A Multi-Level Security (MLS) policy applies access controls to multiple levels of processes with each level having different rules for user access. Users can't obtain access to information if they don't have the correct authorization to run a process at a specific level. In SELinux, MLS implements the Bell-LaPadula (BLP) model for system security, which applies labels to files, processes, and other system objects to control the flow of information between security levels. In a typical implementation, the labels for security levels might range from the most secure, top secret, through secret, and classified, to the least secure, unclassified. For example, under MLS, you might configure a program labeled secret that can write to a file that's labeled top secret, but can't read from it. Similarly, you would configure the same program to read from and write to a file labeled secret, but only to read classified or unclassified files. So, information that passes through the program can flow upwards through the hierarchy of security levels, but not downwards.