Framework Details

Kernel services call out to framework entry points for relevant events
- High-level VFS operations, inter-process activities, socket operations, networking events, devfs events...
The framework supports a set of policy modules, and calls out to those modules
- Module registration service
- Label management interfaces
- Module entry points (object events, access control)
- If multiple registered policies, composition functions

Kernel services call out to framework entry points for relevant events