1SID Statements 2============== 3 4sid 5--- 6 7Declares a new SID identifier in the current namespace. 8 9**Statement definition:** 10 11```secil 12 (sid sid_id) 13``` 14 15**Where:** 16 17<table> 18<colgroup> 19<col width="25%" /> 20<col width="75%" /> 21</colgroup> 22<tbody> 23<tr class="odd"> 24<td align="left"><p><code>sid</code></p></td> 25<td align="left"><p>The <code>sid</code> keyword.</p></td> 26</tr> 27<tr class="even"> 28<td align="left"><p><code>sid_id</code></p></td> 29<td align="left"><p>The <code>sid</code> identifier.</p></td> 30</tr> 31</tbody> 32</table> 33 34**Examples:** 35 36These examples show three [`sid`](cil_sid_statements.md#sid) declarations: 37 38```secil 39 (sid kernel) 40 (sid security) 41 (sid igmp_packet) 42``` 43 44sidorder 45-------- 46 47Defines the order of [sid](#sid)'s. This is a mandatory statement when SIDs are defined. Multiple [`sidorder`](cil_sid_statements.md#sidorder) statements declared in the policy will form an ordered list. 48 49**Statement definition:** 50 51```secil 52 (sidorder (sid_id ...)) 53``` 54 55**Where:** 56 57<table> 58<colgroup> 59<col width="25%" /> 60<col width="75%" /> 61</colgroup> 62<tbody> 63<tr class="odd"> 64<td align="left"><p><code>sidorder</code></p></td> 65<td align="left"><p>The <code>sidorder</code> keyword.</p></td> 66</tr> 67<tr class="even"> 68<td align="left"><p><code>sid_id</code></p></td> 69<td align="left"><p>One or more <code>sid</code> identifiers.</p></td> 70</tr> 71</tbody> 72</table> 73 74**Example:** 75 76This will produce an ordered list of "`kernel security unlabeled`" 77 78```secil 79 (sid kernel) 80 (sid security) 81 (sid unlabeled) 82 (sidorder (kernel security)) 83 (sidorder (security unlabeled)) 84``` 85 86sidcontext 87---------- 88 89Associates an SELinux security [context](#context) to a previously declared [`sid`](cil_sid_statements.md#sid) identifier. 90 91**Statement definition:** 92 93```secil 94 (sidcontext sid_id context_id) 95``` 96 97**Where:** 98 99<table> 100<colgroup> 101<col width="25%" /> 102<col width="75%" /> 103</colgroup> 104<tbody> 105<tr class="odd"> 106<td align="left"><p><code>sidcontext</code></p></td> 107<td align="left"><p>The <code>sidcontext</code> keyword.</p></td> 108</tr> 109<tr class="even"> 110<td align="left"><p><code>sid_id</code></p></td> 111<td align="left"><p>A single previously declared <code>sid</code> identifier.</p></td> 112</tr> 113<tr class="odd"> 114<td align="left"><p><code>context_id</code></p></td> 115<td align="left"><p>A previously declared <code>context</code> identifier or an anonymous security context (<code>user role type levelrange</code>), the range MUST be defined whether the policy is MLS/MCS enabled or not.</p></td> 116</tr> 117</tbody> 118</table> 119 120**Examples:** 121 122This shows two named security context examples plus an anonymous context: 123 124```secil 125 ; Two named context: 126 (sid kernel) 127 (context kernel_context (u r process low_low)) 128 (sidcontext kernel kernel_context) 129 130 (sid security) 131 (context security_context (u object_r process low_low)) 132 (sidcontext security security_context) 133 134 ; An anonymous context: 135 (sid unlabeled) 136 (sidcontext unlabeled (u object_r ((s0) (s0)))) 137``` 138