Policy configuration consists of code group declarations (herein CG) with membership conditions so that code can be determined to be in a specific set of code groups. Each code group consists the defining membership conditions (MC), an allowed permission set (PA), and special attribute exclusive (EX). Thus,
CG = { MC, PA, EX }