One final detail remains to be discussed. The FESF documentation, and even the names of interfaces, uniformly refers to files as the unit of access. For example, we might describe the PolGetPolicyNewFile function as follows:
"A Policy DLL's PolGetPolicyNewFile callback function determines whether a new file should be created in encrypted or non-encrypted format."
While this is correct, it doesn't say anything about how FESF deals with alternate data streams ("streams") on file systems that support them.
FESF is fully stream aware. This means that FESF supports accessing, and optionally transparently encrypting and decrypting, data on a per-stream basis on file systems that support alternate data streams. Therefore, for file systems that support streams, the FESF documentation should be read as including "stream" whenever the term "file" is encountered.
On file systems that support alternate data streams, the file name information passed into the Client Solution includes the name of the stream when that stream is not the default data stream (that is, when the stream name is not "::$DATA"). This means that on files with alternate data streams, FESF allows the Client DLL to establish Policy on a per stream basis and not just on a per file basis. Also, while FESF will not call the Policy DLL for directories as a general rule, for file systems that support streams on directories it will call the Policy DLL for streams created on directories.
In terms of FESF Policy Caching, caching is done on a per-stream basis. Thus, on file systems that support alternate data streams, the support function FesfUtl2PurgePolicyCache, when called for a file, applies to a specific stream of the file (if the file has multiple data streams).
As a general guideline, any reference in FESF documentation that refers to "files" should be understood to refer to "streams" on file systems that support alternate data streams.