From 55ea2d892c020e918aad5aa70c77af744e890899 Mon Sep 17 00:00:00 2001
From: Liav A <liavalb@gmail.com>
Date: Fri, 25 Aug 2023 20:26:44 +0300
Subject: [PATCH] Utilities/beep: Restrict possible capabilities

We can now just unveil the /dev/beep device node, as well as to restrict
the utility functionality for rpath, wpath & stdio related syscalls only
because we don't actually need anything else.
---
 Userland/Utilities/beep.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Userland/Utilities/beep.cpp b/Userland/Utilities/beep.cpp
index c21d73ca4c..0919402a83 100644
--- a/Userland/Utilities/beep.cpp
+++ b/Userland/Utilities/beep.cpp
@@ -10,6 +10,9 @@
 
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
+    TRY(Core::System::pledge("stdio rpath wpath"));
+    TRY(Core::System::unveil("/dev/beep", "rw"));
+    TRY(Core::System::unveil(nullptr, nullptr));
     Optional<size_t> tone;
     Optional<size_t> milliseconds_duration;
     Core::ArgsParser args_parser;