WindowServer: Use unveil()

WindowServer needs persistent access to a few things:

- /res (for themes, fonts, cursors, apps, wallpapers, etc.)
- /etc/passwd (for username lookup, not sure this is actually needed..)
- /home/anon/WindowManager.ini (FIXME: this should not be hard-coded..)

These things are unveiled temporarily, and then dropped:

- /tmp (for setting up sockets)
- /dev (for opening input and framebuffer devices)

This leaves WindowServer running with a very limited view of the file
system, how neat is that!

Servers/WindowServer/main.cpp

@@ -41,6 +41,34 @@ int main(int, char**)
         return 1;
     }
 
+    if (unveil("/res", "r") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil("/etc/passwd", "r") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil("/tmp", "cw") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    // FIXME: WindowServer should obviously not hardcode this.
+    //        Instead, we should have a ConfigServer or similar that allows programs
+    //        to get/set user settings over IPC without giving them access to any files.
+    if (unveil("/home/anon/WindowManager.ini", "rwc") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil("/dev", "rw") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
     struct sigaction act;
     memset(&act, 0, sizeof(act));
     act.sa_flags = SA_NOCLDWAIT;
@@ -72,6 +100,21 @@ int main(int, char**)
     auto wm = WSWindowManager::construct(*palette);
     auto mm = WSMenuManager::construct();
 
+    if (unveil("/tmp", "") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil("/dev", "") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil(nullptr, nullptr) < 0) {
+        perror("unveil");
+        return 1;
+    }
+
     dbgprintf("Entering WindowServer main loop.\n");
     loop.exec();
     ASSERT_NOT_REACHED();