capsec 0.2.2

Compile-time capability-based security for Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

//! Example: Audited capability access with LoggedCap
//!
//! Demonstrates how LoggedCap records every capability exercise attempt
//! in an append-only audit log. Implements Saltzer & Schroeder's
//! "compromise recording" design principle.

use capsec::prelude::*;

#[capsec::main]
fn main(root: CapRoot) -> Result<(), Box<dyn std::error::Error>> {
    // 1. Grant FsRead and wrap in a LoggedCap for audit trail
    let logged_cap = LoggedCap::new(root.fs_read());

    println!("=== Audited Capability Access ===");
    println!("[start] Log entries: {}", logged_cap.entry_count());

    // 2. Exercise the capability — each try_cap() is logged
    let cap = logged_cap.try_cap()?;
    let data = capsec::fs::read("/dev/null", &cap)?;
    println!("[read] Read {} bytes from /dev/null", data.len());

    // 3. Exercise again
    let cap = logged_cap.try_cap()?;
    let _ = capsec::fs::read("/dev/null", &cap)?;
    println!("[read] Read /dev/null again");

    // 4. Inspect the audit log
    println!("\n=== Audit Log ({} entries) ===", logged_cap.entry_count());
    for (i, entry) in logged_cap.entries().iter().enumerate() {
        println!(
            "  [{}] permission={}, granted={}, elapsed={:?}",
            i,
            entry.permission,
            entry.granted,
            entry.timestamp.elapsed()
        );
    }

    // 5. Clone shares the same log
    let clone = logged_cap.clone();
    let _ = clone.try_cap()?;
    println!(
        "\n[clone] After clone exercise: {} total entries (shared log)",
        logged_cap.entry_count()
    );

    println!("\n=== Demo Complete ===");
    println!("Every capability exercise is recorded for compliance.");

    Ok(())
}