+++ /dev/null
-#!/bin/sh
-RC=0
-test_file=/tmp/smack_socket_tcp
-SMACK_PATH=`grep smack /proc/mounts | awk '{print $2}' `
-# make sure no access is granted
-# 12345678901234567890123456789012345678901234567890123456
-echo -n "label1 label2 -----" > $SMACK_PATH/load
-
-tcp_server=`which tcp_server`
-if [ -z $tcp_server ]; then
- if [ -f "/tmp/tcp_server" ]; then
- tcp_server="/tmp/tcp_server"
- else
- echo "tcp_server binary not found"
- exit 1
- fi
-fi
-tcp_client=`which tcp_client`
-if [ -z $tcp_client ]; then
- if [ -f "/tmp/tcp_client" ]; then
- tcp_client="/tmp/tcp_client"
- else
- echo "tcp_client binary not found"
- exit 1
- fi
-fi
-
-# checking access for sockets with different labels
-$tcp_server 50016 label1 &>/dev/null &
-server_pid=$!
-sleep 2
-$tcp_client 50016 label2 label1 &>/dev/null &
-client_pid=$!
-
-wait $server_pid
-server_rv=$?
-wait $client_pid
-client_rv=$?
-
-if [ $server_rv -eq 0 -o $client_rv -eq 0 ]; then
- echo "Sockets with different labels should not communicate on tcp"
- exit 1
-fi
-
-# granting access between different labels
-# 12345678901234567890123456789012345678901234567890123456
-echo -n "label1 label2 rw---" > $SMACK_PATH/load
-# checking access for sockets with different labels, but having a rule granting rw
-$tcp_server 50017 label1 2>$test_file &
-server_pid=$!
-sleep 1
-$tcp_client 50017 label2 label1 2>$test_file &
-client_pid=$!
-wait $server_pid
-server_rv=$?
-wait $client_pid
-client_rv=$?
-if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then
- echo "Sockets with different labels, but having rw access, should communicate on tcp"
- exit 1
-fi
-
-# checking access for sockets with the same label
-$tcp_server 50018 label1 2>$test_file &
-server_pid=$!
-sleep 1
-$tcp_client 50018 label1 label1 2>$test_file &
-client_pid=$!
-wait $server_pid
-server_rv=$?
-wait $client_pid
-client_rv=$?
-if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then
- echo "Sockets with same labels should communicate on tcp"
- exit 1
-fi
-
-# checking access on socket labeled star (*)
-# should always be permitted
-$tcp_server 50019 \* 2>$test_file &
-server_pid=$!
-sleep 1
-$tcp_client 50019 label1 label1 2>$test_file &
-client_pid=$!
-wait $server_pid
-server_rv=$?
-wait $client_pid
-client_rv=$?
-if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then
- echo "Should have access on tcp socket labeled star (*)"
- exit 1
-fi
-
-# checking access from socket labeled star (*)
-# all access from subject star should be denied
-$tcp_server 50020 label1 2>$test_file &
-server_pid=$!
-sleep 1
-$tcp_client 50020 label1 \* 2>$test_file &
-client_pid=$!
-wait $server_pid
-server_rv=$?
-wait $client_pid
-client_rv=$?
-if [ $server_rv -eq 0 -o $client_rv -eq 0 ]; then
- echo "Socket labeled star should not have access to any tcp socket"
- exit 1
-fi
Code Review / AGL / meta-agl.git / blobdiff