selinux: comparison Tainted

equal deleted inserted replaced

-:566b0d1c3669
+:259a50be4381
 apply (induct s, auto)
 apply (auto intro:tainted.intros simp:has_same_inode_def)
 (*?? need simpset for tainted *)
 sorry
+lemma info_flow_shm_intro:
+"\<lbrakk>(p, SHM_RDWR) \<in> procs_of_shm s h; (p', flag) \<in> procs_of_shm s h; valid s\<rbrakk>
+\<Longrightarrow> info_flow_shm s p p'"
+apply (rule_tac p = p and p' = p in info_flow_shm.intros(2))
+apply (auto intro!:info_flow_shm.intros(1) procs_of_shm_prop2)
+done
 lemma info_flow_shm_Tainted:
 "\<lbrakk>O_proc p \<in> Tainted s; info_flow_shm s p p'; valid s\<rbrakk> \<Longrightarrow> O_proc p' \<in> Tainted s"
 proof (induct s arbitrary:p p')
 case Nil
 thus ?case by (simp add:flow_shm_in_seeds)
 and p5: "valid s" and p6: "os_grant s e"
 by (auto dest:vd_cons intro:vd_cons vt_grant_os)
 have p4':
 "\<And> p p' h flag. \<lbrakk>O_proc p \<in> Tainted s; (p, SHM_RDWR) \<in> procs_of_shm s h; (p', flag) \<in> procs_of_shm s h\<rbrakk>
 \<Longrightarrow> O_proc p' \<in> Tainted s"
-by (rule p4, auto simp:info_flow_shm_def)
+by (rule p4, auto intro!:info_flow_shm_intro p5)
 from p2 p3 have p7: "p \<in> current_procs (e # s)" and p8: "p' \<in> current_procs (e # s)"
 by (auto dest:info_shm_flow_in_procs)
 show ?case
 proof (cases "p = p'")
 case True with p1 show ?thesis by simp
 next
 case False
 with p1 p2 p5 p6 p7 p8 p3 show ?thesis
 apply (case_tac e)
 prefer 7
-apply (simp add:info_flow_shm_def split:if_splits option.splits)
+apply (simp split:if_splits option.splits)
 apply (rule allI|rule impI|rule conjI)+
+apply (auto dest:p4'   procs_of_shm_prop2 Tainted_in_current split:if_splits option.splits)[1]
 apply (erule disjE, drule_tac p = p and p' = p' in p4', simp+)
 apply (erule disjE, rule disjI2, rule disjI2, rule_tac x = h in exI, simp, rule_tac x= toflag in exI, simp)
 apply ((erule exE|erule conjE)+)

changeset 25	259a50be4381
parent 24	566b0d1c3669
child 27	fc749f19b894