diff options
| author | Andreas Kling <kling@serenityos.org> | 2021-01-03 12:10:34 +0100 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2021-01-03 12:10:34 +0100 |
| commit | a63330077fa7fad9b2605558164284338ee77b67 (patch) | |
| tree | 1880464f41165fe0e7f1f8f2b06eec2cd2319e16 /Applications | |
| parent | 70c59dcbf85dc9ba87140952c44be4cdc8c70f08 (diff) | |
| download | serenity-a63330077fa7fad9b2605558164284338ee77b67.zip | |
Browser: Tell LaunchServer we only want to show the downloads directory
Browser only uses LaunchServer for one thing: to open the user's
downloads directory after a download is finished.
Eventually I'd like to move this functionality to a separate download
manager service, but for now, let's at least lock down what Browser is
able to ask LaunchServer to do. :^)
Diffstat (limited to 'Applications')
| -rw-r--r-- | Applications/Browser/main.cpp | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/Applications/Browser/main.cpp b/Applications/Browser/main.cpp index 112bb2633b..2a67e846e0 100644 --- a/Applications/Browser/main.cpp +++ b/Applications/Browser/main.cpp @@ -35,6 +35,7 @@ #include <LibCore/ConfigFile.h> #include <LibCore/File.h> #include <LibCore/StandardPaths.h> +#include <LibDesktop/Launcher.h> #include <LibGUI/AboutDialog.h> #include <LibGUI/Application.h> #include <LibGUI/BoxLayout.h> @@ -85,7 +86,15 @@ int main(int argc, char** argv) // Connect to the ProtocolServer immediately so we can drop the "unix" pledge. Web::ResourceLoader::the(); - // FIXME: Once there is a standalone Download Manager, we can drop the "unix" pledge. + // Connect to LaunchServer immediately and let it know that we won't ask for anything other than opening + // the user's downloads directory. + // FIXME: This should go away with a standalone download manager at some point. + if (!Desktop::Launcher::add_allowed_url(URL::create_with_file_protocol(Core::StandardPaths::downloads_directory())) + || !Desktop::Launcher::seal_allowlist()) { + warnln("Failed to set up allowed launch URLs"); + return 1; + } + if (pledge("stdio shared_buffer accept unix cpath rpath wpath sendfd recvfd", nullptr) < 0) { perror("pledge"); return 1; @@ -106,12 +115,6 @@ int main(int argc, char** argv) return 1; } - // FIXME: Once there is a standalone Download Manager, we don't need to unveil this - if (unveil("/tmp/portal/launch", "rw") < 0) { - perror("unveil"); - return 1; - } - if (unveil("/tmp/portal/image", "rw") < 0) { perror("unveil"); return 1; |