diff --git a/data/fprintd.service.in b/data/fprintd.service.in
index 02bd13e..ef20c1d 100644
--- a/data/fprintd.service.in
+++ b/data/fprintd.service.in
@@ -32,3 +32,8 @@ RestrictRealtime=true
 
 # Privilege escalation
 NoNewPrivileges=true
+
+# Protect clock, allow USB and SPI device access
+ProtectClock=yes
+DeviceAllow=char-usb_device rw
+DeviceAllow=char-spi rw