hal: Fix the TOCTOU issue by using the path on dlopen directly

Prior to that, pass_get_hal_info() checks whether filename is
accessible or not wiht access() and then load the library through
dlopen(). This sequence between access() and dlopen() has the
TOCTOU (Time of Check to Time Of Use) issue. So, this patch just
removes the calling of access() and then only use dlopen()
in order to TOCTOU issue.

Change-Id: I510eb7bcd2e91a5bacd743ef22af92298f72b4ae
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>

diff --git a/src/hal/hal.c b/src/hal/hal.c
index 831b4b8c9179227df0a215f99f712383287c424e..2f65a71e060987af315ca8e391a3d259251503b0 100644 (file)
--- a/src/hal/hal.c
+++ b/src/hal/hal.c
@@ -50,14 +50,8 @@ int pass_get_hal_info(const char *name, const struct pass_resource_info **info)
        if (!info || !name)
                return -EINVAL;
 
-       /* Find matched module path */
-       snprintf(path, sizeof(path), "%s/%s.so", MODULE_PATH, name);
-       if (access(path, R_OK) != 0) {
-               _E("there is no %s device", name);
-               return -ENODEV;
-       }
-
        /* Load module */
+       snprintf(path, sizeof(path), "%s/%s.so", MODULE_PATH, name);
        handle = dlopen(path, RTLD_NOW);
        if (!handle) {
                _E("fail to open module : %s", dlerror());