hails-0.1.1: IFC enforcing web platform framework

Safe HaskellUnsafe

Hails.Database.MongoDB.TCB.Types

Contents

Synopsis

Collection

type CollectionName = CollectionSource

Name of collection

type CollectionMap l = Labeled l (Map CollectionName (CollectionPolicy l))Source

A labeled Collection map.

data CollectionPolicy l Source

Labels and policies associated with a collection. See Collection.

Constructors

CollectionPolicy 

Fields

colLabel :: l

Collection label

colClear :: l

Collection clearance

colPolicy :: RawPolicy l

Collection labeling policy

data Collection l Source

A collection policy is is a label, clearance and labeling policy. The label specifies who can write to a collection (i.e., only computatoin whose current label flows to the label of the collection). The clearance limits the sensitivity of the data written to the collection (i.e., the labels of all data in the collection must flow to the clearance). Note that the collection label does not impose a restriction on the data (i.e., data can have high integrity). The collection policy specifies the policies for labeling documents and fields of documents.

Constructors

Collection 

Fields

colIntern :: CollectionName

Collection name

colSec :: CollectionPolicy l

Collection secutiry policies: access control and labeling policies

collectionSource

Arguments

:: LabelState l p s 
=> CollectionName

Collection name

-> l

Collection label

-> l

Collection clearance

-> RawPolicy l

Collection policy

-> LIO l p s (Collection l) 

Create a collection given a collection name, label, clearance, and policy. Note that the collection label and clearance must be above the current label and below the current clearance.

collectionPSource

Arguments

:: LabelState l p s 
=> p

Privileges

-> CollectionName

Collection name

-> l

Collection label

-> l

Collection clearance

-> RawPolicy l

Collection policy

-> LIO l p s (Collection l) 

Same as collection, but uses privileges when comparing the collection label and clearance with the current label and clearance.

collectionTCBSource

Arguments

:: LabelState l p s 
=> CollectionName

Collection name

-> l

Collection label

-> l

Collection clearance

-> RawPolicy l

Collection policy

-> LIO l p s (Collection l) 

Same as collection, but ignores IFC.

Database

type DatabaseName = DatabaseSource

Name of database

data Database l Source

A database has a label, which is used for controlling access to the database, an internal identifier corresponding to the underlying MongoDB database, and a set of Collections protected by a label.

Constructors

Database 

Fields

dbIntern :: DatabaseName

Actual MongoDB

dbLabel :: l

Label of database

dbColPolicies :: CollectionMap l

Collections associated with databsae

database :: LabelState l p s => DatabaseName -> l -> CollectionMap l -> LIO l p s (Database l)Source

Same as databaseP, but does not use privileges when comparing the current label (and clearance) with the supplied database label.

databasePSource

Arguments

:: LabelState l p s 
=> p

Privileges

-> DatabaseName

Name of database

-> l

Label of database

-> CollectionMap l

Labeled colleciton map

-> LIO l p s (Database l) 

Create a Database. Given a set of privileges, the name of the database, the database label, and set of collections, create a database. Note that this does not restrict an application from creating arbitrary databases and collections---this should be handled by a shim layer.

databaseTCB :: LabelState l p s => DatabaseName -> l -> CollectionMap l -> LIO l p s (Database l)Source

Sameas databaseP, but ignores IFC checks.

assocCollection :: LabelState l p s => Collection l -> Database l -> LIO l p s (Database l)Source

Same as assocCollectionP, but does not use privileges when writing to database collection map.

assocCollectionP :: LabelState l p s => p -> Collection l -> Database l -> LIO l p s (Database l)Source

Associate a collection with the underlying database.

assocCollectionTCB :: LabelState l p s => Collection l -> Database l -> LIO l p s (Database l)Source

Same as assocCollectionP, but ignores IFC.

Policies

data RawPolicy l Source

A RawPolicy encodes a document policy, and all field policies. It is required that all fields of type PolicyLabled have a field/column policy -- if using only this low-level interface a runtime-error will occur if this is not satisfied.

Constructors

RawPolicy 

Fields

rawDocPolicy :: Document l -> l

A row (document) policy is a function from a Document to a Label.

rawFieldPolicies :: [(Key, FieldPolicy l)]

A column (field) policy is a function from a Document to a Label, for each field of type PolicyLabeled.

data FieldPolicy l Source

A FieldPolicy specifies the policy-generated label of a field. SearchabelField specifies that the field can be referenced in the selection clause of a Query, and therefore the document label does not apply to it.

Constructors

SearchableField 
FieldPolicy (Document l -> l) 

isSearchableField :: FieldPolicy l -> BoolSource

Returns True if the policy is for a searchable field

searchableFields :: RawPolicy l -> [Key]Source

Returns a list of the SearchableFields speicified in a RawPolicy

data PolicyError Source

Field/column policies are required for every PolicyLabled value in a document.

Constructors

NoFieldPolicy

Policy for field not specified

InvalidPolicy

Policy application invalid

NoColPolicy

Policy for Collection not specified

InvalidFieldPolicyType

Field with associated policy is not of PolicyLabeled type

InvalidSearchableType

Searchable fields cannot contain labeled values

PolicyViolation

Policy has been violated

Instances

data NoSuchDatabaseError Source

Constructors

NoSuchDatabase 

Instances

Monad

newtype UnsafeLIO l p s a Source

Since it would be a security violation to make LIO an instance of MonadIO, we create a Mongo-specific, wrapper for LIO that is instance of MonadIO.

NOTE: IT IS IMPORTANT THAT UnsafeLIO NEVER BE EXPOSED BY MODULES THAT ARE NOT Unsafe.

Constructors

UnsafeLIO 

Fields

unUnsafeLIO :: LIO l p s a
 

Instances

LabelState l p s => MonadBase IO (UnsafeLIO l p s)

UNSAFE: Instance of MonadBase IO.

LabelState l p s => MonadBaseControl IO (UnsafeLIO l p s)

UNSAFE: Instance of MonadBaseControl IO. NOTE: This instance is a hack. I got this to work by tweaking Bas' Annex example, but should spend time actually understanding the details.

Monad (UnsafeLIO l p s) 
Functor (UnsafeLIO l p s) 
Applicative (UnsafeLIO l p s) 
LabelState l p s => MonadIO (UnsafeLIO l p s)

UNSAFE: Instance of MonadIO.

LabelState l p s => MonadLIO (UnsafeLIO l p s) l p s 

newtype LIOAction l p s a Source

An LIO action with MongoDB access.

Constructors

LIOAction 

Fields

unLIOAction :: Action (UnsafeLIO l p s) a
 

Instances

Monad (LIOAction l p s) 
Functor (LIOAction l p s) 
Applicative (LIOAction l p s) 
LabelState l p s => MonadLIO (LIOAction l p s) l p s 

newtype Action l p s a Source

Constructors

Action (ReaderT (Database l) (LIOAction l p s) a) 

Instances

Monad (Action l p s) 
Functor (Action l p s) 
Applicative (Action l p s) 
LabelState l p s => MonadLIO (Action l p s) l p s 

liftAction :: LabelState l p s => Action (UnsafeLIO l p s) a -> Action l p s aSource

Lift a MongoDB action into Action monad.

getDatabase :: Action l p s (Database l)Source

Get underlying database.

Cursor

data Cursor l Source

A labeled cursor. The cursor is labeled with the join of the database and collection it reads from.

Constructors

Cursor 

Fields

curLabel :: l

Cursorlabel

curIntern :: Cursor

Actual cursor

curProject :: Projector

Projector from query

curPolicy :: CollectionPolicy l

Collection policy

Misc

data Failure

A connection failure, or a read or write exception like cursor expired or inserting a duplicate key. Note, unexpected data from the server is not a Failure, rather it is a programming error (you should call error in this case) because the client and server are incompatible and requires a programming change.

Instances

Eq Failure 
Show Failure 
Error Failure

fail is treated the same as a programming error. In other words, don't use it.

Monad m => MonadError Failure (Action m)