diff --git a/policy/mls b/policy/mls
index 70ed8087d..3603de11b 100644
--- a/policy/mls
+++ b/policy/mls
@@ -209,14 +209,16 @@ mlsconstrain unix_stream_socket connectto
 	 (( t1 == mlsnetwriteranged ) and ( l1 dom l2 ) and ( l1 domby h2 )) or
 	 (( t1 == mlsnetwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
 	 ( t1 == mlsnetwrite ) or
-	 ( t2 == mlstrustedobject ));
+	 ( t2 == mlstrustedobject ) or
+	 ( t2 == mlstrustedsocket ));
 
 mlsconstrain unix_dgram_socket sendto
 	(( l1 eq l2 ) or 
 	 (( t1 == mlsnetwriteranged ) and ( l1 dom l2 ) and ( l1 domby h2 )) or
 	 (( t1 == mlsnetwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
 	 ( t1 == mlsnetwrite ) or
-	 ( t2 == mlstrustedobject ));
+	 ( t2 == mlstrustedobject ) or
+	 ( t2 == mlstrustedsocket ));
 
 # these access vectors have no MLS restrictions
 # { socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket } { ioctl create lock append bind sendto send_msg name_bind }
diff --git a/policy/modules/kernel/mls.if b/policy/modules/kernel/mls.if
index d178478da..27d64010a 100644
--- a/policy/modules/kernel/mls.if
+++ b/policy/modules/kernel/mls.if
@@ -800,6 +800,33 @@ interface(`mls_trusted_object',`
 	typeattribute $1 mlstrustedobject;
 ')
 
+########################################
+## <summary>
+##	Make specified socket MLS trusted.
+## </summary>
+## <desc>
+##	<p>
+##	Make specified socket MLS trusted. For sockets
+##	marked as such, this allows all levels to:
+##	 * sendto to unix_dgram_sockets
+##	 * connectto to unix_stream_sockets
+##	respectively.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	The type of the object.
+##	</summary>
+## </param>
+#
+interface(`mls_trusted_socket',`
+	gen_require(`
+		attribute mlstrustedsocket;
+	')
+
+	typeattribute $1 mlstrustedsocket;
+')
+
 ########################################
 ## <summary>
 ##	Make the specified domain trusted
diff --git a/policy/modules/kernel/mls.te b/policy/modules/kernel/mls.te
index 8c7bd90d2..832f83f84 100644
--- a/policy/modules/kernel/mls.te
+++ b/policy/modules/kernel/mls.te
@@ -56,6 +56,7 @@ attribute mlsdbupgrade;
 attribute mlsdbdowngrade;
 
 attribute mlstrustedobject;
+attribute mlstrustedsocket;
 
 attribute privrangetrans;
 attribute mlsrangetrans;
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 1d26a4f97..822114b64 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -68,6 +68,7 @@ type syslogd_t;
 type syslogd_exec_t;
 init_daemon_domain(syslogd_t, syslogd_exec_t)
 init_named_socket_activation(syslogd_t, syslogd_var_run_t)
+mls_trusted_socket(syslogd_t)
 
 type syslogd_initrc_exec_t;
 init_script_file(syslogd_initrc_exec_t)