The te policy family enables the implementation of an access control model based on the concept of Type Enforcement (TE). A description of the TE model is provided in the configuration of the te family instance.
An access control model based on Type Enforcement lets you assign types to security domains and describe a matrix of acceptable permissions for the interaction of each pair of types.
For example, there are regular files and protected files. You must restrict user access to protected files by granting them only read permissions, and grant the administrator read-and-write permissions for files of any type.
The te family lets you accomplish this task. To do so, you must declare the file, file_readonly, process.user and process.root types and specify which permissions the process.user and process.root types have when calling various types of files.
A declaration of the te family is in the following file:
/opt/KasperskyOS-StarterKit-<version>/sysroot-x86_64-pc-kos/include/kss/server/te.cfg