First page Back Continue Last page Overview Text
Encapsulates the policy logic.
Originally a userspace "server" process on the Mach microkernel, now just a component of the SELinux kernel "module".
Other security models can be easily added just by modifying the security server code – rest of SELinux module and kernel is independent of specific models.
Existing security models are highly configurable, so most needs can be met just by customizing policy configuration files. Configuration defines security attributes and rules, drives policy engine. Compiled into binary form and loaded into kernel during system initialization.
Example policy configuration provided to help demonstrate and provide a starting point for early adopters.