Index: root/xen-unstable.hg/tools/libxen/include/xen/api/xen_acmpolicy.h
===================================================================
--- root.orig/xen-unstable.hg/tools/libxen/include/xen/api/xen_acmpolicy.h
+++ root/xen-unstable.hg/tools/libxen/include/xen/api/xen_acmpolicy.h
@@ -74,7 +74,7 @@ xen_acm_header_free(xen_acm_header *hdr)
 /**
  * Get the referenced policy's record.
  */
-bool
+extern bool
 xen_acmpolicy_get_record(xen_session *session, xen_acmpolicy_record **result,
                          xen_xspolicy xspolicy);
 
@@ -118,14 +118,14 @@ xen_acmpolicy_get_enforced_binary(xen_se
 /**
  * Get the ACM ssidref of the given VM.
  */
-bool
+extern bool
 xen_acmpolicy_get_VM_ssidref(xen_session *session, int64_t *result,
                              xen_vm vm);
 
 /**
  * Get the UUID field of the given policy.
  */
-bool
+extern bool
 xen_acmpolicy_get_uuid(xen_session *session, char **result,
                        xen_xspolicy xspolicy);
 
Index: root/xen-unstable.hg/tools/libxen/include/xen/api/xen_xspolicy.h
===================================================================
--- root.orig/xen-unstable.hg/tools/libxen/include/xen/api/xen_xspolicy.h
+++ root/xen-unstable.hg/tools/libxen/include/xen/api/xen_xspolicy.h
@@ -68,6 +68,8 @@ enum xs_instantiationflags {
 #define XSERR_RESOURCE_ACCESS           23 + XSERR_BASE
 #define XSERR_HV_OP_FAILED              24 + XSERR_BASE
 #define XSERR_BOOTPOLICY_INSTALL_ERROR  25 + XSERR_BASE
+#define XSERR_VM_NOT_AUTHORIZED         26 + XSERR_BASE
+#define XSERR_VM_IN_CONFLICT            27 + XSERR_BASE
 
 
 /**
@@ -179,28 +181,28 @@ typedef struct xen_xs_policystate
     char *errors;
 } xen_xs_policystate;
 
-void
+extern void
 xen_xs_policystate_free(xen_xs_policystate *state);
 
 
 /**
  * Get the referenced policy's record.
  */
-bool
+extern bool
 xen_xspolicy_get_record(xen_session *session, xen_xspolicy_record **result,
                         xen_xspolicy xspolicy);
 
 /**
  * Get the UUID field of the given policy.
  */
-bool
+extern bool
 xen_xspolicy_get_uuid(xen_session *session, char **result,
                       xen_xspolicy xspolicy);
 
 /**
  * Get a policy given it's UUID
  */
-bool
+extern bool
 xen_xspolicy_get_by_uuid(xen_session *session, xen_xspolicy *result,
                          char *uuid);
 
@@ -208,7 +210,7 @@ xen_xspolicy_get_by_uuid(xen_session *se
 /**
  * Get the types of policies supported by the system.
  */
-bool
+extern bool
 xen_xspolicy_get_xstype(xen_session *session, xs_type *result);
 
 
@@ -216,13 +218,13 @@ xen_xspolicy_get_xstype(xen_session *ses
  * Get information about the currently managed policy.
  * (The API allows only one policy to be on the system.)
  */
-bool
+extern bool
 xen_xspolicy_get_xspolicy(xen_session *session, xen_xs_policystate **result);
 
 /**
  * Activate the referenced policy by loading it into the hypervisor.
  */
-bool
+extern bool
 xen_xspolicy_activate_xspolicy(xen_session *session, int64_t *result,
                                xen_xspolicy xspolicy,
                                xs_instantiationflags flags);
@@ -234,7 +236,7 @@ xen_xspolicy_activate_xspolicy(xen_sessi
  * on whether to load the policy immediately and whether to overwrite
  * an existing policy on the system.
  */
-bool
+extern bool
 xen_xspolicy_set_xspolicy(xen_session *session, xen_xs_policystate **result,
                           xs_type type, char *repr, int64_t flags,
                           bool overwrite);
@@ -248,7 +250,7 @@ xen_xspolicy_set_xspolicy(xen_session *s
  * for example fail if other domains than Domain-0 are running and have
  * different labels than Domain-0.
  */
-bool
+extern bool
 xen_xspolicy_reset_xspolicy(xen_session *session, xen_xs_policystate **result,
                             xs_type type);
 
@@ -281,4 +283,11 @@ extern bool
 xen_xspolicy_get_resource_label(xen_session *session, char **label,
                                 char *resource);
 
+/**
+ * Check whether a VM with the given VM-label could run.
+ */
+extern bool
+xen_xspolicy_can_run(xen_session *session, int64_t *result,
+                     char *security_label);
+
 #endif
Index: root/xen-unstable.hg/tools/libxen/src/xen_xspolicy.c
===================================================================
--- root.orig/xen-unstable.hg/tools/libxen/src/xen_xspolicy.c
+++ root/xen-unstable.hg/tools/libxen/src/xen_xspolicy.c
@@ -343,3 +343,21 @@ xen_xspolicy_activate_xspolicy(xen_sessi
     XEN_CALL_("XSPolicy.activate_xspolicy");
     return session->ok;
 }
+
+
+bool
+xen_xspolicy_can_run(xen_session *session, int64_t *result,
+                     char *security_label)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = security_label }
+        };
+
+    abstract_type result_type = abstract_type_int;
+
+    *result = 0;
+    XEN_CALL_("XSPolicy.can_run");
+    return session->ok;
+}