Context Statement ================= Contexts are formed using previously declared parameters and may be named or anonymous where: - Named - The context is declared with a context identifier that is used as a reference. - Anonymous - They are defined within the CIL labeling statement using user, role etc. identifiers. Each type is shown in the examples. context ------- Declare an SELinux security context identifier for labeling. The range (or current and clearance levels) MUST be defined whether the policy is MLS/MCS enabled or not. **Statement definition:** ```secil (context context_id (user_id role_id type_id levelrange_id))) ``` **Where:**

context

The context keyword.

context_id

The context identifier.

user_id

A single previously declared user identifier.

role_id

A single previously declared role identifier.

type_id

A single previously declared type or typealias identifier.

levelrange_id

A single previously declared levelrange identifier. This entry may also be defined by anonymous or named level, sensitivity, sensitivityalias, category, categoryalias or categoryset as discussed in the Multi-Level Security Labeling Statements section and shown in the examples.

**Examples:** This example uses a named context definition: ```secil (context runas_exec_context (u object_r exec low_low)) (filecon "/system/bin/run-as" file runas_exec_context) ``` to resolve/build a `file_contexts` entry of (assuming MLS enabled policy): ``` /system/bin/run-as -- u:object_r:runas.exec:s0-s0 ``` This example uses an anonymous context where the previously declared `user role type levelrange` identifiers are used to specify two [`portcon`](cil_network_labeling_statements.md#portcon) statements: ```secil (portcon udp 1024 (test.user object_r test.process ((s0) (s1)))) (portcon tcp 1024 (test.user object_r test.process (system_low system_high))) ``` This example uses an anonymous context for the first and named context for the second in a [`netifcon`](cil_network_labeling_statements.md#netifcon) statement: ```secil (context netif_context (test.user object_r test.process ((s0 (c0)) (s1 (c0))))) (netifcon eth04 (test.user object_r test.process ((s0 (c0)) (s1 (c0)))) netif_context) ```