Integrate parts of meta-intel-iot-security

Adds the recipes of the sub layers - meta-security-framework - meta-security-smack Change-Id: I618608008a3b3d1d34adb6e38048110f13ac0643 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
author: José Bollo <jose.bollo@iot.bzh> 2018-01-24 11:38:43 +0100
committer: José Bollo <jose.bollo@iot.bzh> 2018-02-13 11:02:00 +0100
commit: f70d712e4f505f5c5b50ae17f4f023d20a667568 (patch)
tree: 57b0aaa702651012e1adfc07f9b6b6c580506f66 /meta-security/recipes-test
parent: 3f962c7d202055777dd0238f12dbcf70f09ac07d (diff)
13 files changed, 704 insertions, 0 deletions
diff --git a/meta-security/recipes-test/app-runas/app-runas.bb b/meta-security/recipes-test/app-runas/app-runas.bb
new file mode 100644
index 000000000..95725c2e7
--- /dev/null
+++ b/meta-security/recipes-test/app-runas/app-runas.bb
@@ -0,0 +1,17 @@
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://app-runas.cpp;beginline=3;endline=19;md5=1ca447189bb2c54039033d50d8982d92"
+SRC_URI = "file://app-runas.cpp"
+DEPENDS = "security-manager"
+S = "${WORKDIR}"
+
+do_compile () {
+    ${CXX} ${CXXFLAGS} ${S}/app-runas.cpp `pkg-config --cflags --libs security-manager` -o app-runas
+}
+
+do_install () {
+    install -D app-runas ${D}/${bindir}/app-runas
+    chmod u+s ${D}/${bindir}/app-runas
+}
+
+inherit deploy-files
+DEPLOY_FILES_FROM[target] = "app-runas"
diff --git a/meta-security/recipes-test/app-runas/files/app-runas.cpp b/meta-security/recipes-test/app-runas/files/app-runas.cpp
new file mode 100644
index 000000000..58fa15504
--- /dev/null
+++ b/meta-security/recipes-test/app-runas/files/app-runas.cpp
@@ -0,0 +1,221 @@
+// (C) Copyright 2015 Intel Corporation
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+#include <security-manager.h>
+
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+
+#include <sys/types.h>
+#include <sys/wait.h>
+
+#include <string>
+#include <vector>
+
+#define CHECK(x) { \
+        int _ret = x; \
+        if (_ret != SECURITY_MANAGER_SUCCESS) { \
+            fprintf(stderr, "Failure in %s:%d: %s: %d = %s\n", __FILE__, __LINE__, #x, _ret, security_manager_strerror((lib_retcode)_ret)); \
+            return EXIT_FAILURE; \
+        } \
+   }
+
+static int do_install(app_inst_req *preq)
+{
+    CHECK(security_manager_app_install(preq));
+    return 0;
+}
+
+static int do_uninstall(app_inst_req *preq)
+{
+    CHECK(security_manager_app_uninstall(preq));
+    return 0;
+}
+
+static int do_run(const char *appid, const char *uid, const char *file, char *const argv[])
+{
+    if (!appid || !uid) {
+        fprintf(stderr, "Always need appid, uid for app startup.\n");
+        return EXIT_FAILURE;
+    }
+
+    pid_t child = fork();
+    if (child == -1) {
+        perror("fork");
+        return EXIT_FAILURE;
+    } else if (child) {
+        int status;
+        child = waitpid(child, &status, 0);
+        if (child == -1) {
+            perror("waitpid");
+            return EXIT_FAILURE;
+        }
+    } else {
+        // We cannot change the UID before security_manager_prepare_app()
+        // (because then setup_smack() fails to change Smack labels of
+        // our fds) and we cannot change the UID after it (because then
+        // security_manager_drop_process_privileges() has already dropped
+        // the necessary CAP_SETUID.
+        // Instead, we need to do the steps from security_manager_prepare_app()
+        // ourselves.
+        CHECK(security_manager_set_process_label_from_appid(appid));
+        CHECK(security_manager_set_process_groups_from_appid(appid));
+        if (setuid(atoi(uid))) {
+            fprintf(stderr, "setuid(%s): %s\n", uid, strerror(errno));
+            exit(EXIT_FAILURE);
+        }
+        CHECK(security_manager_drop_process_privileges());
+        // CHECK(security_manager_prepare_app(appid));
+
+        execvp(file, argv);
+        fprintf(stderr, "execvp(%s): %s", argv[optind], strerror(errno));
+        exit(EXIT_FAILURE);
+    }
+    return 0;
+}
+
+int main(int argc, char **argv)
+{
+    int flags, opt;
+    int nsecs, tfnd;
+    const char *appid = NULL;
+    const char *pkgid = NULL;
+    const char *uid = NULL;
+    std::vector<const char *> privileges;
+    std::vector< std::pair<app_install_path_type, std::string> > paths;
+    int install = 0, uninstall = 0, run = 0;
+
+    while ((opt = getopt(argc, argv, "a:p:u:r:t:ide")) != -1) {
+        switch (opt) {
+        case 'a':
+            appid = optarg;
+            break;
+        case 'p':
+            pkgid = optarg;
+            break;
+        case 'u':
+            uid = optarg;
+            break;
+        case 'r':
+            privileges.push_back(optarg);
+            break;
+        case 't': {
+            const char *colon = strchr(optarg, ':');
+            if (!colon) {
+                fprintf(stderr, "-t parameter must be of the format <type>:<path>");
+                return EXIT_FAILURE;
+            }
+            std::string typestr(optarg, colon - optarg);
+            std::string path(colon + 1);
+            app_install_path_type type;
+            if (typestr == "private") {
+                type = SECURITY_MANAGER_PATH_PRIVATE;
+            } else if (typestr == "public") {
+                type = SECURITY_MANAGER_PATH_PUBLIC;
+            } else if (typestr == "public-ro") {
+                type = SECURITY_MANAGER_PATH_PUBLIC_RO;
+            } else if (typestr == "rw") {
+                type = SECURITY_MANAGER_PATH_RW;
+            } else if (typestr == "ro") {
+                type = SECURITY_MANAGER_PATH_PRIVATE;
+            } else {
+                fprintf(stderr, "Invalid -t type: %s", typestr.c_str());
+                return EXIT_FAILURE;
+            }
+            paths.push_back(std::make_pair(type, path));
+            break;
+        }
+        case 'i':
+            install = 1;
+            break;
+        case 'd':
+            uninstall = 1;
+            break;
+        case 'e':
+            run = 1;
+            break;
+        default: /* '?' */
+            fprintf(stderr,
+                    "Usage: %s -i|-e|-d -a appid -u uid -p pkgid -r privilege1 ... -t private|public|public-ro|rw:<path> ... -- command args\n"
+                    "       -i = install, command ignored\n"
+                    "       -e = run command, privileges and pkgid ignored\n"
+                    "       -d = uninstall, command and privileges ignored\n"
+                    "       Install, run, and uninstall can be combined into a single invocation.\n",
+                    argv[0]);
+            exit(EXIT_FAILURE);
+            break;
+        }
+    }
+
+    if ((install || uninstall) &&
+        (!appid || !pkgid || !uid)) {
+         fprintf(stderr, "Always need appid, pkgid, uid for app install or uninstall.\n");
+         return EXIT_FAILURE;
+    }
+    if (run && optind >= argc) {
+        fprintf(stderr, "Expected command after options\n");
+        return EXIT_FAILURE;
+    }
+
+    app_inst_req *preq;
+    CHECK(security_manager_app_inst_req_new(&preq));
+    if (appid) {
+        CHECK(security_manager_app_inst_req_set_app_id(preq, appid));
+    }
+    if (pkgid) {
+        CHECK(security_manager_app_inst_req_set_pkg_id(preq, pkgid));
+    }
+    if (uid) {
+        CHECK(security_manager_app_inst_req_set_uid(preq, atoi(uid)));
+    }
+    for (size_t i = 0; i < paths.size(); i++) {
+        security_manager_app_inst_req_add_path(preq, paths[i].second.c_str(), paths[i].first);
+    }
+    for (size_t i = 0; i < privileges.size(); i++) {
+        CHECK(security_manager_app_inst_req_add_privilege(preq, privileges[i]));
+    }
+
+    int result = 0;
+    bool install_failed = false;
+    if (install) {
+        result = do_install(preq);
+        if (result) {
+            install_failed = true;
+        }
+    }
+    if (run && !install_failed) {
+        int run_result = do_run(appid, uid, argv[optind], argv + optind);
+        if (run_result) {
+            result = run_result;
+        }
+    }
+    if (uninstall && !install_failed) {
+        int uninstall_result = do_uninstall(preq);
+        if (uninstall_result) {
+            result = uninstall_result;
+        }
+    }
+
+    security_manager_app_inst_req_free(preq);
+    return result;
+}
diff --git a/meta-security/recipes-test/mmap-smack-test/files/mmap.c b/meta-security/recipes-test/mmap-smack-test/files/mmap.c
new file mode 100644
index 000000000..f358d27b5
--- /dev/null
+++ b/meta-security/recipes-test/mmap-smack-test/files/mmap.c
@@ -0,0 +1,7 @@
+#include <stdio.h>
+
+int main(int argc, char **argv)
+{
+    printf("Original test program removed while investigating its license.\n");
+    return 1;
+}
diff --git a/meta-security/recipes-test/mmap-smack-test/mmap-smack-test.bb b/meta-security/recipes-test/mmap-smack-test/mmap-smack-test.bb
new file mode 100644
index 000000000..9d11509d0
--- /dev/null
+++ b/meta-security/recipes-test/mmap-smack-test/mmap-smack-test.bb
@@ -0,0 +1,16 @@
+SUMMARY = "Mmap binary used to test smack mmap attribute"
+DESCRIPTION = "Mmap binary used to test smack mmap attribute"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+SRC_URI = "file://mmap.c" 
+
+S = "${WORKDIR}"
+do_compile() {
+    ${CC} mmap.c ${LDFLAGS} -o mmap_test
+}
+
+do_install() {
+    install -d ${D}${bindir}
+    install -m 0755 mmap_test ${D}${bindir}
+}
diff --git a/meta-security/recipes-test/mmap-smack-test/mmap-smack-test.bbappend b/meta-security/recipes-test/mmap-smack-test/mmap-smack-test.bbappend
new file mode 100644
index 000000000..e7d94f09f
--- /dev/null
+++ b/meta-security/recipes-test/mmap-smack-test/mmap-smack-test.bbappend
@@ -0,0 +1,2 @@
+inherit deploy-files
+DEPLOY_FILES_FROM[target] = "${WORKDIR}/mmap_test"
diff --git a/meta-security/recipes-test/tcp-smack-test/files/tcp_client.c b/meta-security/recipes-test/tcp-smack-test/files/tcp_client.c
new file mode 100644
index 000000000..185f97380
--- /dev/null
+++ b/meta-security/recipes-test/tcp-smack-test/files/tcp_client.c
@@ -0,0 +1,111 @@
+// (C) Copyright 2015 Intel Corporation
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+#include <stdio.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <netinet/in.h>
+#include <unistd.h>
+#include <netdb.h>
+#include <string.h>
+#include <sys/xattr.h>
+
+int main(int argc, char* argv[])
+{
+
+	int sock;
+	char message[255] = "hello";
+	struct sockaddr_in server_addr;
+	char* label_in;
+	char* label_out;
+	char* attr_out = "security.SMACK64IPOUT";
+	char* attr_in = "security.SMACK64IPIN";
+	char out[256];
+	int port;
+
+	struct timeval timeout;
+	timeout.tv_sec = 15;
+	timeout.tv_usec = 0;
+
+	struct hostent*  host = gethostbyname("localhost");
+
+	if (argc != 4)
+	{
+		perror("Client: Arguments missing, please provide socket labels");
+		return 2;
+	}
+
+	port = atoi(argv[1]);
+	label_in = argv[2];
+	label_out = argv[3];
+
+	if((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+	{
+		perror("Client: Socket failure");
+		return 2;
+	}
+
+
+	if(fsetxattr(sock, attr_out, label_out, strlen(label_out), 0) < 0)
+	{
+		perror("Client: Unable to set attribute SMACK64IPOUT");
+		return 2;
+	}
+
+	if(fsetxattr(sock, attr_in, label_in, strlen(label_in), 0) < 0)
+	{
+		perror("Client: Unable to set attribute SMACK64IPIN");
+		return 2;
+	}
+
+	server_addr.sin_family = AF_INET;
+	server_addr.sin_port = htons(port);
+	bcopy((char*) host->h_addr, (char*) &server_addr.sin_addr.s_addr,host->h_length);
+	bzero(&(server_addr.sin_zero),8);
+	
+	if(setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, &timeout, sizeof(timeout)) < 0)
+	{
+		perror("Client: Set timeout failed\n");
+		return 2;
+	}
+	
+	if (connect(sock, (struct sockaddr *)&server_addr,sizeof(struct sockaddr)) == -1)
+	{
+    		perror("Client: Connection failure");
+			close(sock);
+        	return 1;
+	}
+
+
+	if(write(sock, message, strlen(message)) < 0)
+	{
+		perror("Client: Error sending data\n");
+		close(sock);
+		return 1;
+	}
+	close(sock);
+	return 0;
+}
+
+
+
+
+
+
diff --git a/meta-security/recipes-test/tcp-smack-test/files/tcp_server.c b/meta-security/recipes-test/tcp-smack-test/files/tcp_server.c
new file mode 100644
index 000000000..9285dc695
--- /dev/null
+++ b/meta-security/recipes-test/tcp-smack-test/files/tcp_server.c
@@ -0,0 +1,118 @@
+// (C) Copyright 2015 Intel Corporation
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+#include <stdio.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <netinet/in.h>
+#include <unistd.h>
+#include <string.h>
+
+int main(int argc, char* argv[])
+{
+
+	int sock;
+	int clientsock;
+	char message[255];
+	socklen_t client_length;
+	struct sockaddr_in server_addr, client_addr;
+	char* label_in;
+	char* attr_in = "security.SMACK64IPIN";
+	int port;
+
+	struct timeval timeout;
+	timeout.tv_sec = 15;
+	timeout.tv_usec = 0;
+
+	if (argc != 3)
+	{
+		perror("Server: Argument missing please provide port and label for SMACK64IPIN");
+		return 2;
+	}
+	
+	port = atoi(argv[1]);
+	label_in = argv[2];
+	bzero(message,255);
+
+	
+	if((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+	{
+		perror("Server: Socket failure");
+		return 2;
+	}
+	
+	
+	if(fsetxattr(sock, attr_in, label_in, strlen(label_in),0) < 0)
+	{
+		perror("Server: Unable to set attribute ipin 2");
+		return 2;
+	}
+
+	server_addr.sin_family = AF_INET;         
+	server_addr.sin_port = htons(port);     
+	server_addr.sin_addr.s_addr = INADDR_ANY; 
+ 	bzero(&(server_addr.sin_zero),8); 
+
+	if(setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout)) < 0)
+	{
+		perror("Server: Set timeout failed\n");
+		return 2;
+	}
+
+	if(bind(sock, (struct sockaddr*) &server_addr, sizeof(server_addr)) < 0)
+	{
+		perror("Server: Bind failure ");
+		return 2;
+	}
+
+	listen(sock, 1);
+	client_length = sizeof(client_addr);
+
+	clientsock = accept(sock,(struct sockaddr*) &client_addr, &client_length);
+
+	if (clientsock < 0)
+	{
+		perror("Server: Connection failed");
+		close(sock);
+		return 1;
+	}
+	
+
+	if(fsetxattr(clientsock, "security.SMACK64IPIN", label_in, strlen(label_in),0) < 0)
+	{
+		perror(" Server: Unable to set attribute ipin 2");
+		close(sock);
+		return 2;
+	}
+
+	if(read(clientsock, message, 254) < 0)
+	{
+		perror("Server: Error when reading from socket");
+		close(clientsock);
+		close(sock);
+		return 1;
+	}
+
+
+	close(clientsock);
+	close(sock);
+
+	return 0;
+}
diff --git a/meta-security/recipes-test/tcp-smack-test/tcp-smack-test.bb b/meta-security/recipes-test/tcp-smack-test/tcp-smack-test.bb
new file mode 100644
index 000000000..57e7151a8
--- /dev/null
+++ b/meta-security/recipes-test/tcp-smack-test/tcp-smack-test.bb
@@ -0,0 +1,20 @@
+SUMMARY = "Binary used to test smack tcp sockets"
+DESCRIPTION = "Server and client binaries used to test smack attributes on TCP sockets"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+SRC_URI = "file://tcp_server.c \
+           file://tcp_client.c \
+" 
+
+S = "${WORKDIR}"
+do_compile() {
+    ${CC} tcp_client.c ${LDFLAGS} -o tcp_client
+    ${CC} tcp_server.c ${LDFLAGS} -o tcp_server
+}
+
+do_install() {
+    install -d ${D}${bindir}
+    install -m 0755 tcp_server ${D}${bindir}
+    install -m 0755 tcp_client ${D}${bindir}
+}
diff --git a/meta-security/recipes-test/tcp-smack-test/tcp-smack-test.bbappend b/meta-security/recipes-test/tcp-smack-test/tcp-smack-test.bbappend
new file mode 100644
index 000000000..2755bf0e1
--- /dev/null
+++ b/meta-security/recipes-test/tcp-smack-test/tcp-smack-test.bbappend
@@ -0,0 +1,2 @@
+inherit deploy-files
+DEPLOY_FILES_FROM[target] = "${WORKDIR}/tcp_client ${WORKDIR}/tcp_server"
diff --git a/meta-security/recipes-test/udp-smack-test/files/udp_client.c b/meta-security/recipes-test/udp-smack-test/files/udp_client.c
new file mode 100644
index 000000000..4d3afbe6c
--- /dev/null
+++ b/meta-security/recipes-test/udp-smack-test/files/udp_client.c
@@ -0,0 +1,75 @@
+// (C) Copyright 2015 Intel Corporation
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+#include <sys/socket.h>
+#include <stdio.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#include <string.h>
+
+int main(int argc, char* argv[])
+{
+	char* message = "hello";
+	int sock, ret;
+	struct sockaddr_in server_addr;
+	struct hostent*  host = gethostbyname("localhost");
+	char* label;
+	char* attr = "security.SMACK64IPOUT";
+	int port;
+	if (argc != 3)
+	{
+		perror("Client: Argument missing, please provide port and  label for SMACK64IPOUT");
+		return 2;
+	}
+
+	port = atoi(argv[1]);
+	label = argv[2];
+	sock = socket(AF_INET, SOCK_DGRAM,0);
+	if(sock < 0)
+	{
+		perror("Client: Socket failure");
+		return 2;
+	}
+	
+
+	if(fsetxattr(sock, attr, label, strlen(label),0) < 0)
+	{
+		perror("Client: Unable to set attribute ");
+		return 2;
+	}
+
+
+	server_addr.sin_family = AF_INET;
+	server_addr.sin_port = htons(port);
+	bcopy((char*) host->h_addr, (char*) &server_addr.sin_addr.s_addr,host->h_length);
+	bzero(&(server_addr.sin_zero),8);
+	
+	ret = sendto(sock, message, strlen(message),0,(const struct sockaddr*)&server_addr,
+			sizeof(struct sockaddr_in));
+
+	close(sock);
+	if(ret < 0)
+	{
+		perror("Client: Error sending message\n");
+		return 1;
+	}
+	
+	return 0;
+}
+
diff --git a/meta-security/recipes-test/udp-smack-test/files/udp_server.c b/meta-security/recipes-test/udp-smack-test/files/udp_server.c
new file mode 100644
index 000000000..cbab71e65
--- /dev/null
+++ b/meta-security/recipes-test/udp-smack-test/files/udp_server.c
@@ -0,0 +1,93 @@
+// (C) Copyright 2015 Intel Corporation
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+#include <sys/socket.h>
+#include <stdio.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#include <string.h>
+
+int main(int argc, char* argv[])
+{
+	int sock,ret;
+	struct sockaddr_in server_addr, client_addr;
+	socklen_t len;
+	char message[5];
+	char* label;
+	char* attr = "security.SMACK64IPIN";
+	int port;
+
+	if(argc != 3)
+	{
+		perror("Server: Argument missing, please provide port and label for SMACK64IPIN");
+		return 2;
+	}
+	
+	port = atoi(argv[1]);
+	label = argv[2];
+
+	struct timeval timeout;
+	timeout.tv_sec = 15;
+	timeout.tv_usec = 0;
+
+	sock = socket(AF_INET,SOCK_DGRAM,0);
+	if(sock < 0)
+	{
+		perror("Server: Socket error");
+		return 2;
+	}
+	
+
+	if(fsetxattr(sock, attr, label, strlen(label), 0) < 0)
+	{
+		perror("Server: Unable to set attribute ");
+		return 2;
+	}
+
+	server_addr.sin_family = AF_INET;         
+	server_addr.sin_port = htons(port);     
+	server_addr.sin_addr.s_addr = INADDR_ANY; 
+	bzero(&(server_addr.sin_zero),8); 
+	
+
+	if(setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout)) < 0)
+	{
+		perror("Server: Set timeout failed\n");
+		return 2;
+	}
+
+	if(bind(sock, (struct sockaddr*) &server_addr, sizeof(server_addr)) < 0)
+	{
+		perror("Server: Bind failure");
+		return 2;
+	}
+
+	len = sizeof(client_addr);
+	ret = recvfrom(sock, message, sizeof(message), 0, (struct sockaddr*)&client_addr,
+					&len);
+	close(sock);
+	if(ret < 0)
+	{
+		perror("Server: Error receiving");
+		return 1;
+
+	}
+	return 0;
+}
+
diff --git a/meta-security/recipes-test/udp-smack-test/udp-smack-test.bb b/meta-security/recipes-test/udp-smack-test/udp-smack-test.bb
new file mode 100644
index 000000000..478e3688d
--- /dev/null
+++ b/meta-security/recipes-test/udp-smack-test/udp-smack-test.bb
@@ -0,0 +1,20 @@
+SUMMARY = "Binary used to test smack udp sockets"
+DESCRIPTION = "Server and client binaries used to test smack attributes on UDP sockets"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+SRC_URI = "file://udp_server.c \
+           file://udp_client.c \
+" 
+
+S = "${WORKDIR}"
+do_compile() {
+    ${CC} udp_client.c ${LDFLAGS} -o udp_client
+    ${CC} udp_server.c ${LDFLAGS} -o udp_server
+}
+
+do_install() {
+    install -d ${D}${bindir}
+    install -m 0755 udp_server ${D}${bindir}
+    install -m 0755 udp_client ${D}${bindir}
+}
diff --git a/meta-security/recipes-test/udp-smack-test/udp-smack-test.bbappend b/meta-security/recipes-test/udp-smack-test/udp-smack-test.bbappend
new file mode 100644
index 000000000..bf79ba4d4
--- /dev/null
+++ b/meta-security/recipes-test/udp-smack-test/udp-smack-test.bbappend
@@ -0,0 +1,2 @@
+inherit deploy-files
+DEPLOY_FILES_FROM[target] = "${WORKDIR}/udp_client ${WORKDIR}/udp_server"
author	José Bollo <jose.bollo@iot.bzh>	2018-01-24 11:38:43 +0100
committer	José Bollo <jose.bollo@iot.bzh>	2018-02-13 11:02:00 +0100
commit	f70d712e4f505f5c5b50ae17f4f023d20a667568 (patch)
tree	57b0aaa702651012e1adfc07f9b6b6c580506f66 /meta-security/recipes-test
parent	3f962c7d202055777dd0238f12dbcf70f09ac07d (diff)