diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
index 9cdaeda..d2deefe 100644
--- a/policy/modules/admin/sudo.if
+++ b/policy/modules/admin/sudo.if
@@ -83,10 +83,25 @@ template(`sudo_role_template',`
 	kernel_read_system_state($1_sudo_t)
 	kernel_link_key($1_sudo_t)
 
+	corecmd_read_bin_symlinks($1_sudo_t)
+	corecmd_getattr_all_executables($1_sudo_t)
+
 	dev_read_urand($1_sudo_t)
 	dev_rw_generic_usb_dev($1_sudo_t)
 	dev_read_sysfs($1_sudo_t)
 
+	domain_use_interactive_fds($1_sudo_t)
+	domain_sigchld_interactive_fds($1_sudo_t)
+	domain_getattr_all_entry_files($1_sudo_t)
+
+	files_read_etc_files($1_sudo_t)
+	files_read_var_files($1_sudo_t)
+	files_read_usr_symlinks($1_sudo_t)
+	files_getattr_usr_files($1_sudo_t)
+	# for some PAM modules and for cwd
+	files_dontaudit_search_home($1_sudo_t)
+	files_list_tmp($1_sudo_t)
+
 	fs_search_auto_mountpoints($1_sudo_t)
 	fs_getattr_xattr_fs($1_sudo_t)
 
@@ -101,21 +116,6 @@ template(`sudo_role_template',`
 	auth_manage_pam_pid($1_sudo_t)
 	auth_use_nsswitch($1_sudo_t)
 
-	corecmd_read_bin_symlinks($1_sudo_t)
-	corecmd_getattr_all_executables($1_sudo_t)
-
-	domain_use_interactive_fds($1_sudo_t)
-	domain_sigchld_interactive_fds($1_sudo_t)
-	domain_getattr_all_entry_files($1_sudo_t)
-
-	files_read_etc_files($1_sudo_t)
-	files_read_var_files($1_sudo_t)
-	files_read_usr_symlinks($1_sudo_t)
-	files_getattr_usr_files($1_sudo_t)
-	# for some PAM modules and for cwd
-	files_dontaudit_search_home($1_sudo_t)
-	files_list_tmp($1_sudo_t)
-
 	init_rw_utmp($1_sudo_t)
 
 	logging_send_audit_msgs($1_sudo_t)