A mechanism — enforced by the kernel — to protect against unauthorised access to data regardless of whether the requesting app is itself sandboxed.