diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index e2b254ce3..b6522daca 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -76,10 +76,6 @@ manage_lnk_files_pattern(udev_t, udev_var_run_t, udev_var_run_t)
 manage_sock_files_pattern(udev_t, udev_var_run_t, udev_var_run_t)
 files_pid_filetrans(udev_t, udev_var_run_t, dir, "udev")
 
-ifdef(`distro_debian',`
-	files_pid_filetrans(udev_t, udev_var_run_t, dir, "xen-hotplug")
-')
-
 kernel_read_system_state(udev_t)
 kernel_request_load_module(udev_t)
 kernel_getattr_core_if(udev_t)
@@ -178,6 +174,8 @@ sysnet_etc_filetrans_config(udev_t)
 userdom_dontaudit_search_user_home_content(udev_t)
 
 ifdef(`distro_debian',`
+	files_pid_filetrans(udev_t, udev_var_run_t, dir, "xen-hotplug")
+
 	optional_policy(`
 		# for /usr/lib/avahi/avahi-daemon-check-dns.sh
 		kernel_read_vm_sysctls(udev_t)