!1576 seccomp模块清除安全告警

Merge pull request !1576 from 夏不白/seccomp_check_path

!1576 seccomp模块清除安全告警
Merge pull request !1576 from 夏不白/seccomp_check_path
9f7673b2 · openharmony_ci · Gitee · 3678d901 · 7ed1ca57 · 9f7673b2
隐藏空白更改
内联并排

Showing with 6 addition and 0 deletion

services/modules/seccomp/seccomp_policy.c services/modules/seccomp/seccomp_policy.c +6 -0

未找到文件。
--- a/services/modules/seccomp/seccomp_policy.c
+++ b/services/modules/seccomp/seccomp_policy.c
@@ -34,8 +34,10 @@

 #ifdef __aarch64__
 #define FILTER_LIB_PATH_FORMAT "/system/lib64/lib%s_filter.z.so"
+#define FILTER_LIB_PATH_HEAD "/system/lib64/lib"
 #else
 #define FILTER_LIB_PATH_FORMAT "/system/lib/lib%s_filter.z.so"
+#define FILTER_LIB_PATH_HEAD "/system/lib/lib"
 #endif
 #define FILTER_NAME_FORMAT "g_%sSeccompFilter"
 #define FILTER_SIZE_STRING "Size"
@@ -114,6 +116,10 @@ static int GetSeccompPolicy(const char *filterName, int **handler,
        return INPUT_ERROR;
    }

+    if (strncmp(filterLibRealPath, FILTER_LIB_PATH_HEAD, strlen(FILTER_LIB_PATH_HEAD))) {
+        return INPUT_ERROR;
+    }
+
    char filterVaribleName[PATH_MAX] = {0};
    struct sock_filter *filter = NULL;
    size_t *filterSize = NULL;