Add option to reverse primary and secondary buttons in Mouse Settings.
- WindowServer.ini: add default entry
- switch-mouse-buttons.png: new icon for settings entry
- Mouse.gml/MouseWidget.*: new settings dialog
- ClientConnection/WindowManager/Server: window message for settings
- EventLoop.cpp: swap buttons 1 and 2 if settings are on
Commit cf0dbc906 recently added the ability for setuid binaries to be
located in /usr/Tests. This should really now be read only to mitigate
the potential misuse of any of the setuid binaries.
To ensure everything works as expected, a unit test was added with
multiple scenarios.
This binary has to have the SetUID flag, and we also bind-mount the
/usr/Tests directory to allow running of SetUID binaries.
ConfigServer is an IPC service that provides access to application
configuration and settings. The idea is to replace all uses of
Core::ConfigFile with IPC requests to ConfigServer.
This first cut of the API is pretty similar to Core::ConfigFile.
The old:
auto config = Core::ConfigFile::open_for_app("App");
auto value = config->read_entry("Group", "Key");
The new:
auto value = Config::read_string("App", "Group", "Key");
ConfigServer uses the ~/.config directory as its backing store
and all the files remain human-editable. :^)
The IRC Client application made some sense while our main communication
hub was an IRC channel. Now that we've moved on, IRC is just a random
protocol with no particular relevance to this project.
This also has the benefit of removing one major client of the single-
process Web::InProcessWebView class.
Now you can specify a CursorTheme key in /etc/WindowServer.ini. The
cursors are loaded from /res/cursor-themes/<name> directory. This
directory contains a Config.ini file with format similar to previous
Cursor section, except it uses relative paths.
This commit adds also Default theme, which uses cursors being
previously in /res/cursors.
The WidgetGallery is updated to match the new cursor path format.
A SPICE agent communicates with the host OS to provide nifty features
like clipboard sharing :^)
This patch implements only plain-text clipboard sharing.
See: github.com/freedesktop/spice-protocol/blob/master/spice/vd_agent.h
Adds new service FileSystemAccessServer which allows programs to
request a file descriptor for any file on the file system.
The user can be prompted to choose the path with a FilePicker, or the
path can be provided by the application which will show a MessageBox
showing the pid and name of the calling process and allows the user to
approve or deny the request.
This also adds the ability to query how many virtual desktops are
set up, and for the Taskbar to be notified when the active virtual
desktop has changed.
This will run all the tests that are children of this service with
deadly UBSAN, ensuring we don't get any UBSAN regressions in on-target
tests anymore. :^)
An Overlay is similar to a transparent window, but has less overhead
and does not get rendered within the window stack. Basically, the area
that an Overlay occupies forces transparency rendering for any window
underneath, which allows us to render them flicker-free.
This also adds a new API that allows displaying the screen numbers,
e.g. while the user configures the screen layout in DisplaySettings
Because other things like drag&drop or the window-size label are not
yet converted to use this new mechanism, they will be drawn over the
screen-number currently.
This allows WindowServer to use multiple framebuffer devices and
compose the desktop with any arbitrary layout. Currently, it is assumed
that it is configured contiguous and non-overlapping, but this should
eventually be enforced.
To make rendering efficient, each window now also tracks on which
screens it needs to be rendered. This way we don't have to iterate all
the windows for each screen but instead use the same rendering loop and
then only render to the screen (or screens) that the window actually
uses.
Adds Sectigo RSA Domain, Extended, and Organization cert subjects
to ca_certs.ini. These are the new names for the old Comodo CA
certs that are already trusted.
Some of these were using 660 permissions which meant that other users
in the "users" group could connect to anon's service processes.
Let's tighten things up by not allowing that. :^)
https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/
V1_chap08.html
TMPDIR This variable shall represent a pathname of a directory made
available for programs that need a place to create temporary
files.
Ports like PHP benefit from having this environment variable set, and
there exist a lot of scripts that assume the presence of such an
environment variable.
Since this program is setuid-root, it should be as simple as possible.
To that end, remove `/etc/plsusers` and use filesystem permissions to
achieve the same thing. `/bin/pls` is now only executable by `root` or
members of the `wheel` group.
Also remove all the logic that went to great lengths to `unveil()` a
minimal set of filesystem paths that may be used for the command.
The complexity-to-benefit ratio did not seem justified, and I think
we're better off keeping this simple.
Finally, remove pledge promises the moment they are no longer needed.
Changes to the system font settings are now persisted in /etc.
Note that you still need to restart the system for changes to fully
apply in all programs.
This service daemon will act as an intermediary between the Inspector
program and the inspectable programs it wants to inspect.
Programs can make themselves available for inspection by connecting
to /tmp/portal/inspectables using the Core::EventLoop RPC protocol.
After looking closely at this, I realized that we've been running
all the service processes under separate user accounts even though
there's actually no need to.
Since we already use pledge() and unveil() to limit the scope and
access of these programs, separating them to another UID doesn't
achieve anything meaningful. So let's bring them back to the "anon"
user account and simplify things.
Programs affected:
- ImageDecoder
- RequestServer
- WebContent
- WebSocket
Longer term, I'd like for all of these to get spawned for the current
desktop user somehow, possibly by some kind of session manager, or
perhaps by the Browser program itself. But for now they remain under
SystemServer's control.