1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 15:57:35 +00:00

Userland: Tighten a *lot* of pledges! :^)

Since applications using Core::EventLoop no longer need to create a
socket in /tmp/rpc/, and also don't need to listen for incoming
connections on this socket, we can remove a whole bunch of pledges!
This commit is contained in:
Andreas Kling 2021-05-13 23:20:26 +02:00
parent 04d78adaf7
commit 31d4bcf5bf
59 changed files with 97 additions and 163 deletions

View file

@ -10,7 +10,7 @@
int main(int, char**)
{
if (pledge("stdio recvfd thread accept rpath wpath cpath unix fattr", nullptr) < 0) {
if (pledge("stdio recvfd thread accept cpath rpath wpath unix", nullptr) < 0) {
perror("pledge");
return 1;
}

View file

@ -11,7 +11,7 @@
int main()
{
if (pledge("stdio recvfd sendfd accept unix rpath cpath fattr", nullptr) < 0) {
if (pledge("stdio recvfd sendfd unix rpath", nullptr) < 0) {
perror("pledge");
return 1;
}

View file

@ -12,15 +12,11 @@
int main(int, char**)
{
if (pledge("stdio recvfd sendfd accept unix rpath cpath fattr", nullptr) < 0) {
if (pledge("stdio recvfd sendfd accept unix", nullptr) < 0) {
perror("pledge");
return 1;
}
Core::EventLoop event_loop;
if (pledge("stdio recvfd sendfd unix accept", nullptr) < 0) {
perror("pledge");
return 1;
}
if (unveil(nullptr, nullptr) < 0) {
perror("unveil");
return 1;

View file

@ -20,7 +20,7 @@
int main([[maybe_unused]] int argc, [[maybe_unused]] char** argv)
{
if (pledge("stdio unix inet cpath rpath fattr", nullptr) < 0) {
if (pledge("stdio unix inet cpath rpath", nullptr) < 0) {
perror("pledge");
return 1;
}
@ -43,7 +43,7 @@ int main([[maybe_unused]] int argc, [[maybe_unused]] char** argv)
auto ifs = ifs_result.release_value();
auto client = DHCPv4Client::construct(move(ifs.ready), move(ifs.not_ready));
if (pledge("stdio inet cpath rpath fattr", nullptr) < 0) {
if (pledge("stdio inet cpath rpath", nullptr) < 0) {
perror("pledge");
return 1;
}

View file

@ -16,7 +16,7 @@
int main(int argc, char** argv)
{
if (pledge("stdio cpath unix fattr inet id accept", nullptr) < 0) {
if (pledge("stdio unix inet id accept", nullptr) < 0) {
perror("pledge");
return 1;
}

View file

@ -12,7 +12,7 @@
int main([[maybe_unused]] int argc, [[maybe_unused]] char** argv)
{
if (pledge("stdio accept unix inet cpath rpath fattr", nullptr) < 0) {
if (pledge("stdio accept unix inet rpath", nullptr) < 0) {
perror("pledge");
return 1;
}

View file

@ -12,7 +12,7 @@
int main(int argc, char** argv)
{
if (pledge("stdio recvfd sendfd accept rpath wpath cpath unix fattr", nullptr) < 0) {
if (pledge("stdio recvfd sendfd accept rpath unix", nullptr) < 0) {
perror("pledge");
return 1;
}

View file

@ -15,7 +15,7 @@
int main(int, char**)
{
if (pledge("stdio inet accept unix rpath cpath fattr sendfd recvfd", nullptr) < 0) {
if (pledge("stdio inet accept unix rpath sendfd recvfd", nullptr) < 0) {
perror("pledge");
return 1;
}

View file

@ -31,7 +31,7 @@ static NonnullRefPtr<GUI::Menu> build_system_menu();
int main(int argc, char** argv)
{
if (pledge("stdio recvfd sendfd accept proc exec rpath unix cpath fattr sigaction", nullptr) < 0) {
if (pledge("stdio recvfd sendfd proc exec rpath unix sigaction", nullptr) < 0) {
perror("pledge");
return 1;
}
@ -46,7 +46,7 @@ int main(int argc, char** argv)
// We need to obtain the WM connection here as well before the pledge shortening.
GUI::WindowManagerServerConnection::the();
if (pledge("stdio recvfd sendfd accept proc exec rpath", nullptr) < 0) {
if (pledge("stdio recvfd sendfd proc exec rpath", nullptr) < 0) {
perror("pledge");
return 1;
}

View file

@ -37,7 +37,7 @@ int main(int argc, char** argv)
return 1;
}
if (pledge("stdio accept rpath inet unix cpath fattr", nullptr) < 0) {
if (pledge("stdio accept rpath inet unix", nullptr) < 0) {
perror("pledge");
return 1;
}

View file

@ -12,7 +12,7 @@
int main(int, char**)
{
if (pledge("stdio inet accept unix rpath cpath fattr sendfd recvfd", nullptr) < 0) {
if (pledge("stdio inet unix rpath sendfd recvfd", nullptr) < 0) {
perror("pledge");
return 1;
}
@ -22,7 +22,7 @@ int main(int, char**)
Core::EventLoop event_loop;
// FIXME: Establish a connection to LookupServer and then drop "unix"?
if (pledge("stdio inet accept unix sendfd recvfd", nullptr) < 0) {
if (pledge("stdio inet unix sendfd recvfd", nullptr) < 0) {
perror("pledge");
return 1;
}

View file

@ -19,7 +19,7 @@
int main(int, char**)
{
if (pledge("stdio video thread sendfd recvfd accept rpath wpath cpath unix proc fattr sigaction", nullptr) < 0) {
if (pledge("stdio video thread sendfd recvfd accept rpath wpath cpath unix proc sigaction", nullptr) < 0) {
perror("pledge");
return 1;
}