capsec-std 0.2.2

Capability-gated wrappers around std::fs, std::net, std::env, and std::process
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

//! Capability-gated subprocess execution.
//!
//! Drop-in replacements for `std::process` functions that require a capability token.

use capsec_core::cap::Cap;
use capsec_core::cap_provider::CapProvider;
use capsec_core::error::CapSecError;
use capsec_core::permission::Spawn;
use std::process::{Command, Output};

/// Creates a new `Command` for the given program.
/// Requires [`Spawn`] permission.
///
/// Returns a `std::process::Command` that can be further configured before execution.
pub fn command(program: &str, cap: &impl CapProvider<Spawn>) -> Result<Command, CapSecError> {
    let _proof: Cap<Spawn> = cap.provide_cap(program)?;
    Ok(Command::new(program))
}

/// Runs a program with arguments and returns its output.
/// Requires [`Spawn`] permission.
pub fn run(
    program: &str,
    args: &[&str],
    cap: &impl CapProvider<Spawn>,
) -> Result<Output, CapSecError> {
    let _proof: Cap<Spawn> = cap.provide_cap(program)?;
    Ok(Command::new(program).args(args).output()?)
}