diff --git a/Changelog b/Changelog
index 9de9e4aa..017d2ce0 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Database labeled networking update from KaiGai Kohei.
 - Several misc changes from the Fedora policy, cherry picked by David
   Hrdeman.
 - Large whitespace fix from Dominick Grift.
diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if
index e590e67d..630b5e3d 100644
--- a/policy/modules/services/apache.if
+++ b/policy/modules/services/apache.if
@@ -189,10 +189,6 @@ template(`apache_content_template',`
 		corenet_udp_sendrecv_all_nodes(httpd_$1_script_t)
 		corenet_tcp_sendrecv_all_ports(httpd_$1_script_t)
 		corenet_udp_sendrecv_all_ports(httpd_$1_script_t)
-		corenet_tcp_connect_postgresql_port(httpd_$1_script_t)
-		corenet_tcp_connect_mysqld_port(httpd_$1_script_t)
-		corenet_sendrecv_postgresql_client_packets(httpd_$1_script_t)
-		corenet_sendrecv_mysqld_client_packets(httpd_$1_script_t)
 
 		sysnet_read_config(httpd_$1_script_t)
 	')
@@ -219,6 +215,12 @@ template(`apache_content_template',`
 		mta_send_mail(httpd_$1_script_t)
 	')
 
+	optional_policy(`
+		tunable_policy(`httpd_enable_cgi && httpd_can_network_connect_db',`
+			mysql_tcp_connect(httpd_$1_script_t)
+		')
+	')
+
 	optional_policy(`
 		tunable_policy(`httpd_enable_cgi && allow_ypbind',`
 			nis_use_ypbind_uncond(httpd_$1_script_t)
@@ -227,6 +229,10 @@ template(`apache_content_template',`
 
 	optional_policy(`
 		postgresql_unpriv_client(httpd_$1_script_t)
+
+		tunable_policy(`httpd_enable_cgi && httpd_can_network_connect_db',`
+			postgresql_tcp_connect(httpd_$1_script_t)
+		')
 	')
 
 	optional_policy(`
diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
index be431955..f08dbee9 100644
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -1,5 +1,5 @@
 
-policy_module(apache, 1.10.0)
+policy_module(apache, 1.10.1)
 
 #
 # NOTES: 
@@ -459,8 +459,7 @@ optional_policy(`
 	mysql_rw_db_sockets(httpd_t)
 
 	tunable_policy(`httpd_can_network_connect_db',`
-		corenet_tcp_connect_mysqld_port(httpd_t)
-		corenet_sendrecv_mysqld_client_packets(httpd_t)
+		mysql_tcp_connect(httpd_t)
 	')
 ')
 
diff --git a/policy/modules/services/mysql.if b/policy/modules/services/mysql.if
index 75b34764..ba21f5f9 100644
--- a/policy/modules/services/mysql.if
+++ b/policy/modules/services/mysql.if
@@ -18,6 +18,27 @@ interface(`mysql_signal',`
 	allow $1 mysqld_t:process signal;
 ')
 
+########################################
+## <summary>
+##	Allow the specified domain to connect to postgresql with a tcp socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`mysql_tcp_connect',`
+	gen_require(`
+		type mysqld_t;
+	')
+
+	corenet_tcp_recvfrom_labeled($1, mysqld_t)
+	corenet_tcp_sendrecv_mysqld_port($1)
+	corenet_tcp_connect_mysqld_port($1)
+	corenet_sendrecv_mysqld_client_packets($1)
+')
+
 ########################################
 ## <summary>
 ##	Connect to MySQL using a unix domain stream socket.
diff --git a/policy/modules/services/mysql.te b/policy/modules/services/mysql.te
index e19ce511..5ec048a8 100644
--- a/policy/modules/services/mysql.te
+++ b/policy/modules/services/mysql.te
@@ -1,5 +1,5 @@
 
-policy_module(mysql, 1.8.0)
+policy_module(mysql, 1.8.1)
 
 ########################################
 #
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index cb8974e2..c923e6fb 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -1283,3 +1283,38 @@ interface(`init_manage_utmp',`
 	files_search_pids($1)
 	allow $1 initrc_var_run_t:file manage_file_perms;
 ')
+
+########################################
+## <summary>
+##	Allow the specified domain to connect to daemon with a tcp socket
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`init_tcp_recvfrom_all_daemons',`
+	gen_require(`
+		attribute daemon;
+	')
+
+	corenet_tcp_recvfrom_labeled($1, daemon)
+')
+
+########################################
+## <summary>
+##	Allow the specified domain to connect to daemon with a udp socket
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`init_udp_recvfrom_all_daemons',`
+	gen_require(`
+		attribute daemon;
+	')
+	corenet_udp_recvfrom_labeled($1, daemon)
+')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 0e457ddf..51b714c6 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,5 +1,5 @@
 
-policy_module(init, 1.11.1)
+policy_module(init, 1.11.2)
 
 gen_require(`
 	class passwd rootok;
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index d52771fd..96d11e21 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -549,6 +549,13 @@ template(`userdom_basic_networking_template',`
 	corenet_tcp_connect_all_ports($1_t)
 	corenet_sendrecv_all_client_packets($1_t)
 
+	corenet_all_recvfrom_labeled($1_t, $1_t)
+
+	optional_policy(`
+		init_tcp_recvfrom_all_daemons($1_t)
+		init_udp_recvfrom_all_daemons($1_t)
+	')
+
 	optional_policy(`
 		ipsec_match_default_spd($1_t)
 	')
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 1359791c..8c29e89e 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -1,5 +1,5 @@
 
-policy_module(userdomain, 3.1.0)
+policy_module(userdomain, 3.1.1)
 
 ########################################
 #