# Mandatory access control (MAC)

YiffCore is a tri-MAC (mandatory access control) architecture, in other words, the privilege levels are divided into three rings: 0, 1, and 2. Where 0 is the most privileged and is one-level below the operating system kernel, 1 is reserved for the operating system kernel itself and 2 is the lowest privileged level used for user-level applications.

For scalability, YiffCore employs a MAC-ROM which encodes per-instruction access levels. In other words, every instruction within the MAC ROM is paired with a value indicating what can execute it (if it is higher than what is specified, e.g., an instruction marked with 2 can be executed by rings 2, 1 and 0).