diff --git a/public/init.te b/public/init.te
index 2e2e16cfcd9d11081604c66a8b55d6268ec83476..bfbf6d163fb58b3aa08cbdeab98bc3f5a6ff92a2 100644
--- a/public/init.te
+++ b/public/init.te
@@ -347,10 +347,10 @@ allow init system_data_file:lnk_file r_file_perms;
 ### neverallow rules
 ###
 
-# The init domain is only entered via setcon from the kernel domain,
-# never via an exec-based transition.
+# The init domain is only entered via an exec based transition from the
+# kernel domain, never via setcon().
 neverallow domain init:process dyntransition;
-neverallow { domain -kernel} init:process transition;
+neverallow { domain -kernel } init:process transition;
 neverallow init { file_type fs_type -init_exec }:file entrypoint;
 
 # Never read/follow symlinks created by shell or untrusted apps.