When a process want to access a file and doesn't have the LIDS_OUTLAW16.3 we must follow the permissions chained list whose head is given by current->perm.
One by one, the rules are tested, in the order they are linked. If the uid field is negative, it's either the tag of an overload rule (uid < -1) or the default uid (-1), so that the rule is effective. If the uid field is positive or nul, it's an uid and must match current->uid to be effective.
If the rule is effective, it must match the device and inode numbers of the accessed file to be used. If it is an overload, or an uid match, the rule is used. If it is the default tag, we must search for an uid match, and we will use the default one only if no uid matches are found.
If used, it gives the authorized rights of the process. Access is granted only if it has sufficient rights.
If no rules are found for the given inode and device, the same test is done for the parent directory, until a rule is found. If none are found, the access is denied.