Domain Type Access Control (2/2)

Each object (file, network port/interface, etc) has a type

Policy rules determine what access every domain has to each type

Policy rules control interaction between domains (signals, pipes, etc)

Having one domain would give the same result as a non-SE system, the more domains the more detailed the control you have over security (and the more work to set it up)