Design

Simple policy language.
Policies are ordered lists of policy statements:

Subject:
Translated system call name.

Data:
String argument.

Op:
Boolean function operating on subject and data .
If true, action is taken.

Action:
ask: user explicitly denies or permits.
deny: system call is denied.
permit: system call is permitted.