diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 8650b17..b8d770d 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -877,10 +877,6 @@ allow xserver_t self:udp_socket create_socket_perms;
 allow xserver_t self:netlink_selinux_socket create_socket_perms;
 allow xserver_t self:netlink_kobject_uevent_socket create_socket_perms;
 
-# Device rules
-allow x_domain xserver_t:x_device { read getattr use setattr setfocus grab bell };
-allow x_domain xserver_t:x_screen getattr;
-
 allow xserver_t { input_xevent_t input_xevent_type }:x_event send;
 
 domtrans_pattern(xserver_t, xauth_exec_t, xauth_t)
@@ -1276,6 +1272,10 @@ allow x_domain self:x_resource { read write };
 # can mess with the screensaver
 allow x_domain xserver_t:x_screen { getattr saver_getattr };
 
+# Device rules
+allow x_domain xserver_t:x_device { read getattr use setattr setfocus grab bell };
+allow x_domain xserver_t:x_screen getattr;
+
 ########################################
 #
 # Rules for unconfined access to this module