FLASK
SELinux Flask architecture
-
provides flexible support for MAC control policies
-
separates the definition of the policy logic from the enforcement mechanism
-
provides an access vector cache (AVC) that stores the access
decision computations provided by the security server
-
defines a security context as a
representation of the security label and
security identifier (SID) as an integer that is mapped by
the security server to a security context
-
specifies the interfaces provided by the security server
to the object manager that enforce the security policy