Userland: Link directly against LibUnicodeData where needed

This is partially a revert of commits:
    10a8b6d4116c6a627a6c189154af032f69b29c21
    561b67a1add82538502ef2f5733f1d86718898ad

Rather than adding the prot_exec pledge requried to use dlopen(), we can
link directly against LibUnicodeData in applications that we know need
that library.

This might make the dlopen() dance a bit unnecessary. The same purpose
might now be fulfilled with weak symbols. That can be revisted next, but
for now, this at least removes the potential security risk of apps like
the Browser having prot_exec privileges.

Userland/Applications/Assistant/CMakeLists.txt

@@ -12,3 +12,4 @@ set(SOURCES
 
 serenity_app(Assistant ICON app-run)
 target_link_libraries(Assistant LibCore LibDesktop LibGUI LibJS LibThreading)
+link_with_unicode_data(Assistant)

Userland/Applications/Assistant/main.cpp

@@ -188,7 +188,7 @@ static constexpr size_t MAX_SEARCH_RESULTS = 6;
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd rpath cpath unix proc exec thread prot_exec", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath cpath unix proc exec thread", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/Browser/CMakeLists.txt

@@ -27,3 +27,4 @@ set(SOURCES
 
 serenity_app(Browser ICON app-browser)
 target_link_libraries(Browser LibWeb LibProtocol LibGUI LibDesktop LibConfig LibMain)
+link_with_unicode_data(Browser)

Userland/Applications/Browser/main.cpp

@@ -39,7 +39,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
         return 1;
     }
 
-    TRY(Core::System::pledge("stdio recvfd sendfd unix cpath rpath wpath prot_exec"));
+    TRY(Core::System::pledge("stdio recvfd sendfd unix cpath rpath wpath"));
 
     const char* specified_url = nullptr;
 
@@ -63,7 +63,6 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
     TRY(Core::System::unveil("/tmp/portal/image", "rw"));
     TRY(Core::System::unveil("/tmp/portal/webcontent", "rw"));
     TRY(Core::System::unveil("/tmp/portal/request", "rw"));
-    TRY(Core::System::unveil("/usr/lib/libunicodedata.so.serenity", "r"));
     TRY(Core::System::unveil(nullptr, nullptr));
 
     auto app_icon = GUI::Icon::default_icon("app-browser");

Userland/Applications/FontEditor/CMakeLists.txt

@@ -23,3 +23,4 @@ set(SOURCES
 
 serenity_app(FontEditor ICON app-font-editor)
 target_link_libraries(FontEditor LibGUI LibDesktop LibGfx LibMain)
+link_with_unicode_data(FontEditor)

Userland/Applications/FontEditor/main.cpp

@@ -20,14 +20,14 @@
 
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
-    TRY(Core::System::pledge("stdio recvfd sendfd thread rpath unix cpath wpath prot_exec"));
+    TRY(Core::System::pledge("stdio recvfd sendfd thread rpath unix cpath wpath"));
 
     auto app = TRY(GUI::Application::try_create(arguments));
 
     TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_protocol("/usr/share/man/man1/FontEditor.md") }));
     TRY(Desktop::Launcher::seal_allowlist());
 
-    TRY(Core::System::pledge("stdio recvfd sendfd thread rpath cpath wpath prot_exec"));
+    TRY(Core::System::pledge("stdio recvfd sendfd thread rpath cpath wpath"));
 
     char const* path = nullptr;
     Core::ArgsParser args_parser;

Userland/Applications/Help/CMakeLists.txt

@@ -14,3 +14,4 @@ set(SOURCES
 
 serenity_app(Help ICON app-help)
 target_link_libraries(Help LibWeb LibMarkdown LibGUI LibDesktop LibMain)
+link_with_unicode_data(Help)

Userland/Applications/Help/main.cpp

@@ -36,14 +36,13 @@
 
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
-    TRY(Core::System::pledge("stdio recvfd sendfd rpath unix prot_exec"));
+    TRY(Core::System::pledge("stdio recvfd sendfd rpath unix"));
     auto app = TRY(GUI::Application::try_create(arguments));
 
     TRY(Core::System::unveil("/res", "r"));
     TRY(Core::System::unveil("/usr/share/man", "r"));
     TRY(Core::System::unveil("/tmp/portal/launch", "rw"));
     TRY(Core::System::unveil("/tmp/portal/webcontent", "rw"));
-    TRY(Core::System::unveil("/usr/lib/libunicodedata.so.serenity", "r"));
     TRY(Core::System::unveil(nullptr, nullptr));
 
     char const* start_page = nullptr;

Userland/Applications/Spreadsheet/CMakeLists.txt

@@ -42,6 +42,7 @@ set(GENERATED_SOURCES
 
 serenity_app(Spreadsheet ICON app-spreadsheet)
 target_link_libraries(Spreadsheet LibGUI LibJS LibWeb)
+link_with_unicode_data(Spreadsheet)
 
 serenity_test(Writers/Test/TestXSVWriter.cpp Spreadsheet)
 

Userland/Applications/Spreadsheet/main.cpp

@@ -22,7 +22,7 @@
 
 int main(int argc, char* argv[])
 {
-    if (pledge("stdio recvfd sendfd rpath fattr unix cpath wpath thread prot_exec", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath fattr unix cpath wpath thread", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -69,11 +69,6 @@ int main(int argc, char* argv[])
         return 1;
     }
 
-    if (unveil("/usr/lib/libunicodedata.so.serenity", "r") < 0) {
-        perror("unveil");
-        return 1;
-    }
-
     if (unveil(nullptr, nullptr) < 0) {
         perror("unveil");
         return 1;

Userland/Applications/TextEditor/CMakeLists.txt

@@ -16,3 +16,4 @@ set(SOURCES
 
 serenity_app(TextEditor ICON app-text-editor)
 target_link_libraries(TextEditor LibWeb LibMarkdown LibGUI LibShell LibRegex LibDesktop LibCpp LibJS LibSQL LibFileSystemAccessClient LibConfig LibMain)
+link_with_unicode_data(TextEditor)

Userland/Applications/TextEditor/main.cpp

@@ -18,7 +18,7 @@ using namespace TextEditor;
 
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
-    TRY(Core::System::pledge("stdio recvfd sendfd thread rpath cpath wpath unix prot_exec"));
+    TRY(Core::System::pledge("stdio recvfd sendfd thread rpath cpath wpath unix"));
 
     auto app = TRY(GUI::Application::try_create(arguments));
 
@@ -35,7 +35,6 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
     TRY(Core::System::unveil("/tmp/portal/launch", "rw"));
     TRY(Core::System::unveil("/tmp/portal/webcontent", "rw"));
     TRY(Core::System::unveil("/tmp/portal/filesystemaccess", "rw"));
-    TRY(Core::System::unveil("/usr/lib/libunicodedata.so.serenity", "r"));
     TRY(Core::System::unveil(nullptr, nullptr));
 
     StringView preview_mode_view = preview_mode;

Userland/DevTools/HackStudio/CMakeLists.txt

@@ -51,4 +51,5 @@ set(SOURCES
 
 serenity_app(HackStudio ICON app-hack-studio)
 target_link_libraries(HackStudio LibWeb LibMarkdown LibGUI LibCpp LibGfx LibCore LibVT LibDebug LibX86 LibDiff LibShell LibSymbolication LibRegex LibSQL LibCoredump LibMain)
+link_with_unicode_data(HackStudio)
 add_dependencies(HackStudio CppLanguageServer)

Userland/Services/WebContent/CMakeLists.txt

@@ -18,3 +18,4 @@ set(SOURCES
 
 serenity_bin(WebContent)
 target_link_libraries(WebContent LibCore LibIPC LibGfx LibWeb LibMain)
+link_with_unicode_data(WebContent)

Userland/Services/WebContent/main.cpp

@@ -14,12 +14,11 @@
 ErrorOr<int> serenity_main(Main::Arguments)
 {
     Core::EventLoop event_loop;
-    TRY(Core::System::pledge("stdio recvfd sendfd accept unix rpath prot_exec"));
+    TRY(Core::System::pledge("stdio recvfd sendfd accept unix rpath"));
     TRY(Core::System::unveil("/res", "r"));
     TRY(Core::System::unveil("/tmp/portal/request", "rw"));
     TRY(Core::System::unveil("/tmp/portal/image", "rw"));
     TRY(Core::System::unveil("/tmp/portal/websocket", "rw"));
-    TRY(Core::System::unveil("/usr/lib/libunicodedata.so.serenity", "r"));
     TRY(Core::System::unveil(nullptr, nullptr));
 
     auto client = TRY(IPC::take_over_accepted_client_from_system_server<WebContent::ClientConnection>());

Userland/Utilities/CMakeLists.txt

@@ -104,6 +104,7 @@ target_link_libraries(id LibMain)
 target_link_libraries(ini LibMain)
 target_link_libraries(jp LibMain)
 target_link_libraries(js LibJS LibLine LibMain)
+link_with_unicode_data(js)
 target_link_libraries(keymap LibKeyboard LibMain)
 target_link_libraries(less LibMain)
 target_link_libraries(logout LibMain)

Userland/Utilities/js.cpp

@@ -1195,7 +1195,7 @@ private:
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
 #ifdef __serenity__
-    TRY(Core::System::pledge("stdio rpath wpath cpath tty sigaction prot_exec"));
+    TRY(Core::System::pledge("stdio rpath wpath cpath tty sigaction"));
 #endif
 
     bool gc_on_every_allocation = false;