diff --git a/policy/modules/apps/chromium.te b/policy/modules/apps/chromium.te
index 27f9d4066..6fe5f7c07 100644
--- a/policy/modules/apps/chromium.te
+++ b/policy/modules/apps/chromium.te
@@ -372,8 +372,15 @@ allow chromium_sandbox_t chromium_naclhelper_t:process share;
 allow chromium_naclhelper_t chromium_t:unix_stream_socket { getattr read write };
 allow chromium_naclhelper_t chromium_sandbox_t:unix_stream_socket { getattr read write };
 
+dev_read_sysfs(chromium_naclhelper_t)
+dev_read_urand(chromium_naclhelper_t)
+
 domain_mmap_low_uncond(chromium_naclhelper_t)
 
+kernel_list_proc(chromium_naclhelper_t)
+
+miscfiles_read_localization(chromium_naclhelper_t)
+
 userdom_use_user_ptys(chromium_naclhelper_t)
 
 tunable_policy(`chromium_read_system_info',`
@@ -383,9 +390,3 @@ tunable_policy(`chromium_read_system_info',`
 	kernel_dontaudit_read_kernel_sysctl(chromium_naclhelper_t)
 	kernel_dontaudit_read_system_state(chromium_naclhelper_t)
 ')
-
-dev_read_sysfs(chromium_naclhelper_t)
-dev_read_urand(chromium_naclhelper_t)
-kernel_list_proc(chromium_naclhelper_t)
-
-miscfiles_read_localization(chromium_naclhelper_t)