diff --git a/policy/mls b/policy/mls
index 3dbbaaf1..5105b174 100644
--- a/policy/mls
+++ b/policy/mls
@@ -570,8 +570,13 @@ mlsconstrain xinput { setattr relabelinput }
# MLS policy for the dbus class
#
+mlsconstrain dbus { send_msg }
+ (( l1 eq l2 ) or
+ ( t1 == mlsdbussend ) or
+ ( t2 == mlsdbusrecv ));
+
# these access vectors have no MLS restrictions
-# dbus { acquire_svc send_msg }
+# dbus { acquire_svc }
diff --git a/policy/modules/kernel/mls.if b/policy/modules/kernel/mls.if
index eb1945e5..a24f121d 100644
--- a/policy/modules/kernel/mls.if
+++ b/policy/modules/kernel/mls.if
@@ -859,3 +859,44 @@ interface(`mls_db_downgrade',`
typeattribute $1 mlsdbdowngrade;
')
+########################################
+##
+## Make specified domain MLS trusted
+## for sending dbus messages to
+## all levels.
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+#
+interface(`mls_dbus_send_all_levels',`
+ gen_require(`
+ attribute mlsdbussend;
+ ')
+
+ typeattribute $1 mlsdbussend;
+')
+
+########################################
+##
+## Make specified domain MLS trusted
+## for receiving dbus messages from
+## all levels.
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+#
+interface(`mls_dbus_recv_all_levels',`
+ gen_require(`
+ attribute mlsdbusrecv;
+ ')
+
+ typeattribute $1 mlsdbusrecv;
+')
diff --git a/policy/modules/kernel/mls.te b/policy/modules/kernel/mls.te
index a6e59587..b03867c0 100644
--- a/policy/modules/kernel/mls.te
+++ b/policy/modules/kernel/mls.te
@@ -1,5 +1,5 @@
-policy_module(mls,1.6.0)
+policy_module(mls,1.6.1)
########################################
#
@@ -61,3 +61,6 @@ attribute mlsfduse;
attribute mlsfdshare;
attribute mlstranslate;
+
+attribute mlsdbusrecv;
+attribute mlsdbussend;