mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-06-19 08:41:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions10

SystemServer+LoginServer+Userland: Switch to sid-based sockets

Browse source 
This commit does three things atomically:
- switch over Core::Account+SystemServer+LoginServer to sid based socket
  names.
- change socket names with %uid to %sid.
- add/update necessary pledges and unveils.

Userland: Switch over servers to sid based sockets

Userland: Properly pledge and unveil for sid based sockets
This commit is contained in:
Peter Elliott 2022-09-06 00:04:06 -06:00 committed by Andreas Kling
parent 1df4cc1926
commit 7af5eef0dd
Notes: sideshowbarker 2024-07-17 06:24:21 +09:00
50 changed files with 134 additions and 130 deletions
Base/home/anon/.config
SystemServer.ini
Userland
Applets
Audio
main.cpp
ClipboardHistory
main.cpp
Network
main.cpp
Applications
3DFileViewer
main.cpp
Browser
main.cpp
Help
main.cpp
HexEditor
main.cpp
Magnifier
main.cpp
Mail
main.cpp
PDFViewer
main.cpp
PixelPaint
main.cpp
Spreadsheet
main.cpp
Terminal
main.cpp
TextEditor
main.cpp
ThemeEditor
main.cpp
Welcome
main.cpp
Demos
Eyes
main.cpp
WidgetGallery
main.cpp
DevTools
HackStudio/LanguageClients
ConnectionsToServer.h
Inspector
InspectorServerClient.h
Games
2048
main.cpp
Chess
main.cpp
FlappyBug
main.cpp
GameOfLife
main.cpp
Hearts
main.cpp
MasterWord
main.cpp
Minesweeper
main.cpp
Snake
main.cpp
Libraries
LibAudio
ConnectionToServer.h
LibConfig
Client.h
LibCore
Account.cppAccount.hEventLoop.cppLocalServer.cppSystem.cpp
LibDesktop
Launcher.cpp
LibFileSystemAccessClient
Client.h
LibGUI
Notification.cpp
LibIPC
ConnectionToServer.h
LibImageDecoderClient
Client.h
LibProtocol
RequestClient.hWebSocketClient.h
LibSQL
SQLClient.h
LibWebView
WebContentClient.h
Services
InspectorServer
main.cpp
LoginServer
main.cpp
SystemServer
Service.cpp
WebContent
main.cpp
Utilities
aplay.cpp

27
Base/home/anon/.config/SystemServer.ini
View file

@ -1,9 +1,9 @@
[ConfigServer] [ConfigServer]
Socket=/tmp/user/%uid/portal/config Socket=/tmp/session/%sid/portal/config
SocketPermissions=600 SocketPermissions=600
[RequestServer] [RequestServer]
Socket=/tmp/user/%uid/portal/request Socket=/tmp/session/%sid/portal/request
SocketPermissions=600 SocketPermissions=600
Lazy=true Lazy=true
Priority=low Priority=low
@ -12,7 +12,7 @@ MultiInstance=true
AcceptSocketConnections=true AcceptSocketConnections=true
[WebContent] [WebContent]
Socket=/tmp/user/%uid/portal/webcontent Socket=/tmp/session/%sid/portal/webcontent
SocketPermissions=600 SocketPermissions=600
Lazy=true Lazy=true
SystemModes=graphical SystemModes=graphical
@ -20,7 +20,7 @@ MultiInstance=true
AcceptSocketConnections=true AcceptSocketConnections=true
[WebSocket] [WebSocket]
Socket=/tmp/user/%uid/portal/websocket Socket=/tmp/session/%sid/portal/websocket
SocketPermissions=600 SocketPermissions=600
Lazy=true Lazy=true
Priority=low Priority=low
@ -29,7 +29,7 @@ MultiInstance=true
AcceptSocketConnections=true AcceptSocketConnections=true
[FileSystemAccessServer] [FileSystemAccessServer]
Socket=/tmp/user/%uid/portal/filesystemaccess Socket=/tmp/session/%sid/portal/filesystemaccess
SocketPermissions=660 SocketPermissions=660
Lazy=true Lazy=true
Priority=low Priority=low
@ -38,7 +38,7 @@ MultiInstance=true
AcceptSocketConnections=true AcceptSocketConnections=true
[ImageDecoder] [ImageDecoder]
Socket=/tmp/user/%uid/portal/image Socket=/tmp/session/%sid/portal/image
SocketPermissions=600 SocketPermissions=600
Lazy=true Lazy=true
SystemModes=graphical SystemModes=graphical
@ -46,46 +46,46 @@ MultiInstance=true
AcceptSocketConnections=true AcceptSocketConnections=true
[NotificationServer] [NotificationServer]
Socket=/tmp/user/%uid/portal/notify Socket=/tmp/session/%sid/portal/notify
SocketPermissions=600 SocketPermissions=600
Lazy=true Lazy=true
Priority=low Priority=low
KeepAlive=true KeepAlive=true
[InspectorServer] [InspectorServer]
Socket=/tmp/user/%uid/portal/inspector,/tmp/user/%uid/portal/inspectables Socket=/tmp/session/%sid/portal/inspector,/tmp/session/%sid/portal/inspectables
SocketPermissions=600,666 SocketPermissions=600,666
KeepAlive=true KeepAlive=true
[AudioServer] [AudioServer]
Socket=/tmp/user/%uid/portal/audio Socket=/tmp/session/%sid/portal/audio
Priority=high Priority=high
KeepAlive=true KeepAlive=true
SystemModes=text,graphical SystemModes=text,graphical
[CppLanguageServer] [CppLanguageServer]
Socket=/tmp/user/%uid/portal/language/cpp Socket=/tmp/session/%sid/portal/language/cpp
SocketPermissions=600 SocketPermissions=600
Lazy=true Lazy=true
MultiInstance=true MultiInstance=true
AcceptSocketConnections=true AcceptSocketConnections=true
[ShellLanguageServer] [ShellLanguageServer]
Socket=/tmp/user/%uid/portal/language/shell Socket=/tmp/session/%sid/portal/language/shell
SocketPermissions=600 SocketPermissions=600
Lazy=true Lazy=true
MultiInstance=true MultiInstance=true
AcceptSocketConnections=true AcceptSocketConnections=true
[SQLServer] [SQLServer]
Socket=/tmp/user/%uid/portal/sql Socket=/tmp/session/%sid/portal/sql
SocketPermissions=600 SocketPermissions=600
Priority=low Priority=low
Lazy=true Lazy=true
KeepAlive=true KeepAlive=true
[LaunchServer] [LaunchServer]
Socket=/tmp/user/%uid/portal/launch Socket=/tmp/session/%sid/portal/launch
SocketPermissions=600 SocketPermissions=600
Lazy=true Lazy=true
SystemModes=text,graphical SystemModes=text,graphical
@ -126,4 +126,3 @@ KeepAlive=true
[Terminal] [Terminal]
WorkingDirectory=/home/anon WorkingDirectory=/home/anon

5
Userland/Applets/Audio/main.cpp
View file

@ -237,12 +237,13 @@ private:
ErrorOr<int> serenity_main(Main::Arguments arguments) ErrorOr<int> serenity_main(Main::Arguments arguments)
{ {
TRY(Core::System::pledge("stdio recvfd sendfd rpath wpath cpath unix thread")); TRY(Core::System::pledge("stdio recvfd sendfd rpath wpath cpath unix thread proc"));
auto app = TRY(GUI::Application::try_create(arguments)); auto app = TRY(GUI::Application::try_create(arguments));
Config::pledge_domain("AudioApplet"); Config::pledge_domain("AudioApplet");
TRY(Core::System::unveil("/tmp/user/%uid/portal/audio", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/audio", "rw"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
auto window = TRY(GUI::Window::try_create()); auto window = TRY(GUI::Window::try_create());

2
Userland/Applets/ClipboardHistory/main.cpp
View file

@ -17,7 +17,7 @@
ErrorOr<int> serenity_main(Main::Arguments arguments) ErrorOr<int> serenity_main(Main::Arguments arguments)
{ {
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix")); TRY(Core::System::pledge("stdio recvfd sendfd rpath unix proc"));
auto app = TRY(GUI::Application::try_create(arguments)); auto app = TRY(GUI::Application::try_create(arguments));
Config::pledge_domain("ClipboardHistory"); Config::pledge_domain("ClipboardHistory");

2
Userland/Applets/Network/main.cpp
View file

@ -166,8 +166,8 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix proc exec")); TRY(Core::System::pledge("stdio recvfd sendfd rpath unix proc exec"));
auto app = TRY(GUI::Application::try_create(arguments)); auto app = TRY(GUI::Application::try_create(arguments));
TRY(Core::System::unveil("/tmp/session/%sid/portal/notify", "rw"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/notify", "rw"));
TRY(Core::System::unveil("/proc/net/adapters", "r")); TRY(Core::System::unveil("/proc/net/adapters", "r"));
TRY(Core::System::unveil("/bin/SystemMonitor", "x")); TRY(Core::System::unveil("/bin/SystemMonitor", "x"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));

4
Userland/Applications/3DFileViewer/main.cpp
View file

@ -358,9 +358,9 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
{ {
auto app = TRY(GUI::Application::try_create(arguments)); auto app = TRY(GUI::Application::try_create(arguments));
TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix prot_exec")); TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix prot_exec proc"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/home/anon/Documents/3D Models", "r")); TRY(Core::System::unveil("/home/anon/Documents/3D Models", "r"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/usr/lib", "r")); TRY(Core::System::unveil("/usr/lib", "r"));

10
Userland/Applications/Browser/main.cpp
View file

@ -80,14 +80,16 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Desktop::Launcher::add_allowed_url(URL::create_with_file_scheme(Core::StandardPaths::downloads_directory()))); TRY(Desktop::Launcher::add_allowed_url(URL::create_with_file_scheme(Core::StandardPaths::downloads_directory())));
TRY(Desktop::Launcher::seal_allowlist()); TRY(Desktop::Launcher::seal_allowlist());
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/image", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/request", "rw"));
TRY(Core::System::unveil("/home", "rwc")); TRY(Core::System::unveil("/home", "rwc"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/etc/passwd", "r")); TRY(Core::System::unveil("/etc/passwd", "r"));
TRY(Core::System::unveil("/etc/timezone", "r")); TRY(Core::System::unveil("/etc/timezone", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/image", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/request", "rw"));
TRY(Core::System::unveil("/bin/BrowserSettings", "x")); TRY(Core::System::unveil("/bin/BrowserSettings", "x"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));

9
Userland/Applications/Help/main.cpp
View file

@ -28,14 +28,15 @@ static String parse_input(StringView input)
ErrorOr<int> serenity_main(Main::Arguments arguments) ErrorOr<int> serenity_main(Main::Arguments arguments)
{ {
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix")); TRY(Core::System::pledge("stdio recvfd sendfd rpath unix proc"));
auto app = TRY(GUI::Application::try_create(arguments)); auto app = TRY(GUI::Application::try_create(arguments));
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/usr/share/man", "r")); TRY(Core::System::unveil("/usr/share/man", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
String start_page; String start_page;

4
Userland/Applications/HexEditor/main.cpp
View file

@ -20,7 +20,7 @@
ErrorOr<int> serenity_main(Main::Arguments arguments) ErrorOr<int> serenity_main(Main::Arguments arguments)
{ {
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix cpath wpath thread")); TRY(Core::System::pledge("stdio recvfd sendfd rpath unix cpath wpath thread proc"));
auto app = TRY(GUI::Application::try_create(arguments)); auto app = TRY(GUI::Application::try_create(arguments));
@ -43,8 +43,8 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
return GUI::Window::CloseRequestDecision::StayOpen; return GUI::Window::CloseRequestDecision::StayOpen;
}; };
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
hex_editor_widget->initialize_menubar(*window); hex_editor_widget->initialize_menubar(*window);

4
Userland/Applications/Magnifier/main.cpp
View file

@ -37,11 +37,11 @@ static ErrorOr<ByteBuffer> dump_bitmap(RefPtr<Gfx::Bitmap> bitmap, AK::StringVie
ErrorOr<int> serenity_main(Main::Arguments arguments) ErrorOr<int> serenity_main(Main::Arguments arguments)
{ {
TRY(Core::System::pledge("stdio cpath rpath recvfd sendfd unix")); TRY(Core::System::pledge("stdio cpath rpath recvfd sendfd unix proc"));
auto app = TRY(GUI::Application::try_create(arguments)); auto app = TRY(GUI::Application::try_create(arguments));
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
auto app_icon = GUI::Icon::default_icon("app-magnifier"sv); auto app_icon = GUI::Icon::default_icon("app-magnifier"sv);

7
Userland/Applications/Mail/main.cpp
View file

@ -18,17 +18,18 @@
ErrorOr<int> serenity_main(Main::Arguments arguments) ErrorOr<int> serenity_main(Main::Arguments arguments)
{ {
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix inet")); TRY(Core::System::pledge("stdio recvfd sendfd rpath unix inet proc"));
auto app = TRY(GUI::Application::try_create(arguments)); auto app = TRY(GUI::Application::try_create(arguments));
Config::pledge_domain("Mail"); Config::pledge_domain("Mail");
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/etc", "r")); TRY(Core::System::unveil("/etc", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw"));
TRY(Core::System::unveil("/tmp/portal/lookup", "rw")); TRY(Core::System::unveil("/tmp/portal/lookup", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
TRY(Desktop::Launcher::add_allowed_url(URL::create_with_file_scheme("/bin/MailSettings"))); TRY(Desktop::Launcher::add_allowed_url(URL::create_with_file_scheme("/bin/MailSettings")));

4
Userland/Applications/PDFViewer/main.cpp
View file

@ -32,10 +32,10 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
window->set_title("PDF Viewer"); window->set_title("PDF Viewer");
window->resize(640, 400); window->resize(640, 400);
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix")); TRY(Core::System::pledge("stdio recvfd sendfd rpath unix proc"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
auto pdf_viewer_widget = TRY(window->try_set_main_widget<PDFViewerWidget>()); auto pdf_viewer_widget = TRY(window->try_set_main_widget<PDFViewerWidget>());

7
Userland/Applications/PixelPaint/main.cpp
View file

@ -21,7 +21,7 @@
ErrorOr<int> serenity_main(Main::Arguments arguments) ErrorOr<int> serenity_main(Main::Arguments arguments)
{ {
TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix wpath cpath")); TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix wpath cpath proc"));
auto app = TRY(GUI::Application::try_create(arguments)); auto app = TRY(GUI::Application::try_create(arguments));
Config::pledge_domain("PixelPaint"); Config::pledge_domain("PixelPaint");
@ -31,10 +31,11 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
args_parser.add_positional_argument(image_file, "Image file to open", "path", Core::ArgsParser::Required::No); args_parser.add_positional_argument(image_file, "Image file to open", "path", Core::ArgsParser::Required::No);
args_parser.parse(arguments); args_parser.parse(arguments);
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/portal/clipboard", "rw")); TRY(Core::System::unveil("/tmp/portal/clipboard", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/image", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/image", "rw"));
TRY(Core::System::unveil("/etc/FileIconProvider.ini", "r")); TRY(Core::System::unveil("/etc/FileIconProvider.ini", "r"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));

4
Userland/Applications/Spreadsheet/main.cpp
View file

@ -26,7 +26,7 @@
ErrorOr<int> serenity_main(Main::Arguments arguments) ErrorOr<int> serenity_main(Main::Arguments arguments)
{ {
TRY(Core::System::pledge("stdio recvfd sendfd rpath fattr unix cpath wpath thread")); TRY(Core::System::pledge("stdio recvfd sendfd rpath fattr unix cpath wpath thread proc"));
auto app = TRY(GUI::Application::try_create(arguments)); auto app = TRY(GUI::Application::try_create(arguments));
@ -44,7 +44,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
} }
} }
TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw"));
// For writing temporary files when exporting. // For writing temporary files when exporting.
TRY(Core::System::unveil("/tmp", "crw")); TRY(Core::System::unveil("/tmp", "crw"));
TRY(Core::System::unveil("/etc", "r")); TRY(Core::System::unveil("/etc", "r"));

5
Userland/Applications/Terminal/main.cpp
View file

@ -422,6 +422,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
return GUI::Window::CloseRequestDecision::StayOpen; return GUI::Window::CloseRequestDecision::StayOpen;
}; };
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/bin", "r")); TRY(Core::System::unveil("/bin", "r"));
TRY(Core::System::unveil("/proc", "r")); TRY(Core::System::unveil("/proc", "r"));
@ -429,8 +430,8 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Core::System::unveil("/bin/TerminalSettings", "x")); TRY(Core::System::unveil("/bin/TerminalSettings", "x"));
TRY(Core::System::unveil("/bin/utmpupdate", "x")); TRY(Core::System::unveil("/bin/utmpupdate", "x"));
TRY(Core::System::unveil("/etc/FileIconProvider.ini", "r")); TRY(Core::System::unveil("/etc/FileIconProvider.ini", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/config", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/config", "rw"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
auto modified_state_check_timer = Core::Timer::create_repeating(500, [&] { auto modified_state_check_timer = Core::Timer::create_repeating(500, [&] {

9
Userland/Applications/TextEditor/main.cpp
View file

@ -18,7 +18,7 @@ using namespace TextEditor;
ErrorOr<int> serenity_main(Main::Arguments arguments) ErrorOr<int> serenity_main(Main::Arguments arguments)
{ {
TRY(Core::System::pledge("stdio recvfd sendfd thread rpath cpath wpath unix")); TRY(Core::System::pledge("stdio recvfd sendfd thread rpath cpath wpath unix proc"));
auto app = TRY(GUI::Application::try_create(arguments)); auto app = TRY(GUI::Application::try_create(arguments));
@ -31,10 +31,11 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
parser.add_positional_argument(file_to_edit, "File to edit, with optional starting line and column number", "file[:line[:column]]", Core::ArgsParser::Required::No); parser.add_positional_argument(file_to_edit, "File to edit, with optional starting line and column number", "file[:line[:column]]", Core::ArgsParser::Required::No);
parser.parse(arguments); parser.parse(arguments);
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
auto app_icon = GUI::Icon::default_icon("app-text-editor"sv); auto app_icon = GUI::Icon::default_icon("app-text-editor"sv);

4
Userland/Applications/ThemeEditor/main.cpp
View file

@ -38,8 +38,8 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
if (!file_to_edit.is_empty()) if (!file_to_edit.is_empty())
path = Core::File::absolute_path(file_to_edit); path = Core::File::absolute_path(file_to_edit);
TRY(Core::System::pledge("stdio recvfd sendfd thread rpath unix")); TRY(Core::System::pledge("stdio recvfd sendfd thread rpath unix proc"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));

5
Userland/Applications/Welcome/main.cpp
View file

@ -19,10 +19,11 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
Config::pledge_domain("SystemServer"); Config::pledge_domain("SystemServer");
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/home", "r")); TRY(Core::System::unveil("/home", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw"));
TRY(Core::System::unveil("/bin/Help", "x")); TRY(Core::System::unveil("/bin/Help", "x"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-welcome"sv)); auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-welcome"sv));

4
Userland/Demos/Eyes/main.cpp
View file

@ -36,12 +36,12 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
args_parser.add_option(hide_window_frame, "Hide window frame", "hide-window", 'h'); args_parser.add_option(hide_window_frame, "Hide window frame", "hide-window", 'h');
args_parser.parse(arguments); args_parser.parse(arguments);
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix cpath wpath thread")); TRY(Core::System::pledge("stdio recvfd sendfd rpath unix cpath wpath thread proc"));
auto app = TRY(GUI::Application::try_create(arguments)); auto app = TRY(GUI::Application::try_create(arguments));
TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
if ((grid_rows > 0) ^ (grid_columns > 0)) { if ((grid_rows > 0) ^ (grid_columns > 0)) {

4
Userland/Demos/WidgetGallery/main.cpp
View file

@ -14,11 +14,11 @@
ErrorOr<int> serenity_main(Main::Arguments arguments) ErrorOr<int> serenity_main(Main::Arguments arguments)
{ {
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix thread")); TRY(Core::System::pledge("stdio recvfd sendfd rpath unix thread proc"));
auto app = TRY(GUI::Application::try_create(arguments, Core::EventLoop::MakeInspectable::Yes)); auto app = TRY(GUI::Application::try_create(arguments, Core::EventLoop::MakeInspectable::Yes));
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/etc/FileIconProvider.ini", "r")); TRY(Core::System::unveil("/etc/FileIconProvider.ini", "r"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-widget-gallery"sv)); auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-widget-gallery"sv));

2
Userland/DevTools/HackStudio/LanguageClients/ConnectionsToServer.h
View file

@ -15,7 +15,7 @@
#define LANGUAGE_CLIENT(language_name_, socket_name) \ #define LANGUAGE_CLIENT(language_name_, socket_name) \
namespace language_name_ { \ namespace language_name_ { \
class ConnectionToServer final : public HackStudio::ConnectionToServer { \ class ConnectionToServer final : public HackStudio::ConnectionToServer { \
IPC_CLIENT_CONNECTION(ConnectionToServer, "/tmp/user/%uid/portal/language/" socket_name) \ IPC_CLIENT_CONNECTION(ConnectionToServer, "/tmp/session/%sid/portal/language/" socket_name) \
public: \ public: \
static char const* language_name() { return #language_name_; } \ static char const* language_name() { return #language_name_; } \
\ \

2
Userland/DevTools/Inspector/InspectorServerClient.h
View file

@ -15,7 +15,7 @@ namespace Inspector {
class InspectorServerClient final class InspectorServerClient final
: public IPC::ConnectionToServer<InspectorClientEndpoint, InspectorServerEndpoint> : public IPC::ConnectionToServer<InspectorClientEndpoint, InspectorServerEndpoint>
, public InspectorClientEndpoint { , public InspectorClientEndpoint {
IPC_CLIENT_CONNECTION(InspectorServerClient, "/tmp/user/%uid/portal/inspector"sv) IPC_CLIENT_CONNECTION(InspectorServerClient, "/tmp/session/%sid/portal/inspector"sv)
public: public:
virtual ~InspectorServerClient() override = default; virtual ~InspectorServerClient() override = default;

4
Userland/Games/2048/main.cpp
View file

@ -28,7 +28,7 @@
ErrorOr<int> serenity_main(Main::Arguments arguments) ErrorOr<int> serenity_main(Main::Arguments arguments)
{ {
TRY(Core::System::pledge("stdio rpath recvfd sendfd unix")); TRY(Core::System::pledge("stdio rpath recvfd sendfd unix proc"));
srand(time(nullptr)); srand(time(nullptr));
@ -44,8 +44,8 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Core::System::pledge("stdio rpath recvfd sendfd")); TRY(Core::System::pledge("stdio rpath recvfd sendfd"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
size_t board_size = Config::read_i32("2048"sv, ""sv, "board_size"sv, 4); size_t board_size = Config::read_i32("2048"sv, ""sv, "board_size"sv, 4);

6
Userland/Games/Chess/main.cpp
View file

@ -36,11 +36,11 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
auto window = TRY(GUI::Window::try_create()); auto window = TRY(GUI::Window::try_create());
auto widget = TRY(window->try_set_main_widget<ChessWidget>()); auto widget = TRY(window->try_set_main_widget<ChessWidget>());
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/bin/ChessEngine", "x")); TRY(Core::System::unveil("/bin/ChessEngine", "x"));
TRY(Core::System::unveil("/etc/passwd", "r")); TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
auto size = Config::read_i32("Chess"sv, "Display"sv, "size"sv, 512); auto size = Config::read_i32("Chess"sv, "Display"sv, "size"sv, 512);

4
Userland/Games/FlappyBug/main.cpp
View file

@ -28,10 +28,10 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/FlappyBug.md") })); TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/FlappyBug.md") }));
TRY(Desktop::Launcher::seal_allowlist()); TRY(Desktop::Launcher::seal_allowlist());
TRY(Core::System::pledge("stdio rpath recvfd sendfd")); TRY(Core::System::pledge("stdio rpath recvfd sendfd proc"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
u32 high_score = Config::read_i32("FlappyBug"sv, "Game"sv, "HighScore"sv, 0); u32 high_score = Config::read_i32("FlappyBug"sv, "Game"sv, "HighScore"sv, 0);

4
Userland/Games/GameOfLife/main.cpp
View file

@ -34,10 +34,10 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/GameOfLife.md") })); TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/GameOfLife.md") }));
TRY(Desktop::Launcher::seal_allowlist()); TRY(Desktop::Launcher::seal_allowlist());
TRY(Core::System::pledge("stdio rpath recvfd sendfd")); TRY(Core::System::pledge("stdio rpath recvfd sendfd proc"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-gameoflife"sv)); auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-gameoflife"sv));

4
Userland/Games/Hearts/main.cpp
View file

@ -40,10 +40,10 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/Hearts.md") })); TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/Hearts.md") }));
TRY(Desktop::Launcher::seal_allowlist()); TRY(Desktop::Launcher::seal_allowlist());
TRY(Core::System::pledge("stdio recvfd sendfd rpath")); TRY(Core::System::pledge("stdio recvfd sendfd rpath proc"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
auto window = TRY(GUI::Window::try_create()); auto window = TRY(GUI::Window::try_create());

4
Userland/Games/MasterWord/main.cpp
View file

@ -30,10 +30,10 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/MasterWord.md") })); TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/MasterWord.md") }));
TRY(Desktop::Launcher::seal_allowlist()); TRY(Desktop::Launcher::seal_allowlist());
TRY(Core::System::pledge("stdio rpath recvfd sendfd")); TRY(Core::System::pledge("stdio rpath recvfd sendfd proc"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-masterword"sv)); auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-masterword"sv));

4
Userland/Games/Minesweeper/main.cpp
View file

@ -36,10 +36,10 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/Minesweeper.md") })); TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/Minesweeper.md") }));
TRY(Desktop::Launcher::seal_allowlist()); TRY(Desktop::Launcher::seal_allowlist());
TRY(Core::System::pledge("stdio rpath recvfd sendfd")); TRY(Core::System::pledge("stdio rpath recvfd sendfd proc"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-minesweeper"sv)); auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-minesweeper"sv));

4
Userland/Games/Snake/main.cpp
View file

@ -31,10 +31,10 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/Snake.md") })); TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/Snake.md") }));
TRY(Desktop::Launcher::seal_allowlist()); TRY(Desktop::Launcher::seal_allowlist());
TRY(Core::System::pledge("stdio rpath recvfd sendfd")); TRY(Core::System::pledge("stdio rpath recvfd sendfd proc"));
TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-snake"sv)); auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-snake"sv));

2
Userland/Libraries/LibAudio/ConnectionToServer.h
View file

@ -26,7 +26,7 @@ namespace Audio {
class ConnectionToServer final class ConnectionToServer final
: public IPC::ConnectionToServer<AudioClientEndpoint, AudioServerEndpoint> : public IPC::ConnectionToServer<AudioClientEndpoint, AudioServerEndpoint>
, public AudioClientEndpoint { , public AudioClientEndpoint {
IPC_CLIENT_CONNECTION(ConnectionToServer, "/tmp/user/%uid/portal/audio"sv) IPC_CLIENT_CONNECTION(ConnectionToServer, "/tmp/session/%sid/portal/audio"sv)
public: public:
virtual ~ConnectionToServer() override; virtual ~ConnectionToServer() override;

2
Userland/Libraries/LibConfig/Client.h
View file

@ -18,7 +18,7 @@ namespace Config {
class Client final class Client final
: public IPC::ConnectionToServer<ConfigClientEndpoint, ConfigServerEndpoint> : public IPC::ConnectionToServer<ConfigClientEndpoint, ConfigServerEndpoint>
, public ConfigClientEndpoint { , public ConfigClientEndpoint {
IPC_CLIENT_CONNECTION(Client, "/tmp/user/%uid/portal/config"sv) IPC_CLIENT_CONNECTION(Client, "/tmp/session/%sid/portal/config"sv)
public: public:
void pledge_domains(Vector<String> const&); void pledge_domains(Vector<String> const&);

17
Userland/Libraries/LibCore/Account.cpp
View file

@ -68,15 +68,6 @@ ErrorOr<Account> Account::from_passwd(passwd const& pwd, spwd const& spwd)
return account; return account;
} }
String Account::parse_path_with_uid(StringView general_path, Optional<uid_t> uid)
{
if (general_path.contains("%uid"sv)) {
auto const final_uid = uid.has_value() ? uid.value() : getuid();
return general_path.replace("%uid"sv, String::number(final_uid), ReplaceMode::All);
}
return general_path;
}
ErrorOr<Account> Account::self([[maybe_unused]] Read options) ErrorOr<Account> Account::self([[maybe_unused]] Read options)
{ {
Vector<gid_t> extra_gids = TRY(Core::System::getgroups()); Vector<gid_t> extra_gids = TRY(Core::System::getgroups());
@ -149,14 +140,6 @@ bool Account::authenticate(SecretString const& password) const
return hash != nullptr && AK::timing_safe_compare(hash, m_password_hash.characters(), m_password_hash.length()); return hash != nullptr && AK::timing_safe_compare(hash, m_password_hash.characters(), m_password_hash.length());
} }
ErrorOr<void> Account::create_user_temporary_directory_if_needed() const
{
auto const temporary_directory = String::formatted("/tmp/user/{}", m_uid);
auto directory = TRY(Core::Directory::create(temporary_directory, Core::Directory::CreateDirectories::Yes));
TRY(directory.chown(m_uid, m_gid));
return {};
}
ErrorOr<void> Account::login() const ErrorOr<void> Account::login() const
{ {
TRY(Core::System::setgroups(m_extra_gids)); TRY(Core::System::setgroups(m_extra_gids));

3
Userland/Libraries/LibCore/Account.h
View file

@ -32,7 +32,6 @@ public:
PasswdOnly PasswdOnly
}; };
static String parse_path_with_uid(StringView general_path, Optional<uid_t> force_uid = {});
static ErrorOr<Account> self(Read options = Read::All); static ErrorOr<Account> self(Read options = Read::All);
static ErrorOr<Account> from_name(StringView username, Read options = Read::All); static ErrorOr<Account> from_name(StringView username, Read options = Read::All);
static ErrorOr<Account> from_uid(uid_t uid, Read options = Read::All); static ErrorOr<Account> from_uid(uid_t uid, Read options = Read::All);
@ -40,8 +39,6 @@ public:
bool authenticate(SecretString const& password) const; bool authenticate(SecretString const& password) const;
ErrorOr<void> login() const; ErrorOr<void> login() const;
ErrorOr<void> create_user_temporary_directory_if_needed() const;
String username() const { return m_username; } String username() const { return m_username; }
String password_hash() const { return m_password_hash; } String password_hash() const { return m_password_hash; }

8
Userland/Libraries/LibCore/EventLoop.cpp
View file

@ -22,6 +22,7 @@
#include <LibCore/LocalServer.h> #include <LibCore/LocalServer.h>
#include <LibCore/Notifier.h> #include <LibCore/Notifier.h>
#include <LibCore/Object.h> #include <LibCore/Object.h>
#include <LibCore/SessionManagement.h>
#include <LibThreading/Mutex.h> #include <LibThreading/Mutex.h>
#include <LibThreading/MutexProtected.h> #include <LibThreading/MutexProtected.h>
#include <errno.h> #include <errno.h>
@ -361,7 +362,12 @@ EventLoop::~EventLoop()
bool connect_to_inspector_server() bool connect_to_inspector_server()
{ {
#ifdef __serenity__ #ifdef __serenity__
auto inspector_server_path = Account::parse_path_with_uid("/tmp/user/%uid/portal/inspectables"sv); auto maybe_path = SessionManagement::parse_path_with_sid("/tmp/session/%sid/portal/inspectables"sv);
if (maybe_path.is_error()) {
dbgln("connect_to_inspector_server: {}", maybe_path.error());
return false;
}
auto inspector_server_path = maybe_path.value();
auto maybe_socket = Stream::LocalSocket::connect(inspector_server_path); auto maybe_socket = Stream::LocalSocket::connect(inspector_server_path);
if (maybe_socket.is_error()) { if (maybe_socket.is_error()) {
dbgln("connect_to_inspector_server: Failed to connect: {}", maybe_socket.error()); dbgln("connect_to_inspector_server: Failed to connect: {}", maybe_socket.error());

4
Userland/Libraries/LibCore/LocalServer.cpp
View file

@ -4,9 +4,9 @@
* SPDX-License-Identifier: BSD-2-Clause * SPDX-License-Identifier: BSD-2-Clause
*/ */
#include <LibCore/Account.h>
#include <LibCore/LocalServer.h> #include <LibCore/LocalServer.h>
#include <LibCore/Notifier.h> #include <LibCore/Notifier.h>
#include <LibCore/SessionManagement.h>
#include <LibCore/Stream.h> #include <LibCore/Stream.h>
#include <LibCore/System.h> #include <LibCore/System.h>
#include <LibCore/SystemServerTakeover.h> #include <LibCore/SystemServerTakeover.h>
@ -38,7 +38,7 @@ ErrorOr<void> LocalServer::take_over_from_system_server(String const& socket_pat
if (m_listening) if (m_listening)
return Error::from_string_literal("Core::LocalServer: Can't perform socket takeover when already listening"); return Error::from_string_literal("Core::LocalServer: Can't perform socket takeover when already listening");
auto const parsed_path = Core::Account::parse_path_with_uid(socket_path); auto const parsed_path = TRY(Core::SessionManagement::parse_path_with_sid(socket_path));
auto socket = TRY(take_over_socket_from_system_server(parsed_path)); auto socket = TRY(take_over_socket_from_system_server(parsed_path));
m_fd = TRY(socket->release_fd()); m_fd = TRY(socket->release_fd());

3
Userland/Libraries/LibCore/System.cpp
View file

@ -13,6 +13,7 @@
#include <AK/String.h> #include <AK/String.h>
#include <AK/Vector.h> #include <AK/Vector.h>
#include <LibCore/File.h> #include <LibCore/File.h>
#include <LibCore/SessionManagement.h>
#include <LibCore/System.h> #include <LibCore/System.h>
#include <limits.h> #include <limits.h>
#include <stdarg.h> #include <stdarg.h>
@ -82,7 +83,7 @@ ErrorOr<void> pledge(StringView promises, StringView execpromises)
ErrorOr<void> unveil(StringView path, StringView permissions) ErrorOr<void> unveil(StringView path, StringView permissions)
{ {
auto const parsed_path = Core::Account::parse_path_with_uid(path); auto const parsed_path = TRY(Core::SessionManagement::parse_path_with_sid(path));
Syscall::SC_unveil_params params { Syscall::SC_unveil_params params {
{ parsed_path.characters(), parsed_path.length() }, { parsed_path.characters(), parsed_path.length() },

2
Userland/Libraries/LibDesktop/Launcher.cpp
View file

@ -36,7 +36,7 @@ auto Launcher::Details::from_details_str(String const& details_str) -> NonnullRe
class ConnectionToLaunchServer final class ConnectionToLaunchServer final
: public IPC::ConnectionToServer<LaunchClientEndpoint, LaunchServerEndpoint> : public IPC::ConnectionToServer<LaunchClientEndpoint, LaunchServerEndpoint>
, public LaunchClientEndpoint { , public LaunchClientEndpoint {
IPC_CLIENT_CONNECTION(ConnectionToLaunchServer, "/tmp/user/%uid/portal/launch"sv) IPC_CLIENT_CONNECTION(ConnectionToLaunchServer, "/tmp/session/%sid/portal/launch"sv)
private: private:
ConnectionToLaunchServer(NonnullOwnPtr<Core::Stream::LocalSocket> socket) ConnectionToLaunchServer(NonnullOwnPtr<Core::Stream::LocalSocket> socket)
: IPC::ConnectionToServer<LaunchClientEndpoint, LaunchServerEndpoint>(*this, move(socket)) : IPC::ConnectionToServer<LaunchClientEndpoint, LaunchServerEndpoint>(*this, move(socket))

2
Userland/Libraries/LibFileSystemAccessClient/Client.h
View file

@ -23,7 +23,7 @@ using Result = ErrorOr<NonnullRefPtr<Core::File>>;
class Client final class Client final
: public IPC::ConnectionToServer<FileSystemAccessClientEndpoint, FileSystemAccessServerEndpoint> : public IPC::ConnectionToServer<FileSystemAccessClientEndpoint, FileSystemAccessServerEndpoint>
, public FileSystemAccessClientEndpoint { , public FileSystemAccessClientEndpoint {
IPC_CLIENT_CONNECTION(Client, "/tmp/user/%uid/portal/filesystemaccess"sv) IPC_CLIENT_CONNECTION(Client, "/tmp/session/%sid/portal/filesystemaccess"sv)
public: public:
Result try_request_file_read_only_approved(GUI::Window* parent_window, String const& path); Result try_request_file_read_only_approved(GUI::Window* parent_window, String const& path);

2
Userland/Libraries/LibGUI/Notification.cpp
View file

@ -15,7 +15,7 @@ namespace GUI {
class ConnectionToNotificationServer final class ConnectionToNotificationServer final
: public IPC::ConnectionToServer<NotificationClientEndpoint, NotificationServerEndpoint> : public IPC::ConnectionToServer<NotificationClientEndpoint, NotificationServerEndpoint>
, public NotificationClientEndpoint { , public NotificationClientEndpoint {
IPC_CLIENT_CONNECTION(ConnectionToNotificationServer, "/tmp/user/%uid/portal/notify"sv) IPC_CLIENT_CONNECTION(ConnectionToNotificationServer, "/tmp/session/%sid/portal/notify"sv)
friend class Notification; friend class Notification;

4
Userland/Libraries/LibIPC/ConnectionToServer.h
View file

@ -6,7 +6,7 @@
#pragma once #pragma once
#include <LibCore/Account.h> #include <LibCore/SessionManagement.h>
#include <LibCore/Stream.h> #include <LibCore/Stream.h>
#include <LibIPC/Connection.h> #include <LibIPC/Connection.h>
@ -18,7 +18,7 @@ public:
template<typename Klass = klass, class... Args> \ template<typename Klass = klass, class... Args> \
static ErrorOr<NonnullRefPtr<klass>> try_create(Args&&... args) \ static ErrorOr<NonnullRefPtr<klass>> try_create(Args&&... args) \
{ \ { \
auto parsed_socket_path { Core::Account::parse_path_with_uid(socket_path) }; \ auto parsed_socket_path = TRY(Core::SessionManagement::parse_path_with_sid(socket_path)); \
auto socket = TRY(Core::Stream::LocalSocket::connect(move(parsed_socket_path))); \ auto socket = TRY(Core::Stream::LocalSocket::connect(move(parsed_socket_path))); \
/* We want to rate-limit our clients */ \ /* We want to rate-limit our clients */ \
TRY(socket->set_blocking(true)); \ TRY(socket->set_blocking(true)); \

2
Userland/Libraries/LibImageDecoderClient/Client.h
View file

@ -27,7 +27,7 @@ struct DecodedImage {
class Client final class Client final
: public IPC::ConnectionToServer<ImageDecoderClientEndpoint, ImageDecoderServerEndpoint> : public IPC::ConnectionToServer<ImageDecoderClientEndpoint, ImageDecoderServerEndpoint>
, public ImageDecoderClientEndpoint { , public ImageDecoderClientEndpoint {
IPC_CLIENT_CONNECTION(Client, "/tmp/user/%uid/portal/image"sv); IPC_CLIENT_CONNECTION(Client, "/tmp/session/%sid/portal/image"sv);
public: public:
Optional<DecodedImage> decode_image(ReadonlyBytes); Optional<DecodedImage> decode_image(ReadonlyBytes);

2
Userland/Libraries/LibProtocol/RequestClient.h
View file

@ -20,7 +20,7 @@ class Request;
class RequestClient final class RequestClient final
: public IPC::ConnectionToServer<RequestClientEndpoint, RequestServerEndpoint> : public IPC::ConnectionToServer<RequestClientEndpoint, RequestServerEndpoint>
, public RequestClientEndpoint { , public RequestClientEndpoint {
IPC_CLIENT_CONNECTION(RequestClient, "/tmp/user/%uid/portal/request"sv) IPC_CLIENT_CONNECTION(RequestClient, "/tmp/session/%sid/portal/request"sv)
public: public:
template<typename RequestHashMapTraits = Traits<String>> template<typename RequestHashMapTraits = Traits<String>>

2
Userland/Libraries/LibProtocol/WebSocketClient.h
View file

@ -18,7 +18,7 @@ class WebSocket;
class WebSocketClient final class WebSocketClient final
: public IPC::ConnectionToServer<WebSocketClientEndpoint, WebSocketServerEndpoint> : public IPC::ConnectionToServer<WebSocketClientEndpoint, WebSocketServerEndpoint>
, public WebSocketClientEndpoint { , public WebSocketClientEndpoint {
IPC_CLIENT_CONNECTION(WebSocketClient, "/tmp/user/%uid/portal/websocket"sv) IPC_CLIENT_CONNECTION(WebSocketClient, "/tmp/session/%sid/portal/websocket"sv)
public: public:
RefPtr<WebSocket> connect(const URL&, String const& origin = {}, Vector<String> const& protocols = {}, Vector<String> const& extensions = {}, HashMap<String, String> const& request_headers = {}); RefPtr<WebSocket> connect(const URL&, String const& origin = {}, Vector<String> const& protocols = {}, Vector<String> const& extensions = {}, HashMap<String, String> const& request_headers = {});

2
Userland/Libraries/LibSQL/SQLClient.h
View file

@ -16,7 +16,7 @@ namespace SQL {
class SQLClient class SQLClient
: public IPC::ConnectionToServer<SQLClientEndpoint, SQLServerEndpoint> : public IPC::ConnectionToServer<SQLClientEndpoint, SQLServerEndpoint>
, public SQLClientEndpoint { , public SQLClientEndpoint {
IPC_CLIENT_CONNECTION(SQLClient, "/tmp/user/%uid/portal/sql"sv) IPC_CLIENT_CONNECTION(SQLClient, "/tmp/session/%sid/portal/sql"sv)
virtual ~SQLClient() = default; virtual ~SQLClient() = default;
Function<void(int, String const&)> on_connected; Function<void(int, String const&)> on_connected;

2
Userland/Libraries/LibWebView/WebContentClient.h
View file

@ -19,7 +19,7 @@ class OutOfProcessWebView;
class WebContentClient final class WebContentClient final
: public IPC::ConnectionToServer<WebContentClientEndpoint, WebContentServerEndpoint> : public IPC::ConnectionToServer<WebContentClientEndpoint, WebContentServerEndpoint>
, public WebContentClientEndpoint { , public WebContentClientEndpoint {
IPC_CLIENT_CONNECTION(WebContentClient, "/tmp/user/%uid/portal/webcontent"sv); IPC_CLIENT_CONNECTION(WebContentClient, "/tmp/session/%sid/portal/webcontent"sv);
public: public:
Function<void()> on_web_content_process_crash; Function<void()> on_web_content_process_crash;

6
Userland/Services/InspectorServer/main.cpp
View file

@ -17,12 +17,12 @@ ErrorOr<int> serenity_main(Main::Arguments)
{ {
Core::EventLoop event_loop; Core::EventLoop event_loop;
TRY(Core::System::pledge("stdio unix accept")); TRY(Core::System::pledge("stdio unix accept rpath proc"));
auto server = TRY(IPC::MultiServer<InspectorServer::ConnectionFromClient>::try_create("/tmp/user/%uid/portal/inspector")); auto server = TRY(IPC::MultiServer<InspectorServer::ConnectionFromClient>::try_create("/tmp/session/%sid/portal/inspector"));
auto inspectables_server = TRY(Core::LocalServer::try_create()); auto inspectables_server = TRY(Core::LocalServer::try_create());
TRY(inspectables_server->take_over_from_system_server("/tmp/user/%uid/portal/inspectables")); TRY(inspectables_server->take_over_from_system_server("/tmp/session/%sid/portal/inspectables"));
inspectables_server->on_accept = [&](auto client_socket) { inspectables_server->on_accept = [&](auto client_socket) {
auto pid = client_socket->peer_pid().release_value_but_fixme_should_propagate_errors(); auto pid = client_socket->peer_pid().release_value_but_fixme_should_propagate_errors();

17
Userland/Services/LoginServer/main.cpp
View file

@ -6,6 +6,7 @@
#include <LibCore/Account.h> #include <LibCore/Account.h>
#include <LibCore/ArgsParser.h> #include <LibCore/ArgsParser.h>
#include <LibCore/SessionManagement.h>
#include <LibCore/System.h> #include <LibCore/System.h>
#include <LibGUI/Application.h> #include <LibGUI/Application.h>
#include <LibGUI/MessageBox.h> #include <LibGUI/MessageBox.h>
@ -18,8 +19,14 @@
static void child_process(Core::Account const& account) static void child_process(Core::Account const& account)
{ {
if (auto result = account.create_user_temporary_directory_if_needed(); result.is_error()) { pid_t rc = setsid();
dbgln("Failed to create temporary directory for user {}: {}", account.username(), result.error()); if (rc == -1) {
dbgln("failed to setsid: {}", strerror(errno));
exit(1);
}
auto result = Core::SessionManagement::create_session_temporary_directory_if_needed(account.uid(), account.gid());
if (result.is_error()) {
dbgln("Failed to create temporary directory for session: {}", result.error());
exit(1); exit(1);
} }
@ -29,11 +36,6 @@ static void child_process(Core::Account const& account)
} }
setenv("HOME", account.home_directory().characters(), true); setenv("HOME", account.home_directory().characters(), true);
pid_t rc = setsid();
if (rc == -1) {
dbgln("failed to setsid: {}", strerror(errno));
exit(1);
}
dbgln("login with sid={}", rc); dbgln("login with sid={}", rc);
execlp("/bin/SystemServer", "SystemServer", "--user", nullptr); execlp("/bin/SystemServer", "SystemServer", "--user", nullptr);
@ -68,6 +70,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Core::System::unveil("/etc/shadow", "r")); TRY(Core::System::unveil("/etc/shadow", "r"));
TRY(Core::System::unveil("/etc/group", "r")); TRY(Core::System::unveil("/etc/group", "r"));
TRY(Core::System::unveil("/bin/SystemServer", "x")); TRY(Core::System::unveil("/bin/SystemServer", "x"));
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));

11
Userland/Services/SystemServer/Service.cpp
View file

@ -13,6 +13,7 @@
#include <LibCore/ConfigFile.h> #include <LibCore/ConfigFile.h>
#include <LibCore/Directory.h> #include <LibCore/Directory.h>
#include <LibCore/File.h> #include <LibCore/File.h>
#include <LibCore/SessionManagement.h>
#include <LibCore/SocketAddress.h> #include <LibCore/SocketAddress.h>
#include <LibCore/System.h> #include <LibCore/System.h>
#include <fcntl.h> #include <fcntl.h>
@ -322,17 +323,21 @@ Service::Service(Core::ConfigFile const& config, StringView name)
// Need i here to iterate along with all other vectors. // Need i here to iterate along with all other vectors.
for (unsigned i = 0; i < socket_paths.size(); i++) { for (unsigned i = 0; i < socket_paths.size(); i++) {
auto const path = Core::Account::parse_path_with_uid(socket_paths.at(i), m_account.has_value() ? m_account.value().uid() : Optional<uid_t> {}); auto const path = Core::SessionManagement::parse_path_with_sid(socket_paths.at(i));
if (path.is_error()) {
// FIXME: better error handling for this case.
TODO();
}
// Socket path (plus NUL) must fit into the structs sent to the Kernel. // Socket path (plus NUL) must fit into the structs sent to the Kernel.
VERIFY(path.length() < UNIX_PATH_MAX); VERIFY(path.value().length() < UNIX_PATH_MAX);
// This is done so that the last permission repeats for every other // This is done so that the last permission repeats for every other
// socket. So you can define a single permission, and have it // socket. So you can define a single permission, and have it
// be applied for every socket. // be applied for every socket.
mode_t permissions = strtol(socket_perms.at(min(socket_perms.size() - 1, (long unsigned)i)).characters(), nullptr, 8) & 0777; mode_t permissions = strtol(socket_perms.at(min(socket_perms.size() - 1, (long unsigned)i)).characters(), nullptr, 8) & 0777;
m_sockets.empend(path, -1, permissions); m_sockets.empend(path.value(), -1, permissions);
} }
} }

9
Userland/Services/WebContent/main.cpp
View file

@ -22,12 +22,13 @@
ErrorOr<int> serenity_main(Main::Arguments) ErrorOr<int> serenity_main(Main::Arguments)
{ {
Core::EventLoop event_loop; Core::EventLoop event_loop;
TRY(Core::System::pledge("stdio recvfd sendfd accept unix rpath")); TRY(Core::System::pledge("stdio recvfd sendfd accept unix rpath proc"));
TRY(Core::System::unveil("/proc/all", "r"));
TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/etc/timezone", "r")); TRY(Core::System::unveil("/etc/timezone", "r"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/request", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/request", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/image", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/image", "rw"));
TRY(Core::System::unveil("/tmp/user/%uid/portal/websocket", "rw")); TRY(Core::System::unveil("/tmp/session/%sid/portal/websocket", "rw"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
Web::Platform::EventLoopPlugin::install(*new Web::Platform::EventLoopPluginSerenity); Web::Platform::EventLoopPlugin::install(*new Web::Platform::EventLoopPluginSerenity);

4
Userland/Utilities/aplay.cpp
View file

@ -22,7 +22,7 @@ constexpr size_t LOAD_CHUNK_SIZE = 128 * KiB;
ErrorOr<int> serenity_main(Main::Arguments arguments) ErrorOr<int> serenity_main(Main::Arguments arguments)
{ {
TRY(Core::System::pledge("stdio rpath sendfd unix thread")); TRY(Core::System::pledge("stdio rpath sendfd unix thread proc"));
StringView path {}; StringView path {};
bool should_loop = false; bool should_loop = false;
@ -34,8 +34,8 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
args_parser.add_option(show_sample_progress, "Show playback progress in samples", "sample-progress", 's'); args_parser.add_option(show_sample_progress, "Show playback progress in samples", "sample-progress", 's');
args_parser.parse(arguments); args_parser.parse(arguments);
TRY(Core::System::unveil("/tmp/session/%sid/portal/audio", "rw"));
TRY(Core::System::unveil(Core::File::absolute_path(path), "r"sv)); TRY(Core::System::unveil(Core::File::absolute_path(path), "r"sv));
TRY(Core::System::unveil("/tmp/user/%uid/portal/audio", "rw"));
TRY(Core::System::unveil(nullptr, nullptr)); TRY(Core::System::unveil(nullptr, nullptr));
Core::EventLoop loop; Core::EventLoop loop;