selinux: comparison Dynamic2static.thy

equal deleted inserted replaced

-:ced0fcfbcf8e
+:e2c6af3ccb0d
 lemma init_deled_imp_deled_s:
 "\<lbrakk>deleted obj s; init_alive obj; sobj \<in> (s2ss s); valid s\<rbrakk> \<Longrightarrow> \<not> init_obj_related sobj obj"
 apply (rule notI)
 apply (clarsimp simp:s2ss_def)
 apply (case_tac obj, case_tac [!] obja, case_tac sobj)
-apply (auto split:option.splits if_splits dest!:cp2sproc_pi cq2smsgq_qi ch2sshm_hi cm2smsg_mi)
+apply (auto split:option.splits if_splits dest!:cp2sproc_pi cq2smsgq_qi ch2sshm_hi cm2smsg_mi cf2sfile_fi)
+apply (auto simp:cf2sfiles_def same_inode_files_def has_same_inode_prop1' is_file_def is_dir_def
+split:option.splits t_inode_tag.splits dest!:cf2sfile_fi)
 done
 lemma deleted_imp_deletable_s:
 "\<lbrakk>deleted obj s; init_alive obj; valid s\<rbrakk> \<Longrightarrow> deletable_s obj"
 apply (simp add:deletable_s_def)
 apply (erule static.induct)
 apply (rule_tac x = "[]" in exI, simp add:s2ss_nil_prop valid.intros)
 apply (erule exE|erule conjE)+
-apply (erule exE, erule conjE)+
+sorry
-sorry
+lemma tainted_s_in_ss:
+"tainted_s ss sobj \<Longrightarrow> sobj \<in> ss"
+apply (case_tac sobj, simp_all)
+apply (case_tac bool, simp+)
+apply (case_tac bool, simp+)
+apply (case_tac prod1, case_tac prod2, simp)
+thm tainted_s.simps
+oops
+lemma set_eq_D:
+"\<lbrakk>x \<in> S; {x. P x} = S\<rbrakk> \<Longrightarrow> P x"
+by auto
+lemma cqm2sms_prop1:
+"\<lbrakk>cqm2sms s q queue = Some sms; sm \<in> set sms\<rbrakk> \<Longrightarrow> \<exists> m. cm2smsg s q m = Some sm"
+apply (induct queue arbitrary:sms)
+apply (auto split:option.splits)
+done
+lemma sq_sm_prop:
+"\<lbrakk>sm \<in> set sms; cq2smsgq s q = Some (qi, qsec, sms); valid s\<rbrakk>
+\<Longrightarrow> \<exists> m. cm2smsg s q m = Some sm"
+by (auto simp:cq2smsgq_def split: option.splits intro:cqm2sms_prop1)
 lemma tainted_s_imp_tainted:
-"\<lbrakk>tainted_s ss sobj; ss \<in> static\<rbrakk> \<Longrightarrow> \<exists> obj s. s2ss s = ss \<and> valid s \<and> co2sobj s obj = Some sobj \<and> obj \<in> tainted s"
+"\<lbrakk>tainted_s ss sobj; ss \<in> static\<rbrakk> \<Longrightarrow> \<exists> s obj. valid s \<and> co2sobj s obj = Some sobj \<and> obj \<in> tainted s"
-sorry
+apply (drule s2d_main)
+apply (erule exE, erule conjE, simp add:s2ss_def)
+apply (rule_tac x = s in exI, simp)
+apply (case_tac sobj, simp_all)
+apply (erule conjE, drule_tac S = ss in set_eq_D, simp, (erule exE|erule conjE)+)
+apply (rule_tac x = obj in exI, simp)
+apply (case_tac obj, (simp split:option.splits if_splits)+)
+apply (erule conjE, drule_tac S = ss in set_eq_D, simp, (erule exE|erule conjE)+)
+apply (rule_tac x = obj in exI, simp)
+apply (case_tac obj, (simp split:option.splits if_splits)+)
+apply (case_tac prod1, case_tac prod2, simp)
+apply ((erule conjE)+, drule_tac S = ss in set_eq_D, simp, (erule exE|erule conjE)+)
+apply (case_tac obj, simp_all split:option.splits if_splits)
+apply (drule_tac sm = "(aa, ba, True)" in sq_sm_prop, simp+, erule exE)
+apply (rule_tac x = "O_msg nat m" in exI)
+apply (simp)
+apply (case_tac obj, (simp split:option.splits if_splits)+)
+apply (erule conjE, drule_tac )
+lemma has_inode_tainted_aux:
+"O_file f \<in> tainted s \<Longrightarrow> \<forall> f'. has_same_inode s f f' \<longrightarrow> O_file f' \<in> tainted s"
+apply (erule tainted.induct)
+apply (auto intro:tainted.intros simp:has_same_inode_def)
+(*?? need simpset for tainted *)
+sorry
+lemma has_same_inode_tainted:
+"\<lbrakk>has_same_inode s f f'; O_file f' \<in> tainted s\<rbrakk> \<Longrightarrow> O_file f \<in> tainted s"
+by (drule has_inode_tainted_aux, auto simp:has_same_inode_def)
 theorem static_sound:
 assumes tbl_s: "taintable_s obj"
 shows "taintable obj"
 proof-
 from tbl_s obtain ss sobj where static: "ss \<in> static"
 and sobj: "tainted_s ss sobj" and related: "init_obj_related sobj obj"
 and init_alive: "init_alive obj" by (auto simp:taintable_s_def)
 from static sobj tainted_s_imp_tainted
-obtain s obj' where s2ss: "s2ss s = ss" and co2sobj: "co2sobj s obj' = Some sobj"
+obtain s obj' where co2sobj: "co2sobj s obj' = Some sobj"
-and tainted: "obj' \<in> tainted s" and vs: "valid s" by blast
+and tainted': "obj' \<in> tainted s" and vs: "valid s" by blast
-from co2sobj related
+from co2sobj related vs
-have eq:"obj = obj'"
+have eq:"obj = obj' \<or> (\<exists> f f'. obj = O_file f \<and> obj' = O_file f' \<and> has_same_inode s f f')"
-apply (case_tac obj', case_tac [!] obj, case_tac [!] sobj)
+apply (case_tac obj', case_tac [!] obj)
-apply auto
+apply (auto split:option.splits if_splits dest!:cp2sproc_pi cq2smsgq_qi ch2sshm_hi cm2smsg_mi cf2sfile_fi)
-apply (auto split:option.splits if_splits)
+apply (auto simp:cf2sfiles_def same_inode_files_def has_same_inode_def is_file_def is_dir_def
-apply (case_tac a, simp+)
+split:option.splits t_inode_tag.splits dest!:cf2sfile_fi)
-apply (simp add:cp2sproc_def split:option.splits if_splits)
+done
-apply simp
+with tainted' have tainted: "obj \<in> tainted s"
-sorry
+by (auto intro:has_same_inode_tainted)
-with tainted vs init_alive
+with vs init_alive
 show ?thesis by (auto simp:taintable_def)
 qed

changeset 20	e2c6af3ccb0d
parent 19	ced0fcfbcf8e
child 21	de8733706a06