This potential problem area involves the somewhat hazy distinction that exists between the control program and certain types of unauthorized programs. In most installations, there are unauthorized programs that are actually extensions to the control program in that they are allowed (by means of various special SVCs, and so forth) to bypass normal system controls over access to system resources. For example, a special utility program that scans all the data on a pack might be able to avoid the normal system extent checking on a direct access volume.
If an installation has its own control program extensions and SVCs that allow the bypass of normal system security or integrity checks (for example, an SVC that returns control in key 0), and if such SVCs are not currently restricted from use by an unauthorized program, the APF should be used to restrict them and to authorize the control program extensions that use them.