Within SELinux, a security context is represented as variable-length strings that define the SELinux user, their role, a type identifier and an optional MCS / MLS security range or level as follows:
|user||The SELinux user identity. This can be associated to one or more roles that the SELinux user is allowed to use.|
|role||The SELinux role. This can be associated to one or more types the SELinux user is allowed to access.|
|type||When a type is associated with a process, it defines what processes (or domains) the SELinux user (the subject) can access.|
When a type is associated with an object, it defines what access permissions the SELinux user has to that object.
|range||This field can also be know as a level and is only present if the policy supports MCS or MLS. The entry can consist of:|