| Safe Haskell | Unsafe |
|---|---|
| Language | Haskell98 |
LIO.FS.TCB
Contents
Description
This module exports the basic interface for creating and using the
labeled file system, implemented as a file store. Trusted code should
use initializeLIOFS to set the root of the labeled file system. Moreover,
trusted code should implement all the IO functions in terms of
createFileTCB, createDirectoryTCB, and getPathLabelTCB and
setPathLabelTCB.
The current implementation uses the Show and Read instance to
serialize and de-serialize labels, respectively. While this is
inefficient, it make it easy to use tools like getfattr to inspect
the labels of files. In a future version we may modify this
implementation to use binary encoding and/or compression (since
filesystem extended attributes are large, but limited).
- initializeLIOFS :: Label l => FilePath -> Maybe l -> IO l
- withLIOFS :: Label l => FilePath -> Maybe l -> IO a -> IO a
- getRootDirTCB :: Label l => LIO l FilePath
- setPathLabelTCB :: Label l => FilePath -> l -> IO ()
- getPathLabelTCB :: Label l => FilePath -> IO l
- createFileTCB :: Label l => l -> FilePath -> IOMode -> LIO l Handle
- createBinaryFileTCB :: Label l => l -> FilePath -> IOMode -> LIO l Handle
- createDirectoryTCB :: Label l => l -> FilePath -> LIO l ()
- data FSError
Initializing labeled filesystem
initializeLIOFS :: Label l => FilePath -> Maybe l -> IO l Source
Initialize filesystem at the given path. The supplied path must
be absolute, otherwise initializeLIOFS throw FSRootInvalid. If
the FS has already been created then initializeLIOFS solely
verifies that the root directory is not corrupt (see checkFSTCB)
and returns the label of the root. Otherwise, a new FS is created
with the supplied label (see mkFSTCB).
NOTE: This function should only be called once per process.
withLIOFS :: Label l => FilePath -> Maybe l -> IO a -> IO a Source
Top-level wrapper thatexecutes initializeLIOFS followed by the
supplied action.
NOTE: This function should only be called once per process.
getRootDirTCB :: Label l => LIO l FilePath Source
Get the root directory.
Handling path labels
setPathLabelTCB :: Label l => FilePath -> l -> IO () Source
Set the label of a given path. This function sets the labelAttr
attribute to the encoded label, and the hash to labelHashAttr.
NOTE: This function takes an arbitrary path, hence must not be available to untrusted code.
getPathLabelTCB :: Label l => FilePath -> IO l Source
Get the label of a given path. If the object does not have an
associated label or the hash of the label and stored-hash are not
equal, this function throws FSLabelCorrupt.
NOTE: This function takes an arbitrary path, hence must not be available to untrusted code.
Helpers for creating labeled objects
createFileTCB :: Label l => l -> FilePath -> IOMode -> LIO l Handle Source
Create a file object with the given label and return a handle to the new file.
createBinaryFileTCB :: Label l => l -> FilePath -> IOMode -> LIO l Handle Source
Same as createFileTCB but opens the file in binary mode.
createDirectoryTCB :: Label l => l -> FilePath -> LIO l () Source
Create a directory object with the given label.
Filesystem errors
Filesystem errors
Constructors
| FSRootCorrupt | Root structure is corrupt. |
| FSRootInvalid | Root is invalid (must be absolute). |
| FSRootExists | Root already exists. |
| FSRootNoExist | Root does not exists. |
| FSRootNeedLabel | Cannot create root, missing label. |
| FSObjNeedLabel | FSobjectcannot be created without a label. |
| FSLabelCorrupt FilePath | Object label is corrupt. |
| FSIllegalFileName | Supplied file name is illegal. |