From f70d712e4f505f5c5b50ae17f4f023d20a667568 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Wed, 24 Jan 2018 11:38:43 +0100 Subject: Integrate parts of meta-intel-iot-security MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds the recipes of the sub layers - meta-security-framework - meta-security-smack Change-Id: I618608008a3b3d1d34adb6e38048110f13ac0643 Signed-off-by: José Bollo --- meta-security/recipes-test/app-runas/app-runas.bb | 17 ++ .../recipes-test/app-runas/files/app-runas.cpp | 221 +++++++++++++++++++++ .../recipes-test/mmap-smack-test/files/mmap.c | 7 + .../mmap-smack-test/mmap-smack-test.bb | 16 ++ .../mmap-smack-test/mmap-smack-test.bbappend | 2 + .../recipes-test/tcp-smack-test/files/tcp_client.c | 111 +++++++++++ .../recipes-test/tcp-smack-test/files/tcp_server.c | 118 +++++++++++ .../recipes-test/tcp-smack-test/tcp-smack-test.bb | 20 ++ .../tcp-smack-test/tcp-smack-test.bbappend | 2 + .../recipes-test/udp-smack-test/files/udp_client.c | 75 +++++++ .../recipes-test/udp-smack-test/files/udp_server.c | 93 +++++++++ .../recipes-test/udp-smack-test/udp-smack-test.bb | 20 ++ .../udp-smack-test/udp-smack-test.bbappend | 2 + 13 files changed, 704 insertions(+) create mode 100644 meta-security/recipes-test/app-runas/app-runas.bb create mode 100644 meta-security/recipes-test/app-runas/files/app-runas.cpp create mode 100644 meta-security/recipes-test/mmap-smack-test/files/mmap.c create mode 100644 meta-security/recipes-test/mmap-smack-test/mmap-smack-test.bb create mode 100644 meta-security/recipes-test/mmap-smack-test/mmap-smack-test.bbappend create mode 100644 meta-security/recipes-test/tcp-smack-test/files/tcp_client.c create mode 100644 meta-security/recipes-test/tcp-smack-test/files/tcp_server.c create mode 100644 meta-security/recipes-test/tcp-smack-test/tcp-smack-test.bb create mode 100644 meta-security/recipes-test/tcp-smack-test/tcp-smack-test.bbappend create mode 100644 meta-security/recipes-test/udp-smack-test/files/udp_client.c create mode 100644 meta-security/recipes-test/udp-smack-test/files/udp_server.c create mode 100644 meta-security/recipes-test/udp-smack-test/udp-smack-test.bb create mode 100644 meta-security/recipes-test/udp-smack-test/udp-smack-test.bbappend (limited to 'meta-security/recipes-test') diff --git a/meta-security/recipes-test/app-runas/app-runas.bb b/meta-security/recipes-test/app-runas/app-runas.bb new file mode 100644 index 000000000..95725c2e7 --- /dev/null +++ b/meta-security/recipes-test/app-runas/app-runas.bb @@ -0,0 +1,17 @@ +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://app-runas.cpp;beginline=3;endline=19;md5=1ca447189bb2c54039033d50d8982d92" +SRC_URI = "file://app-runas.cpp" +DEPENDS = "security-manager" +S = "${WORKDIR}" + +do_compile () { + ${CXX} ${CXXFLAGS} ${S}/app-runas.cpp `pkg-config --cflags --libs security-manager` -o app-runas +} + +do_install () { + install -D app-runas ${D}/${bindir}/app-runas + chmod u+s ${D}/${bindir}/app-runas +} + +inherit deploy-files +DEPLOY_FILES_FROM[target] = "app-runas" diff --git a/meta-security/recipes-test/app-runas/files/app-runas.cpp b/meta-security/recipes-test/app-runas/files/app-runas.cpp new file mode 100644 index 000000000..58fa15504 --- /dev/null +++ b/meta-security/recipes-test/app-runas/files/app-runas.cpp @@ -0,0 +1,221 @@ +// (C) Copyright 2015 Intel Corporation +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +#include + +#include +#include +#include +#include +#include + +#include +#include + +#include +#include + +#define CHECK(x) { \ + int _ret = x; \ + if (_ret != SECURITY_MANAGER_SUCCESS) { \ + fprintf(stderr, "Failure in %s:%d: %s: %d = %s\n", __FILE__, __LINE__, #x, _ret, security_manager_strerror((lib_retcode)_ret)); \ + return EXIT_FAILURE; \ + } \ + } + +static int do_install(app_inst_req *preq) +{ + CHECK(security_manager_app_install(preq)); + return 0; +} + +static int do_uninstall(app_inst_req *preq) +{ + CHECK(security_manager_app_uninstall(preq)); + return 0; +} + +static int do_run(const char *appid, const char *uid, const char *file, char *const argv[]) +{ + if (!appid || !uid) { + fprintf(stderr, "Always need appid, uid for app startup.\n"); + return EXIT_FAILURE; + } + + pid_t child = fork(); + if (child == -1) { + perror("fork"); + return EXIT_FAILURE; + } else if (child) { + int status; + child = waitpid(child, &status, 0); + if (child == -1) { + perror("waitpid"); + return EXIT_FAILURE; + } + } else { + // We cannot change the UID before security_manager_prepare_app() + // (because then setup_smack() fails to change Smack labels of + // our fds) and we cannot change the UID after it (because then + // security_manager_drop_process_privileges() has already dropped + // the necessary CAP_SETUID. + // Instead, we need to do the steps from security_manager_prepare_app() + // ourselves. + CHECK(security_manager_set_process_label_from_appid(appid)); + CHECK(security_manager_set_process_groups_from_appid(appid)); + if (setuid(atoi(uid))) { + fprintf(stderr, "setuid(%s): %s\n", uid, strerror(errno)); + exit(EXIT_FAILURE); + } + CHECK(security_manager_drop_process_privileges()); + // CHECK(security_manager_prepare_app(appid)); + + execvp(file, argv); + fprintf(stderr, "execvp(%s): %s", argv[optind], strerror(errno)); + exit(EXIT_FAILURE); + } + return 0; +} + +int main(int argc, char **argv) +{ + int flags, opt; + int nsecs, tfnd; + const char *appid = NULL; + const char *pkgid = NULL; + const char *uid = NULL; + std::vector privileges; + std::vector< std::pair > paths; + int install = 0, uninstall = 0, run = 0; + + while ((opt = getopt(argc, argv, "a:p:u:r:t:ide")) != -1) { + switch (opt) { + case 'a': + appid = optarg; + break; + case 'p': + pkgid = optarg; + break; + case 'u': + uid = optarg; + break; + case 'r': + privileges.push_back(optarg); + break; + case 't': { + const char *colon = strchr(optarg, ':'); + if (!colon) { + fprintf(stderr, "-t parameter must be of the format :"); + return EXIT_FAILURE; + } + std::string typestr(optarg, colon - optarg); + std::string path(colon + 1); + app_install_path_type type; + if (typestr == "private") { + type = SECURITY_MANAGER_PATH_PRIVATE; + } else if (typestr == "public") { + type = SECURITY_MANAGER_PATH_PUBLIC; + } else if (typestr == "public-ro") { + type = SECURITY_MANAGER_PATH_PUBLIC_RO; + } else if (typestr == "rw") { + type = SECURITY_MANAGER_PATH_RW; + } else if (typestr == "ro") { + type = SECURITY_MANAGER_PATH_PRIVATE; + } else { + fprintf(stderr, "Invalid -t type: %s", typestr.c_str()); + return EXIT_FAILURE; + } + paths.push_back(std::make_pair(type, path)); + break; + } + case 'i': + install = 1; + break; + case 'd': + uninstall = 1; + break; + case 'e': + run = 1; + break; + default: /* '?' */ + fprintf(stderr, + "Usage: %s -i|-e|-d -a appid -u uid -p pkgid -r privilege1 ... -t private|public|public-ro|rw: ... -- command args\n" + " -i = install, command ignored\n" + " -e = run command, privileges and pkgid ignored\n" + " -d = uninstall, command and privileges ignored\n" + " Install, run, and uninstall can be combined into a single invocation.\n", + argv[0]); + exit(EXIT_FAILURE); + break; + } + } + + if ((install || uninstall) && + (!appid || !pkgid || !uid)) { + fprintf(stderr, "Always need appid, pkgid, uid for app install or uninstall.\n"); + return EXIT_FAILURE; + } + if (run && optind >= argc) { + fprintf(stderr, "Expected command after options\n"); + return EXIT_FAILURE; + } + + app_inst_req *preq; + CHECK(security_manager_app_inst_req_new(&preq)); + if (appid) { + CHECK(security_manager_app_inst_req_set_app_id(preq, appid)); + } + if (pkgid) { + CHECK(security_manager_app_inst_req_set_pkg_id(preq, pkgid)); + } + if (uid) { + CHECK(security_manager_app_inst_req_set_uid(preq, atoi(uid))); + } + for (size_t i = 0; i < paths.size(); i++) { + security_manager_app_inst_req_add_path(preq, paths[i].second.c_str(), paths[i].first); + } + for (size_t i = 0; i < privileges.size(); i++) { + CHECK(security_manager_app_inst_req_add_privilege(preq, privileges[i])); + } + + int result = 0; + bool install_failed = false; + if (install) { + result = do_install(preq); + if (result) { + install_failed = true; + } + } + if (run && !install_failed) { + int run_result = do_run(appid, uid, argv[optind], argv + optind); + if (run_result) { + result = run_result; + } + } + if (uninstall && !install_failed) { + int uninstall_result = do_uninstall(preq); + if (uninstall_result) { + result = uninstall_result; + } + } + + security_manager_app_inst_req_free(preq); + return result; +} diff --git a/meta-security/recipes-test/mmap-smack-test/files/mmap.c b/meta-security/recipes-test/mmap-smack-test/files/mmap.c new file mode 100644 index 000000000..f358d27b5 --- /dev/null +++ b/meta-security/recipes-test/mmap-smack-test/files/mmap.c @@ -0,0 +1,7 @@ +#include + +int main(int argc, char **argv) +{ + printf("Original test program removed while investigating its license.\n"); + return 1; +} diff --git a/meta-security/recipes-test/mmap-smack-test/mmap-smack-test.bb b/meta-security/recipes-test/mmap-smack-test/mmap-smack-test.bb new file mode 100644 index 000000000..9d11509d0 --- /dev/null +++ b/meta-security/recipes-test/mmap-smack-test/mmap-smack-test.bb @@ -0,0 +1,16 @@ +SUMMARY = "Mmap binary used to test smack mmap attribute" +DESCRIPTION = "Mmap binary used to test smack mmap attribute" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" + +SRC_URI = "file://mmap.c" + +S = "${WORKDIR}" +do_compile() { + ${CC} mmap.c ${LDFLAGS} -o mmap_test +} + +do_install() { + install -d ${D}${bindir} + install -m 0755 mmap_test ${D}${bindir} +} diff --git a/meta-security/recipes-test/mmap-smack-test/mmap-smack-test.bbappend b/meta-security/recipes-test/mmap-smack-test/mmap-smack-test.bbappend new file mode 100644 index 000000000..e7d94f09f --- /dev/null +++ b/meta-security/recipes-test/mmap-smack-test/mmap-smack-test.bbappend @@ -0,0 +1,2 @@ +inherit deploy-files +DEPLOY_FILES_FROM[target] = "${WORKDIR}/mmap_test" diff --git a/meta-security/recipes-test/tcp-smack-test/files/tcp_client.c b/meta-security/recipes-test/tcp-smack-test/files/tcp_client.c new file mode 100644 index 000000000..185f97380 --- /dev/null +++ b/meta-security/recipes-test/tcp-smack-test/files/tcp_client.c @@ -0,0 +1,111 @@ +// (C) Copyright 2015 Intel Corporation +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +#include +#include +#include +#include +#include +#include +#include +#include +#include + +int main(int argc, char* argv[]) +{ + + int sock; + char message[255] = "hello"; + struct sockaddr_in server_addr; + char* label_in; + char* label_out; + char* attr_out = "security.SMACK64IPOUT"; + char* attr_in = "security.SMACK64IPIN"; + char out[256]; + int port; + + struct timeval timeout; + timeout.tv_sec = 15; + timeout.tv_usec = 0; + + struct hostent* host = gethostbyname("localhost"); + + if (argc != 4) + { + perror("Client: Arguments missing, please provide socket labels"); + return 2; + } + + port = atoi(argv[1]); + label_in = argv[2]; + label_out = argv[3]; + + if((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) + { + perror("Client: Socket failure"); + return 2; + } + + + if(fsetxattr(sock, attr_out, label_out, strlen(label_out), 0) < 0) + { + perror("Client: Unable to set attribute SMACK64IPOUT"); + return 2; + } + + if(fsetxattr(sock, attr_in, label_in, strlen(label_in), 0) < 0) + { + perror("Client: Unable to set attribute SMACK64IPIN"); + return 2; + } + + server_addr.sin_family = AF_INET; + server_addr.sin_port = htons(port); + bcopy((char*) host->h_addr, (char*) &server_addr.sin_addr.s_addr,host->h_length); + bzero(&(server_addr.sin_zero),8); + + if(setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, &timeout, sizeof(timeout)) < 0) + { + perror("Client: Set timeout failed\n"); + return 2; + } + + if (connect(sock, (struct sockaddr *)&server_addr,sizeof(struct sockaddr)) == -1) + { + perror("Client: Connection failure"); + close(sock); + return 1; + } + + + if(write(sock, message, strlen(message)) < 0) + { + perror("Client: Error sending data\n"); + close(sock); + return 1; + } + close(sock); + return 0; +} + + + + + + diff --git a/meta-security/recipes-test/tcp-smack-test/files/tcp_server.c b/meta-security/recipes-test/tcp-smack-test/files/tcp_server.c new file mode 100644 index 000000000..9285dc695 --- /dev/null +++ b/meta-security/recipes-test/tcp-smack-test/files/tcp_server.c @@ -0,0 +1,118 @@ +// (C) Copyright 2015 Intel Corporation +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +#include +#include +#include +#include +#include +#include +#include + +int main(int argc, char* argv[]) +{ + + int sock; + int clientsock; + char message[255]; + socklen_t client_length; + struct sockaddr_in server_addr, client_addr; + char* label_in; + char* attr_in = "security.SMACK64IPIN"; + int port; + + struct timeval timeout; + timeout.tv_sec = 15; + timeout.tv_usec = 0; + + if (argc != 3) + { + perror("Server: Argument missing please provide port and label for SMACK64IPIN"); + return 2; + } + + port = atoi(argv[1]); + label_in = argv[2]; + bzero(message,255); + + + if((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) + { + perror("Server: Socket failure"); + return 2; + } + + + if(fsetxattr(sock, attr_in, label_in, strlen(label_in),0) < 0) + { + perror("Server: Unable to set attribute ipin 2"); + return 2; + } + + server_addr.sin_family = AF_INET; + server_addr.sin_port = htons(port); + server_addr.sin_addr.s_addr = INADDR_ANY; + bzero(&(server_addr.sin_zero),8); + + if(setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout)) < 0) + { + perror("Server: Set timeout failed\n"); + return 2; + } + + if(bind(sock, (struct sockaddr*) &server_addr, sizeof(server_addr)) < 0) + { + perror("Server: Bind failure "); + return 2; + } + + listen(sock, 1); + client_length = sizeof(client_addr); + + clientsock = accept(sock,(struct sockaddr*) &client_addr, &client_length); + + if (clientsock < 0) + { + perror("Server: Connection failed"); + close(sock); + return 1; + } + + + if(fsetxattr(clientsock, "security.SMACK64IPIN", label_in, strlen(label_in),0) < 0) + { + perror(" Server: Unable to set attribute ipin 2"); + close(sock); + return 2; + } + + if(read(clientsock, message, 254) < 0) + { + perror("Server: Error when reading from socket"); + close(clientsock); + close(sock); + return 1; + } + + + close(clientsock); + close(sock); + + return 0; +} diff --git a/meta-security/recipes-test/tcp-smack-test/tcp-smack-test.bb b/meta-security/recipes-test/tcp-smack-test/tcp-smack-test.bb new file mode 100644 index 000000000..57e7151a8 --- /dev/null +++ b/meta-security/recipes-test/tcp-smack-test/tcp-smack-test.bb @@ -0,0 +1,20 @@ +SUMMARY = "Binary used to test smack tcp sockets" +DESCRIPTION = "Server and client binaries used to test smack attributes on TCP sockets" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" + +SRC_URI = "file://tcp_server.c \ + file://tcp_client.c \ +" + +S = "${WORKDIR}" +do_compile() { + ${CC} tcp_client.c ${LDFLAGS} -o tcp_client + ${CC} tcp_server.c ${LDFLAGS} -o tcp_server +} + +do_install() { + install -d ${D}${bindir} + install -m 0755 tcp_server ${D}${bindir} + install -m 0755 tcp_client ${D}${bindir} +} diff --git a/meta-security/recipes-test/tcp-smack-test/tcp-smack-test.bbappend b/meta-security/recipes-test/tcp-smack-test/tcp-smack-test.bbappend new file mode 100644 index 000000000..2755bf0e1 --- /dev/null +++ b/meta-security/recipes-test/tcp-smack-test/tcp-smack-test.bbappend @@ -0,0 +1,2 @@ +inherit deploy-files +DEPLOY_FILES_FROM[target] = "${WORKDIR}/tcp_client ${WORKDIR}/tcp_server" diff --git a/meta-security/recipes-test/udp-smack-test/files/udp_client.c b/meta-security/recipes-test/udp-smack-test/files/udp_client.c new file mode 100644 index 000000000..4d3afbe6c --- /dev/null +++ b/meta-security/recipes-test/udp-smack-test/files/udp_client.c @@ -0,0 +1,75 @@ +// (C) Copyright 2015 Intel Corporation +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +#include +#include +#include +#include +#include + +int main(int argc, char* argv[]) +{ + char* message = "hello"; + int sock, ret; + struct sockaddr_in server_addr; + struct hostent* host = gethostbyname("localhost"); + char* label; + char* attr = "security.SMACK64IPOUT"; + int port; + if (argc != 3) + { + perror("Client: Argument missing, please provide port and label for SMACK64IPOUT"); + return 2; + } + + port = atoi(argv[1]); + label = argv[2]; + sock = socket(AF_INET, SOCK_DGRAM,0); + if(sock < 0) + { + perror("Client: Socket failure"); + return 2; + } + + + if(fsetxattr(sock, attr, label, strlen(label),0) < 0) + { + perror("Client: Unable to set attribute "); + return 2; + } + + + server_addr.sin_family = AF_INET; + server_addr.sin_port = htons(port); + bcopy((char*) host->h_addr, (char*) &server_addr.sin_addr.s_addr,host->h_length); + bzero(&(server_addr.sin_zero),8); + + ret = sendto(sock, message, strlen(message),0,(const struct sockaddr*)&server_addr, + sizeof(struct sockaddr_in)); + + close(sock); + if(ret < 0) + { + perror("Client: Error sending message\n"); + return 1; + } + + return 0; +} + diff --git a/meta-security/recipes-test/udp-smack-test/files/udp_server.c b/meta-security/recipes-test/udp-smack-test/files/udp_server.c new file mode 100644 index 000000000..cbab71e65 --- /dev/null +++ b/meta-security/recipes-test/udp-smack-test/files/udp_server.c @@ -0,0 +1,93 @@ +// (C) Copyright 2015 Intel Corporation +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +#include +#include +#include +#include +#include + +int main(int argc, char* argv[]) +{ + int sock,ret; + struct sockaddr_in server_addr, client_addr; + socklen_t len; + char message[5]; + char* label; + char* attr = "security.SMACK64IPIN"; + int port; + + if(argc != 3) + { + perror("Server: Argument missing, please provide port and label for SMACK64IPIN"); + return 2; + } + + port = atoi(argv[1]); + label = argv[2]; + + struct timeval timeout; + timeout.tv_sec = 15; + timeout.tv_usec = 0; + + sock = socket(AF_INET,SOCK_DGRAM,0); + if(sock < 0) + { + perror("Server: Socket error"); + return 2; + } + + + if(fsetxattr(sock, attr, label, strlen(label), 0) < 0) + { + perror("Server: Unable to set attribute "); + return 2; + } + + server_addr.sin_family = AF_INET; + server_addr.sin_port = htons(port); + server_addr.sin_addr.s_addr = INADDR_ANY; + bzero(&(server_addr.sin_zero),8); + + + if(setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout)) < 0) + { + perror("Server: Set timeout failed\n"); + return 2; + } + + if(bind(sock, (struct sockaddr*) &server_addr, sizeof(server_addr)) < 0) + { + perror("Server: Bind failure"); + return 2; + } + + len = sizeof(client_addr); + ret = recvfrom(sock, message, sizeof(message), 0, (struct sockaddr*)&client_addr, + &len); + close(sock); + if(ret < 0) + { + perror("Server: Error receiving"); + return 1; + + } + return 0; +} + diff --git a/meta-security/recipes-test/udp-smack-test/udp-smack-test.bb b/meta-security/recipes-test/udp-smack-test/udp-smack-test.bb new file mode 100644 index 000000000..478e3688d --- /dev/null +++ b/meta-security/recipes-test/udp-smack-test/udp-smack-test.bb @@ -0,0 +1,20 @@ +SUMMARY = "Binary used to test smack udp sockets" +DESCRIPTION = "Server and client binaries used to test smack attributes on UDP sockets" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" + +SRC_URI = "file://udp_server.c \ + file://udp_client.c \ +" + +S = "${WORKDIR}" +do_compile() { + ${CC} udp_client.c ${LDFLAGS} -o udp_client + ${CC} udp_server.c ${LDFLAGS} -o udp_server +} + +do_install() { + install -d ${D}${bindir} + install -m 0755 udp_server ${D}${bindir} + install -m 0755 udp_client ${D}${bindir} +} diff --git a/meta-security/recipes-test/udp-smack-test/udp-smack-test.bbappend b/meta-security/recipes-test/udp-smack-test/udp-smack-test.bbappend new file mode 100644 index 000000000..bf79ba4d4 --- /dev/null +++ b/meta-security/recipes-test/udp-smack-test/udp-smack-test.bbappend @@ -0,0 +1,2 @@ +inherit deploy-files +DEPLOY_FILES_FROM[target] = "${WORKDIR}/udp_client ${WORKDIR}/udp_server" -- cgit 1.2.3-korg