The TrustedBSD MAC framework provides a mechanism to allow the compile-time or
run-time extension of the kernel access control model. New system policies may be
implemented as kernel modules and linked to the kernel; if multiple policy modules are
present, their results will be composed. The MAC Framework provides a variety of access
control infrastructure services to assist policy writers, including support for transient
and persistent policy-agnostic object security labels. This support is currently
considered experimental.
