From ec798658451b4a1775fb331337f2cfc5d021a8be Mon Sep 17 00:00:00 2001
From: Albert S <mail@quitesimple.org>
Date: Sun, 2 Jan 2022 16:15:55 +0100
Subject: [PATCH] fixup! gui: Add vow_promises to exile policy

---
 gui/main.cpp | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/gui/main.cpp b/gui/main.cpp
index 2e34bea..9449d18 100644
--- a/gui/main.cpp
+++ b/gui/main.cpp
@@ -25,7 +25,7 @@ int main(int argc, char *argv[])
 			qDebug() << "Launching ipc";
 			if(!ipcserver->startSpawner(socketPath))
 			{
-				qDebug() << "Error failed to spawn";
+				qCritical() << "Error failed to spawn";
 				return 1;
 			}
 			qDebug() << "Launched";
@@ -43,6 +43,11 @@ int main(int argc, char *argv[])
 	}
 
 	struct exile_policy *policy = exile_init_policy();
+	if(policy == NULL)
+	{
+		qCritical() << "Failed to init policy for sandbox";
+		return 1;
+	}
 	std::string appDataLocation = QStandardPaths::writableLocation(QStandardPaths::AppLocalDataLocation).toStdString();
 	std::string cacheDataLocation = QStandardPaths::writableLocation(QStandardPaths::CacheLocation).toStdString();
 	std::string sockPath = socketPath.toStdString();
@@ -51,10 +56,25 @@ int main(int argc, char *argv[])
 						   EXILE_SYSCALL_VOW_RPATH | EXILE_SYSCALL_VOW_UNIX | EXILE_SYSCALL_VOW_STDIO |
 						   EXILE_SYSCALL_VOW_PROT_EXEC | EXILE_SYSCALL_VOW_PROC | EXILE_SYSCALL_VOW_SHM |
 						   EXILE_SYSCALL_VOW_FSNOTIFY | EXILE_SYSCALL_VOW_IOCTL;
-	exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_REMOVE_FILE, "/");
-	exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, appDataLocation.c_str());
-	exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, cacheDataLocation.c_str());
 
+	if(exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_REMOVE_FILE, "/") != 0)
+	{
+		qCritical() << "Failed to append a path to the path policy";
+		return 1;
+	}
+
+	if(exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, appDataLocation.c_str()) !=
+	   0)
+	{
+		qCritical() << "Failed to append a path to the path policy";
+		return 1;
+	}
+	if(exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE,
+								cacheDataLocation.c_str()) != 0)
+	{
+		qCritical() << "Failed to append a path to the path policy";
+		return 1;
+	}
 	int ret = exile_enable_policy(policy);
 	if(ret != 0)
 	{