diff --git a/cups.te b/cups.te
index a600239..194655a 100644
--- a/cups.te
+++ b/cups.te
@@ -658,6 +658,8 @@ read_files_pattern(hplip_t, hplip_etc_t, hplip_etc_t)
 read_lnk_files_pattern(hplip_t, hplip_etc_t, hplip_etc_t)
 files_search_etc(hplip_t)
 
+allow hplip_t cups_unit_file_t:file read_file_perms;
+
 manage_files_pattern(hplip_t, hplip_var_lib_t, hplip_var_lib_t)
 manage_lnk_files_pattern(hplip_t, hplip_var_lib_t, hplip_var_lib_t)
 
@@ -675,6 +677,9 @@ files_pid_filetrans(hplip_t, hplip_var_run_t, file)
 kernel_read_system_state(hplip_t)
 kernel_read_kernel_sysctls(hplip_t)
 
+# for python
+corecmd_exec_bin(hplip_t)
+
 corenet_all_recvfrom_netlabel(hplip_t)
 corenet_tcp_sendrecv_generic_if(hplip_t)
 corenet_udp_sendrecv_generic_if(hplip_t)
@@ -700,13 +705,6 @@ dev_read_rand(hplip_t)
 dev_rw_generic_usb_dev(hplip_t)
 dev_rw_usbfs(hplip_t)
 
-fs_getattr_all_fs(hplip_t)
-fs_search_auto_mountpoints(hplip_t)
-fs_rw_anon_inodefs_files(hplip_t)
-
-# for python
-corecmd_exec_bin(hplip_t)
-
 domain_use_interactive_fds(hplip_t)
 
 files_read_etc_files(hplip_t)
@@ -714,6 +712,12 @@ files_read_etc_runtime_files(hplip_t)
 files_read_usr_files(hplip_t)
 files_dontaudit_write_usr_dirs(hplip_t)
 
+fs_getattr_all_fs(hplip_t)
+fs_search_auto_mountpoints(hplip_t)
+fs_rw_anon_inodefs_files(hplip_t)
+
+term_use_ptmx(hplip_t)
+
 auth_read_passwd(hplip_t)
 
 logging_send_syslog_msg(hplip_t)