init: Revise conditions in init_startstop_service().

Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>

policy/modules/system/init.if

@@ -1728,28 +1728,29 @@ interface(`init_startstop_service',`
 		role system_r;
 	')
 
-	ifndef(`direct_sysadm_daemon',`
+	# sysvinit/upstart systems will need to use run_init
-		ifdef(`distro_gentoo',`
+	# if not using direct_sysadm_daemon.
-			# for OpenRC
+	ifdef(`direct_sysadm_daemon',`
-			seutil_labeled_init_script_run_runinit($1, $2, $4)
+		init_labeled_script_domtrans($1, $4)
-		',`
+		domain_system_change_exemption($1)
-			# rules for sysvinit / upstart
+		role_transition $2 $4 system_r;
-			init_labeled_script_domtrans($1, $4)
+		allow $2 system_r;
-			domain_system_change_exemption($1)
+	')
-			role_transition $2 $4 system_r;
-			allow $2 system_r;
-		')
 
-		ifdef(`init_systemd',`
+	ifdef(`distro_gentoo',`
-			# This ifelse condition is temporary, until
+		# for OpenRC
-			# all callers are updated to provide unit files.
+		seutil_labeled_init_script_run_runinit($1, $2, $4)
-			ifelse(`$5',`',`',`
+	')
-				gen_require(`
-					class service { start status stop };
-				')
 
-				allow $1 $5:service { start status stop };
+	ifdef(`init_systemd',`
+		# This ifelse condition is temporary, until
+		# all callers are updated to provide unit files.
+		ifelse(`$5',`',`',`
+			gen_require(`
+				class service { start status stop };
 			')
+
+			allow $1 $5:service { start status stop };
 		')
 	')
 ')