3 test_file="/tmp/smack_socket_udp"
4 SMACK_PATH=`grep smack /proc/mounts | awk '{print $2}' `
6 udp_server=`which udp_server`
7 if [ -z $udp_server ]; then
8 if [ -f "/tmp/udp_server" ]; then
9 udp_server="/tmp/udp_server"
11 echo "udp_server binary not found"
15 udp_client=`which udp_client`
16 if [ -z $udp_client ]; then
17 if [ -f "/tmp/udp_client" ]; then
18 udp_client="/tmp/udp_client"
20 echo "udp_client binary not found"
25 # make sure no access is granted
26 # 12345678901234567890123456789012345678901234567890123456
27 echo -n "label1 label2 -----" > $SMACK_PATH/load
29 # checking access for sockets with different labels
30 $udp_server 50021 label2 2>$test_file &
33 $udp_client 50021 label1 2>$test_file &
39 if [ $server_rv -eq 0 ]; then
40 echo "Sockets with different labels should not communicate on udp"
44 # granting access between different labels
45 # 12345678901234567890123456789012345678901234567890123456
46 echo -n "label1 label2 rw---" > $SMACK_PATH/load
47 # checking access for sockets with different labels, but having a rule granting rw
48 $udp_server 50022 label2 2>$test_file &
51 $udp_client 50022 label1 2>$test_file &
57 if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then
58 echo "Sockets with different labels, but having rw access, should communicate on udp"
62 # checking access for sockets with the same label
63 $udp_server 50023 label1 &
66 $udp_client 50023 label1 2>$test_file &
72 if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then
73 echo "Sockets with same labels should communicate on udp"
77 # checking access on socket labeled star (*)
78 # should always be permitted
79 $udp_server 50024 \* 2>$test_file &
82 $udp_client 50024 label1 2>$test_file &
88 if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then
89 echo "Should have access on udp socket labeled star (*)"
93 # checking access from socket labeled star (*)
94 # all access from subject star should be denied
95 $udp_server 50025 label1 2>$test_file &
98 $udp_client 50025 \* 2>$test_file &
104 if [ $server_rv -eq 0 ]; then
105 echo "Socket labeled star should not have access to any udp socket"