Kernel: Add "video" pledge for accessing framebuffer devices

WindowServer becomes the only user.

Kernel/Devices/BXVGADevice.cpp

@@ -86,6 +86,7 @@ u32 BXVGADevice::find_framebuffer_address()
 
 KResultOr<Region*> BXVGADevice::mmap(Process& process, FileDescription&, VirtualAddress preferred_vaddr, size_t offset, size_t size, int prot)
 {
+    REQUIRE_PROMISE(video);
     ASSERT(offset == 0);
     ASSERT(size == framebuffer_size_in_bytes());
     auto vmobject = AnonymousVMObject::create_for_physical_range(m_framebuffer_address, framebuffer_size_in_bytes());
@@ -105,6 +106,7 @@ KResultOr<Region*> BXVGADevice::mmap(Process& process, FileDescription&, Virtual
 
 int BXVGADevice::ioctl(FileDescription&, unsigned request, unsigned arg)
 {
+    REQUIRE_PROMISE(video);
     switch (request) {
     case FB_IOCTL_GET_SIZE_IN_BYTES: {
         auto* out = (size_t*)arg;

Kernel/Devices/MBVGADevice.cpp

@@ -25,6 +25,7 @@ MBVGADevice::MBVGADevice(PhysicalAddress addr, int pitch, int width, int height)
 
 KResultOr<Region*> MBVGADevice::mmap(Process& process, FileDescription&, VirtualAddress preferred_vaddr, size_t offset, size_t size, int prot)
 {
+    REQUIRE_PROMISE(video);
     ASSERT(offset == 0);
     ASSERT(size == framebuffer_size_in_bytes());
     auto vmobject = AnonymousVMObject::create_for_physical_range(m_framebuffer_address, framebuffer_size_in_bytes());
@@ -44,6 +45,7 @@ KResultOr<Region*> MBVGADevice::mmap(Process& process, FileDescription&, Virtual
 
 int MBVGADevice::ioctl(FileDescription&, unsigned request, unsigned arg)
 {
+    REQUIRE_PROMISE(video);
     switch (request) {
     case FB_IOCTL_GET_SIZE_IN_BYTES: {
         auto* out = (size_t*)arg;

Kernel/Process.cpp

@@ -53,26 +53,6 @@
 //#define SIGNAL_DEBUG
 //#define SHARED_BUFFER_DEBUG
 
-#define REQUIRE_NO_PROMISES                             \
-    do {                                                \
-        if (has_promises()) {                           \
-            dbg() << *current << " has made a promise"; \
-            cli();                                      \
-            crash(SIGABRT, 0);                          \
-            ASSERT_NOT_REACHED();                       \
-        }                                               \
-    } while (0)
-
-#define REQUIRE_PROMISE(promise)                                  \
-    do {                                                          \
-        if (has_promises() && !has_promised(Pledge::promise)) {   \
-            dbg() << *current << " has not pledged " << #promise; \
-            cli();                                                \
-            crash(SIGABRT, 0);                                    \
-            ASSERT_NOT_REACHED();                                 \
-        }                                                         \
-    } while (0)
-
 static void create_signal_trampolines();
 static void create_kernel_info_page();
 
@@ -233,7 +213,6 @@ Region* Process::region_containing(const Range& range)
 int Process::sys$set_mmap_name(const Syscall::SC_set_mmap_name_params* user_params)
 {
     REQUIRE_PROMISE(stdio);
-
     if (!validate_read_typed(user_params))
         return -EFAULT;
 

Kernel/Process.h

@@ -46,6 +46,7 @@ extern VirtualAddress g_return_to_ring3_from_signal_trampoline;
     __ENUMERATE_PLEDGE_PROMISE(chown)  \
     __ENUMERATE_PLEDGE_PROMISE(chroot) \
     __ENUMERATE_PLEDGE_PROMISE(thread) \
+    __ENUMERATE_PLEDGE_PROMISE(video)  \
     __ENUMERATE_PLEDGE_PROMISE(shared_buffer)
 
 enum class Pledge : u32 {
@@ -567,3 +568,24 @@ inline u32 Thread::effective_priority() const
 {
     return m_priority + m_process.priority_boost() + m_priority_boost + m_extra_priority;
 }
+
+#define REQUIRE_NO_PROMISES                             \
+    do {                                                \
+        if (current->process().has_promises()) {        \
+            dbg() << *current << " has made a promise"; \
+            cli();                                      \
+            current->process().crash(SIGABRT, 0);       \
+            ASSERT_NOT_REACHED();                       \
+        }                                               \
+    } while (0)
+
+#define REQUIRE_PROMISE(promise)                                    \
+    do {                                                            \
+        if (current->process().has_promises()                       \
+            && !current->process().has_promised(Pledge::promise)) { \
+            dbg() << *current << " has not pledged " << #promise;   \
+            cli();                                                  \
+            current->process().crash(SIGABRT, 0);                   \
+            ASSERT_NOT_REACHED();                                   \
+        }                                                           \
+    } while (0)

Servers/WindowServer/main.cpp

@@ -10,7 +10,7 @@
 
 int main(int, char**)
 {
-    if (pledge("stdio shared_buffer rpath wpath cpath unix proc exec fattr", nullptr) < 0) {
+    if (pledge("stdio video shared_buffer rpath wpath cpath unix proc exec fattr", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -35,7 +35,7 @@ int main(int, char**)
 
     WSEventLoop loop;
 
-    if (pledge("stdio shared_buffer rpath wpath cpath unix proc exec", nullptr) < 0) {
+    if (pledge("stdio video shared_buffer rpath wpath cpath unix proc exec", nullptr) < 0) {
         perror("pledge");
         return 1;
     }