Userland: Tighten a *lot* of pledges! :^)

Since applications using Core::EventLoop no longer need to create a socket in /tmp/rpc/, and also don't need to listen for incoming connections on this socket, we can remove a whole bunch of pledges!
2025-07-26 21:27:34 +00:00 · 2021-05-13 23:20:26 +02:00 · 2021-05-13 23:20:26 +02:00 · 31d4bcf5bf
commit 31d4bcf5bf
parent 04d78adaf7
59 changed files with 97 additions and 163 deletions
--- a/Userland/Demos/CatDog/main.cpp
+++ b/Userland/Demos/CatDog/main.cpp
@ -17,7 +17,7 @@

 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd rpath wpath cpath accept unix fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath wpath cpath unix", nullptr) < 0) {
        perror("pledge");
        return 1;
    }
--- a/Userland/Demos/Eyes/main.cpp
+++ b/Userland/Demos/Eyes/main.cpp
@ -30,14 +30,14 @@ int main(int argc, char* argv[])
    args_parser.add_option(grid_columns, "Number of columns in grid (incompatible with --number)", "grid-cols", 'c', "number");
    args_parser.parse(argc, argv);

-    if (pledge("stdio recvfd sendfd accept rpath unix cpath wpath fattr thread", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix cpath wpath thread", nullptr) < 0) {
        perror("pledge");
        return 1;
    }

    auto app = GUI::Application::construct(argc, argv);

-    if (pledge("stdio recvfd sendfd accept rpath cpath wpath thread", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath cpath wpath thread", nullptr) < 0) {
        perror("pledge");
        return 1;
    }
--- a/Userland/Demos/Screensaver/Screensaver.cpp
+++ b/Userland/Demos/Screensaver/Screensaver.cpp
@ -112,7 +112,7 @@ void Screensaver::draw()

 int main(int argc, char** argv)
 {
-    if (pledge("stdio rpath wpath cpath recvfd sendfd cpath unix fattr", nullptr) < 0) {
+    if (pledge("stdio rpath recvfd sendfd unix", nullptr) < 0) {
        perror("pledge");
        return 1;
    }
--- a/Userland/Demos/Starfield/Starfield.cpp
+++ b/Userland/Demos/Starfield/Starfield.cpp
@ -129,7 +129,7 @@ void Starfield::draw()
 int main(int argc, char** argv)
 {

-    if (pledge("stdio recvfd sendfd rpath wpath cpath accept unix fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
        perror("pledge");
        return 1;
    }
@ -151,6 +151,11 @@ int main(int argc, char** argv)

    auto app = GUI::Application::construct(argc, argv);

+    if (pledge("stdio recvfd sendfd rpath", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
    auto app_icon = GUI::Icon::default_icon("app-screensaver");
    auto window = GUI::Window::construct();

--- a/Userland/Demos/WidgetGallery/main.cpp
+++ b/Userland/Demos/WidgetGallery/main.cpp
@ -15,14 +15,14 @@

 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd rpath accept unix fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
        perror("pledge");
        return 1;
    }

    auto app = GUI::Application::construct(argc, argv);

-    if (pledge("stdio recvfd sendfd rpath accept", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath", nullptr) < 0) {
        perror("pledge");
        return 1;
    }