diff -r 1ac0c3031ed2 -r 0a68c605ae79 no_shm_selinux/Enrich.thy --- a/no_shm_selinux/Enrich.thy Fri Dec 20 13:48:25 2013 +0800 +++ b/no_shm_selinux/Enrich.thy Mon Dec 23 19:47:17 2013 +0800 @@ -1201,245 +1201,23 @@ apply (erule enrich_proc_dup_ffd, simp+) done -lemma enrich_proc_prop: - "\valid s; is_created_proc s p; p' \ all_procs s\ - \ valid (enrich_proc s p p') \ - (\ obj. alive s obj \ alive (enrich_proc s p p') obj) \ - (\ obj. enrich_not_alive s obj \ enrich_not_alive (enrich_proc s p p') obj) \ - (files_hung_by_del (enrich_proc s p p') = files_hung_by_del s) \ - (\ tp. tp \ current_procs s \ cp2sproc (enrich_proc s p p') tp = cp2sproc s tp) \ - (\ f. f \ current_files s \ cf2sfile (enrich_proc s p p') f = cf2sfile s f) \ - (\ q. q \ current_msgqs s \ cq2smsgq (enrich_proc s p p') q = cq2smsgq s q) \ - (\ tp fd f. file_of_proc_fd s tp fd = Some f \ file_of_proc_fd (enrich_proc s p p') tp fd = Some f) \ - (\ tp fd flags. flags_of_proc_fd s tp fd = Some flags \ - flags_of_proc_fd (enrich_proc s p p') tp fd = Some flags) \ - (\ q. msgs_of_queue (enrich_proc s p p') q = msgs_of_queue s q) \ - (\ tp fd. fd \ proc_file_fds s tp \ cfd2sfd (enrich_proc s p p') tp fd = cfd2sfd s tp fd) \ - (cp2sproc (enrich_proc s p p') p' = cp2sproc s p) \ - (\ fd. fd \ proc_file_fds s p \ cfd2sfd (enrich_proc s p p') p' fd = cfd2sfd s p fd)" -proof (induct s) - case Nil - thus ?case by (auto simp:is_created_proc_def) -next - case (Cons e s) - hence vd_cons: "valid (e # s)" and created_cons: "is_created_proc (e # s) p" - and all_procs_cons: "p' \ all_procs (e # s)" and vd: "valid s" - and os: "os_grant s e" and grant: "grant s e" - by (auto dest:vd_cons vt_grant_os vt_grant) - from all_procs_cons have all_procs: "p' \ all_procs s" by (case_tac e, auto) - from Cons have pre: "is_created_proc s p \ valid (enrich_proc s p p') \ - (\obj. alive s obj \ alive (enrich_proc s p p') obj) \ - (\obj. enrich_not_alive s obj \ enrich_not_alive (enrich_proc s p p') obj) \ - files_hung_by_del (enrich_proc s p p') = files_hung_by_del s \ - (\tp. tp \ current_procs s \ cp2sproc (enrich_proc s p p') tp = cp2sproc s tp) \ - (\f. f \ current_files s \ cf2sfile (enrich_proc s p p') f = cf2sfile s f) \ - (\q. q \ current_msgqs s \ cq2smsgq (enrich_proc s p p') q = cq2smsgq s q) \ - (\tp fd f. file_of_proc_fd s tp fd = Some f \ file_of_proc_fd (enrich_proc s p p') tp fd = Some f) \ - (\tp fd flags. - flags_of_proc_fd s tp fd = Some flags \ flags_of_proc_fd (enrich_proc s p p') tp fd = Some flags) \ - (\q. msgs_of_queue (enrich_proc s p p') q = msgs_of_queue s q) \ - (\tp fd. fd \ proc_file_fds s tp \ cfd2sfd (enrich_proc s p p') tp fd = cfd2sfd s tp fd) \ - (cp2sproc (enrich_proc s p p') p' = cp2sproc s p) \ - (\ fd. fd \ proc_file_fds s p \ cfd2sfd (enrich_proc s p p') p' fd = cfd2sfd s p fd)" - using vd all_procs by auto - have alive_pre: "is_created_proc s p \ (\obj. alive s obj \ alive (enrich_proc s p p') obj)" - using pre by simp - hence curf_pre: "is_created_proc s p \ (\f. f \ current_files s \ f \ current_files (enrich_proc s p p'))" - using vd apply auto - apply (drule is_file_or_dir, simp) - apply (erule disjE) - apply (erule_tac x = "O_file f" in allE, simp add:is_file_in_current) - apply (erule_tac x = "O_dir f" in allE, simp add:is_dir_in_current) - done - have "valid (enrich_proc (e # s) p p')" - proof- - from pre have pre': "is_created_proc s p \ valid (enrich_proc s p p')" by simp - have "is_created_proc s p \ valid (e # enrich_proc s p p')" - apply (frule pre') - apply (erule_tac s = s in enrich_valid_intro_cons) - apply (simp_all add:os grant vd pre) - done - moreover have "\f fds. \valid (Execve p f fds # enrich_proc s p p'); is_created_proc s p; - valid (Execve p f fds # s); p' \ all_procs s\ - \ valid (Execve p' f (fds \ proc_file_fds s p) # Execve p f fds # enrich_proc s p p')" - proof- - fix f fds - assume a1: "valid (Execve p f fds # enrich_proc s p p')" and a2: "is_created_proc s p" - and a3: "valid (Execve p f fds # s)" and a0: "p' \ all_procs s" - have cp2sp: "\ tp. tp \ current_procs s \ cp2sproc (enrich_proc s p p') tp = cp2sproc s tp" - and cf2sf: "\ tf. tf \ current_files s \ cf2sfile (enrich_proc s p p') tf = cf2sfile s tf" - and cfd2sfd: "\ tp tfd. tfd \ proc_file_fds s tp \ cfd2sfd (enrich_proc s p p') tp tfd = cfd2sfd s tp tfd" - and ffd_remain: "\tp fd f. file_of_proc_fd s tp fd = Some f \ - file_of_proc_fd (enrich_proc s p p') tp fd = Some f" - and dup_sp: "cp2sproc (enrich_proc s p p') p' = cp2sproc s p" - and dup_sfd: "\ fd. fd \ proc_file_fds s p \ cfd2sfd (enrich_proc s p p') p' fd = cfd2sfd s p fd" - using pre a2 by auto - show "valid (Execve p' f (fds \ proc_file_fds s p) # Execve p f fds # enrich_proc s p p')" - proof- - from a0 a3 have a0': "p' \ p" by (auto dest!:vt_grant_os not_all_procs_prop3) - from a3 have grant: "grant s (Execve p f fds)" and os: "os_grant s (Execve p f fds)" - by (auto dest:vt_grant_os vt_grant simp del:os_grant.simps) - have f_in: "is_file (enrich_proc s p p') f" - proof- - from pre a2 - have a4: "\ obj. alive s obj \ alive (enrich_proc s p p') obj" - by (auto) - show ?thesis using a3 a4 - apply (erule_tac x = "O_file f" in allE) - by (auto dest:vt_grant_os) - qed - moreover have a5: "proc_file_fds s p \ proc_file_fds (Execve p f fds # enrich_proc s p p') p'" - using a3 a0' - apply (frule_tac vt_grant_os) - apply (auto simp:proc_file_fds_def) - apply (rule_tac x = fa in exI) - apply (erule enrich_proc_dup_ffd) - apply (simp_all add:vd all_procs a2) - done - ultimately have "os_grant (Execve p f fds # enrich_proc s p p') (Execve p' f (fds \ proc_file_fds s p))" - apply (auto simp:is_file_simps enrich_proc_dup_in a2 vd all_procs a1 enrich_proc_dup_ffds) - done - moreover have "grant (Execve p f fds # enrich_proc s p p') (Execve p' f (fds \ proc_file_fds s p))" - proof- - from grant obtain up rp tp uf rf tf - where p1: "sectxt_of_obj s (O_proc p) = Some (up, rp, tp)" - and p2: "sectxt_of_obj s (O_file f) = Some (uf, rf, tf)" - by (simp split:option.splits, blast) - with grant obtain pu nr nt where p3: "npctxt_execve (up, rp, tp) (uf, rf, tf) = Some (pu, nr, nt)" - by (simp split:option.splits del:npctxt_execve.simps, blast) - have p1': "sectxt_of_obj (Execve p f fds # enrich_proc s p p') (O_proc p') = Some (up, rp, tp)" - using p1 dup_sp a1 a0' - apply (simp add:sectxt_of_obj_simps) - by (simp add:cp2sproc_def split:option.splits) - from os have f_in': "is_file s f" by simp - from vd os have "\ sf. cf2sfile s f = Some sf" - by (auto dest!:is_file_in_current current_file_has_sfile) - hence p2': "sectxt_of_obj (Execve p f fds # enrich_proc s p p') (O_file f) = Some (uf, rf, tf)" - using f_in p2 cf2sf os a1 - apply (erule_tac x = f in allE) - apply (auto dest:is_file_in_current simp:cf2sfile_def sectxt_of_obj_simps split:option.splits) - apply (case_tac f, simp) - apply (drule_tac s = s in root_is_dir', simp add:vd, simp+) - done - from dup_sfd a5 have "\fd. fd \ proc_file_fds s p \ - cfd2sfd (Execve p f fds # enrich_proc s p p') p' fd = cfd2sfd s p fd" - apply (rule_tac allI) - apply (erule_tac x = fd in allE, clarsimp) - apply (drule set_mp, simp) - apply (auto simp:cfd2sfd_execve proc_file_fds_def a1) - done - hence "inherit_fds_check (Execve p f fds # enrich_proc s p p') (up, nr, nt) p' (fds \ proc_file_fds s p)" - using grant os p1 p2 p3 vd - apply (clarsimp) - apply (rule_tac s = s and p = p and fds = fds in enrich_inherit_fds_check_dup) - apply simp_all - done - moreover have "search_check (Execve p f fds # enrich_proc s p p') (up, rp, tp) f" - using p1 p2 p2' vd cf2sf f_in f_in' grant p3 f_in a1 - apply (rule_tac s = s in enrich_search_check) - apply (simp_all add:is_file_simps) - apply (rule allI, rule impI, erule_tac x = fa in allE, simp) - apply (drule_tac ff = fa in cf2sfile_other') - by (auto simp:a2 curf_pre) - ultimately show ?thesis - using p1' p2' p3 - apply (simp split:option.splits) - using grant p1 p2 - apply simp - done - qed - ultimately show ?thesis using a1 - by (erule_tac valid.intros(2), auto) - qed - qed - moreover have "\tp fds. \valid (Clone tp p fds # s); p' \ p; p' \ all_procs s\ \ - valid (Clone tp p' (fds \ proc_file_fds s tp) # Clone tp p fds # s)" - apply (frule vt_grant_os, frule vt_grant, drule not_all_procs_prop3) - apply (rule valid.intros(2)) - apply (simp_all split:option.splits add:sectxt_of_obj_simps) - apply (auto simp add:proc_file_fds_def)[1] - apply (auto simp:inherit_fds_check_def sectxt_of_obj_simps sectxts_of_fds_def inherit_fds_check_ctxt_def) - done - moreover have "\f flags fd opt. \valid (Open p f flags fd opt # enrich_proc s p p'); - is_created_proc s p; valid (Open p f flags fd opt # s); p' \ all_procs s\ - \ valid (Open p' f (remove_create_flag flags) fd None # Open p f flags fd opt # enrich_proc s p p')" - proof- - fix f flags fd inum - assume a1: "valid (Open p f flags fd inum # enrich_proc s p p')" and a2: "is_created_proc s p" - and a3: "valid (Open p f flags fd inum # s)" and a4: "p' \ all_procs s" - show "valid (Open p' f (remove_create_flag flags) fd inum # Open p f flags fd inum # enrich_proc s p p')" - proof (cases " - apply (rule_tac valid.intros(2)) - apply (simp_all add:a1) +lemma enrich_proc_dup_ffds_eq_fds: + "\is_created_proc s p; p' \ all_procs s; valid s\ + \ current_proc_fds (enrich_proc s p p') p' = proc_file_fds s p" +apply (induct s arbitrary:p) +apply (simp add: is_created_proc_def) +apply (frule not_all_procs_prop3) +apply (frule vd_cons, frule vt_grant_os, case_tac a) +apply (auto split:if_splits option.splits dest:proc_fd_in_fds set_mp not_all_procs_prop3 + simp:proc_file_fds_def is_created_proc_def) +done - - - +lemma oflags_check_remove_create: + "oflags_check flags sp sf \ oflags_check (remove_create_flag flags) sp sf" +apply (case_tac flags) +apply (auto simp:oflags_check_def perms_of_flags_def perm_of_oflag_def split:bool.splits) +done - sorry - moreover have "\fd. \valid (CloseFd p fd # enrich_proc s p p'); is_created_proc s p; - valid (CloseFd p fd # s); p' \ all_procs s; fd \ proc_file_fds s p\ - \ valid (CloseFd p' fd # CloseFd p fd # enrich_proc s p p')" - proof- - fix fd - assume a1: "valid (CloseFd p fd # enrich_proc s p p')" and a2: "is_created_proc s p" - and a3: "p' \ all_procs s" and a4: "valid (CloseFd p fd # s)" - and a5: "fd \ proc_file_fds s p" - from a4 a3 have a0: "p' \ p" by (auto dest!:vt_grant_os not_all_procs_prop3) - have "p' \ current_procs (enrich_proc s p p')" - using a2 a3 vd - by (auto intro:enrich_proc_dup_in) - moreover have "fd \ current_proc_fds (enrich_proc s p p') p'" - using a5 a2 a3 vd pre' - apply (simp) - apply (drule_tac s = "enrich_proc s p p'" and p = p' in file_fds_subset_pfds) - apply (erule set_mp) - apply (simp add:enrich_proc_dup_ffds) - done - ultimately show "valid (CloseFd p' fd # CloseFd p fd # enrich_proc s p p')" - apply (rule_tac valid.intros(2)) - apply (simp_all add:a1 a0 a2 pre') - done - qed - ultimately show ?thesis using created_cons vd_cons all_procs_cons - apply (case_tac e) - apply (auto simp:is_created_proc_simps split:if_splits) - done - qed - moreover have "\obj. alive (e # s) obj \ alive (enrich_proc (e # s) p p') obj" - sorry - moreover have "\obj. enrich_not_alive (e # s) obj \ enrich_not_alive (enrich_proc (e # s) p p') obj" - sorry - moreover have "files_hung_by_del (enrich_proc (e # s) p p') = files_hung_by_del (e # s)" - sorry - moreover have "\p. p \ current_procs (e # s) \ cp2sproc (enrich_proc (e # s) p p') p = cp2sproc (e # s) p" - sorry - moreover have "\f. f \ current_files (e # s) \ cf2sfile (enrich_proc (e # s) p p') f = cf2sfile (e # s) f" - sorry - moreover have "\q. q \ current_msgqs (e # s) \ cq2smsgq (enrich_proc (e # s) p p') q = cq2smsgq (e # s) q" - sorry - moreover have "\p fd f. file_of_proc_fd (e # s) p fd = Some f \ - file_of_proc_fd (enrich_proc (e # s) p p') p fd = Some f" - sorry - moreover have "\p fd flags. flags_of_proc_fd (e # s) p fd = Some flags \ - flags_of_proc_fd (enrich_proc (e # s) p p') p fd = Some flags" - sorry - moreover have "\q. msgs_of_queue (enrich_proc (e # s) p p') q = msgs_of_queue (e # s) q" - sorry - moreover have "\p fd. fd \ proc_file_fds (e # s) p \ - cfd2sfd (enrich_proc (e # s) p p') p fd = cfd2sfd (e # s) p fd" - sorry - ultimately show ?case - by auto -qed - +end -lemma enrich_proc_valid: - "\valid s; is_created_proc s p; p' \ all_procs s\ \ valid (enrich_proc s p p')" -by (auto dest:enrich_proc_prop) - -lemma enrich_proc_valid: - "\valid s; is_created_proc s p; p' \ all_procs s\ \ " - - - \ No newline at end of file +end \ No newline at end of file