The following is an example of permissions used on Linux operating systems that do not run Security-Enhanced Linux (SELinux).The permissions and output in these examples may differ slightly from your system."Integrating Flexible Support for Security Policies into the Linux Operating System", by Peter Loscocco and Stephen Smalley.
This cache is known as the Access Vector Cache (AVC).
When properly implemented, it enables a system to adequately defend itself and offers critical support for application security by protecting against the tampering with, and bypassing of, secured applications.
MAC provides strong separation of applications that permits the safe execution of untrustworthy applications.
Its ability to limit the privileges associated with executing processes limits the scope of potential damage that can result from the exploitation of vulnerabilities in applications and system services.
MAC enables information to be protected from legitimate users with limited authorization as well as from authorized users who have unwittingly executed malicious applications.