1SID Statements 2============== 3 4sid 5--- 6 7Declares a new SID identifier in the current namespace. 8 9**Statement definition:** 10 11 (sid sid_id) 12 13**Where:** 14 15<table> 16<colgroup> 17<col width="25%" /> 18<col width="75%" /> 19</colgroup> 20<tbody> 21<tr class="odd"> 22<td align="left"><p><code>sid</code></p></td> 23<td align="left"><p>The <code>sid</code> keyword.</p></td> 24</tr> 25<tr class="even"> 26<td align="left"><p><code>sid_id</code></p></td> 27<td align="left"><p>The <code>sid</code> identifier.</p></td> 28</tr> 29</tbody> 30</table> 31 32**Examples:** 33 34These examples show three [`sid`](cil_sid_statements.md#sid) declarations: 35 36 (sid kernel) 37 (sid security) 38 (sid igmp_packet) 39 40sidorder 41-------- 42 43Defines the order of [sid](#sid)'s. This is a mandatory statement when SIDs are defined. Multiple [`sidorder`](cil_sid_statements.md#sidorder) statements declared in the policy will form an ordered list. 44 45**Statement definition:** 46 47 (sidorder (sid_id ...)) 48 49**Where:** 50 51<table> 52<colgroup> 53<col width="25%" /> 54<col width="75%" /> 55</colgroup> 56<tbody> 57<tr class="odd"> 58<td align="left"><p><code>sidorder</code></p></td> 59<td align="left"><p>The <code>sidorder</code> keyword.</p></td> 60</tr> 61<tr class="even"> 62<td align="left"><p><code>sid_id</code></p></td> 63<td align="left"><p>One or more <code>sid</code> identifiers.</p></td> 64</tr> 65</tbody> 66</table> 67 68**Example:** 69 70This will produce an ordered list of "`kernel security unlabeled`" 71 72 (sid kernel) 73 (sid security) 74 (sid unlabeled) 75 (sidorder (kernel security)) 76 (sidorder (security unlabeled)) 77 78sidcontext 79---------- 80 81Associates an SELinux security [context](#context) to a previously declared [`sid`](cil_sid_statements.md#sid) identifier. 82 83**Statement definition:** 84 85 (sidcontext sid_id context_id) 86 87**Where:** 88 89<table> 90<colgroup> 91<col width="25%" /> 92<col width="75%" /> 93</colgroup> 94<tbody> 95<tr class="odd"> 96<td align="left"><p><code>sidcontext</code></p></td> 97<td align="left"><p>The <code>sidcontext</code> keyword.</p></td> 98</tr> 99<tr class="even"> 100<td align="left"><p><code>sid_id</code></p></td> 101<td align="left"><p>A single previously declared <code>sid</code> identifier.</p></td> 102</tr> 103<tr class="odd"> 104<td align="left"><p><code>context_id</code></p></td> 105<td align="left"><p>A previously declared <code>context</code> identifier or an anonymous security context (<code>user role type levelrange</code>), the range MUST be defined whether the policy is MLS/MCS enabled or not.</p></td> 106</tr> 107</tbody> 108</table> 109 110**Examples:** 111 112This shows two named security context examples plus an anonymous context: 113 114 ; Two named context: 115 (sid kernel) 116 (context kernel_context (u r process low_low)) 117 (sidcontext kernel kernel_context) 118 119 (sid security) 120 (context security_context (u object_r process low_low)) 121 (sidcontext security security_context) 122 123 ; An anonymous context: 124 (sid unlabeled) 125 (sidcontext unlabeled (u object_r ((s0) (s0)))) 126