The TrustedBSD MAC framework permits kernel modules to augment the system security
policy in a highly integrated manner. They may do this based on existing object
properties, or based on label data that is maintained with the assistance of the MAC
framework. The framework is sufficiently flexible to implement a variety of policy types,
including information flow security policies such as MLS and Biba, as well as policies
based on existing BSD credentials or file protections. Policy authors may wish to consult
this documentation as well as existing security modules when implementing a new security
service.
