What is Mandatory Access Control (MAC)?
Mandatory Access Control (MAC) is another type of access control which is hard-coded into Operating System, normally at kernel level. Mandatory Access Control (MAC) can be applied to any object or a running process within an operating system, and Mandatory Access Control (MAC) allows a high level of control over the objects and processes. Mandatory Access Control (MAC) can be applied to each object, and can control access by processes, applications, and users to the object. Mandatory Access Control (MAC) cannot be modified by the owner of the object.
Mandatory Access Control (MAC) mechanism constrains the ability of a subject (users or processes) to access or perform some sort of operation on an object (files, directories, TCP/UDP ports etc). Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place.
Under Mandatory Access Control (MAC), the super user (root) controls all interactions of software on the system.