Rename mount_read_mount_loopback() to mount_read_loopback_file().

Also make kernel block optional since the calls are to a higher layer.

policy/modules/kernel/kernel.te

@@ -287,9 +287,6 @@ files_list_etc(kernel_t)
 files_list_home(kernel_t)
 files_read_usr_files(kernel_t)
 
-mount_use_fds(kernel_t)
-mount_read_mount_loopback(kernel_t)
-
 mcs_process_set_categories(kernel_t)
 
 mls_process_read_up(kernel_t)
@@ -319,6 +316,11 @@ optional_policy(`
 	logging_send_syslog_msg(kernel_t)
 ')
 
+optional_policy(`
+	mount_use_fds(kernel_t)
+	mount_read_loopback_file(kernel_t)
+')
+
 optional_policy(`
 	nis_use_ypbind(kernel_t)
 ')

policy/modules/system/mount.if

@@ -184,7 +184,7 @@ interface(`mount_run_unconfined',`
 ##	</summary>
 ## </param>
 #
-interface(`mount_read_mount_loopback',`
+interface(`mount_read_loopback_file',`
 	gen_require(`
 		type mount_t;
 	')

policy/modules/system/mount.te

@@ -43,7 +43,7 @@ application_domain(unconfined_mount_t, mount_exec_t)
 # setuid/setgid needed to mount cifs
 allow mount_t self:capability { ipc_lock sys_rawio sys_admin dac_override chown sys_tty_config setuid setgid };
 
-mount_read_mount_loopback(mount_t)
+mount_read_loopback_file(mount_t)
 
 allow mount_t mount_tmp_t:file manage_file_perms;
 allow mount_t mount_tmp_t:dir manage_dir_perms;