diff --git a/parser/immunix.h b/parser/immunix.h
index 2628b67c4..4764a07dd 100644
--- a/parser/immunix.h
+++ b/parser/immunix.h
@@ -20,69 +20,37 @@
 #ifndef _IMMUNIX_H
 #define _IMMUNIX_H
 
-/* start of system offsets */
-#define POS_AA_FILE_MIN			0
-#define POS_AA_MAY_EXEC			POS_AA_FILE_MIN
-#define POS_AA_MAY_WRITE		(POS_AA_MAY_EXEC + 1)
-#define POS_AA_MAY_READ			(POS_AA_MAY_WRITE + 1)
-/* not used by Subdomain */
-#define POS_AA_MAY_APPEND		(POS_AA_MAY_READ + 1)
-/* end of system offsets */
-
-#define POS_AA_MAY_LINK			(POS_AA_MAY_APPEND + 1)
-#define POS_AA_EXEC_INHERIT		(POS_AA_MAY_LINK + 1)
-#define POS_AA_EXEC_UNCONSTRAINED	(POS_AA_EXEC_INHERIT + 1)
-#define POS_AA_EXEC_PROFILE		(POS_AA_EXEC_UNCONSTRAINED + 1)
-#define POS_AA_EXEC_MMAP		(POS_AA_EXEC_PROFILE + 1)
-#define POS_AA_EXEC_UNSAFE		(POS_AA_EXEC_MMAP + 1)
-#define POS_AA_FILE_MAX			POS_AA_EXEC_UNSAFE
-
-#define POS_AA_NET_MIN			(POS_AA_FILE_MAX + 1)
-#define POS_AA_TCP_CONNECT		POS_AA_NET_MIN
-#define POS_AA_TCP_ACCEPT		(POS_AA_TCP_CONNECT + 1)
-#define POS_AA_TCP_CONNECTED		(POS_AA_TCP_ACCEPT + 1)
-#define POS_AA_TCP_ACCEPTED		(POS_AA_TCP_CONNECTED + 1)
-#define POS_AA_UDP_SEND			(POS_AA_TCP_ACCEPTED + 1)
-#define POS_AA_UDP_RECEIVE		(POS_AA_UDP_SEND + 1)
-#define POS_AA_NET_MAX			POS_AA_UDP_RECEIVE
-
-/* logging only */
-#define POS_AA_LOGTCP_SEND		(POS_AA_NET_MAX + 1)
-#define POS_AA_LOGTCP_RECEIVE		(POS_AA_LOGTCP_SEND + 1)
-
-/* Absolute MAX/MIN */
-#define POS_AA_MIN			(POS_AA_FILE_MIN
-#define POS_AA_MAX			(POS_AA_NET_MAX
-
-/* Invalid perm permission */
-#define POS_AA_INVALID_POS		31
-
-/* Modeled after MAY_READ, MAY_WRITE, MAY_EXEC def'ns */
-#define AA_MAY_EXEC		(0x01 << POS_AA_MAY_EXEC)
-#define AA_MAY_WRITE		(0x01 << POS_AA_MAY_WRITE)
-#define AA_MAY_READ		(0x01 << POS_AA_MAY_READ)
-#define AA_MAY_LINK		(0x01 << POS_AA_MAY_LINK)
-#define AA_EXEC_INHERIT 	(0x01 << POS_AA_EXEC_INHERIT)
-#define AA_EXEC_UNCONSTRAINED	(0x01 << POS_AA_EXEC_UNCONSTRAINED)
-#define AA_EXEC_PROFILE		(0x01 << POS_AA_EXEC_PROFILE)
-#define AA_EXEC_MMAP		(0x01 << POS_AA_EXEC_MMAP)
-#define AA_EXEC_UNSAFE		(0x01 << POS_AA_EXEC_UNSAFE)
+/*
+ * Modeled after MAY_READ, MAY_WRITE, MAY_EXEC in the kernel. The value of
+ * AA_MAY_EXEC must be identical to MAY_EXEC, etc.
+ */
+#define AA_MAY_EXEC			(1 << 0)
+#define AA_MAY_WRITE			(1 << 1)
+#define AA_MAY_READ			(1 << 2)
+/*#define AA_MAY_APPEND			(1 << 3)*/
+#define AA_MAY_LINK			(1 << 4)
+#define AA_EXEC_INHERIT 		(1 << 5)
+#define AA_EXEC_UNCONSTRAINED		(1 << 6)
+#define AA_EXEC_PROFILE			(1 << 7)
+#define AA_EXEC_MMAP			(1 << 8)
+#define AA_EXEC_UNSAFE			(1 << 9)
 #define AA_EXEC_MODIFIERS		(AA_EXEC_INHERIT | \
 					 AA_EXEC_UNCONSTRAINED | \
 					 AA_EXEC_PROFILE)
-#define KERN_EXEC_MODIFIERS(X)	(X & AA_EXEC_MODIFIERS)
 
+#if 0
 /* Network subdomain extensions.  */
-#define AA_TCP_CONNECT		(0x01 << POS_AA_TCP_CONNECT)
-#define AA_TCP_ACCEPT		(0x01 << POS_AA_TCP_ACCEPT)
-#define AA_TCP_CONNECTED	(0x01 << POS_AA_TCP_CONNECTED)
-#define AA_TCP_ACCEPTED		(0x01 << POS_AA_TCP_ACCEPTED)
-#define AA_UDP_SEND		(0x01 << POS_AA_UDP_SEND)
-#define AA_UDP_RECEIVE		(0x01 << POS_AA_UDP_RECEIVE)
+#define AA_TCP_CONNECT			(1 << 16)
+#define AA_TCP_ACCEPT			(1 << 17)
+#define AA_TCP_CONNECTED		(1 << 18)
+#define AA_TCP_ACCEPTED			(1 << 19)
+#define AA_UDP_SEND			(1 << 20)
+#define AA_UDP_RECEIVE			(1 << 21)
 
-#define AA_LOGTCP_SEND		(0x01 << POS_AA_LOGTCP_SEND)
-#define AA_LOGTCP_RECEIVE	(0x01 << POS_AA_LOGTCP_RECEIVE)
-#define AA_INVALID_PERM		(0x01 << POS_AA_INVALID_POS)
+/* logging only */
+#define AA_LOGTCP_SEND			(1 << 22)
+#define AA_LOGTCP_RECEIVE		(1 << 23)
+#endif
 
 #define AA_HAT_SIZE	975	/* Maximum size of a subdomain
 					 * ident (hat) */
@@ -107,7 +75,6 @@ enum pattern_t {
 #define AA_NOXMODS_PERM_MASK		(AA_MAY_EXEC | AA_MAY_WRITE | \
 					 AA_MAY_READ | AA_MAY_LINK | \
 					 AA_EXEC_MMAP)
-#define AA_VALID_PERM_MASK		((1 << (POS_AA_MAX + 1)) - 1)
 
 #define SINGLE_BIT_SET(X) (!((X) & ((X) - 1)))
 #define AA_EXEC_SINGLE_MODIFIER_SET(X) SINGLE_BIT_SET(((X) & AA_EXEC_MODIFIERS))
diff --git a/parser/parser_merge.c b/parser/parser_merge.c
index 59d322791..0a2df6c6e 100644
--- a/parser/parser_merge.c
+++ b/parser/parser_merge.c
@@ -83,11 +83,11 @@ static int process_file_entries(struct codomain *cod)
 	for (cur = table[0], next = table[1], n = 1; next != NULL; n++, next = table[n]) {
 		if (file_comp(&cur, &next) == 0) {
 			int conflict = CHECK_CONFLICT_UNSAFE(cur->mode, next->mode);
+
 			cur->mode |= next->mode;
 			/* check for merged x consistency */
 			if (HAS_MAY_EXEC(cur->mode) &&
-			    ((KERN_EXEC_MODIFIERS(cur->mode) &
-			      (KERN_EXEC_MODIFIERS(cur->mode) - 1)) ||
+			    (!AA_EXEC_SINGLE_MODIFIER_SET(cur->mode) ||
 			     conflict)) {
 				PERROR(_("profile %s: has merged rule %s with multiple x modifiers\n"),
 				       cod->name, cur->name);