Module fs

Expand description

Capability-gated filesystem operations.

Drop-in replacements for std::fs functions that require a capability token proving the caller has filesystem permission.

§Example

let root = test_root();
let cap = root.grant::<FsRead>();
let data = capsec_std::fs::read("/tmp/data.bin", &cap).unwrap();

copy: Copies a file. Requires both FsRead and FsWrite permissions (passed as separate capability tokens).
create: Creates or truncates a file for writing. Returns a WriteFile that implements Write + Seek but NOT Read, enforcing the capability boundary beyond the function call. Requires FsWrite permission.
create_dir_all: Creates all directories in the given path if they don’t exist. Requires FsWrite permission.
metadata: Returns metadata about a file or directory. Requires FsRead permission.
open: Opens a file for reading. Returns a ReadFile that implements Read + Seek but NOT Write, enforcing the capability boundary beyond the function call. Requires FsRead permission.
read: Reads the entire contents of a file into a byte vector. Requires FsRead permission.
read_dir: Returns an iterator over the entries within a directory. Requires FsRead permission.
read_to_string: Reads the entire contents of a file into a string. Requires FsRead permission.
remove_dir_all: Recursively deletes a directory and all its contents. Requires FsWrite permission.
remove_file: Deletes a file. Requires FsWrite permission.
rename: Renames a file or directory. Requires FsWrite permission.
write: Writes bytes to a file, creating it if it doesn’t exist, truncating if it does. Requires FsWrite permission.