RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 02:17:35 +00:00
Code Issues Activity Actions

Userland: Tighten a *lot* of pledges! :^)

Browse source 
Since applications using Core::EventLoop no longer need to create a
socket in /tmp/rpc/, and also don't need to listen for incoming
connections on this socket, we can remove a whole bunch of pledges!
This commit is contained in:
Andreas Kling 2021-05-13 23:20:26 +02:00
parent 04d78adaf7
commit 31d4bcf5bf
59 changed files with 97 additions and 163 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Userland/Applications/About/main.cpp
View file

@ -13,14 +13,14 @@
int main(int argc, char** argv)
{
if (pledge("stdio recvfd sendfd accept rpath unix cpath fattr", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio recvfd sendfd accept rpath", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath", nullptr) < 0) {
perror("pledge");
return 1;
}

7
Userland/Applications/Browser/main.cpp
View file

@ -53,7 +53,7 @@ int main(int argc, char** argv)
return 1;
}
if (pledge("stdio recvfd sendfd accept unix cpath rpath wpath fattr", nullptr) < 0) {
if (pledge("stdio recvfd sendfd unix cpath rpath wpath", nullptr) < 0) {
perror("pledge");
return 1;
}
@ -80,11 +80,6 @@ int main(int argc, char** argv)
return 1;
}
if (pledge("stdio recvfd sendfd accept unix cpath rpath wpath", nullptr) < 0) {
perror("pledge");
return 1;
}
if (unveil("/home", "rwc") < 0) {
perror("unveil");
return 1;

4
Userland/Applications/Calculator/main.cpp
View file

@ -18,14 +18,14 @@
int main(int argc, char** argv)
{
if (pledge("stdio recvfd sendfd rpath accept unix cpath fattr", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio recvfd sendfd rpath accept", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath", nullptr) < 0) {
perror("pledge");
return 1;
}

4
Userland/Applications/Calendar/main.cpp
View file

@ -22,14 +22,14 @@
int main(int argc, char** argv)
{
if (pledge("stdio recvfd sendfd rpath accept unix cpath fattr", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio recvfd sendfd rpath accept", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath", nullptr) < 0) {
perror("pledge");
return 1;
}

4
Userland/Applications/CrashReporter/main.cpp
View file

@ -101,7 +101,7 @@ static TitleAndText build_cpu_registers(const ELF::Core::ThreadInfo& thread_info
int main(int argc, char** argv)
{
if (pledge("stdio recvfd sendfd accept cpath rpath unix fattr", nullptr) < 0) {
if (pledge("stdio recvfd sendfd cpath rpath unix", nullptr) < 0) {
perror("pledge");
return 1;
}
@ -153,7 +153,7 @@ int main(int argc, char** argv)
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio recvfd sendfd accept rpath unix", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
perror("pledge");
return 1;
}

2
Userland/Applications/Debugger/main.cpp
View file

@ -172,7 +172,7 @@ int main(int argc, char** argv)
{
editor = Line::Editor::construct();
if (pledge("stdio proc ptrace exec rpath tty sigaction cpath unix fattr", nullptr) < 0) {
if (pledge("stdio proc ptrace exec rpath tty sigaction cpath unix", nullptr) < 0) {
perror("pledge");
return 1;
}

4
Userland/Applications/DisplaySettings/main.cpp
View file

@ -19,14 +19,14 @@
int main(int argc, char** argv)
{
if (pledge("stdio thread recvfd sendfd rpath accept cpath wpath unix fattr", nullptr) < 0) {
if (pledge("stdio thread recvfd sendfd rpath cpath wpath unix", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio thread recvfd sendfd rpath accept cpath wpath", nullptr) < 0) {
if (pledge("stdio thread recvfd sendfd rpath cpath wpath", nullptr) < 0) {
perror("pledge");
return 1;
}

4
Userland/Applications/FileManager/main.cpp
View file

@ -65,7 +65,7 @@ static bool add_launch_handler_actions_to_menu(RefPtr<GUI::Menu>& menu, const Di
int main(int argc, char** argv)
{
if (pledge("stdio thread recvfd sendfd accept unix cpath rpath wpath fattr proc exec sigaction", nullptr) < 0) {
if (pledge("stdio thread recvfd sendfd unix cpath rpath wpath fattr proc exec sigaction", nullptr) < 0) {
perror("pledge");
return 1;
}
@ -93,7 +93,7 @@ int main(int argc, char** argv)
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio thread recvfd sendfd accept cpath rpath wpath fattr proc exec unix", nullptr) < 0) {
if (pledge("stdio thread recvfd sendfd cpath rpath wpath fattr proc exec unix", nullptr) < 0) {
perror("pledge");
return 1;
}

6
Userland/Applications/FontEditor/main.cpp
View file

@ -20,14 +20,14 @@
int main(int argc, char** argv)
{
if (pledge("stdio recvfd sendfd thread rpath accept unix cpath wpath fattr unix", nullptr) < 0) {
if (pledge("stdio recvfd sendfd thread rpath unix cpath wpath", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio recvfd sendfd thread rpath accept cpath wpath unix", nullptr) < 0) {
if (pledge("stdio recvfd sendfd thread rpath cpath wpath", nullptr) < 0) {
perror("pledge");
return 1;
}
@ -40,7 +40,7 @@ int main(int argc, char** argv)
return 1;
}
if (pledge("stdio recvfd sendfd thread rpath accept cpath wpath", nullptr) < 0) {
if (pledge("stdio recvfd sendfd thread rpath cpath wpath", nullptr) < 0) {
perror("pledge");
return 1;
}

7
Userland/Applications/Help/main.cpp
View file

@ -36,18 +36,13 @@
int main(int argc, char* argv[])
{
if (pledge("stdio recvfd sendfd accept rpath unix cpath fattr", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio recvfd sendfd accept rpath unix", nullptr) < 0) {
perror("pledge");
return 1;
}
if (unveil("/res", "r") < 0) {
perror("unveil");
return 1;

4
Userland/Applications/HexEditor/main.cpp
View file

@ -13,14 +13,14 @@
int main(int argc, char** argv)
{
if (pledge("stdio recvfd sendfd accept rpath unix cpath wpath fattr thread", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath unix cpath wpath thread", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio recvfd sendfd accept rpath cpath wpath thread", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath cpath wpath thread", nullptr) < 0) {
perror("pledge");
return 1;
}

7
Userland/Applications/IRCClient/main.cpp
View file

@ -14,7 +14,7 @@
int main(int argc, char** argv)
{
if (pledge("stdio inet unix recvfd sendfd cpath rpath fattr wpath cpath", nullptr) < 0) {
if (pledge("stdio inet unix recvfd sendfd cpath rpath wpath", nullptr) < 0) {
perror("pledge");
return 1;
}
@ -26,11 +26,6 @@ int main(int argc, char** argv)
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio inet unix recvfd sendfd rpath wpath cpath", nullptr) < 0) {
perror("pledge");
return 1;
}
if (unveil("/tmp/portal/lookup", "rw") < 0) {
perror("unveil");
return 1;

6
Userland/Applications/KeyboardMapper/main.cpp
View file

@ -21,14 +21,14 @@ int main(int argc, char** argv)
args_parser.add_positional_argument(path, "Keyboard character mapping file.", "file", Core::ArgsParser::Required::No);
args_parser.parse(argc, argv);
if (pledge("stdio getkeymap thread rpath accept cpath wpath recvfd sendfd unix fattr", nullptr) < 0) {
if (pledge("stdio getkeymap thread rpath cpath wpath recvfd sendfd unix", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio getkeymap thread rpath accept cpath wpath recvfd sendfd", nullptr) < 0) {
if (pledge("stdio getkeymap thread rpath cpath wpath recvfd sendfd", nullptr) < 0) {
perror("pledge");
return 1;
}
@ -50,7 +50,7 @@ int main(int argc, char** argv)
keyboard_mapper_widget->load_from_system();
}
if (pledge("stdio thread rpath accept cpath wpath recvfd sendfd", nullptr) < 0) {
if (pledge("stdio thread rpath cpath wpath recvfd sendfd", nullptr) < 0) {
perror("pledge");
return 1;
}

4
Userland/Applications/KeyboardSettings/main.cpp
View file

@ -25,7 +25,7 @@
int main(int argc, char** argv)
{
if (pledge("stdio rpath accept cpath wpath recvfd sendfd unix fattr proc exec", nullptr) < 0) {
if (pledge("stdio rpath cpath wpath recvfd sendfd unix proc exec", nullptr) < 0) {
perror("pledge");
return 1;
}
@ -33,7 +33,7 @@ int main(int argc, char** argv)
// If there is no command line parameter go for GUI.
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio rpath accept recvfd sendfd proc exec", nullptr) < 0) {
if (pledge("stdio rpath recvfd sendfd proc exec", nullptr) < 0) {
perror("pledge");
return 1;
}

2
Userland/Applications/Magnifier/main.cpp
View file

@ -15,7 +15,7 @@
int main(int argc, char** argv)
{
if (pledge("stdio cpath rpath recvfd sendfd unix fattr", nullptr) < 0) {
if (pledge("stdio cpath rpath recvfd sendfd unix", nullptr) < 0) {
perror("pledge");
return 1;
}

2
Userland/Applications/MouseSettings/main.cpp
View file

@ -15,7 +15,7 @@
int main(int argc, char** argv)
{
if (pledge("stdio cpath rpath recvfd sendfd unix fattr", nullptr) < 0) {
if (pledge("stdio cpath rpath recvfd sendfd unix", nullptr) < 0) {
perror("pledge");
return 1;
}

7
Userland/Applications/Piano/main.cpp
View file

@ -25,18 +25,13 @@
int main(int argc, char** argv)
{
if (pledge("stdio thread rpath accept cpath wpath recvfd sendfd unix fattr", nullptr) < 0) {
if (pledge("stdio thread rpath cpath wpath recvfd sendfd unix", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio thread rpath accept cpath wpath recvfd sendfd unix", nullptr) < 0) {
perror("pledge");
return 1;
}
auto audio_client = Audio::ClientConnection::construct();
audio_client->handshake();

4
Userland/Applications/PixelPaint/main.cpp
View file

@ -34,14 +34,14 @@
int main(int argc, char** argv)
{
if (pledge("stdio thread recvfd sendfd accept rpath unix wpath cpath fattr", nullptr) < 0) {
if (pledge("stdio thread recvfd sendfd rpath unix wpath cpath", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio thread recvfd sendfd accept rpath wpath cpath", nullptr) < 0) {
if (pledge("stdio thread recvfd sendfd rpath wpath cpath", nullptr) < 0) {
perror("pledge");
return 1;
}

7
Userland/Applications/QuickShow/main.cpp
View file

@ -31,18 +31,13 @@
int main(int argc, char** argv)
{
if (pledge("stdio recvfd sendfd accept rpath wpath cpath unix fattr thread", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath wpath cpath unix thread", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio recvfd sendfd accept cpath rpath wpath unix thread", nullptr) < 0) {
perror("pledge");
return 1;
}
if (!Desktop::Launcher::add_allowed_handler_with_any_url("/bin/QuickShow")) {
warnln("Failed to set up allowed launch URLs");
return 1;

8
Userland/Applications/Run/main.cpp
View file

@ -12,18 +12,12 @@
int main(int argc, char** argv)
{
if (pledge("stdio recvfd sendfd thread accept cpath rpath wpath unix fattr proc exec", nullptr) < 0) {
if (pledge("stdio recvfd sendfd thread cpath rpath wpath unix proc exec", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio recvfd sendfd thread accept cpath rpath wpath unix proc exec", nullptr) < 0) {
perror("pledge");
return 1;
}
auto window = RunWindow::construct();
window->move_to(12, GUI::Desktop::the().rect().bottom() - GUI::Desktop::the().taskbar_height() - 12 - window->height());

10
Userland/Applications/SoundPlayer/main.cpp
View file

@ -20,22 +20,16 @@
int main(int argc, char** argv)
{
if (pledge("stdio recvfd sendfd accept rpath thread unix cpath fattr", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath thread unix", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio recvfd sendfd accept rpath thread unix", nullptr) < 0) {
perror("pledge");
return 1;
}
auto audio_client = Audio::ClientConnection::construct();
audio_client->handshake();
if (pledge("stdio recvfd sendfd accept rpath thread", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath thread", nullptr) < 0) {
perror("pledge");
return 1;
}

4
Userland/Applications/Spreadsheet/main.cpp
View file

@ -22,14 +22,14 @@
int main(int argc, char* argv[])
{
if (pledge("stdio recvfd sendfd accept rpath unix cpath wpath fattr thread", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath unix cpath wpath thread", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio recvfd sendfd thread rpath accept cpath wpath fattr unix", nullptr) < 0) {
if (pledge("stdio recvfd sendfd thread rpath cpath wpath unix", nullptr) < 0) {
perror("pledge");
return 1;
}

7
Userland/Applications/SystemMonitor/main.cpp
View file

@ -103,18 +103,13 @@ int main(int argc, char** argv)
sched_setparam(0, &param);
}
if (pledge("stdio proc recvfd sendfd accept rpath exec unix cpath fattr", nullptr) < 0) {
if (pledge("stdio proc recvfd sendfd rpath exec unix", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio proc recvfd sendfd accept rpath exec unix", nullptr) < 0) {
perror("pledge");
return 1;
}
if (unveil("/etc/passwd", "r") < 0) {
perror("unveil");
return 1;

4
Userland/Applications/Terminal/main.cpp
View file

@ -229,7 +229,7 @@ static RefPtr<GUI::Window> create_find_window(VT::TerminalWidget& terminal)
int main(int argc, char** argv)
{
if (pledge("stdio tty rpath accept cpath wpath recvfd sendfd proc exec unix fattr sigaction", nullptr) < 0) {
if (pledge("stdio tty rpath cpath wpath recvfd sendfd proc exec unix sigaction", nullptr) < 0) {
perror("pledge");
return 1;
}
@ -246,7 +246,7 @@ int main(int argc, char** argv)
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio tty rpath accept cpath wpath recvfd sendfd proc exec unix", nullptr) < 0) {
if (pledge("stdio tty rpath cpath wpath recvfd sendfd proc exec unix", nullptr) < 0) {
perror("pledge");
return 1;
}

7
Userland/Applications/TextEditor/main.cpp
View file

@ -15,18 +15,13 @@ using namespace TextEditor;
int main(int argc, char** argv)
{
if (pledge("stdio recvfd sendfd thread rpath accept cpath wpath unix fattr", nullptr) < 0) {
if (pledge("stdio recvfd sendfd thread rpath cpath wpath unix", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio recvfd sendfd thread rpath accept cpath wpath unix", nullptr) < 0) {
perror("pledge");
return 1;
}
const char* preview_mode = "auto";
const char* file_to_edit = nullptr;
Core::ArgsParser parser;

4
Userland/Applications/ThemeEditor/main.cpp
View file

@ -47,14 +47,14 @@ private:
int main(int argc, char** argv)
{
if (pledge("stdio recvfd sendfd thread rpath accept cpath wpath unix fattr", nullptr) < 0) {
if (pledge("stdio recvfd sendfd thread rpath cpath wpath unix", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio recvfd sendfd thread rpath accept", nullptr) < 0) {
if (pledge("stdio recvfd sendfd thread rpath", nullptr) < 0) {
perror("pledge");
return 1;
}

7
Userland/Applications/Welcome/main.cpp
View file

@ -12,18 +12,13 @@
int main(int argc, char** argv)
{
if (pledge("stdio recvfd sendfd rpath unix proc accept exec fattr", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath unix proc exec", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio recvfd sendfd rpath unix proc accept exec", nullptr) < 0) {
perror("pledge");
return 1;
}
if (unveil("/res", "r") < 0) {
perror("unveil");
return 1;