--- libselinux-1.17.9/include/selinux/selinux.h.rhat	2004-09-08 10:51:34.000000000 -0400
+++ libselinux-1.17.9/include/selinux/selinux.h	2004-09-10 13:24:34.747534140 -0400
@@ -173,6 +173,13 @@
 		 mode_t mode,
 		 security_context_t *con);
 
+/* Match the specified media and against the media contexts 
+   /proc/ide/hdc/media
+   configuration and set *con to refer to the resulting context.
+   Caller must free con via freecon. */
+extern int matchmediacon(const char *path,
+		 security_context_t *con);
+
 /*
   selinux_getenforcemode reads the /etc/selinux/config file and determines 
   whether the machine should be started in enforcing (1), permissive (0) or 
@@ -194,6 +201,7 @@
 extern const char *selinux_default_context_path(void);
 extern const char *selinux_user_contexts_path(void);
 extern const char *selinux_file_context_path(void);
+extern const char *selinux_media_context_path(void);
 extern const char *selinux_contexts_path(void);
 extern const char *selinux_booleans_path(void);
 
--- libselinux-1.17.9/src/selinux_config.c.rhat	2004-09-08 10:51:34.000000000 -0400
+++ libselinux-1.17.9/src/selinux_config.c	2004-09-10 13:24:34.751533684 -0400
@@ -24,7 +24,8 @@
 #define FAILSAFE_CONTEXT  5
 #define DEFAULT_TYPE      6
 #define BOOLEANS          7
-#define NEL               8
+#define MEDIA_CONTEXTS    8
+#define NEL               9
 
 /* New layout is relative to SELINUXDIR/policytype. */
 static char *file_paths[NEL];
@@ -200,6 +201,10 @@
 }
 hidden_def(selinux_file_context_path)
 
+const char *selinux_media_context_path() {
+  return get_path(MEDIA_CONTEXTS);
+}
+
 const char *selinux_contexts_path() {
   return get_path(CONTEXTS_DIR);
 }
--- /dev/null	2004-09-10 04:39:39.953683832 -0400
+++ libselinux-1.17.9/src/matchmediacon.c	2004-09-10 13:24:34.750533798 -0400
@@ -0,0 +1,65 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+#include <regex.h>
+#include <stdarg.h>
+
+int matchmediacon(const char *media, 
+		 security_context_t *con)
+{
+	const char *path = selinux_media_context_path();
+	FILE *infile;
+	char *ptr, *ptr2;
+	char *target;
+	int found=-1;
+	char current_line[PATH_MAX];
+	if ((infile = fopen(path, "r")) == NULL)
+		return -1;
+	while (!feof_unlocked (infile)) {
+		if (!fgets_unlocked(current_line, sizeof(current_line), infile)) {
+			return -1;
+		}
+		if (current_line[strlen(current_line) - 1])
+			current_line[strlen(current_line) - 1] = 0;
+		/* Skip leading whitespace before the partial context. */
+		ptr = current_line;
+		while (*ptr && isspace(*ptr))
+			ptr++;
+		
+		if (!(*ptr))
+			continue;
+
+
+		/* Find the end of the media context. */
+		ptr2 = ptr;
+		while (*ptr2 && !isspace(*ptr2))
+			ptr2++;
+		if (!(*ptr2))
+			continue;
+		
+		*ptr2++=NULL;
+		if (strcmp (media, ptr) == 0) {
+			found = 1;
+			break;
+		}
+	}
+	if (!found) 
+		return -1;
+
+	/* Skip whitespace. */
+	while (*ptr2 && isspace(*ptr2))
+		ptr2++;
+	if (!(*ptr2)) {
+		return -1;
+	}
+	
+	*con = strdup(ptr2);
+	return 0;
+}
--- libselinux-1.17.9/src/compat_file_path.h.rhat	2004-09-08 10:51:34.000000000 -0400
+++ libselinux-1.17.9/src/compat_file_path.h	2004-09-10 13:24:34.748534026 -0400
@@ -7,3 +7,4 @@
 S_(FAILSAFE_CONTEXT, SECURITYDIR "/failsafe_context")
 S_(DEFAULT_TYPE, SECURITYDIR "/default_type")
 S_(BOOLEANS, SECURITYDIR "/booleans")
+S_(MEDIA_CONTEXTS, SECURITYDIR "/default_media")
--- libselinux-1.17.9/src/file_path_suffixes.h.rhat	2004-09-08 10:51:34.000000000 -0400
+++ libselinux-1.17.9/src/file_path_suffixes.h	2004-09-10 13:24:34.749533912 -0400
@@ -7,3 +7,4 @@
 S_(FAILSAFE_CONTEXT, "/contexts/failsafe_context")
 S_(DEFAULT_TYPE, "/contexts/default_type")
 S_(BOOLEANS, "/booleans")
+S_(MEDIA_CONTEXTS, "/contexts/files/media")
--- /dev/null	2004-09-10 04:39:39.953683832 -0400
+++ libselinux-1.17.9/utils/matchmediacon.c	2004-09-10 13:25:04.099192223 -0400
@@ -0,0 +1,28 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+#include <errno.h>
+#include <string.h>
+
+int main(int argc, char **argv) 
+{
+	char *buf;
+	int rc, i;
+
+	if (argc < 2) {
+		fprintf(stderr, "usage:  %s media...\n", argv[0]);
+		exit(1);
+	}
+
+	for (i = 1; i < argc; i++) {
+		rc = matchmediacon(argv[i], &buf);
+		if (rc < 0) {
+			fprintf(stderr, "%s: matchmediacon(%s) failed: %s\n", argv[0], argv[i]);
+			exit(2);
+		}
+		printf("%s\t%s\n", argv[i], buf);
+		freecon(buf);
+	}
+	exit(0);
+}