Another possibility - make context_id reflect the physical structure but add another field, default NULL, that overides it for permissions inheritance only. I'd have to look into the various queries on permissions to convince myself that it wouldn't slow things down.
This presumes there's usefulness in the current scheme which allows you to control the inheritance hierarchy for permissions. In theory it seems there is, in practice I have doubts. It would give us a way to make the standard OACS 4.5 solution follow the physical hierarchy while giving those who need greater flexibility a built-in hook for doing so.
This way only those who need the flexibility need pay the cost of maintaining two hierarchies.