1 Context Statement 2 ================= 3 4 Contexts are formed using previously declared parameters and may be named or anonymous where: 5 6 - Named - The context is declared with a context identifer that is used as a reference. 7 8 - Anonymous - They are defined within the CIL labeling statement using user, role etc. identifiers. 9 10 Each type is shown in the examples. 11 12 context 13 ------- 14 15 Declare an SELinux security context identifier for labeling. The range (or current and clearance levels) MUST be defined whether the policy is MLS/MCS enabled or not. 16 17 **Statement definition:** 18 19 (context context_id (user_id role_id type_id levelrange_id))) 20 21 **Where:** 22 23 <table> 24 <colgroup> 25 <col width="25%" /> 26 <col width="75%" /> 27 </colgroup> 28 <tbody> 29 <tr class="odd"> 30 <td align="left"><p><code>context</code></p></td> 31 <td align="left"><p>The <code>context</code> keyword.</p></td> 32 </tr> 33 <tr class="even"> 34 <td align="left"><p><code>context_id</code></p></td> 35 <td align="left"><p>The <code>context</code> identifier.</p></td> 36 </tr> 37 <tr class="odd"> 38 <td align="left"><p><code>user_id</code></p></td> 39 <td align="left"><p>A single previously declared <code>user</code> identifier.</p></td> 40 </tr> 41 <tr class="even"> 42 <td align="left"><p><code>role_id</code></p></td> 43 <td align="left"><p>A single previously declared <code>role</code> identifier.</p></td> 44 </tr> 45 <tr class="odd"> 46 <td align="left"><p><code>type_id</code></p></td> 47 <td align="left"><p>A single previously declared <code>type</code> or <code>typealias</code> identifier.</p></td> 48 </tr> 49 <tr class="even"> 50 <td align="left"><p><code>levelrange_id</code></p></td> 51 <td align="left"><p>A single previously declared <code>levelrange</code> identifier. This entry may also be defined by anonymous or named <code>level</code>, <code>sensitivity</code>, <code>sensitivityalias</code>, <code>category</code>, <code>categoryalias</code> or <code>categoryset</code> as discussed in the <a href="#mls_labeling_statements">Multi-Level Security Labeling Statements</a> section and shown in the examples.</p></td> 52 </tr> 53 </tbody> 54 </table> 55 56 **Examples:** 57 58 This example uses a named context definition: 59 60 (context runas_exec_context (u object_r exec low_low)) 61 62 (filecon "/system/bin/run-as" file runas_exec_context) 63 64 to resolve/build a `file_contexts` entry of (assuming MLS enabled policy): 65 66 /system/bin/run-as -- u:object_r:runas.exec:s0-s0 67 68 This example uses an anonymous context where the previously declared `user role type levelrange` identifiers are used to specifiy two [`portcon`](cil_network_labeling_statements.md#portcon) statements: 69 70 (portcon udp 1024 (test.user object_r test.process ((s0) (s1)))) 71 (portcon tcp 1024 (test.user object_r test.process (system_low system_high))) 72 73 This example uses an anonymous context for the first and named context for the second in a [`netifcon`](cil_network_labeling_statements.md#netifcon) statement: 74 75 (context netif_context (test.user object_r test.process ((s0 (c0)) (s1 (c0))))) 76 77 (netifcon eth04 (test.user object_r test.process ((s0 (c0)) (s1 (c0)))) netif_context) 78
