Home | History | Annotate | Download | only in docs 
      1 SID Statements
      2 ==============
      3 
      4 sid
      5 ---
      6 
      7 Declares a new SID identifier in the current namespace.
      8 
      9 **Statement definition:**
     10 
     11     (sid sid_id)
     12 
     13 **Where:**
     14 
     15 <table>
     16 <colgroup>
     17 <col width="25%" />
     18 <col width="75%" />
     19 </colgroup>
     20 <tbody>
     21 <tr class="odd">
     22 <td align="left"><p><code>sid</code></p></td>
     23 <td align="left"><p>The <code>sid</code> keyword.</p></td>
     24 </tr>
     25 <tr class="even">
     26 <td align="left"><p><code>sid_id</code></p></td>
     27 <td align="left"><p>The <code>sid</code> identifier.</p></td>
     28 </tr>
     29 </tbody>
     30 </table>
     31 
     32 **Examples:**
     33 
     34 These examples show three [`sid`](cil_sid_statements.md#sid) declarations:
     35 
     36     (sid kernel)
     37     (sid security)
     38     (sid igmp_packet)
     39 
     40 sidorder
     41 --------
     42 
     43 Defines the order of [sid](#sid)'s. This is a mandatory statement when SIDs are defined. Multiple [`sidorder`](cil_sid_statements.md#sidorder) statements declared in the policy will form an ordered list.
     44 
     45 **Statement definition:**
     46 
     47     (sidorder (sid_id ...))
     48 
     49 **Where:**
     50 
     51 <table>
     52 <colgroup>
     53 <col width="25%" />
     54 <col width="75%" />
     55 </colgroup>
     56 <tbody>
     57 <tr class="odd">
     58 <td align="left"><p><code>sidorder</code></p></td>
     59 <td align="left"><p>The <code>sidorder</code> keyword.</p></td>
     60 </tr>
     61 <tr class="even">
     62 <td align="left"><p><code>sid_id</code></p></td>
     63 <td align="left"><p>One or more <code>sid</code> identifiers.</p></td>
     64 </tr>
     65 </tbody>
     66 </table>
     67 
     68 **Example:**
     69 
     70 This will produce an ordered list of "`kernel security unlabeled`"
     71 
     72     (sid kernel)
     73     (sid security)
     74     (sid unlabeled)
     75     (sidorder (kernel security))
     76     (sidorder (security unlabeled))
     77 
     78 sidcontext
     79 ----------
     80 
     81 Associates an SELinux security [context](#context) to a previously declared [`sid`](cil_sid_statements.md#sid) identifier.
     82 
     83 **Statement definition:**
     84 
     85     (sidcontext sid_id context_id)
     86 
     87 **Where:**
     88 
     89 <table>
     90 <colgroup>
     91 <col width="25%" />
     92 <col width="75%" />
     93 </colgroup>
     94 <tbody>
     95 <tr class="odd">
     96 <td align="left"><p><code>sidcontext</code></p></td>
     97 <td align="left"><p>The <code>sidcontext</code> keyword.</p></td>
     98 </tr>
     99 <tr class="even">
    100 <td align="left"><p><code>sid_id</code></p></td>
    101 <td align="left"><p>A single previously declared <code>sid</code> identifier.</p></td>
    102 </tr>
    103 <tr class="odd">
    104 <td align="left"><p><code>context_id</code></p></td>
    105 <td align="left"><p>A previously declared <code>context</code> identifier or an anonymous security context (<code>user role type levelrange</code>), the range MUST be defined whether the policy is MLS/MCS enabled or not.</p></td>
    106 </tr>
    107 </tbody>
    108 </table>
    109 
    110 **Examples:**
    111 
    112 This shows two named security context examples plus an anonymous context:
    113 
    114     ; Two named context:
    115     (sid kernel)
    116     (context kernel_context (u r process low_low))
    117     (sidcontext kernel kernel_context)
    118 
    119     (sid security)
    120     (context security_context (u object_r process low_low))
    121     (sidcontext security security_context)
    122 
    123     ; An anonymous context:
    124     (sid unlabeled)
    125     (sidcontext unlabeled (u object_r ((s0) (s0))))
    126