Then goes into software permission using a deny list and an allow list. They use the brdige approach with a permit by exception.