From 3097eb4717447f12711508b62c296484c1d6823c Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Tue, 21 Jan 2020 12:12:15 +0100
Subject: [PATCH] Terminal: Use unveil()

This app needs ("/bin/Terminal", "x") in order to fork+exec itself when
the user requests a new Terminal window. I really like how this reduces
reduces the impact of pledging "exec". :^)

It also needs ("/res", "r") like all GUI apps. We delay the first call
to unveil until after we've already opened the app's config file, so
there's no need to worry about that.
---
 Applications/Terminal/main.cpp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/Applications/Terminal/main.cpp b/Applications/Terminal/main.cpp
index cf22e2c32e..c7225538f8 100644
--- a/Applications/Terminal/main.cpp
+++ b/Applications/Terminal/main.cpp
@@ -290,6 +290,18 @@ int main(int argc, char** argv)
 
     app.set_menubar(move(menubar));
 
+    if (unveil("/res", "r") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil("/bin/Terminal", "x") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    unveil(nullptr, nullptr);
+
     config->sync();
     return app.exec();
 }