diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
index 2dad3c8e4..8ddd804c5 100644
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -291,29 +291,6 @@ optional_policy(`
 	xserver_domtrans_xauth(sshd_t)
 ')
 
-ifdef(`TODO',`
-tunable_policy(`ssh_sysadm_login',`
-	# Relabel and access ptys created by sshd
-	# ioctl is necessary for logout() processing for utmp entry and for w to
-	# display the tty.
-	# some versions of sshd on the new SE Linux require setattr
-	allow sshd_t ptyfile:chr_file relabelto;
-
-	optional_policy(`
-		domain_trans(sshd_t, xauth_exec_t, userdomain)
-	')
-',`
-	optional_policy(`
-		domain_trans(sshd_t, xauth_exec_t, unpriv_userdomain)
-	')
-	# Relabel and access ptys created by sshd
-	# ioctl is necessary for logout() processing for utmp entry and for w to
-	# display the tty.
-	# some versions of sshd on the new SE Linux require setattr
-	allow sshd_t userpty_type:chr_file { relabelto read write getattr ioctl setattr };
-')
-') dnl endif TODO
-
 ########################################
 #
 # ssh_keygen local policy
diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te
index 9863d89dd..21b8a8cc8 100644
--- a/policy/modules/system/ipsec.te
+++ b/policy/modules/system/ipsec.te
@@ -328,13 +328,6 @@ optional_policy(`
 	nscd_socket_use(ipsec_mgmt_t)
 ')
 
-ifdef(`TODO',`
-# ideally it would not need this.  It wants to write to /root/.rnd
-file_type_auto_trans(ipsec_mgmt_t, sysadm_home_dir_t, sysadm_home_t, file)
-
-allow ipsec_mgmt_t dev_fs:file_class_set getattr;
-') dnl end TODO
-
 ########################################
 #
 # Racoon local policy