diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 42e889918..f6a77873f 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -84,6 +84,26 @@ interface(`files_type',`
typeattribute $1 file_type, non_security_file_type, non_auth_file_type;
')
+########################################
+##
+## Mark the specified type as a file
+## that is related to authentication.
+##
+##
+##
+## Type of the authentication-related
+## file.
+##
+##
+#
+interface(`files_auth_file',`
+ gen_require(`
+ attribute file_type, security_file_type, auth_file_type;
+ ')
+
+ typeattribute $1 file_type, security_file_type, auth_file_type;
+')
+
########################################
##
## Make the specified type a file that
@@ -1275,26 +1295,6 @@ interface(`files_unmount_all_file_type_fs',`
allow $1 file_type:filesystem unmount;
')
-########################################
-##
-## Mark the specified type as a file
-## that is related to authentication.
-##
-##
-##
-## Type of the authentication-related
-## file.
-##
-##
-#
-interface(`files_auth_file',`
- gen_require(`
- attribute file_type, security_file_type, auth_file_type;
- ')
-
- typeattribute $1 file_type, security_file_type, auth_file_type;
-')
-
########################################
##
## Read all non-authentication related
@@ -1352,38 +1352,6 @@ interface(`files_read_non_auth_symlinks',`
read_lnk_files_pattern($1, non_auth_file_type, non_auth_file_type)
')
-########################################
-##
-## Relabel all non-authentication related
-## files.
-##
-##
-##
-## Domain allowed access.
-##
-##
-##
-#
-interface(`files_relabel_non_auth_files',`
- gen_require(`
- attribute non_auth_file_type;
- ')
-
- allow $1 non_auth_file_type:dir list_dir_perms;
- relabel_dirs_pattern($1, non_auth_file_type, non_auth_file_type)
- relabel_files_pattern($1, non_auth_file_type, non_auth_file_type)
- relabel_lnk_files_pattern($1, non_auth_file_type, non_auth_file_type)
- relabel_fifo_files_pattern($1, non_auth_file_type, non_auth_file_type)
- relabel_sock_files_pattern($1, non_auth_file_type, non_auth_file_type)
- # this is only relabelfrom since there should be no
- # device nodes with file types.
- relabelfrom_blk_files_pattern($1, non_auth_file_type, non_auth_file_type)
- relabelfrom_chr_files_pattern($1, non_auth_file_type, non_auth_file_type)
-
- # satisfy the assertions:
- seutil_relabelto_bin_policy($1)
-')
-
########################################
##
## rw non-authentication related files.
@@ -1430,6 +1398,38 @@ interface(`files_manage_non_auth_files',`
files_manage_kernel_modules($1)
')
+########################################
+##
+## Relabel all non-authentication related
+## files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+#
+interface(`files_relabel_non_auth_files',`
+ gen_require(`
+ attribute non_auth_file_type;
+ ')
+
+ allow $1 non_auth_file_type:dir list_dir_perms;
+ relabel_dirs_pattern($1, non_auth_file_type, non_auth_file_type)
+ relabel_files_pattern($1, non_auth_file_type, non_auth_file_type)
+ relabel_lnk_files_pattern($1, non_auth_file_type, non_auth_file_type)
+ relabel_fifo_files_pattern($1, non_auth_file_type, non_auth_file_type)
+ relabel_sock_files_pattern($1, non_auth_file_type, non_auth_file_type)
+ # this is only relabelfrom since there should be no
+ # device nodes with file types.
+ relabelfrom_blk_files_pattern($1, non_auth_file_type, non_auth_file_type)
+ relabelfrom_chr_files_pattern($1, non_auth_file_type, non_auth_file_type)
+
+ # satisfy the assertions:
+ seutil_relabelto_bin_policy($1)
+')
+
#############################################
##
## Manage all configuration directories on filesystem