1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 19:17:44 +00:00

SystemServer+LoginServer+Userland: Switch to sid-based sockets

This commit does three things atomically:
- switch over Core::Account+SystemServer+LoginServer to sid based socket
  names.
- change socket names with %uid to %sid.
- add/update necessary pledges and unveils.

Userland: Switch over servers to sid based sockets

Userland: Properly pledge and unveil for sid based sockets
This commit is contained in:
Peter Elliott 2022-09-06 00:04:06 -06:00 committed by Andreas Kling
parent 1df4cc1926
commit 7af5eef0dd
50 changed files with 134 additions and 130 deletions

View file

@ -358,9 +358,9 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
{
auto app = TRY(GUI::Application::try_create(arguments));
TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix prot_exec"));
TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix prot_exec proc"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/home/anon/Documents/3D Models", "r"));
TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/usr/lib", "r"));

View file

@ -80,14 +80,16 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Desktop::Launcher::add_allowed_url(URL::create_with_file_scheme(Core::StandardPaths::downloads_directory())));
TRY(Desktop::Launcher::seal_allowlist());
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/image", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/request", "rw"));
TRY(Core::System::unveil("/home", "rwc"));
TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/etc/passwd", "r"));
TRY(Core::System::unveil("/etc/timezone", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/image", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/request", "rw"));
TRY(Core::System::unveil("/bin/BrowserSettings", "x"));
TRY(Core::System::unveil(nullptr, nullptr));

View file

@ -28,14 +28,15 @@ static String parse_input(StringView input)
ErrorOr<int> serenity_main(Main::Arguments arguments)
{
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix"));
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix proc"));
auto app = TRY(GUI::Application::try_create(arguments));
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/usr/share/man", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw"));
TRY(Core::System::unveil(nullptr, nullptr));
String start_page;

View file

@ -20,7 +20,7 @@
ErrorOr<int> serenity_main(Main::Arguments arguments)
{
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix cpath wpath thread"));
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix cpath wpath thread proc"));
auto app = TRY(GUI::Application::try_create(arguments));
@ -43,8 +43,8 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
return GUI::Window::CloseRequestDecision::StayOpen;
};
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil(nullptr, nullptr));
hex_editor_widget->initialize_menubar(*window);

View file

@ -37,11 +37,11 @@ static ErrorOr<ByteBuffer> dump_bitmap(RefPtr<Gfx::Bitmap> bitmap, AK::StringVie
ErrorOr<int> serenity_main(Main::Arguments arguments)
{
TRY(Core::System::pledge("stdio cpath rpath recvfd sendfd unix"));
TRY(Core::System::pledge("stdio cpath rpath recvfd sendfd unix proc"));
auto app = TRY(GUI::Application::try_create(arguments));
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil(nullptr, nullptr));
auto app_icon = GUI::Icon::default_icon("app-magnifier"sv);

View file

@ -18,17 +18,18 @@
ErrorOr<int> serenity_main(Main::Arguments arguments)
{
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix inet"));
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix inet proc"));
auto app = TRY(GUI::Application::try_create(arguments));
Config::pledge_domain("Mail");
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/etc", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw"));
TRY(Core::System::unveil("/tmp/portal/lookup", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil(nullptr, nullptr));
TRY(Desktop::Launcher::add_allowed_url(URL::create_with_file_scheme("/bin/MailSettings")));

View file

@ -32,10 +32,10 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
window->set_title("PDF Viewer");
window->resize(640, 400);
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix"));
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix proc"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil(nullptr, nullptr));
auto pdf_viewer_widget = TRY(window->try_set_main_widget<PDFViewerWidget>());

View file

@ -21,7 +21,7 @@
ErrorOr<int> serenity_main(Main::Arguments arguments)
{
TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix wpath cpath"));
TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix wpath cpath proc"));
auto app = TRY(GUI::Application::try_create(arguments));
Config::pledge_domain("PixelPaint");
@ -31,10 +31,11 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
args_parser.add_positional_argument(image_file, "Image file to open", "path", Core::ArgsParser::Required::No);
args_parser.parse(arguments);
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/portal/clipboard", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/image", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/image", "rw"));
TRY(Core::System::unveil("/etc/FileIconProvider.ini", "r"));
TRY(Core::System::unveil(nullptr, nullptr));

View file

@ -26,7 +26,7 @@
ErrorOr<int> serenity_main(Main::Arguments arguments)
{
TRY(Core::System::pledge("stdio recvfd sendfd rpath fattr unix cpath wpath thread"));
TRY(Core::System::pledge("stdio recvfd sendfd rpath fattr unix cpath wpath thread proc"));
auto app = TRY(GUI::Application::try_create(arguments));
@ -44,7 +44,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
}
}
TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw"));
// For writing temporary files when exporting.
TRY(Core::System::unveil("/tmp", "crw"));
TRY(Core::System::unveil("/etc", "r"));

View file

@ -422,6 +422,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
return GUI::Window::CloseRequestDecision::StayOpen;
};
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/bin", "r"));
TRY(Core::System::unveil("/proc", "r"));
@ -429,8 +430,8 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Core::System::unveil("/bin/TerminalSettings", "x"));
TRY(Core::System::unveil("/bin/utmpupdate", "x"));
TRY(Core::System::unveil("/etc/FileIconProvider.ini", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/config", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/config", "rw"));
TRY(Core::System::unveil(nullptr, nullptr));
auto modified_state_check_timer = Core::Timer::create_repeating(500, [&] {

View file

@ -18,7 +18,7 @@ using namespace TextEditor;
ErrorOr<int> serenity_main(Main::Arguments arguments)
{
TRY(Core::System::pledge("stdio recvfd sendfd thread rpath cpath wpath unix"));
TRY(Core::System::pledge("stdio recvfd sendfd thread rpath cpath wpath unix proc"));
auto app = TRY(GUI::Application::try_create(arguments));
@ -31,10 +31,11 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
parser.add_positional_argument(file_to_edit, "File to edit, with optional starting line and column number", "file[:line[:column]]", Core::ArgsParser::Required::No);
parser.parse(arguments);
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil(nullptr, nullptr));
auto app_icon = GUI::Icon::default_icon("app-text-editor"sv);

View file

@ -38,8 +38,8 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
if (!file_to_edit.is_empty())
path = Core::File::absolute_path(file_to_edit);
TRY(Core::System::pledge("stdio recvfd sendfd thread rpath unix"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
TRY(Core::System::pledge("stdio recvfd sendfd thread rpath unix proc"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil(nullptr, nullptr));

View file

@ -19,10 +19,11 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
Config::pledge_domain("SystemServer");
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/home", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw"));
TRY(Core::System::unveil("/bin/Help", "x"));
TRY(Core::System::unveil(nullptr, nullptr));
auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-welcome"sv));