1#!/bin/sh
2RC=0
3test_file="/tmp/smack_socket_udp"
4SMACK_PATH=`grep smack /proc/mounts | awk '{print $2}' `
5
6udp_server=`which udp_server`
7if [ -z $udp_server ]; then
8	if [ -f "/tmp/udp_server" ]; then
9		udp_server="/tmp/udp_server"
10	else
11		echo "udp_server binary not found"
12		exit 1
13	fi
14fi
15udp_client=`which udp_client`
16if [ -z $udp_client ]; then
17	if [ -f "/tmp/udp_client" ]; then
18		udp_client="/tmp/udp_client"
19	else
20		echo "udp_client binary not found"
21		exit 1
22	fi
23fi
24
25# make sure no access is granted
26#        12345678901234567890123456789012345678901234567890123456
27echo -n "label1                  label2                  -----" > $SMACK_PATH/load
28
29# checking access for sockets with different labels
30$udp_server 50021 label2 2>$test_file &
31server_pid=$!
32sleep 1
33$udp_client 50021 label1 2>$test_file &
34client_pid=$!
35wait $server_pid
36server_rv=$?
37wait $client_pid
38client_rv=$?
39if [ $server_rv -eq 0 ]; then
40	echo "Sockets with different labels should not communicate on udp"
41	exit 1
42fi
43
44# granting access between different labels
45#        12345678901234567890123456789012345678901234567890123456
46echo -n "label1                  label2                  rw---" > $SMACK_PATH/load
47# checking access for sockets with different labels, but having a rule granting rw
48$udp_server 50022 label2 2>$test_file &
49server_pid=$!
50sleep 1
51$udp_client 50022 label1 2>$test_file &
52client_pid=$!
53wait $server_pid
54server_rv=$?
55wait $client_pid
56client_rv=$?
57if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then
58	echo "Sockets with different labels, but having rw access, should communicate on udp"
59	exit 1
60fi
61
62# checking access for sockets with the same label
63$udp_server 50023 label1 &
64server_pid=$!
65sleep 1
66$udp_client 50023 label1 2>$test_file &
67client_pid=$!
68wait $server_pid
69server_rv=$?
70wait $client_pid
71client_rv=$?
72if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then
73	echo "Sockets with same labels should communicate on udp"
74	exit 1
75fi
76
77# checking access on socket labeled star (*)
78# should always be permitted
79$udp_server 50024 \* 2>$test_file &
80server_pid=$!
81sleep 1
82$udp_client 50024 label1 2>$test_file &
83client_pid=$!
84wait $server_pid
85server_rv=$?
86wait $client_pid
87client_rv=$?
88if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then
89	echo "Should have access on udp socket labeled star (*)"
90	exit 1
91fi
92
93# checking access from socket labeled star (*)
94# all access from subject star should be denied
95$udp_server 50025 label1 2>$test_file &
96server_pid=$!
97sleep 1
98$udp_client 50025 \* 2>$test_file &
99client_pid=$!
100wait $server_pid
101server_rv=$?
102wait $client_pid
103client_rv=$?
104if [ $server_rv -eq 0 ]; then
105	echo "Socket labeled star should not have access to any udp socket"
106	exit 1
107fi
108