From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-801852-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id AEBD5138CD0
	for <garchives@archives.gentoo.org>; Fri, 22 May 2015 19:32:32 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id E5FE5E08F7;
	Fri, 22 May 2015 19:32:28 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id F0470E08EB
	for <gentoo-commits@lists.gentoo.org>; Fri, 22 May 2015 19:32:27 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 0AFD5340C25
	for <gentoo-commits@lists.gentoo.org>; Fri, 22 May 2015 19:32:27 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 5231BA03
	for <gentoo-commits@lists.gentoo.org>; Fri, 22 May 2015 19:32:24 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1432322363.d6a80852487e87428cb97f9d9f776bd2f7ac4348.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/abrt.if policy/modules/contrib/acct.if policy/modules/contrib/afs.if policy/modules/contrib/aiccu.if policy/modules/contrib/aisexec.if policy/modules/contrib/amavis.if policy/modules/contrib/amtu.if policy/modules/contrib/apache.if policy/modules/contrib/apcupsd.if policy/modules/contrib/apm.if policy/modules/contrib/arpwatch.if policy/modules/contrib/asterisk.if policy/modules/contrib/automount.if policy/modules/contrib/avahi.if policy/modules/contrib/bacula.if policy/modules/contrib/bcfg2.if policy/modules/contrib/bind.if policy/modules/contrib/bird.if policy/modules/contrib/bitlbee.if policy/modules/contrib/bluetooth.if policy/modules/contrib/boinc.if policy/modules/contrib/cachefilesd.if policy/modules/contrib/callweaver.if policy/modules/contrib/canna.if policy/modules/contrib/ccs.if policy/modules/contrib/certmaster.if policy/modules/contrib/certmonger.if policy/modules/contrib/cfengine.if policy/modules/contrib/cgroup.if policy/modules/contr
 ib/chronyd.if policy/modules/contrib/cipe.if policy/modules/contrib/clamav.if policy/modules/contrib/cmirrord.if policy/modules/contrib/cobbler.if policy/modules/contrib/collectd.if policy/modules/contrib/condor.if policy/modules/contrib/corosync.if policy/modules/contrib/couchdb.if policy/modules/contrib/ctdb.if policy/modules/contrib/cups.if policy/modules/contrib/cvs.if policy/modules/contrib/cyphesis.if policy/modules/contrib/cyrus.if policy/modules/contrib/dante.if policy/modules/contrib/ddclient.if policy/modules/contrib/denyhosts.if policy/modules/contrib/dhcp.if policy/modules/contrib/dictd.if policy/modules/contrib/dirmngr.if policy/modules/contrib/distcc.if policy/modules/contrib/dkim.if policy/modules/contrib/dnsmasq.if policy/modules/contrib/dnssectrigger.if policy/modules/contrib/dovecot.if policy/modules/contrib/drbd.if policy/modules/contrib/dspam.if policy/modules/contrib/entropyd.if policy/modules/contrib/exim.if policy/modules/contrib/fail2ban.if policy/modules/con
 trib/fcoe.if policy/modules/contrib/fetchmail.if policy/modules/contrib/firewalld.if policy/modules/contrib/ftp.if policy/modules/contrib/gatekeeper.if policy/modules/contrib/gdomap.if policy/modules/contrib/glance.if policy/modules/contrib/glusterfs.if policy/modules/contrib/gpm.if policy/modules/contrib/gpsd.if policy/modules/contrib/hadoop.if policy/modules/contrib/hddtemp.if policy/modules/contrib/howl.if policy/modules/contrib/hypervkvp.if policy/modules/contrib/i18n_input.if policy/modules/contrib/icecast.if policy/modules/contrib/ifplugd.if policy/modules/contrib/inn.if policy/modules/contrib/iodine.if policy/modules/contrib/ircd.if policy/modules/contrib/irqbalance.if policy/modules/contrib/iscsi.if policy/modules/contrib/isns.if policy/modules/contrib/jabber.if policy/modules/contrib/kdump.if policy/modules/contrib/kerberos.if policy/modules/contrib/kerneloops.if policy/modules/contrib/keystone.if policy/modules/contrib/kismet.if policy/modules/contrib/ksmtuned.if policy/mo
 dules/contrib/kudzu.if policy/modules/contrib/l2tp.if policy/modules/contrib/ldap.if policy/modules/contrib/likewise.if policy/modules/contrib/lircd.if policy/modules/contrib/lldpad.if policy/modules/contrib/mailscanner.if policy/modules/contrib/mcelog.if policy/modules/contrib/memcached.if policy/modules/contrib/minidlna.if policy/modules/contrib/minissdpd.if policy/modules/contrib/mongodb.if policy/modules/contrib/monop.if policy/modules/contrib/mpd.if policy/modules/contrib/mrtg.if policy/modules/contrib/munin.if policy/modules/contrib/mysql.if
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: d6a80852487e87428cb97f9d9f776bd2f7ac4348
X-VCS-Branch: master
Date: Fri, 22 May 2015 19:32:24 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 8ca9536d-8a9a-4442-94df-71b827d3c869
X-Archives-Hash: 51d23c10ffff8af57e5fd1f3347a56d8

commit:     d6a80852487e87428cb97f9d9f776bd2f7ac4348
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Fri May 22 14:08:42 2015 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri May 22 19:19:23 2015 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=d6a80852

Use init_startstop_service in admin interfaces A-M

Most foo_admin interfaces have transitions on the
foo_initrc_exec_t to system_r. These are only applicable
for RedHat <6. This replaces them with the interface
init_startstop_service which can easily be changed for
other init systems.

make validate passes for all combinations of distros,
standard/mcs/mls, monolithic y/n and direct_initrc y/n

This patch is for files starting with A-M.

 policy/modules/contrib/abrt.if          | 5 +----
 policy/modules/contrib/acct.if          | 5 +----
 policy/modules/contrib/afs.if           | 5 +----
 policy/modules/contrib/aiccu.if         | 5 +----
 policy/modules/contrib/aisexec.if       | 5 +----
 policy/modules/contrib/amavis.if        | 5 +----
 policy/modules/contrib/amtu.if          | 5 +----
 policy/modules/contrib/apache.if        | 5 +----
 policy/modules/contrib/apcupsd.if       | 5 +----
 policy/modules/contrib/apm.if           | 5 +----
 policy/modules/contrib/arpwatch.if      | 5 +----
 policy/modules/contrib/asterisk.if      | 5 +----
 policy/modules/contrib/automount.if     | 5 +----
 policy/modules/contrib/avahi.if         | 5 +----
 policy/modules/contrib/bacula.if        | 5 +----
 policy/modules/contrib/bcfg2.if         | 5 +----
 policy/modules/contrib/bind.if          | 5 +----
 policy/modules/contrib/bird.if          | 5 +----
 policy/modules/contrib/bitlbee.if       | 5 +----
 policy/modules/contrib/bluetooth.if     | 5 +----
 policy/modules/contrib/boinc.if         | 5 +----
 policy/modules/contrib/cachefilesd.if   | 5 +----
 policy/modules/contrib/callweaver.if    | 5 +----
 policy/modules/contrib/canna.if         | 5 +----
 policy/modules/contrib/ccs.if           | 5 +----
 policy/modules/contrib/certmaster.if    | 5 +----
 policy/modules/contrib/certmonger.if    | 5 +----
 policy/modules/contrib/cfengine.if      | 5 +----
 policy/modules/contrib/cgroup.if        | 7 ++-----
 policy/modules/contrib/chronyd.if       | 5 +----
 policy/modules/contrib/cipe.if          | 5 +----
 policy/modules/contrib/clamav.if        | 5 +----
 policy/modules/contrib/cmirrord.if      | 5 +----
 policy/modules/contrib/cobbler.if       | 5 +----
 policy/modules/contrib/collectd.if      | 5 +----
 policy/modules/contrib/condor.if        | 5 +----
 policy/modules/contrib/corosync.if      | 5 +----
 policy/modules/contrib/couchdb.if       | 5 +----
 policy/modules/contrib/ctdb.if          | 5 +----
 policy/modules/contrib/cups.if          | 5 +----
 policy/modules/contrib/cvs.if           | 5 +----
 policy/modules/contrib/cyphesis.if      | 5 +----
 policy/modules/contrib/cyrus.if         | 5 +----
 policy/modules/contrib/dante.if         | 5 +----
 policy/modules/contrib/ddclient.if      | 5 +----
 policy/modules/contrib/denyhosts.if     | 5 +----
 policy/modules/contrib/dhcp.if          | 5 +----
 policy/modules/contrib/dictd.if         | 5 +----
 policy/modules/contrib/dirmngr.if       | 5 +----
 policy/modules/contrib/distcc.if        | 5 +----
 policy/modules/contrib/dkim.if          | 5 +----
 policy/modules/contrib/dnsmasq.if       | 5 +----
 policy/modules/contrib/dnssectrigger.if | 5 +----
 policy/modules/contrib/dovecot.if       | 5 +----
 policy/modules/contrib/drbd.if          | 5 +----
 policy/modules/contrib/dspam.if         | 5 +----
 policy/modules/contrib/entropyd.if      | 5 +----
 policy/modules/contrib/exim.if          | 5 +----
 policy/modules/contrib/fail2ban.if      | 5 +----
 policy/modules/contrib/fcoe.if          | 5 +----
 policy/modules/contrib/fetchmail.if     | 5 +----
 policy/modules/contrib/firewalld.if     | 5 +----
 policy/modules/contrib/ftp.if           | 5 +----
 policy/modules/contrib/gatekeeper.if    | 5 +----
 policy/modules/contrib/gdomap.if        | 5 +----
 policy/modules/contrib/glance.if        | 6 ++----
 policy/modules/contrib/glusterfs.if     | 5 +----
 policy/modules/contrib/gpm.if           | 5 +----
 policy/modules/contrib/gpsd.if          | 5 +----
 policy/modules/contrib/hadoop.if        | 5 +----
 policy/modules/contrib/hddtemp.if       | 5 +----
 policy/modules/contrib/howl.if          | 5 +----
 policy/modules/contrib/hypervkvp.if     | 5 +----
 policy/modules/contrib/i18n_input.if    | 5 +----
 policy/modules/contrib/icecast.if       | 5 +----
 policy/modules/contrib/ifplugd.if       | 5 +----
 policy/modules/contrib/inn.if           | 5 +----
 policy/modules/contrib/iodine.if        | 5 +----
 policy/modules/contrib/ircd.if          | 5 +----
 policy/modules/contrib/irqbalance.if    | 5 +----
 policy/modules/contrib/iscsi.if         | 5 +----
 policy/modules/contrib/isns.if          | 5 +----
 policy/modules/contrib/jabber.if        | 5 +----
 policy/modules/contrib/kdump.if         | 5 +----
 policy/modules/contrib/kerberos.if      | 5 +----
 policy/modules/contrib/kerneloops.if    | 5 +----
 policy/modules/contrib/keystone.if      | 5 +----
 policy/modules/contrib/kismet.if        | 5 +----
 policy/modules/contrib/ksmtuned.if      | 5 +----
 policy/modules/contrib/kudzu.if         | 5 +----
 policy/modules/contrib/l2tp.if          | 5 +----
 policy/modules/contrib/ldap.if          | 5 +----
 policy/modules/contrib/likewise.if      | 5 +----
 policy/modules/contrib/lircd.if         | 5 +----
 policy/modules/contrib/lldpad.if        | 5 +----
 policy/modules/contrib/mailscanner.if   | 5 +----
 policy/modules/contrib/mcelog.if        | 5 +----
 policy/modules/contrib/memcached.if     | 5 +----
 policy/modules/contrib/minidlna.if      | 5 +----
 policy/modules/contrib/minissdpd.if     | 5 +----
 policy/modules/contrib/mongodb.if       | 5 +----
 policy/modules/contrib/monop.if         | 5 +----
 policy/modules/contrib/mpd.if           | 5 +----
 policy/modules/contrib/mrtg.if          | 5 +----
 policy/modules/contrib/munin.if         | 5 +----
 policy/modules/contrib/mysql.if         | 6 ++----
 106 files changed, 109 insertions(+), 425 deletions(-)

diff --git a/policy/modules/contrib/abrt.if b/policy/modules/contrib/abrt.if
index 058d908..39b6d29 100644
--- a/policy/modules/contrib/abrt.if
+++ b/policy/modules/contrib/abrt.if
@@ -304,10 +304,7 @@ interface(`abrt_admin',`
 	allow $1 abrt_domain:process { ptrace signal_perms };
 	ps_process_pattern($1, abrt_domain)
 
-	init_labeled_script_domtrans($1, abrt_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 abrt_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, abrt_t, abrt_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, abrt_etc_t)

diff --git a/policy/modules/contrib/acct.if b/policy/modules/contrib/acct.if
index 81280d0..59d95d0 100644
--- a/policy/modules/contrib/acct.if
+++ b/policy/modules/contrib/acct.if
@@ -106,10 +106,7 @@ interface(`acct_admin',`
 	allow $1 acct_t:process { ptrace signal_perms };
 	ps_process_pattern($1, acct_t)
 
-	init_labeled_script_domtrans($1, acct_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 acct_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, acct_t, acct_initrc_exec_t)
 
 	logging_search_logs($1)
 	admin_pattern($1, acct_data_t)

diff --git a/policy/modules/contrib/afs.if b/policy/modules/contrib/afs.if
index 3b41be6..d934f45 100644
--- a/policy/modules/contrib/afs.if
+++ b/policy/modules/contrib/afs.if
@@ -103,10 +103,7 @@ interface(`afs_admin',`
 	allow $1 afs_domain:process { ptrace signal_perms };
 	ps_process_pattern($1, afs_domain)
 
-	afs_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 afs_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, afs_domain, afs_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, afs_config_t)

diff --git a/policy/modules/contrib/aiccu.if b/policy/modules/contrib/aiccu.if
index 3b5dcb9..cd22faa 100644
--- a/policy/modules/contrib/aiccu.if
+++ b/policy/modules/contrib/aiccu.if
@@ -82,10 +82,7 @@ interface(`aiccu_admin',`
 	allow $1 aiccu_t:process { ptrace signal_perms };
 	ps_process_pattern($1, aiccu_t)
 
-	aiccu_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 aiccu_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, aiccu_t, aiccu_initrc_exec_t)
 
 	admin_pattern($1, aiccu_etc_t)
 	files_list_etc($1)

diff --git a/policy/modules/contrib/aisexec.if b/policy/modules/contrib/aisexec.if
index a2997fa..9e1a105 100644
--- a/policy/modules/contrib/aisexec.if
+++ b/policy/modules/contrib/aisexec.if
@@ -86,10 +86,7 @@ interface(`aisexecd_admin',`
 	allow $1 aisexec_t:process { ptrace signal_perms };
 	ps_process_pattern($1, aisexec_t)
 
-	init_labeled_script_domtrans($1, aisexec_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 aisexec_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, aisexec_t, aisexec_initrc_exec_t)
 
 	files_list_var_lib($1)
 	admin_pattern($1, aisexec_var_lib_t)

diff --git a/policy/modules/contrib/amavis.if b/policy/modules/contrib/amavis.if
index 60d4f8c..f8a810c 100644
--- a/policy/modules/contrib/amavis.if
+++ b/policy/modules/contrib/amavis.if
@@ -237,10 +237,7 @@ interface(`amavis_admin',`
 	allow $1 amavis_t:process { ptrace signal_perms };
 	ps_process_pattern($1, amavis_t)
 
-	amavis_initrc_domtrans($1)
- 	domain_system_change_exemption($1)
- 	role_transition $2 amavis_initrc_exec_t system_r;
- 	allow $2 system_r;
+	init_startstop_service($1, $2, amavis_t, amavis_initrc_exec_t)
 
 	files_list_etc($1)
 	admin_pattern($1, amavis_etc_t)

diff --git a/policy/modules/contrib/amtu.if b/policy/modules/contrib/amtu.if
index 884b23b..6942560 100644
--- a/policy/modules/contrib/amtu.if
+++ b/policy/modules/contrib/amtu.if
@@ -70,8 +70,5 @@ interface(`amtu_admin',`
 	allow $1 amtu_t:process { ptrace signal_perms };
 	ps_process_pattern($1, amtu_t)
 
-	init_labeled_script_domtrans($1, amtu_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 amtu_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, amtu_t, amtu_initrc_exec_t)
 ')

diff --git a/policy/modules/contrib/apache.if b/policy/modules/contrib/apache.if
index 717c6f7..16539db 100644
--- a/policy/modules/contrib/apache.if
+++ b/policy/modules/contrib/apache.if
@@ -1318,10 +1318,7 @@ interface(`apache_admin',`
 	ps_process_pattern($1, { httpd_script_domains httpd_t httpd_helper_t })
 	ps_process_pattern($1, { httpd_rotatelogs_t httpd_suexec_t httpd_passwd_t })
 
-	init_labeled_script_domtrans($1, httpd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 httpd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, httpd_t, httpd_initrc_exec_t)
 
 	apache_manage_all_content($1)
 	miscfiles_manage_public_files($1)

diff --git a/policy/modules/contrib/apcupsd.if b/policy/modules/contrib/apcupsd.if
index f3c0aba..3dda634 100644
--- a/policy/modules/contrib/apcupsd.if
+++ b/policy/modules/contrib/apcupsd.if
@@ -149,10 +149,7 @@ interface(`apcupsd_admin',`
 	allow $1 apcupsd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, apcupsd_t)
 
-	apcupsd_initrc_domtrans($1, apcupsd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 apcupsd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, apcupsd_t, apcupsd_initrc_exec_t)
 
 	files_list_var($1)
 	admin_pattern($1, apcupsd_lock_t)

diff --git a/policy/modules/contrib/apm.if b/policy/modules/contrib/apm.if
index 1a7a97e..32a59e1 100644
--- a/policy/modules/contrib/apm.if
+++ b/policy/modules/contrib/apm.if
@@ -166,10 +166,7 @@ interface(`apm_admin',`
 	allow $1 apmd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, apmd_t)
 
-	init_labeled_script_domtrans($1, apmd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 apmd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, apmd_t, apmd_initrc_exec_t)
 
 	logging_search_logs($1)
 	admin_pattern($1, apmd_log_t)

diff --git a/policy/modules/contrib/arpwatch.if b/policy/modules/contrib/arpwatch.if
index 50c9b9c..76389b7 100644
--- a/policy/modules/contrib/arpwatch.if
+++ b/policy/modules/contrib/arpwatch.if
@@ -143,10 +143,7 @@ interface(`arpwatch_admin',`
 	allow $1 arpwatch_t:process { ptrace signal_perms };
 	ps_process_pattern($1, arpwatch_t)
 
-	arpwatch_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 arpwatch_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, arpwatch_t, arpwatch_initrc_exec_t)
 
 	files_list_tmp($1)
 	admin_pattern($1, arpwatch_tmp_t)

diff --git a/policy/modules/contrib/asterisk.if b/policy/modules/contrib/asterisk.if
index 2077053..2e3f5a4 100644
--- a/policy/modules/contrib/asterisk.if
+++ b/policy/modules/contrib/asterisk.if
@@ -127,10 +127,7 @@ interface(`asterisk_admin',`
 	allow $1 asterisk_t:process { ptrace signal_perms };
 	ps_process_pattern($1, asterisk_t)
 
-	init_labeled_script_domtrans($1, asterisk_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 asterisk_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, asterisk_t, asterisk_initrc_exec_t)
 
 	asterisk_exec($1)
 

diff --git a/policy/modules/contrib/automount.if b/policy/modules/contrib/automount.if
index f24e369..37847d9 100644
--- a/policy/modules/contrib/automount.if
+++ b/policy/modules/contrib/automount.if
@@ -159,10 +159,7 @@ interface(`automount_admin',`
 	allow $1 automount_t:process { ptrace signal_perms };
 	ps_process_pattern($1, automount_t)
 
-	init_labeled_script_domtrans($1, automount_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 automount_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, automount_t, automount_initrc_exec_t)
 
 	files_list_etc($1)
 	admin_pattern($1, automount_keytab_t)

diff --git a/policy/modules/contrib/avahi.if b/policy/modules/contrib/avahi.if
index 9078c3d..4652358 100644
--- a/policy/modules/contrib/avahi.if
+++ b/policy/modules/contrib/avahi.if
@@ -264,10 +264,7 @@ interface(`avahi_admin',`
 	allow $1 avahi_t:process { ptrace signal_perms };
 	ps_process_pattern($1, avahi_t)
 
-	avahi_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 avahi_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, avahi_t, avahi_initrc_exec_t)
 
 	files_search_pids($1)
 	admin_pattern($1, avahi_var_run_t)

diff --git a/policy/modules/contrib/bacula.if b/policy/modules/contrib/bacula.if
index dcd774e..18ad480 100644
--- a/policy/modules/contrib/bacula.if
+++ b/policy/modules/contrib/bacula.if
@@ -74,10 +74,7 @@ interface(`bacula_admin',`
 	allow $1 bacula_t:process { ptrace signal_perms };
 	ps_process_pattern($1, bacula_t)
 
-	init_labeled_script_domtrans($1, bacula_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 bacula_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, bacula_t, bacula_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, bacula_etc_t)

diff --git a/policy/modules/contrib/bcfg2.if b/policy/modules/contrib/bcfg2.if
index ec95d36..0cd2d35 100644
--- a/policy/modules/contrib/bcfg2.if
+++ b/policy/modules/contrib/bcfg2.if
@@ -141,10 +141,7 @@ interface(`bcfg2_admin',`
 	allow $1 bcfg2_t:process { ptrace signal_perms };
 	ps_process_pattern($1, bcfg2_t)
 
-	bcfg2_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 bcfg2_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, bcfg2_t, bcfg2_initrc_exec_t)
 
 	files_search_pids($1)
 	admin_pattern($1, bcfg2_var_run_t)

diff --git a/policy/modules/contrib/bind.if b/policy/modules/contrib/bind.if
index 531a8f2..9654435 100644
--- a/policy/modules/contrib/bind.if
+++ b/policy/modules/contrib/bind.if
@@ -370,10 +370,7 @@ interface(`bind_admin',`
 	allow $1 { named_t ndc_t }:process { ptrace signal_perms };
 	ps_process_pattern($1, { named_t ndc_t })
 
-	init_labeled_script_domtrans($1, named_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 named_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, named_t, named_initrc_exec_t)
 
 	files_list_tmp($1)
 	admin_pattern($1, named_tmp_t)

diff --git a/policy/modules/contrib/bird.if b/policy/modules/contrib/bird.if
index 85c035f..d744d6b 100644
--- a/policy/modules/contrib/bird.if
+++ b/policy/modules/contrib/bird.if
@@ -26,10 +26,7 @@ interface(`bird_admin',`
 	allow $1 bird_t:process { ptrace signal_perms };
 	ps_process_pattern($1, bird_t)
 
-	init_labeled_script_domtrans($1, bird_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 bird_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, bird_t, bird_initrc_exec_t)
 
 	files_list_etc($1)
 	admin_pattern($1, bird_etc_t)

diff --git a/policy/modules/contrib/bitlbee.if b/policy/modules/contrib/bitlbee.if
index e73fb79..3409d80 100644
--- a/policy/modules/contrib/bitlbee.if
+++ b/policy/modules/contrib/bitlbee.if
@@ -47,10 +47,7 @@ interface(`bitlbee_admin',`
 	allow $1 bitlbee_t:process { ptrace signal_perms };
 	ps_process_pattern($1, bitlbee_t)
 
-	init_labeled_script_domtrans($1, bitlbee_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 bitlbee_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, bitlbee_t, bitlbee_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, bitlbee_conf_t)

diff --git a/policy/modules/contrib/bluetooth.if b/policy/modules/contrib/bluetooth.if
index c723a0a..09d6248 100644
--- a/policy/modules/contrib/bluetooth.if
+++ b/policy/modules/contrib/bluetooth.if
@@ -216,10 +216,7 @@ interface(`bluetooth_admin',`
 	allow $1 bluetooth_t:process { ptrace signal_perms };
 	ps_process_pattern($1, bluetooth_t)
 
-	init_labeled_script_domtrans($1, bluetooth_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 bluetooth_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, bluetooth_t, bluetooth_initrc_exec_t)
 
 	files_list_tmp($1)
 	admin_pattern($1, bluetooth_tmp_t)

diff --git a/policy/modules/contrib/boinc.if b/policy/modules/contrib/boinc.if
index 02fefaa..464a896 100644
--- a/policy/modules/contrib/boinc.if
+++ b/policy/modules/contrib/boinc.if
@@ -28,10 +28,7 @@ interface(`boinc_admin',`
 	allow $1 { boinc_t boinc_project_t }:process { ptrace signal_perms };
 	ps_process_pattern($1, { boinc_t boinc_project_t })
 
-	init_labeled_script_domtrans($1, boinc_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 boinc_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, boinc_t, boinc_initrc_exec_t)
 
 	logging_search_logs($1)
 	admin_pattern($1, boinc_log_t)

diff --git a/policy/modules/contrib/cachefilesd.if b/policy/modules/contrib/cachefilesd.if
index 8de2ab9..c4084b9 100644
--- a/policy/modules/contrib/cachefilesd.if
+++ b/policy/modules/contrib/cachefilesd.if
@@ -26,10 +26,7 @@ interface(`cachefilesd_admin',`
 	allow $1 cachefilesd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, cachefilesd_t)
 
-	init_labeled_script_domtrans($1, cachefilesd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 cachefilesd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, cachefilesd_t, cachefilesd_initrc_exec_t)
 
 	files_search_var($1)
 	admin_pattern($1, cachefilesd_cache_t)

diff --git a/policy/modules/contrib/callweaver.if b/policy/modules/contrib/callweaver.if
index 16f1855..f89bf39 100644
--- a/policy/modules/contrib/callweaver.if
+++ b/policy/modules/contrib/callweaver.if
@@ -65,10 +65,7 @@ interface(`callweaver_admin',`
 	allow $1 callweaver_t:process { ptrace signal_perms };
 	ps_process_pattern($1, callweaver_t)
 
-	init_labeled_script_domtrans($1, callweaver_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 callweaver_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, callweaver_t, callweaver_initrc_exec_t)
 
 	logging_search_logs($1)
 	admin_pattern($1, callweaver_log_t)

diff --git a/policy/modules/contrib/canna.if b/policy/modules/contrib/canna.if
index 400db07..e3fd199 100644
--- a/policy/modules/contrib/canna.if
+++ b/policy/modules/contrib/canna.if
@@ -46,10 +46,7 @@ interface(`canna_admin',`
 	allow $1 canna_t:process { ptrace signal_perms };
 	ps_process_pattern($1, canna_t)
 
-	init_labeled_script_domtrans($1, canna_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 canna_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, canna_t, canna_initrc_exec_t)
 
 	logging_list_logs($1)
 	admin_pattern($1, canna_log_t)

diff --git a/policy/modules/contrib/ccs.if b/policy/modules/contrib/ccs.if
index bb17e0f..92f67fa 100644
--- a/policy/modules/contrib/ccs.if
+++ b/policy/modules/contrib/ccs.if
@@ -105,10 +105,7 @@ interface(`ccs_admin',`
 	allow $1 ccs_t:process { ptrace signal_perms };
 	ps_process_pattern($1, ccs_t)
 
-	init_labeled_script_domtrans($1, ccs_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 ccs_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, ccs_t, ccs_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, ccs_conf_t)

diff --git a/policy/modules/contrib/certmaster.if b/policy/modules/contrib/certmaster.if
index 0c53b18..741fdd3 100644
--- a/policy/modules/contrib/certmaster.if
+++ b/policy/modules/contrib/certmaster.if
@@ -124,10 +124,7 @@ interface(`certmaster_admin',`
 	allow $1 certmaster_t:process { ptrace signal_perms };
 	ps_process_pattern($1, certmaster_t)
 
-	init_labeled_script_domtrans($1, certmaster_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 certmaster_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, certmaster_t, certmaster_initrc_exec_t)
 
 	files_list_etc($1)
 	miscfiles_manage_generic_cert_dirs($1)

diff --git a/policy/modules/contrib/certmonger.if b/policy/modules/contrib/certmonger.if
index 008f8ef..3a456b7 100644
--- a/policy/modules/contrib/certmonger.if
+++ b/policy/modules/contrib/certmonger.if
@@ -162,10 +162,7 @@ interface(`certmonger_admin',`
 	ps_process_pattern($1, certmonger_t)
 	allow $1 certmonger_t:process { ptrace signal_perms };
 
-	certmonger_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 certmonger_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, certmonger_t, certmonger_initrc_exec_t)
 
 	files_search_var_lib($1)
 	admin_pattern($1, certmonger_var_lib_t)

diff --git a/policy/modules/contrib/cfengine.if b/policy/modules/contrib/cfengine.if
index a731122..fdef5f3 100644
--- a/policy/modules/contrib/cfengine.if
+++ b/policy/modules/contrib/cfengine.if
@@ -97,10 +97,7 @@ interface(`cfengine_admin',`
 	allow $1 cfengine_domain:process { ptrace signal_perms };
 	ps_process_pattern($1, cfengine_domain)
 
-	init_labeled_script_domtrans($1, cfengine_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 cfengine_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, cfengine_domain, cfengine_initrc_exec_t)
 
 	files_search_var_lib($1)
 	admin_pattern($1, { cfengine_log_t cfengine_var_lib_t })

diff --git a/policy/modules/contrib/cgroup.if b/policy/modules/contrib/cgroup.if
index 85ca63f..2f8fa6f 100644
--- a/policy/modules/contrib/cgroup.if
+++ b/policy/modules/contrib/cgroup.if
@@ -180,11 +180,8 @@ interface(`cgroup_admin',`
 	admin_pattern($1, cgred_var_run_t)
 	files_list_pids($1)
 
-	cgroup_initrc_domtrans_cgconfig($1)
-	cgroup_initrc_domtrans_cgred($1)
-	domain_system_change_exemption($1)
-	role_transition $2 { cgconfig_initrc_exec_t cgred_initrc_exec_t } system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, cgred_t, cgred_initrc_exec_t)
+	init_startstop_service($1, $2, cgconfig_t, cgconfig_initrc_exec_t)
 
 	cgroup_run_cgclear($1, $2)
 ')

diff --git a/policy/modules/contrib/chronyd.if b/policy/modules/contrib/chronyd.if
index 32e8265..3d45be4 100644
--- a/policy/modules/contrib/chronyd.if
+++ b/policy/modules/contrib/chronyd.if
@@ -184,10 +184,7 @@ interface(`chronyd_admin',`
 	allow $1 chronyd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, chronyd_t)
 
-	chronyd_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 chronyd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, chronyd_t, chronyd_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, chronyd_keys_t)

diff --git a/policy/modules/contrib/cipe.if b/policy/modules/contrib/cipe.if
index 5fb51b2..11ec9dc 100644
--- a/policy/modules/contrib/cipe.if
+++ b/policy/modules/contrib/cipe.if
@@ -25,8 +25,5 @@ interface(`cipe_admin',`
 	allow $1 ciped_t:process { ptrace signal_perms };
 	ps_process_pattern($1, ciped_t)
 
-	init_labeled_script_domtrans($1, ciped_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 ciped_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, ciped_t, ciped_initrc_exec_t)
 ')

diff --git a/policy/modules/contrib/clamav.if b/policy/modules/contrib/clamav.if
index 4cc4a5c..7ad8e80 100644
--- a/policy/modules/contrib/clamav.if
+++ b/policy/modules/contrib/clamav.if
@@ -205,10 +205,7 @@ interface(`clamav_admin',`
 	allow $1 { clamd_t clamscan_t freshclam_t }:process { ptrace signal_perms };
 	ps_process_pattern($1, { clamd_t clamscan_t freshclam_t })
 
-	init_labeled_script_domtrans($1, clamd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 clamd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, clamd_t, clamd_initrc_exec_t)
 
 	files_list_etc($1)
 	admin_pattern($1, clamd_etc_t)

diff --git a/policy/modules/contrib/cmirrord.if b/policy/modules/contrib/cmirrord.if
index cc4e7cb..0785068 100644
--- a/policy/modules/contrib/cmirrord.if
+++ b/policy/modules/contrib/cmirrord.if
@@ -106,10 +106,7 @@ interface(`cmirrord_admin',`
 	allow $1 cmirrord_t:process { ptrace signal_perms };
 	ps_process_pattern($1, cmirrord_t)
 
-	cmirrord_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 cmirrord_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, cmirrord_t, cmirrord_initrc_exec_t)
 
 	files_list_pids($1)
 	admin_pattern($1, cmirrord_var_run_t)

diff --git a/policy/modules/contrib/cobbler.if b/policy/modules/contrib/cobbler.if
index c223f81..376fa84 100644
--- a/policy/modules/contrib/cobbler.if
+++ b/policy/modules/contrib/cobbler.if
@@ -183,10 +183,7 @@ interface(`cobbler_admin',`
 	allow $1 cobblerd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, cobblerd_t)
 
-	cobblerd_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 cobblerd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, cobblerd_t, cobblerd_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, cobbler_etc_t)

diff --git a/policy/modules/contrib/collectd.if b/policy/modules/contrib/collectd.if
index 954309e..a55db07 100644
--- a/policy/modules/contrib/collectd.if
+++ b/policy/modules/contrib/collectd.if
@@ -26,10 +26,7 @@ interface(`collectd_admin',`
 	allow $1 collectd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, collectd_t)
 
-	init_labeled_script_domtrans($1, collectd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 collectd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, collectd_t, collectd_initrc_exec_t)
 
 	files_search_pids($1)
 	admin_pattern($1, collectd_var_run_t)

diff --git a/policy/modules/contrib/condor.if b/policy/modules/contrib/condor.if
index c80aaf5..b2af357 100644
--- a/policy/modules/contrib/condor.if
+++ b/policy/modules/contrib/condor.if
@@ -66,10 +66,7 @@ interface(`condor_admin',`
 	allow $1 condor_domain:process { ptrace signal_perms };
 	ps_process_pattern($1, condor_domain)
 
-	init_labeled_script_domtrans($1, condor_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 condor_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, condor_domain, condor_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, condor_conf_t)

diff --git a/policy/modules/contrib/corosync.if b/policy/modules/contrib/corosync.if
index 694a037..57736aa 100644
--- a/policy/modules/contrib/corosync.if
+++ b/policy/modules/contrib/corosync.if
@@ -165,10 +165,7 @@ interface(`corosync_admin',`
 	allow $1 corosync_t:process { ptrace signal_perms };
 	ps_process_pattern($1, corosync_t)
 
-	corosync_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 corosync_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, corosync_t, corosync_initrc_exec_t)
 
 	files_list_tmp($1)
 	admin_pattern($1, corosync_tmp_t)

diff --git a/policy/modules/contrib/couchdb.if b/policy/modules/contrib/couchdb.if
index 715a826..830c271 100644
--- a/policy/modules/contrib/couchdb.if
+++ b/policy/modules/contrib/couchdb.if
@@ -103,10 +103,7 @@ interface(`couchdb_admin',`
 	allow $1 couchdb_t:process { ptrace signal_perms };
 	ps_process_pattern($1, couchdb_t)
 
-	init_labeled_script_domtrans($1, couchdb_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 couchdb_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, couchdb_t, couchdb_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, couchdb_conf_t)

diff --git a/policy/modules/contrib/ctdb.if b/policy/modules/contrib/ctdb.if
index b25b01d..79b0c9a 100644
--- a/policy/modules/contrib/ctdb.if
+++ b/policy/modules/contrib/ctdb.if
@@ -66,10 +66,7 @@ interface(`ctdb_admin',`
 	allow $1 ctdbd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, ctdbd_t)
 
-	init_labeled_script_domtrans($1, ctdbd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 ctdbd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, ctdbd_t, ctdbd_initrc_exec_t)
 
 	logging_search_logs($1)
 	admin_pattern($1, ctdbd_log_t)

diff --git a/policy/modules/contrib/cups.if b/policy/modules/contrib/cups.if
index 3023be7..cad7df2 100644
--- a/policy/modules/contrib/cups.if
+++ b/policy/modules/contrib/cups.if
@@ -357,10 +357,7 @@ interface(`cups_admin',`
 	ps_process_pattern($1, { cupsd_t cupsd_config_t cupsd_lpd_t })
 	ps_process_pattern($1, { cups_pdf_t hplip_t ptal_t })
 
-	init_labeled_script_domtrans($1, cupsd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 cupsd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, cupsd_t, cupsd_initrc_exec_t)
 
 	files_list_etc($1)
 	admin_pattern($1, { cupsd_etc_t cupsd_rw_etc_t ptal_etc_t })

diff --git a/policy/modules/contrib/cvs.if b/policy/modules/contrib/cvs.if
index 64775fd..49f6c1c 100644
--- a/policy/modules/contrib/cvs.if
+++ b/policy/modules/contrib/cvs.if
@@ -65,10 +65,7 @@ interface(`cvs_admin',`
 	allow $1 cvs_t:process { ptrace signal_perms };
 	ps_process_pattern($1, cvs_t)
 
-	init_labeled_script_domtrans($1, cvs_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 cvs_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, cvs_t, cvs_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, cvs_keytab_t)

diff --git a/policy/modules/contrib/cyphesis.if b/policy/modules/contrib/cyphesis.if
index df8aa4a..da37d4e 100644
--- a/policy/modules/contrib/cyphesis.if
+++ b/policy/modules/contrib/cyphesis.if
@@ -45,10 +45,7 @@ interface(`cyphesis_admin',`
 	allow $1 cyphesis_t:process { ptrace signal_perms };
 	ps_process_pattern($1, cyphesis_t)
 
-	init_labeled_script_domtrans($1, cyphesis_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 cyphesis_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, cyphesis_t, cyphesis_initrc_exec_t)
 
 	logging_search_logs($1)
 	admin_pattern($1, cyphesis_log_t)

diff --git a/policy/modules/contrib/cyrus.if b/policy/modules/contrib/cyrus.if
index 83bfda6..759e074 100644
--- a/policy/modules/contrib/cyrus.if
+++ b/policy/modules/contrib/cyrus.if
@@ -67,10 +67,7 @@ interface(`cyrus_admin',`
 	allow $1 cyrus_t:process { ptrace signal_perms };
 	ps_process_pattern($1, cyrus_t)
 
-	init_labeled_script_domtrans($1, cyrus_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 cyrus_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, cyrus_t, cyrus_initrc_exec_t)
 
 	files_list_etc($1)
 	admin_pattern($1, cyrus_keytab_t)

diff --git a/policy/modules/contrib/dante.if b/policy/modules/contrib/dante.if
index e709177..8d02f8c 100644
--- a/policy/modules/contrib/dante.if
+++ b/policy/modules/contrib/dante.if
@@ -26,10 +26,7 @@ interface(`dante_admin',`
 	allow $1 dante_t:process { ptrace signal_perms };
 	ps_process_pattern($1, dante_t)
 
-	init_labeled_script_domtrans($1, dante_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 dante_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, dante_t, dante_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, dante_conf_t)

diff --git a/policy/modules/contrib/ddclient.if b/policy/modules/contrib/ddclient.if
index 5606b40..96ddeea 100644
--- a/policy/modules/contrib/ddclient.if
+++ b/policy/modules/contrib/ddclient.if
@@ -73,10 +73,7 @@ interface(`ddclient_admin',`
 	allow $1 ddclient_t:process { ptrace signal_perms };
 	ps_process_pattern($1, ddclient_t)
 
-	init_labeled_script_domtrans($1, ddclient_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 ddclient_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, ddclient_t, ddclient_initrc_exec_t)
 
 	files_list_etc($1)
 	admin_pattern($1, ddclient_etc_t)

diff --git a/policy/modules/contrib/denyhosts.if b/policy/modules/contrib/denyhosts.if
index a7326da..0fb8ec7 100644
--- a/policy/modules/contrib/denyhosts.if
+++ b/policy/modules/contrib/denyhosts.if
@@ -63,10 +63,7 @@ interface(`denyhosts_admin',`
 	allow $1 denyhosts_t:process { ptrace signal_perms };
 	ps_process_pattern($1, denyhosts_t)
 
-	denyhosts_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 denyhosts_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, denyhosts_t, denyhosts_initrc_exec_t)
 
 	files_search_var_lib($1)
 	admin_pattern($1, denyhosts_var_lib_t)

diff --git a/policy/modules/contrib/dhcp.if b/policy/modules/contrib/dhcp.if
index c697edb..b7a0337 100644
--- a/policy/modules/contrib/dhcp.if
+++ b/policy/modules/contrib/dhcp.if
@@ -84,10 +84,7 @@ interface(`dhcpd_admin',`
 	allow $1 dhcpd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, dhcpd_t)
 
-	init_labeled_script_domtrans($1, dhcpd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 dhcpd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, dhcpd_t, dhcpd_initrc_exec_t)
 
 	files_list_tmp($1)
 	admin_pattern($1, dhcpd_tmp_t)

diff --git a/policy/modules/contrib/dictd.if b/policy/modules/contrib/dictd.if
index 3cc3494..3878acc 100644
--- a/policy/modules/contrib/dictd.if
+++ b/policy/modules/contrib/dictd.if
@@ -41,10 +41,7 @@ interface(`dictd_admin',`
 	allow $1 dictd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, dictd_t)
 
-	init_labeled_script_domtrans($1, dictd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 dictd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, dictd_t, dictd_initrc_exec_t)
 
 	files_list_etc($1)
 	admin_pattern($1, dictd_etc_t)

diff --git a/policy/modules/contrib/dirmngr.if b/policy/modules/contrib/dirmngr.if
index e5f6733..4cd2810 100644
--- a/policy/modules/contrib/dirmngr.if
+++ b/policy/modules/contrib/dirmngr.if
@@ -26,10 +26,7 @@ interface(`dirmngr_admin',`
 	allow $1 dirmngr_t:process { ptrace signal_perms };
 	ps_process_pattern($1, dirmngr_t)
 
-	init_labeled_script_domtrans($1, dirmngr_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 dirmngr_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, dirmngr_t, dirmngr_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, dirmngr_conf_t)

diff --git a/policy/modules/contrib/distcc.if b/policy/modules/contrib/distcc.if
index 473823d..6b43286 100644
--- a/policy/modules/contrib/distcc.if
+++ b/policy/modules/contrib/distcc.if
@@ -26,10 +26,7 @@ interface(`distcc_admin',`
 	allow $1 distccd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, distccd_t)
 
-	init_labeled_script_domtrans($1, distccd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 distccd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, distccd_t, distccd_initrc_exec_t)
 
 	logging_search_logs($1)
 	admin_pattern($1, distccd_log_t)

diff --git a/policy/modules/contrib/dkim.if b/policy/modules/contrib/dkim.if
index 386e494..61e1f19 100644
--- a/policy/modules/contrib/dkim.if
+++ b/policy/modules/contrib/dkim.if
@@ -26,10 +26,7 @@ interface(`dkim_admin',`
 	allow $1 dkim_milter_t:process { ptrace signal_perms };
 	ps_process_pattern($1, dkim_milter_t)
 
-	init_labeled_script_domtrans($1, dkim_milter_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 dkim_milter_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, dkim_milter_t, dkim_milter_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, dkim_milter_private_key_t)

diff --git a/policy/modules/contrib/dnsmasq.if b/policy/modules/contrib/dnsmasq.if
index 62e4948..f81566a 100644
--- a/policy/modules/contrib/dnsmasq.if
+++ b/policy/modules/contrib/dnsmasq.if
@@ -273,10 +273,7 @@ interface(`dnsmasq_admin',`
 	allow $1 dnsmasq_t:process { ptrace signal_perms };
 	ps_process_pattern($1, dnsmasq_t)
 
-	init_labeled_script_domtrans($1, dnsmasq_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 dnsmasq_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, dnsmasq_t, dnsmasq_initrc_exec_t)
 
 	files_list_var_lib($1)
 	admin_pattern($1, dnsmasq_lease_t)

diff --git a/policy/modules/contrib/dnssectrigger.if b/policy/modules/contrib/dnssectrigger.if
index 456da5c..eea250e 100644
--- a/policy/modules/contrib/dnssectrigger.if
+++ b/policy/modules/contrib/dnssectrigger.if
@@ -26,10 +26,7 @@ interface(`dnssectrigger_admin',`
 	allow $1 dnssec_triggerd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, dnssec_triggerd_t)
 
-	init_labeled_script_domtrans($1, dnssec_triggerd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 dnssec_triggerd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, dnssec_triggerd_t, dnssec_triggerd_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, dnssec_trigger_conf_t)

diff --git a/policy/modules/contrib/dovecot.if b/policy/modules/contrib/dovecot.if
index d5badb7..3608ba2 100644
--- a/policy/modules/contrib/dovecot.if
+++ b/policy/modules/contrib/dovecot.if
@@ -149,10 +149,7 @@ interface(`dovecot_admin',`
 	allow $1 dovecot_t:process { ptrace signal_perms };
 	ps_process_pattern($1, dovecot_t)
 
-	init_labeled_script_domtrans($1, dovecot_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 dovecot_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, dovecot_t, dovecot_initrc_exec_t)
 
 	files_list_etc($1)
 	admin_pattern($1, { dovecot_keytab_t dovecot_etc_t })

diff --git a/policy/modules/contrib/drbd.if b/policy/modules/contrib/drbd.if
index 9a21639..f147c10 100644
--- a/policy/modules/contrib/drbd.if
+++ b/policy/modules/contrib/drbd.if
@@ -46,10 +46,7 @@ interface(`drbd_admin',`
 	allow $1 drbd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, drbd_t)
 
-	init_labeled_script_domtrans($1, drbd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 drbd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, drbd_t, drbd_initrc_exec_t)
 
 	files_search_locks($1)
 	admin_pattern($1, drbd_lock_t)

diff --git a/policy/modules/contrib/dspam.if b/policy/modules/contrib/dspam.if
index 18f2452..a8cd028 100644
--- a/policy/modules/contrib/dspam.if
+++ b/policy/modules/contrib/dspam.if
@@ -66,10 +66,7 @@ interface(`dspam_admin',`
 	allow $1 dspam_t:process { ptrace signal_perms };
 	ps_process_pattern($1, dspam_t)
 
-	init_labeled_script_domtrans($1, dspam_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 dspam_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, dspam_t, dspam_initrc_exec_t)
 
 	logging_search_logs($1)
 	admin_pattern($1, dspam_log_t)

diff --git a/policy/modules/contrib/entropyd.if b/policy/modules/contrib/entropyd.if
index 1161fbf..eedfae6 100644
--- a/policy/modules/contrib/entropyd.if
+++ b/policy/modules/contrib/entropyd.if
@@ -25,10 +25,7 @@ interface(`entropyd_admin',`
 	allow $1 entropyd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, entropyd_t)
 
-	init_labeled_script_domtrans($1, entropyd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 entropyd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, entropyd_t, entropyd_initrc_exec_t)
 
 	files_search_pids($1)
 	admin_pattern($1, entropyd_var_run_t)

diff --git a/policy/modules/contrib/exim.if b/policy/modules/contrib/exim.if
index 9bbc690..51655bb 100644
--- a/policy/modules/contrib/exim.if
+++ b/policy/modules/contrib/exim.if
@@ -288,10 +288,7 @@ interface(`exim_admin',`
 	allow $1 exim_t:process { ptrace signal_perms };
 	ps_process_pattern($1, exim_t)
 
-	init_labeled_script_domtrans($1, exim_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 exim_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, exim_t, exim_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, exim_keytab_t)

diff --git a/policy/modules/contrib/fail2ban.if b/policy/modules/contrib/fail2ban.if
index 50d0084..5b8e08b 100644
--- a/policy/modules/contrib/fail2ban.if
+++ b/policy/modules/contrib/fail2ban.if
@@ -266,10 +266,7 @@ interface(`fail2ban_admin',`
 	allow $1 { fail2ban_t fail2ban_client_t }:process { ptrace signal_perms };
 	ps_process_pattern($1, { fail2ban_t fail2ban_client_t })
 
-	init_labeled_script_domtrans($1, fail2ban_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 fail2ban_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, fail2ban_t, fail2ban_initrc_exec_t)
 
 	logging_list_logs($1)
 	admin_pattern($1, fail2ban_log_t)

diff --git a/policy/modules/contrib/fcoe.if b/policy/modules/contrib/fcoe.if
index c3484a9..78d1147 100644
--- a/policy/modules/contrib/fcoe.if
+++ b/policy/modules/contrib/fcoe.if
@@ -44,10 +44,7 @@ interface(`fcoe_admin',`
 	allow $1 fcoemon_t:process { ptrace signal_perms };
 	ps_process_pattern($1, fcoemon_t)
 
-	init_labeled_script_domtrans($1, fcoemon_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 fcoemon_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, fcoemon_t, fcoemon_initrc_exec_t)
 
 	files_search_pids($1)
 	admin_pattern($1, fcoemon_var_run_t)

diff --git a/policy/modules/contrib/fetchmail.if b/policy/modules/contrib/fetchmail.if
index c3f7916..5115aff 100644
--- a/policy/modules/contrib/fetchmail.if
+++ b/policy/modules/contrib/fetchmail.if
@@ -23,10 +23,7 @@ interface(`fetchmail_admin',`
 		type fetchmail_var_run_t, fetchmail_initrc_exec_t, fetchmail_log_t;
 	')
 
-	init_labeled_script_domtrans($1, fetchmail_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 fetchmail_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, fetchmail_t, fetchmail_initrc_exec_t)
 
 	allow $1 fetchmail_t:process { ptrace signal_perms };
 	ps_process_pattern($1, fetchmail_t)

diff --git a/policy/modules/contrib/firewalld.if b/policy/modules/contrib/firewalld.if
index c62c567..a16179b 100644
--- a/policy/modules/contrib/firewalld.if
+++ b/policy/modules/contrib/firewalld.if
@@ -86,10 +86,7 @@ interface(`firewalld_admin',`
 	allow $1 firewalld_t:process { ptrace signal_perms };
 	ps_process_pattern($1, firewalld_t)
 
-	init_labeled_script_domtrans($1, firewalld_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 firewalld_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, firewalld_t, firewalld_initrc_exec_t)
 
 	files_search_pids($1)
 	admin_pattern($1, firewalld_var_run_t)

diff --git a/policy/modules/contrib/ftp.if b/policy/modules/contrib/ftp.if
index 65adda9..93fd4be 100644
--- a/policy/modules/contrib/ftp.if
+++ b/policy/modules/contrib/ftp.if
@@ -182,10 +182,7 @@ interface(`ftp_admin',`
 	allow $1 { ftpd_t ftpdctl_t sftpd_t anon_sftpd_t }:process { ptrace signal_perms };
 	ps_process_pattern($1, { ftpd_t ftpdctl_t sftpd_t anon_sftpd_t })
 
-	init_labeled_script_domtrans($1, ftpd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 ftpd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, ftpd_t, ftpd_initrc_exec_t)
 
 	miscfiles_manage_public_files($1)
 

diff --git a/policy/modules/contrib/gatekeeper.if b/policy/modules/contrib/gatekeeper.if
index 30926d7..83681df 100644
--- a/policy/modules/contrib/gatekeeper.if
+++ b/policy/modules/contrib/gatekeeper.if
@@ -26,10 +26,7 @@ interface(`gatekeeper_admin',`
 	allow $1 gatekeeper_t:process { ptrace signal_perms };
 	ps_process_pattern($1, gatekeeper_t)
 
-	init_labeled_script_domtrans($1, gatekeeper_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 gatekeeper_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, gatekeeper_t, gatekeeper_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, gatekeeper_etc_t)

diff --git a/policy/modules/contrib/gdomap.if b/policy/modules/contrib/gdomap.if
index 7d6b6b7..58e5c44 100644
--- a/policy/modules/contrib/gdomap.if
+++ b/policy/modules/contrib/gdomap.if
@@ -45,10 +45,7 @@ interface(`gdomap_admin',`
 	allow $1 gdomap_t:process { ptrace signal_perms };
 	ps_process_pattern($1, gdomap_t)
 
-	init_labeled_script_domtrans($1, gdomap_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 gdomap_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, gdomap_t, gdomap_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, gdomap_conf_t)

diff --git a/policy/modules/contrib/glance.if b/policy/modules/contrib/glance.if
index 9eacb2c..6d9f3da 100644
--- a/policy/modules/contrib/glance.if
+++ b/policy/modules/contrib/glance.if
@@ -245,10 +245,8 @@ interface(`glance_admin',`
 	allow $1 { glance_api_t glance_registry_t }:process signal_perms;
 	ps_process_pattern($1, { glance_api_t glance_registry_t })
 
-	init_labeled_script_domtrans($1, { glance_api_initrc_exec_t glance_registry_initrc_exec_t })
-	domain_system_change_exemption($1)
-	role_transition $2 { glance_api_initrc_exec_t glance_registry_initrc_exec_t } system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, glance_api_t, glance_api_initrc_exec_t)
+	init_startstop_service($1, $2, glance_registry_t, glance_registry_initrc_exec_t)
 
 	logging_search_logs($1)
 	admin_pattern($1, glance_log_t)

diff --git a/policy/modules/contrib/glusterfs.if b/policy/modules/contrib/glusterfs.if
index 05233c8..0945d87 100644
--- a/policy/modules/contrib/glusterfs.if
+++ b/policy/modules/contrib/glusterfs.if
@@ -46,10 +46,7 @@ interface(`glusterfs_admin',`
 		type glusterd_var_run_t;
 	')
 
-	init_labeled_script_domtrans($1, glusterd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 glusterd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, glusterd_t, glusterd_initrc_exec_t)
 
 	allow $1 glusterd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, glusterd_t)

diff --git a/policy/modules/contrib/gpm.if b/policy/modules/contrib/gpm.if
index f1528c9..b9a4743 100644
--- a/policy/modules/contrib/gpm.if
+++ b/policy/modules/contrib/gpm.if
@@ -106,10 +106,7 @@ interface(`gpm_admin',`
 	allow $1 gpm_t:process { ptrace signal_perms };
 	ps_process_pattern($1, gpm_t)
 
-	init_labeled_script_domtrans($1, gpm_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 gpm_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, gpm_t, gpm_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, gpm_conf_t)

diff --git a/policy/modules/contrib/gpsd.if b/policy/modules/contrib/gpsd.if
index 92eb564..1d10f63 100644
--- a/policy/modules/contrib/gpsd.if
+++ b/policy/modules/contrib/gpsd.if
@@ -91,10 +91,7 @@ interface(`gpsd_admin',`
 	allow $1 gpsd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, gpsd_t)
 
-	init_labeled_script_domtrans($1, gpsd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 gpsd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, gpsd_t, gpsd_initrc_exec_t)
 
 	files_search_pids($1)
 	admin_pattern($1, gpsd_var_run_t)

diff --git a/policy/modules/contrib/hadoop.if b/policy/modules/contrib/hadoop.if
index 2b0d488..a0a819f 100644
--- a/policy/modules/contrib/hadoop.if
+++ b/policy/modules/contrib/hadoop.if
@@ -441,10 +441,7 @@ interface(`hadoop_admin',`
 	allow $1 { hadoop_domain hadoop_initrc_domain hadoop_t zookeeper_t zookeeper_server_t }:process { ptrace signal_perms };
 	ps_process_pattern($1, { hadoop_domain hadoop_initrc_domain hadoop_t zookeeper_t zookeeper_server_t })
 
-	init_labeled_script_domtrans($1, hadoop_init_script_file)
-	domain_system_change_exemption($1)
-	role_transition $2 hadoop_init_script_file system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, hadoop_domain, hadoop_init_script_file)
 
 	files_search_etc($1)
 	admin_pattern($1, { hadoop_etc_t zookeeper_etc_t })

diff --git a/policy/modules/contrib/hddtemp.if b/policy/modules/contrib/hddtemp.if
index 1728071..269bafd 100644
--- a/policy/modules/contrib/hddtemp.if
+++ b/policy/modules/contrib/hddtemp.if
@@ -63,10 +63,7 @@ interface(`hddtemp_admin',`
 	allow $1 hddtemp_t:process { ptrace signal_perms };
 	ps_process_pattern($1, hddtemp_t)
 
-	init_labeled_script_domtrans($1, hddtemp_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 hddtemp_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, hddtemp_t, hddtemp_initrc_exec_t)
 
 	admin_pattern($1, hddtemp_etc_t)
 	files_search_etc($1)

diff --git a/policy/modules/contrib/howl.if b/policy/modules/contrib/howl.if
index dc609f0..afea184 100644
--- a/policy/modules/contrib/howl.if
+++ b/policy/modules/contrib/howl.if
@@ -43,10 +43,7 @@ interface(`howl_admin',`
 	allow $1 howl_t:process { ptrace signal_perms };
 	ps_process_pattern($1, howl_t)
 
-	init_labeled_script_domtrans($1, howl_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 howl_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, howl_t, howl_initrc_exec_t)
 
 	files_search_pids($1)
 	admin_pattern($1, howl_var_run_t)

diff --git a/policy/modules/contrib/hypervkvp.if b/policy/modules/contrib/hypervkvp.if
index 6517fad..f9a3b8e 100644
--- a/policy/modules/contrib/hypervkvp.if
+++ b/policy/modules/contrib/hypervkvp.if
@@ -25,8 +25,5 @@ interface(`hypervkvp_admin',`
 	allow $1 hypervkvpd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, hypervkvpd_t)
 
-	init_labeled_script_domtrans($1, hypervkvpd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 hypervkvpd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, hypervkvpd_t, hypervkvpd_initrc_exec_t)
 ')

diff --git a/policy/modules/contrib/i18n_input.if b/policy/modules/contrib/i18n_input.if
index 5eab254..b908264 100644
--- a/policy/modules/contrib/i18n_input.if
+++ b/policy/modules/contrib/i18n_input.if
@@ -40,10 +40,7 @@ interface(`i18n_input_admin',`
 	allow $1 i18n_input_t:process { ptrace signal_perms };
 	ps_process_pattern($1, i18n_input_t)
 
-	init_labeled_script_domtrans($1, i18n_input_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 i18n_input_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, i18n_input_t, i18n_input_initrc_exec_t)
 
 	files_search_pids($1)
 	admin_pattern($1, i18n_input_var_run_t)

diff --git a/policy/modules/contrib/icecast.if b/policy/modules/contrib/icecast.if
index 580b533..38ce1b7 100644
--- a/policy/modules/contrib/icecast.if
+++ b/policy/modules/contrib/icecast.if
@@ -176,10 +176,7 @@ interface(`icecast_admin',`
 		type icecast_var_run_t;
 	')
 
-	icecast_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 icecast_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, icecast_t, icecast_initrc_exec_t)
 
 	allow $1 icecast_t:process { ptrace signal_perms };
 	ps_process_pattern($1, icecast_t)

diff --git a/policy/modules/contrib/ifplugd.if b/policy/modules/contrib/ifplugd.if
index 8999899..3cd19b3 100644
--- a/policy/modules/contrib/ifplugd.if
+++ b/policy/modules/contrib/ifplugd.if
@@ -122,10 +122,7 @@ interface(`ifplugd_admin',`
 	allow $1 ifplugd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, ifplugd_t)
 
-	init_labeled_script_domtrans($1, ifplugd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 ifplugd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, ifplugd_t, ifplugd_initrc_exec_t)
 
 	files_list_etc($1)
 	admin_pattern($1, ifplugd_etc_t)

diff --git a/policy/modules/contrib/inn.if b/policy/modules/contrib/inn.if
index eb87f23..8e24feb 100644
--- a/policy/modules/contrib/inn.if
+++ b/policy/modules/contrib/inn.if
@@ -230,10 +230,7 @@ interface(`inn_admin',`
 		type innd_var_run_t, innd_initrc_exec_t;
 	')
 
-	init_labeled_script_domtrans($1, innd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 innd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, innd_t, innd_initrc_exec_t)
 
 	allow $1 innd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, innd_t)

diff --git a/policy/modules/contrib/iodine.if b/policy/modules/contrib/iodine.if
index a0bfbd0..87e47eb 100644
--- a/policy/modules/contrib/iodine.if
+++ b/policy/modules/contrib/iodine.if
@@ -47,8 +47,5 @@ interface(`iodine_admin',`
 	allow $1 iodined_t:process { ptrace signal_perms };
 	ps_process_pattern($1, iodined_t)
 
-	init_labeled_script_domtrans($1, iodined_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 iodined_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, iodined_t, iodined_initrc_exec_t)
 ')

diff --git a/policy/modules/contrib/ircd.if b/policy/modules/contrib/ircd.if
index 1a88664..3dbe87d 100644
--- a/policy/modules/contrib/ircd.if
+++ b/policy/modules/contrib/ircd.if
@@ -23,10 +23,7 @@ interface(`ircd_admin',`
 		type ircd_log_t, ircd_var_lib_t, ircd_var_run_t;
 	')
 
-	init_labeled_script_domtrans($1, ircd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 ircd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, ircd_t, ircd_initrc_exec_t)
 
 	allow $1 ircd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, ircd_t)

diff --git a/policy/modules/contrib/irqbalance.if b/policy/modules/contrib/irqbalance.if
index d7113e7..9e943d3 100644
--- a/policy/modules/contrib/irqbalance.if
+++ b/policy/modules/contrib/irqbalance.if
@@ -25,10 +25,7 @@ interface(`irqbalance_admin',`
 	allow $1 irqbalance_t:process { ptrace signal_perms };
 	ps_process_pattern($1, irqbalance_t)
 
-	init_labeled_script_domtrans($1, irqbalance_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 irqbalance_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, irqbalance_t, irqbalance_initrc_exec_t)
 
 	files_search_pids($1)
 	admin_pattern($1, irqbalance_var_run_t)

diff --git a/policy/modules/contrib/iscsi.if b/policy/modules/contrib/iscsi.if
index 1a35420..44a891d 100644
--- a/policy/modules/contrib/iscsi.if
+++ b/policy/modules/contrib/iscsi.if
@@ -105,10 +105,7 @@ interface(`iscsi_admin',`
 	allow $1 iscsid_t:process { ptrace signal_perms };
 	ps_process_pattern($1, iscsid_t)
 
-	init_labeled_script_domtrans($1, iscsi_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 iscsi_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, iscsi_t, iscsi_initrc_exec_t)
 
 	logging_search_logs($1)
 	admin_pattern($1, iscsi_log_t)

diff --git a/policy/modules/contrib/isns.if b/policy/modules/contrib/isns.if
index da7e970..4d847e9 100644
--- a/policy/modules/contrib/isns.if
+++ b/policy/modules/contrib/isns.if
@@ -26,10 +26,7 @@ interface(`isnsd_admin',`
 	allow $1 isnsd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, isnsd_t)
 
-	init_labeled_script_domtrans($1, isnsd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 isnsd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, isnsd_t, isnsd_initrc_exec_t)
 
 	files_search_var_lib($1)
 	admin_pattern($1, isnsd_var_lib_t)

diff --git a/policy/modules/contrib/jabber.if b/policy/modules/contrib/jabber.if
index 7eb3811..549dac1 100644
--- a/policy/modules/contrib/jabber.if
+++ b/policy/modules/contrib/jabber.if
@@ -81,10 +81,7 @@ interface(`jabber_admin',`
 	allow $1 jabberd_domain:process { ptrace signal_perms };
 	ps_process_pattern($1, jabberd_domain)
 
-	init_labeled_script_domtrans($1, jabberd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 jabberd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, jabberd_domain, jabberd_initrc_exec_t)
 
 	files_search_locks($1)
 	admin_pattern($1, jabberd_lock_t)

diff --git a/policy/modules/contrib/kdump.if b/policy/modules/contrib/kdump.if
index 3a00b3a..f90bfb4 100644
--- a/policy/modules/contrib/kdump.if
+++ b/policy/modules/contrib/kdump.if
@@ -102,10 +102,7 @@ interface(`kdump_admin',`
 	allow $1 { kdump_t kdumpctl_t }:process { ptrace signal_perms };
 	ps_process_pattern($1, { kdump_t kdumpctl_t })
 
-	init_labeled_script_domtrans($1, kdump_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 kdump_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, kdump_t, kdump_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, kdump_etc_t)

diff --git a/policy/modules/contrib/kerberos.if b/policy/modules/contrib/kerberos.if
index 77a5c49..01caeea 100644
--- a/policy/modules/contrib/kerberos.if
+++ b/policy/modules/contrib/kerberos.if
@@ -493,10 +493,7 @@ interface(`kerberos_admin',`
 	allow $1 { kadmind_t krb5kdc_t kpropd_t }:process { ptrace signal_perms };
 	ps_process_pattern($1, { kadmind_t krb5kdc_t kpropd_t })
 
-	init_labeled_script_domtrans($1, kerberos_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 kerberos_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, { kadmind_t krb5kdc_t }, kerberos_initrc_exec_t)
 
 	logging_list_logs($1)
 	admin_pattern($1, kadmind_log_t)

diff --git a/policy/modules/contrib/kerneloops.if b/policy/modules/contrib/kerneloops.if
index 714448f..d6f5fd8 100644
--- a/policy/modules/contrib/kerneloops.if
+++ b/policy/modules/contrib/kerneloops.if
@@ -108,10 +108,7 @@ interface(`kerneloops_admin',`
 	allow $1 kerneloops_t:process { ptrace signal_perms };
 	ps_process_pattern($1, kerneloops_t)
 
-	init_labeled_script_domtrans($1, kerneloops_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 kerneloops_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, kerneloops_t, kerneloops_initrc_exec_t)
 
 	files_search_tmp($1)
 	admin_pattern($1, kerneloops_tmp_t)

diff --git a/policy/modules/contrib/keystone.if b/policy/modules/contrib/keystone.if
index e88fb16..ec9adb0 100644
--- a/policy/modules/contrib/keystone.if
+++ b/policy/modules/contrib/keystone.if
@@ -26,10 +26,7 @@ interface(`keystone_admin',`
 	allow $1 keystone_t:process { ptrace signal_perms };
 	ps_process_pattern($1, keystone_t)
 
-	init_labeled_script_domtrans($1, keystone_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 keystone_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, keystone_t, keystone_initrc_exec_t)
 
 	logging_search_logs($1)
 	admin_pattern($1, keystone_log_t)

diff --git a/policy/modules/contrib/kismet.if b/policy/modules/contrib/kismet.if
index f20de6e..24d623b 100644
--- a/policy/modules/contrib/kismet.if
+++ b/policy/modules/contrib/kismet.if
@@ -286,10 +286,7 @@ interface(`kismet_admin',`
 		type kismet_log_t, kismet_tmp_t, kismet_initrc_exec_t;
 	')
 
-	init_labeled_script_domtrans($1, kismet_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 kismet_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, kismet_t, kismet_initrc_exec_t)
 
 	ps_process_pattern($1, kismet_t)
 	allow $1 kismet_t:process { ptrace signal_perms };

diff --git a/policy/modules/contrib/ksmtuned.if b/policy/modules/contrib/ksmtuned.if
index 93a64bc..59f401b 100644
--- a/policy/modules/contrib/ksmtuned.if
+++ b/policy/modules/contrib/ksmtuned.if
@@ -61,10 +61,7 @@ interface(`ksmtuned_admin',`
 		type ksmtuned_initrc_exec_t, ksmtuned_log_t;
 	')
 
-	ksmtuned_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 ksmtuned_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, ksmtuned_t, ksmtuned_initrc_exec_t)
 
 	allow $1 ksmtuned_t:process { ptrace signal_perms };
 	ps_process_pattern($1, ksmtuned_t)

diff --git a/policy/modules/contrib/kudzu.if b/policy/modules/contrib/kudzu.if
index 5297064..993e152 100644
--- a/policy/modules/contrib/kudzu.if
+++ b/policy/modules/contrib/kudzu.if
@@ -89,10 +89,7 @@ interface(`kudzu_admin',`
 	allow $1 kudzu_t:process { ptrace signal_perms };
 	ps_process_pattern($1, kudzu_t)
 
-	init_labeled_script_domtrans($1, kudzu_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 kudzu_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, kudzu_t, kudzu_initrc_exec_t)
 
 	files_search_tmp($1)
 	admin_pattern($1, kudzu_tmp_t)

diff --git a/policy/modules/contrib/l2tp.if b/policy/modules/contrib/l2tp.if
index 73e2803..24d3c44 100644
--- a/policy/modules/contrib/l2tp.if
+++ b/policy/modules/contrib/l2tp.if
@@ -86,10 +86,7 @@ interface(`l2tp_admin',`
 	allow $1 l2tpd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, l2tpd_t)
 
-	init_labeled_script_domtrans($1, l2tpd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 l2tpd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, l2tpd_t, l2tpd_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, l2tp_conf_t)

diff --git a/policy/modules/contrib/ldap.if b/policy/modules/contrib/ldap.if
index 7f09b4a..b4eabc9 100644
--- a/policy/modules/contrib/ldap.if
+++ b/policy/modules/contrib/ldap.if
@@ -122,10 +122,7 @@ interface(`ldap_admin',`
 	allow $1 slapd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, slapd_t)
 
-	init_labeled_script_domtrans($1, slapd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 slapd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, slapd_t, slapd_initrc_exec_t)
 
 	files_list_etc($1)
 	admin_pattern($1, { slapd_etc_t slapd_db_t slapd_cert_t slapd_keytab_t })

diff --git a/policy/modules/contrib/likewise.if b/policy/modules/contrib/likewise.if
index bd20e8c..2b884e6 100644
--- a/policy/modules/contrib/likewise.if
+++ b/policy/modules/contrib/likewise.if
@@ -110,10 +110,7 @@ interface(`likewise_admin',`
 	allow $1 likewise_domains:process { ptrace signal_perms };
 	ps_process_pattern($1, likewise_domains)
 
-	init_labeled_script_domtrans($1, likewise_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 likewise_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, likewise_domains, likewise_initrc_exec_t)
 
 	files_list_etc($1)
 	admin_pattern($1, { likewise_etc_t likewise_pstore_lock_t likewise_krb5_ad_t })

diff --git a/policy/modules/contrib/lircd.if b/policy/modules/contrib/lircd.if
index dff21a7..f54240e 100644
--- a/policy/modules/contrib/lircd.if
+++ b/policy/modules/contrib/lircd.if
@@ -84,10 +84,7 @@ interface(`lircd_admin',`
 	allow $1 lircd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, lircd_t)
 
-	init_labeled_script_domtrans($1, lircd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 lircd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, lircd_t, lircd_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, lircd_etc_t)

diff --git a/policy/modules/contrib/lldpad.if b/policy/modules/contrib/lldpad.if
index d18c960..8d7692a 100644
--- a/policy/modules/contrib/lldpad.if
+++ b/policy/modules/contrib/lldpad.if
@@ -45,10 +45,7 @@ interface(`lldpad_admin',`
 	allow $1 lldpad_t:process { ptrace signal_perms };
 	ps_process_pattern($1, lldpad_t)
 
-	init_labeled_script_domtrans($1, lldpad_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 lldpad_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, lldpad_t, lldpad_initrc_exec_t)
 
 	files_search_var_lib($1)
 	admin_pattern($1, lldpad_var_lib_t)

diff --git a/policy/modules/contrib/mailscanner.if b/policy/modules/contrib/mailscanner.if
index 214cb44..a684cfd 100644
--- a/policy/modules/contrib/mailscanner.if
+++ b/policy/modules/contrib/mailscanner.if
@@ -47,10 +47,7 @@ interface(`mscan_admin',`
 	allow $1 mscan_t:process { ptrace signal_perms };
 	ps_process_pattern($1, mscan_t)
 
-	init_labeled_script_domtrans($1, mscan_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 mscan_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, mscan_t, mscan_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, mscan_etc_t)

diff --git a/policy/modules/contrib/mcelog.if b/policy/modules/contrib/mcelog.if
index f89651e..9b731b8 100644
--- a/policy/modules/contrib/mcelog.if
+++ b/policy/modules/contrib/mcelog.if
@@ -45,10 +45,7 @@ interface(`mcelog_admin',`
 	allow $1 mcelog_t:process { ptrace signal_perms };
 	ps_process_pattern($1, mcelog_t)
 
-	init_labeled_script_domtrans($1, mcelog_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 mcelog_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, mcelog_t, mcelog_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, mcelog_etc_t)

diff --git a/policy/modules/contrib/memcached.if b/policy/modules/contrib/memcached.if
index 1d4eb19..5c12b31 100644
--- a/policy/modules/contrib/memcached.if
+++ b/policy/modules/contrib/memcached.if
@@ -124,10 +124,7 @@ interface(`memcached_admin',`
 	allow $1 memcached_t:process { ptrace signal_perms };
 	ps_process_pattern($1, memcached_t)
 
-	init_labeled_script_domtrans($1, memcached_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 memcached_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, memcached_t, memcached_initrc_exec_t)
 
 	files_search_pids($1)
 	admin_pattern($1, memcached_var_run_t)

diff --git a/policy/modules/contrib/minidlna.if b/policy/modules/contrib/minidlna.if
index 358917a..7aa4fc9 100644
--- a/policy/modules/contrib/minidlna.if
+++ b/policy/modules/contrib/minidlna.if
@@ -26,10 +26,7 @@ interface(`minidlna_admin',`
 	allow $1 minidlna_t:process { ptrace signal_perms };
 	ps_process_pattern($1, minidlna_t)
 
-	minidlna_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 minidlna_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, minidlna_t, minidlna_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, minidlna_conf_t)

diff --git a/policy/modules/contrib/minissdpd.if b/policy/modules/contrib/minissdpd.if
index f37a116..d4bdf6c 100644
--- a/policy/modules/contrib/minissdpd.if
+++ b/policy/modules/contrib/minissdpd.if
@@ -45,10 +45,7 @@ interface(`minissdpd_admin',`
 	allow $1 minissdpd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, minissdpd_t)
 
-	init_labeled_script_domtrans($1, minissdpd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 minissdpd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, minissdpd_t, minissdpd_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, minissdpd_conf_t)

diff --git a/policy/modules/contrib/mongodb.if b/policy/modules/contrib/mongodb.if
index b247d25..9a184f2 100644
--- a/policy/modules/contrib/mongodb.if
+++ b/policy/modules/contrib/mongodb.if
@@ -26,10 +26,7 @@ interface(`mongodb_admin',`
 	allow $1 mongod_t:process { ptrace signal_perms };
 	ps_process_pattern($1, mongod_t)
 
-	init_labeled_script_domtrans($1, mongod_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 mongod_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, mongod_t, mongod_initrc_exec_t)
 
 	logging_search_logs($1)
 	admin_pattern($1, mongod_log_t)

diff --git a/policy/modules/contrib/monop.if b/policy/modules/contrib/monop.if
index a6ec137..0106004 100644
--- a/policy/modules/contrib/monop.if
+++ b/policy/modules/contrib/monop.if
@@ -26,10 +26,7 @@ interface(`monop_admin',`
 	allow $1 monopd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, monopd_t)
 
-	init_labeled_script_domtrans($1, monopd_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 monopd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, monopd_t, monopd_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, monopd_etc_t)

diff --git a/policy/modules/contrib/mpd.if b/policy/modules/contrib/mpd.if
index 5fa77c7..384599f 100644
--- a/policy/modules/contrib/mpd.if
+++ b/policy/modules/contrib/mpd.if
@@ -347,10 +347,7 @@ interface(`mpd_admin',`
 	allow $1 mpd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, mpd_t)
 
-	mpd_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 mpd_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, mpd_t, mpd_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, mpd_etc_t)

diff --git a/policy/modules/contrib/mrtg.if b/policy/modules/contrib/mrtg.if
index c595094..0a71bd8 100644
--- a/policy/modules/contrib/mrtg.if
+++ b/policy/modules/contrib/mrtg.if
@@ -47,10 +47,7 @@ interface(`mrtg_admin',`
 	allow $1 mrtg_t:process { ptrace signal_perms };
 	ps_process_pattern($1, mrtg_t)
 
-	init_labeled_script_domtrans($1, mrtg_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 mrtg_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, mrtg_t, mrtg_initrc_exec_t)
 
 	files_search_etc($1)
 	admin_pattern($1, mrtg_etc_t)

diff --git a/policy/modules/contrib/munin.if b/policy/modules/contrib/munin.if
index b744fe3..cd67499 100644
--- a/policy/modules/contrib/munin.if
+++ b/policy/modules/contrib/munin.if
@@ -173,10 +173,7 @@ interface(`munin_admin',`
 	allow $1 { munin_plugin_domain munin_t }:process { ptrace signal_perms };
 	ps_process_pattern($1, { munin_plugin_domain munin_t })
 
-	init_labeled_script_domtrans($1, munin_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 munin_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, munin_t, munin_initrc_exec_t)
 
 	files_list_tmp($1)
 	admin_pattern($1, { munin_tmp_t munin_plugin_tmp_content })

diff --git a/policy/modules/contrib/mysql.if b/policy/modules/contrib/mysql.if
index 590748a..e7250f7 100644
--- a/policy/modules/contrib/mysql.if
+++ b/policy/modules/contrib/mysql.if
@@ -450,10 +450,8 @@ interface(`mysql_admin',`
 	allow $1 { mysqld_safe_t mysqld_t mysqlmanagerd_t }:process { ptrace signal_perms };
 	ps_process_pattern($1, { mysqld_safe_t mysqld_t mysqlmanagerd_t })
 
-	init_labeled_script_domtrans($1, {  mysqlmanagerd_initrc_exec_t mysqld_initrc_exec_t })
-	domain_system_change_exemption($1)
-	role_transition $2 { mysqlmanagerd_initrc_exec_t mysqld_initrc_exec_t } system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, mysqld_t, mysqld_initrc_exec_t)
+	init_startstop_service($1, $2, mysqlmanagerd_t, mysqlmanagerd_initrc_exec_t)
 
 	files_search_pids($1)
 	admin_pattern($1, { mysqlmanagerd_var_run_t mysqld_var_run_t })