beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-22 07:30:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

GMLPlayground: Restrict filesystem access using unveil()

Browse source
This commit is contained in:
Karol Kosek 2022-10-23 19:13:14 +02:00 committed by Linus Groh
parent 25104a30c1
commit 37729f5b91
Notes: sideshowbarker 2024-07-17 05:08:18 +09:00 
Author: https://github.com/krkk
Commit: https://github.com/SerenityOS/serenity/commit/37729f5b91
Pull-request: https://github.com/SerenityOS/serenity/pull/15784
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Userland/DevTools/GMLPlayground/main.cpp
View file

@ -67,6 +67,12 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Core::System::pledge("stdio thread recvfd sendfd cpath rpath wpath unix"));
auto app = TRY(GUI::Application::try_create(arguments));
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil(nullptr, nullptr));
TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man1/GMLPlayground.md") }));
TRY(Desktop::Launcher::seal_allowlist());