Terminal: Use unveil()

This app needs ("/bin/Terminal", "x") in order to fork+exec itself when the user requests a new Terminal window. I really like how this reduces reduces the impact of pledging "exec". :^) It also needs ("/res", "r") like all GUI apps. We delay the first call to unveil until after we've already opened the app's config file, so there's no need to worry about that.
author: Andreas Kling <kling@serenityos.org> 2020-01-21 12:12:15 +0100
committer: Andreas Kling <kling@serenityos.org> 2020-01-21 12:16:17 +0100
commit: 3097eb4717447f12711508b62c296484c1d6823c (patch)
tree: 6e405f4515d39ad64acc255bd208d174d51199a3 /Applications
parent: 21886ff9e2117329466cb1ec418da7a19f2809c2 (diff)
download: serenity-3097eb4717447f12711508b62c296484c1d6823c.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/Applications/Terminal/main.cpp b/Applications/Terminal/main.cpp
index cf22e2c32e..c7225538f8 100644
--- a/Applications/Terminal/main.cpp
+++ b/Applications/Terminal/main.cpp
@@ -290,6 +290,18 @@ int main(int argc, char** argv)
 
     app.set_menubar(move(menubar));
 
+    if (unveil("/res", "r") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil("/bin/Terminal", "x") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    unveil(nullptr, nullptr);
+
     config->sync();
     return app.exec();
 }
author	Andreas Kling <kling@serenityos.org>	2020-01-21 12:12:15 +0100
committer	Andreas Kling <kling@serenityos.org>	2020-01-21 12:16:17 +0100
commit	3097eb4717447f12711508b62c296484c1d6823c (patch)
tree	6e405f4515d39ad64acc255bd208d174d51199a3 /Applications
parent	21886ff9e2117329466cb1ec418da7a19f2809c2 (diff)
download	serenity-3097eb4717447f12711508b62c296484c1d6823c.zip