Use absolute path for audio-hal dlopen to avoid malicious attack

[Version] 5.0.79
[Profile] Common
[Issue Type] Security

Change-Id: I5ce2acd3ae5efe8a139b7a5d3efa8c039fe96ed5

diff --git a/packaging/pulseaudio-modules-tizen.spec b/packaging/pulseaudio-modules-tizen.spec
index ab20110e6e478255128d4ce06c6f0e2078cf7c31..64232a41561dc95c48c6649fcd52deed222083b1 100644 (file)
--- a/packaging/pulseaudio-modules-tizen.spec
+++ b/packaging/pulseaudio-modules-tizen.spec
@@ -1,6 +1,6 @@
 Name:             pulseaudio-modules-tizen
 Summary:          Pulseaudio modules for Tizen
-Version:          5.0.78
+Version:          5.0.79
 Release:          0
 Group:            Multimedia/Audio
 License:          LGPL-2.1+
@@ -32,7 +32,7 @@ This package contains pulseaudio modules for tizen audio system.
 %setup -q
 
 %build
-export CFLAGS="%{optflags} -fno-strict-aliasing -DSYSCONFDIR=\\\"%{_sysconfdir}\\\""
+export CFLAGS="%{optflags} -fno-strict-aliasing -DSYSCONFDIR=\\\"%{_sysconfdir}\\\" -DAUDIOHALDIR=\\\"%{_libdir}\\\""
 
 export LD_AS_NEEDED=0
 %reconfigure --prefix=%{_prefix} \

diff --git a/src/hal-interface.c b/src/hal-interface.c
index f7ef78655f00c1c58b02e5723bf3ae2c25916424..80d34084eaacb549eed3ca86f81aaa9211080ac6 100644 (file)
--- a/src/hal-interface.c
+++ b/src/hal-interface.c
@@ -30,7 +30,7 @@
 #define SHARED_HAL_INTF "tizen-hal-interface"
 
 /* Audio HAL library */
-#define LIB_TIZEN_AUDIO "libtizen-audio.so"
+#define LIB_TIZEN_AUDIO AUDIOHALDIR"/libtizen-audio.so"
 
 struct _pa_hal_interface {
     PA_REFCNT_DECLARE;