This commit does three things atomically:
- switch over Core::Account+SystemServer+LoginServer to sid based socket
names.
- change socket names with %uid to %sid.
- add/update necessary pledges and unveils.
Userland: Switch over servers to sid based sockets
Userland: Properly pledge and unveil for sid based sockets
URL had properly named replacements for protocol(), set_protocol() and
create_with_file_protocol() already. This patch removes these function
and updates all call sites to use the functions named according to the
specification.
See https://url.spec.whatwg.org/#concept-url-scheme
Each of these strings would previously rely on StringView's char const*
constructor overload, which would call __builtin_strlen on the string.
Since we now have operator ""sv, we can replace these with much simpler
versions. This opens the door to being able to remove
StringView(char const*).
No functional changes.
To achieve this goal:
- The Browser unveils "/tmp/portal/filesystemaccess"
- Pass the page through LoadRequest => ResourceLoader
- ResourceLoader requests a file to the FileSystemAccessServer via IPC
- OutOfProcessWebView handles it and sends a file descriptor back to
the Page.
This is the final component that required LibProtocol as a dependency
of LibWeb. With this, we can now remove the dependency, and LibWeb no
longer requires IPC to work :^)
Similar reasoning to making Core::Stream::read() return Bytes, except
that every user of read_line() creates a StringView from the result, so
let's just return one right away.
pledge_domains() that takes only one String argument was specifically
added as a shortcut for pledging a single domain. So, it makes sense to
use singular here.
This reverts most of commit ede5c9548e.
The one change not reverted is ClockWidget.h, so that the taskbar clock
can continue to notice time zone changes.
In most applications, we invoke tzset once at startup for now. Most of
these are short lived and don't need to know about time zone changes.
The exception is the ClockWidget in the taskbar. Here, we invoke tzset
each time we update the system time. This way, any time zone changes can
take effect immediately.
Apologies for the enormous commit, but I don't see a way to split this
up nicely. In the vast majority of cases it's a simple change. A few
extra places can use TRY instead of manual error checking though. :^)
Previously, Browser loaded icons from the disk every time an icon
was set. In addition to making more calls to the disk and decoding
more images, this makes error propagation impossible. This change
moves all icon loading to the start of the program.
This is partially a revert of commits:
10a8b6d411561b67a1ad
Rather than adding the prot_exec pledge requried to use dlopen(), we can
link directly against LibUnicodeData in applications that we know need
that library.
This might make the dlopen() dance a bit unnecessary. The same purpose
might now be fulfilled with weak symbols. That can be revisted next, but
for now, this at least removes the potential security risk of apps like
the Browser having prot_exec privileges.
Loading libunicodedata.so will require dlopen(), which in turn requires
mmap(). The 'prot_exec' pledge is needed for this.
Further, the .so itself must be unveiled for reading. The "real" path is
unveiled (libunicodedata.so.serenity) as the symlink (libunicodedata.so)
itself cannot be unveiled.
Having files in Base's user `.config` folder means that every time the
Serenity image is built, all user settings in that file are thrown away.
So, let's not do that! :^)
Modified the default value for the homepage url to match what was in
Browser.ini, so there is no visible change.
With this change, System::foo() becomes Core::System::foo().
Since LibCore builds on other systems than SerenityOS, we now have to
make sure that wrappers work with just a standard C library underneath.
It was very confusing for every Tab to have their own GUI::Menubar that
got dynamically swapped in/out when switching tabs.
This change moves us to a single menubar per window, and BrowserWindow
is the owner of its own menubar.
Having so much the logic and lambdas in main() was getting unwieldy.
Moving it into a class simplifies this, and also opens up a path
towards supporting "Open in New Window" :^)
Single-process Browser forces a connection to these services early on,
to avoid having to unveil their paths. I'm suspicious of the benefits
of this (and the comment about it wasn't even accurate) but let's keep
it for now.
In multi-process mode, there's no need to do this, and in fact it was
causing us to spawn two extra totally unused processes.
Since applications using Core::EventLoop no longer need to create a
socket in /tmp/rpc/, and also don't need to listen for incoming
connections on this socket, we can remove a whole bunch of pledges!
Seeing " - Browser" for loading pages is annoying, so let's do something
more sensible instead for empty tab document titles: "<URL> - Browser".
Also consolidate the two places where this code is used into a lambda to
make any future changes easier.
