diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 7566bba64..5f21f0fb6 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,3 +1,4 @@
+- Additional MLS interfaces from Chad Hanson.
- Move some rules out of domain_type() and domain_base_type()
to the TE file, to use the domain attribute to take advantage
of space savings from attribute use.
diff --git a/refpolicy/policy/modules/kernel/mls.if b/refpolicy/policy/modules/kernel/mls.if
index 850ae8eed..3b38c8377 100644
--- a/refpolicy/policy/modules/kernel/mls.if
+++ b/refpolicy/policy/modules/kernel/mls.if
@@ -18,7 +18,7 @@
##
##
##
-## The type of the process performing this action.
+## Domain allowed access.
##
##
#
@@ -37,7 +37,7 @@ interface(`mls_file_read_up',`
##
##
##
-## The type of the process performing this action.
+## Domain allowed access.
##
##
#
@@ -56,7 +56,7 @@ interface(`mls_file_write_down',`
##
##
##
-## The type of the process performing this action.
+## Domain allowed access.
##
##
#
@@ -75,7 +75,7 @@ interface(`mls_file_upgrade',`
##
##
##
-## The type of the process performing this action.
+## Domain allowed access.
##
##
#
@@ -87,6 +87,124 @@ interface(`mls_file_downgrade',`
typeattribute $1 mlsfiledowngrade;
')
+########################################
+##
+## Make specified domain MLS trusted
+## for reading from sockets at any level.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`mls_socket_read_all_levels',`
+ gen_require(`
+ attribute mlsnetread;
+ ')
+
+ typeattribute $1 mlsnetread;
+')
+
+########################################
+##
+## Make specified domain MLS trusted
+## for reading from sockets at any level
+## that is dominated by the process clearance.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`mls_socket_read_to_clearance',`
+ gen_require(`
+ attribute mlsnetreadtoclr;
+ ')
+
+ typeattribute $1 mlsnetreadtoclr;
+')
+
+########################################
+##
+## Make specified domain MLS trusted
+## for writing to sockets at any level.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`mls_socket_write_all_levels',`
+ gen_require(`
+ attribute mlsnetwrite;
+ ')
+
+ typeattribute $1 mlsnetwrite;
+')
+
+########################################
+##
+## Make specified domain MLS trusted
+## for receiving network data from
+## network interfaces or hosts at any level.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`mls_net_receive_all_levels',`
+ gen_require(`
+ attribute mlsnetrecvall;
+ ')
+
+ typeattribute $1 mlsnetrecvall;
+')
+
+########################################
+##
+## Make specified domain MLS trusted
+## for reading from System V IPC objects
+## at any level.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`mls_sysvipc_read_all_levels',`
+ gen_require(`
+ attribute mlsipcread;
+ ')
+
+ typeattribute $1 mlsipcread;
+')
+
+########################################
+##
+## Make specified domain MLS trusted
+## for writing to System V IPC objects
+## at any level.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`mls_sysvipc_write_all_levels',`
+ gen_require(`
+ attribute mlsipcwrite;
+ ')
+
+ typeattribute $1 mlsipcwrite;
+')
+
########################################
##
## Allow the specified domain to do a MLS
@@ -95,7 +213,7 @@ interface(`mls_file_downgrade',`
##
##
##
-## The type of the process performing this action.
+## Domain allowed access.
##
##
#
@@ -115,7 +233,7 @@ interface(`mls_rangetrans_source',`
##
##
##
-## The type of the process performing this action.
+## Domain allowed access.
##
##
#
@@ -134,7 +252,7 @@ interface(`mls_rangetrans_target',`
##
##
##
-## The type of the process performing this action.
+## Domain allowed access.
##
##
#
@@ -153,7 +271,7 @@ interface(`mls_process_read_up',`
##
##
##
-## The type of the process performing this action.
+## Domain allowed access.
##
##
#
@@ -173,7 +291,7 @@ interface(`mls_process_write_down',`
##
##
##
-## The type of the process performing this action.
+## Domain allowed access.
##
##
#
@@ -185,6 +303,81 @@ interface(`mls_process_set_level',`
typeattribute $1 mlsprocsetsl;
')
+########################################
+##
+## Make specified domain MLS trusted
+## for reading from X objects at any level.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`mls_xwin_read_all_levels',`
+ gen_require(`
+ attribute mlsxwinread;
+ ')
+
+ typeattribute $1 mlsxwinread;
+')
+
+########################################
+##
+## Make specified domain MLS trusted
+## for writing to X objects at any level.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`mls_xwin_write_all_levels',`
+ gen_require(`
+ attribute mlsxwinwrite;
+ ')
+
+ typeattribute $1 mlsxwinwrite;
+')
+
+########################################
+##
+## Make specified domain MLS trusted
+## for reading from X colormaps at any level.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`mls_colormap_read_all_levels',`
+ gen_require(`
+ attribute mlsxwinreadcolormap;
+ ')
+
+ typeattribute $1 mlsxwinreadcolormap;
+')
+
+########################################
+##
+## Make specified domain MLS trusted
+## for writing to X colormaps at any level.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`mls_colormap_write_all_levels',`
+ gen_require(`
+ attribute mlsxwinwritecolormap;
+ ')
+
+ typeattribute $1 mlsxwinwritecolormap;
+')
########################################
##