mirrors/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity.git synced 2025-01-23 09:51:57 -05:00
Code Issues Projects Releases Packages Wiki Activity

Userland: Add unveil/pledge requisites for dynamic Unicode data loading

Browse source 
Loading libunicodedata.so will require dlopen(), which in turn requires
mmap(). The 'prot_exec' pledge is needed for this.

Further, the .so itself must be unveiled for reading. The "real" path is
unveiled (libunicodedata.so.serenity) as the symlink (libunicodedata.so)
itself cannot be unveiled.
This commit is contained in:
Timothy Flynn 2021-12-16 08:13:00 -05:00 committed by Brian Gianforcaro
parent 35e5cbe3b3
commit 10a8b6d411
7 changed files with 16 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Userland/Applications/Assistant/main.cpp
View file

@ -188,7 +188,7 @@ static constexpr size_t MAX_SEARCH_RESULTS = 6;
int main(int argc, char** argv)
{
if (pledge("stdio recvfd sendfd rpath cpath unix proc exec thread", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath cpath unix proc exec thread prot_exec", nullptr) < 0) {
perror("pledge");
return 1;
}

3
Userland/Applications/Browser/main.cpp
View file

@ -39,7 +39,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
return 1;
}
TRY(Core::System::pledge("stdio recvfd sendfd unix cpath rpath wpath"));
TRY(Core::System::pledge("stdio recvfd sendfd unix cpath rpath wpath prot_exec"));
const char* specified_url = nullptr;
@ -63,6 +63,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Core::System::unveil("/tmp/portal/image", "rw"));
TRY(Core::System::unveil("/tmp/portal/webcontent", "rw"));
TRY(Core::System::unveil("/tmp/portal/request", "rw"));
TRY(Core::System::unveil("/usr/lib/libunicodedata.so.serenity", "r"));
TRY(Core::System::unveil(nullptr, nullptr));
auto app_icon = GUI::Icon::default_icon("app-browser");

4
Userland/Applications/FontEditor/main.cpp
View file

@ -20,14 +20,14 @@
ErrorOr<int> serenity_main(Main::Arguments arguments)
{
TRY(Core::System::pledge("stdio recvfd sendfd thread rpath unix cpath wpath"));
TRY(Core::System::pledge("stdio recvfd sendfd thread rpath unix cpath wpath prot_exec"));
auto app = TRY(GUI::Application::try_create(arguments));
TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_protocol("/usr/share/man/man1/FontEditor.md") }));
TRY(Desktop::Launcher::seal_allowlist());
TRY(Core::System::pledge("stdio recvfd sendfd thread rpath cpath wpath"));
TRY(Core::System::pledge("stdio recvfd sendfd thread rpath cpath wpath prot_exec"));
char const* path = nullptr;
Core::ArgsParser args_parser;

7
Userland/Applications/Spreadsheet/main.cpp
View file

@ -22,7 +22,7 @@
int main(int argc, char* argv[])
{
if (pledge("stdio recvfd sendfd rpath fattr unix cpath wpath thread", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath fattr unix cpath wpath thread prot_exec", nullptr) < 0) {
perror("pledge");
return 1;
}
@ -69,6 +69,11 @@ int main(int argc, char* argv[])
return 1;
}
if (unveil("/usr/lib/libunicodedata.so.serenity", "r") < 0) {
perror("unveil");
return 1;
}
if (unveil(nullptr, nullptr) < 0) {
perror("unveil");
return 1;

3
Userland/Applications/TextEditor/main.cpp
View file

@ -18,7 +18,7 @@ using namespace TextEditor;
ErrorOr<int> serenity_main(Main::Arguments arguments)
{
TRY(Core::System::pledge("stdio recvfd sendfd thread rpath cpath wpath unix"));
TRY(Core::System::pledge("stdio recvfd sendfd thread rpath cpath wpath unix prot_exec"));
auto app = TRY(GUI::Application::try_create(arguments));
@ -35,6 +35,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Core::System::unveil("/tmp/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/portal/webcontent", "rw"));
TRY(Core::System::unveil("/tmp/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/usr/lib/libunicodedata.so.serenity", "r"));
TRY(Core::System::unveil(nullptr, nullptr));
StringView preview_mode_view = preview_mode;

3
Userland/Services/WebContent/main.cpp
View file

@ -14,11 +14,12 @@
ErrorOr<int> serenity_main(Main::Arguments)
{
Core::EventLoop event_loop;
TRY(Core::System::pledge("stdio recvfd sendfd accept unix rpath"));
TRY(Core::System::pledge("stdio recvfd sendfd accept unix rpath prot_exec"));
TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/portal/request", "rw"));
TRY(Core::System::unveil("/tmp/portal/image", "rw"));
TRY(Core::System::unveil("/tmp/portal/websocket", "rw"));
TRY(Core::System::unveil("/usr/lib/libunicodedata.so.serenity", "r"));
TRY(Core::System::unveil(nullptr, nullptr));
auto client = TRY(IPC::take_over_accepted_client_from_system_server<WebContent::ClientConnection>());

2
Userland/Utilities/js.cpp
View file

@ -1207,7 +1207,7 @@ public:
ErrorOr<int> serenity_main(Main::Arguments arguments)
{
#ifdef __serenity__
TRY(Core::System::pledge("stdio rpath wpath cpath tty sigaction"));
TRY(Core::System::pledge("stdio rpath wpath cpath tty sigaction prot_exec"));
#endif
bool gc_on_every_allocation = false;