@@ -89,6 +91,22 @@ fetch_dlerror (gboolean replace_null)
+g_tsol_is_multi_label_session (void)
+ static int trusted = -1;
+ if (getenv("TRUSTED_SESSION")) {
+ return trusted ? TRUE : FALSE;
_g_module_open (const gchar *file_name,
@@ -101,7 +119,46 @@ _g_module_open (const gchar *file_name,
performed immediately in all dynamic dependencies */
+ if (g_tsol_is_multi_label_session()) {
+ Dl_serinfo _info, *info = &_info;
+ gboolean found = FALSE;
+ if (strstr(file_name, "../"))
+ g_module_set_error("relative paths in module names are not allowed");
+ /* determine search path count and required buffer size */
+ dlinfo(RTLD_SELF, RTLD_DI_SERINFOSIZE, (void *)info);
+ /* allocate new buffer and initialize */
+ /* obtain sarch path information */
+ dlinfo(RTLD_SELF, RTLD_DI_SERINFO, (void *)info);
+ path = &info->dls_serpath[0];
+ for (cnt = 1; cnt <= info->dls_cnt; cnt++, path++) {
+ if (strncmp(file_name, path->dls_name, strlen(path->dls_name)) == 0)
+ g_module_set_error("module is not in a trusted directory");
handle = dlopen (file_name,
(bind_local ? 0 : RTLD_GLOBAL) | (bind_lazy ? RTLD_LAZY | RTLD_FIRST: RTLD_NOW));