Type Enforcement
Under Type Enforcement is defined as a form of implementation of a MAC system. Here, in the definition of access rules are not the resources to be protected itself, but a type that has been assigned to those indicated.
Example
Under SELinux can a group of files that should be protected, a type can be assigned. So you can, for example, for all files that are in the mail spool, var_mqueue_t assign the type.
If you want to now allow a mail server to access these files, so you will only need to type var_mqueue_t at the access rules instead of file names.
Implementations
SELinux is an extension of the operating system Linux, which implements a Type Enforcement system.
- Access control