1#!/bin/sh 2RC=0 3test_file="/tmp/smack_socket_udp" 4SMACK_PATH=`grep smack /proc/mounts | awk '{print $2}' ` 5 6udp_server=`which udp_server` 7if [ -z $udp_server ]; then 8 if [ -f "/tmp/udp_server" ]; then 9 udp_server="/tmp/udp_server" 10 else 11 echo "udp_server binary not found" 12 exit 1 13 fi 14fi 15udp_client=`which udp_client` 16if [ -z $udp_client ]; then 17 if [ -f "/tmp/udp_client" ]; then 18 udp_client="/tmp/udp_client" 19 else 20 echo "udp_client binary not found" 21 exit 1 22 fi 23fi 24 25# make sure no access is granted 26# 12345678901234567890123456789012345678901234567890123456 27echo -n "label1 label2 -----" > $SMACK_PATH/load 28 29# checking access for sockets with different labels 30$udp_server 50021 label2 2>$test_file & 31server_pid=$! 32sleep 1 33$udp_client 50021 label1 2>$test_file & 34client_pid=$! 35wait $server_pid 36server_rv=$? 37wait $client_pid 38client_rv=$? 39if [ $server_rv -eq 0 ]; then 40 echo "Sockets with different labels should not communicate on udp" 41 exit 1 42fi 43 44# granting access between different labels 45# 12345678901234567890123456789012345678901234567890123456 46echo -n "label1 label2 rw---" > $SMACK_PATH/load 47# checking access for sockets with different labels, but having a rule granting rw 48$udp_server 50022 label2 2>$test_file & 49server_pid=$! 50sleep 1 51$udp_client 50022 label1 2>$test_file & 52client_pid=$! 53wait $server_pid 54server_rv=$? 55wait $client_pid 56client_rv=$? 57if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then 58 echo "Sockets with different labels, but having rw access, should communicate on udp" 59 exit 1 60fi 61 62# checking access for sockets with the same label 63$udp_server 50023 label1 & 64server_pid=$! 65sleep 1 66$udp_client 50023 label1 2>$test_file & 67client_pid=$! 68wait $server_pid 69server_rv=$? 70wait $client_pid 71client_rv=$? 72if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then 73 echo "Sockets with same labels should communicate on udp" 74 exit 1 75fi 76 77# checking access on socket labeled star (*) 78# should always be permitted 79$udp_server 50024 \* 2>$test_file & 80server_pid=$! 81sleep 1 82$udp_client 50024 label1 2>$test_file & 83client_pid=$! 84wait $server_pid 85server_rv=$? 86wait $client_pid 87client_rv=$? 88if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then 89 echo "Should have access on udp socket labeled star (*)" 90 exit 1 91fi 92 93# checking access from socket labeled star (*) 94# all access from subject star should be denied 95$udp_server 50025 label1 2>$test_file & 96server_pid=$! 97sleep 1 98$udp_client 50025 \* 2>$test_file & 99client_pid=$! 100wait $server_pid 101server_rv=$? 102wait $client_pid 103client_rv=$? 104if [ $server_rv -eq 0 ]; then 105 echo "Socket labeled star should not have access to any udp socket" 106 exit 1 107fi 108