capsec_std/
net.rs

1//! Capability-gated network operations.
2//!
3//! Drop-in replacements for `std::net` functions that require a capability token.
4
5use capsec_core::cap::Cap;
6use capsec_core::error::CapSecError;
7use capsec_core::has::Has;
8use capsec_core::permission::{NetBind, NetConnect};
9use std::net::{TcpListener, TcpStream, ToSocketAddrs, UdpSocket};
10
11/// Opens a TCP connection to the given address.
12/// Requires [`NetConnect`] permission.
13pub fn tcp_connect(
14    addr: impl ToSocketAddrs,
15    cap: &impl Has<NetConnect>,
16) -> Result<TcpStream, CapSecError> {
17    let _proof: Cap<NetConnect> = cap.cap_ref();
18    Ok(TcpStream::connect(addr)?)
19}
20
21/// Binds a TCP listener to the given address.
22/// Requires [`NetBind`] permission.
23pub fn tcp_bind(
24    addr: impl ToSocketAddrs,
25    cap: &impl Has<NetBind>,
26) -> Result<TcpListener, CapSecError> {
27    let _proof: Cap<NetBind> = cap.cap_ref();
28    Ok(TcpListener::bind(addr)?)
29}
30
31/// Binds a UDP socket to the given address.
32/// Requires [`NetBind`] permission.
33pub fn udp_bind(
34    addr: impl ToSocketAddrs,
35    cap: &impl Has<NetBind>,
36) -> Result<UdpSocket, CapSecError> {
37    let _proof: Cap<NetBind> = cap.cap_ref();
38    Ok(UdpSocket::bind(addr)?)
39}
capsec_std/net.rs

capsec_std/
net.rs
