SID Statements

sid

Declares a new SID identifier in the current namespace.

Statement definition:

(sid sid_id)

Where:

Examples:

These examples show three sid declarations:

(sid kernel)
(sid security)
(sid igmp_packet)

sidorder

Defines the order of sid's. This is a mandatory statement when SIDs are defined. Multiple sidorder statements declared in the policy will form an ordered list.

Statement definition:

(sidorder (sid_id ...))

Where:

Example:

This will produce an ordered list of “kernel security unlabeled”

(sid kernel)
(sid security)
(sid unlabeled)
(sidorder (kernel security))
(sidorder (security unlabeled))

sidcontext

Associates an SELinux security context to a previously declared sid identifier.

Statement definition:

(sidcontext sid_id context_id)

Where:

Examples:

This shows two named security context examples plus an anonymous context:

; Two named context:
(sid kernel)
(context kernel_context (u r process low_low))
(sidcontext kernel kernel_context)

(sid security)
(context security_context (u object_r process low_low))
(sidcontext security security_context)

; An anonymous context:
(sid unlabeled)
(sidcontext unlabeled (u object_r ((s0) (s0))))