From 6e4e3a76121d37be663a3beb8198666831e537bc Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Sun, 31 Jan 2021 09:27:36 +0100
Subject: [PATCH] Kernel: Remove pledge exception for sys$getsockopt() with
 SO_PEERCRED

We had an exception that allowed SOL_SOCKET + SO_PEERCRED on local
socket to support LibIPC's PID exchange mechanism. This is no longer
needed so let's just remove the exception.
---
 Base/usr/share/man/man2/pledge.md | 2 +-
 Kernel/Syscalls/socket.cpp        | 6 +-----
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/Base/usr/share/man/man2/pledge.md b/Base/usr/share/man/man2/pledge.md
index ca6adda653..6c9ca8775d 100644
--- a/Base/usr/share/man/man2/pledge.md
+++ b/Base/usr/share/man/man2/pledge.md
@@ -38,7 +38,7 @@ If the process later attempts to use any system functionality it has previously
 * `exec`: The [`exec(2)`](exec.md) syscall
 * `unix`: UNIX local domain sockets
 * `inet`: IPv4 domain sockets
-* `accept`: May use [`accept(2)`](accept.md) to accept incoming socket connections on already listening sockets. It also allows [`getsockopt(2)`](getsockopt.md) with `SOL_SOCKET` and `SO_PEERCRED` on local sockets (\*)
+* `accept`: May use [`accept(2)`](accept.md) to accept incoming socket connections on already listening sockets (\*)
 * `rpath`: "Read" filesystem access
 * `wpath`: "Write" filesystem access
 * `cpath`: "Create" filesystem access
diff --git a/Kernel/Syscalls/socket.cpp b/Kernel/Syscalls/socket.cpp
index c5a4f91d5e..960aa7a8ec 100644
--- a/Kernel/Syscalls/socket.cpp
+++ b/Kernel/Syscalls/socket.cpp
@@ -362,11 +362,7 @@ int Process::sys$getsockopt(Userspace<const Syscall::SC_getsockopt_params*> user
         return -ENOTSOCK;
     auto& socket = *description->socket();
 
-    if (has_promised(Pledge::accept) && socket.is_local() && level == SOL_SOCKET && option == SO_PEERCRED) {
-        // We make an exception for SOL_SOCKET::SO_PEERCRED on local sockets if you've pledged "accept"
-    } else {
-        REQUIRE_PROMISE_FOR_SOCKET_DOMAIN(socket.domain());
-    }
+    REQUIRE_PROMISE_FOR_SOCKET_DOMAIN(socket.domain());
     return socket.getsockopt(*description, level, option, user_value, user_value_size);
 }