From 66598f60fe3dd01625baf3fd8b85bc8c01db7586 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Tue, 21 Jan 2020 18:56:23 +0100
Subject: [PATCH] SystemMonitor: Show process unveil() state as "Veil"

A process has one of three veil states:

- None: unveil() has never been called.
- Dropped: unveil() has been called, and can be called again.
- Locked: unveil() has been called, and cannot be called again.
---
 Applications/SystemMonitor/ProcessModel.cpp    |  9 +++++++++
 Applications/SystemMonitor/ProcessModel.h      |  2 ++
 Kernel/FileSystem/ProcFS.cpp                   | 13 ++++++++++++-
 Libraries/LibCore/CProcessStatisticsReader.cpp |  1 +
 Libraries/LibCore/CProcessStatisticsReader.h   |  1 +
 5 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/Applications/SystemMonitor/ProcessModel.cpp b/Applications/SystemMonitor/ProcessModel.cpp
index 31271b0061..dcbe4b0493 100644
--- a/Applications/SystemMonitor/ProcessModel.cpp
+++ b/Applications/SystemMonitor/ProcessModel.cpp
@@ -121,6 +121,8 @@ String ProcessModel::column_name(int column) const
         return "File Out";
     case Column::Pledge:
         return "Pledge";
+    case Column::Veil:
+        return "Veil";
     default:
         ASSERT_NOT_REACHED();
     }
@@ -181,6 +183,8 @@ GModel::ColumnMetadata ProcessModel::column_metadata(int column) const
         return { 60, TextAlignment::CenterRight };
     case Column::Pledge:
         return { 60, TextAlignment::CenterLeft };
+    case Column::Veil:
+        return { 60, TextAlignment::CenterLeft };
     default:
         ASSERT_NOT_REACHED();
     }
@@ -252,6 +256,8 @@ GVariant ProcessModel::data(const GModelIndex& index, Role role) const
             return thread.current_state.file_write_bytes;
         case Column::Pledge:
             return thread.current_state.pledge;
+        case Column::Veil:
+            return thread.current_state.veil;
         }
         ASSERT_NOT_REACHED();
         return {};
@@ -319,6 +325,8 @@ GVariant ProcessModel::data(const GModelIndex& index, Role role) const
             return thread.current_state.file_write_bytes;
         case Column::Pledge:
             return thread.current_state.pledge;
+        case Column::Veil:
+            return thread.current_state.veil;
         }
     }
 
@@ -341,6 +349,7 @@ void ProcessModel::update()
             state.pid = it.value.pid;
             state.user = it.value.username;
             state.pledge = it.value.pledge;
+            state.veil = it.value.veil;
             state.syscall_count = thread.syscall_count;
             state.inode_faults = thread.inode_faults;
             state.zero_faults = thread.zero_faults;
diff --git a/Applications/SystemMonitor/ProcessModel.h b/Applications/SystemMonitor/ProcessModel.h
index f99244f6dc..5d25594264 100644
--- a/Applications/SystemMonitor/ProcessModel.h
+++ b/Applications/SystemMonitor/ProcessModel.h
@@ -61,6 +61,7 @@ public:
         CleanInode,
         PurgeableVolatile,
         PurgeableNonvolatile,
+        Veil,
         Pledge,
         Syscalls,
         InodeFaults,
@@ -100,6 +101,7 @@ private:
         String state;
         String user;
         String pledge;
+        String veil;
         u32 priority;
         u32 effective_priority;
         size_t amount_virtual;
diff --git a/Kernel/FileSystem/ProcFS.cpp b/Kernel/FileSystem/ProcFS.cpp
index 97b4937cbe..205d18161f 100644
--- a/Kernel/FileSystem/ProcFS.cpp
+++ b/Kernel/FileSystem/ProcFS.cpp
@@ -822,6 +822,18 @@ Optional<KBuffer> procfs$all(InodeIdentifier)
 
         process_object.add("pledge", pledge_builder.to_string());
 
+        switch (process.unveil_state()) {
+        case UnveilState::None:
+            process_object.add("veil", "None");
+            break;
+        case UnveilState::VeilDropped:
+            process_object.add("veil", "Dropped");
+            break;
+        case UnveilState::VeilLocked:
+            process_object.add("veil", "Locked");
+            break;
+        }
+
         process_object.add("pid", process.pid());
         process_object.add("pgid", process.tty() ? process.tty()->pgid() : 0);
         process_object.add("pgp", process.pgid());
@@ -1531,7 +1543,6 @@ size_t ProcFSProxyInode::directory_entry_count() const
     return m_fd->inode()->directory_entry_count();
 }
 
-
 KResult ProcFSInode::add_child(InodeIdentifier child_id, const StringView& name, mode_t)
 {
     (void)child_id;
diff --git a/Libraries/LibCore/CProcessStatisticsReader.cpp b/Libraries/LibCore/CProcessStatisticsReader.cpp
index 61f9935bc0..51c237513a 100644
--- a/Libraries/LibCore/CProcessStatisticsReader.cpp
+++ b/Libraries/LibCore/CProcessStatisticsReader.cpp
@@ -62,6 +62,7 @@ HashMap<pid_t, CProcessStatistics> CProcessStatisticsReader::get_all()
         process.name = process_object.get("name").to_string();
         process.tty = process_object.get("tty").to_string();
         process.pledge = process_object.get("pledge").to_string();
+        process.veil = process_object.get("veil").to_string();
         process.amount_virtual = process_object.get("amount_virtual").to_u32();
         process.amount_resident = process_object.get("amount_resident").to_u32();
         process.amount_shared = process_object.get("amount_shared").to_u32();
diff --git a/Libraries/LibCore/CProcessStatisticsReader.h b/Libraries/LibCore/CProcessStatisticsReader.h
index fa7d6c9700..c5b7aaeb91 100644
--- a/Libraries/LibCore/CProcessStatisticsReader.h
+++ b/Libraries/LibCore/CProcessStatisticsReader.h
@@ -64,6 +64,7 @@ struct CProcessStatistics {
     String name;
     String tty;
     String pledge;
+    String veil;
     size_t amount_virtual;
     size_t amount_resident;
     size_t amount_shared;