When FESF wants to know the Policy for a given access operation on a particular file, it calls a callback in the Client Solution. The entity within FESF that performs this callback is the FESF Policy Service (FesfPolicy). FesfPolicy is a standard Windows user-mode service. The callback function that FesfPolicy calls is provided by the Solution in a DLL known as the Client Policy DLL. FesfPolicy loads this DLL dynamically when it starts based on a Registry parameter.
We'll describe a great deal more about the Client Policy DLL later in this document. However, what's important to understand at this point is that the Policy DLL is the (one and only) way that FESF asks the Client Solution for Policy decisions. Thus, the Client Policy DLL is the interface between FESF and the Client Solution when it comes to determining Policy for a file.
For example, each time a new file is created on a system with FESF running, FesfPolicy will call the Policy DLL's PolGetPolicyNewFile callback function. As the return value from this function, the Client Policy DLL indicates whether data should be encrypted when written to the file that's being created or whether data should be written to the file being created as clear text. Similarly, each time an existing encrypted file is opened, the Policy DLL's PolGetPolicyExistingFile callback function is invoked. And, similarly, the return value from this function indicates whether FESF should transparently encrypt/decrypt data when this application instance writes/reads the file, or whether FESF should provide "raw" access (that is, access without transparent encryption or decryption).