The initial SID context configuration is contained in the initial_sid_contexts file. This configuration specifies the security context for each SID that is predefined for system initialization.
A separate domain or type is defined for each initial SID so that the TE configuration can distinguish among the initial SIDs. The domains associated with the kernel, init, and kernel module loader SIDs are described in Section 3.4. The types associated with the other initial SIDs are described in Section 3.3.
All of the initial SID contexts use the system_u user identity, since they represent system processes and objects. The kernel SID, init SID, and kernel module loader SID use the system_r role since they are used for system processes. The initial SIDs for sockets (any_socket, icmp_socket, and tcp_socket) use the system_r role because sockets are treated as proxies for processes in the network access control model. The other initial SIDs use the object_r role since they represent objects.