luajitos

SAFEFS_EXAMPLE.lua (5654B)

---

 -- SafeFS Usage Examples
 -- Demonstrates how to use the SafeFS sandboxed filesystem
 
 local SafeFS = require("os.libs.safefs")
 
 -- Assume we have a root filesystem node
 -- local root_fs = ... (your RamDisk root node)
 
 -- Example 1: Create SafeFS instance with allowed directories
 local sfs = SafeFS.new(root_fs, {
     "/tmp/*",                        -- Allow all of /tmp
     "/apps/com.dev.app/data/*",     -- Allow app data directory
     "~/documents/*"                  -- Allow user documents (expands to /home/username/documents)
 }, "alice")  -- Current user is "alice"
 
 -- Example 2: Writing files
 local success, err = sfs:write("/tmp/test.txt", "Hello, SafeFS!")
 if success then
     print("File written successfully")
 else
     print("Error: " .. err)
 end
 
 -- Example 3: Reading files
 local content, err = sfs:read("/tmp/test.txt")
 if content then
     print("Content: " .. content)
 else
     print("Error: " .. err)
 end
 
 -- Example 4: Opening files with handles
 local file, err = sfs:open("/tmp/data.txt", "w")
 if file then
     file:write("Line 1\n")
     file:write("Line 2\n")
     file:write("Line 3\n")
     file:close()
     print("File written with handle")
 end
 
 -- Read with handle
 local file, err = sfs:open("/tmp/data.txt", "r")
 if file then
     local line = file:read("*l")
     while line do
         print("Line: " .. line)
         line = file:read("*l")
     end
     file:close()
 end
 
 -- Example 5: Directory listing
 local dirs, err = sfs:dirs("/tmp")
 if dirs then
     print("Directories in /tmp:")
     for _, dir in ipairs(dirs) do
         print("  " .. dir)
     end
 end
 
 local files, err = sfs:files("/tmp")
 if files then
     print("Files in /tmp:")
     for _, file in ipairs(files) do
         print("  " .. file)
     end
 end
 
 -- Example 6: Path traversal protection
 -- This will NOT work - trying to escape the sandbox
 local content, err = sfs:read("/tmp/../etc/passwd")
 if not content then
     print("Correctly blocked: " .. err)
 end
 
 -- Example 7: Relative path within sandbox (this DOES work)
 sfs:mkdir("/tmp/subdir")
 sfs:write("/tmp/subdir/file.txt", "test")
 -- Navigate using ..
 local content, err = sfs:read("/tmp/subdir/../test.txt")
 if content then
     print("Relative path worked: " .. content)
 end
 
 -- Example 8: Tilde expansion
 local success, err = sfs:write("~/documents/note.txt", "My personal note")
 -- This writes to /home/alice/documents/note.txt
 
 -- Example 9: Check existence
 if sfs:exists("/tmp/test.txt") then
     print("File exists")
 end
 
 local fileType = sfs:getType("/tmp/test.txt")
 print("Type: " .. (fileType or "not found"))
 
 -- Example 10: Delete files
 local success, err = sfs:delete("/tmp/test.txt")
 if success then
     print("File deleted")
 end
 
 -- Example 11: Create nested directories
 sfs:mkdir("/tmp/a/b/c")  -- Creates entire path
 sfs:write("/tmp/a/b/c/deep.txt", "Deep file")
 
 -- Example 12: Append mode
 local file = sfs:open("/tmp/log.txt", "w")
 file:write("Initial log entry\n")
 file:close()
 
 local file = sfs:open("/tmp/log.txt", "a")
 file:write("Second log entry\n")
 file:write("Third log entry\n")
 file:close()
 
 -- Example 13: Read entire file
 local content = sfs:read("/tmp/log.txt")
 print("Full log:\n" .. content)
 
 -- Example 14: Use in LPM app sandbox
 -- In your LPM implementation, create SafeFS for each app:
 --[[
 function LPM:run(app_name)
     local app_dir = "/apps/com.example.myapp"
 
     -- Create SafeFS with only app's directories
     local safeFS = SafeFS.new(root_fs, {
         app_dir .. "/data/*",
         app_dir .. "/tmp/*",
         app_dir .. "/settings/*",
         "/tmp/*"  -- Optional: allow system tmp
     })
 
     -- Pass to sandbox
     local sandbox = {
         fs = safeFS,
         -- ... other sandbox globals
     }
 
     -- App can now use:
     -- fs:write("$/data/save.txt", data)  -- After resolving $ to app_dir
     -- fs:read("$/settings/config.txt")
 end
 ]]--
 
 -- Example 15: Multiple isolated instances
 local app1_fs = SafeFS.new(root_fs, {"/apps/com.app1/data/*"})
 local app2_fs = SafeFS.new(root_fs, {"/apps/com.app2/data/*"})
 
 -- App 1 can only access its own data
 app1_fs:write("/apps/com.app1/data/secret.txt", "App 1 secret")
 
 -- App 2 cannot access App 1's data
 local content, err = app2_fs:read("/apps/com.app1/data/secret.txt")
 -- This will fail: "Path not in SafeFS"
 
 -- Example 16: Path manipulation with fileName() and parentDir()
 local filename = sfs:fileName("/tmp/subdir/data.txt")
 print("Filename: " .. filename)  -- Output: "data.txt"
 
 local parent = sfs:parentDir("/tmp/subdir/data.txt")
 print("Parent: " .. parent)  -- Output: "/tmp/subdir"
 
 -- Get grandparent
 local grandparent = sfs:parentDir(parent)
 print("Grandparent: " .. grandparent)  -- Output: "/tmp"
 
 -- Example 17: List all files with their full paths
 local function listFilesRecursive(safeFS, path, prefix)
     prefix = prefix or ""
     local files = safeFS:files(path)
     local dirs = safeFS:dirs(path)
 
     if files then
         for _, file in ipairs(files) do
             print(prefix .. path .. "/" .. file)
         end
     end
 
     if dirs then
         for _, dir in ipairs(dirs) do
             listFilesRecursive(safeFS, path .. "/" .. dir, prefix .. "  ")
         end
     end
 end
 
 print("\nAll files in /tmp:")
 listFilesRecursive(sfs, "/tmp")
 
 -- Example 18: Check if dirs() and files() return names only
 local dirs = sfs:dirs("/tmp")
 print("\nDirectories in /tmp (names only):")
 for _, dir in ipairs(dirs) do
     print("  " .. dir)  -- Just the name, not a node object
 end
 
 local files = sfs:files("/tmp")
 print("\nFiles in /tmp (names only):")
 for _, file in ipairs(files) do
     print("  " .. file)  -- Just the name, not a node object
 end
 
 print("\nSafeFS examples complete!")