fix encapsulation problem

refpolicy/policy/modules/services/mta.if

@@ -463,7 +463,7 @@ interface(`mta_exec',`
 ##	Read mail server configuration.
 ## </summary>
 ## <param name="domain">
-##	The type of the process performing this action.
+##	Domain allowed access.
 ## </param>
 #
 interface(`mta_read_config',`
@@ -482,7 +482,7 @@ interface(`mta_read_config',`
 ##	Read mail address aliases.
 ## </summary>
 ## <param name="domain">
-##	The type of the process performing this action.
+##	Domain allowed access.
 ## </param>
 #
 interface(`mta_read_aliases',`
@@ -495,6 +495,23 @@ interface(`mta_read_aliases',`
 	allow $1 etc_aliases_t:file r_file_perms;
 ')
 
+########################################
+## <summary>
+##	Type transition files created in /etc
+##	to the mail address aliases type.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`mta_filetrans_etc_aliases',`
+	gen_require(`
+		type etc_aliases_t;
+	')
+
+	files_filetrans_etc($1,etc_aliases_t, file)
+')
+
 #######################################
 #
 # mta_rw_aliases(domain)

refpolicy/policy/modules/services/mta.te

@@ -129,10 +129,6 @@ optional_policy(`logwatch',`
 	logwatch_read_tmp_files(system_mail_t)
 ')
 
-#optional_policy(`sendmail',`
-#	files_filetrans_etc(sendmail_t,etc_aliases_t, file)
-#')
-
 optional_policy(`postfix',`
 	allow system_mail_t etc_aliases_t:dir create_dir_perms;
 	allow system_mail_t etc_aliases_t:file create_file_perms;

refpolicy/policy/modules/services/sendmail.te

@@ -92,6 +92,7 @@ sysnet_read_config(sendmail_t)
 userdom_dontaudit_use_unpriv_user_fd(sendmail_t)
 userdom_dontaudit_search_sysadm_home_dir(sendmail_t)
 
+mta_filetrans_etc_aliases(sendmail_t)
 # Write to /etc/aliases and /etc/mail.
 mta_rw_aliases(sendmail_t)
 # Write to /var/spool/mail and /var/spool/mqueue.