diff -Naurp --exclude-from excludes old/libsepol/include/sepol/context.h new/libsepol/include/sepol/context.h
--- old/libsepol/include/sepol/context.h	1969-12-31 19:00:00.000000000 -0500
+++ new/libsepol/include/sepol/context.h	2005-12-31 06:57:24.000000000 -0500
@@ -0,0 +1,31 @@
+#ifndef _SEPOL_CONTEXT_H_
+#define _SEPOL_CONTEXT_H_
+
+#include <sepol/context_record.h>
+#include <sepol/policydb.h>
+#include <sepol/handle.h>
+
+/* -- Deprecated -- */
+
+extern int sepol_check_context(
+	char *context);
+
+/* -- End deprecated -- */
+
+extern int sepol_context_check(
+	sepol_handle_t* handle,
+	sepol_policydb_t* policydb,
+	sepol_context_t* context);
+
+extern int sepol_mls_contains(
+	sepol_handle_t* handle,
+	sepol_policydb_t* policydb,
+	const char* mls1,
+	const char* mls2,
+	int* response);
+
+extern int sepol_mls_check(
+	sepol_handle_t* handle,
+	sepol_policydb_t* policydb,
+	const char* mls);
+#endif
diff -Naurp --exclude-from excludes old/libsepol/include/sepol/sepol.h new/libsepol/include/sepol/sepol.h
--- old/libsepol/include/sepol/sepol.h	2005-10-21 11:31:27.000000000 -0400
+++ new/libsepol/include/sepol/sepol.h	2005-12-31 05:02:00.000000000 -0500
@@ -18,11 +18,9 @@
 #include <sepol/debug.h>
 #include <sepol/policydb.h>
 #include <sepol/module.h>
+#include <sepol/context.h>
 
 /* Set internal policydb from a file for subsequent service calls. */
 extern int sepol_set_policydb_from_file(FILE *fp);
 
-/* Check context validity against currently set binary policy. */
-extern int sepol_check_context(char *context);
-
 #endif
diff -Naurp --exclude-from excludes old/libsepol/src/context.c new/libsepol/src/context.c
--- old/libsepol/src/context.c	2005-11-15 08:06:55.000000000 -0500
+++ new/libsepol/src/context.c	2005-12-31 06:58:04.000000000 -0500
@@ -1,7 +1,9 @@
 #include <stdlib.h>
 #include <string.h>
+#include <errno.h>
 
 #include <sepol/policydb/policydb.h>
+#include <sepol/policydb/services.h>
 #include "context_internal.h"
 
 #include "debug.h"
@@ -16,6 +18,13 @@ int policydb_context_isvalid(
 
         return context_is_valid(p,c);
 }
+
+int sepol_check_context(
+	char *context) {
+
+	return sepol_context_to_sid(context, strlen(context)+1, NULL);
+}
+
 /* ---- End compatibility --- */
 
 /*
@@ -183,12 +192,12 @@ int context_from_record(
 
 	/* MLS */
 	if (mls && !policydb->mls) {
- 		WARN(handle, "mls context \"%s\" ignored, since "
-			"mls is disabled", mls);
+		WARN(handle, "mls context \"%s\" ignored, since "
+				"mls is disabled", mls);
 		mls = NULL;
 	}
 	else if (!mls && policydb->mls) {
- 		ERR(handle, "mls is enabled, but no mls context found");
+	 	ERR(handle, "mls is enabled, but no mls context found");
 		goto err_destroy;
 	}
 	if (mls && (mls_from_string(handle, policydb, mls, scontext) < 0)) 
@@ -313,3 +322,15 @@ int context_from_string(
 	sepol_context_free(ctx_record);
 	return STATUS_ERR;
 }
+
+int sepol_context_check(
+	sepol_handle_t* handle,
+	sepol_policydb_t* policydb,
+	sepol_context_t* context) {
+
+	context_struct_t* con = NULL;
+	int ret = context_from_record(handle, &policydb->p, &con, context);
+	context_destroy(con);
+	free(con);
+	return ret;
+} 
diff -Naurp --exclude-from excludes old/libsepol/src/libsepol.map new/libsepol/src/libsepol.map
--- old/libsepol/src/libsepol.map	2005-12-23 20:49:27.000000000 -0500
+++ new/libsepol/src/libsepol.map	2005-12-31 04:51:27.000000000 -0500
@@ -2,7 +2,7 @@
   global: 
 	sepol_module_package_*; sepol_link_modules; sepol_expand_module; sepol_link_packages;
 	sepol_bool_*; sepol_genbools*; 
-	sepol_context*; sepol_check_context;
+	sepol_context_*; sepol_mls_*; sepol_check_context;
 	sepol_iface_*; 
 	sepol_port_*;
 	sepol_user_*; sepol_genusers; sepol_set_delusers;
diff -Naurp --exclude-from excludes old/libsepol/src/mls.c new/libsepol/src/mls.c
--- old/libsepol/src/mls.c	2005-11-15 08:06:55.000000000 -0500
+++ new/libsepol/src/mls.c	2005-12-31 06:58:25.000000000 -0500
@@ -1,4 +1,3 @@
-
 /* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
 /*
  * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
@@ -612,3 +611,64 @@ int mls_compute_sid(policydb_t *policydb
 	}
 	return -EINVAL;
 }
+
+int sepol_mls_contains(
+	sepol_handle_t* handle,
+	sepol_policydb_t* policydb,
+	const char* mls1,
+	const char* mls2,
+	int* response) {
+
+	context_struct_t *ctx1 = NULL, *ctx2 = NULL;
+	ctx1 = malloc(sizeof(context_struct_t));
+	ctx2 = malloc(sizeof(context_struct_t));
+	if (ctx1 == NULL || ctx2 == NULL) 
+		goto omem;
+	context_init(ctx1);
+	context_init(ctx2);
+
+	if (mls_from_string(handle, &policydb->p, mls1, ctx1) < 0)
+		goto err;
+
+	if (mls_from_string(handle, &policydb->p, mls2, ctx2) < 0)
+		goto err;
+
+	*response = mls_range_contains(ctx1->range, ctx2->range);
+	context_destroy(ctx1);
+	context_destroy(ctx2);
+	free(ctx1);
+	free(ctx2);
+	return STATUS_SUCCESS;
+
+	omem:
+	ERR(handle, "out of memory");
+
+	err:
+	ERR(handle, "could not check if mls context %s contains %s", 
+		mls1, mls2);
+	context_destroy(ctx1);
+	context_destroy(ctx2);
+	free(ctx1);
+	free(ctx2);
+	return STATUS_ERR;	
+}
+
+int sepol_mls_check(
+	sepol_handle_t* handle,
+	sepol_policydb_t* policydb,
+	const char* mls) {
+
+	int ret;
+	context_struct_t* con = malloc(sizeof(context_struct_t));
+	if (!con) {
+		ERR(handle, "out of memory, could not check if "
+			"mls context %s is valid", mls);
+		return STATUS_ERR;
+	} 
+	context_init(con);
+
+	ret = mls_from_string(handle, &policydb->p, mls, con);
+	context_destroy(con);
+	free(con);
+	return ret;
+}
diff -Naurp --exclude-from excludes old/libsepol/src/services.c new/libsepol/src/services.c
--- old/libsepol/src/services.c	2005-11-15 08:06:55.000000000 -0500
+++ new/libsepol/src/services.c	2005-12-31 06:17:30.000000000 -0500
@@ -558,11 +558,6 @@ int hidden sepol_context_to_sid(sepol_se
 	return STATUS_ERR;
 }
 
-int sepol_check_context(char *context) 
-{
-	return sepol_context_to_sid(context, strlen(context)+1, NULL);
-}
-
 static inline int compute_sid_handle_invalid_context(
 	context_struct_t *scontext,
 	context_struct_t *tcontext,