capsec_std/
process.rs

1//! Capability-gated subprocess execution.
2//!
3//! Drop-in replacements for `std::process` functions that require a capability token.
4
5use capsec_core::cap::Cap;
6use capsec_core::cap_provider::CapProvider;
7use capsec_core::error::CapSecError;
8use capsec_core::permission::Spawn;
9use std::process::{Command, Output};
10
11/// Creates a new `Command` for the given program.
12/// Requires [`Spawn`] permission.
13///
14/// Returns a `std::process::Command` that can be further configured before execution.
15pub fn command(program: &str, cap: &impl CapProvider<Spawn>) -> Result<Command, CapSecError> {
16    let _proof: Cap<Spawn> = cap.provide_cap(program)?;
17    Ok(Command::new(program))
18}
19
20/// Runs a program with arguments and returns its output.
21/// Requires [`Spawn`] permission.
22pub fn run(
23    program: &str,
24    args: &[&str],
25    cap: &impl CapProvider<Spawn>,
26) -> Result<Output, CapSecError> {
27    let _proof: Cap<Spawn> = cap.provide_cap(program)?;
28    Ok(Command::new(program).args(args).output()?)
29}
capsec_std/process.rs

capsec_std/
process.rs
