hails-0.1.1: IFC enforcing web platform framework

Safe HaskellUnsafe

Hails.Database.MongoDB.TCB.DCAccess

Contents

Synopsis

Documentation

data DBConf Source

Database configuration, used to invoke withDB

Constructors

DBConf 

Instances

dcAccess :: Database DCLabel -> DCAction a -> DC (Either Failure a)Source

Open a pipe to a supplied server, or localhost. TODO: add support for connecting to replicas.

labelDatabaseSource

Arguments

:: DBConf

Database configuratoin

-> DCLabel

Label of collection policies

-> DCLabel

Database label

-> DC (Database DCLabel) 

The withDB functions should use this function to label their databases. TODO (DS/AL(: make every searchable field indexable.

class DatabasePolicy dbp whereSource

Policy modules are instances of this class. In particular, when an application accesses a database, the runtime invokes createDatabasePolicy in the appropriate policy module.

Methods

createDatabasePolicy :: DBConf -> DCPrivTCB -> DC dbpSource

Given a DBConf generate an instance of this DatabasePolicy. This is the main entry point for policy modules. Policies should, in general, ether discard DBConf or store it in such a way that it is inaccessible to other modules since it contains the priviledge of the policy.

policyDB :: dbp -> Database DCLabelSource

Get the actual underlying Database instance for this policy.

Groups

class DatabasePolicy dbp => PolicyGroup dbp whereSource

Class used to define groups in a policy-specific manner.

Methods

expandGroup :: dbp -> Principal -> DCAction [Principal]Source

Expands a principal of the form "#group_name" into a list of Principals

relabelGroups :: dbp -> DCLabeled a -> DC (DCLabeled a)Source

Relabeles the Labeled value by using the policy's privilege to downgrade the label and optionally re-taint in an application specific way, e.g. exanding groups of the form "#group_name" to a policy specified disjuction of real principals.

Policies are expected to implement this function by wrapping relabelGroupsP using their privilege and implementing expandGroup, which is called by relabelGroupsP.

relabelGroupsP :: PolicyGroup dbp => dbp -> DCPrivTCB -> Labeled DCLabel a -> DC (DCLabeled a)Source

Looks for disjuctions the privilege is able to downgrade and rewrites them by invoking expandGroup on each principle in the disjuction. Using the result, the function relabels the Labeled value. Clients should not call this directly, instead clients should call relabelGroups which policies may implement by wrapping this function.

relabelGroupsSafe :: PolicyGroup dbp => dbp -> Labeled DCLabel a -> DC (DCLabeled a)Source

A wrapper around relabelGroups that drops the current privileges and restores them after getting a result from relabelGroups.

Privilege granting gate

class DatabasePolicy dbp => PrivilegeGrantGate dbp whereSource

Class used to define policy-specifi privilege granting gate.

Methods

grantPrivSource

Arguments

:: dbp

Policy

-> Principal

App principal

-> DC (DCGate DCPrivTCB) 

Request the policy's privilege-granting gate.

withLabel :: DCPrivTCB -> DCLabel -> DC a -> DC aSource

Given a set of privileges, a desired label and action. Lower the current label as close tothe desired label as possible, execute the action and raise the current label.

gateToLabeled :: DCPrivTCB -> DCLabeled (Document DCLabel) -> (Document DCLabel -> DC a) -> DC (DCLabeled a)Source

Given a set of privileges, a labeled document and computaiton on the (unlabeled version of the) documnet, downgrade the current label with the supplied privileges execute (only integrity), unlabel the document and apply the computation to it. The result is then labeled with the current label and the current label is reset to the original (if possible).