diff --git a/policy/modules/system/fstools.te b/policy/modules/system/fstools.te
index 4908372..5feb739 100644
--- a/policy/modules/system/fstools.te
+++ b/policy/modules/system/fstools.te
@@ -65,7 +65,13 @@ kernel_getattr_core_if(fsadm_t)
 kernel_rw_unlabeled_dirs(fsadm_t)
 kernel_rw_unlabeled_blk_files(fsadm_t)
 
-files_getattr_boot_dirs(fsadm_t)
+corecmd_exec_bin(fsadm_t)
+#RedHat bug #201164
+corecmd_exec_shell(fsadm_t)
+# cjp: these are probably not needed:
+corecmd_read_bin_files(fsadm_t)
+corecmd_read_bin_pipes(fsadm_t)
+corecmd_read_bin_sockets(fsadm_t)
 
 dev_getattr_all_chr_files(fsadm_t)
 dev_dontaudit_getattr_all_blk_files(fsadm_t)
@@ -86,6 +92,22 @@ dev_getattr_usbfs_dirs(fsadm_t)
 # Access to /dev/mapper/control
 dev_rw_lvm_control(fsadm_t)
 
+domain_use_interactive_fds(fsadm_t)
+
+files_getattr_boot_dirs(fsadm_t)
+files_list_home(fsadm_t)
+files_read_usr_files(fsadm_t)
+files_read_etc_files(fsadm_t)
+files_manage_lost_found(fsadm_t)
+files_manage_isid_type_dirs(fsadm_t)
+# Write to /etc/mtab.
+files_manage_etc_runtime_files(fsadm_t)
+files_etc_filetrans_etc_runtime(fsadm_t, file)
+# Access to /initrd devices
+files_rw_isid_type_dirs(fsadm_t)
+files_rw_isid_type_blk_files(fsadm_t)
+files_read_isid_type_files(fsadm_t)
+
 fs_search_auto_mountpoints(fsadm_t)
 fs_getattr_xattr_fs(fsadm_t)
 fs_rw_ramfs_pipes(fsadm_t)
@@ -96,6 +118,10 @@ fs_remount_xattr_fs(fsadm_t)
 fs_search_tmpfs(fsadm_t)
 fs_getattr_tmpfs_dirs(fsadm_t)
 fs_read_tmpfs_symlinks(fsadm_t)
+# Recreate /mnt/cdrom.
+files_manage_mnt_dirs(fsadm_t)
+# for tune2fs
+files_search_all(fsadm_t)
 
 mls_file_read_all_levels(fsadm_t)
 mls_file_write_all_levels(fsadm_t)
@@ -109,35 +135,6 @@ storage_swapon_fixed_disk(fsadm_t)
 
 term_use_console(fsadm_t)
 
-corecmd_exec_bin(fsadm_t)
-#RedHat bug #201164
-corecmd_exec_shell(fsadm_t)
-
-# cjp: these are probably not needed:
-corecmd_read_bin_files(fsadm_t)
-corecmd_read_bin_pipes(fsadm_t)
-corecmd_read_bin_sockets(fsadm_t)
-
-domain_use_interactive_fds(fsadm_t)
-
-files_list_home(fsadm_t)
-files_read_usr_files(fsadm_t)
-files_read_etc_files(fsadm_t)
-files_manage_lost_found(fsadm_t)
-files_manage_isid_type_dirs(fsadm_t)
-# Write to /etc/mtab.
-files_manage_etc_runtime_files(fsadm_t)
-files_etc_filetrans_etc_runtime(fsadm_t, file)
-# Access to /initrd devices
-files_rw_isid_type_dirs(fsadm_t)
-files_rw_isid_type_blk_files(fsadm_t)
-files_read_isid_type_files(fsadm_t)
-
-# Recreate /mnt/cdrom.
-files_manage_mnt_dirs(fsadm_t)
-# for tune2fs
-files_search_all(fsadm_t)
-
 init_use_fds(fsadm_t)
 init_use_script_ptys(fsadm_t)
 init_dontaudit_getattr_initctl(fsadm_t)