| <!-- Common Interface Language (CIL) Reference Guide --> |
| <!-- sid_statements.xml --> |
| |
| <sect1> |
| <title>SID Statements</title> |
| <sect2 id="sid"> |
| <title>sid</title> |
| <para>Declares a new SID identifier in the current namespace.</para> |
| <para><emphasis role="bold">Statement definition:</emphasis></para> |
| <programlisting><![CDATA[(sid sid_id)]]></programlisting> |
| <para><emphasis role="bold">Where:</emphasis></para> |
| <informaltable frame="all"> |
| <tgroup cols="2"> |
| <colspec colwidth="2 *"/> |
| <colspec colwidth="6 *"/> |
| <tbody> |
| <row> |
| <entry> |
| <para><literal>sid</literal></para> |
| </entry> |
| <entry> |
| <para>The <literal>sid</literal> keyword.</para> |
| </entry> |
| </row> |
| <row> |
| <entry> |
| <para><literal>sid_id</literal></para> |
| </entry> |
| <entry> |
| <para>The <literal>sid</literal> identifier.</para> |
| </entry> |
| </row> |
| </tbody></tgroup> |
| </informaltable> |
| |
| <para><emphasis role="bold">Examples:</emphasis></para> |
| <para>These examples show three <literal>sid</literal> declarations:</para> |
| <programlisting><![CDATA[ |
| (sid kernel) |
| (sid security) |
| (sid igmp_packet)]]> |
| </programlisting> |
| </sect2> |
| |
| <sect2 id="sidorder"> |
| <title>sidorder</title> |
| <para>Defines the order of <link linkend="sid">sid</link>'s. This is a mandatory statement when SIDs are defined. Multiple <literal>sidorder</literal> statements declared in the policy will form an ordered list.</para> |
| <para><emphasis role="bold">Statement definition:</emphasis></para> |
| <programlisting><![CDATA[(sidorder (sid_id ...))]]></programlisting> |
| <para><emphasis role="bold">Where:</emphasis></para> |
| <informaltable frame="all"> |
| <tgroup cols="2"> |
| <colspec colwidth="2 *"/> |
| <colspec colwidth="6 *"/> |
| <tbody> |
| <row> |
| <entry> |
| <para><literal>sidorder</literal></para> |
| </entry> |
| <entry> |
| <para>The <literal>sidorder</literal> keyword.</para> |
| </entry> |
| </row> |
| <row> |
| <entry> |
| <para><literal>sid_id</literal></para> |
| </entry> |
| <entry> |
| <para>One or more <literal><link linkend="sid">sid</link></literal> identifiers.</para> |
| </entry> |
| </row> |
| </tbody></tgroup> |
| </informaltable> |
| |
| <para><emphasis role="bold">Example:</emphasis></para> |
| <para>This will produce an ordered list of "<literal>kernel security unlabeled</literal>"</para> |
| <programlisting><![CDATA[ |
| (sid kernel) |
| (sid security) |
| (sid unlabeled) |
| (sidorder (kernel security)) |
| (sidorder (security unlabeled))]]> |
| </programlisting> |
| </sect2> |
| |
| <sect2 id="sidcontext"> |
| <title>sidcontext</title> |
| <para>Associates an SELinux security <link linkend="context">context</link> to a previously declared <literal><link linkend="sid">sid</link></literal> identifier.</para> |
| <para><emphasis role="bold">Statement definition:</emphasis></para> |
| <programlisting><![CDATA[(sidcontext sid_id context_id)]]></programlisting> |
| <para><emphasis role="bold">Where:</emphasis></para> |
| <informaltable frame="all"> |
| <tgroup cols="2"> |
| <colspec colwidth="2 *"/> |
| <colspec colwidth="6 *"/> |
| <tbody> |
| <row> |
| <entry> |
| <para><literal>sidcontext</literal></para> |
| </entry> |
| <entry> |
| <para>The <literal>sidcontext</literal> keyword.</para> |
| </entry> |
| </row> |
| <row> |
| <entry> |
| <para><literal>sid_id</literal></para> |
| </entry> |
| <entry> |
| <para>A single previously declared <literal><link linkend="sid">sid</link></literal> identifier.</para> |
| </entry> |
| </row> |
| <row> |
| <entry> |
| <para><literal>context_id</literal></para> |
| </entry> |
| <entry> |
| <para>A previously declared <literal><link linkend="context">context</link></literal> identifier or an anonymous security context (<literal><link linkend="user">user</link> <link linkend="role">role</link> <link linkend="type">type</link> <link linkend="levelrange">levelrange</link></literal>), the range MUST be defined whether the policy is MLS/MCS enabled or not.</para> |
| </entry> |
| </row> |
| </tbody></tgroup> |
| </informaltable> |
| |
| <para><emphasis role="bold">Examples:</emphasis></para> |
| <para>This shows two named security context examples plus an anonymous context:</para> |
| <programlisting><![CDATA[ |
| ; Two named context: |
| (sid kernel) |
| (context kernel_context (u r process low_low)) |
| (sidcontext kernel kernel_context) |
| |
| (sid security) |
| (context security_context (u object_r process low_low)) |
| (sidcontext security security_context) |
| |
| ; An anonymous context: |
| (sid unlabeled) |
| (sidcontext unlabeled (u object_r ((s0) (s0))))]]> |
| </programlisting> |
| </sect2> |
| |
| </sect1> |