selinux: comparison Tainted

equal deleted inserted replaced

-:f20a798cdf7d
+:25e55731ed01
 | "Tainted (CloseFd p fd # s) =
 (case (file_of_proc_fd s p fd) of
 Some f \<Rightarrow> ( if ((proc_fd_of_file s f = {(p,fd)}) \<and> (f \<in> files_hung_by_del s))
 then Tainted s - {O_file f} else Tainted s )
 | _      \<Rightarrow> Tainted s)"
-| "Tainted (UnLink p f # s) = Tainted s - {O_file f}"
+| "Tainted (UnLink p f # s) =
+(if (proc_fd_of_file s f = {}) then Tainted s - {O_file f} else Tainted s)"
 | "Tainted (LinkHard p f f' # s) =
 (if (O_file f \<in> Tainted s) then Tainted s \<union> {O_file f'} else Tainted s)"
 | "Tainted (Truncate p f len # s) =
 (if (len > 0 \<and> O_proc p \<in> Tainted s)
 then Tainted s \<union> {O_file f' | f'. has_same_inode s f f'}
 else Tainted s)"
 | "Tainted (SendMsg p q m # s) =
 (if (O_proc p \<in> Tainted s) then Tainted s \<union> {O_msg q m} else Tainted s)"
 | "Tainted (RecvMsg p q m # s) =
 (if (O_msg q m \<in> Tainted s)
-then Tainted s \<union> {O_proc p' | p'. info_flow_shm s p p'} - {O_msg q m}
+then (Tainted s \<union> {O_proc p' | p'. info_flow_shm s p p'}) - {O_msg q m}
 else Tainted s)"
 | "Tainted (RemoveMsgq p q # s) = Tainted s - {O_msg q m| m. O_msg q m \<in> Tainted s}"
 | "Tainted (e # s) = Tainted s"
 lemma valid_Tainted_obj:
 lemma Tainted_in_current:
 "\<lbrakk>obj \<in> Tainted s; valid s\<rbrakk> \<Longrightarrow> alive s obj"
 apply (induct s, simp)
 apply (drule seeds_in_init, case_tac obj, simp_all add:is_file_nil)
 apply (frule vd_cons, frule valid_Tainted_obj, simp, frule vt_grant_os, case_tac a)
-apply (auto simp:alive_simps split:if_splits option.splits t_object.splits)
+apply (auto simp:alive_simps split:if_splits option.splits t_object.splits
-apply (auto intro:has_same_inode_prop2 has_same_inode_prop1)
+intro:has_same_inode_prop2 has_same_inode_prop1 dest:info_shm_flow_in_procs)
-apply
+done
+lemma has_inode_Tainted_aux:
+"\<lbrakk>O_file f \<in> tainted s; has_same_inode s f f'\<rbrakk> \<Longrightarrow> O_file f' \<in> tainted s"
+apply (erule tainted.induct)
+apply (auto intro:tainted.intros simp:has_same_inode_def)
+(*?? need simpset for tainted *)
+sorry
+lemma info_flow_shm_Tainted:
+"\<lbrakk>O_proc p \<in> Tainted s; info_flow_shm s p p'; valid s\<rbrakk> \<Longrightarrow> O_proc p' \<in> Tainted s"
+proof (induct s)
+case Nil
+thus ?case
+apply simp
+apply (induct s)
+apply simp defer
+apply (frule vd_cons, frule vt_grant_os, case_tac a)
+apply (auto simp:info_flow_shm_def elim!:disjE)
+sorry
+lemma tainted_imp_Tainted:
+"obj \<in> tainted s \<Longrightarrow> obj \<in> Tainted s"
+apply (induct rule:tainted.induct)
+apply (auto intro:info_flow_shm_Tainted dest:vd_cons)
+apply (case_tac e, auto split:option.splits if_splits simp:alive_simps)
+done
 lemma Tainted_imp_tainted:
 "\<lbrakk>obj \<in> Tainted s; valid s\<rbrakk> \<Longrightarrow> obj \<in> tainted s"
-apply (induct s arbitrary:obj, rule t_init, simp)
+proof (induct s arbitrary:obj)
-apply (frule vd_cons, frule vt_grant_os)
+case Nil
+thus ?case by (auto intro:t_init)
+next
+case (Cons e s)
+hence p1: "\<And> obj. obj \<in> Tainted s \<Longrightarrow> obj \<in> tainted s"
+and p2: "obj \<in> Tainted (e # s)" and p3: "valid (e # s)"
+and p4: "valid s" and p5: "os_grant s e"
+by (auto dest:vd_cons intro:vd_cons vt_grant_os)
+from p1 have p6: ""
+apply (frule vd_cons, frule vt_grant_os, frule valid_Tainted_obj, simp)
 apply (case_tac a)
 apply (auto intro!:t_init t_clone t_execve t_cfile t_read t_write t_link t_trunc t_sendmsg t_recvmsg
-split:if_splits option.splits)
+intro:t_remain
+split:if_splits option.splits dest:Tainted_in_current)
 pr 25
 lemma tainted_imp_Tainted:
 "obj \<in> tainted s \<Longrightarrow> obj \<in> Tainted s"

changeset 23	25e55731ed01
parent 22	f20a798cdf7d
child 24	566b0d1c3669