userdomain: Move enable_mls block in userdom_common_user_template().

policy/modules/system/userdomain.if

@@ -568,6 +568,17 @@ template(`userdom_common_user_template',`
 	# to this one.
 	seutil_dontaudit_signal_newrole($1_t)
 
+	ifndef(`enable_mls',`
+		tunable_policy(`user_write_removable',`
+			# Read/write floppies and other removable devices
+			storage_raw_read_removable_device($1_t)
+			storage_raw_write_removable_device($1_t)
+		',`
+			# Read floppies
+			storage_raw_read_removable_device($1_t)
+		')
+	')
+
 	tunable_policy(`user_direct_mouse',`
 		dev_read_mouse($1_t)
 	')
@@ -583,17 +594,6 @@ template(`userdom_common_user_template',`
 		term_getattr_all_ttys($1_t)
 	')
 
-	ifndef(`enable_mls',`
-		tunable_policy(`user_write_removable',`
-			# Read/write floppies and other removable devices
-			storage_raw_read_removable_device($1_t)
-			storage_raw_write_removable_device($1_t)
-		',`
-			# Read floppies
-			storage_raw_read_removable_device($1_t)
-		')
-	')
-
 	tunable_policy(`user_write_removable',`
 		# Read/write USB devices (e.g. external removable USB mass storage devices)
 		dev_rw_generic_usb_dev($1_t)