RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 17:47:44 +00:00
Code Issues Activity Actions

WindowServer: Unveil only subdirectories in /dev directory

Browse source 
Now that each HID device node is located in /dev/input/, and Display
Connector device nodes are in /dev/gpu/, we can simply just unveil those
directories instead of the entire /dev directory.
This commit is contained in:
Liav A 2022-09-10 16:18:15 +03:00 committed by Sam Atkins
parent 89835558b4
commit 5d0edc7a42
1 changed files with 3 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Userland/Services/WindowServer/main.cpp
View file

@ -27,7 +27,9 @@ ErrorOr<int> serenity_main(Main::Arguments)
TRY(Core::System::unveil("/tmp", "cw"));
TRY(Core::System::unveil("/etc/WindowServer.ini", "rwc"));
TRY(Core::System::unveil("/etc/Keyboard.ini", "r"));
TRY(Core::System::unveil("/dev", "rw"));
TRY(Core::System::unveil("/dev/tty", "rw"));
TRY(Core::System::unveil("/dev/gpu/", "rw"));
TRY(Core::System::unveil("/dev/input/", "rw"));
TRY(Core::System::unveil("/bin/keymap", "x"));
TRY(Core::System::unveil("/proc/keymap", "r"));
@ -136,10 +138,6 @@ ErrorOr<int> serenity_main(Main::Arguments)
TRY(Core::System::unveil("/tmp", ""));
// NOTE: Because we dynamically need to be able to open new /dev/gpu/connector*
// devices we can't really unveil all of /dev unless we have some
// other mechanism that can hand us file descriptors for these.
TRY(Core::System::unveil(nullptr, nullptr));
dbgln("Entering WindowServer main loop");