The AEF component is the only part of RSBAC, which has not been modularized, as it needs to be hooked into several locations of the existing kernel code.

In short, every system call and pseudo file handling function is extended by 2 calls to the ADF1). One call is made before the original code and the second just after.

For performance reasons, the request call is only done after the parameters have been checked, and after Linux’s default access control (DAC2)) has granted access. In case the DAC already denied access, there is no need to make a new decision.

Note: Linux’s discretionary scheme can optionally be turned off per directory tree.

Additionally, when the AEF receives a deletion or truncation call for a FILE object, this leads to an ADF call which may overwrite the object data with zeros, for a secure delete functionality.

Table of Contents: RSBAC Handbook
Previous: Framework Components
Next: Access Decision Facility (ADF)