stdlib/source/library/lux/control/security/policy.lux


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

(.require
 [library
  [lux (.except)
   [abstract
    [functor (.only Functor)]
    [apply (.only Apply)]
    [monad (.only Monad)]]
   [meta
    [type
     [primitive (.except)]]]]])

(primitive .public (Policy brand value label)
  value

  (type .public (Can_Upgrade brand label value)
    (-> value (Policy brand value label)))

  (type .public (Can_Downgrade brand label value)
    (-> (Policy brand value label) value))

  (type .public (Privilege brand label)
    (Record
     [#can_upgrade (Can_Upgrade brand label)
      #can_downgrade (Can_Downgrade brand label)]))

  (type .public (Delegation brand from to)
    (All (_ value)
      (-> (Policy brand value from)
          (Policy brand value to))))

  (def .public (delegation downgrade upgrade)
    (All (_ brand from to)
      (-> (Can_Downgrade brand from) (Can_Upgrade brand to)
          (Delegation brand from to)))
    (|>> downgrade upgrade))

  (type .public (Context brand scope label)
    (-> (Privilege brand label)
        (scope label)))

  (def privilege
    Privilege
    [#can_upgrade (|>> abstraction)
     #can_downgrade (|>> representation)])

  (def .public (with_policy context)
    (All (_ brand scope)
      (Ex (_ label)
        (-> (Context brand scope label)
            (scope label))))
    (context ..privilege))

  (def (of_policy constructor)
    (-> Type Type)
    (type_literal (All (_ brand label)
                    (constructor (All (_ value) (Policy brand value label))))))

  (def .public functor
    (, (..of_policy Functor))
    (implementation
     (def (each f fa)
       (|> fa representation f abstraction))))

  (def .public apply
    (, (..of_policy Apply))
    (implementation
     (def functor ..functor)
     
     (def (on fa ff)
       (abstraction ((representation ff) (representation fa))))))

  (def .public monad
    (, (..of_policy Monad))
    (implementation
     (def functor ..functor)
     (def in (|>> abstraction))
     (def conjoint (|>> representation))))
  )

(with_template [<brand> <value> <upgrade> <downgrade>]
  [(primitive .public <brand>
     Any

     (type .public <value>
       (Policy <brand>))
     
     (type .public <upgrade>
       (Can_Upgrade <brand>))
     
     (type .public <downgrade>
       (Can_Downgrade <brand>))
     )]

  [Privacy Private Can_Conceal Can_Reveal]
  [Safety Safe Can_Trust Can_Distrust]
  )