16cd6a6acSopenharmony_ciContext Statement 26cd6a6acSopenharmony_ci================= 36cd6a6acSopenharmony_ci 46cd6a6acSopenharmony_ciContexts are formed using previously declared parameters and may be named or anonymous where: 56cd6a6acSopenharmony_ci 66cd6a6acSopenharmony_ci- Named - The context is declared with a context identifier that is used as a reference. 76cd6a6acSopenharmony_ci 86cd6a6acSopenharmony_ci- Anonymous - They are defined within the CIL labeling statement using user, role etc. identifiers. 96cd6a6acSopenharmony_ci 106cd6a6acSopenharmony_ciEach type is shown in the examples. 116cd6a6acSopenharmony_ci 126cd6a6acSopenharmony_cicontext 136cd6a6acSopenharmony_ci------- 146cd6a6acSopenharmony_ci 156cd6a6acSopenharmony_ciDeclare an SELinux security context identifier for labeling. The range (or current and clearance levels) MUST be defined whether the policy is MLS/MCS enabled or not. 166cd6a6acSopenharmony_ci 176cd6a6acSopenharmony_ci**Statement definition:** 186cd6a6acSopenharmony_ci 196cd6a6acSopenharmony_ci```secil 206cd6a6acSopenharmony_ci (context context_id (user_id role_id type_id levelrange_id))) 216cd6a6acSopenharmony_ci``` 226cd6a6acSopenharmony_ci 236cd6a6acSopenharmony_ci**Where:** 246cd6a6acSopenharmony_ci 256cd6a6acSopenharmony_ci<table> 266cd6a6acSopenharmony_ci<colgroup> 276cd6a6acSopenharmony_ci<col width="25%" /> 286cd6a6acSopenharmony_ci<col width="75%" /> 296cd6a6acSopenharmony_ci</colgroup> 306cd6a6acSopenharmony_ci<tbody> 316cd6a6acSopenharmony_ci<tr class="odd"> 326cd6a6acSopenharmony_ci<td align="left"><p><code>context</code></p></td> 336cd6a6acSopenharmony_ci<td align="left"><p>The <code>context</code> keyword.</p></td> 346cd6a6acSopenharmony_ci</tr> 356cd6a6acSopenharmony_ci<tr class="even"> 366cd6a6acSopenharmony_ci<td align="left"><p><code>context_id</code></p></td> 376cd6a6acSopenharmony_ci<td align="left"><p>The <code>context</code> identifier.</p></td> 386cd6a6acSopenharmony_ci</tr> 396cd6a6acSopenharmony_ci<tr class="odd"> 406cd6a6acSopenharmony_ci<td align="left"><p><code>user_id</code></p></td> 416cd6a6acSopenharmony_ci<td align="left"><p>A single previously declared <code>user</code> identifier.</p></td> 426cd6a6acSopenharmony_ci</tr> 436cd6a6acSopenharmony_ci<tr class="even"> 446cd6a6acSopenharmony_ci<td align="left"><p><code>role_id</code></p></td> 456cd6a6acSopenharmony_ci<td align="left"><p>A single previously declared <code>role</code> identifier.</p></td> 466cd6a6acSopenharmony_ci</tr> 476cd6a6acSopenharmony_ci<tr class="odd"> 486cd6a6acSopenharmony_ci<td align="left"><p><code>type_id</code></p></td> 496cd6a6acSopenharmony_ci<td align="left"><p>A single previously declared <code>type</code> or <code>typealias</code> identifier.</p></td> 506cd6a6acSopenharmony_ci</tr> 516cd6a6acSopenharmony_ci<tr class="even"> 526cd6a6acSopenharmony_ci<td align="left"><p><code>levelrange_id</code></p></td> 536cd6a6acSopenharmony_ci<td align="left"><p>A single previously declared <code>levelrange</code> identifier. This entry may also be defined by anonymous or named <code>level</code>, <code>sensitivity</code>, <code>sensitivityalias</code>, <code>category</code>, <code>categoryalias</code> or <code>categoryset</code> as discussed in the <a href="#mls_labeling_statements">Multi-Level Security Labeling Statements</a> section and shown in the examples.</p></td> 546cd6a6acSopenharmony_ci</tr> 556cd6a6acSopenharmony_ci</tbody> 566cd6a6acSopenharmony_ci</table> 576cd6a6acSopenharmony_ci 586cd6a6acSopenharmony_ci**Examples:** 596cd6a6acSopenharmony_ci 606cd6a6acSopenharmony_ciThis example uses a named context definition: 616cd6a6acSopenharmony_ci 626cd6a6acSopenharmony_ci```secil 636cd6a6acSopenharmony_ci (context runas_exec_context (u object_r exec low_low)) 646cd6a6acSopenharmony_ci 656cd6a6acSopenharmony_ci (filecon "/system/bin/run-as" file runas_exec_context) 666cd6a6acSopenharmony_ci``` 676cd6a6acSopenharmony_ci 686cd6a6acSopenharmony_cito resolve/build a `file_contexts` entry of (assuming MLS enabled policy): 696cd6a6acSopenharmony_ci 706cd6a6acSopenharmony_ci``` 716cd6a6acSopenharmony_ci /system/bin/run-as -- u:object_r:runas.exec:s0-s0 726cd6a6acSopenharmony_ci``` 736cd6a6acSopenharmony_ci 746cd6a6acSopenharmony_ciThis example uses an anonymous context where the previously declared `user role type levelrange` identifiers are used to specify two [`portcon`](cil_network_labeling_statements.md#portcon) statements: 756cd6a6acSopenharmony_ci 766cd6a6acSopenharmony_ci```secil 776cd6a6acSopenharmony_ci (portcon udp 1024 (test.user object_r test.process ((s0) (s1)))) 786cd6a6acSopenharmony_ci (portcon tcp 1024 (test.user object_r test.process (system_low system_high))) 796cd6a6acSopenharmony_ci``` 806cd6a6acSopenharmony_ci 816cd6a6acSopenharmony_ciThis example uses an anonymous context for the first and named context for the second in a [`netifcon`](cil_network_labeling_statements.md#netifcon) statement: 826cd6a6acSopenharmony_ci 836cd6a6acSopenharmony_ci```secil 846cd6a6acSopenharmony_ci (context netif_context (test.user object_r test.process ((s0 (c0)) (s1 (c0))))) 856cd6a6acSopenharmony_ci 866cd6a6acSopenharmony_ci (netifcon eth04 (test.user object_r test.process ((s0 (c0)) (s1 (c0)))) netif_context) 876cd6a6acSopenharmony_ci``` 88