diff -r 1a1df29d3507 -r d9dc04c3ea90 no_shm_selinux/Co2sobj_prop.thy --- a/no_shm_selinux/Co2sobj_prop.thy Wed Jan 08 18:40:38 2014 +0800 +++ b/no_shm_selinux/Co2sobj_prop.thy Thu Jan 09 14:39:00 2014 +0800 @@ -1842,8 +1842,8 @@ (* simpset for co2sobj *) lemma co2sobj_execve: - "\valid (Execve p f fds # s); alive (Execve p f fds # s) obj\ \ co2sobj (Execve p f fds # s) obj = ( - if (obj = O_proc p) + "\valid (Execve p f fds # s); dalive (Execve p f fds # s) obj\ \ co2sobj (Execve p f fds # s) obj = ( + if (obj = D_proc p) then (case (cp2sproc (Execve p f fds # s) p) of Some sp \ Some (S_proc sp (O_proc p \ tainted s \ O_file f \ tainted s)) | _ \ None) @@ -1859,8 +1859,8 @@ done lemma co2sobj_execve': - "\valid (Execve p f fds # s); alive s obj\ \ co2sobj (Execve p f fds # s) obj = ( - if (obj = O_proc p) + "\valid (Execve p f fds # s); dalive s obj\ \ co2sobj (Execve p f fds # s) obj = ( + if (obj = D_proc p) then (case (cp2sproc (Execve p f fds # s) p) of Some sp \ Some (S_proc sp (O_proc p \ tainted s \ O_file f \ tainted s)) | _ \ None) @@ -1876,8 +1876,8 @@ done lemma co2sobj_clone': - "\valid (Clone p p' fds # s); alive s obj\ \ co2sobj (Clone p p' fds # s) obj = ( - if (obj = O_proc p') + "\valid (Clone p p' fds # s); dalive s obj\ \ co2sobj (Clone p p' fds # s) obj = ( + if (obj = D_proc p') then (case (cp2sproc (Clone p p' fds # s) p') of Some sp \ Some (S_proc sp (O_proc p \ tainted s)) | _ \ None) @@ -1895,9 +1895,9 @@ done lemma co2sobj_clone: - "\valid (Clone p p' fds # s); alive (Clone p p' fds # s) obj\ + "\valid (Clone p p' fds # s); dalive (Clone p p' fds # s) obj\ \ co2sobj (Clone p p' fds # s) obj = ( - if (obj = O_proc p') + if (obj = D_proc p') then (case (cp2sproc (Clone p p' fds # s) p') of Some sp \ Some (S_proc sp (O_proc p \ tainted s)) | _ \ None) @@ -1920,7 +1920,7 @@ (* lemma co2sobj_ptrace: - "\valid (Ptrace p p' # s); alive s obj\\ co2sobj (Ptrace p p' # s) obj = ( + "\valid (Ptrace p p' # s); dalive s obj\\ co2sobj (Ptrace p p' # s) obj = ( case obj of O_proc p'' \ if (info_flow_shm s p' p'') then (case (cp2sproc s p'') of @@ -1945,9 +1945,9 @@ *) lemma co2sobj_ptrace: - "\valid (Ptrace p p' # s); alive s obj\\ co2sobj (Ptrace p p' # s) obj = ( + "\valid (Ptrace p p' # s); dalive s obj\\ co2sobj (Ptrace p p' # s) obj = ( case obj of - O_proc p'' \ if (p'' = p') + D_proc p'' \ if (p'' = p') then (case (cp2sproc s p'') of Some sp \ Some (S_proc sp (O_proc p'' \ tainted s \ O_proc p \ tainted s)) | _ \ None) @@ -1955,7 +1955,7 @@ then (case (cp2sproc s p'') of Some sp \ Some (S_proc sp (O_proc p'' \ tainted s \ O_proc p' \ tainted s)) | _ \ None) - else co2sobj s (O_proc p'') + else co2sobj s (D_proc p'') | _ \ co2sobj s obj)" apply (frule vt_grant_os, frule vd_cons, case_tac obj) apply (simp_all add:current_files_simps cq2smsgq_other cf2sfiles_other) @@ -1970,18 +1970,18 @@ lemma co2sobj_open: - "\valid (Open p f flag fd opt # s); alive (Open p f flag fd opt # s) obj\ + "\valid (Open p f flag fd opt # s); dalive (Open p f flag fd opt # s) obj\ \ co2sobj (Open p f flag fd opt # s) obj = (case obj of - O_file f' \ if (f' = f \ opt \ None) + D_file f' \ if (f' = f \ opt \ None) then (case (cf2sfile (Open p f flag fd opt # s) f) of Some sf \ Some (S_file {sf} (O_proc p \ tainted s)) | _ \ None) - else co2sobj s (O_file f') - | O_proc p' \ if (p' = p) + else co2sobj s (D_file f') + | D_proc p' \ if (p' = p) then (case (cp2sproc (Open p f flag fd opt # s) p) of Some sp \ Some (S_proc sp (O_proc p \ tainted s)) | _ \ None) - else co2sobj s (O_proc p') + else co2sobj s (D_proc p') | _ \ co2sobj s obj )" apply (frule vt_grant_os, frule vd_cons, case_tac obj) apply (auto simp:cp2sproc_simps split:option.splits @@ -2015,7 +2015,7 @@ (* lemma co2sobj_readfile: - "\valid (ReadFile p fd # s); alive s obj\ \ co2sobj (ReadFile p fd # s) obj = ( + "\valid (ReadFile p fd # s); dalive s obj\ \ co2sobj (ReadFile p fd # s) obj = ( case obj of O_proc p' \ (case (file_of_proc_fd s p fd) of Some f \ (if (info_flow_shm s p p' \ O_file f \ tainted s) @@ -2036,9 +2036,9 @@ done *) lemma co2sobj_readfile: - "\valid (ReadFile p fd # s); alive s obj\ \ co2sobj (ReadFile p fd # s) obj = ( + "\valid (ReadFile p fd # s); dalive s obj\ \ co2sobj (ReadFile p fd # s) obj = ( case obj of - O_proc p' \ (case (file_of_proc_fd s p fd) of + D_proc p' \ (case (file_of_proc_fd s p fd) of Some f \ (if (p' = p \ O_file f \ tainted s) then (case (cp2sproc s p') of Some sp \ Some (S_proc sp True) @@ -2056,9 +2056,9 @@ done lemma co2sobj_writefile: - "\valid (WriteFile p fd # s); alive s obj\ \ co2sobj (WriteFile p fd # s) obj = ( + "\valid (WriteFile p fd # s); dalive s obj\ \ co2sobj (WriteFile p fd # s) obj = ( case obj of - O_file f' \ (case (file_of_proc_fd s p fd) of + D_file f' \ (case (file_of_proc_fd s p fd) of Some f \ (if (f \ same_inode_files s f') then Some (S_file (cf2sfiles s f') (O_file f' \ tainted s \ O_proc p \ tainted s)) @@ -2077,18 +2077,18 @@ by (auto simp:same_inode_files_def is_file_def has_same_inode_def split:if_splits option.splits) lemma co2sobj_closefd: - "\valid (CloseFd p fd # s); alive (CloseFd p fd # s) obj\ \ co2sobj (CloseFd p fd # s) obj = ( + "\valid (CloseFd p fd # s); dalive (CloseFd p fd # s) obj\ \ co2sobj (CloseFd p fd # s) obj = ( case obj of - O_file f' \ (case (file_of_proc_fd s p fd) of + D_file f' \ (case (file_of_proc_fd s p fd) of Some f \ (if (f' \ same_inode_files s f \ proc_fd_of_file s f = {(p, fd)} \ f \ files_hung_by_del s \ (\ f'' \ same_inode_files s f. f'' \ f \ cf2sfile s f'' \ cf2sfile s f)) - then (case (cf2sfile s f, co2sobj s (O_file f')) of + then (case (cf2sfile s f, co2sobj s (D_file f')) of (Some sf, Some (S_file sfs b)) \ Some (S_file (sfs - {sf}) b) | _ \ None) else co2sobj s obj) | _ \ co2sobj s obj) - | O_proc p' \ (if (p = p') + | D_proc p' \ (if (p = p') then (case (cp2sproc (CloseFd p fd # s) p) of Some sp \ Some (S_proc sp (O_proc p \ tainted s)) | _ \ None) @@ -2115,11 +2115,11 @@ done lemma co2sobj_unlink: - "\valid (UnLink p f # s); alive (UnLink p f # s) obj\ \ co2sobj (UnLink p f # s) obj = ( + "\valid (UnLink p f # s); dalive (UnLink p f # s) obj\ \ co2sobj (UnLink p f # s) obj = ( case obj of - O_file f' \ if (f' \ same_inode_files s f \ proc_fd_of_file s f = {} \ + D_file f' \ if (f' \ same_inode_files s f \ proc_fd_of_file s f = {} \ (\ f'' \ same_inode_files s f. f'' \ f \ cf2sfile s f'' \ cf2sfile s f)) - then (case (cf2sfile s f, co2sobj s (O_file f')) of + then (case (cf2sfile s f, co2sobj s (D_file f')) of (Some sf, Some (S_file sfs b)) \ Some (S_file (sfs - {sf}) b) | _ \ None) else co2sobj s obj @@ -2142,7 +2142,7 @@ done lemma co2sobj_rmdir: - "\valid (Rmdir p f # s); alive (Rmdir p f # s) obj\ \ co2sobj (Rmdir p f # s) obj = co2sobj s obj" + "\valid (Rmdir p f # s); dalive (Rmdir p f # s) obj\ \ co2sobj (Rmdir p f # s) obj = co2sobj s obj" apply (frule vt_grant_os, frule vd_cons, case_tac obj) apply (simp_all add:current_files_simps cq2smsgq_other) (* ch2sshm_other*) apply (auto simp:cp2sproc_simps split:option.splits if_splits @@ -2154,8 +2154,8 @@ done lemma co2sobj_mkdir: - "\valid (Mkdir p f i # s); alive (Mkdir p f i # s) obj\ \ co2sobj (Mkdir p f i # s) obj = ( - if (obj = O_dir f) + "\valid (Mkdir p f i # s); dalive (Mkdir p f i # s) obj\ \ co2sobj (Mkdir p f i # s) obj = ( + if (obj = D_dir f) then (case (cf2sfile (Mkdir p f i # s) f) of Some sf \ Some (S_dir sf) | _ \ None) @@ -2171,10 +2171,10 @@ done lemma co2sobj_linkhard: - "\valid (LinkHard p oldf f # s); alive (LinkHard p oldf f # s) obj\ + "\valid (LinkHard p oldf f # s); dalive (LinkHard p oldf f # s) obj\ \ co2sobj (LinkHard p oldf f # s) obj = ( case obj of - O_file f' \ if (f' = f \ f' \ same_inode_files s oldf) + D_file f' \ if (f' = f \ f' \ same_inode_files s oldf) then (case (cf2sfile (LinkHard p oldf f # s) f) of Some sf \ Some (S_file (cf2sfiles s oldf \ {sf}) (O_file oldf \ tainted s)) | _ \ None) @@ -2197,9 +2197,9 @@ done lemma co2sobj_truncate: - "\valid (Truncate p f len # s); alive s obj\ \ co2sobj (Truncate p f len # s) obj = ( + "\valid (Truncate p f len # s); dalive s obj\ \ co2sobj (Truncate p f len # s) obj = ( case obj of - O_file f' \ if (f' \ same_inode_files s f \ len > 0) + D_file f' \ if (f' \ same_inode_files s f \ len > 0) then Some (S_file (cf2sfiles s f') (O_file f' \ tainted s \ O_proc p \ tainted s)) else co2sobj s obj | _ \ co2sobj s obj)" @@ -2213,7 +2213,7 @@ done lemma co2sobj_kill: - "\valid (Kill p p' # s); alive (Kill p p' # s) obj\ \ co2sobj (Kill p p' # s) obj = co2sobj s obj" + "\valid (Kill p p' # s); dalive (Kill p p' # s) obj\ \ co2sobj (Kill p p' # s) obj = co2sobj s obj" apply (frule vt_grant_os, frule vd_cons, case_tac obj) apply (simp_all add:current_files_simps is_dir_simps cq2smsgq_other) (* ch2sshm_other *) apply (auto split:if_splits option.splits dest!:current_file_has_sfile' current_proc_has_sp' @@ -2223,7 +2223,7 @@ done lemma co2sobj_exit: - "\valid (Exit p # s); alive (Exit p # s) obj\ \ co2sobj (Exit p # s) obj = co2sobj s obj" + "\valid (Exit p # s); dalive (Exit p # s) obj\ \ co2sobj (Exit p # s) obj = co2sobj s obj" apply (frule vt_grant_os, frule vd_cons, case_tac obj) apply (simp_all add:current_files_simps is_dir_simps cq2smsgq_other) apply (auto split:if_splits option.splits dest!:current_file_has_sfile' current_proc_has_sp' @@ -2233,9 +2233,9 @@ done lemma co2sobj_createmsgq: - "\valid (CreateMsgq p q # s); alive (CreateMsgq p q # s) obj\ \ co2sobj (CreateMsgq p q # s) obj = ( + "\valid (CreateMsgq p q # s); dalive (CreateMsgq p q # s) obj\ \ co2sobj (CreateMsgq p q # s) obj = ( case obj of - O_msgq q' \ if (q' = q) then (case (cq2smsgq (CreateMsgq p q # s) q) of + D_msgq q' \ if (q' = q) then (case (cq2smsgq (CreateMsgq p q # s) q) of Some sq \ Some (S_msgq sq) | _ \ None) else co2sobj s obj @@ -2250,9 +2250,9 @@ done lemma co2sobj_sendmsg: - "\valid (SendMsg p q m # s); alive (SendMsg p q m # s) obj\ \ co2sobj (SendMsg p q m # s) obj = ( + "\valid (SendMsg p q m # s); dalive (SendMsg p q m # s) obj\ \ co2sobj (SendMsg p q m # s) obj = ( case obj of - O_msgq q' \ if (q' = q) then (case (cq2smsgq (SendMsg p q m # s) q) of + D_msgq q' \ if (q' = q) then (case (cq2smsgq (SendMsg p q m # s) q) of Some sq \ Some (S_msgq sq) | _ \ None) else co2sobj s obj @@ -2267,13 +2267,13 @@ done lemma co2sobj_recvmsg: - "\valid (RecvMsg p q m # s); alive (RecvMsg p q m # s) obj\ \ co2sobj (RecvMsg p q m # s) obj = ( + "\valid (RecvMsg p q m # s); dalive (RecvMsg p q m # s) obj\ \ co2sobj (RecvMsg p q m # s) obj = ( case obj of - O_msgq q' \ if (q' = q) then (case (cq2smsgq (RecvMsg p q m # s) q) of + D_msgq q' \ if (q' = q) then (case (cq2smsgq (RecvMsg p q m # s) q) of Some sq \ Some (S_msgq sq) | _ \ None) else co2sobj s obj - | O_proc p' \ if (p' = p \ O_msg q m \ tainted s) + | D_proc p' \ if (p' = p \ O_msg q m \ tainted s) then (case (cp2sproc s p') of Some sp \ Some (S_proc sp True) | _ \ None) @@ -2289,7 +2289,7 @@ done (* lemma co2sobj_recvmsg: - "\valid (RecvMsg p q m # s); alive (RecvMsg p q m # s) obj\ \ co2sobj (RecvMsg p q m # s) obj = ( + "\valid (RecvMsg p q m # s); dalive (RecvMsg p q m # s) obj\ \ co2sobj (RecvMsg p q m # s) obj = ( case obj of O_msgq q' \ if (q' = q) then (case (cq2smsgq (RecvMsg p q m # s) q) of Some sq \ Some (S_msgq sq) @@ -2312,7 +2312,7 @@ *) lemma co2sobj_removemsgq: - "\valid (RemoveMsgq p q # s); alive (RemoveMsgq p q # s) obj\ + "\valid (RemoveMsgq p q # s); dalive (RemoveMsgq p q # s) obj\ \ co2sobj (RemoveMsgq p q # s) obj = co2sobj s obj" apply (frule vt_grant_os, frule vd_cons, case_tac obj) apply (simp_all add:current_files_simps is_dir_simps cq2smsgq_other) @@ -2325,7 +2325,7 @@ (* lemma co2sobj_createshm: - "\valid (CreateShM p h # s); alive (CreateShM p h # s) obj\ \ co2sobj (CreateShM p h # s) obj = ( + "\valid (CreateShM p h # s); dalive (CreateShM p h # s) obj\ \ co2sobj (CreateShM p h # s) obj = ( case obj of O_shm h' \ if (h' = h) then (case (ch2sshm (CreateShM p h # s) h) of Some sh \ Some (S_shm sh) @@ -2342,7 +2342,7 @@ done lemma co2sobj_detach: - "\valid (Detach p h # s); alive s obj\ \ co2sobj (Detach p h # s) obj = ( + "\valid (Detach p h # s); dalive s obj\ \ co2sobj (Detach p h # s) obj = ( case obj of O_proc p' \ if (p' = p) then (case (cp2sproc (Detach p h # s) p) of Some sp \ Some (S_proc sp (O_proc p \ tainted s)) @@ -2360,7 +2360,7 @@ done lemma co2sobj_deleteshm: - "\valid (DeleteShM p h # s); alive (DeleteShM p h # s) obj\ \ co2sobj (DeleteShM p h # s) obj = ( + "\valid (DeleteShM p h # s); dalive (DeleteShM p h # s) obj\ \ co2sobj (DeleteShM p h # s) obj = ( case obj of O_proc p' \ (case (cp2sproc (DeleteShM p h # s) p') of Some sp \ Some (S_proc sp (O_proc p' \ tainted s)) @@ -2385,7 +2385,7 @@ by (simp add:info_flow_shm_def) lemma co2sobj_attach: - "\valid (Attach p h flag # s); alive s obj\ \ co2sobj (Attach p h flag # s) obj = ( + "\valid (Attach p h flag # s); dalive s obj\ \ co2sobj (Attach p h flag # s) obj = ( case obj of O_proc p' \ if (info_flow_shm s p p') then (case (cp2sproc (Attach p h flag # s) p') of @@ -2426,8 +2426,45 @@ done *) +lemma co2sobj_bind: + "valid (Bind p fd addr # s) \ co2sobj (Bind p fd addr # s) = co2sobj s" +apply (frule vd_cons, frule vt_grant, rule ext, case_tac x) +by auto + +lemma co2sobj_connect: + "valid (Connect p fd addr # s) \ co2sobj (Connect p fd addr # s) = co2sobj s" +apply (frule vd_cons, frule vt_grant, rule ext, case_tac x) +by auto + +lemma co2sobj_createsock: + "valid (CreateSock p af st fd inum # s) \ co2sobj (CreateSock p af st fd inum # s) = co2sobj s" +apply (frule vd_cons, frule vt_grant, rule ext, case_tac x) +by auto + +lemma co2sobj_accept: + "valid (Accept p fd addr port fd' inum # s) \ co2sobj (Accept p fd addr port fd' inum # s) = co2sobj s" +apply (frule vd_cons, frule vt_grant, rule ext, case_tac x) +by auto + +lemma co2sobj_listen: + "valid (Listen p fd # s) \ co2sobj (Listen p fd # s) = co2sobj s" +apply (frule vd_cons, frule vt_grant, rule ext, case_tac x) +by auto +lemma co2sobj_sendsock: + "valid (SendSock p fd # s) \ co2sobj (SendSock p fd # s) = co2sobj s" +apply (frule vd_cons, frule vt_grant, rule ext, case_tac x) +by auto +lemma co2sobj_recvsock: + "valid (RecvSock p fd # s) \ co2sobj (RecvSock p fd # s) = co2sobj s" +apply (frule vd_cons, frule vt_grant, rule ext, case_tac x) +by auto +lemma co2sobj_shutdown: + "valid (Shutdown p fd addr # s) \ co2sobj (Shutdown p fd addr # s) = co2sobj s" +apply (frule vd_cons, frule vt_grant, rule ext, case_tac x) +by auto + lemma co2sobj_other: - "\valid (e # s); alive (e # s) obj; + "\valid (e # s); dalive (e # s) obj; \ p f fds. e \ Execve p f fds; \ p p' fds. e \ Clone p p' fds; \ p p'. e \ Ptrace p p'; @@ -2456,8 +2493,8 @@ co2sobj_writefile co2sobj_closefd co2sobj_unlink co2sobj_rmdir co2sobj_mkdir co2sobj_linkhard co2sobj_truncate co2sobj_kill co2sobj_exit co2sobj_createmsgq co2sobj_sendmsg co2sobj_recvmsg co2sobj_removemsgq (* co2sobj_attach co2sobj_detach co2sobj_createshm co2sobj_deleteshm *) - - + co2sobj_createsock co2sobj_accept co2sobj_listen co2sobj_sendsock co2sobj_recvsock + co2sobj_shutdown co2sobj_bind co2sobj_connect end