- type CollectionName = Text
- type CollectionSet = DCLabeled (Set Collection)
- data Collection
- colName :: Collection -> CollectionName
- colLabel :: Collection -> DCLabel
- colClearance :: Collection -> DCLabel
- colPolicy :: Collection -> CollectionPolicy
- type DatabaseName = Text
- data Database
- databaseName :: Database -> DatabaseName
- databaseLabel :: Database -> DCLabel
- databaseCollections :: Database -> CollectionSet
- type LabeledHsonDocument = DCLabeled HsonDocument
- data DBAction a
- data DBActionState
- class Monad m => MonadDB m where
- runDBAction :: DBAction a -> DBActionState -> DC (a, DBActionState)
- evalDBAction :: DBAction a -> DBActionState -> DC a
- getDatabase :: DBAction Database
- getDatabaseP :: DCPriv -> DBAction Database
- type Pipe = Pipeline Response Message
- data AccessMode
- master :: AccessMode
- slaveOk :: AccessMode
Collection is a MongoDB collection name with an associated
label, clearance and labeling policy. Access to the collection is
restricted according to the collection label. Data inserted-to and
retrieved-from the collection will be labeled according to the
collection policy, with the guarantee that no data more sensitive than
the collection clearance can be inserted into the collection.
Database is a MongoDB database with an associated label and set
of collections. The label is used to restrict access to the database.
Since collection policies are specified by policy modules, every
collection must always be associated with some database (and
thereby, policy module); a policy module is not allowed to create a
collection (and specify policies on it) in an arbitrary database. We
allow for the existance of a collection to be secrect, and thus
protect the set of collections with a label.
Hails DB monad
DBAction is the monad within which database actions can be
executed, and policy modules are defined. The monad is simply a
state monad with
DC as monad as the underlying monad with access to
a database system configuration (
Database). The value constructor is part of the
TCB as to
disallow untrusted code from modifying the access mode.
Arbitrary monad that can perform database actions.
Execute a database action returning the final result and state.
In general, code should instead use
evalDBAction. This function
is primarily used by trusted code to initialize a policy module
which may have modified the underlying database.
Execute a database action returning the final result.
getDatabase, but uses privileges when raising the
Database system configuration
Type of reads and writes to perform
Read-only action, reading stale data from a slave is OK.
Read-write action, slave not OK, every write is fire & forget.
Read-write action, slave not OK, every write is confirmed with getLastError.