diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/get_context_list.h libselinux-1.27.10/include/selinux/get_context_list.h
--- nsalibselinux/include/selinux/get_context_list.h	2005-09-19 13:36:06.000000000 -0400
+++ libselinux-1.27.10/include/selinux/get_context_list.h	2005-10-17 13:48:00.000000000 -0400
@@ -54,6 +54,15 @@
 				  security_context_t fromcon,
 				  security_context_t *newcon);
 
+/* Same as get_default_context, but only return a context
+   that has the specified role and level.  If no reachable context exists
+   for the user with that role, then return -1. */
+int get_default_context_with_rolelevel(const char* user, 
+				       const char *level,
+				       const char *role,
+				       security_context_t fromcon,
+				       security_context_t *newcon);
+
 /* Given a list of authorized security contexts for the user, 
    query the user to select one and set *newcon to refer to it.
    Caller must free via freecon.
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_default_context_with_level.3 libselinux-1.27.10/man/man3/get_default_context_with_level.3
--- nsalibselinux/man/man3/get_default_context_with_level.3	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.27.10/man/man3/get_default_context_with_level.3	2005-10-17 13:58:54.000000000 -0400
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_default_context_with_rolelevel.3 libselinux-1.27.10/man/man3/get_default_context_with_rolelevel.3
--- nsalibselinux/man/man3/get_default_context_with_rolelevel.3	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.27.10/man/man3/get_default_context_with_rolelevel.3	2005-10-17 13:58:41.000000000 -0400
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_ordered_context_list.3 libselinux-1.27.10/man/man3/get_ordered_context_list.3
--- nsalibselinux/man/man3/get_ordered_context_list.3	2005-04-29 14:06:50.000000000 -0400
+++ libselinux-1.27.10/man/man3/get_ordered_context_list.3	2005-10-17 13:57:48.000000000 -0400
@@ -1,6 +1,6 @@
 .TH "get_ordered_context_list" "3" "1 January 2004" "russell@coker.com.au" "SE Linux"
 .SH "NAME"
-get_ordered_context_list, get_default_context, get_default_context_with_role, query_user_context, manual_user_enter_context, get_default_role \- determine context(s) for user sessions
+get_ordered_context_list, get_ordered_context_list_with_level, get_default_context, get_default_context_with_level, get_default_context_with_role, get_default_context_with_rolelevel, query_user_context, manual_user_enter_context, get_default_role \- determine context(s) for user sessions
 
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
@@ -9,10 +9,16 @@
 .sp
 .BI "int get_ordered_context_list(const char *" user ", security_context_t "fromcon ", security_context_t **" list );
 .sp
+.BI "int get_ordered_context_list_with_level(const char *" user ", const char *" level ", security_context_t "fromcon ", security_context_t **" list );
+.sp
 .BI "int get_default_context(const char *" user ", security_context_t "fromcon ", security_context_t *" newcon );
 .sp
+.BI "int get_default_context_with_level(const char *" user ", const char *" level ", security_context_t "fromcon ", security_context_t *" newcon );
+.sp
 .BI "int get_default_context_with_role(const char* " user ", const char *" role ", security_context_t " fromcon ", security_context_t *" newcon ");
 .sp
+.BI "int get_default_context_with_rolelevel(const char* " user ", const char* " level ", const char *" role ", security_context_t " fromcon ", security_context_t *" newcon ");
+.sp
 .BI "int query_user_context(security_context_t *" list ", security_context_t *" newcon );
 .sp
 .BI "int manual_user_enter_context(const char *" user ", security_context_t *" newcon );
@@ -27,7 +33,7 @@
 .I user
 that are reachable from the specified
 .I fromcon
-context and then orders the resulting list based on the global
+context.  The function then orders the resulting list based on the global
 .B /etc/selinux/<SELINUXTYPE>/contexts/default_contexts
 file and the per-user
 .B /etc/selinux/<SELINUXTYPE>/contexts/users/<username>
@@ -39,13 +45,22 @@
 .B freeconary
 function.
 
+.B get_ordered_context_list_with_level
+invokes the get_ordered_context_list function and applies the specified level.
+
 .B get_default_context
 is the same as get_ordered_context_list but only returns a single context
 which has to be freed with freecon.
 
+.B get_default_context_with_level
+invokes the get_default_context function and applies the specified level.
+
 .B get_default_context_with_role
 is the same as get_default_context but only returns a context with the specified role, returning -1 if no such context is reachable for the user.
 
+.B get_default_context_with_rolelevel
+invokes the get_default_context_with_role function and applies the specified level.
+
 .B query_user_context
 takes a list of contexts, queries the user via stdin/stdout as to which context
 they want, and returns a new context as selected by the user (which has to be
@@ -58,9 +73,8 @@
 Get the default type (domain) for 'role' and set 'type' to refer to it, which has to be freed with free.
 
 .SH "RETURN VALUE"
-get_ordered_context_list returns the number of contexts in the list upon
-success or -1 upon errors.
+get_ordered_context_list and get_ordered_context_list_with_level return the number of contexts in the list upon success or -1 upon errors.
 The other functions return 0 for success or -1 for errors.
 
 .SH "SEE ALSO"
-.BR freeconary "(3), " freecon "(3), " security_compute_av "(3)"
+.BR freeconary "(3), " freecon "(3), " security_compute_av "(3)", getseuserbyname"(3)"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_ordered_context_list_with_level.3 libselinux-1.27.10/man/man3/get_ordered_context_list_with_level.3
--- nsalibselinux/man/man3/get_ordered_context_list_with_level.3	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.27.10/man/man3/get_ordered_context_list_with_level.3	2005-10-17 13:59:03.000000000 -0400
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
diff --exclude-from=exclude -N -u -r nsalibselinux/src/get_context_list.c libselinux-1.27.10/src/get_context_list.c
--- nsalibselinux/src/get_context_list.c	2005-10-14 14:45:05.000000000 -0400
+++ libselinux-1.27.10/src/get_context_list.c	2005-10-17 13:45:55.000000000 -0400
@@ -48,6 +48,49 @@
     return rc;
 }
 
+int get_default_context_with_rolelevel(const char* user, 
+				       const char *role,
+				       const char *level,
+				       security_context_t fromcon,
+				       security_context_t *newcon) 
+{
+
+    int rc=0;
+    int freefrom = 0;
+    context_t con;
+    char *newfromcon;
+    if (!level) 
+	    return get_default_context_with_role(user, role, fromcon, newcon);
+	
+    if (!fromcon) {
+	    rc = getcon(&fromcon);
+	    if (rc < 0)
+		    return rc;
+	    freefrom = 1;
+    }
+    
+    rc = -1;
+    con=context_new(fromcon);
+    if (!con)
+	    goto out;
+    
+    if (context_range_set(con, level))
+	    goto out;
+    
+    newfromcon = context_str(con);
+    if (!newfromcon)
+	    goto out;
+    
+    rc = get_default_context_with_role(user, role, newfromcon, newcon);
+    
+out:
+    context_free(con);
+    if (freefrom) 
+	    freecon(fromcon);
+    return rc;
+
+}
+
 int get_default_context(const char* user, 
 			security_context_t fromcon,
 			security_context_t *newcon)