Mandatory Access Control
The Mandatory Access Control (MAC) framework provides an intuitive API to managing access control to kernel objects.
How It Works
Through the use of MAC entry points through-out the system, composition of kernel discretionary access control decisions may be modified and/or monitored through MAC modules.
The MAC framework also facilitates communication between MAC modules and the rest of the system (including user-space) through MAC labels (covering file descriptors to individual mbuf's) and other entry points (such as mac_syscall, a multiplexed system call of sorts).
The TrustedBSD Mandatory Access Control Framework (FreeBSD Architecture Handbook)
Mandatory Access Control Extended Tutorial (networksynapse.net)