Browser only uses LaunchServer for one thing: to open the user's
downloads directory after a download is finished.
Eventually I'd like to move this functionality to a separate download
manager service, but for now, let's at least lock down what Browser is
able to ask LaunchServer to do. :^)
Clients of LaunchServer can now provide a list of allowed handlers,
optionally with a specific set of URLs. The list can be sealed to
prevent future additions to it.
If LaunchServer receives a request to open something not on the allowed
handlers list, it will disconnect the client immediately.
The main idea here is to allow otherwise restricted programs to launch
specific things, e.g "Help" to open their manual, or "Browser" to load
the SerenityOS home page. :^)
- Now sorted
- Add a "layout" property to GUI::Widget and GUI::Frame
- Only complete Layouts for the values of "layout"
- Don't suggest anything if the only suggestion is what the user has
already typed
This gets a lot of unecessary includes out of Widget.cpp. Doing this
didn't work before, but improvements in the C library and using dynamic
libraries have likely un-broken it :^).
Also, move the registration global object to an anonymous namespace. No
reason it has to be an extern symbol.
...as well as the few remaining references to set_foreground_color().
These properties are not being used for rendering anymore, presumably
because they completely mess up theming - assigning random white and
gray backgrounds just doesn't work with dark themes.
I've chosen to not replace most of the few remaining uses of this
broken functionality with custom palette colors (the closest
replacement is background_role) for now (except for Minesweeper where
squares with mines are painted red again now), as no one has actually
complained about them being broken, so it must look somewhat decent
(some just look right anyway). :^)
Examples of this are the taskbar buttons, which apparently had a
DarkGray foreground color for minimized windows once - this has since
been replaced with bold/regular font. Another one is the Profiler's
ProfileTimelineWidget, which is supposed to have a white background -
which it didn't have for quite some time, it's grey now (with the
default theme, that is). Doesn't look bad either.
Previously notifications were (partially) drawn outside the screen rect if
they were created before changing the screen resolution to smaller
dimensions. This prevented the user from dismissing the notification as the
close button was no longer clickable.
If a TLB flush request is broadcast to other processors and the addresses
to flush are user mode addresses, we can ignore such a request on the
target processor if the page directory currently in use doesn't match
the addresses to be flushed. We still need to broadcast to all processors
in that case because the other processors may switch to that same page
directory at any time.
If we remap pages (e.g. lazy allocation) inside a VMObject that is
shared among more than one region, broadcast it to any other region
that may be mapping the same page.
Lazily committed shared memory was not working in situations where one
process would write to the memory and another would only read from it.
Since the reading process would never cause a write fault in the shared
region, we'd never notice that the writing process had added real
physical pages to the VMObject. This happened because the lazily
committed pages were marked "present" in the page table.
This patch solves the issue by always allocating shared memory up front
and not trying to be clever about it.
Before this change, we would sometimes map a region into the address
space with !is_shared(), and then moments later call set_shared(true).
I found this very confusing while debugging, so this patch makes us pass
the initial shared flag to the Region constructor, ensuring that it's in
the correct state by the time we first map the region.
We were jumping through some pretty wasteful hoops in the resize event
handler of OOPWV by first creating a bitmap and then immediately
creating a new (shareable) clone of that bitmap. Now we go straight
to the shareable bitmap instead.
Previously we had a static stack check cookie value for LibC.
Now we randomize the cookie value on LibC initialization, this should
help make the stack check more difficult to attack (still possible just
a bigger pain). This should also help to catch more bugs.
Insert stack canaries to find stack corruptions in the kernel.
It looks like this was enabled in the past (842716a) but appears to have been
lost during the CMake conversion.
The `-fstack-protector-strong` variant was chosen because it catches more issues
than `-fstack-protector`, but doesn't have substantial performance impact like
`-fstack-protector-all`.
This fixes a kernel crash that occured when calling ptrace with PT_PEEK
on non paged-in memory.
The crash occurred because we were holding the scheduler lock while
trying to read from the disk's block device, which we do not allow.
Fixes#4740
