From ed5469c1c2a2dd90011f6c8ff55bfdf8e5f82104 Mon Sep 17 00:00:00 2001 From: Brendan Coles Date: Mon, 2 Nov 2020 21:34:29 +0000 Subject: [PATCH] Applications: Use pledge and unveil --- Applications/IRCClient/main.cpp | 31 ++++++++++++++++++++++++++++ Applications/KeyboardMapper/main.cpp | 10 +++++++++ Applications/Piano/main.cpp | 10 +++++++++ Applications/Spreadsheet/main.cpp | 19 ++++++++++------- Applications/ThemeEditor/main.cpp | 21 +++++++++++++++++++ 5 files changed, 84 insertions(+), 7 deletions(-) diff --git a/Applications/IRCClient/main.cpp b/Applications/IRCClient/main.cpp index 3e65c13cd09..a0adf92c0d4 100644 --- a/Applications/IRCClient/main.cpp +++ b/Applications/IRCClient/main.cpp @@ -26,6 +26,7 @@ #include "IRCAppWindow.h" #include "IRCClient.h" +#include #include #include #include @@ -49,6 +50,36 @@ int main(int argc, char** argv) return 1; } + if (unveil("/tmp/portal/lookup", "rw") < 0) { + perror("unveil"); + return 1; + } + + if (unveil("/tmp/portal/notify", "rw") < 0) { + perror("unveil"); + return 1; + } + + if (unveil("/etc/passwd", "r") < 0) { + perror("unveil"); + return 1; + } + + if (unveil(Core::StandardPaths::home_directory().characters(), "rwc") < 0) { + perror("unveil"); + return 1; + } + + if (unveil("/res", "r") < 0) { + perror("unveil"); + return 1; + } + + if (unveil(nullptr, nullptr) < 0) { + perror("unveil"); + return 1; + } + URL url = ""; if (app->args().size() >= 1) { url = URL::create_with_url_or_path(app->args()[0]); diff --git a/Applications/KeyboardMapper/main.cpp b/Applications/KeyboardMapper/main.cpp index bbc5dbf18a2..891926e3c25 100644 --- a/Applications/KeyboardMapper/main.cpp +++ b/Applications/KeyboardMapper/main.cpp @@ -41,8 +41,18 @@ int main(int argc, char** argv) args_parser.add_positional_argument(path, "Keyboard character mapping file.", "file", Core::ArgsParser::Required::No); args_parser.parse(argc, argv); + if (pledge("stdio thread rpath accept cpath wpath shared_buffer unix fattr", nullptr) < 0) { + perror("pledge"); + return 1; + } + auto app = GUI::Application::construct(argc, argv); + if (pledge("stdio thread rpath accept cpath wpath shared_buffer", nullptr) < 0) { + perror("pledge"); + return 1; + } + auto app_icon = GUI::Icon::default_icon("app-keyboard-mapper"); auto window = GUI::Window::construct(); diff --git a/Applications/Piano/main.cpp b/Applications/Piano/main.cpp index fa002f8fc92..548bd7eb40e 100644 --- a/Applications/Piano/main.cpp +++ b/Applications/Piano/main.cpp @@ -45,8 +45,18 @@ int main(int argc, char** argv) { + if (pledge("stdio thread rpath accept cpath wpath shared_buffer unix fattr", nullptr) < 0) { + perror("pledge"); + return 1; + } + auto app = GUI::Application::construct(argc, argv); + if (pledge("stdio thread rpath accept cpath wpath shared_buffer unix", nullptr) < 0) { + perror("pledge"); + return 1; + } + auto audio_client = Audio::ClientConnection::construct(); audio_client->handshake(); diff --git a/Applications/Spreadsheet/main.cpp b/Applications/Spreadsheet/main.cpp index 643b715f231..0acf43513ba 100644 --- a/Applications/Spreadsheet/main.cpp +++ b/Applications/Spreadsheet/main.cpp @@ -40,6 +40,18 @@ int main(int argc, char* argv[]) { + if (pledge("stdio shared_buffer accept rpath unix cpath wpath fattr thread", nullptr) < 0) { + perror("pledge"); + return 1; + } + + auto app = GUI::Application::construct(argc, argv); + + if (pledge("stdio thread rpath accept cpath wpath shared_buffer unix", nullptr) < 0) { + perror("pledge"); + return 1; + } + const char* filename = nullptr; Core::ArgsParser args_parser; @@ -54,13 +66,6 @@ int main(int argc, char* argv[]) } } - auto app = GUI::Application::construct(argc, argv); - - if (pledge("stdio thread rpath accept cpath wpath shared_buffer unix", nullptr) < 0) { - perror("pledge"); - return 1; - } - if (unveil("/tmp/portal/webcontent", "rw") < 0) { perror("unveil"); return 1; diff --git a/Applications/ThemeEditor/main.cpp b/Applications/ThemeEditor/main.cpp index ec11048b15d..f4675c19d7d 100644 --- a/Applications/ThemeEditor/main.cpp +++ b/Applications/ThemeEditor/main.cpp @@ -66,8 +66,29 @@ private: int main(int argc, char** argv) { + + if (pledge("stdio thread rpath accept cpath wpath shared_buffer unix fattr", nullptr) < 0) { + perror("pledge"); + return 1; + } + auto app = GUI::Application::construct(argc, argv); + if (pledge("stdio thread rpath accept shared_buffer", nullptr) < 0) { + perror("pledge"); + return 1; + } + + if (unveil("/res", "r") < 0) { + perror("unveil"); + return 1; + } + + if (unveil(nullptr, nullptr) < 0) { + perror("unveil"); + return 1; + } + auto app_icon = GUI::Icon::default_icon("app-theme-editor"); Gfx::Palette preview_palette = app->palette();