# HG changeset patch
# User chunhan
# Date 1367777067 -28800
# Node ID 5a01ee1c9b4de98ec6542c5f437479ad27a5a6f1
# Parent  7d9c0ed02b563285b1d9d4113dc18d13fde9e237
fixed bugs in def of cf2sfile

diff -r 7d9c0ed02b56 -r 5a01ee1c9b4d Current_files_prop.thy
--- a/Current_files_prop.thy	Fri May 03 08:20:21 2013 +0100
+++ b/Current_files_prop.thy	Mon May 06 02:04:27 2013 +0800
@@ -539,9 +539,6 @@
 
 (******************** is_file simpset *********************)
 
-lemma is_file_nil: "is_file [] = is_init_file"
-by (auto simp:is_init_file_def is_file_def init_inum_of_file_props intro!:ext split:option.splits)
-
 lemma is_file_open:
   "valid (Open p f flags fd opt # s) \<Longrightarrow> 
    is_file (Open p f flags fd opt # s) = (if (opt = None) then is_file s else (is_file s) (f:= True))"
@@ -606,9 +603,6 @@
 
 (********* is_dir simpset **********)
 
-lemma is_dir_nil: "is_dir [] = is_init_dir"
-by (auto simp:is_init_dir_def is_dir_def init_inum_of_file_props intro!:ext split:option.splits)
-
 lemma is_dir_mkdir: "valid (Mkdir p f i # s) \<Longrightarrow> is_dir (Mkdir p f i # s) = (is_dir s) (f := True)"
 apply (frule vd_cons, drule vt_grant_os, rule_tac ext)
 apply (auto dest:finum_has_itag iof's_im_in_cim intro!:ext
diff -r 7d9c0ed02b56 -r 5a01ee1c9b4d Flask.thy
--- a/Flask.thy	Fri May 03 08:20:21 2013 +0100
+++ b/Flask.thy	Mon May 06 02:04:27 2013 +0800
@@ -204,6 +204,10 @@
                                       | _                 \<Rightarrow> False)
                          | _      \<Rightarrow> False)"
 
+definition init_same_inode_files :: "t_file \<Rightarrow> t_file set"
+where
+  "init_same_inode_files f \<equiv> {f'. init_inum_of_file f = init_inum_of_file f'}"
+
 fun init_alive :: "t_object \<Rightarrow> bool"
 where
   "init_alive (O_proc p)     = (p \<in> init_procs)"
@@ -475,6 +479,10 @@
 where
   "current_inode_nums \<tau> = current_file_inums \<tau> \<union> current_sock_inums \<tau>"
 
+definition same_inode_files :: "t_state \<Rightarrow> t_file \<Rightarrow> t_file set"
+where
+  "same_inode_files s f \<equiv> {f'. inum_of_file s f = inum_of_file s f'}"
+
 fun flags_of_proc_fd :: "t_state \<Rightarrow> t_process \<Rightarrow> t_fd \<Rightarrow> t_open_flags option"
 where
   "flags_of_proc_fd [] p fd = init_oflags_of_proc_fd p fd" 
diff -r 7d9c0ed02b56 -r 5a01ee1c9b4d Init_prop.thy
--- a/Init_prop.thy	Fri May 03 08:20:21 2013 +0100
+++ b/Init_prop.thy	Mon May 06 02:04:27 2013 +0800
@@ -84,6 +84,12 @@
 
 lemmas is_init_dir_props = is_init_dir_prop1 is_init_dir_prop2
 
+lemma is_file_nil: "is_file [] = is_init_file"
+by (auto simp:is_init_file_def is_file_def init_inum_of_file_props intro!:ext split:option.splits)
+
+lemma is_dir_nil: "is_dir [] = is_init_dir"
+by (auto simp:is_init_dir_def is_dir_def init_inum_of_file_props intro!:ext split:option.splits)
+
 lemma is_init_udp_sock_prop1: "is_init_udp_sock s = (s \<in> init_sockets \<and> is_udp_sock [] s)"
 apply (auto simp add:is_init_udp_sock_def is_udp_sock_def init_inum_of_socket_props 
                 dest:init_socket_has_inode split:option.splits)       
@@ -236,6 +242,16 @@
 apply (erule_tac x = f' in allE, simp)
 by (case_tac f', simp_all add:no_junior_def)
 
+lemma same_inode_nil_prop:
+  "same_inode_files [] f = init_same_inode_files f"
+by (simp add:same_inode_files_def init_same_inode_files_def)
+
+lemma init_same_inode_prop1:
+  "f \<in> init_files \<Longrightarrow> \<forall> f' \<in> init_same_inode_files f. f' \<in> init_files"
+apply (simp add:init_same_inode_files_def)
+apply (drule init_files_prop3)
+apply (auto simp:init_files_prop1)
+done
 
 end
 
@@ -350,8 +366,27 @@
 
 lemmas init_dir_users_props = init_dir_user_prop1 init_dir_user_prop2 init_dir_user_prop3 init_dir_user_prop4 init_dir_user_prop5
 
+lemma init_file_dir_conflict: "\<lbrakk>is_init_file f; is_init_dir f\<rbrakk> \<Longrightarrow> False"
+by (auto simp:is_init_file_def is_init_dir_def split:option.splits t_inode_tag.splits)
+
+lemma init_file_dir_conflict1: "is_init_file f \<Longrightarrow> \<not> is_init_dir f"
+by (auto simp:is_init_file_def is_init_dir_def split:option.splits t_inode_tag.splits)
+
+lemma init_file_dir_conflict2: "is_init_dir f \<Longrightarrow> \<not> is_init_file f"
+by (auto simp:is_init_file_def is_init_dir_def split:option.splits t_inode_tag.splits)
+
 end
 
+context tainting begin
+
+lemma tainted_nil_prop:
+  "(x \<in> tainted []) = (x \<in> seeds)"
+apply (rule iffI)
+apply (erule tainted.cases, simp+)
+apply (erule t_init)
+done
+
+end
 
 context tainting_s begin
 
@@ -592,14 +627,6 @@
             dest:init_file_has_inum inof_has_file_tag)
 done
 
-lemma init_file_dir_conflict: "\<lbrakk>is_init_file f; is_init_dir f\<rbrakk> \<Longrightarrow> False"
-by (auto simp:is_init_file_def is_init_dir_def split:option.splits t_inode_tag.splits)
-
-lemma init_file_dir_conflict1: "is_init_file f \<Longrightarrow> \<not> is_init_dir f"
-by (auto simp:is_init_file_def is_init_dir_def split:option.splits t_inode_tag.splits)
-
-lemma init_file_dir_conflict2: "is_init_dir f \<Longrightarrow> \<not> is_init_file f"
-by (auto simp:is_init_file_def is_init_dir_def split:option.splits t_inode_tag.splits)
 
 lemma init_sec_file_dir:
   "\<lbrakk>init_sectxt_of_obj (O_file f) = Some x; init_sectxt_of_obj (O_dir f) = Some y\<rbrakk> \<Longrightarrow> False"
@@ -634,12 +661,13 @@
 lemma cfs2sfiles_nil_prop:
   "\<forall> f \<in> fs. f \<in> init_files \<Longrightarrow> cfs2sfiles [] fs = init_cfs2sfiles fs"
 apply (simp add:cfs2sfiles_def init_cfs2sfiles_def)
-using cf2sfile_nil_prop apply auto
+apply (rule set_eqI, rule iffI, auto simp:cf2sfile_nil_prop split:if_splits)
+done
 
 lemma cfd2sfd_nil_prop:
   "init_file_of_proc_fd p fd = Some f \<Longrightarrow> cfd2sfd [] p fd = init_cfd2sfd p fd"
 apply (simp add:cfd2sfd_def init_sectxt_prop init_cfd2sfd_def)
-apply (drule init_filefd_prop1, drule cf2sfile_nil_prop)
+apply (frule init_filefd_prop5, drule init_filefd_prop1, drule cf2sfile_nil_prop)
 by (auto split:option.splits)
 
 lemma cpfd2sfds_nil_prop:
@@ -668,13 +696,6 @@
 by (auto simp add:init_cp2sproc_def cp2sproc_def init_sectxt_prop cph2spshs_nil_prop cpfd2sfds_nil_prop
          split:option.splits)
 
-lemma tainted_nil_prop:
-  "(x \<in> tainted []) = (x \<in> seeds)"
-apply (rule iffI)
-apply (erule tainted.cases, simp+)
-apply (erule t_init)
-done
-
 lemma msg_has_sec_imp_init: 
   "init_sectxt_of_obj (O_msg q m) = Some sec \<Longrightarrow> q \<in> init_msgqs \<and> m \<in> set (init_msgs_of_queue q)"
 apply (simp add:init_sectxt_of_obj_def split:option.splits)
@@ -701,27 +722,19 @@
 by (auto simp add:cq2smsgq_def init_cq2smsgq_def init_sectxt_prop cqm2sms_nil_prop
             intro:msgq_has_sec_imp_init split:option.splits)
 
-lemma same_inode_nil_prop:
-  "same_inode_files [] f = init_same_inode_files f"
-by (simp add:same_inode_files_def init_same_inode_files_def)
-
-lemma init_same_inode_prop1:
-  "f \<in> init_files \<Longrightarrow> \<forall> f' \<in> init_same_inode_files f. f' \<in> init_files"
-apply (simp add:init_same_inode_files_def)
-apply (drule init_files_prop3)
-apply (auto simp:init_files_prop1)
-done
-
 lemma co2sobj_nil_prop:
   "init_alive obj \<Longrightarrow> co2sobj [] obj = init_obj2sobj obj"
 apply (case_tac obj)
 apply (auto simp add:cf2sfile_nil_prop cq2smsga_nil_prop cqm2sms_nil_prop tainted_nil_prop 
                      cp2sproc_nil_prop cfs2sfiles_nil_prop is_init_dir_prop1 is_init_file_prop1
                      is_init_udp_sock_prop1 is_init_tcp_sock_prop1 ch2sshm_nil_prop 
-                     same_inode_nil_prop  cm2smsg_nil_prop dest:init_same_inode_prop1 
+                     same_inode_nil_prop  cm2smsg_nil_prop 
+            dest:init_same_inode_prop1 
                split:option.splits)
 apply (rule_tac x = list in exI, simp add:init_same_inode_files_def)
-by (simp add:init_files_props)
+apply (simp add:init_files_props)
+apply (auto simp:is_dir_nil is_file_nil dest:init_file_dir_conflict)
+done
 
 lemma s2ss_nil_prop:
   "s2ss [] = init_static_state"
diff -r 7d9c0ed02b56 -r 5a01ee1c9b4d Static.thy
--- a/Static.thy	Fri May 03 08:20:21 2013 +0100
+++ b/Static.thy	Mon May 06 02:04:27 2013 +0800
@@ -51,7 +51,7 @@
 
 definition init_cfs2sfiles :: "t_file set \<Rightarrow> t_sfile set"
 where
-  "init_cfs2sfiles fs \<equiv> {sf. \<exists>f \<in> fs. init_cf2sfile f = Some sf}"
+  "init_cfs2sfiles fs \<equiv> {sf. \<exists>f \<in> fs. init_cf2sfile f = Some sf \<and> is_init_file f}"
 
 definition init_cfd2sfd :: "t_process \<Rightarrow> t_fd \<Rightarrow> (security_context_t \<times> t_open_flags \<times> t_sfile) option"
 where
@@ -109,10 +109,6 @@
        (Some sec, Some sms) \<Rightarrow> Some (Init q, sec, sms)
      | _ \<Rightarrow> None)"
 
-definition init_same_inode_files :: "t_file \<Rightarrow> t_file set"
-where
-  "init_same_inode_files f \<equiv> {f'. init_inum_of_file f = init_inum_of_file f'}"
-
 fun init_obj2sobj :: "t_object \<Rightarrow> t_sobject option"
 where
   "init_obj2sobj (O_proc p) = 
@@ -720,10 +716,6 @@
 where
   "cfs2sfiles s fs \<equiv> {sf. \<exists> f \<in> fs. cf2sfile s f True = Some sf}"
 
-definition same_inode_files :: "t_state \<Rightarrow> t_file \<Rightarrow> t_file set"
-where
-  "same_inode_files s f \<equiv> {f'. inum_of_file s f = inum_of_file s f'}"
-
 (* here cf2sfile is passed with True, because, process' fds are only for files not dirs *)
 definition cfd2sfd :: "t_state \<Rightarrow> t_process \<Rightarrow> t_fd \<Rightarrow> t_sfd option" 
 where