Skip to main content

capsec_std/
net.rs

1//! Capability-gated network operations.
2//!
3//! Drop-in replacements for `std::net` functions that require a capability token.
4
5use capsec_core::cap::Cap;
6use capsec_core::cap_provider::CapProvider;
7use capsec_core::error::CapSecError;
8use capsec_core::permission::{NetBind, NetConnect};
9use std::net::{TcpListener, TcpStream, UdpSocket};
10
11/// Opens a TCP connection to the given address.
12/// Requires [`NetConnect`] permission.
13pub fn tcp_connect(
14    addr: &str,
15    cap: &impl CapProvider<NetConnect>,
16) -> Result<TcpStream, CapSecError> {
17    let _proof: Cap<NetConnect> = cap.provide_cap(addr)?;
18    Ok(TcpStream::connect(addr)?)
19}
20
21/// Binds a TCP listener to the given address.
22/// Requires [`NetBind`] permission.
23pub fn tcp_bind(addr: &str, cap: &impl CapProvider<NetBind>) -> Result<TcpListener, CapSecError> {
24    let _proof: Cap<NetBind> = cap.provide_cap(addr)?;
25    Ok(TcpListener::bind(addr)?)
26}
27
28/// Binds a UDP socket to the given address.
29/// Requires [`NetBind`] permission.
30pub fn udp_bind(addr: &str, cap: &impl CapProvider<NetBind>) -> Result<UdpSocket, CapSecError> {
31    let _proof: Cap<NetBind> = cap.provide_cap(addr)?;
32    Ok(UdpSocket::bind(addr)?)
33}