Userland: Tighten promises by removing 'proc' where it isn't used

This is a partial revert of commit 7af5eef. After 97d15e9, the 'proc' promise is not needed for operations using getsid(). This also fixes launching several applications in which 7af5eef added the 'proc' promise only in the second call to pledge().
2025-07-25 15:17:36 +00:00 · 2022-10-03 09:32:18 -04:00 · 2022-10-03 09:32:18 -04:00 · 25e0ab3ee4
commit 25e0ab3ee4
parent 0455af4441
24 changed files with 24 additions and 24 deletions
--- a/Userland/Applets/Audio/main.cpp
+++ b/Userland/Applets/Audio/main.cpp
@ -237,7 +237,7 @@ private:
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
-    TRY(Core::System::pledge("stdio recvfd sendfd rpath wpath cpath unix thread proc"));
+    TRY(Core::System::pledge("stdio recvfd sendfd rpath wpath cpath unix thread"));
    auto app = TRY(GUI::Application::try_create(arguments));
    Config::pledge_domain("AudioApplet");
--- a/Userland/Applets/ClipboardHistory/main.cpp
+++ b/Userland/Applets/ClipboardHistory/main.cpp
@ -17,7 +17,7 @@
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
-    TRY(Core::System::pledge("stdio recvfd sendfd rpath unix proc"));
+    TRY(Core::System::pledge("stdio recvfd sendfd rpath unix"));
    auto app = TRY(GUI::Application::try_create(arguments));
    Config::pledge_domain("ClipboardHistory");
--- a/Userland/Applications/3DFileViewer/main.cpp
+++ b/Userland/Applications/3DFileViewer/main.cpp
@ -358,7 +358,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
    auto app = TRY(GUI::Application::try_create(arguments));
-    TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix prot_exec proc"));
+    TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix prot_exec"));
    TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
    TRY(Core::System::unveil("/home/anon/Documents/3D Models", "r"));
--- a/Userland/Applications/Help/main.cpp
+++ b/Userland/Applications/Help/main.cpp
@ -28,7 +28,7 @@ static String parse_input(StringView input)
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
-    TRY(Core::System::pledge("stdio recvfd sendfd rpath unix proc"));
+    TRY(Core::System::pledge("stdio recvfd sendfd rpath unix"));
    auto app = TRY(GUI::Application::try_create(arguments));
    TRY(Core::System::unveil("/proc/all", "r"));
--- a/Userland/Applications/HexEditor/main.cpp
+++ b/Userland/Applications/HexEditor/main.cpp
@ -20,7 +20,7 @@
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
-    TRY(Core::System::pledge("stdio recvfd sendfd rpath unix cpath wpath thread proc"));
+    TRY(Core::System::pledge("stdio recvfd sendfd rpath unix cpath wpath thread"));
    auto app = TRY(GUI::Application::try_create(arguments));
--- a/Userland/Applications/Magnifier/main.cpp
+++ b/Userland/Applications/Magnifier/main.cpp
@ -37,7 +37,7 @@ static ErrorOr<ByteBuffer> dump_bitmap(RefPtr<Gfx::Bitmap> bitmap, AK::StringVie
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
-    TRY(Core::System::pledge("stdio cpath rpath recvfd sendfd unix proc"));
+    TRY(Core::System::pledge("stdio cpath rpath recvfd sendfd unix"));
    auto app = TRY(GUI::Application::try_create(arguments));
    TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
--- a/Userland/Applications/Mail/main.cpp
+++ b/Userland/Applications/Mail/main.cpp
@ -18,7 +18,7 @@
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
-    TRY(Core::System::pledge("stdio recvfd sendfd rpath unix inet proc"));
+    TRY(Core::System::pledge("stdio recvfd sendfd rpath unix inet"));
    auto app = TRY(GUI::Application::try_create(arguments));
--- a/Userland/Applications/PDFViewer/main.cpp
+++ b/Userland/Applications/PDFViewer/main.cpp
@ -32,7 +32,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
    window->set_title("PDF Viewer");
    window->resize(640, 400);
-    TRY(Core::System::pledge("stdio recvfd sendfd rpath unix proc"));
+    TRY(Core::System::pledge("stdio recvfd sendfd rpath unix"));
    TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
    TRY(Core::System::unveil("/res", "r"));
--- a/Userland/Applications/PixelPaint/main.cpp
+++ b/Userland/Applications/PixelPaint/main.cpp
@ -21,7 +21,7 @@
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
-    TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix wpath cpath proc"));
+    TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix wpath cpath"));
    auto app = TRY(GUI::Application::try_create(arguments));
    Config::pledge_domain("PixelPaint");
--- a/Userland/Applications/Spreadsheet/main.cpp
+++ b/Userland/Applications/Spreadsheet/main.cpp
@ -26,7 +26,7 @@
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
-    TRY(Core::System::pledge("stdio recvfd sendfd rpath fattr unix cpath wpath thread proc"));
+    TRY(Core::System::pledge("stdio recvfd sendfd rpath fattr unix cpath wpath thread"));
    auto app = TRY(GUI::Application::try_create(arguments));
--- a/Userland/Applications/TextEditor/main.cpp
+++ b/Userland/Applications/TextEditor/main.cpp
@ -18,7 +18,7 @@ using namespace TextEditor;
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
-    TRY(Core::System::pledge("stdio recvfd sendfd thread rpath cpath wpath unix proc"));
+    TRY(Core::System::pledge("stdio recvfd sendfd thread rpath cpath wpath unix"));
    auto app = TRY(GUI::Application::try_create(arguments));
--- a/Userland/Applications/ThemeEditor/main.cpp
+++ b/Userland/Applications/ThemeEditor/main.cpp
@ -38,7 +38,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
    if (!file_to_edit.is_empty())
        path = Core::File::absolute_path(file_to_edit);
-    TRY(Core::System::pledge("stdio recvfd sendfd thread rpath unix proc"));
+    TRY(Core::System::pledge("stdio recvfd sendfd thread rpath unix"));
    TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
    TRY(Core::System::unveil("/res", "r"));
    TRY(Core::System::unveil(nullptr, nullptr));
--- a/Userland/Demos/Eyes/main.cpp
+++ b/Userland/Demos/Eyes/main.cpp
@ -36,7 +36,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
    args_parser.add_option(hide_window_frame, "Hide window frame", "hide-window", 'h');
    args_parser.parse(arguments);
-    TRY(Core::System::pledge("stdio recvfd sendfd rpath unix cpath wpath thread proc"));
+    TRY(Core::System::pledge("stdio recvfd sendfd rpath unix cpath wpath thread"));
    auto app = TRY(GUI::Application::try_create(arguments));
--- a/Userland/Demos/WidgetGallery/main.cpp
+++ b/Userland/Demos/WidgetGallery/main.cpp
@ -14,7 +14,7 @@
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
-    TRY(Core::System::pledge("stdio recvfd sendfd rpath unix thread proc"));
+    TRY(Core::System::pledge("stdio recvfd sendfd rpath unix thread"));
    auto app = TRY(GUI::Application::try_create(arguments, Core::EventLoop::MakeInspectable::Yes));
    TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
--- a/Userland/Games/2048/main.cpp
+++ b/Userland/Games/2048/main.cpp
@ -28,7 +28,7 @@
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
-    TRY(Core::System::pledge("stdio rpath recvfd sendfd unix proc"));
+    TRY(Core::System::pledge("stdio rpath recvfd sendfd unix"));
    srand(time(nullptr));
--- a/Userland/Games/FlappyBug/main.cpp
+++ b/Userland/Games/FlappyBug/main.cpp
@ -28,7 +28,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
    TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/FlappyBug.md") }));
    TRY(Desktop::Launcher::seal_allowlist());
-    TRY(Core::System::pledge("stdio rpath recvfd sendfd proc"));
+    TRY(Core::System::pledge("stdio rpath recvfd sendfd"));
    TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
    TRY(Core::System::unveil("/res", "r"));
--- a/Userland/Games/GameOfLife/main.cpp
+++ b/Userland/Games/GameOfLife/main.cpp
@ -34,7 +34,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
    TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/GameOfLife.md") }));
    TRY(Desktop::Launcher::seal_allowlist());
-    TRY(Core::System::pledge("stdio rpath recvfd sendfd proc"));
+    TRY(Core::System::pledge("stdio rpath recvfd sendfd"));
    TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
    TRY(Core::System::unveil("/res", "r"));
--- a/Userland/Games/Hearts/main.cpp
+++ b/Userland/Games/Hearts/main.cpp
@ -40,7 +40,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
    TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/Hearts.md") }));
    TRY(Desktop::Launcher::seal_allowlist());
-    TRY(Core::System::pledge("stdio recvfd sendfd rpath proc"));
+    TRY(Core::System::pledge("stdio recvfd sendfd rpath"));
    TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
    TRY(Core::System::unveil("/res", "r"));
--- a/Userland/Games/MasterWord/main.cpp
+++ b/Userland/Games/MasterWord/main.cpp
@ -30,7 +30,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
    TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/MasterWord.md") }));
    TRY(Desktop::Launcher::seal_allowlist());
-    TRY(Core::System::pledge("stdio rpath recvfd sendfd proc"));
+    TRY(Core::System::pledge("stdio rpath recvfd sendfd"));
    TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
    TRY(Core::System::unveil("/res", "r"));
--- a/Userland/Games/Minesweeper/main.cpp
+++ b/Userland/Games/Minesweeper/main.cpp
@ -36,7 +36,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
    TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/Minesweeper.md") }));
    TRY(Desktop::Launcher::seal_allowlist());
-    TRY(Core::System::pledge("stdio rpath recvfd sendfd proc"));
+    TRY(Core::System::pledge("stdio rpath recvfd sendfd"));
    TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
    TRY(Core::System::unveil("/res", "r"));
--- a/Userland/Games/Snake/main.cpp
+++ b/Userland/Games/Snake/main.cpp
@ -31,7 +31,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
    TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/Snake.md") }));
    TRY(Desktop::Launcher::seal_allowlist());
-    TRY(Core::System::pledge("stdio rpath recvfd sendfd proc"));
+    TRY(Core::System::pledge("stdio rpath recvfd sendfd"));
    TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
    TRY(Core::System::unveil("/res", "r"));
--- a/Userland/Services/InspectorServer/main.cpp
+++ b/Userland/Services/InspectorServer/main.cpp
@ -17,7 +17,7 @@ ErrorOr<int> serenity_main(Main::Arguments)
 {
    Core::EventLoop event_loop;
-    TRY(Core::System::pledge("stdio unix accept rpath proc"));
+    TRY(Core::System::pledge("stdio unix accept rpath"));
    auto server = TRY(IPC::MultiServer<InspectorServer::ConnectionFromClient>::try_create("/tmp/session/%sid/portal/inspector"));
--- a/Userland/Services/WebContent/main.cpp
+++ b/Userland/Services/WebContent/main.cpp
@ -22,7 +22,7 @@
 ErrorOr<int> serenity_main(Main::Arguments)
 {
    Core::EventLoop event_loop;
-    TRY(Core::System::pledge("stdio recvfd sendfd accept unix rpath proc"));
+    TRY(Core::System::pledge("stdio recvfd sendfd accept unix rpath"));
    TRY(Core::System::unveil("/proc/all", "r"));
    TRY(Core::System::unveil("/res", "r"));
    TRY(Core::System::unveil("/etc/timezone", "r"));
--- a/Userland/Utilities/aplay.cpp
+++ b/Userland/Utilities/aplay.cpp
@ -22,7 +22,7 @@ constexpr size_t LOAD_CHUNK_SIZE = 128 * KiB;
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
-    TRY(Core::System::pledge("stdio rpath sendfd unix thread proc"));
+    TRY(Core::System::pledge("stdio rpath sendfd unix thread"));
    StringView path {};
    bool should_loop = false;