SystemServer+LoginServer+Userland: Switch to sid-based sockets

This commit does three things atomically: - switch over Core::Account+SystemServer+LoginServer to sid based socket names. - change socket names with %uid to %sid. - add/update necessary pledges and unveils. Userland: Switch over servers to sid based sockets Userland: Properly pledge and unveil for sid based sockets
2025-07-27 10:37:45 +00:00 · 2022-09-06 00:04:06 -06:00 · 2022-09-06 00:04:06 -06:00 · 7af5eef0dd
commit 7af5eef0dd
parent 1df4cc1926
50 changed files with 134 additions and 130 deletions
--- a/Userland/Libraries/LibAudio/ConnectionToServer.h
+++ b/Userland/Libraries/LibAudio/ConnectionToServer.h
@ -26,7 +26,7 @@ namespace Audio {
 class ConnectionToServer final
    : public IPC::ConnectionToServer<AudioClientEndpoint, AudioServerEndpoint>
    , public AudioClientEndpoint {
-    IPC_CLIENT_CONNECTION(ConnectionToServer, "/tmp/user/%uid/portal/audio"sv)
+    IPC_CLIENT_CONNECTION(ConnectionToServer, "/tmp/session/%sid/portal/audio"sv)
 public:
    virtual ~ConnectionToServer() override;

--- a/Userland/Libraries/LibConfig/Client.h
+++ b/Userland/Libraries/LibConfig/Client.h
@ -18,7 +18,7 @@ namespace Config {
 class Client final
    : public IPC::ConnectionToServer<ConfigClientEndpoint, ConfigServerEndpoint>
    , public ConfigClientEndpoint {
-    IPC_CLIENT_CONNECTION(Client, "/tmp/user/%uid/portal/config"sv)
+    IPC_CLIENT_CONNECTION(Client, "/tmp/session/%sid/portal/config"sv)

 public:
    void pledge_domains(Vector<String> const&);
--- a/Userland/Libraries/LibCore/Account.cpp
+++ b/Userland/Libraries/LibCore/Account.cpp
@ -68,15 +68,6 @@ ErrorOr<Account> Account::from_passwd(passwd const& pwd, spwd const& spwd)
    return account;
 }

-String Account::parse_path_with_uid(StringView general_path, Optional<uid_t> uid)
-{
-    if (general_path.contains("%uid"sv)) {
-        auto const final_uid = uid.has_value() ? uid.value() : getuid();
-        return general_path.replace("%uid"sv, String::number(final_uid), ReplaceMode::All);
-    }
-    return general_path;
-}
-
 ErrorOr<Account> Account::self([[maybe_unused]] Read options)
 {
    Vector<gid_t> extra_gids = TRY(Core::System::getgroups());
@ -149,14 +140,6 @@ bool Account::authenticate(SecretString const& password) const
    return hash != nullptr && AK::timing_safe_compare(hash, m_password_hash.characters(), m_password_hash.length());
 }

-ErrorOr<void> Account::create_user_temporary_directory_if_needed() const
-{
-    auto const temporary_directory = String::formatted("/tmp/user/{}", m_uid);
-    auto directory = TRY(Core::Directory::create(temporary_directory, Core::Directory::CreateDirectories::Yes));
-    TRY(directory.chown(m_uid, m_gid));
-    return {};
-}
-
 ErrorOr<void> Account::login() const
 {
    TRY(Core::System::setgroups(m_extra_gids));
--- a/Userland/Libraries/LibCore/Account.h
+++ b/Userland/Libraries/LibCore/Account.h
@ -32,7 +32,6 @@ public:
        PasswdOnly
    };

-    static String parse_path_with_uid(StringView general_path, Optional<uid_t> force_uid = {});
    static ErrorOr<Account> self(Read options = Read::All);
    static ErrorOr<Account> from_name(StringView username, Read options = Read::All);
    static ErrorOr<Account> from_uid(uid_t uid, Read options = Read::All);
@ -40,8 +39,6 @@ public:
    bool authenticate(SecretString const& password) const;
    ErrorOr<void> login() const;

-    ErrorOr<void> create_user_temporary_directory_if_needed() const;
-
    String username() const { return m_username; }
    String password_hash() const { return m_password_hash; }

--- a/Userland/Libraries/LibCore/EventLoop.cpp
+++ b/Userland/Libraries/LibCore/EventLoop.cpp
@ -22,6 +22,7 @@
 #include <LibCore/LocalServer.h>
 #include <LibCore/Notifier.h>
 #include <LibCore/Object.h>
+#include <LibCore/SessionManagement.h>
 #include <LibThreading/Mutex.h>
 #include <LibThreading/MutexProtected.h>
 #include <errno.h>
@ -361,7 +362,12 @@ EventLoop::~EventLoop()
 bool connect_to_inspector_server()
 {
 #ifdef __serenity__
-    auto inspector_server_path = Account::parse_path_with_uid("/tmp/user/%uid/portal/inspectables"sv);
+    auto maybe_path = SessionManagement::parse_path_with_sid("/tmp/session/%sid/portal/inspectables"sv);
+    if (maybe_path.is_error()) {
+        dbgln("connect_to_inspector_server: {}", maybe_path.error());
+        return false;
+    }
+    auto inspector_server_path = maybe_path.value();
    auto maybe_socket = Stream::LocalSocket::connect(inspector_server_path);
    if (maybe_socket.is_error()) {
        dbgln("connect_to_inspector_server: Failed to connect: {}", maybe_socket.error());
--- a/Userland/Libraries/LibCore/LocalServer.cpp
+++ b/Userland/Libraries/LibCore/LocalServer.cpp
@ -4,9 +4,9 @@
 * SPDX-License-Identifier: BSD-2-Clause
 */

-#include <LibCore/Account.h>
 #include <LibCore/LocalServer.h>
 #include <LibCore/Notifier.h>
+#include <LibCore/SessionManagement.h>
 #include <LibCore/Stream.h>
 #include <LibCore/System.h>
 #include <LibCore/SystemServerTakeover.h>
@ -38,7 +38,7 @@ ErrorOr<void> LocalServer::take_over_from_system_server(String const& socket_pat
    if (m_listening)
        return Error::from_string_literal("Core::LocalServer: Can't perform socket takeover when already listening");

-    auto const parsed_path = Core::Account::parse_path_with_uid(socket_path);
+    auto const parsed_path = TRY(Core::SessionManagement::parse_path_with_sid(socket_path));
    auto socket = TRY(take_over_socket_from_system_server(parsed_path));
    m_fd = TRY(socket->release_fd());

--- a/Userland/Libraries/LibCore/System.cpp
+++ b/Userland/Libraries/LibCore/System.cpp
@ -13,6 +13,7 @@
 #include <AK/String.h>
 #include <AK/Vector.h>
 #include <LibCore/File.h>
+#include <LibCore/SessionManagement.h>
 #include <LibCore/System.h>
 #include <limits.h>
 #include <stdarg.h>
@ -82,7 +83,7 @@ ErrorOr<void> pledge(StringView promises, StringView execpromises)

 ErrorOr<void> unveil(StringView path, StringView permissions)
 {
-    auto const parsed_path = Core::Account::parse_path_with_uid(path);
+    auto const parsed_path = TRY(Core::SessionManagement::parse_path_with_sid(path));

    Syscall::SC_unveil_params params {
        { parsed_path.characters(), parsed_path.length() },
--- a/Userland/Libraries/LibDesktop/Launcher.cpp
+++ b/Userland/Libraries/LibDesktop/Launcher.cpp
@ -36,7 +36,7 @@ auto Launcher::Details::from_details_str(String const& details_str) -> NonnullRe
 class ConnectionToLaunchServer final
    : public IPC::ConnectionToServer<LaunchClientEndpoint, LaunchServerEndpoint>
    , public LaunchClientEndpoint {
-    IPC_CLIENT_CONNECTION(ConnectionToLaunchServer, "/tmp/user/%uid/portal/launch"sv)
+    IPC_CLIENT_CONNECTION(ConnectionToLaunchServer, "/tmp/session/%sid/portal/launch"sv)
 private:
    ConnectionToLaunchServer(NonnullOwnPtr<Core::Stream::LocalSocket> socket)
        : IPC::ConnectionToServer<LaunchClientEndpoint, LaunchServerEndpoint>(*this, move(socket))
--- a/Userland/Libraries/LibFileSystemAccessClient/Client.h
+++ b/Userland/Libraries/LibFileSystemAccessClient/Client.h
@ -23,7 +23,7 @@ using Result = ErrorOr<NonnullRefPtr<Core::File>>;
 class Client final
    : public IPC::ConnectionToServer<FileSystemAccessClientEndpoint, FileSystemAccessServerEndpoint>
    , public FileSystemAccessClientEndpoint {
-    IPC_CLIENT_CONNECTION(Client, "/tmp/user/%uid/portal/filesystemaccess"sv)
+    IPC_CLIENT_CONNECTION(Client, "/tmp/session/%sid/portal/filesystemaccess"sv)

 public:
    Result try_request_file_read_only_approved(GUI::Window* parent_window, String const& path);
--- a/Userland/Libraries/LibGUI/Notification.cpp
+++ b/Userland/Libraries/LibGUI/Notification.cpp
@ -15,7 +15,7 @@ namespace GUI {
 class ConnectionToNotificationServer final
    : public IPC::ConnectionToServer<NotificationClientEndpoint, NotificationServerEndpoint>
    , public NotificationClientEndpoint {
-    IPC_CLIENT_CONNECTION(ConnectionToNotificationServer, "/tmp/user/%uid/portal/notify"sv)
+    IPC_CLIENT_CONNECTION(ConnectionToNotificationServer, "/tmp/session/%sid/portal/notify"sv)

    friend class Notification;

--- a/Userland/Libraries/LibIPC/ConnectionToServer.h
+++ b/Userland/Libraries/LibIPC/ConnectionToServer.h
@ -6,7 +6,7 @@

 #pragma once

-#include <LibCore/Account.h>
+#include <LibCore/SessionManagement.h>
 #include <LibCore/Stream.h>
 #include <LibIPC/Connection.h>

@ -18,7 +18,7 @@ public:
    template<typename Klass = klass, class... Args>                                                    \
    static ErrorOr<NonnullRefPtr<klass>> try_create(Args&&... args)                                    \
    {                                                                                                  \
-        auto parsed_socket_path { Core::Account::parse_path_with_uid(socket_path) };                   \
+        auto parsed_socket_path = TRY(Core::SessionManagement::parse_path_with_sid(socket_path));      \
        auto socket = TRY(Core::Stream::LocalSocket::connect(move(parsed_socket_path)));               \
        /* We want to rate-limit our clients */                                                        \
        TRY(socket->set_blocking(true));                                                               \
--- a/Userland/Libraries/LibImageDecoderClient/Client.h
+++ b/Userland/Libraries/LibImageDecoderClient/Client.h
@ -27,7 +27,7 @@ struct DecodedImage {
 class Client final
    : public IPC::ConnectionToServer<ImageDecoderClientEndpoint, ImageDecoderServerEndpoint>
    , public ImageDecoderClientEndpoint {
-    IPC_CLIENT_CONNECTION(Client, "/tmp/user/%uid/portal/image"sv);
+    IPC_CLIENT_CONNECTION(Client, "/tmp/session/%sid/portal/image"sv);

 public:
    Optional<DecodedImage> decode_image(ReadonlyBytes);
--- a/Userland/Libraries/LibProtocol/RequestClient.h
+++ b/Userland/Libraries/LibProtocol/RequestClient.h
@ -20,7 +20,7 @@ class Request;
 class RequestClient final
    : public IPC::ConnectionToServer<RequestClientEndpoint, RequestServerEndpoint>
    , public RequestClientEndpoint {
-    IPC_CLIENT_CONNECTION(RequestClient, "/tmp/user/%uid/portal/request"sv)
+    IPC_CLIENT_CONNECTION(RequestClient, "/tmp/session/%sid/portal/request"sv)

 public:
    template<typename RequestHashMapTraits = Traits<String>>
--- a/Userland/Libraries/LibProtocol/WebSocketClient.h
+++ b/Userland/Libraries/LibProtocol/WebSocketClient.h
@ -18,7 +18,7 @@ class WebSocket;
 class WebSocketClient final
    : public IPC::ConnectionToServer<WebSocketClientEndpoint, WebSocketServerEndpoint>
    , public WebSocketClientEndpoint {
-    IPC_CLIENT_CONNECTION(WebSocketClient, "/tmp/user/%uid/portal/websocket"sv)
+    IPC_CLIENT_CONNECTION(WebSocketClient, "/tmp/session/%sid/portal/websocket"sv)

 public:
    RefPtr<WebSocket> connect(const URL&, String const& origin = {}, Vector<String> const& protocols = {}, Vector<String> const& extensions = {}, HashMap<String, String> const& request_headers = {});
--- a/Userland/Libraries/LibSQL/SQLClient.h
+++ b/Userland/Libraries/LibSQL/SQLClient.h
@ -16,7 +16,7 @@ namespace SQL {
 class SQLClient
    : public IPC::ConnectionToServer<SQLClientEndpoint, SQLServerEndpoint>
    , public SQLClientEndpoint {
-    IPC_CLIENT_CONNECTION(SQLClient, "/tmp/user/%uid/portal/sql"sv)
+    IPC_CLIENT_CONNECTION(SQLClient, "/tmp/session/%sid/portal/sql"sv)
    virtual ~SQLClient() = default;

    Function<void(int, String const&)> on_connected;
--- a/Userland/Libraries/LibWebView/WebContentClient.h
+++ b/Userland/Libraries/LibWebView/WebContentClient.h
@ -19,7 +19,7 @@ class OutOfProcessWebView;
 class WebContentClient final
    : public IPC::ConnectionToServer<WebContentClientEndpoint, WebContentServerEndpoint>
    , public WebContentClientEndpoint {
-    IPC_CLIENT_CONNECTION(WebContentClient, "/tmp/user/%uid/portal/webcontent"sv);
+    IPC_CLIENT_CONNECTION(WebContentClient, "/tmp/session/%sid/portal/webcontent"sv);

 public:
    Function<void()> on_web_content_process_crash;