Remove excessive permission in udev_manage_rules_files() and move the interface up in the .if file. Module version bump for d56b33a.

policy/modules/system/udev.if

@@ -130,6 +130,24 @@ interface(`udev_dontaudit_rw_dgram_sockets',`
 	dontaudit $1 udev_t:unix_dgram_socket { read write };
 ')
 
+########################################
+## <summary>
+##	Manage udev rules files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`udev_manage_rules_files',`
+	gen_require(`
+		type udev_rules_t;
+	')
+
+	manage_files_pattern($1, udev_rules_t, udev_rules_t)
+')
+
 ########################################
 ## <summary>
 ##	Do not audit search of udev database directories.
@@ -213,22 +231,3 @@ interface(`udev_manage_pid_files',`
 	files_search_var_lib($1)
 	manage_files_pattern($1, udev_var_run_t, udev_var_run_t)
 ')
-
-########################################
-## <summary>
-##	Manage udev rules files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`udev_manage_rules_files',`
-	gen_require(`
-		type udev_rules_t;
-	')
-
-	manage_dirs_pattern($1, udev_rules_t, udev_rules_t)
-	manage_files_pattern($1, udev_rules_t, udev_rules_t)
-')

policy/modules/system/udev.te

@@ -1,5 +1,5 @@
 
-policy_module(udev, 1.11.2)
+policy_module(udev, 1.11.3)
 
 ########################################
 #