Use absolute path for radio-hal dlopen to avoid malicious attack

[Version] 0.2.17
[Profile] Mobile, Wearable
[Issue Type] Security

Change-Id: I41370d28635685bbbf35c35a5c7930ba7a8a1333

diff --git a/packaging/libmm-radio.spec b/packaging/libmm-radio.spec
index 56b89e9..6f3b582 100755 (executable)
--- a/packaging/libmm-radio.spec
+++ b/packaging/libmm-radio.spec
@@ -1,13 +1,13 @@
 Name:       libmm-radio
 Summary:    Multimedia Framework Radio Library
-Version:    0.2.16
+Version:    0.2.17
 Release:    0
 Group:      System/Libraries
 License:    Apache-2.0
 Source0:    %{name}-%{version}.tar.gz
 Source1001:    libmm-radio.manifest
-Requires(post): /sbin/ldconfig
-Requires(postun): /sbin/ldconfig
+#Requires(post): /sbin/ldconfig
+#Requires(postun): /sbin/ldconfig
 BuildRequires:  pkgconfig(mm-common)
 BuildRequires:  pkgconfig(mm-log)
 BuildRequires:  pkgconfig(mm-session)
@@ -37,9 +37,10 @@ cp %{SOURCE1001} .
 %build
 ./autogen.sh
 
-export CFLAGS=" %{optflags} -Wall -DGST_EXT_TIME_ANALYSIS -DEXPORT_API=\"__attribute__((visibility(\\\"default\\\")))\" -Werror"
+export CFLAGS+=" %{optflags} -Wall"
 %ifarch %{arm}
-export CFLAGS="$CFLAGS -DTIZEN_FEATURE_RADIO_HAL"
+export CFLAGS+=" -DTIZEN_FEATURE_RADIO_HAL "
+export CFLAGS+=" -DPATH_LIBDIR=\\\"%{_libdir}\\\""
 %endif
 
 %configure \

diff --git a/src/radio_hal_interface.c b/src/radio_hal_interface.c
index e40d401..cd62ba9 100644 (file)
--- a/src/radio_hal_interface.c
+++ b/src/radio_hal_interface.c
@@ -25,7 +25,7 @@ extern "C" {
 #include "mm_radio_utils.h"
 #include "radio_hal_interface.h"
 
-#define LIB_TIZEN_RADIO "libtizen-radio.so"
+#define LIB_TIZEN_RADIO PATH_LIBDIR"/libtizen-radio.so"
 
 static int __convert_error_code(int code, char *func_name)
 {