SIDStatements
From SELinux Wiki
[edit] Security ID (SID) Statement
There are two SID statements, the first one declares the actual SID identifier and is defined at the start of a policy source file. The second statement is used to add an initial security context to the SID that is used when SELinux initialises or as a default if an object is not labeled correctly. The Building a Basic Policy section shows their usage.
[edit] sid Statement
The sid statement declares the actual SID identifier and is defined at the start of a policy source file.
The statement definition is:
sid sid_id
Where:
| sid | The sid keyword. |
| sid_id | The sid identifier. Note that there is no terminating ';'. |
The statement is valid in:
Example:
This example has been taken from the Reference Policy source ../policy/flask/initial_sids file.
# This example was taken from the # ./policy/flask/initial_sids file and declares some # of the initial SIDs: # sid kernel sid security sid unlabeled sid fs
[edit] sid context Statement
The sid context statement is used to add an initial security context to the SID that is used when SELinux initialises, or as a default if an object is not labeled correctly.
sid sid_id context
Where:
| sid | The sid keyword. |
| sid_id | The previously declared sid identifier. |
| context | The initial security context associated with the SID. Note that there is no terminating ';'. |
The statements are valid in:
Examples:
# These statements add an initial security context to an object # that is used when SELinux initialises or as a default if a # context is not available or labeled incorrectly. # # This one is from a targeted policy: sid unlabeled system_u:object_r:unlabeled_t # This one is from an MLS policy. Note that the security level is # set to SystemHigh as it may need to label any object in the # system. sid unlabeled system_u:object_r:unlabeled_t:s15:c0.c255
