The purpose of the Domain Access Control Register is to hold the access permissions for a maximum of 16 domains.
The Domain Access Control Register is:
a read/write register banked for Secure and Nonsecure states
accessible in privileged modes only.
Figure 3.29 shows the bit arrangement of the Domain Access Control Register.
Table 3.66 shows how the bit values correspond with the Domain Access Control Register functions.
The fields D15-D0 in the register define the access permissions for each one of the 16 domains. These domains can be either sections, large pages, or small pages of memory:
b00 = No access. Any access generates a domain fault.
b01 = Client. Accesses are checked against the access permission bits in the TLB entry.
b10 = Reserved. Any access generates a domain fault.
b11 = Manager. Accesses are not checked against the access permission bits in the TLB entry, so a permission fault cannot be generated. Attempting to execute code in a page that has the TLB eXecute Never (XN) attribute set does not generate an abort.
[a] n is the Domain number in the range between 0 and 15
Attempts to write to this register in secure privileged mode when CP15SDISABLE is HIGH result in an Undefined Instruction exception, see Security Extensions write access disable.
Table 3.67 shows the results of attempted access for each mode.
|Secure privileged||Nonsecure privileged||Secure User||Nonsecure User|
|Secure data||Secure data||Nonsecure data||Nonsecure data||Undefined||Undefined||Undefined||Undefined|
 An entry of Undefined in the table means that the access gives an Undefined Instruction exception when the coprocessor instruction is executed.
To access the Domain Access Control Register, read or write CP15 with:
MRC p15, 0, <Rd>, c3, c0, 0 ; Read Domain Access Control Register
MCR p15, 0, <Rd>, c3, c0, 0 ; Write Domain Access Control Register