Kernel: Remove pledge exception for sys$getsockopt() with SO_PEERCRED

We had an exception that allowed SOL_SOCKET + SO_PEERCRED on local socket to support LibIPC's PID exchange mechanism. This is no longer needed so let's just remove the exception.
2025-07-26 02:47:34 +00:00 · 2021-01-31 09:27:36 +01:00 · 2021-01-31 09:27:36 +01:00 · 6e4e3a7612
commit 6e4e3a7612
parent 1b5be4a342
2 changed files with 2 additions and 6 deletions
--- a/Base/usr/share/man/man2/pledge.md
+++ b/Base/usr/share/man/man2/pledge.md
@ -38,7 +38,7 @@ If the process later attempts to use any system functionality it has previously
 * `exec`: The [`exec(2)`](exec.md) syscall
 * `unix`: UNIX local domain sockets
 * `inet`: IPv4 domain sockets
-* `accept`: May use [`accept(2)`](accept.md) to accept incoming socket connections on already listening sockets. It also allows [`getsockopt(2)`](getsockopt.md) with `SOL_SOCKET` and `SO_PEERCRED` on local sockets (\*)
+* `accept`: May use [`accept(2)`](accept.md) to accept incoming socket connections on already listening sockets (\*)
 * `rpath`: "Read" filesystem access
 * `wpath`: "Write" filesystem access
 * `cpath`: "Create" filesystem access
--- a/Kernel/Syscalls/socket.cpp
+++ b/Kernel/Syscalls/socket.cpp
@ -362,11 +362,7 @@ int Process::sys$getsockopt(Userspace<const Syscall::SC_getsockopt_params*> user
        return -ENOTSOCK;
    auto& socket = *description->socket();
-    if (has_promised(Pledge::accept) && socket.is_local() && level == SOL_SOCKET && option == SO_PEERCRED) {
+    REQUIRE_PROMISE_FOR_SOCKET_DOMAIN(socket.domain());
        // We make an exception for SOL_SOCKET::SO_PEERCRED on local sockets if you've pledged "accept"
    } else {
        REQUIRE_PROMISE_FOR_SOCKET_DOMAIN(socket.domain());
    }
    return socket.getsockopt(*description, level, option, user_value, user_value_size);
 }