Comment 4 for bug 1370930

Actually, I see more Ux rules. Try this instead (also untested):
  /usr/bin/hpijs Cx -> third_party,
  /usr/Brother/** Cx -> third_party,
  /usr/lib/cups/backend/* Cx -> third_party,
  /usr/lib/cups/filter/** Cxr -> third_party,
  /usr/lib/cups/driver/* Cxr -> third_party,
  signal (send) peer=third_party,
  profile third_party {
    file,
    capability,
    network,
    audit deny capability mac_admin,
    dbus,
    signal,
    ptrace,
    unix,
  }