1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 21:37:35 +00:00

SpiceAgent: Don't pledge cpath or open SPICE_DEVICE as rwc

Core::File's new `DontCreate` open mode removes the need for these
capabilities on SpiceAgent. We shouldn't have to create this file,
as if it doesn't exist, QEMU never initiated a spice connection!
This commit is contained in:
Caoimhe 2023-06-02 23:44:49 +01:00 committed by Andreas Kling
parent 2344bb6c57
commit 13506a612e
2 changed files with 3 additions and 6 deletions

View file

@ -15,7 +15,7 @@ namespace SpiceAgent {
ErrorOr<NonnullOwnPtr<SpiceAgent>> SpiceAgent::create(StringView device_path)
{
auto device = TRY(Core::File::open(device_path, Core::File::OpenMode::ReadWrite | Core::File::OpenMode::Nonblocking));
auto device = TRY(Core::File::open(device_path, Core::File::OpenMode::ReadWrite | Core::File::OpenMode::DontCreate | Core::File::OpenMode::Nonblocking));
return try_make<SpiceAgent>(move(device), Vector { Capability::ClipboardByDemand });
}

View file

@ -26,11 +26,8 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Desktop::Launcher::add_allowed_url(URL::create_with_file_scheme(Core::StandardPaths::downloads_directory())));
TRY(Desktop::Launcher::seal_allowlist());
// FIXME: Make Core::File support reading and writing, but without creating:
// By default, Core::File opens the file descriptor with O_CREAT when using OpenMode::Write (and subsequently, OpenMode::ReadWrite).
// To minimise confusion for people that have already used Core::File, we can probably just do `OpenMode::ReadWrite | OpenMode::DontCreate`.
TRY(Core::System::pledge("unix rpath wpath stdio sendfd recvfd cpath"));
TRY(Core::System::unveil(SPICE_DEVICE, "rwc"sv));
TRY(Core::System::pledge("unix rpath wpath stdio sendfd recvfd"));
TRY(Core::System::unveil(SPICE_DEVICE, "rw"sv));
TRY(Core::System::unveil(Core::StandardPaths::downloads_directory(), "rwc"sv));
TRY(Core::System::unveil(nullptr, nullptr));