KeyboardSettings: Call out to /bin/keymap to actually set the keymap

Now that KeyboardSettings is no longer setuid-root, we have to call out to a helper program to actually set the keymap. This is a very nice improvement to system security. :^)
author: Andreas Kling <kling@serenityos.org> 2020-06-18 22:29:09 +0200
committer: Andreas Kling <kling@serenityos.org> 2020-06-18 22:29:09 +0200
commit: fe458f81ec8ef74d6378abf5fbf2bf7a54d5e7a9 (patch)
tree: 5b3a3fac0fcc3bdc2f0ab0323813505049a309e3
parent: 6e78279614a0a27697c9c79b0c122298d5ee2b72 (diff)
download: serenity-fe458f81ec8ef74d6378abf5fbf2bf7a54d5e7a9.zip
1 files changed, 35 insertions, 6 deletions
diff --git a/Applications/KeyboardSettings/main.cpp b/Applications/KeyboardSettings/main.cpp
index b1f16e70b2..c2a36c9344 100644
--- a/Applications/KeyboardSettings/main.cpp
+++ b/Applications/KeyboardSettings/main.cpp
@@ -43,9 +43,34 @@
 
 int main(int argc, char** argv)
 {
+    if (pledge("stdio rpath accept cpath wpath shared_buffer unix fattr proc exec", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
 
     // If there is no command line parameter go for GUI.
     GUI::Application app(argc, argv);
+
+    if (pledge("stdio rpath accept shared_buffer proc exec", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
+    if (unveil("/res", "r") < 0 ) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil("/bin/keymap", "x") < 0 ) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil(nullptr, nullptr)) {
+        perror("unveil");
+        return 1;
+    }
+
     auto app_icon = GUI::Icon::default_icon("app-keyboard-settings");
 
     Vector<String> character_map_files;
@@ -99,13 +124,17 @@ int main(int argc, char** argv)
             return;
         }
 
-        Keyboard::CharacterMap character_map(character_map_file);
-        int rc = character_map.set_system_map();
-        if (rc != 0) {
-            GUI::MessageBox::show(strerror(-rc), "Keyboard settings", GUI::MessageBox::Type::Error, GUI::MessageBox::InputType::OK, window);
-            return;
+        pid_t child_pid = fork();
+        if (child_pid < 0) {
+            perror("fork");
+            exit(1);
+        }
+        if (child_pid == 0) {
+            if (execl("/bin/keymap", "/bin/keymap", character_map_file.characters(), nullptr) < 0) {
+                perror("execl");
+                exit(1);
+            }
         }
-
         if (quit)
             app.quit();
     };
author	Andreas Kling <kling@serenityos.org>	2020-06-18 22:29:09 +0200
committer	Andreas Kling <kling@serenityos.org>	2020-06-18 22:29:09 +0200
commit	fe458f81ec8ef74d6378abf5fbf2bf7a54d5e7a9 (patch)
tree	5b3a3fac0fcc3bdc2f0ab0323813505049a309e3
parent	6e78279614a0a27697c9c79b0c122298d5ee2b72 (diff)
download	serenity-fe458f81ec8ef74d6378abf5fbf2bf7a54d5e7a9.zip