RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 15:48:12 +00:00
Code Issues Activity Actions

GMLPlayground: Restrict filesystem access using unveil()

Browse source
This commit is contained in:
Karol Kosek 2022-10-23 19:13:14 +02:00 committed by Linus Groh
parent 25104a30c1
commit 37729f5b91
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Userland/DevTools/GMLPlayground/main.cpp
View file

@ -67,6 +67,12 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Core::System::pledge("stdio thread recvfd sendfd cpath rpath wpath unix"));
auto app = TRY(GUI::Application::try_create(arguments));
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil(nullptr, nullptr));
TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man1/GMLPlayground.md") }));
TRY(Desktop::Launcher::seal_allowlist());