selinux: comparison Dynamic

equal deleted inserted replaced

-:924ab7a4e7fa
+:271e9818b6f6
 show ?thesis using grant f_in f_in' psfs psfs' psfs_eq sec
 apply (simp add:Cons split:option.splits)
 by (case_tac a, simp)
 qed
+lemma proc_filefd_has_sfd: "\<lbrakk>fd \<in> proc_file_fds s p; valid s\<rbrakk> \<Longrightarrow> \<exists> sfd. cfd2sfd s p fd = Some sfd"
+apply (simp add:proc_file_fds_def)
+apply (auto dest: current_filefd_has_sfd)
+done
 lemma enrich_inherit_fds_check:
 assumes grant: "inherit_fds_check s (up, nr, nt) p fds"  and vd: "valid s"
 and cp2sp: "\<forall> p. p  \<in> current_procs s \<longrightarrow> cp2sproc s' p = cp2sproc s p"
 and p_in: "p \<in> current_procs s" and p_in': "p \<in> current_procs s'"
-and fd_in: "fds \<subseteq> current_proc_fds s p" and fd_in': "fds \<subseteq> current_proc_fds s' p"
+and fd_in: "fds \<subseteq> proc_file_fds s p" and fd_in': "fds \<subseteq> proc_file_fds s' p"
 shows "inherit_fds_check s' (up, nr, nt) p fds"
 proof-
 have "\<And> fd. fd \<in> fds \<Longrightarrow> sectxt_of_obj s' (O_fd p fd) = sectxt_of_obj s (O_fd p fd)"
 proof-
 fix fd
 assume fd_in_fds: "fd \<in> fds"
-hence fd_in_cfds: "fd \<in> current_proc_fds s p"
+hence fd_in_cfds: "fd \<in> proc_file_fds s p"
-and fd_in_cfds': "fd \<in> current_proc_fds s' p"
+and fd_in_cfds': "fd \<in> proc_file_fds s' p"
 using fd_in fd_in' by auto
 from p_in vd obtain sp where csp: "cp2sproc s p = Some sp"
 by (drule_tac current_proc_has_sp, simp, erule_tac exE, simp)
 with cp2sp have "cpfd2sfds s p = cpfd2sfds s' p"
 apply (erule_tac x = p in allE)
 by (auto simp:cp2sproc_def split:option.splits simp:p_in)
-hence "cfd2sfd s p fd = cfd2sfd s' p fd"
+hence "cfd2sfd s p fd = cfd2sfd s' p fd" using fd_in_cfds fd_in_cfds'
 apply (simp add:cpfd2sfds_def)
+apply (frule proc_filefd_has_sfd, simp add:vd, erule exE)
+apply (drule_tac x = sfd in eqset_imp_iff, simp)
+(*
 thm inherit_fds_check_def
 thm sectxts_of_fds_def
 thm cpfd2sfds_def
 apply (
+*)sorry
 show "sectxt_of_obj s' (O_fd p fd) = sectxt_of_obj s (O_fd p fd)"
 sorry
 qed
 hence "sectxts_of_fds s' p fds = sectxts_of_fds s p fds"
 by (simp add:sectxts_of_fds_def)
 and os: "os_grant s e" and grant: "grant s e" and vd: "valid s"
 and alive: "\<forall> obj. alive s obj \<longrightarrow> alive s' obj"
 and cp2sp: "\<forall> p. p \<in> current_procs s \<longrightarrow> cp2sproc s' p = cp2sproc s p"
 and cf2sf: "\<forall> f. f \<in> current_files s \<longrightarrow> cf2sfile s' f = cf2sfile s f"
 shows "valid (e # s')"
+sorry (*
 proof (cases e)
 case (Execve p f fds)
 have p_in: "p \<in> current_procs s'" using os alive
 apply (erule_tac x = "O_proc p" in allE)
 by (auto simp:Execve)
 show ?
 proof-
 have
+*)
 lemma enrich_proc_prop:
 "\<lbrakk>valid s; is_created_proc s p; p' \<notin> all_procs s\<rbrakk>
 \<Longrightarrow> valid (enrich_proc s p p') \<and>
 (p \<in> current_procs s \<longrightarrow> co2sobj (enrich_proc s p p') (O_proc p') = co2sobj (enrich_proc s p p') (O_proc p)) \<and>
 (\<forall> obj. alive s obj \<longrightarrow> alive (enrich_proc s p p')  obj) \<and>
 (\<forall> p'. p' \<in> current_procs s \<longrightarrow> cp2sproc (enrich_proc s p p') p' = cp2sproc s p) \<and>
 (\<forall> f. f \<in> current_files s \<longrightarrow> cf2sfile (enrich_proc s p p') f = cf2sfile s f) \<and>
 (Tainted (enrich_proc s p p') = (Tainted s \<union> (if (O_proc p \<in> Tainted s) then {O_proc p'} else {})))"
+sorry (*
 proof (induct s)
 case Nil
 thus ?case by (auto simp:is_created_proc_def)
 next
 case (Cons e s)
 moreover have c4: "alive (e # s) obj \<longrightarrow>
 alive (enrich_proc (e # s) p p') obj \<and> co2sobj (enrich_proc (e # s) p p') obj = co2sobj (e # s) obj"
 sorry
 ultimately show ?case by auto
 qed
+*)
 lemma "alive s obj \<Longrightarrow> alive (enrich_proc s p p') obj"
 apply (induct s, simp)
-apply (case_tac a, case_tac[!] obj)
+apply (case_tac a, case_tac[!] obj) sorry (*
 apply (auto simp:is_file_def is_dir_def split:option.splits t_inode_tag.splits)
 thm is_file_other
+*)
 lemma enrich_proc_valid:
-"\<lbrakk>p \<in> current_procs s; valid s; p \<in> init_procs \<longrightarrow> deleted (O_proc p) s; p' \<notin> current_procs s\<rbrakk> \<Longrightarrow> valid (enrich_proc s p p')"
+"\<lbrakk>p \<in> current_procs s; valid s; p \<in> init_procs \<longrightarrow> deleted (O_proc p) s; p' \<notin> current_procs s\<rbrakk> \<Longrightarrow> valid (enrich_proc s p p')" (*
 apply (induct s, simp)
 apply (frule vd_cons, frule vt_grant, frule vt_grant_os, case_tac a)
 apply (auto intro!:valid.intros(2))
 prefer 28
 end
+*)
+sorry
 (* for any created obj, we can enrich trace with events that create new objs with the same static-properties *)
 definition enriched:: "t_state \<Rightarrow> t_object set \<Rightarrow> t_state \<Rightarrow> bool"
 where
 "enriched s objs s' \<equiv> \<forall> obj \<in> objs. \<exists> obj'. \<not> alive s obj' \<and> obj' \<notin> objs \<and>
 apply (case_tac sf)
 apply (induct f)
 apply (auto simp:search_check_s_def search_check.simps cf2sfile_def sroot_def
 root_sec_remains init_sectxt_prop sec_of_root_valid
 dest!:root_is_dir' current_has_sec' split:option.splits)
-apply (simp add:search_check_allp_def)
 done
 lemma grant_execve_intro_execve:
 "\<lbrakk>cp2sproc (Execve p f fds # s) p = Some (pi', sec', sfds', shms'); valid (Execve p f fds # s);
 cp2sproc s p = Some (pi, sec, sfds, shms); cf2sfile s f = Some (fi, fsec, psec, asecs)\<rbrakk>
 "\<lbrakk>cp2sproc (Execve p f fds # s) p = Some (pi', sec', sfds', shms');
 inherit_fds_check s sec' p fds; valid (Execve p f fds # s)\<rbrakk>
 \<Longrightarrow> inherit_fds_check_s sec' sfds'"
 apply (frule vt_grant_os, frule vd_cons, frule vt_grant)
 apply (auto simp:cp2sproc_def cpfd2sfds_execve inherit_fds_check_def inherit_fds_check_s_def split:option.splits)
+sorry (*
 apply (erule_tac x = "(ad, ae, bc)" in ballE, auto simp:sectxts_of_sfds_def sectxts_of_fds_def)
 apply (erule_tac x = fd in ballE, auto simp:cfd2sfd_def split:option.splits)
-done
+done *)
 lemma d2s_main_execve_grant_aux:
 "\<lbrakk>cp2sproc (Execve p f fds # s) p = Some (pi', sec', sfds', shms'); valid (Execve p f fds # s);
 cp2sproc s p = Some (pi, sec, sfds, shms); cf2sfile s f = Some (fi, fsec, psec, asecs)\<rbrakk>
 \<Longrightarrow> (npctxt_execve sec fsec = Some sec') \<and> grant_execve sec fsec sec' \<and>
 apply (simp add:reserved_def)
 by (erule_tac x = "O_proc p" in allE, auto)
 moreover from a4 os p4 have "is_file s' f"
 apply (simp add:reserved_def)
 by (erule_tac x = "O_file f" in allE, auto)
-moreover from a4 os p4 have "fds \<subseteq> current_proc_fds s' p"
+moreover from a4 os p4 vd have "fds \<subseteq> proc_file_fds s' p"
 apply (rule_tac subsetI, clarsimp simp:reserved_def current_proc_fds.simps)
 apply (erule_tac x = "O_fd p x" in allE, erule impE)
-apply (simp, erule set_mp, simp+)
+sorry
-done
 ultimately have "os_grant s' e"
 by (simp add:p4)
 moreover have "grant s' e"
 sorry
 ultimately have "valid (e # s')"
 apply (simp add:enrichable_def)
 apply (rule_tac x = "e # s'" in exI)
 apply (simp)
 sorry
 qed
+qed
 lemma s2d_main_execve:
 "\<lbrakk>grant_execve pctxt fsec pctxt'; ss \<in> static; S_proc (pi, pctxt, fds, shms) tagp \<in> ss; S_file sfs tagf \<in> ss;
 (fi, fsec, pfsec, asecs) \<in> sfs; npctxt_execve pctxt fsec = Some pctxt';
 search_check_s pctxt (fi, fsec, pfsec, asecs) True; inherit_fds_check_s pctxt' fds'; fds' \<subseteq> fds; valid s;
 s2ss s = update_ss ss (S_proc (pi, pctxt, fds, shms) tagp) (S_proc (pi, pctxt', fds', {}) (tagp \<or> tagf))"
 apply (simp add:update_ss_def)
 thm update_ss_def
 sorry
+(*
 lemma s2d_main_execve:
 "ss \<in> static \<Longrightarrow> \<exists> s. valid s \<and> s2ss s = ss"
 apply (erule static.induct)
 apply (rule_tac x = "[]" in exI, simp add:s2ss_nil_prop valid.intros)
 apply (erule exE|erule conjE)+
 apply (rule s2d_main_execve, simp+)
 apply (erule exE|erule conjE)+
-apply (simp add:update_ss_def)
 sorry
+*)
 (*********************** uppest-level 3 theorems ***********************)
 lemma enrichability:
 "\<lbrakk>valid s; \<forall> obj \<in> objs. alive s obj \<and> is_created s obj \<and> recorded obj\<rbrakk>
-\<Longrightarrow> enrichable s objs"
+\<Longrightarrow> enrichable s objs" sorry (*
 proof (induct s arbitrary:objs)
 case Nil
 hence "objs = {}"
-apply (auto simp:is_created_def)
+apply (auto)
 apply (erule_tac x = x in ballE)
+apply (case_tac x)
 apply (auto simp:init_alive_prop)
-done
+sorry (*     done *)
 thus ?case using Nil unfolding enrichable_def enriched_def reserved_def
 by (rule_tac x = "[]" in exI, auto)
 next
 case (Cons e s)
 hence p1: "\<And> objs. \<forall> obj \<in> objs. alive s obj \<and> is_created s obj \<and> recorded obj
 done
 qed
+*)
 lemma d2s_main:
 "valid s \<Longrightarrow> s2ss s \<propto> static"
 apply (induct s, simp add:s2ss_nil_prop init_ss_in_def)
 apply (rule_tac x = "init_static_state" in bexI, simp, simp add:s_init)
 apply (simp add:update_ss_def)
 sorry
+lemma s2d_main':
+"ss \<in> static \<Longrightarrow> \<exists> s. valid s \<and> s2ss s \<doteq> ss"
+apply (erule static.induct)
+apply (rule_tac x = "[]" in exI, simp add:s2ss_nil_prop valid.intros)
+apply (erule exE|erule conjE)+
+apply (simp add:update_ss_def)
+sorry
 end
 end

changeset 74	271e9818b6f6
parent 70	002c34a6ff4f