Move rules from mta mailserver delivery from interface to .te to use the attribute.

policy/modules/services/mta.if

@@ -310,26 +310,6 @@ interface(`mta_mailserver_delivery',`
 	')
 
 	typeattribute $1 mailserver_delivery;
-
-	allow $1 mail_spool_t:dir list_dir_perms;
-	create_files_pattern($1, mail_spool_t, mail_spool_t)
-	read_files_pattern($1, mail_spool_t, mail_spool_t)
-	append_files_pattern($1, mail_spool_t, mail_spool_t)
-	create_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
-	read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
-
-	optional_policy(`
-		dovecot_manage_spool($1)
-		dovecot_domtrans_deliver($1)
-	')
-
-	optional_policy(`
-		# so MTA can access /var/lib/mailman/mail/wrapper
-		files_search_var_lib($1)
-
-		mailman_domtrans($1)
-		mailman_read_data_symlinks($1)
-	')
 ')
 
 #######################################

policy/modules/services/mta.te

@@ -209,6 +209,13 @@ optional_policy(`
 # Mailserver delivery local policy
 #
 
+allow mailserver_delivery mail_spool_t:dir list_dir_perms;
+create_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
+read_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
+append_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
+create_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
+read_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
+
 read_files_pattern(mailserver_delivery, mail_forward_t, mail_forward_t)
 
 read_files_pattern(mailserver_delivery, system_mail_tmp_t, system_mail_tmp_t)
@@ -225,6 +232,19 @@ tunable_policy(`use_nfs_home_dirs',`
 	fs_manage_nfs_symlinks(mailserver_delivery)
 ')
 
+optional_policy(`
+	dovecot_manage_spool(mailserver_delivery)
+	dovecot_domtrans_deliver(mailserver_delivery)
+')
+
+optional_policy(`
+	# so MTA can access /var/lib/mailman/mail/wrapper
+	files_search_var_lib(mailserver_delivery)
+
+	mailman_domtrans(mailserver_delivery)
+	mailman_read_data_symlinks(mailserver_delivery)
+')
+
 ########################################
 #
 # User send mail local policy