2.4.4.17.1 Conditional ACE Expressions
This section defines the semantics and format of the ApplicationData field of a callback ACE holding a conditional expression.
Conditional expressions are logical expressions that are part of a conditional ACE (section 2.4.4.17) and are evaluated during an access check evaluation to determine if the effect (to allow or deny the specified permissions) of the conditional ACE is to apply in the access check valuation.
A conditional expression is composed of a series of one or more simpler conditional expressions or expression terms in syntactical relation to logical operators and security attributes such that when evaluated, the expression will produce TRUE, FALSE, or UNKNOWN. Conditional expressions can be operands to the AND, OR, or NOT logical operators. (Logical operators are defined in section 2.4.4.17.7.)