/automount.if
index ac6cf1b8..6306fbda 100644
--- a/policy/modules/services/automount.if
+++ b/policy/modules/services/automount.if
@@ -15,7 +15,7 @@ interface(`automount_domtrans',`
 		type automount_t, automount_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1, automount_exec_t, automount_t)
 ')
 
@@ -34,7 +34,7 @@ interface(`automount_exec_config',`
 		type automount_etc_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	can_exec($1,automount_etc_t)
 ')
 
diff --git a/policy/modules/services/automount.te b/policy/modules/services/automount.te
index dc1b5d3b..4e11797e 100644
--- a/policy/modules/services/automount.te
+++ b/policy/modules/services/automount.te
@@ -73,7 +73,6 @@ files_unmount_all_file_type_fs(automount_t)
 fs_mount_all_fs(automount_t)
 fs_unmount_all_fs(automount_t)
 
-corecmd_exec_sbin(automount_t)
 corecmd_exec_bin(automount_t)
 corecmd_exec_shell(automount_t)
 
diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te
index d710098f..cec18b07 100644
--- a/policy/modules/services/bind.te
+++ b/policy/modules/services/bind.te
@@ -117,7 +117,7 @@ dev_read_rand(named_t)
 fs_getattr_all_fs(named_t)
 fs_search_auto_mountpoints(named_t)
 
-corecmd_search_sbin(named_t)
+corecmd_search_bin(named_t)
 
 dev_read_urand(named_t)
 
diff --git a/policy/modules/services/ccs.te b/policy/modules/services/ccs.te
index 0bc9fb46..4d1557c3 100644
--- a/policy/modules/services/ccs.te
+++ b/policy/modules/services/ccs.te
@@ -64,7 +64,7 @@ files_pid_filetrans(ccs_t,ccs_var_run_t, { dir file sock_file })
 
 kernel_read_kernel_sysctls(ccs_t)
 
-corecmd_list_sbin(ccs_t)
+corecmd_list_bin(ccs_t)
 corecmd_exec_bin(ccs_t)
 
 corenet_non_ipsec_sendrecv(ccs_t)
@@ -97,7 +97,7 @@ miscfiles_read_localization(ccs_t)
 sysnet_dns_name_resolve(ccs_t)
 
 ifdef(`hide_broken_symptoms', `
-	corecmd_dontaudit_write_sbin_dirs(ccs_t)
+	corecmd_dontaudit_write_bin_dirs(ccs_t)
 	files_manage_isid_type_files(ccs_t)
 ')
 
diff --git a/policy/modules/services/cipe.te b/policy/modules/services/cipe.te
index 3212495f..c1c1bc3d 100644
--- a/policy/modules/services/cipe.te
+++ b/policy/modules/services/cipe.te
@@ -28,7 +28,6 @@ kernel_read_system_state(ciped_t)
 
 corecmd_exec_shell(ciped_t)
 corecmd_exec_bin(ciped_t)
-corecmd_exec_sbin(ciped_t)
 
 corenet_non_ipsec_sendrecv(ciped_t)
 corenet_udp_sendrecv_generic_if(ciped_t)
diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te
index 6a8d8dc4..2ff586c6 100644
--- a/policy/modules/services/courier.te
+++ b/policy/modules/services/courier.te
@@ -50,7 +50,7 @@ allow courier_authdaemon_t courier_tcpd_t:fd use;
 allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_perms;
 allow courier_authdaemon_t courier_tcpd_t:fifo_file rw_file_perms;
 
-corecmd_search_sbin(courier_authdaemon_t)
+corecmd_search_bin(courier_authdaemon_t)
 
 # for SSP
 dev_read_urand(courier_authdaemon_t)
@@ -116,7 +116,7 @@ manage_files_pattern(courier_tcpd_t,courier_var_lib_t,courier_var_lib_t)
 manage_lnk_files_pattern(courier_tcpd_t,courier_var_lib_t,courier_var_lib_t)
 files_search_var_lib(courier_tcpd_t)
 
-corecmd_search_sbin(courier_tcpd_t)
+corecmd_search_bin(courier_tcpd_t)
 
 corenet_tcp_bind_all_nodes(courier_tcpd_t)
 corenet_tcp_bind_pop_port(courier_tcpd_t)
diff --git a/policy/modules/services/cron.if b/policy/modules/services/cron.if
index 1c56bb11..b7fab368 100644
--- a/policy/modules/services/cron.if
+++ b/policy/modules/services/cron.if
@@ -214,7 +214,6 @@ template(`cron_per_role_template',`
 
 	# Run helper programs as the user domain
 	corecmd_bin_domtrans($1_crontab_t,$2)
-	corecmd_sbin_domtrans($1_crontab_t,$2)
 	corecmd_shell_domtrans($1_crontab_t,$2)
 
 	domain_use_interactive_fds($1_crontab_t)
diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te
index 38e8983d..bb08029d 100644
--- a/policy/modules/services/cron.te
+++ b/policy/modules/services/cron.te
@@ -117,8 +117,8 @@ fs_search_auto_mountpoints(crond_t)
 auth_domtrans_chk_passwd(crond_t)
 
 corecmd_exec_shell(crond_t)
-corecmd_list_sbin(crond_t)
-corecmd_read_sbin_symlinks(crond_t)
+corecmd_list_bin(crond_t)
+corecmd_read_bin_symlinks(crond_t)
 
 domain_use_interactive_fds(crond_t)
 
diff --git a/policy/modules/services/cups.te b/policy/modules/services/cups.te
index 0e1bb405..e4dd9c39 100644
--- a/policy/modules/services/cups.te
+++ b/policy/modules/services/cups.te
@@ -182,7 +182,6 @@ auth_dontaudit_read_pam_pid(cupsd_t)
 # Filter scripts may be shell scripts, and may invoke progs like /bin/mktemp
 corecmd_exec_shell(cupsd_t)
 corecmd_exec_bin(cupsd_t)
-corecmd_exec_sbin(cupsd_t)
 
 domain_use_interactive_fds(cupsd_t)
 
@@ -357,7 +356,6 @@ fs_getattr_all_fs(cupsd_config_t)
 fs_search_auto_mountpoints(cupsd_config_t)
 
 corecmd_exec_bin(cupsd_config_t)
-corecmd_exec_sbin(cupsd_config_t)
 corecmd_exec_shell(cupsd_config_t)
 
 domain_use_interactive_fds(cupsd_config_t)
@@ -596,7 +594,6 @@ fs_search_auto_mountpoints(hplip_t)
 
 # for python
 corecmd_exec_bin(hplip_t)
-corecmd_search_sbin(hplip_t)
 
 domain_use_interactive_fds(hplip_t)
 
diff --git a/policy/modules/services/cvs.te b/policy/modules/services/cvs.te
index c45ec7f2..35ddd025 100644
--- a/policy/modules/services/cvs.te
+++ b/policy/modules/services/cvs.te
@@ -62,7 +62,6 @@ fs_getattr_xattr_fs(cvs_t)
 auth_domtrans_chk_passwd(cvs_t)
 
 corecmd_exec_bin(cvs_t)
-corecmd_exec_sbin(cvs_t)
 corecmd_exec_shell(cvs_t)
 
 files_read_etc_files(cvs_t)
diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
index 02a89a7a..caae9213 100644
--- a/policy/modules/services/dbus.if
+++ b/policy/modules/services/dbus.if
@@ -108,11 +108,6 @@ template(`dbus_per_role_template',`
 	corecmd_read_bin_files($1_dbusd_t)
 	corecmd_read_bin_pipes($1_dbusd_t)
 	corecmd_read_bin_sockets($1_dbusd_t)
-	corecmd_list_sbin($1_dbusd_t)
-	corecmd_read_sbin_symlinks($1_dbusd_t)
-	corecmd_read_sbin_files($1_dbusd_t)
-	corecmd_read_sbin_pipes($1_dbusd_t)
-	corecmd_read_sbin_sockets($1_dbusd_t)
 
 	corenet_non_ipsec_sendrecv($1_dbusd_t)
 	corenet_tcp_sendrecv_all_if($1_dbusd_t)
diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te
index 27d83f1e..f7785636 100644
--- a/policy/modules/services/dbus.te
+++ b/policy/modules/services/dbus.te
@@ -76,16 +76,9 @@ auth_use_nsswitch(system_dbusd_t)
 auth_read_pam_console_data(system_dbusd_t)
 
 corecmd_list_bin(system_dbusd_t)
-corecmd_read_bin_symlinks(system_dbusd_t)
-corecmd_read_bin_files(system_dbusd_t)
 corecmd_read_bin_pipes(system_dbusd_t)
 corecmd_read_bin_sockets(system_dbusd_t)
-corecmd_list_sbin(system_dbusd_t)
-corecmd_read_sbin_symlinks(system_dbusd_t)
-corecmd_read_sbin_files(system_dbusd_t)
-corecmd_read_sbin_pipes(system_dbusd_t)
-corecmd_read_sbin_sockets(system_dbusd_t)
-corecmd_exec_sbin(system_dbusd_t)
+corecmd_exec_bin(system_dbusd_t)
 
 domain_use_interactive_fds(system_dbusd_t)
 
diff --git a/policy/modules/services/dcc.if b/policy/modules/services/dcc.if
index 867ee4cc..17179213 100644
--- a/policy/modules/services/dcc.if
+++ b/policy/modules/services/dcc.if
@@ -15,7 +15,7 @@ interface(`dcc_domtrans_cdcc',`
 		type cdcc_t, cdcc_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,cdcc_exec_t,cdcc_t)
 ')
 
@@ -66,7 +66,7 @@ interface(`dcc_domtrans_client',`
 		type dcc_client_t, dcc_client_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,dcc_client_exec_t,dcc_client_t)
 ')
 
@@ -117,7 +117,7 @@ interface(`dcc_domtrans_dbclean',`
 		type dcc_dbclean_t, dcc_dbclean_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,dcc_dbclean_exec_t,dcc_dbclean_t)
 ')
 
diff --git a/policy/modules/services/ddclient.if b/policy/modules/services/ddclient.if
index 1afdd216..06d54c7e 100644
--- a/policy/modules/services/ddclient.if
+++ b/policy/modules/services/ddclient.if
@@ -15,6 +15,6 @@ interface(`ddclient_domtrans',`
 		type ddclient_t, ddclient_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1, ddclient_exec_t, ddclient_t)
 ')
diff --git a/policy/modules/services/dhcp.te b/policy/modules/services/dhcp.te
index 62a68929..81fdde9e 100644
--- a/policy/modules/services/dhcp.te
+++ b/policy/modules/services/dhcp.te
@@ -79,7 +79,6 @@ fs_getattr_all_fs(dhcpd_t)
 fs_search_auto_mountpoints(dhcpd_t)
 
 corecmd_exec_bin(dhcpd_t)
-corecmd_exec_sbin(dhcpd_t)
 
 domain_use_interactive_fds(dhcpd_t)
 
diff --git a/policy/modules/services/distcc.te b/policy/modules/services/distcc.te
index e3e25e82..9723b93d 100644
--- a/policy/modules/services/distcc.te
+++ b/policy/modules/services/distcc.te
@@ -61,7 +61,7 @@ fs_getattr_all_fs(distccd_t)
 fs_search_auto_mountpoints(distccd_t)
 
 corecmd_exec_bin(distccd_t)
-corecmd_read_sbin_symlinks(distccd_t)
+corecmd_read_bin_symlinks(distccd_t)
 
 domain_use_interactive_fds(distccd_t)
 
diff --git a/policy/modules/services/fail2ban.te b/policy/modules/services/fail2ban.te
index 1a455372..360a251c 100644
--- a/policy/modules/services/fail2ban.te
+++ b/policy/modules/services/fail2ban.te
@@ -38,7 +38,6 @@ files_pid_filetrans(fail2ban_t,fail2ban_var_run_t, file)
 
 kernel_read_system_state(fail2ban_t)
 
-corecmd_search_sbin(fail2ban_t)
 corecmd_exec_bin(fail2ban_t)
 corecmd_exec_shell(fail2ban_t)
 
diff --git a/policy/modules/services/finger.te b/policy/modules/services/finger.te
index f7b44ec2..f5480a68 100644
--- a/policy/modules/services/finger.te
+++ b/policy/modules/services/finger.te
@@ -68,7 +68,6 @@ term_getattr_all_user_ptys(fingerd_t)
 auth_read_lastlog(fingerd_t)
 
 corecmd_exec_bin(fingerd_t)
-corecmd_exec_sbin(fingerd_t)
 corecmd_exec_shell(fingerd_t)
 
 domain_use_interactive_fds(fingerd_t)
diff --git a/policy/modules/services/ftp.if b/policy/modules/services/ftp.if
index 954a7466..31585d1b 100644
--- a/policy/modules/services/ftp.if
+++ b/policy/modules/services/ftp.if
@@ -85,7 +85,7 @@ interface(`ftp_check_exec',`
 		type ftpd_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	allow $1 ftpd_exec_t:file x_file_perms;
 ')
 
diff --git a/policy/modules/services/ftp.te b/policy/modules/services/ftp.te
index f4e0a1b5..3138f0c8 100644
--- a/policy/modules/services/ftp.te
+++ b/policy/modules/services/ftp.te
@@ -86,10 +86,6 @@ dev_read_sysfs(ftpd_t)
 dev_read_urand(ftpd_t)
 
 corecmd_exec_bin(ftpd_t)
-corecmd_exec_sbin(ftpd_t)
-# Execute /bin/ls (can comment this out for proftpd)
-# also may need rules to allow tar etc...
-corecmd_exec_ls(ftpd_t)
 
 corenet_non_ipsec_sendrecv(ftpd_t)
 corenet_tcp_sendrecv_all_if(ftpd_t)
diff --git a/policy/modules/services/gatekeeper.te b/policy/modules/services/gatekeeper.te
index 3cb65907..1ee2fd55 100644
--- a/policy/modules/services/gatekeeper.te
+++ b/policy/modules/services/gatekeeper.te
@@ -51,7 +51,7 @@ files_pid_filetrans(gatekeeper_t,gatekeeper_var_run_t,file)
 kernel_read_system_state(gatekeeper_t)
 kernel_read_kernel_sysctls(gatekeeper_t)
 
-corecmd_list_sbin(gatekeeper_t)
+corecmd_list_bin(gatekeeper_t)
 
 corenet_non_ipsec_sendrecv(gatekeeper_t)
 corenet_tcp_sendrecv_generic_if(gatekeeper_t)
diff --git a/policy/modules/services/i18n_input.te b/policy/modules/services/i18n_input.te
index 1eadc3f0..84f45a85 100644
--- a/policy/modules/services/i18n_input.te
+++ b/policy/modules/services/i18n_input.te
@@ -55,7 +55,6 @@ dev_read_sysfs(i18n_input_t)
 fs_getattr_all_fs(i18n_input_t)
 fs_search_auto_mountpoints(i18n_input_t)
 
-corecmd_search_sbin(i18n_input_t)
 corecmd_search_bin(i18n_input_t)
 corecmd_exec_bin(i18n_input_t)
 
diff --git a/policy/modules/services/inetd.if b/policy/modules/services/inetd.if
index b5e88d59..1353392d 100644
--- a/policy/modules/services/inetd.if
+++ b/policy/modules/services/inetd.if
@@ -164,7 +164,7 @@ interface(`inetd_domtrans_child',`
 		type inetd_child_t, inetd_child_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,inetd_child_exec_t,inetd_child_t)
 ')
 
diff --git a/policy/modules/services/inetd.te b/policy/modules/services/inetd.te
index d3846aff..c746cd44 100644
--- a/policy/modules/services/inetd.te
+++ b/policy/modules/services/inetd.te
@@ -118,7 +118,7 @@ selinux_compute_create_context(inetd_t)
 
 # Run other daemons in the inetd_child_t domain.
 corecmd_search_bin(inetd_t)
-corecmd_read_sbin_symlinks(inetd_t)
+corecmd_read_bin_symlinks(inetd_t)
 
 domain_use_interactive_fds(inetd_t)
 
diff --git a/policy/modules/services/inn.te b/policy/modules/services/inn.te
index 698a75f5..a89e9783 100644
--- a/policy/modules/services/inn.te
+++ b/policy/modules/services/inn.te
@@ -84,8 +84,6 @@ fs_search_auto_mountpoints(innd_t)
 
 corecmd_exec_bin(innd_t)
 corecmd_exec_shell(innd_t)
-corecmd_search_sbin(innd_t)
-corecmd_read_sbin_symlinks(innd_t)
 
 domain_use_interactive_fds(innd_t)
 
diff --git a/policy/modules/services/ircd.te b/policy/modules/services/ircd.te
index 32789b6b..761d77a3 100644
--- a/policy/modules/services/ircd.te
+++ b/policy/modules/services/ircd.te
@@ -48,7 +48,7 @@ files_pid_filetrans(ircd_t,ircd_var_run_t,file)
 kernel_read_system_state(ircd_t)
 kernel_read_kernel_sysctls(ircd_t)
 
-corecmd_search_sbin(ircd_t)
+corecmd_search_bin(ircd_t)
 
 corenet_non_ipsec_sendrecv(ircd_t)
 corenet_tcp_sendrecv_generic_if(ircd_t)
diff --git a/policy/modules/services/kerberos.te b/policy/modules/services/kerberos.te
index faa3779d..a384b13c 100644
--- a/policy/modules/services/kerberos.te
+++ b/policy/modules/services/kerberos.te
@@ -183,7 +183,6 @@ kernel_read_proc_symlinks(krb5kdc_t)
 kernel_read_network_state(krb5kdc_t)
 kernel_search_network_sysctl(krb5kdc_t)
 
-corecmd_exec_sbin(krb5kdc_t)
 corecmd_exec_bin(krb5kdc_t)
 
 corenet_non_ipsec_sendrecv(krb5kdc_t)
diff --git a/policy/modules/services/lpd.te b/policy/modules/services/lpd.te
index 8f329e0a..5d74d247 100644
--- a/policy/modules/services/lpd.te
+++ b/policy/modules/services/lpd.te
@@ -80,7 +80,6 @@ dev_append_printer(checkpc_t)
 # This is less desirable, but checkpc demands /bin/bash and /bin/chown:
 corecmd_exec_shell(checkpc_t)
 corecmd_exec_bin(checkpc_t)
-corecmd_search_sbin(checkpc_t)
 
 domain_use_interactive_fds(checkpc_t)
 
@@ -170,7 +169,6 @@ fs_search_auto_mountpoints(lpd_t)
 
 # Filter scripts may be shell scripts, and may invoke progs like /bin/mktemp
 corecmd_exec_bin(lpd_t)
-corecmd_exec_sbin(lpd_t)
 corecmd_exec_shell(lpd_t)
 
 domain_use_interactive_fds(lpd_t)
diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if
index 768578bb..c527eeed 100644
--- a/policy/modules/services/mta.if
+++ b/policy/modules/services/mta.if
@@ -81,7 +81,6 @@ template(`mta_base_mail_template',`
 	corenet_sendrecv_smtp_client_packets($1_mail_t)
 
 	corecmd_exec_bin($1_mail_t)
-	corecmd_search_sbin($1_mail_t)
 
 	files_read_etc_files($1_mail_t)
 	files_search_spool($1_mail_t)
@@ -497,7 +496,7 @@ interface(`mta_sendmail_domtrans',`
 	')
 
 	files_search_usr($1)
-	corecmd_read_sbin_symlinks($1)
+	corecmd_read_bin_symlinks($1)
 	domain_auto_trans($1,sendmail_exec_t,$2)
 ')
 
diff --git a/policy/modules/services/nagios.te b/policy/modules/services/nagios.te
index d3aa61b3..7946bb92 100644
--- a/policy/modules/services/nagios.te
+++ b/policy/modules/services/nagios.te
@@ -195,7 +195,6 @@ kernel_read_kernel_sysctls(nrpe_t)
 
 corecmd_exec_bin(nrpe_t)
 corecmd_exec_shell(nrpe_t)
-corecmd_exec_ls(nrpe_t)
 
 dev_read_sysfs(nrpe_t)
 dev_read_urand(nrpe_t)
diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te
index eb616231..f85badef 100644
--- a/policy/modules/services/networkmanager.te
+++ b/policy/modules/services/networkmanager.te
@@ -71,8 +71,6 @@ selinux_dontaudit_search_fs(NetworkManager_t)
 
 corecmd_exec_shell(NetworkManager_t)
 corecmd_exec_bin(NetworkManager_t)
-corecmd_exec_sbin(NetworkManager_t)
-corecmd_exec_ls(NetworkManager_t)
 
 domain_use_interactive_fds(NetworkManager_t)
 domain_read_confined_domains_state(NetworkManager_t)
diff --git a/policy/modules/services/nis.if b/policy/modules/services/nis.if
index 16343076..0c8612f6 100644
--- a/policy/modules/services/nis.if
+++ b/policy/modules/services/nis.if
@@ -241,6 +241,5 @@ interface(`nis_domtrans_ypxfr',`
 	')
 
 	corecmd_search_bin($1)
-	corecmd_search_sbin($1)
 	domtrans_pattern($1,ypxfr_exec_t,ypxfr_t)
 ')
diff --git a/policy/modules/services/nis.te b/policy/modules/services/nis.te
index 5c03ae25..d3d5186f 100644
--- a/policy/modules/services/nis.te
+++ b/policy/modules/services/nis.te
@@ -180,7 +180,6 @@ auth_etc_filetrans_shadow(yppasswdd_t)
 
 corecmd_exec_bin(yppasswdd_t)
 corecmd_exec_shell(yppasswdd_t)
-corecmd_search_sbin(yppasswdd_t)
 
 domain_use_interactive_fds(yppasswdd_t)
 
diff --git a/policy/modules/services/nscd.if b/policy/modules/services/nscd.if
index 80d8f6db..7412c975 100644
--- a/policy/modules/services/nscd.if
+++ b/policy/modules/services/nscd.if
@@ -33,7 +33,7 @@ interface(`nscd_domtrans',`
 		type nscd_t, nscd_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,nscd_exec_t,nscd_t)
 ')
 
diff --git a/policy/modules/services/nsd.te b/policy/modules/services/nsd.te
index f6337199..0151d27a 100644
--- a/policy/modules/services/nsd.te
+++ b/policy/modules/services/nsd.te
@@ -146,7 +146,6 @@ can_exec(nsd_crond_t,nsd_exec_t)
 kernel_read_system_state(nsd_crond_t)
 
 corecmd_exec_bin(nsd_crond_t)
-corecmd_exec_sbin(nsd_crond_t)
 corecmd_exec_shell(nsd_crond_t)
 
 corenet_non_ipsec_sendrecv(nsd_crond_t)
diff --git a/policy/modules/services/ntp.if b/policy/modules/services/ntp.if
index 87521845..ab5a15f1 100644
--- a/policy/modules/services/ntp.if
+++ b/policy/modules/services/ntp.if
@@ -31,7 +31,7 @@ interface(`ntp_domtrans',`
 		type ntpd_t, ntpd_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,ntpd_exec_t,ntpd_t)
 ')
 
@@ -50,6 +50,6 @@ interface(`ntp_domtrans_ntpdate',`
 		type ntpd_t, ntpdate_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,ntpdate_exec_t,ntpd_t)
 ')
diff --git a/policy/modules/services/ntp.te b/policy/modules/services/ntp.te
index f10d4849..9cdb6b92 100644
--- a/policy/modules/services/ntp.te
+++ b/policy/modules/services/ntp.te
@@ -85,8 +85,6 @@ fs_search_auto_mountpoints(ntpd_t)
 auth_use_nsswitch(ntpd_t)
 
 corecmd_exec_bin(ntpd_t)
-corecmd_exec_sbin(ntpd_t)
-corecmd_exec_ls(ntpd_t)
 corecmd_exec_shell(ntpd_t)
 
 domain_use_interactive_fds(ntpd_t)
diff --git a/policy/modules/services/oav.if b/policy/modules/services/oav.if
index 5e083058..cf56dfba 100644
--- a/policy/modules/services/oav.if
+++ b/policy/modules/services/oav.if
@@ -15,7 +15,7 @@ interface(`oav_domtrans_update',`
 		type oav_update_t, oav_update_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,oav_update_exec_t,oav_update_t)
 ')
 
diff --git a/policy/modules/services/oddjob.te b/policy/modules/services/oddjob.te
index ccb84237..7e8a9d4f 100644
--- a/policy/modules/services/oddjob.te
+++ b/policy/modules/services/oddjob.te
@@ -38,7 +38,6 @@ files_pid_filetrans(oddjob_t,oddjob_var_run_t, { file sock_file })
 
 kernel_read_system_state(oddjob_t)
 
-corecmd_exec_sbin(oddjob_t)
 corecmd_exec_bin(oddjob_t)
 corecmd_exec_shell(oddjob_t)
 
diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te
index 8bd4fca8..27ad69e1 100644
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@@ -51,7 +51,6 @@ kernel_read_network_state(openvpn_t)
 kernel_read_system_state(openvpn_t)
 
 corecmd_exec_bin(openvpn_t)
-corecmd_exec_sbin(openvpn_t)
 corecmd_exec_shell(openvpn_t)
 
 corenet_non_ipsec_sendrecv(openvpn_t)
diff --git a/policy/modules/services/pegasus.te b/policy/modules/services/pegasus.te
index 54a35ee4..341ba021 100644
--- a/policy/modules/services/pegasus.te
+++ b/policy/modules/services/pegasus.te
@@ -84,7 +84,6 @@ corenet_sendrecv_pegasus_http_server_packets(pegasus_t)
 corenet_sendrecv_pegasus_https_client_packets(pegasus_t)
 corenet_sendrecv_pegasus_https_server_packets(pegasus_t)
 
-corecmd_exec_sbin(pegasus_t)
 corecmd_exec_bin(pegasus_t)
 corecmd_exec_shell(pegasus_t)
 
diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if
index fe1defd1..a40154a4 100644
--- a/policy/modules/services/postfix.if
+++ b/policy/modules/services/postfix.if
@@ -69,10 +69,6 @@ template(`postfix_domain_template',`
 
 	term_dontaudit_use_console(postfix_$1_t)
 
-	corecmd_list_bin(postfix_$1_t)
-	corecmd_list_sbin(postfix_$1_t)
-	corecmd_read_bin_symlinks(postfix_$1_t)
-	corecmd_read_sbin_symlinks(postfix_$1_t)
 	corecmd_exec_shell(postfix_$1_t)
 
 	files_read_etc_files(postfix_$1_t)
diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te
index 694a8cc5..b8caa7a4 100644
--- a/policy/modules/services/postfix.te
+++ b/policy/modules/services/postfix.te
@@ -151,8 +151,6 @@ corenet_sendrecv_all_client_packets(postfix_master_t)
 # for a find command
 selinux_dontaudit_search_fs(postfix_master_t)
 
-corecmd_exec_ls(postfix_master_t)
-corecmd_exec_sbin(postfix_master_t)
 corecmd_exec_shell(postfix_master_t)
 corecmd_exec_bin(postfix_master_t)
 
@@ -326,11 +324,6 @@ corecmd_read_bin_symlinks(postfix_map_t)
 corecmd_read_bin_files(postfix_map_t)
 corecmd_read_bin_pipes(postfix_map_t)
 corecmd_read_bin_sockets(postfix_map_t)
-corecmd_list_sbin(postfix_map_t)
-corecmd_read_sbin_symlinks(postfix_map_t)
-corecmd_read_sbin_files(postfix_map_t)
-corecmd_read_sbin_pipes(postfix_map_t)
-corecmd_read_sbin_sockets(postfix_map_t)
 
 files_list_home(postfix_map_t)
 files_read_usr_files(postfix_map_t)
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
index 9e993507..64366be7 100644
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@@ -104,8 +104,6 @@ fs_search_auto_mountpoints(postgresql_t)
 term_use_controlling_term(postgresql_t)
 
 corecmd_exec_bin(postgresql_t)
-corecmd_exec_ls(postgresql_t)
-corecmd_exec_sbin(postgresql_t)
 corecmd_exec_shell(postgresql_t)
 
 domain_dontaudit_list_all_domains_state(postgresql_t)
diff --git a/policy/modules/services/postgrey.te b/policy/modules/services/postgrey.te
index e3f35dcc..a7a3f470 100644
--- a/policy/modules/services/postgrey.te
+++ b/policy/modules/services/postgrey.te
@@ -45,7 +45,6 @@ kernel_read_kernel_sysctls(postgrey_t)
 
 # for perl
 corecmd_search_bin(postgrey_t)
-corecmd_search_sbin(postgrey_t)
 
 corenet_non_ipsec_sendrecv(postgrey_t)
 corenet_tcp_sendrecv_generic_if(postgrey_t)
diff --git a/policy/modules/services/ppp.if b/policy/modules/services/ppp.if
index 036f91e8..9a2883cc 100644
--- a/policy/modules/services/ppp.if
+++ b/policy/modules/services/ppp.if
@@ -89,7 +89,7 @@ interface(`ppp_domtrans',`
 		type pppd_t, pppd_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1, pppd_exec_t, pppd_t)
 ')
 
@@ -153,7 +153,7 @@ interface(`ppp_exec',`
 		type pppd_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	can_exec($1, pppd_exec_t)
 ')
 
diff --git a/policy/modules/services/ppp.te b/policy/modules/services/ppp.te
index e59eaa8f..7b7d00a3 100644
--- a/policy/modules/services/ppp.te
+++ b/policy/modules/services/ppp.te
@@ -133,7 +133,6 @@ term_create_pty(pppd_t,pppd_devpts_t)
 
 # allow running ip-up and ip-down scripts and running chat.
 corecmd_exec_bin(pppd_t)
-corecmd_exec_sbin(pppd_t)
 corecmd_exec_shell(pppd_t)
 
 domain_use_interactive_fds(pppd_t)
diff --git a/policy/modules/services/procmail.te b/policy/modules/services/procmail.te
index 77d54373..ccd8fac9 100644
--- a/policy/modules/services/procmail.te
+++ b/policy/modules/services/procmail.te
@@ -55,8 +55,6 @@ auth_use_nsswitch(procmail_t)
 
 corecmd_exec_bin(procmail_t)
 corecmd_exec_shell(procmail_t)
-corecmd_dontaudit_search_sbin(procmail_t)
-corecmd_exec_ls(procmail_t)
 
 files_read_etc_files(procmail_t)
 files_read_etc_runtime_files(procmail_t)
diff --git a/policy/modules/services/qmail.if b/policy/modules/services/qmail.if
index 6cb2442b..4c90a544 100644
--- a/policy/modules/services/qmail.if
+++ b/policy/modules/services/qmail.if
@@ -113,7 +113,7 @@ interface(`qmail_domtrans_inject',`
 
 	ifdef(`distro_debian',`
 		files_search_usr($1)
-		corecmd_search_sbin($1)
+		corecmd_search_bin($1)
 	',`
 		files_search_var($1)
 		corecmd_search_bin($1)
@@ -140,7 +140,7 @@ interface(`qmail_domtrans_queue',`
 
 	ifdef(`distro_debian',`
 		files_search_usr($1)
-		corecmd_search_sbin($1)
+		corecmd_search_bin($1)
 	',`
 		files_search_var($1)
 		corecmd_search_bin($1)
diff --git a/policy/modules/services/qmail.te b/policy/modules/services/qmail.te
index 96ee18af..67bfb6bd 100644
--- a/policy/modules/services/qmail.te
+++ b/policy/modules/services/qmail.te
@@ -80,7 +80,6 @@ allow qmail_inject_t self:process signal_perms;
 allow qmail_inject_t qmail_queue_exec_t:file read;
 
 corecmd_search_bin(qmail_inject_t)
-corecmd_search_sbin(qmail_inject_t)
 
 files_search_var(qmail_inject_t)
 
@@ -109,7 +108,6 @@ allow qmail_local_t qmail_spool_t:file read_file_perms;
 kernel_read_system_state(qmail_local_t)
 
 corecmd_exec_shell(qmail_local_t)
-corecmd_search_sbin(qmail_local_t)
 
 files_read_etc_files(qmail_local_t)
 files_read_etc_runtime_files(qmail_local_t)
@@ -135,7 +133,7 @@ allow qmail_lspawn_t qmail_local_exec_t:file read;
 
 read_files_pattern(qmail_lspawn_t,qmail_spool_t,qmail_spool_t)
 
-corecmd_search_sbin(qmail_lspawn_t)
+corecmd_search_bin(qmail_lspawn_t)
 
 files_read_etc_files(qmail_lspawn_t)
 files_search_pids(qmail_lspawn_t)
@@ -202,7 +200,6 @@ allow qmail_rspawn_t qmail_remote_exec_t:file read;
 rw_files_pattern(qmail_rspawn_t,qmail_spool_t,qmail_spool_t)
 
 corecmd_search_bin(qmail_rspawn_t)
-corecmd_search_sbin(qmail_rspawn_t)
 
 ########################################
 #
@@ -276,7 +273,6 @@ allow qmail_start_t self:process signal_perms;
 can_exec(qmail_start_t, qmail_start_exec_t)
 
 corecmd_search_bin(qmail_start_t)
-corecmd_search_sbin(qmail_start_t)
 
 files_search_var(qmail_start_t)
 
@@ -298,7 +294,7 @@ optional_policy(`
 
 allow qmail_tcp_env_t qmail_smtpd_exec_t:file read;
 
-corecmd_search_sbin(qmail_tcp_env_t)
+corecmd_search_bin(qmail_tcp_env_t)
 
 sysnet_read_config(qmail_tcp_env_t)
 
diff --git a/policy/modules/services/radius.te b/policy/modules/services/radius.te
index 80c95df2..f537a453 100644
--- a/policy/modules/services/radius.te
+++ b/policy/modules/services/radius.te
@@ -84,7 +84,6 @@ auth_domtrans_chk_passwd(radiusd_t)
 
 corecmd_exec_bin(radiusd_t)
 corecmd_exec_shell(radiusd_t)
-corecmd_search_sbin(radiusd_t)
 
 domain_use_interactive_fds(radiusd_t)
 
diff --git a/policy/modules/services/remotelogin.te b/policy/modules/services/remotelogin.te
index b5c10ba9..bd2d6952 100644
--- a/policy/modules/services/remotelogin.te
+++ b/policy/modules/services/remotelogin.te
@@ -57,16 +57,11 @@ auth_manage_pam_console_data(remote_login_t)
 auth_domtrans_pam_console(remote_login_t)
 
 corecmd_list_bin(remote_login_t)
-corecmd_list_sbin(remote_login_t)
 corecmd_read_bin_symlinks(remote_login_t)
-corecmd_read_sbin_symlinks(remote_login_t)
 # cjp: these are probably not needed:
 corecmd_read_bin_files(remote_login_t)
 corecmd_read_bin_pipes(remote_login_t)
 corecmd_read_bin_sockets(remote_login_t)
-corecmd_read_sbin_files(remote_login_t)
-corecmd_read_sbin_pipes(remote_login_t)
-corecmd_read_sbin_sockets(remote_login_t)
 
 domain_read_all_entry_files(remote_login_t)
 
diff --git a/policy/modules/services/rhgb.te b/policy/modules/services/rhgb.te
index a09c821e..6d2fe690 100644
--- a/policy/modules/services/rhgb.te
+++ b/policy/modules/services/rhgb.te
@@ -42,7 +42,6 @@ kernel_read_kernel_sysctls(rhgb_t)
 kernel_read_system_state(rhgb_t)
 
 corecmd_exec_bin(rhgb_t)
-corecmd_exec_sbin(rhgb_t)
 corecmd_exec_shell(rhgb_t)
 
 corenet_non_ipsec_sendrecv(rhgb_t)
diff --git a/policy/modules/services/ricci.te b/policy/modules/services/ricci.te
index acba016d..1645dff0 100644
--- a/policy/modules/services/ricci.te
+++ b/policy/modules/services/ricci.te
@@ -119,7 +119,6 @@ files_pid_filetrans(ricci_t,ricci_var_run_t, { file sock_file })
 kernel_read_kernel_sysctls(ricci_t)
 
 corecmd_exec_bin(ricci_t)
-corecmd_exec_sbin(ricci_t)
 
 corenet_non_ipsec_sendrecv(ricci_t)
 corenet_tcp_sendrecv_all_if(ricci_t)
@@ -170,7 +169,7 @@ optional_policy(`
 
 optional_policy(`
 	# Needed so oddjob can run halt/reboot on behalf of ricci
-	corecmd_sbin_entry_type(ricci_t)
+	corecmd_bin_entry_type(ricci_t)
 	term_dontaudit_search_ptys(ricci_t)
 	init_exec(ricci_t)
 	init_telinit(ricci_t)
@@ -208,7 +207,6 @@ kernel_read_kernel_sysctls(ricci_modcluster_t)
 kernel_read_system_state(ricci_modcluster_t)
 
 corecmd_exec_shell(ricci_modcluster_t)
-corecmd_exec_sbin(ricci_modcluster_t)
 corecmd_exec_bin(ricci_modcluster_t)
 
 domain_dontaudit_read_all_domains_state(ricci_modcluster_t)
@@ -290,7 +288,6 @@ kernel_read_kernel_sysctls(ricci_modclusterd_t)
 kernel_read_system_state(ricci_modclusterd_t)
 
 corecmd_exec_bin(ricci_modclusterd_t)
-corecmd_exec_sbin(ricci_modclusterd_t)
 
 corenet_tcp_sendrecv_all_if(ricci_modclusterd_t)
 corenet_tcp_sendrecv_all_ports(ricci_modclusterd_t)
@@ -346,7 +343,6 @@ kernel_read_kernel_sysctls(ricci_modlog_t)
 kernel_read_system_state(ricci_modlog_t)
 
 corecmd_exec_bin(ricci_modlog_t)
-corecmd_exec_sbin(ricci_modlog_t)
 
 domain_dontaudit_read_all_domains_state(ricci_modlog_t)
 
@@ -408,7 +404,6 @@ allow ricci_modservice_t self:process setsched;
 kernel_read_kernel_sysctls(ricci_modservice_t)
 kernel_read_system_state(ricci_modservice_t)
 
-corecmd_exec_sbin(ricci_modservice_t)
 corecmd_exec_bin(ricci_modservice_t)
 corecmd_exec_shell(ricci_modservice_t)
 
@@ -457,7 +452,6 @@ create_files_pattern(ricci_modstorage_t,ricci_modstorage_lock_t,ricci_modstorage
 files_lock_filetrans(ricci_modstorage_t,ricci_modstorage_lock_t,file)
 
 corecmd_exec_bin(ricci_modstorage_t)
-corecmd_exec_sbin(ricci_modstorage_t)
 
 dev_read_sysfs(ricci_modstorage_t)
 dev_read_urand(ricci_modstorage_t)
diff --git a/policy/modules/services/rlogin.if b/policy/modules/services/rlogin.if
index 27bb9978..98f70160 100644
--- a/policy/modules/services/rlogin.if
+++ b/policy/modules/services/rlogin.if
@@ -15,6 +15,6 @@ interface(`rlogin_domtrans',`
 		type rlogind_t, rlogind_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,rlogind_exec_t,rlogind_t)
 ')
diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te
index 25d59ad9..e21f3e71 100644
--- a/policy/modules/services/rpc.te
+++ b/policy/modules/services/rpc.te
@@ -132,7 +132,6 @@ kernel_read_network_state(gssd_t)
 kernel_read_network_state_symlinks(gssd_t)	
 kernel_search_network_sysctl(gssd_t)	
 
-corecmd_search_sbin(gssd_t)
 corecmd_exec_bin(gssd_t)
 
 fs_list_rpc(gssd_t) 
diff --git a/policy/modules/services/rshd.te b/policy/modules/services/rshd.te
index e814bd30..1dbe9c05 100644
--- a/policy/modules/services/rshd.te
+++ b/policy/modules/services/rshd.te
@@ -46,7 +46,6 @@ selinux_compute_user_contexts(rshd_t)
 auth_domtrans_chk_passwd(rshd_t)
 
 corecmd_read_bin_symlinks(rshd_t)
-corecmd_read_sbin_symlinks(rshd_t)
 
 files_list_home(rshd_t)
 files_read_etc_files(rshd_t)
diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te
index 15fe80b5..b2a5004a 100644
--- a/policy/modules/services/samba.te
+++ b/policy/modules/services/samba.te
@@ -542,7 +542,7 @@ kernel_read_kernel_sysctls(swat_t)
 kernel_read_system_state(swat_t)
 kernel_read_network_state(swat_t)
 
-corecmd_search_sbin(swat_t)
+corecmd_search_bin(swat_t)
 
 corenet_non_ipsec_sendrecv(swat_t)
 corenet_tcp_sendrecv_generic_if(swat_t)
diff --git a/policy/modules/services/sendmail.te b/policy/modules/services/sendmail.te
index 308423fa..f5c37802 100644
--- a/policy/modules/services/sendmail.te
+++ b/policy/modules/services/sendmail.te
@@ -69,7 +69,6 @@ term_dontaudit_use_console(sendmail_t)
 
 # for piping mail to a command
 corecmd_exec_shell(sendmail_t)
-corecmd_search_sbin(sendmail_t)
 
 domain_use_interactive_fds(sendmail_t)
 
diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
index ea141e69..b3edf56c 100644
--- a/policy/modules/services/setroubleshoot.te
+++ b/policy/modules/services/setroubleshoot.te
@@ -55,7 +55,6 @@ kernel_read_kernel_sysctls(setroubleshootd_t)
 kernel_read_system_state(setroubleshootd_t)
 kernel_read_network_state(setroubleshootd_t)
 
-corecmd_exec_sbin(setroubleshootd_t)
 corecmd_exec_bin(setroubleshootd_t)
 corecmd_exec_shell(setroubleshootd_t)
 
diff --git a/policy/modules/services/snmp.te b/policy/modules/services/snmp.te
index ae554a8a..8234000c 100644
--- a/policy/modules/services/snmp.te
+++ b/policy/modules/services/snmp.te
@@ -56,7 +56,6 @@ kernel_read_system_state(snmpd_t)
 kernel_read_network_state(snmpd_t)
 
 corecmd_exec_bin(snmpd_t)
-corecmd_exec_sbin(snmpd_t)
 corecmd_exec_shell(snmpd_t)
 
 corenet_non_ipsec_sendrecv(snmpd_t)
diff --git a/policy/modules/services/spamassassin.if b/policy/modules/services/spamassassin.if
index 304224e5..186838f3 100644
--- a/policy/modules/services/spamassassin.if
+++ b/policy/modules/services/spamassassin.if
@@ -115,11 +115,6 @@ template(`spamassassin_per_role_template',`
 	corecmd_read_bin_files($1_spamc_t)
 	corecmd_read_bin_pipes($1_spamc_t)
 	corecmd_read_bin_sockets($1_spamc_t)
-	corecmd_list_sbin($1_spamc_t)
-	corecmd_read_sbin_symlinks($1_spamc_t)
-	corecmd_read_sbin_files($1_spamc_t)
-	corecmd_read_sbin_pipes($1_spamc_t)
-	corecmd_read_sbin_sockets($1_spamc_t)
 
 	domain_use_interactive_fds($1_spamc_t)
 
@@ -231,11 +226,6 @@ template(`spamassassin_per_role_template',`
 	corecmd_read_bin_files($1_spamassassin_t)
 	corecmd_read_bin_pipes($1_spamassassin_t)
 	corecmd_read_bin_sockets($1_spamassassin_t)
-	corecmd_list_sbin($1_spamassassin_t)
-	corecmd_read_sbin_symlinks($1_spamassassin_t)
-	corecmd_read_sbin_files($1_spamassassin_t)
-	corecmd_read_sbin_pipes($1_spamassassin_t)
-	corecmd_read_sbin_sockets($1_spamassassin_t)
 
 	domain_use_interactive_fds($1_spamassassin_t)
 
diff --git a/policy/modules/services/spamassassin.te b/policy/modules/services/spamassassin.te
index b1a6f39a..2a8e3a4b 100644
--- a/policy/modules/services/spamassassin.te
+++ b/policy/modules/services/spamassassin.te
@@ -106,7 +106,6 @@ fs_search_auto_mountpoints(spamd_t)
 auth_dontaudit_read_shadow(spamd_t)
 
 corecmd_exec_bin(spamd_t)
-corecmd_search_sbin(spamd_t)
 
 domain_use_interactive_fds(spamd_t)
 
diff --git a/policy/modules/services/squid.if b/policy/modules/services/squid.if
index 465bb049..4769c23c 100644
--- a/policy/modules/services/squid.if
+++ b/policy/modules/services/squid.if
@@ -15,7 +15,7 @@ interface(`squid_domtrans',`
 		type squid_t, squid_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,squid_exec_t,squid_t)
 ')
 
diff --git a/policy/modules/services/squid.te b/policy/modules/services/squid.te
index 89a9e5cd..18ebdd85 100644
--- a/policy/modules/services/squid.te
+++ b/policy/modules/services/squid.te
@@ -103,7 +103,6 @@ term_dontaudit_getattr_pty_dirs(squid_t)
 
 # to allow running programs from /usr/lib/squid (IE unlinkd)
 corecmd_exec_bin(squid_t)
-corecmd_exec_sbin(squid_t)
 corecmd_exec_shell(squid_t)
 
 domain_use_interactive_fds(squid_t)
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
index 22997345..b22317cb 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -124,8 +124,6 @@ template(`ssh_basic_client_template',`
 	# run helper programs - needed eg for x11-ssh-askpass
 	corecmd_exec_shell($1_ssh_t)
 	corecmd_exec_bin($1_ssh_t)
-	corecmd_list_sbin($1_ssh_t)
-	corecmd_read_sbin_symlinks($1_ssh_t)
 
 	domain_use_interactive_fds($1_ssh_t)
 
diff --git a/policy/modules/services/sysstat.te b/policy/modules/services/sysstat.te
index 7f4e9078..68f4f8b6 100644
--- a/policy/modules/services/sysstat.te
+++ b/policy/modules/services/sysstat.te
@@ -35,7 +35,6 @@ kernel_read_kernel_sysctls(sysstat_t)
 kernel_read_fs_sysctls(sysstat_t)
 kernel_read_rpc_sysctls(sysstat_t)
 
-corecmd_dontaudit_search_sbin(sysstat_t)
 corecmd_exec_bin(sysstat_t)
 
 dev_read_urand(sysstat_t)
diff --git a/policy/modules/services/tcpd.te b/policy/modules/services/tcpd.te
index ce7592d3..a16ccc5a 100644
--- a/policy/modules/services/tcpd.te
+++ b/policy/modules/services/tcpd.te
@@ -32,7 +32,6 @@ fs_getattr_xattr_fs(tcpd_t)
 
 # Run other daemons in the inetd child domain.
 corecmd_search_bin(tcpd_t)
-corecmd_search_sbin(tcpd_t)
 
 files_read_etc_files(tcpd_t)
 # no good reason for files_dontaudit_search_var, probably nscd
diff --git a/policy/modules/services/telnet.te b/policy/modules/services/telnet.te
index 9f46dc1d..766cde69 100644
--- a/policy/modules/services/telnet.te
+++ b/policy/modules/services/telnet.te
@@ -63,7 +63,7 @@ fs_getattr_xattr_fs(telnetd_t)
 
 auth_rw_login_records(telnetd_t)
 
-corecmd_search_sbin(telnetd_t)
+corecmd_search_bin(telnetd_t)
 
 files_read_etc_files(telnetd_t)
 files_read_etc_runtime_files(telnetd_t)
diff --git a/policy/modules/services/ucspitcp.te b/policy/modules/services/ucspitcp.te
index 04650f7b..a93f147e 100644
--- a/policy/modules/services/ucspitcp.te
+++ b/policy/modules/services/ucspitcp.te
@@ -56,7 +56,6 @@ allow ucspitcp_t self:tcp_socket create_stream_socket_perms;
 allow ucspitcp_t self:udp_socket create_socket_perms;
 
 corecmd_search_bin(ucspitcp_t)
-corecmd_search_sbin(ucspitcp_t)
 
 # base networking:
 corenet_non_ipsec_sendrecv(ucspitcp_t)
diff --git a/policy/modules/services/uptime.te b/policy/modules/services/uptime.te
index d75f44b0..f88b08bd 100644
--- a/policy/modules/services/uptime.te
+++ b/policy/modules/services/uptime.te
@@ -44,7 +44,6 @@ kernel_read_system_state(uptimed_t)
 kernel_read_kernel_sysctls(uptimed_t)
 
 corecmd_exec_shell(uptimed_t)
-corecmd_search_sbin(uptimed_t)
 
 dev_read_sysfs(uptimed_t)
 
diff --git a/policy/modules/services/uucp.te b/policy/modules/services/uucp.te
index e84f3e26..415b6101 100644
--- a/policy/modules/services/uucp.te
+++ b/policy/modules/services/uucp.te
@@ -82,7 +82,7 @@ dev_read_urand(uucpd_t)
 
 fs_getattr_xattr_fs(uucpd_t)
 
-corecmd_exec_sbin(uucpd_t)
+corecmd_exec_bin(uucpd_t)
 
 files_read_etc_files(uucpd_t)
 files_search_home(uucpd_t)
@@ -120,7 +120,7 @@ allow uux_t self:fifo_file { getattr write };
 uucp_append_log(uux_t)
 uucp_manage_spool(uux_t)
 
-corecmd_exec_sbin(uux_t)
+corecmd_exec_bin(uux_t)
 
 files_read_etc_files(uux_t)
 
diff --git a/policy/modules/services/uwimap.if b/policy/modules/services/uwimap.if
index 276996ce..3623f97c 100644
--- a/policy/modules/services/uwimap.if
+++ b/policy/modules/services/uwimap.if
@@ -15,6 +15,6 @@ interface(`uwimap_domtrans',`
 		type imapd_t, imapd_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,imapd_exec_t,imapd_t)
 ')
diff --git a/policy/modules/services/watchdog.te b/policy/modules/services/watchdog.te
index 1e0956d6..ee6778a0 100644
--- a/policy/modules/services/watchdog.te
+++ b/policy/modules/services/watchdog.te
@@ -39,7 +39,6 @@ kernel_read_system_state(watchdog_t)
 kernel_read_kernel_sysctls(watchdog_t)
 kernel_unmount_proc(watchdog_t)
 
-corecmd_search_sbin(watchdog_t)
 # for orderly shutdown
 corecmd_exec_shell(watchdog_t)
 
diff --git a/policy/modules/services/xfs.te b/policy/modules/services/xfs.te
index af11aae4..9de200ba 100644
--- a/policy/modules/services/xfs.te
+++ b/policy/modules/services/xfs.te
@@ -38,7 +38,6 @@ kernel_read_kernel_sysctls(xfs_t)
 kernel_read_system_state(xfs_t)
 
 corecmd_list_bin(xfs_t)
-corecmd_list_sbin(xfs_t)
 
 dev_read_sysfs(xfs_t)
 dev_read_urand(xfs_t)
diff --git a/policy/modules/services/xprint.te b/policy/modules/services/xprint.te
index fc84b65e..6421f782 100644
--- a/policy/modules/services/xprint.te
+++ b/policy/modules/services/xprint.te
@@ -31,8 +31,6 @@ kernel_read_system_state(xprint_t)
 kernel_read_kernel_sysctls(xprint_t)
 
 corecmd_exec_bin(xprint_t)
-corecmd_exec_sbin(xprint_t)
-corecmd_exec_ls(xprint_t)
 corecmd_exec_shell(xprint_t)
 
 corenet_non_ipsec_sendrecv(xprint_t)
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 88d68f32..71011956 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -91,7 +91,6 @@ template(`xserver_common_domain_template',`
 	kernel_write_proc_files($1_xserver_t)
 
 	# Run helper programs in $1_xserver_t.
-	corecmd_search_sbin($1_xserver_t)
 	corecmd_exec_bin($1_xserver_t)
 	corecmd_exec_shell($1_xserver_t)
 
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index abc53f89..4c299e20 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -158,7 +158,6 @@ kernel_read_network_state(xdm_t)
 
 corecmd_exec_shell(xdm_t)
 corecmd_exec_bin(xdm_t)
-corecmd_exec_sbin(xdm_t)
 
 corenet_non_ipsec_sendrecv(xdm_t)
 corenet_tcp_sendrecv_generic_if(xdm_t)
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 46a75e91..351eab63 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -324,7 +324,7 @@ interface(`auth_domtrans_chk_passwd',`
 	allow $1 self:capability audit_control;
 	send_audit_msgs_pattern($1)
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,chkpwd_exec_t,system_chkpwd_t)
 
 	dontaudit $1 shadow_t:file { getattr read };
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index a9c88401..0b5fc82b 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -253,7 +253,7 @@ optional_policy(`
 
 allow system_chkpwd_t shadow_t:file { getattr read };
 
-corecmd_search_sbin(system_chkpwd_t)
+corecmd_search_bin(system_chkpwd_t)
 
 domain_dontaudit_use_interactive_fds(system_chkpwd_t)
 
diff --git a/policy/modules/system/daemontools.te b/policy/modules/system/daemontools.te
index 5c411235..58a78dea 100644
--- a/policy/modules/system/daemontools.te
+++ b/policy/modules/system/daemontools.te
@@ -71,9 +71,7 @@ can_exec(svc_run_t svc_run_exec_t)
 kernel_read_system_state(svc_run_t)
 
 corecmd_exec_bin(svc_run_t)
-corecmd_exec_sbin(svc_run_t)
 corecmd_exec_shell(svc_run_t)
-corecmd_exec_ls(svc_run_t)
 
 files_read_etc_files(svc_run_t)
 files_read_etc_runtime_files(svc_run_t)
@@ -107,7 +105,6 @@ allow svc_start_t self:unix_stream_socket create_socket_perms;
 
 can_exec(svc_start_t svc_start_exec_t)
 
-corecmd_read_sbin_symlinks(svc_start_t)
 corecmd_exec_bin(svc_start_t)
 corecmd_exec_shell(svc_start_t)
 
diff --git a/policy/modules/system/fstools.if b/policy/modules/system/fstools.if
index 01a5a77d..34d07e81 100644
--- a/policy/modules/system/fstools.if
+++ b/policy/modules/system/fstools.if
@@ -15,7 +15,7 @@ interface(`fstools_domtrans',`
 		type fsadm_t, fsadm_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,fsadm_exec_t,fsadm_t)
 ')
 
diff --git a/policy/modules/system/fstools.te b/policy/modules/system/fstools.te
index 4f919344..fd15a4f2 100644
--- a/policy/modules/system/fstools.te
+++ b/policy/modules/system/fstools.te
@@ -109,9 +109,7 @@ storage_swapon_fixed_disk(fsadm_t)
 term_use_console(fsadm_t)
 
 corecmd_list_bin(fsadm_t)
-corecmd_list_sbin(fsadm_t)
 corecmd_read_bin_symlinks(fsadm_t)
-corecmd_read_sbin_symlinks(fsadm_t)
 #RedHat bug #201164
 corecmd_exec_shell(fsadm_t)
 
@@ -119,9 +117,6 @@ corecmd_exec_shell(fsadm_t)
 corecmd_read_bin_files(fsadm_t)
 corecmd_read_bin_pipes(fsadm_t)
 corecmd_read_bin_sockets(fsadm_t)
-corecmd_read_sbin_files(fsadm_t)
-corecmd_read_sbin_pipes(fsadm_t)
-corecmd_read_sbin_sockets(fsadm_t)
 
 domain_use_interactive_fds(fsadm_t)
 
diff --git a/policy/modules/system/getty.if b/policy/modules/system/getty.if
index a49363d1..bd8ead46 100644
--- a/policy/modules/system/getty.if
+++ b/policy/modules/system/getty.if
@@ -15,7 +15,7 @@ interface(`getty_domtrans',`
 		type getty_t, getty_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,getty_exec_t,getty_t)
 ')
 
diff --git a/policy/modules/system/getty.te b/policy/modules/system/getty.te
index e59d0d87..b16d03ac 100644
--- a/policy/modules/system/getty.te
+++ b/policy/modules/system/getty.te
@@ -80,7 +80,6 @@ term_dontaudit_use_console(getty_t)
 auth_rw_login_records(getty_t)
 
 corecmd_search_bin(getty_t)
-corecmd_search_sbin(getty_t)
 corecmd_read_bin_symlinks(getty_t)
 
 files_rw_generic_pids(getty_t)
diff --git a/policy/modules/system/hotplug.if b/policy/modules/system/hotplug.if
index 9d1b4a09..3741a18d 100644
--- a/policy/modules/system/hotplug.if
+++ b/policy/modules/system/hotplug.if
@@ -18,7 +18,7 @@ interface(`hotplug_domtrans',`
 		type hotplug_t, hotplug_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,hotplug_exec_t,hotplug_t)
 ')
 
@@ -37,7 +37,7 @@ interface(`hotplug_exec',`
 		type hotplug_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	can_exec($1,hotplug_exec_t)
 ')
 
diff --git a/policy/modules/system/hotplug.te b/policy/modules/system/hotplug.te
index 381f23f9..739e4962 100644
--- a/policy/modules/system/hotplug.te
+++ b/policy/modules/system/hotplug.te
@@ -74,8 +74,6 @@ storage_setattr_removable_dev(hotplug_t)
 
 corecmd_exec_bin(hotplug_t)
 corecmd_exec_shell(hotplug_t)
-corecmd_exec_sbin(hotplug_t)
-corecmd_exec_ls(hotplug_t)
 
 domain_use_interactive_fds(hotplug_t)
 # for ps
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 59a38e4a..af854cb2 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -283,7 +283,7 @@ interface(`init_exec',`
 		type init_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	can_exec($1,init_exec_t)
 ')
 
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index c5ee4d9d..d92065f4 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -104,7 +104,6 @@ kernel_share_state(init_t)
 
 corecmd_exec_chroot(init_t)
 corecmd_exec_bin(init_t)
-corecmd_exec_sbin(init_t)
 
 dev_read_sysfs(init_t)
 
diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te
index d796b43c..2b7ec226 100644
--- a/policy/modules/system/ipsec.te
+++ b/policy/modules/system/ipsec.te
@@ -228,7 +228,6 @@ term_use_console(ipsec_mgmt_t)
 term_dontaudit_getattr_unallocated_ttys(ipsec_mgmt_t)
 
 # the default updown script wants to run route
-corecmd_exec_sbin(ipsec_mgmt_t)
 # the ipsec wrapper wants to run /usr/bin/logger (should we put
 # it in its own domain?)
 corecmd_exec_bin(ipsec_mgmt_t)
diff --git a/policy/modules/system/iptables.if b/policy/modules/system/iptables.if
index 85f258d1..40544916 100644
--- a/policy/modules/system/iptables.if
+++ b/policy/modules/system/iptables.if
@@ -15,7 +15,7 @@ interface(`iptables_domtrans',`
 		type iptables_t, iptables_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,iptables_exec_t,iptables_t)
 ')
 
@@ -66,6 +66,6 @@ interface(`iptables_exec',`
 		type iptables_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	can_exec($1,iptables_exec_t)
 ')
diff --git a/policy/modules/system/libraries.if b/policy/modules/system/libraries.if
index ad0bea89..d6236bce 100644
--- a/policy/modules/system/libraries.if
+++ b/policy/modules/system/libraries.if
@@ -15,7 +15,7 @@ interface(`libs_domtrans_ldconfig',`
 		type ldconfig_t, ldconfig_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,ldconfig_exec_t,ldconfig_t)
 ')
 
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
index 690ab119..e73a4c8e 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
@@ -104,16 +104,11 @@ auth_manage_pam_console_data(local_login_t)
 auth_domtrans_pam_console(local_login_t)
 
 corecmd_list_bin(local_login_t)
-corecmd_list_sbin(local_login_t)
 corecmd_read_bin_symlinks(local_login_t)
-corecmd_read_sbin_symlinks(local_login_t)
 # cjp: these are probably not needed:
 corecmd_read_bin_files(local_login_t)
 corecmd_read_bin_pipes(local_login_t)
 corecmd_read_bin_sockets(local_login_t)
-corecmd_read_sbin_files(local_login_t)
-corecmd_read_sbin_pipes(local_login_t)
-corecmd_read_sbin_sockets(local_login_t)
 
 domain_read_all_entry_files(local_login_t)
 
diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
index 44f6b5a1..e7a4d72c 100644
--- a/policy/modules/system/logging.if
+++ b/policy/modules/system/logging.if
@@ -217,7 +217,7 @@ interface(`logging_domtrans_syslog',`
 		type syslogd_t, syslogd_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,syslogd_exec_t,syslogd_t)
 ')
 
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 02520804..2d0364a9 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -136,7 +136,6 @@ selinux_search_fs(auditctl_t)
 
 # Needs to be able to run dispatcher.  see /etc/audit/auditd.conf
 # Probably want a transition, and a new auditd_helper app
-corecmd_exec_sbin(auditd_t)
 corecmd_exec_bin(auditd_t)
 corecmd_exec_shell(auditd_t)
 
diff --git a/policy/modules/system/lvm.if b/policy/modules/system/lvm.if
index 515f94d8..adfa5aee 100644
--- a/policy/modules/system/lvm.if
+++ b/policy/modules/system/lvm.if
@@ -15,7 +15,7 @@ interface(`lvm_domtrans',`
 		type lvm_t, lvm_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1, lvm_exec_t, lvm_t)
 ')
 
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
index 006a2844..cf771cf1 100644
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@@ -67,9 +67,7 @@ kernel_search_debugfs(clvmd_t)
 kernel_dontaudit_getattr_core_if(clvmd_t)
 
 corecmd_exec_shell(clvmd_t)
-corecmd_read_bin_symlinks(clvmd_t)
-corecmd_getattr_sbin_files(clvmd_t)
-corecmd_read_sbin_symlinks(clvmd_t)
+corecmd_getattr_bin_files(clvmd_t)
 
 corenet_non_ipsec_sendrecv(clvmd_t)
 corenet_tcp_sendrecv_all_if(clvmd_t)
@@ -257,7 +255,7 @@ storage_manage_fixed_disk(lvm_t)
 term_getattr_all_user_ttys(lvm_t)
 term_list_ptys(lvm_t)
 
-corecmd_exec_sbin(lvm_t)
+corecmd_exec_bin(lvm_t)
 
 domain_use_interactive_fds(lvm_t)
 
diff --git a/policy/modules/system/modutils.if b/policy/modules/system/modutils.if
index 3dea9a10..89f7ed65 100644
--- a/policy/modules/system/modutils.if
+++ b/policy/modules/system/modutils.if
@@ -81,7 +81,7 @@ interface(`modutils_domtrans_insmod_uncond',`
 		type insmod_t, insmod_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1, insmod_exec_t, insmod_t)
 ')
 
@@ -154,7 +154,7 @@ interface(`modutils_exec_insmod',`
 		type insmod_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	can_exec($1, insmod_exec_t)
 ')
 
@@ -173,7 +173,7 @@ interface(`modutils_domtrans_depmod',`
 		type depmod_t, depmod_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1, depmod_exec_t, depmod_t)
 ')
 
@@ -223,7 +223,7 @@ interface(`modutils_exec_depmod',`
 		type depmod_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	can_exec($1, depmod_exec_t)
 ')
 
@@ -242,7 +242,7 @@ interface(`modutils_domtrans_update_mods',`
 		type update_modules_t, update_modules_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1, update_modules_exec_t, update_modules_t)
 ')
 
@@ -292,6 +292,6 @@ interface(`modutils_exec_update_mods',`
 		type update_modules_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	can_exec($1, update_modules_exec_t)
 ')
diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
index 3236e4fe..8bf4cb5d 100644
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@@ -83,7 +83,6 @@ dev_mount_usbfs(insmod_t)
 fs_getattr_xattr_fs(insmod_t)
 
 corecmd_exec_bin(insmod_t)
-corecmd_exec_sbin(insmod_t)
 corecmd_exec_shell(insmod_t)
 
 domain_signal_all_domains(insmod_t)
@@ -186,7 +185,6 @@ fs_getattr_xattr_fs(depmod_t)
 term_use_console(depmod_t)
 
 corecmd_search_bin(depmod_t)
-corecmd_search_sbin(depmod_t)
 
 domain_use_interactive_fds(depmod_t)
 
@@ -264,7 +262,6 @@ files_read_etc_files(update_modules_t)
 files_exec_etc_files(update_modules_t)
 
 corecmd_exec_bin(update_modules_t)
-corecmd_exec_sbin(update_modules_t)
 corecmd_exec_shell(update_modules_t)
 
 libs_use_ld_so(update_modules_t)
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 16f3014d..1d095283 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -70,7 +70,6 @@ fs_read_tmpfs_symlinks(mount_t)
 term_use_all_terms(mount_t)
 
 # required for mount.smbfs
-corecmd_exec_sbin(mount_t)
 corecmd_exec_bin(mount_t)
 
 domain_use_interactive_fds(mount_t)
diff --git a/policy/modules/system/netlabel.if b/policy/modules/system/netlabel.if
index 93f472d5..7c48ce54 100644
--- a/policy/modules/system/netlabel.if
+++ b/policy/modules/system/netlabel.if
@@ -15,7 +15,7 @@ interface(`netlabel_domtrans_mgmt',`
                 type netlabel_mgmt_t, netlabel_mgmt_exec_t;
         ')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,netlabel_mgmt_exec_t,netlabel_mgmt_t)
 ')
 
diff --git a/policy/modules/system/raid.if b/policy/modules/system/raid.if
index cfe72e8e..849f921b 100644
--- a/policy/modules/system/raid.if
+++ b/policy/modules/system/raid.if
@@ -15,7 +15,7 @@ interface(`raid_domtrans_mdadm',`
 		type mdadm_t, mdadm_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,mdadm_exec_t,mdadm_t)
 ')
 
diff --git a/policy/modules/system/raid.te b/policy/modules/system/raid.te
index 9004d7f4..8d606088 100644
--- a/policy/modules/system/raid.te
+++ b/policy/modules/system/raid.te
@@ -51,7 +51,6 @@ term_dontaudit_list_ptys(mdadm_t)
 
 # Helper program access
 corecmd_exec_bin(mdadm_t)
-corecmd_exec_sbin(mdadm_t)
 corecmd_exec_shell(mdadm_t)
 
 domain_use_interactive_fds(mdadm_t)
diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
index 72725a1c..0dcc740b 100644
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@@ -89,7 +89,7 @@ interface(`seutil_domtrans_loadpolicy',`
 		type load_policy_t, load_policy_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,load_policy_exec_t,load_policy_t)
 ')
 
@@ -141,7 +141,7 @@ interface(`seutil_exec_loadpolicy',`
 		type load_policy_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	can_exec($1,load_policy_exec_t)
 ')
 
@@ -160,7 +160,7 @@ interface(`seutil_read_loadpolicy',`
 		type load_policy_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	allow $1 load_policy_exec_t:file read_file_perms;
 ')
 
@@ -307,7 +307,7 @@ interface(`seutil_domtrans_restorecon',`
 		type restorecon_t, restorecon_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,restorecon_exec_t,restorecon_t)
 ')
 
@@ -360,7 +360,7 @@ interface(`seutil_exec_restorecon',`
 		type restorecon_t, restorecon_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	can_exec($1,restorecon_exec_t)
 ')
 
@@ -380,7 +380,7 @@ interface(`seutil_domtrans_runinit',`
 	')
 
 	files_search_usr($1)
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,run_init_exec_t,run_init_t)
 ')
 
@@ -525,7 +525,7 @@ interface(`seutil_domtrans_setfiles',`
 	')
 
 	files_search_usr($1)
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1,setfiles_exec_t,setfiles_t)
 ')
 
@@ -578,7 +578,7 @@ interface(`seutil_exec_setfiles',`
 	')
 
 	files_search_usr($1)
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	can_exec($1,setfiles_exec_t)
 ')
 
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index 952d2efa..f843dd4f 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -572,7 +572,6 @@ kernel_read_system_state(semanage_t)
 kernel_read_kernel_sysctls(semanage_t)
 
 corecmd_exec_bin(semanage_t)
-corecmd_exec_sbin(semanage_t)
 
 dev_read_urand(semanage_t)
 
diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te
index 5b36eb16..0c39344c 100644
--- a/policy/modules/system/setrans.te
+++ b/policy/modules/system/setrans.te
@@ -34,7 +34,7 @@ allow setrans_t self:unix_dgram_socket create_socket_perms;
 allow setrans_t self:netlink_selinux_socket create_socket_perms;
 
 can_exec(setrans_t, setrans_exec_t)
-corecmd_search_sbin(setrans_t)
+corecmd_search_bin(setrans_t)
 
 # create unix domain socket in /var
 manage_files_pattern(setrans_t,setrans_var_run_t,setrans_var_run_t)
diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
index 3a0ba460..5b9c2cd6 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -15,7 +15,7 @@ interface(`sysnet_domtrans_dhcpc',`
 		type dhcpc_t, dhcpc_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1, dhcpc_exec_t, dhcpc_t)
 ')
 
@@ -327,7 +327,7 @@ interface(`sysnet_domtrans_ifconfig',`
 		type ifconfig_t, ifconfig_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	domtrans_pattern($1, ifconfig_exec_t, ifconfig_t)
 ')
 
@@ -359,7 +359,7 @@ interface(`sysnet_run_ifconfig',`
 		type ifconfig_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	sysnet_domtrans_ifconfig($1)
 	role $2 types ifconfig_t;
 	allow ifconfig_t $3:chr_file rw_term_perms;
@@ -380,7 +380,7 @@ interface(`sysnet_exec_ifconfig',`
 		type ifconfig_exec_t;
 	')
 
-	corecmd_search_sbin($1)
+	corecmd_search_bin($1)
 	can_exec($1,ifconfig_exec_t)
 ')
 
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index 81aeafd3..d2898965 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -113,7 +113,6 @@ term_dontaudit_use_unallocated_ttys(dhcpc_t)
 term_dontaudit_use_generic_ptys(dhcpc_t)
 
 corecmd_exec_bin(dhcpc_t)
-corecmd_exec_sbin(dhcpc_t)
 corecmd_exec_shell(dhcpc_t)
 
 domain_use_interactive_fds(dhcpc_t)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 23614251..46425d76 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -34,7 +34,6 @@ template(`userdom_base_user_template',`
 	domain_type($1_t)
 	corecmd_shell_entry_type($1_t)
 	corecmd_bin_entry_type($1_t)
-	corecmd_sbin_entry_type($1_t)
 	domain_user_exemption_target($1_t)
 	role $1_r types $1_t;
 	allow system_r $1_r;
@@ -515,8 +514,6 @@ template(`userdom_exec_generic_pgms_template',`
 	')
 
 	corecmd_exec_bin($1_t)
-	corecmd_exec_sbin($1_t)
-	corecmd_exec_ls($1_t)
 ')
 
 #######################################
@@ -3926,14 +3923,8 @@ interface(`userdom_bin_spec_domtrans_unpriv_users',`
 ## </param>
 #
 interface(`userdom_sbin_spec_domtrans_unpriv_users',`
-	gen_require(`
-		attribute unpriv_userdomain;
-	')
-
-	corecmd_sbin_spec_domtrans($1,unpriv_userdomain)
-	allow unpriv_userdomain $1:fd use;
-	allow unpriv_userdomain $1:fifo_file rw_file_perms;
-	allow unpriv_userdomain $1:process sigchld;
+	userdom_bin_spec_domtrans_unpriv_users($1)
+	refpolicywarn(`$0() has been deprecated, please use userdom_bin_spec_domtrans_unpriv_users() instead.')
 ')
 
 ########################################
@@ -4008,7 +3999,7 @@ interface(`userdom_bin_spec_domtrans_sysadm',`
 
 ########################################
 ## <summary>
-##	Execute a generic sbin program in the sysadm domain.
+##	Execute a generic sbin program in the sysadm domain.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -4017,14 +4008,8 @@ interface(`userdom_bin_spec_domtrans_sysadm',`
 ## </param>
 #
 interface(`userdom_sbin_spec_domtrans_sysadm',`
-	gen_require(`
-		type sysadm_t;
-	')
-
-	corecmd_sbin_spec_domtrans($1,sysadm_t)
-	allow sysadm_t $1:fd use;
-	allow sysadm_t $1:fifo_file rw_file_perms;
-	allow sysadm_t $1:process sigchld;
+	userdom_bin_spec_domtrans_sysadm($1)
+	refpolicywarn(`$0() has been deprecated, please use userdom_bin_spec_domtrans_sysadm() instead.')
 ')
 
 ########################################
@@ -4054,12 +4039,12 @@ interface(`userdom_entry_spec_domtrans_sysadm',`
 ## <summary>
 ##	Allow sysadm to execute a generic bin program in
 ##	a specified domain.  This is an explicit transition,
-##	requiring the caller to use setexeccon().
+##	requiring the caller to use setexeccon().  (Deprecated)
 ## </summary>
 ## <desc>
 ##	<p>
 ##	Allow sysadm to execute a generic bin program in
-##	a specified domain.
+##	a specified domain.  (Deprecated)
 ##	</p>
 ##	<p>
 ##	This is a interface to support third party modules
@@ -4088,12 +4073,12 @@ interface(`userdom_sysadm_bin_spec_domtrans_to',`
 ## <summary>
 ##	Allow sysadm to execute a generic sbin program in
 ##	a specified domain.  This is an explicit transition,
-##	requiring the caller to use setexeccon().
+##	requiring the caller to use setexeccon().  (Deprecated)
 ## </summary>
 ## <desc>
 ##	<p>
 ##	Allow sysadm to execute a generic sbin program in
-##	a specified domain.
+##	a specified domain.  (Deprecated)
 ##	</p>
 ##	<p>
 ##	This is a interface to support third party modules
@@ -4108,14 +4093,8 @@ interface(`userdom_sysadm_bin_spec_domtrans_to',`
 ## </param>
 #
 interface(`userdom_sysadm_sbin_spec_domtrans_to',`
-	gen_require(`
-		type sysadm_t;
-	')
-
-	corecmd_sbin_spec_domtrans(sysadm_t, $1)
-	allow $1 sysadm_t:fd use;
-	allow $1 sysadm_t:fifo_file rw_file_perms;
-	allow $1 sysadm_t:process sigchld;
+	userdom_sysadm_bin_spec_domtrans_to($1)
+	refpolicywarn(`$0() has been deprecated, please use userdom_sysadm_bin_spec_domtrans_to() instead.')
 ')
 
 ########################################
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 1e5a0b48..d3fa84ef 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -1,5 +1,5 @@
 
-policy_module(userdomain,2.1.1)
+policy_module(userdomain,2.1.2)
 
 gen_require(`
 	role sysadm_r, staff_r, user_r;
diff --git a/policy/modules/system/xen.te b/policy/modules/system/xen.te
index bbc7bdaa..c0e0ee00 100644
--- a/policy/modules/system/xen.te
+++ b/policy/modules/system/xen.te
@@ -129,7 +129,6 @@ kernel_read_xen_state(xend_t)
 kernel_rw_net_sysctls(xend_t)
 kernel_read_network_state(xend_t)
 
-corecmd_exec_sbin(xend_t)
 corecmd_exec_bin(xend_t)
 corecmd_exec_shell(xend_t)
 
@@ -325,7 +324,6 @@ kernel_read_xen_state(xm_t)
 kernel_write_xen_state(xm_t)
 
 corecmd_exec_bin(xm_t)
-corecmd_exec_sbin(xm_t)
 
 corenet_tcp_sendrecv_generic_if(xm_t)
 corenet_tcp_sendrecv_all_nodes(xm_t)