lio- Labeled IO Information Flow Control Library

Safe HaskellTrustworthy



This module exports exception types thrown in response to label failures. In addition, it provides withContext, a function that annotates any exceptions in the AnyLabelError hierarchy that are thrown within a given scope. These annotations should be used to add function names to exceptions, so as to make it easier to pinpoint the cause of a label error.



class Annotatable e whereSource

Class of error messages that can be annotated with context.


annotate :: String -> e -> eSource

withContext :: String -> LIO l a -> LIO l aSource

Executes an action with a context string, which will be added to any label exception thrown.

Note: this function wraps an action with a catch, and thus may incur a small runtime cost (though it is well under 100 ns on machines we benchmarked).

data AnyLabelError Source

Parent of all label-related exceptions.


forall e . (Exception e, Annotatable e) => AnyLabelError e 

lerrToException :: (Exception e, Annotatable e) => e -> SomeExceptionSource

Definition of toException for children of AnyLabelError in the exception hierarchy.

lerrFromException :: Exception e => SomeException -> Maybe eSource

Definition of fromException for children of AnyLabelError in the exception hierarchy.

data GenericPrivDesc l Source

A generic privilege description for recording relevant privileges in exceptions.


forall p . PrivDesc l p => GenericPrivDesc p 


data LabelError l Source

Main error type thrown by label failures in the LIO monad.




lerrContext :: [String]

Annotation of where the failure happened.

lerrFailure :: String

Actual function that failed.

lerrCurLabel :: l

Current label at time of error.

lerrCurClearance :: l

Current clearance at time of error.

lerrPrivs :: [GenericPrivDesc l]

Any privileges involved in error.

lerrLabels :: [l]

Any labels involved in error.



:: Label l 
=> String

Function that failed.

-> [l]

Labels involved in error.

-> LIO l a 

Throw a label-error exception.



:: (Label l, PrivDesc l p) 
=> String

Function that failed.

-> Priv p

Privileges involved.

-> [l]

Labels involved.

-> LIO l a 

Throw a label-error exception.

data InsufficientPrivs Source

Error indicating insufficient privileges (independent of the current label). This exception is thrown by delegate, and should also be thrown by gates that receive insufficient privilege descriptions (see LIO.Delegate).


forall p . SpeaksFor p => InsufficientPrivs 



:: SpeaksFor p 
=> String

Function in which error occurs

-> p

Description of privileges supplied

-> p

Description of privileges needed

-> a 

Raise InsufficientPrivs error.

data ResultExceedsLabel l Source

Error raised when a computation spawned by lFork terminates with its current label above the label of the result.