Applications: Use pledge and unveil

Applications/IRCClient/main.cpp

@@ -26,6 +26,7 @@
 
 #include "IRCAppWindow.h"
 #include "IRCClient.h"
+#include <LibCore/StandardPaths.h>
 #include <LibGUI/Application.h>
 #include <LibGUI/MessageBox.h>
 #include <stdio.h>
@@ -49,6 +50,36 @@ int main(int argc, char** argv)
         return 1;
     }
 
+    if (unveil("/tmp/portal/lookup", "rw") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil("/tmp/portal/notify", "rw") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil("/etc/passwd", "r") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil(Core::StandardPaths::home_directory().characters(), "rwc") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil("/res", "r") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil(nullptr, nullptr) < 0) {
+        perror("unveil");
+        return 1;
+    }
+
     URL url = "";
     if (app->args().size() >= 1) {
         url = URL::create_with_url_or_path(app->args()[0]);

Applications/KeyboardMapper/main.cpp

@@ -41,8 +41,18 @@ int main(int argc, char** argv)
     args_parser.add_positional_argument(path, "Keyboard character mapping file.", "file", Core::ArgsParser::Required::No);
     args_parser.parse(argc, argv);
 
+    if (pledge("stdio thread rpath accept cpath wpath shared_buffer unix fattr", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
     auto app = GUI::Application::construct(argc, argv);
 
+    if (pledge("stdio thread rpath accept cpath wpath shared_buffer", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
     auto app_icon = GUI::Icon::default_icon("app-keyboard-mapper");
 
     auto window = GUI::Window::construct();

Applications/Piano/main.cpp

@@ -45,8 +45,18 @@
 
 int main(int argc, char** argv)
 {
+    if (pledge("stdio thread rpath accept cpath wpath shared_buffer unix fattr", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
     auto app = GUI::Application::construct(argc, argv);
 
+    if (pledge("stdio thread rpath accept cpath wpath shared_buffer unix", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
     auto audio_client = Audio::ClientConnection::construct();
     audio_client->handshake();
 

Applications/Spreadsheet/main.cpp

@@ -40,6 +40,18 @@
 
 int main(int argc, char* argv[])
 {
+    if (pledge("stdio shared_buffer accept rpath unix cpath wpath fattr thread", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
+    auto app = GUI::Application::construct(argc, argv);
+
+    if (pledge("stdio thread rpath accept cpath wpath shared_buffer unix", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
     const char* filename = nullptr;
 
     Core::ArgsParser args_parser;
@@ -54,13 +66,6 @@ int main(int argc, char* argv[])
         }
     }
 
-    auto app = GUI::Application::construct(argc, argv);
-
-    if (pledge("stdio thread rpath accept cpath wpath shared_buffer unix", nullptr) < 0) {
-        perror("pledge");
-        return 1;
-    }
-
     if (unveil("/tmp/portal/webcontent", "rw") < 0) {
         perror("unveil");
         return 1;

Applications/ThemeEditor/main.cpp

@@ -66,8 +66,29 @@ private:
 
 int main(int argc, char** argv)
 {
+
+    if (pledge("stdio thread rpath accept cpath wpath shared_buffer unix fattr", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
     auto app = GUI::Application::construct(argc, argv);
 
+    if (pledge("stdio thread rpath accept shared_buffer", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
+    if (unveil("/res", "r") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil(nullptr, nullptr) < 0) {
+        perror("unveil");
+        return 1;
+    }
+
     auto app_icon = GUI::Icon::default_icon("app-theme-editor");
 
     Gfx::Palette preview_palette = app->palette();