First page Back Continue Last page Overview Graphics

High-Level Framework Design

Framework knows about
- Subjects (struct ucred)
- Objects (bpfdesc, devfs_dirent, ifnet, ipq, mbuf, mount, socket, temp, vnode)
- Labels
  - Internalized (struct label)
  - Externalized (struct mac)
- MAC framework entry points
- Policy modules (struct mac_policy_conf)
  - MAC policy entry points