Mandatory access control (mac) is a security approach that contains the ability of an individual resource owner to grant or deny access to resources or files on the system. Whenever a user tries to access an object, an authorisation rule is enforced by the os. Kernel examines these security aspects and decides whether the user can access or not. Any operation by any user is typically tested against a set of authorisation rules (aka policy) to determine if the operation is allowed.