3 test_file=/tmp/smack_socket_tcp
4 SMACK_PATH=`grep smack /proc/mounts | awk '{print $2}' `
5 # make sure no access is granted
6 # 12345678901234567890123456789012345678901234567890123456
7 echo -n "label1 label2 -----" > $SMACK_PATH/load
9 tcp_server=`which tcp_server`
10 if [ -z $tcp_server ]; then
11 if [ -f "/tmp/tcp_server" ]; then
12 tcp_server="/tmp/tcp_server"
14 echo "tcp_server binary not found"
18 tcp_client=`which tcp_client`
19 if [ -z $tcp_client ]; then
20 if [ -f "/tmp/tcp_client" ]; then
21 tcp_client="/tmp/tcp_client"
23 echo "tcp_client binary not found"
28 # checking access for sockets with different labels
29 $tcp_server 50016 label1 &>/dev/null &
32 $tcp_client 50016 label2 label1 &>/dev/null &
40 if [ $server_rv -eq 0 -o $client_rv -eq 0 ]; then
41 echo "Sockets with different labels should not communicate on tcp"
45 # granting access between different labels
46 # 12345678901234567890123456789012345678901234567890123456
47 echo -n "label1 label2 rw---" > $SMACK_PATH/load
48 # checking access for sockets with different labels, but having a rule granting rw
49 $tcp_server 50017 label1 2>$test_file &
52 $tcp_client 50017 label2 label1 2>$test_file &
58 if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then
59 echo "Sockets with different labels, but having rw access, should communicate on tcp"
63 # checking access for sockets with the same label
64 $tcp_server 50018 label1 2>$test_file &
67 $tcp_client 50018 label1 label1 2>$test_file &
73 if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then
74 echo "Sockets with same labels should communicate on tcp"
78 # checking access on socket labeled star (*)
79 # should always be permitted
80 $tcp_server 50019 \* 2>$test_file &
83 $tcp_client 50019 label1 label1 2>$test_file &
89 if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then
90 echo "Should have access on tcp socket labeled star (*)"
94 # checking access from socket labeled star (*)
95 # all access from subject star should be denied
96 $tcp_server 50020 label1 2>$test_file &
99 $tcp_client 50020 label1 \* 2>$test_file &
105 if [ $server_rv -eq 0 -o $client_rv -eq 0 ]; then
106 echo "Socket labeled star should not have access to any tcp socket"