1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
SID Statements
==============
sid
---
Declares a new SID identifier in the current namespace.
**Statement definition:**
(sid sid_id)
**Where:**
<table>
<colgroup>
<col width="25%" />
<col width="75%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><code>sid</code></p></td>
<td align="left"><p>The <code>sid</code> keyword.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code>sid_id</code></p></td>
<td align="left"><p>The <code>sid</code> identifier.</p></td>
</tr>
</tbody>
</table>
**Examples:**
These examples show three [`sid`](cil_sid_statements.md#sid) declarations:
(sid kernel)
(sid security)
(sid igmp_packet)
sidorder
--------
Defines the order of [sid](#sid)'s. This is a mandatory statement when SIDs are defined. Multiple [`sidorder`](cil_sid_statements.md#sidorder) statements declared in the policy will form an ordered list.
**Statement definition:**
(sidorder (sid_id ...))
**Where:**
<table>
<colgroup>
<col width="25%" />
<col width="75%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><code>sidorder</code></p></td>
<td align="left"><p>The <code>sidorder</code> keyword.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code>sid_id</code></p></td>
<td align="left"><p>One or more <code>sid</code> identifiers.</p></td>
</tr>
</tbody>
</table>
**Example:**
This will produce an ordered list of "`kernel security unlabeled`"
(sid kernel)
(sid security)
(sid unlabeled)
(sidorder (kernel security))
(sidorder (security unlabeled))
sidcontext
----------
Associates an SELinux security [context](#context) to a previously declared [`sid`](cil_sid_statements.md#sid) identifier.
**Statement definition:**
(sidcontext sid_id context_id)
**Where:**
<table>
<colgroup>
<col width="25%" />
<col width="75%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><code>sidcontext</code></p></td>
<td align="left"><p>The <code>sidcontext</code> keyword.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code>sid_id</code></p></td>
<td align="left"><p>A single previously declared <code>sid</code> identifier.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><code>context_id</code></p></td>
<td align="left"><p>A previously declared <code>context</code> identifier or an anonymous security context (<code>user role type levelrange</code>), the range MUST be defined whether the policy is MLS/MCS enabled or not.</p></td>
</tr>
</tbody>
</table>
**Examples:**
This shows two named security context examples plus an anonymous context:
; Two named context:
(sid kernel)
(context kernel_context (u r process low_low))
(sidcontext kernel kernel_context)
(sid security)
(context security_context (u object_r process low_low))
(sidcontext security security_context)
; An anonymous context:
(sid unlabeled)
(sidcontext unlabeled (u object_r ((s0) (s0))))
|
