1Context Statement 2================= 3 4Contexts are formed using previously declared parameters and may be named or anonymous where: 5 6- Named - The context is declared with a context identifier that is used as a reference. 7 8- Anonymous - They are defined within the CIL labeling statement using user, role etc. identifiers. 9 10Each type is shown in the examples. 11 12context 13------- 14 15Declare an SELinux security context identifier for labeling. The range (or current and clearance levels) MUST be defined whether the policy is MLS/MCS enabled or not. 16 17**Statement definition:** 18 19```secil 20 (context context_id (user_id role_id type_id levelrange_id))) 21``` 22 23**Where:** 24 25<table> 26<colgroup> 27<col width="25%" /> 28<col width="75%" /> 29</colgroup> 30<tbody> 31<tr class="odd"> 32<td align="left"><p><code>context</code></p></td> 33<td align="left"><p>The <code>context</code> keyword.</p></td> 34</tr> 35<tr class="even"> 36<td align="left"><p><code>context_id</code></p></td> 37<td align="left"><p>The <code>context</code> identifier.</p></td> 38</tr> 39<tr class="odd"> 40<td align="left"><p><code>user_id</code></p></td> 41<td align="left"><p>A single previously declared <code>user</code> identifier.</p></td> 42</tr> 43<tr class="even"> 44<td align="left"><p><code>role_id</code></p></td> 45<td align="left"><p>A single previously declared <code>role</code> identifier.</p></td> 46</tr> 47<tr class="odd"> 48<td align="left"><p><code>type_id</code></p></td> 49<td align="left"><p>A single previously declared <code>type</code> or <code>typealias</code> identifier.</p></td> 50</tr> 51<tr class="even"> 52<td align="left"><p><code>levelrange_id</code></p></td> 53<td align="left"><p>A single previously declared <code>levelrange</code> identifier. This entry may also be defined by anonymous or named <code>level</code>, <code>sensitivity</code>, <code>sensitivityalias</code>, <code>category</code>, <code>categoryalias</code> or <code>categoryset</code> as discussed in the <a href="#mls_labeling_statements">Multi-Level Security Labeling Statements</a> section and shown in the examples.</p></td> 54</tr> 55</tbody> 56</table> 57 58**Examples:** 59 60This example uses a named context definition: 61 62```secil 63 (context runas_exec_context (u object_r exec low_low)) 64 65 (filecon "/system/bin/run-as" file runas_exec_context) 66``` 67 68to resolve/build a `file_contexts` entry of (assuming MLS enabled policy): 69 70``` 71 /system/bin/run-as -- u:object_r:runas.exec:s0-s0 72``` 73 74This example uses an anonymous context where the previously declared `user role type levelrange` identifiers are used to specify two [`portcon`](cil_network_labeling_statements.md#portcon) statements: 75 76```secil 77 (portcon udp 1024 (test.user object_r test.process ((s0) (s1)))) 78 (portcon tcp 1024 (test.user object_r test.process (system_low system_high))) 79``` 80 81This example uses an anonymous context for the first and named context for the second in a [`netifcon`](cil_network_labeling_statements.md#netifcon) statement: 82 83```secil 84 (context netif_context (test.user object_r test.process ((s0 (c0)) (s1 (c0))))) 85 86 (netifcon eth04 (test.user object_r test.process ((s0 (c0)) (s1 (c0)))) netif_context) 87``` 88