diff --git a/parser/parser.h b/parser/parser.h
index f704169e9..3e6bc3498 100644
--- a/parser/parser.h
+++ b/parser/parser.h
@@ -257,7 +257,9 @@ do {								\
 extern int perms_create;
 extern int net_af_max_override;
 extern int kernel_load;
+extern int kernel_policy_version;
 extern int kernel_supports_network;
+extern int kernel_supports_policydb;
 extern int kernel_supports_mount;
 extern int kernel_supports_dbus;
 extern int conf_verbose;
diff --git a/parser/parser_common.c b/parser/parser_common.c
index 0b3170f48..f75a6b0af 100644
--- a/parser/parser_common.c
+++ b/parser/parser_common.c
@@ -25,7 +25,9 @@
 int perms_create = 0;                   /* perms contain create flag */
 int net_af_max_override = -1;           /* use kernel to determine af_max */
 int kernel_load = 1;
+int kernel_policy_version = 5;		/* default to base version */
 int kernel_supports_network = 0;        /* kernel supports network rules */
+int kernel_supports_policydb = 0;	/* kernel supports new policydb */
 int kernel_supports_mount = 0;	        /* kernel supports mount rules */
 int kernel_supports_dbus = 0;		/* kernel supports dbus rules */
 int conf_verbose = 0;
diff --git a/parser/parser_interface.c b/parser/parser_interface.c
index f017fa95e..40e7f13f6 100644
--- a/parser/parser_interface.c
+++ b/parser/parser_interface.c
@@ -61,7 +61,6 @@
 #define SD_CODE_SIZE (sizeof(u8))
 #define SD_STR_LEN (sizeof(u16))
 
-#define SUBDOMAIN_INTERFACE_DFA_VERSION 5
 
 int __sd_serialize_profile(int option, Profile *prof);
 
@@ -683,7 +682,7 @@ int sd_serialize_top_profile(sd_serialize *p, Profile *profile)
 {
 	int version;
 
-	version = SUBDOMAIN_INTERFACE_DFA_VERSION;
+	version = kernel_policy_version;
 
 	if (!sd_write_name(p, "version"))
 		return 0;
diff --git a/parser/parser_main.c b/parser/parser_main.c
index 2d51d67dd..65025f45f 100644
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -838,6 +838,10 @@ static void set_supported_features(void) {
 	perms_create = 1;
 
 	/* TODO: make this real parsing and config setting */
+	if (strstr(features_string, "file {"))	/* pre policydb is file= */
+		kernel_supports_policydb = 1;
+	if (strstr(features_string, "v6"))
+		kernel_policy_version = 6;
 	if (strstr(features_string, "network"))
 		kernel_supports_network = 1;
 	if (strstr(features_string, "mount"))
diff --git a/parser/parser_regex.c b/parser/parser_regex.c
index edcbaf2a9..68ad9ab3e 100644
--- a/parser/parser_regex.c
+++ b/parser/parser_regex.c
@@ -672,6 +672,7 @@ int post_process_policydb_ents(Profile *prof)
 #define MAKE_STR(X) #X
 #define CLASS_STR(X) "\\d" MAKE_STR(X)
 
+static const char *mediates_file = CLASS_STR(AA_CLASS_FILE);
 static const char *mediates_mount = CLASS_STR(AA_CLASS_MOUNT);
 static const char *mediates_dbus =  CLASS_STR(AA_CLASS_DBUS);
 
@@ -690,6 +691,10 @@ int process_profile_policydb(Profile *prof)
 	 * to be supported
 	 */
 
+	/* note: this activates unix domain sockets mediation on connect */
+	if (kernel_policy_version > 5 &&
+	    !prof->policy.rules->add_rule(mediates_file, 0, AA_MAY_READ, 0, dfaflags))
+		goto out;
 	if (kernel_supports_mount &&
 	    !prof->policy.rules->add_rule(mediates_mount, 0, AA_MAY_READ, 0, dfaflags))
 			goto out;