selinux: comparison no_shm_selinux/Enrich2.thy

equal deleted inserted replaced

-:0a68c605ae79
+:e79e3a8a4ceb
 theory Enrich
 imports Main Flask Static Init_prop Valid_prop Tainted_prop Delete_prop Co2sobj_prop S2ss_prop S2ss_prop2
-Temp Enrich
+Temp Enrich Proc_fd_of_file_prop
 begin
 context tainting_s begin
 lemma get_parentfs_ctxts_prop:
 proof (induct s)
 case Nil
 thus ?case by (auto simp:is_created_proc_def)
 next
 case (Cons e s)
-hence vd_cons: "valid (e # s)" and created_cons: "is_created_proc (e # s) p"
+hence vd_cons': "valid (e # s)" and created_cons: "is_created_proc (e # s) p"
 and all_procs_cons: "p' \<notin> all_procs (e # s)" and vd: "valid s"
 and os: "os_grant s e" and grant: "grant s e"
-by (auto dest:vd_cons vt_grant_os vt_grant)
+by (auto dest:vd_cons' vt_grant_os vt_grant)
 from all_procs_cons have all_procs: "p' \<notin> all_procs s" by (case_tac e, auto)
 from Cons have pre: "is_created_proc s p \<Longrightarrow> valid (enrich_proc s p p') \<and>
 (\<forall>obj. alive s obj \<longrightarrow> alive (enrich_proc s p p') obj) \<and>
 (\<forall>obj. enrich_not_alive s obj \<longrightarrow> enrich_not_alive (enrich_proc s p p') obj) \<and>
 files_hung_by_del (enrich_proc s p p') = files_hung_by_del s \<and>
 using a1
 by (erule_tac valid.intros(2), simp+)
 qed
 qed
 ultimately show ?thesis
-using created_cons vd_cons all_procs_cons
+using created_cons vd_cons' all_procs_cons
 apply (case_tac e)
 apply (auto simp:is_created_proc_simps split:if_splits)
 done
 qed
 moreover have "\<forall>obj. alive (e # s) obj \<longrightarrow> alive (enrich_proc (e # s) p p') obj"
-sorry
+proof clarify
+fix obj
+assume a0: "alive (e # s) obj"
+have a1: "is_created_proc s p \<Longrightarrow> \<forall> obj. alive s obj \<longrightarrow> alive (enrich_proc s p p') obj"
+using pre by auto
+show "alive (enrich_proc (e # s) p p') obj" (*
+proof (cases e)
+case (Execve tp f fds)
+with created_cons a1
+have b1: "\<forall> obj. alive s obj \<longrightarrow> alive (enrich_proc s p p') obj"
+by (auto simp:is_created_proc_simps)
+show ?thesis
+using created_cons all_procs_cons vd_enrich_cons Execve b1 os a0
+apply (simp add:alive_execve split:if_splits)
+apply (frule_tac vd_cons) defer
+apply (frule_tac vd_cons)
+using vd_cons' Execve vd os
+apply (auto simp:is_file_simps is_dir_simps is_created_proc_simps alive.simps
+split:t_object.splits if_splits
+dest:set_mp file_fds_subset_pfds)
+apply (erule_tac x = "O_proc nat" in allE, simp)
+apply (erule_tac x = "O_file list" in allE, simp)
+apply (drule set_mp, simp)
+apply (drule_tac s = s and p = tp in file_fds_subset_pfds)
+apply (erule_tac x = "O_fd tp nat2" in allE, simp)
+apply (auto)[1]
+apply (erule_tac x = "O_fd nat1 nat2" in allE, auto dest:set_mp file_fds_subset_pfds)[1]
+apply (erule_tac x = "O_dir list" in allE, simp)
+sorry
+show ?thesis *) sorry
 moreover have "\<forall>obj. enrich_not_alive (e # s) obj \<longrightarrow> enrich_not_alive (enrich_proc (e # s) p p') obj"
+thm enrich_not_alive.simps
 sorry
 moreover have "files_hung_by_del (enrich_proc (e # s) p p') = files_hung_by_del (e # s)"
+proof-
+have "is_created_proc s p \<Longrightarrow> files_hung_by_del (enrich_proc s p p') = files_hung_by_del s"
+and ffd_remain: "is_created_proc s p \<Longrightarrow>
+\<forall>tp fd f. file_of_proc_fd s tp fd = Some f \<longrightarrow>
+file_of_proc_fd (enrich_proc s p p') tp fd = Some f"
+using pre by auto
+with created_cons all_procs_cons os vd_cons' vd
+show ?thesis
+apply (frule_tac not_all_procs_prop3)
+apply (case_tac e)
+apply (auto simp:files_hung_by_del.simps is_created_proc_simps)
+apply (auto simp:enrich_proc_dup_ffd_eq proc_file_fds_def procfd_of_file_eq_fpfd''
+dest:procfd_of_file_imp_fpfd procfd_of_file_imp_fpfd' procfd_of_file_non_empty
+)
+apply (auto simp:enrich_proc_dup_ffd_eq proc_file_fds_def split:if_splits)[1]
+apply (auto simp:enrich_proc_dup_ffd_eq proc_file_fds_def files_hung_by_del.simps
+split:option.splits)[1]
+apply (auto split:option.splits)[1]
+thm is_created_proc_simps
 sorry
 moreover have "\<forall>tp. tp \<in> current_procs (e # s) \<longrightarrow> cp2sproc (enrich_proc (e # s) p p') tp = cp2sproc (e # s) tp"
 sorry
 moreover have "\<forall>f. f \<in> current_files (e # s) \<longrightarrow> cf2sfile (enrich_proc (e # s) p p') f = cf2sfile (e # s) f"
 sorry
 and a2: "valid (Execve tp f fds # s)" and a3: "is_created_proc (Execve tp f fds # s) p"
 and a4: "p' \<notin> all_procs (Execve tp f fds # s)"
 show "cp2sproc (enrich_proc (Execve tp f fds # s) p p') p' = cp2sproc (Execve tp f fds # s) p"
 proof (cases "tp = p")
 case True
-show ?thesis using True a1 a2 a3 a4
+show ?thesis using True a1 a2 a3 a4 b0
 thm not_all_procs_prop3
+apply (frule_tac not_all_procs_prop2)
+apply (frule not_all_procs_prop3)
 apply (auto simp add:cp2sproc_execve is_created_proc_def split:option.splits dest!:current_has_sec'
-dest:vt_grant_os not_all_procs_prop2 not_all_procs_prop3)
+dest:vt_grant_os)
+apply (auto simp:sectxt_of_obj_simps split:option.splits dest:valid.cases)
 sorry
 next
 case False
 show ?thesis sorry
 have b7: "\<And> tp fd. cp2sproc (enrich_proc (CloseFd tp fd # s) p p') p' = cp2sproc (CloseFd tp fd # s) p"
 sorry
 show ?thesis using vd_enrich_cons
 apply (case_tac e)
 apply (simp_all only:b1 b2 b3 b4 b5 b6 b7)
-using created_cons vd_enrich_cons vd_cons b0
+using created_cons vd_enrich_cons vd_cons' b0
 apply (auto simp:cp2sproc_other is_created_proc_def)
 done
 qed
 moreover have "\<forall> fd. fd \<in> proc_file_fds (e # s) p \<longrightarrow>
 cfd2sfd (enrich_proc (e # s) p p') p' fd = cfd2sfd (e # s) p fd"

changeset 83	e79e3a8a4ceb
parent 82	0a68c605ae79
child 84	cebdef333899