| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
This commit does three things atomically:
- switch over Core::Account+SystemServer+LoginServer to sid based socket
names.
- change socket names with %uid to %sid.
- add/update necessary pledges and unveils.
Userland: Switch over servers to sid based sockets
Userland: Properly pledge and unveil for sid based sockets
|
|
This patch allows to insert "%uid" in `IPC_CLIENT_CONNECTION`
declaration and in SystemServer's ini files. This pattern is replaced
then replaced by the UID of the owner of the service. It opens a path
for seamlessly managed, per-user portal.
|
|
The `/tmp/user` directory is owned by root, this solution prevents
malicious users to interfere with other users' portals.
This commit also moves `launch`'s portal in the user directory.
|
|
Before, LaunchServer would only open files based on their extension.
This wouldn't work if the file had the wrong one.
|
|
Various changes are needed to support this:
- The directory is created by Core::Account on login (and located in
/tmp).
- Service's sockets are now deleted on exit (to allow re-creation)
- SystemServer needs to handle SIGTERM to correctly destroy services.
|
|
Each of these strings would previously rely on StringView's char const*
constructor overload, which would call __builtin_strlen on the string.
Since we now have operator ""sv, we can replace these with much simpler
versions. This opens the door to being able to remove
StringView(char const*).
No functional changes.
|
|
Error::from_string_literal now takes direct char const*s, while
Error::from_string_view does what Error::from_string_literal used to do:
taking StringViews. This change will remove the need to insert `sv`
after error strings when returning string literal errors once
StringView(char const*) is removed.
No functional changes.
|
|
This makes the wrapper more like the rest in LibCore, and also
removes the annoying limitation of not supporting arguments.
There are three overloads one for String, char const *, and StringView
argument lists. As long as there are <= 10 arguments the argv list
will be allocated inline, otherwise on the heap.
|
|
|
|
https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#cother-other-default-operation-rules
"The compiler is more likely to get the default semantics right and
you cannot implement these functions better than the compiler."
|
|
https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#cother-other-default-operation-rules
"The compiler is more likely to get the default semantics right and
you cannot implement these functions better than the compiler."
|
|
This was done with CLion's automatic rename feature.
|
|
This was done with CLion's automatic rename feature.
|
|
I've attempted to handle the errors gracefully where it was clear how to
do so, and simple, but a lot of this was just adding
`release_value_but_fixme_should_propagate_errors()` in places.
|
|
This can be use force connection at startup and not to leave 'unix'
pledge all the time.
|
|
This change unfortunately cannot be atomically made without a single
commit changing everything.
Most of the important changes are in LibIPC/Connection.cpp,
LibIPC/ServerConnection.cpp and LibCore/LocalServer.cpp.
The notable changes are:
- IPCCompiler now generates the decode and decode_message functions such
that they take a Core::Stream::LocalSocket instead of the socket fd.
- IPC::Decoder now uses the receive_fd method of LocalSocket instead of
doing system calls directly on the fd.
- IPC::ConnectionBase and related classes now use the Stream API
functions.
- IPC::ServerConnection no longer constructs the socket itself; instead,
a convenience macro, IPC_CLIENT_CONNECTION, is used in place of
C_OBJECT and will generate a static try_create factory function for
the ServerConnection subclass. The subclass is now responsible for
passing the socket constructed in this function to its
ServerConnection base; the socket is passed as the first argument to
the constructor (as a NonnullOwnPtr<Core::Stream::LocalServer>) before
any other arguments.
- The functionality regarding taking over sockets from SystemServer has
been moved to LibIPC/SystemServerTakeover.cpp. The Core::LocalSocket
implementation of this functionality hasn't been deleted due to my
intention of removing this class in the near future and to reduce
noise on this (already quite noisy) PR.
|
|
This makes it very smooth to use TRY() when setting up these lists,
as you can see in the rest of this commit. :^)
|
|
Also add slightly richer parse errors now that we can include a string
literal with returned errors.
This will allow us to use TRY() when working with JSON data.
|
|
|
|
This replaces a bunch of very basic uses of posix_spawn() with the new
Core::Process::spawn().
|
|
With `IconPath`, you can override the icon used for the application
shortcut. This currently only supports resolving the icon through
`GUI::FileIconProvider`, the implementation for pointing to actual
image files is left as an exercise for the reader.
|
|
|
|
|
|
This is common enough to warrant its own setting by now - but it's also
partially a workaround. Since app files currently only support a single
executable path with no arguments, we resort to generating wrapper
scripts for port launchers with arguments - and then the executable is
that shell script. We also moved from manually specifying icon files to
embedding them in executables. As shell scripts can't have icons
embedded in them, a different solution is needed - this one solves the
common case of running a CLI program in a terminal, and still allows
embedding of icons in the executable itself as no shell script is
needed, meaning it will be shown in the taskbar and system menu.
The second use case of actually passing arguments to the executable
itself (and not just "Terminal -e ...") is not covered by this and still
requires an external script (meaning no icon for now), but I think that
can easily be solved by adding something like an "Arguments" field to
app files. :^)
|
|
This adds a convenience utility to AppFiles for quickly launching the
apps backed by the AppFile.
|
|
'Assistant' is similar to macOS spotlight where you can quickly open a
text input, start typing, and hit 'enter' to launch apps or open
directories.
|
|
They're not used anywhere and are unnecessary boilerplate code. So let's
remove them and update IPCCompiler to allow for empty endpoint
declarations.
|
|
|
|
This is no longer used by any of our IPC pairs.
|
|
|
|
This enables calling auto-generated IPC methods in a way that doesn't
crash the client if the peer disconnects.
|
|
This updates all .ipc files to have snake case names for IPC methods.
|
|
This changes client methods so that they return the IPC response's
return value directly - instead of the response struct - for IPC
methods which only have a single return value.
|
|
This updates all existing code to use the auto-generated client
methods instead of post_message/send_sync.
|
|
Instead of having a single overloaded handle method each method gets
its own unique method name now.
|
|
|
|
This makes it more symmetrical with adopt_own() (which is used to
create a NonnullOwnPtr from the result of a naked new.)
|
|
|
|
SPDX License Identifiers are a more compact / standardized
way of representing file license information.
See: https://spdx.dev/resources/use/#identifiers
This was done with the `ambr` search and replace tool.
ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
|
|
IPC::Connection::send_sync asserts that a response was received, so the
current gracefull fail check was useless, as LibIPC would always assert
before reaching it.
|
|
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED)
Since all of these checks are done in release builds as well,
let's rename them to VERIFY to prevent confusion, as everyone is
used to assertions being compiled out in release.
We can introduce a new ASSERT macro that is specifically for debug
checks, but I'm doing this wholesale conversion first since we've
accumulated thousands of these already, and it's not immediately
obvious which ones are suitable for ASSERT.
|
|
The client ID is not useful to normal clients anymore, so stop telling
everyone what their ID is.
|
|
|
