AD Access Control mechanism was implemented fully as specified in Chapter
4 (Subsection 4.3.9) in function
linsec_check_ad_perms
(kernel/linsec_access_control.c).
After the inspection of all file system related system calls provided by Linux kernel it was noted that traditional DAC for all of them is performed by the permission function (fs/namei.c). The logical choice would be to place a call to linsec_check_ad_perms in this function. The parameter to the permission function that denotes a file, for which access control check is to be performed, is of type struct inode (linux/fs.h). Unfortunately, struct inode does not provide sufficient information for the algorithm to be able to traverse the file's parent directories up to the file system root as required by the specification. Therefore, a call to linsec_check_ad_perms had to be placed in every single file system related system call just before a call to the permission function to obtain the desired behavior.