Home | History | Annotate | Download | only in docs 
      1 <!-- Common Interface Language (CIL) Reference Guide -->
      2            <!-- sid_statements.xml -->
      3 
      4    <sect1>
      5       <title>SID Statements</title>
      6       <sect2 id="sid">
      7          <title>sid</title>
      8          <para>Declares a new SID identifier in the current namespace.</para>
      9          <para><emphasis role="bold">Statement definition:</emphasis></para>
     10          <programlisting><![CDATA[(sid sid_id)]]></programlisting>
     11          <para><emphasis role="bold">Where:</emphasis></para>
     12          <informaltable frame="all">
     13             <tgroup cols="2">
     14             <colspec colwidth="2 *"/>
     15             <colspec colwidth="6 *"/>
     16                <tbody>
     17                <row>
     18                   <entry>
     19                      <para><literal>sid</literal></para>
     20                   </entry>
     21                   <entry>
     22                      <para>The <literal>sid</literal> keyword.</para>
     23                   </entry>
     24                </row>
     25                <row>
     26                   <entry>
     27                      <para><literal>sid_id</literal></para>
     28                   </entry>
     29                   <entry>
     30                      <para>The <literal>sid</literal> identifier.</para>
     31                   </entry>
     32                </row>
     33             </tbody></tgroup>
     34          </informaltable>
     35 
     36          <para><emphasis role="bold">Examples:</emphasis></para>
     37          <para>These examples show three <literal>sid</literal> declarations:</para>
     38             <programlisting><![CDATA[
     39 (sid kernel)
     40 (sid security)
     41 (sid igmp_packet)]]>
     42          </programlisting>
     43       </sect2>
     44 
     45       <sect2 id="sidorder">
     46          <title>sidorder</title>
     47          <para>Defines the order of <link linkend="sid">sid</link>'s. This is a mandatory statement when SIDs are defined. Multiple <literal>sidorder</literal> statements declared in the policy will form an ordered list.</para>
     48          <para><emphasis role="bold">Statement definition:</emphasis></para>
     49          <programlisting><![CDATA[(sidorder (sid_id ...))]]></programlisting>
     50          <para><emphasis role="bold">Where:</emphasis></para>
     51          <informaltable frame="all">
     52             <tgroup cols="2">
     53             <colspec colwidth="2 *"/>
     54             <colspec colwidth="6 *"/>
     55                <tbody>
     56                <row>
     57                   <entry>
     58                      <para><literal>sidorder</literal></para>
     59                   </entry>
     60                   <entry>
     61                      <para>The <literal>sidorder</literal> keyword.</para>
     62                   </entry>
     63                </row>
     64                <row>
     65                   <entry>
     66                      <para><literal>sid_id</literal></para>
     67                   </entry>
     68                   <entry>
     69                      <para>One or more <literal><link linkend="sid">sid</link></literal> identifiers.</para>
     70                   </entry>
     71                </row>
     72             </tbody></tgroup>
     73          </informaltable>
     74 
     75          <para><emphasis role="bold">Example:</emphasis></para>
     76          <para>This will produce an ordered list of "<literal>kernel security unlabeled</literal>"</para>
     77          <programlisting><![CDATA[
     78 (sid kernel)
     79 (sid security)
     80 (sid unlabeled)
     81 (sidorder (kernel security))
     82 (sidorder (security unlabeled))]]>
     83       </programlisting>
     84       </sect2>
     85 
     86       <sect2 id="sidcontext">
     87          <title>sidcontext</title>
     88          <para>Associates an SELinux security <link linkend="context">context</link> to a previously declared <literal><link linkend="sid">sid</link></literal> identifier.</para>
     89          <para><emphasis role="bold">Statement definition:</emphasis></para>
     90          <programlisting><![CDATA[(sidcontext sid_id context_id)]]></programlisting>
     91          <para><emphasis role="bold">Where:</emphasis></para>
     92          <informaltable frame="all">
     93             <tgroup cols="2">
     94             <colspec colwidth="2 *"/>
     95             <colspec colwidth="6 *"/>
     96                <tbody>
     97                <row>
     98                   <entry>
     99                      <para><literal>sidcontext</literal></para>
    100                   </entry>
    101                   <entry>
    102                      <para>The <literal>sidcontext</literal> keyword.</para>
    103                   </entry>
    104                </row>
    105                <row>
    106                   <entry>
    107                      <para><literal>sid_id</literal></para>
    108                   </entry>
    109                   <entry>
    110                      <para>A single previously declared <literal><link linkend="sid">sid</link></literal> identifier.</para>
    111                   </entry>
    112                </row>
    113                <row>
    114                   <entry>
    115                      <para><literal>context_id</literal></para>
    116                   </entry>
    117                   <entry>
    118                      <para>A previously declared <literal><link linkend="context">context</link></literal> identifier or an anonymous security context (<literal><link linkend="user">user</link> <link linkend="role">role</link> <link linkend="type">type</link> <link linkend="levelrange">levelrange</link></literal>), the range MUST be defined whether the policy is MLS/MCS enabled or not.</para>
    119                   </entry>
    120                </row>
    121             </tbody></tgroup>
    122          </informaltable>
    123 
    124          <para><emphasis role="bold">Examples:</emphasis></para>
    125          <para>This shows two named security context examples plus an anonymous context:</para>
    126          <programlisting><![CDATA[
    127 ; Two named context:
    128 (sid kernel)
    129 (context kernel_context (u r process low_low))
    130 (sidcontext kernel kernel_context)
    131 
    132 (sid security)
    133 (context security_context (u object_r process low_low))
    134 (sidcontext security security_context)
    135 
    136 ; An anonymous context:
    137 (sid unlabeled)
    138 (sidcontext unlabeled (u object_r ((s0) (s0))))]]>
    139          </programlisting>
    140       </sect2>
    141 
    142    </sect1>
    143