Unveil semantics are a compromise between two objectives

1) as near to O(1) behavior in the kernel for the worst case program installing the worse case ruleset
2) Semantics a programmer can comprehend.

Doing this requires substantial in-kernel object storage / tracking / checking.

This *must* be as efficient as possible in the commonly hit cases - lookup during program operations