1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 15:07:45 +00:00

Shell: Limit the access of processes spawned for autocompletion

This commit limits the autocomplete processes to effectively have
readonly access to the fs, and only enough pledges to get the dynamic
loader working.
This commit is contained in:
Ali Mohammad Pur 2022-03-25 01:19:48 +04:30 committed by Ali Mohammad Pur
parent 8233da3398
commit f12d81ddf5
2 changed files with 51 additions and 0 deletions

View file

@ -159,6 +159,41 @@ public:
[[nodiscard]] Frame push_frame(String name);
void pop_frame();
struct Promise {
struct Data {
struct Unveil {
String path;
String access;
};
String exec_promises;
Vector<Unveil> unveils;
} data;
IntrusiveListNode<Promise> node;
using List = IntrusiveList<&Promise::node>;
};
struct ScopedPromise {
ScopedPromise(Promise::List& promises, Promise&& promise)
: promises(promises)
, promise(move(promise))
{
promises.append(this->promise);
}
~ScopedPromise()
{
promises.remove(promise);
}
Promise::List& promises;
Promise promise;
};
[[nodiscard]] ScopedPromise promise(Promise::Data data)
{
return { m_active_promises, { move(data), {} } };
}
enum class EscapeMode {
Bareword,
SingleQuotedString,
@ -362,6 +397,7 @@ private:
HashMap<String, ShellFunction> m_functions;
NonnullOwnPtrVector<LocalFrame> m_local_frames;
Promise::List m_active_promises;
NonnullRefPtrVector<AST::Redirection> m_global_redirections;
HashMap<String, String> m_aliases;