From 0b978fe777c113866db5331f0065e4471de8f53a Mon Sep 17 00:00:00 2001
From: Chris PeBenito <pebenito@ieee.org>
Date: Wed, 7 Sep 2016 17:51:42 -0400
Subject: [PATCH] userdomain: Move enable_mls block in
 userdom_common_user_template().

---
 policy/modules/system/userdomain.if | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 286d192b5..494c723cb 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -568,6 +568,17 @@ template(`userdom_common_user_template',`
 	# to this one.
 	seutil_dontaudit_signal_newrole($1_t)
 
+	ifndef(`enable_mls',`
+		tunable_policy(`user_write_removable',`
+			# Read/write floppies and other removable devices
+			storage_raw_read_removable_device($1_t)
+			storage_raw_write_removable_device($1_t)
+		',`
+			# Read floppies
+			storage_raw_read_removable_device($1_t)
+		')
+	')
+
 	tunable_policy(`user_direct_mouse',`
 		dev_read_mouse($1_t)
 	')
@@ -583,17 +594,6 @@ template(`userdom_common_user_template',`
 		term_getattr_all_ttys($1_t)
 	')
 
-	ifndef(`enable_mls',`
-		tunable_policy(`user_write_removable',`
-			# Read/write floppies and other removable devices
-			storage_raw_read_removable_device($1_t)
-			storage_raw_write_removable_device($1_t)
-		',`
-			# Read floppies
-			storage_raw_read_removable_device($1_t)
-		')
-	')
-
 	tunable_policy(`user_write_removable',`
 		# Read/write USB devices (e.g. external removable USB mass storage devices)
 		dev_rw_generic_usb_dev($1_t)