This commit un-deprecates DeprecatedString, and repurposes it as a byte
string.
As the null state has already been removed, there are no other
particularly hairy blockers in repurposing this type as a byte string
(what it _really_ is).
This commit is auto-generated:
$ xs=$(ack -l \bDeprecatedString\b\|deprecated_string AK Userland \
Meta Ports Ladybird Tests Kernel)
$ perl -pie 's/\bDeprecatedString\b/ByteString/g;
s/deprecated_string/byte_string/g' $xs
$ clang-format --style=file -i \
$(git diff --name-only | grep \.cpp\|\.h)
$ gn format $(git ls-files '*.gn' '*.gni')
This commit removes DeprecatedString's "null" state, and replaces all
its users with one of the following:
- A normal, empty DeprecatedString
- Optional<DeprecatedString>
Note that null states of DeprecatedFlyString/StringView/etc are *not*
affected by this commit. However, DeprecatedString::empty() is now
considered equal to a null StringView.
This change ensures that code in the Service class doesn't try to check
the g_system_mode variable, but instead is asked on whether it supports
a given system mode string value.
Also, don't assume that we should create sockets for any new Service
instance, but instead do that only if the Service should run in the
current system mode.
We used to call `did_exit()` directly with the status returned from
`waitpid` but the function expected an exit code. We now use several
of `wait`-related macros to deduce the correct information.
If we try to launch a lazily-spawned service and the SystemServer as a
(running --user) session leader is running with root permissions, then
if it is instructed to drop the root permissions for a the new service
then it will make sense to abort the entire spawn procedure if dropping
of privileges failed.
For other users, trying to change UID/GID to something else doesn't make
sense (and will always actually fail) as we are already running in non
root permissions, hence we don't attempt to do this anymore.
It should be noted that if an explicit User configuration was actually
specified for a Service to be used with, we would still try to login
with the requested User option value, which would fail when running as
non-root user.
This is useful for example when trying to run the pro utility with pls
to elevate to root permissions, but the session leader is still the same
so trying to "drop" privileges to UID 0 doesn't make sense.
This patch also includes some changes in the way that the environment
and arguments are passed to `exec`. It was needed to fit the signature
of `Core::System::exec`. That's beneficial though, as we are now doing
`String` manipulation in a fallible environment, so we can propagate
more errors.
We have a new, improved string type coming up in AK (OOM aware, no null
state), and while it's going to use UTF-8, the name UTF8String is a
mouthful - so let's free up the String name by renaming the existing
class.
Making the old one have an annoying name will hopefully also help with
quick adoption :^)
Various changes are needed to support this:
- The directory is created by Core::Account on login (and located in
/tmp).
- Service's sockets are now deleted on exit (to allow re-creation)
- SystemServer needs to handle SIGTERM to correctly destroy services.
SystemServer now invokes services with the same uid as the process that
made the request.
This allows the superuser to have a normal GUI workflow. For example,
read and write its own files in TextEditor.
SPDX License Identifiers are a more compact / standardized
way of representing file license information.
See: https://spdx.dev/resources/use/#identifiers
This was done with the `ambr` search and replace tool.
ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
SystemServer only allowed a single socket to be created for a service
before this. Now, SystemServer will allow any amount of sockets. The
sockets can be defined like so:
[SomeService]
Socket=/tmp/portal/socket1,/tmp/portal/socket2,/tmp/portal/socket3
SocketPermissions=660,600
The last item in SocketPermissions is applied to the remainder of the
sockets in the Socket= line, so multiple sockets can have the same
permissions without having to repeat them.
Defining multiple sockets is not allowed for socket-activated services
at the moment, and wouldn't make much sense anyway.
This patch also makes socket takeovers more robust by removing the
assumption that the socket will always be passed in fd 3. Now, the
SOCKET_TAKEOVER environment variable carries information about which
endpoint corresponds to which socket, like so:
SOCKET_TAKEOVER=/tmp/portal/socket1:3 /tmp/portal/socket2:4
and LocalServer/LocalService will parse this automatically and select
the correct one. The old behavior of getting the default socket is
preserved so long as the service only requests a single socket in
SystemServer.ini.
This is basically just for consistency, it's quite strange to see
multiple AK container types next to each other, some with and some
without the namespace prefix - we're 'using AK::Foo;' a lot and should
leverage that. :^)
