The `/tmp/user` directory is owned by root, this solution prevents
malicious users to interfere with other users' portals.
This commit also moves `launch`'s portal in the user directory.
Various changes are needed to support this:
- The directory is created by Core::Account on login (and located in
/tmp).
- Service's sockets are now deleted on exit (to allow re-creation)
- SystemServer needs to handle SIGTERM to correctly destroy services.
Each of these strings would previously rely on StringView's char const*
constructor overload, which would call __builtin_strlen on the string.
Since we now have operator ""sv, we can replace these with much simpler
versions. This opens the door to being able to remove
StringView(char const*).
No functional changes.
pledge_domains() that takes only one String argument was specifically
added as a shortcut for pledging a single domain. So, it makes sense to
use singular here.
This is partially a revert of commits:
10a8b6d411561b67a1ad
Rather than adding the prot_exec pledge requried to use dlopen(), we can
link directly against LibUnicodeData in applications that we know need
that library.
This might make the dlopen() dance a bit unnecessary. The same purpose
might now be fulfilled with weak symbols. That can be revisted next, but
for now, this at least removes the potential security risk of apps like
the Browser having prot_exec privileges.
Loading libunicodedata.so will require dlopen(), which in turn requires
mmap(). The 'prot_exec' pledge is needed for this.
Further, the .so itself must be unveiled for reading. The "real" path is
unveiled (libunicodedata.so.serenity) as the symlink (libunicodedata.so)
itself cannot be unveiled.
Previously we unveiled the file specified through the command-line
interface. Now, we just make the request through the
FileSystemAccessServer instead.
Applications previously had to create a GUI::Menubar object, add menus
to it, and then call GUI::Window::set_menubar().
This patch introduces GUI::Window::add_menu() which creates the menubar
automatically and adds items to it. Application code becomes slightly
simpler as a result. :^)
Making use of the new FileSystemAccessServer we are able to use
unveil without restricting our ability to open and save files.
A file argument will be unveiled automatically however all other files
require user action via the FileSystemAccessServer to gain access.
Since applications using Core::EventLoop no longer need to create a
socket in /tmp/rpc/, and also don't need to listen for incoming
connections on this socket, we can remove a whole bunch of pledges!
This allows the user to specify a specific line and column number to
start at when opening a file in TextEditor through the terminal, by
adding a colon after the file name.
For example, `TextEditor ReadMe.md:10:5` will open ReadMe.md and put
the cursor on line 10 at column 5.
To ensure that the user isn't trying to open a file that actually has
colons in its name, it checks if the file exists before parsing.
Replaces the feature added in b474f49164Closes#5589
SPDX License Identifiers are a more compact / standardized
way of representing file license information.
See: https://spdx.dev/resources/use/#identifiers
This was done with the `ambr` search and replace tool.
ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
I hereby declare these to be full nouns that we don't split,
neither by space, nor by underscore:
- Breadcrumbbar
- Coolbar
- Menubar
- Progressbar
- Scrollbar
- Statusbar
- Taskbar
- Toolbar
This patch makes everything consistent by replacing every other variant
of these with the proper one. :^)
Now that WindowServer broadcasts the system theme using an anonymous
file, we need clients to pledge "recvfd" so they can receive it.
Some programs keep the "shared_buffer" pledge since it's still used for
a handful of things.
