From 5d0edc7a42076b27cc30400121a5eb430f900353 Mon Sep 17 00:00:00 2001
From: Liav A <liavalb@gmail.com>
Date: Sat, 10 Sep 2022 16:18:15 +0300
Subject: [PATCH] WindowServer: Unveil only subdirectories in /dev directory

Now that each HID device node is located in /dev/input/, and Display
Connector device nodes are in /dev/gpu/, we can simply just unveil those
directories instead of the entire /dev directory.
---
 Userland/Services/WindowServer/main.cpp | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/Userland/Services/WindowServer/main.cpp b/Userland/Services/WindowServer/main.cpp
index 28a7470916..05852851ba 100644
--- a/Userland/Services/WindowServer/main.cpp
+++ b/Userland/Services/WindowServer/main.cpp
@@ -27,7 +27,9 @@ ErrorOr<int> serenity_main(Main::Arguments)
     TRY(Core::System::unveil("/tmp", "cw"));
     TRY(Core::System::unveil("/etc/WindowServer.ini", "rwc"));
     TRY(Core::System::unveil("/etc/Keyboard.ini", "r"));
-    TRY(Core::System::unveil("/dev", "rw"));
+    TRY(Core::System::unveil("/dev/tty", "rw"));
+    TRY(Core::System::unveil("/dev/gpu/", "rw"));
+    TRY(Core::System::unveil("/dev/input/", "rw"));
     TRY(Core::System::unveil("/bin/keymap", "x"));
     TRY(Core::System::unveil("/proc/keymap", "r"));
 
@@ -136,10 +138,6 @@ ErrorOr<int> serenity_main(Main::Arguments)
 
     TRY(Core::System::unveil("/tmp", ""));
 
-    // NOTE: Because we dynamically need to be able to open new /dev/gpu/connector*
-    // devices we can't really unveil all of /dev unless we have some
-    // other mechanism that can hand us file descriptors for these.
-
     TRY(Core::System::unveil(nullptr, nullptr));
 
     dbgln("Entering WindowServer main loop");