selinux: comparison S2ss

equal deleted inserted replaced

-:ec73b98d4a64
+:e3ad1b294fd9
 "update_s2ss_obj s ss obj sobj sobj' =
 (if (\<exists> obj'. alive s obj' \<and> obj' \<noteq> obj \<and> co2sobj s obj' = Some sobj)
 then ss \<union> {sobj'}
 else ss - {sobj} \<union> {sobj'})"
-definition update_s2ss_sfile :: "t_state \<Rightarrow> t_static_state \<Rightarrow> t_file \<Rightarrow> t_sfile \<Rightarrow> t_static_state"
+definition update_s2ss_sfile_del :: "t_state \<Rightarrow> t_static_state \<Rightarrow> t_file \<Rightarrow> t_sfile \<Rightarrow> t_static_state"
 where
-"update_s2ss_sfile s ss f sf \<equiv>
+"update_s2ss_sfile_del s ss f sf \<equiv>
 if (same_inode_files s f = {f})
 then ss
 else ss \<union> {S_file (cf2sfiles s f - {sf}) (O_file f \<in> Tainted s)}"
 definition del_s2ss_file:: "t_state \<Rightarrow> t_static_state \<Rightarrow> t_file \<Rightarrow> t_sfile \<Rightarrow> t_static_state"
 where
 "del_s2ss_file s ss f sf =
 (if (\<exists> f' \<in> same_inode_files s f. f' \<noteq> f \<and> cf2sfile s f' = Some sf)
 then ss
 else if (\<exists> f'. is_file s f' \<and> f' \<notin> same_inode_files s f \<and> co2sobj s (O_file f') = co2sobj s (O_file f))
-then update_s2ss_sfile s ss f sf
+then update_s2ss_sfile_del s ss f sf
-else update_s2ss_sfile s (ss - {S_file (cf2sfiles s f) (O_file f \<in> Tainted s)}) f sf)"
+else update_s2ss_sfile_del s (ss - {S_file (cf2sfiles s f) (O_file f \<in> Tainted s)}) f sf)"
 lemma alive_co2sobj_closefd1:
 "\<lbrakk>alive s obj; valid (CloseFd p fd # s); co2sobj s obj = Some sobj;
 file_of_proc_fd s p fd = Some f; \<not> (f \<in> files_hung_by_del s \<and> proc_fd_of_file s f = {(p, fd)})\<rbrakk>
 \<Longrightarrow> alive (CloseFd p fd # s) obj"
 apply (frule_tac obj = obj in alive_co2sobj_closefd3, simp+)
 apply (frule_tac obj = obj in co2sobj_closefd, simp)
 apply (auto simp add:co2sobj.simps tainted_eq_Tainted split:t_object.splits if_splits)[1]
 apply (rule impI, tactic {*my_seteq_tac 1*})
-apply (simp add:update_s2ss_obj_def update_s2ss_sfile_def)
+apply (simp add:update_s2ss_obj_def update_s2ss_sfile_del_def)
 apply (rule conjI| rule impI|erule exE|erule conjE)+
 apply (erule_tac obj = obj in co2sobj_some_caseD)
 apply (case_tac "pa = p", simp add:co2sobj.simps tainted_eq_Tainted)
 apply (rule disjI2, rule_tac x = obj in exI)
 apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps)
 apply (rule notI, simp add:co2sobj_closefd, erule_tac x = obj in allE, simp add:is_dir_simps)
 apply (rule disjI2, rule disjI2, rule conjI, rule_tac x = obj in exI)
 apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps)
 apply (rule notI, simp add:co2sobj_closefd, erule_tac x = obj in allE, simp)
-apply (simp add:update_s2ss_sfile_def update_s2ss_obj_def split:if_splits)
+apply (simp add:update_s2ss_sfile_del_def update_s2ss_obj_def split:if_splits)
 apply (erule disjE, rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps tainted_eq_Tainted)
 apply (erule exE, erule conjE)
 apply (case_tac "obj = O_proc p")
 apply (rule_tac x = obj' in exI)
 apply (frule co2sobj_sproc_imp, erule exE, simp add:co2sobj_closefd)
 apply (rule_tac x = obj in exI, simp add:co2sobj_closefd is_dir_simps)
 apply (rule_tac x = obj in exI, simp add:co2sobj_closefd)
 apply (rule impI, rule conjI, rule impI)
 apply (tactic {*my_seteq_tac 1*})
-apply (simp add:update_s2ss_obj_def update_s2ss_sfile_def)
+apply (simp add:update_s2ss_obj_def update_s2ss_sfile_del_def)
 apply (rule conjI| rule impI|erule exE|erule conjE)+
 apply (erule_tac obj = obj in co2sobj_some_caseD)
 apply (case_tac "pa = p", simp add:co2sobj.simps tainted_eq_Tainted)
 apply (rule disjI2, rule_tac x = obj in exI)
 apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps)
 apply (frule_tac obj = obj in co2sobj_closefd, simp)
 apply (auto simp add:alive_simps co2sobj.simps tainted_eq_Tainted split:t_object.splits if_splits)[1]
 apply (rule impI)
 apply (tactic {*my_seteq_tac 1*})
-apply (simp add:update_s2ss_obj_def update_s2ss_sfile_def)
+apply (simp add:update_s2ss_obj_def update_s2ss_sfile_del_def)
 apply (rule conjI| rule impI|erule exE|erule conjE)+
 apply (erule_tac obj = obj in co2sobj_some_caseD)
 apply (case_tac "pa = p", simp add:co2sobj.simps tainted_eq_Tainted)
 apply (rule disjI2, rule_tac x = obj in exI)
 apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps)
 apply (rule notI, simp add:co2sobj.simps split:option.splits)+
 apply (rule disjI2, rule conjI, rule disjI2, rule conjI, rule_tac x = obj in exI)
 apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps)
 apply (rule notI, simp add:co2sobj.simps split:option.splits)+
-apply (simp add:update_s2ss_sfile_def update_s2ss_obj_def split:if_splits)
+apply (simp add:update_s2ss_sfile_del_def update_s2ss_obj_def split:if_splits)
 apply (erule conjE, erule disjE)
 apply (rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps tainted_eq_Tainted)
 apply (erule exE, erule conjE)
 apply (case_tac "obj = O_file a", simp add:co2sobj.simps tainted_eq_Tainted)
 apply (case_tac "obj = O_proc p")
 | _       \<Rightarrow> {})
 else s2ss s)"
 apply (frule vd_cons, frule vt_grant_os, clarsimp split:if_splits)
 apply (frule is_file_has_sfile', simp, erule exE, simp)
 apply (rule conjI, rule impI)
-apply (simp add:update_s2ss_sfile_def del_s2ss_file_def)
+apply (simp add:update_s2ss_sfile_del_def del_s2ss_file_def)
 apply (rule impI|erule conjE|erule exE|rule conjI|erule bexE)+ defer
 apply (rule impI|erule conjE|erule exE|rule conjI|erule bexE)+
 apply (simp add:s2ss_def)
 apply (tactic {*my_seteq_tac 1*})
 apply (tactic {*my_setiff_tac 1*})
 apply (case_tac "obj = O_dir f", simp add:is_dir_in_current)
 apply (rule_tac x = obj in exI, simp add:co2sobj_mkdir alive_mkdir)
 done
-definition update_s2ss_sfile_link:: "t_state \<Rightarrow> t_static_state \<Rightarrow> t_file \<Rightarrow> t_sfile \<Rightarrow> t_static_state"
+definition update_s2ss_sfile:: "t_state \<Rightarrow> t_static_state \<Rightarrow> t_file \<Rightarrow> t_sfile \<Rightarrow> t_static_state"
 where
-"update_s2ss_sfile_link s ss f sf \<equiv>
+"update_s2ss_sfile s ss f sf \<equiv>
 if (\<exists> f'. is_file s f' \<and> f' \<notin> same_inode_files s f \<and> co2sobj s (O_file f') = co2sobj s (O_file f))
 then ss \<union> {S_file (cf2sfiles s f \<union> {sf}) (O_file f \<in> Tainted s)}
 else ss - {S_file (cf2sfiles s f) (O_file f \<in> Tainted s)}
 \<union> {S_file (cf2sfiles s f \<union> {sf}) (O_file f \<in> Tainted s)}"
 lemma s2ss_linkhard: "valid (LinkHard p f f' # s) \<Longrightarrow> s2ss (LinkHard p f f' # s) = (
 case (cf2sfile (LinkHard p f f' # s) f') of
-Some sf \<Rightarrow> update_s2ss_sfile_link s (s2ss s) f sf
+Some sf \<Rightarrow> update_s2ss_sfile s (s2ss s) f sf
 | _       \<Rightarrow> {})"
 apply (frule vt_grant_os, frule vd_cons, clarsimp)
 apply (split option.splits)
 apply (rule conjI, rule impI, drule current_file_has_sfile', simp, simp add:current_files_simps)
 apply (rule allI, rule impI)
-apply (simp add:update_s2ss_sfile_link_def)
+apply (simp add:update_s2ss_sfile_def)
 apply (rule conjI, rule impI, erule exE, erule conjE, erule conjE)
 apply (simp add:s2ss_def)
 apply (tactic {*my_seteq_tac 1*})
 apply (case_tac "obj = O_file f'")
 apply (rule disjI1, simp add:co2sobj.simps cf2sfiles_linkhard tainted_eq_Tainted
 apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard alive_linkhard)
 apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard alive_linkhard)
 apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard alive_linkhard)
 done
+lemma has_same_inode_prop3:
+"is_file s f \<Longrightarrow> has_same_inode s f f"
+by (auto simp:is_file_def has_same_inode_def split:option.splits)
+definition update_s2ss_sfile_tainted:: "t_state \<Rightarrow> t_static_state \<Rightarrow> t_file \<Rightarrow> bool \<Rightarrow> t_static_state"
+where
+"update_s2ss_sfile_tainted s ss f tag \<equiv>
+if (\<exists> f'. is_file s f' \<and> f' \<notin> same_inode_files s f \<and>
+co2sobj s (O_file f') = Some (S_file (cf2sfiles s f) False))
+then ss \<union> {S_file (cf2sfiles s f) True}
+else ss - {S_file (cf2sfiles s f) False}
+\<union> {S_file (cf2sfiles s f) True}"
+lemma s2ss_truncate: "valid (Truncate p f len # s) \<Longrightarrow> s2ss (Truncate p f len # s) = (
+if (O_file f \<notin> Tainted s \<and> O_proc p \<in> Tainted s \<and> len > 0)
+then update_s2ss_sfile_tainted s (s2ss s) f True
+else s2ss s)"
+apply (frule vt_grant_os, frule vd_cons, simp split:if_splits)
+apply (rule conjI, rule impI, (erule conjE)+)
+apply (simp add:update_s2ss_sfile_tainted_def)
+apply (rule conjI|rule impI|erule exE|erule conjE)+
+apply (simp add:s2ss_def)
+apply (tactic {*my_seteq_tac 1*})
+apply (case_tac "obj = O_file f")
+apply (rule disjI1, simp add:co2sobj.simps tainted_eq_Tainted has_same_inode_prop3 cf2sfiles_other)
+apply (erule_tac obj = obj in co2sobj_some_caseD)
+apply (rule disjI2, simp, rule_tac x = obj in exI, simp add:co2sobj_truncate alive_simps)
+apply (case_tac "fa \<in> same_inode_files s f")
+apply (rule disjI1, simp add:co2sobj.simps tainted_eq_Tainted cf2sfiles_prop cf2sfiles_other)
+apply (simp add:same_inode_files_prop7)
+apply (rule disjI2, simp, rule_tac x = obj in exI)
+apply (simp add:co2sobj_truncate is_file_simps)
+apply (rule disjI2, simp, rule_tac x = obj in exI)
+apply (simp add:co2sobj_truncate)
+apply (rule disjI2, simp, rule_tac x = obj in exI)
+apply (simp add:co2sobj_truncate is_dir_simps)
+apply (rule disjI2, simp, rule_tac x = obj in exI)
+apply (simp add:co2sobj_truncate)
+apply (tactic {*my_setiff_tac 1*})
+apply (rule_tac x = "O_file f" in exI)
+apply (simp add:co2sobj.simps is_file_simps tainted_eq_Tainted cf2sfiles_other has_same_inode_prop3)
+apply (tactic {*my_setiff_tac 1*})
+apply (erule_tac obj = obj in co2sobj_some_caseD)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate)
+apply (case_tac "fa \<in> same_inode_files s f")
+apply (rule_tac x = "O_file f'" in exI)
+apply (auto simp:co2sobj_truncate is_file_simps is_dir_simps split:t_object.splits)[1]
+apply (simp add:co2sobj.simps same_inodes_Tainted tainted_eq_Tainted cf2sfiles_prop)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate is_file_simps)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate is_dir_simps)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate)
+apply (rule conjI|rule impI|erule exE|erule conjE)+
+apply (simp add:s2ss_def)
+apply (tactic {*my_seteq_tac 1*})
+apply (case_tac "obj = O_file f")
+apply (rule disjI1, simp add:co2sobj.simps tainted_eq_Tainted has_same_inode_prop3 cf2sfiles_other)
+apply (erule_tac obj = obj in co2sobj_some_caseD)
+apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI, simp add:co2sobj_truncate alive_simps)
+apply (rule notI, simp add:co2sobj.simps split:option.splits)
+apply (case_tac "fa \<in> same_inode_files s f")
+apply (rule disjI1, simp add:co2sobj.simps tainted_eq_Tainted cf2sfiles_prop cf2sfiles_other)
+apply (simp add:same_inode_files_prop7)
+apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI)
+apply (simp add:co2sobj_truncate is_file_simps)
+apply (rule notI, simp add:co2sobj_truncate is_file_simps)
+apply (erule_tac x = fa in allE)
+apply (simp add:co2sobj.simps)
+apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI)
+apply (simp add:co2sobj_truncate)
+apply (rule notI, simp add:co2sobj.simps split:option.splits)
+apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI)
+apply (simp add:co2sobj_truncate is_dir_simps)
+apply (rule notI, simp add:co2sobj.simps split:option.splits)
+apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI)
+apply (simp add:co2sobj_truncate)
+apply (rule notI, simp add:co2sobj.simps split:option.splits)
+apply (tactic {*my_setiff_tac 1*})
+apply (rule_tac x = "O_file f" in exI)
+apply (simp add:co2sobj.simps is_file_simps tainted_eq_Tainted cf2sfiles_other has_same_inode_prop3)
+apply (tactic {*my_setiff_tac 1*})
+apply (erule_tac obj = obj in co2sobj_some_caseD)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate)
+apply (case_tac "fa \<in> same_inode_files s f")
+apply (simp add:co2sobj.simps same_inodes_Tainted tainted_eq_Tainted cf2sfiles_prop)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate is_file_simps)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate is_dir_simps)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate)
+apply (rule impI, simp add:s2ss_def)
+apply (tactic {*my_seteq_tac 1*})
+apply (rule_tac x = obj in exI)
+apply (simp add:alive_simps co2sobj_truncate)
+apply (simp split:t_object.splits if_splits add:co2sobj.simps tainted_eq_Tainted)
+apply (case_tac "O_proc p \<in> Tainted s", simp add:same_inodes_Tainted)
+apply simp
+apply (tactic {*my_setiff_tac 1*})
+apply (rule_tac x = obj in exI)
+apply (simp add:alive_simps co2sobj_truncate)
+apply (auto split:t_object.splits if_splits simp:co2sobj.simps tainted_eq_Tainted same_inodes_Tainted)
+done
+lemma s2ss_createmsgq: "valid (CreateMsgq p q # s) \<Longrightarrow> s2ss (CreateMsgq p q # s) =
+(case (cq2smsgq (CreateMsgq p q # s) q) of
+Some sq \<Rightarrow> s2ss s \<union> {S_msgq sq}
+| _       \<Rightarrow> {})"
+apply (frule vd_cons, frule vt_grant_os, clarsimp)
+apply (case_tac "cq2smsgq (CreateMsgq p q # s) q")
+apply (drule current_has_smsgq', simp+)
+apply (simp add:s2ss_def)
+apply (tactic {*my_seteq_tac 1*})
+apply (case_tac "obj = O_msgq q")
+apply (rule disjI1, simp add:co2sobj.simps)
+apply (rule disjI2, simp, rule_tac x = obj in exI)
+apply (simp add:co2sobj_createmsgq is_file_simps is_dir_simps split:t_object.splits if_splits)
+apply (simp add:co2sobj.simps)
+apply (simp add:co2sobj.simps)
+apply (tactic {*my_setiff_tac 1*})
+apply (rule_tac x = "O_msgq q" in exI, simp add:co2sobj.simps)
+apply (tactic {*my_setiff_tac 1*})
+apply (case_tac "obj = O_msgq q")
+apply simp
+apply (rule_tac x = obj in exI)
+apply (auto simp add:co2sobj_createmsgq alive_simps split:t_object.splits if_splits)
+done
+lemma s2ss_sendmsg:
+lemma s2ss_recvmsg:
+lemma s2ss_removemsgq:
 lemmas s2ss_simps = s2ss_execve s2ss_clone s2ss_ptrace s2ss_kill s2ss_exit s2ss_open
 s2ss_readfile s2ss_writefile s2ss_closefd s2ss_unlink s2ss_rmdir s2ss_linkhard
-s2ss
+s2ss_truncate s2ss_createmsgq

changeset 53	e3ad1b294fd9
parent 52	ec73b98d4a64
child 54	e934f9a697f5