Index: policy/flask/access_vectors
===================================================================
--- policy/flask/access_vectors	(revision 2065)
+++ policy/flask/access_vectors	(working copy)
@@ -635,4 +635,5 @@
 class context
 {
 	translate
+	contains
 }
Index: policy/modules/system/userdomain.if
===================================================================
--- policy/modules/system/userdomain.if	(revision 2065)
+++ policy/modules/system/userdomain.if	(working copy)
@@ -51,6 +51,8 @@
 	allow $1_t self:msg { send receive };
 	dontaudit $1_t self:socket create;
 
+	allow $1_t self:context contains;
+
 	allow $1_t $1_devpts_t:chr_file { setattr ioctl read getattr lock write append };
 	term_create_pty($1_t,$1_devpts_t)
 
Index: policy/mls
===================================================================
--- policy/mls	(revision 2065)
+++ policy/mls	(working copy)
@@ -596,4 +596,7 @@
 mlsconstrain context translate
 	(( h1 dom h2 ) or ( t1 == mlstranslate ));
 
+mlsconstrain context contains
+	( h1 dom h2 );
+
 ') dnl end enable_mls