IO Object with a mutable label. By contrast with LObj, the label on an MLObj can change over time. If this happens, the internal MLabel ensures that threads accessing the object receive an asynchronous exception.

mlObjTCB ll l a creates an MLObj wrapping some IO object a. Here ll is the label on the label, which remains immutable over the lifetime of the MLObj. l is the initial value of the mutable lable.

Like mlObjTCB, but create an MLObj with a particular policy value. Note that you don't need to use this for ExternalML and InternalML, as these don't have anything interesting in the policy value, only the type matters. This might be useful if, for instance, you wished to design a new policy type that embeds a clearance.

Modify the MLabel within an MLObj.

The MLObj equivalent of blessTCB in LIO.TCB.LObj. Use this for conveniently providing LIO versions of standard IO functions.

The MLObj equivalent of blessPTCB in LIO.TCB.LObj. Use this for conveniently providing LIO versions of standard IO functions.

A mutable label. Consists of a static label on the label, a mutable label, and a list of threads currently accessing the label. This is intended to be used by privileged code implementing IO abstractions with mutable labels. Routines for accessing such an IO abstraction should perform tne IO from within a call to withMLabelP, to ensure an exception is raised if another thread revokes access with modifyMLabelP.

Create an MLabel, performing access control checks to ensure that the labels are within the range allowed given the current label and clearance, and the supplied privileges.

Returns the immutable label that controls access to the mutable label value of an MLabel.

Retreive a snapshot of the value of a mutable label. Of course, it may already have changed by the time you process it.

Run an action that should be protected by a mutable label. An exception is thrown if the invoking thread cannot write to the mutable label given the privileges. No attempt is made to adjust the current label, even if doing so would make the permissions acceptable.

Note that if the label changes after this function has been invoked, an exception may be raised in the middle of the protected action.

Change the mutable label in an MLabel. Raises asynchronous exceptions in other threads that are inside withMLabelP if the new label revokes their access.

Class of objects with mutable labels.

Class for MLabelPolicys that don't encode any interesting values. This allows mlObjTCB to create an MLObj without requiring a policy argument.

Class of policies for when it is permissible to update an MLabel.

InternalML is for objects contained entirely within Haskell, such as a variable. Raising the label can't cause data to leak.

ExternalML is for objects that communicate to the outside world, where extra privileges are required since once data gets out, so as to vouch for the fact that the other end of a socket won't arbitrarily downgrade data.

Takes a liftIO-like function and an IO function of an arbitrary number of arguments (up to 10). Applies the arguments to the IO function, then passed the result to its argument funciton to transform it into an LIO function.