Wikipedia
In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target In practice, a subject is usually a process or thread objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, IO devices, etc Subjects and objects each have a set of security attributes Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place
Mandatory_access_control - Wikipedia, the free encyclopedia