<fix>

增加dlopen路径检查 Signed-off-by: N xiacong <xiacong4@huawei.com>

<fix>
增加dlopen路径检查 Signed-off-by: N xiacong <xiacong4@huawei.com>
7ed1ca57 · xiacong · 3678d901 · 7ed1ca57
隐藏空白更改
内联并排

Showing with 6 addition and 0 deletion

services/modules/seccomp/seccomp_policy.c services/modules/seccomp/seccomp_policy.c +6 -0

未找到文件。
--- a/services/modules/seccomp/seccomp_policy.c
+++ b/services/modules/seccomp/seccomp_policy.c
@@ -34,8 +34,10 @@
 #ifdef __aarch64__
 #define FILTER_LIB_PATH_FORMAT "/system/lib64/lib%s_filter.z.so"
+#define FILTER_LIB_PATH_HEAD "/system/lib64/lib"
 #else
 #define FILTER_LIB_PATH_FORMAT "/system/lib/lib%s_filter.z.so"
+#define FILTER_LIB_PATH_HEAD "/system/lib/lib"
 #endif
 #define FILTER_NAME_FORMAT "g_%sSeccompFilter"
 #define FILTER_SIZE_STRING "Size"
@@ -114,6 +116,10 @@ static int GetSeccompPolicy(const char *filterName, int **handler,
        return INPUT_ERROR;
    }
+    if (strncmp(filterLibRealPath, FILTER_LIB_PATH_HEAD, strlen(FILTER_LIB_PATH_HEAD))) {
+        return INPUT_ERROR;
+    }
    char filterVaribleName[PATH_MAX] = {0};
    struct sock_filter *filter = NULL;
    size_t *filterSize = NULL;