diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 0df5803c7..9b79f4a52 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -1132,6 +1132,32 @@ interface(`fs_read_noxattr_fs_symlinks',`
read_lnk_files_pattern($1, noxattrfs, noxattrfs)
')
+########################################
+##
+## Relabel all objets from filesystems that
+## do not support extended attributes.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`fs_relabelfrom_noxattr_fs',`
+ gen_require(`
+ attribute noxattrfs;
+ ')
+
+ allow $1 noxattrfs:dir list_dir_perms;
+ relabelfrom_dirs_pattern($1, noxattrfs, noxattrfs)
+ relabelfrom_files_pattern($1, noxattrfs, noxattrfs)
+ relabelfrom_lnk_files_pattern($1, noxattrfs, noxattrfs)
+ relabelfrom_fifo_files_pattern($1, noxattrfs, noxattrfs)
+ relabelfrom_sock_files_pattern($1, noxattrfs, noxattrfs)
+ relabelfrom_blk_files_pattern($1, noxattrfs, noxattrfs)
+ relabelfrom_chr_files_pattern($1, noxattrfs, noxattrfs)
+')
+
########################################
##
## Do not audit attempts to read
@@ -4439,6 +4465,25 @@ interface(`fs_getattr_all_files',`
getattr_files_pattern($1, filesystem_type, filesystem_type)
')
+########################################
+##
+## Do not audit attempts to get the attributes
+## of all files with a filesystem type.
+##
+##
+##
+## Domain to not audit.
+##
+##
+#
+interface(`fs_dontaudit_getattr_all_files',`
+ gen_require(`
+ attribute filesystem_type;
+ ')
+
+ dontaudit $1 filesystem_type:file getattr;
+')
+
########################################
##
## Get the attributes of all symbolic links with
@@ -4458,6 +4503,25 @@ interface(`fs_getattr_all_symlinks',`
getattr_lnk_files_pattern($1, filesystem_type, filesystem_type)
')
+########################################
+##
+## Do not audit attempts to get the attributes
+## of all symbolic links with a filesystem type.
+##
+##
+##
+## Domain to not audit.
+##
+##
+#
+interface(`fs_dontaudit_getattr_all_symlinks',`
+ gen_require(`
+ attribute filesystem_type;
+ ')
+
+ dontaudit $1 filesystem_type:lnk_file getattr;
+')
+
########################################
##
## Get the attributes of all named pipes with
@@ -4477,6 +4541,25 @@ interface(`fs_getattr_all_pipes',`
getattr_fifo_files_pattern($1, filesystem_type, filesystem_type)
')
+########################################
+##
+## Do not audit attempts to get the attributes
+## of all named pipes with a filesystem type.
+##
+##
+##
+## Domain to not audit.
+##
+##
+#
+interface(`fs_dontaudit_getattr_all_pipes',`
+ gen_require(`
+ attribute filesystem_type;
+ ')
+
+ dontaudit $1 filesystem_type:fifo_file getattr;
+')
+
########################################
##
## Get the attributes of all named sockets with
@@ -4496,62 +4579,6 @@ interface(`fs_getattr_all_sockets',`
getattr_sock_files_pattern($1, filesystem_type, filesystem_type)
')
-########################################
-##
-## Do not audit attempts to get the attributes
-## of all files with a filesystem type.
-##
-##
-##
-## Domain allowed access.
-##
-##
-#
-interface(`fs_dontaudit_getattr_all_files',`
- gen_require(`
- attribute filesystem_type;
- ')
-
- dontaudit $1 filesystem_type:file getattr;
-')
-
-########################################
-##
-## Do not audit attempts to get the attributes
-## of all symbolic links with a filesystem type.
-##
-##
-##
-## Domain allowed access.
-##
-##
-#
-interface(`fs_dontaudit_getattr_all_symlinks',`
- gen_require(`
- attribute filesystem_type;
- ')
-
- dontaudit $1 filesystem_type:lnk_file getattr;
-')
-
-########################################
-##
-## Do not audit attempts to get the attributes
-## of all named pipes with a filesystem type.
-##
-##
-##
-## Domain allowed access.
-##
-##
-#
-interface(`fs_dontaudit_getattr_all_pipes',`
- gen_require(`
- attribute filesystem_type;
- ')
-
- dontaudit $1 filesystem_type:fifo_file getattr;
-')
########################################
##
@@ -4560,7 +4587,7 @@ interface(`fs_dontaudit_getattr_all_pipes',`
##
##
##
-## Domain allowed access.
+## Domain to not audit.
##
##
#
@@ -4627,29 +4654,3 @@ interface(`fs_unconfined',`
typeattribute $1 filesystem_unconfined_type;
')
-
-########################################
-##
-## Relabel all objets from filesystems that
-## do not support extended attributes.
-##
-##
-##
-## Domain allowed access.
-##
-##
-#
-interface(`fs_relabelfrom_noxattr_fs',`
- gen_require(`
- attribute noxattrfs;
- ')
-
- allow $1 noxattrfs:dir list_dir_perms;
- relabelfrom_dirs_pattern($1, noxattrfs, noxattrfs)
- relabelfrom_files_pattern($1, noxattrfs, noxattrfs)
- relabelfrom_lnk_files_pattern($1, noxattrfs, noxattrfs)
- relabelfrom_fifo_files_pattern($1, noxattrfs, noxattrfs)
- relabelfrom_sock_files_pattern($1, noxattrfs, noxattrfs)
- relabelfrom_blk_files_pattern($1, noxattrfs, noxattrfs)
- relabelfrom_chr_files_pattern($1, noxattrfs, noxattrfs)
-')