MLS (multilevel security) is being widely applied in many security critical systems, but it can’t implement many important security policies such as ‘channel-control’. In this paper, the concept of trust degree is introduced into the MLS to implement policies like ‘channel-control’ conveniently. An access control state machine model which enforces the trust degree based multilevel security policy is established, and is proved to be secure for this policy. It is also proved that this model can enforce all static information flow policies. An extension of the model is also offered to support the dynamic change of storage objects’ security labels. The model avoids the disadvantage of MLS’ not being able to resolve the problem of secure downgrading and not taking integrity into consideration, and at the same time it retains the advantage of easy understanding and use enjoyed by the traditional classified policy models.