# HG changeset patch # User chunhan # Date 1381901911 -28800 # Node ID 89770d3c8a9b9cadcc4a32240d329d855388bd82 # Parent 20207806603e417462b999f6c4b2f7a9e5b8a8cd s2ss_attach diff -r 20207806603e -r 89770d3c8a9b S2ss_prop2.thy --- a/S2ss_prop2.thy Tue Oct 15 14:11:53 2013 +0800 +++ b/S2ss_prop2.thy Wed Oct 16 13:38:31 2013 +0800 @@ -228,29 +228,115 @@ apply (auto simp add:co2sobj.simps tainted_eq_Tainted is_file_simps is_dir_simps split:t_object.splits)[1] done +definition attach_Tainted_procs :: "t_state \ t_process \ t_shm \ t_shm_attach_flag \ t_process set" +where + "attach_Tainted_procs s p h flag \ + (if (O_proc p \ Tainted s \ flag = SHM_RDWR) + then {p''. \ p' flag'. (p', flag') \ procs_of_shm s h \ info_flow_shm s p' p'' \ + O_proc p'' \ Tainted s} + else if (\ p'. O_proc p' \ Tainted s \ (p', SHM_RDWR) \ procs_of_shm s h) + then {p'. info_flow_shm s p p' \ O_proc p' \ Tainted s} + else {})" +lemma attach_Tainted_procs_prop1: + "valid s \ Tainted (Attach p h flag # s) = Tainted s \ {O_proc p' | p'. p' \ attach_Tainted_procs s p h flag}" +apply (auto simp:attach_Tainted_procs_def intro:info_flow_shm_Tainted) +done + +lemma attach_Tainted_procs_prop2: + "valid (Attach p h flag # s) \ {O_proc p'| p'. p' \ attach_Tainted_procs s p h flag} \ Tainted s = {}" +by (auto simp:attach_Tainted_procs_def) + +lemma attach_Tainted_procs_prop3: + "\p' \ attach_Tainted_procs s p h flag; valid s\ \ p' \ current_procs s" +by (auto simp:attach_Tainted_procs_def info_shm_flow_in_procs split:if_splits) -lemma s2ss_attach1: - "\valid (Attach p h SHM_RDWR # s); O_proc p \ Tainted s\\ s2ss (Attach p h SHM_RDWR # s) = ( +lemma co2sobj_attach': + "\valid (Attach p h flag # s); alive s obj\ \ co2sobj (Attach p h flag # s) obj = + (case obj of + O_proc p' \ if (p' = p) + then (case cp2sproc (Attach p h flag # s) p of + Some sp \ Some (S_proc sp (O_proc p \ Tainted s \ p \ attach_Tainted_procs s p h flag)) + | _ \ None) + else if (p' \ attach_Tainted_procs s p h flag) + then case cp2sproc s p' of + None \ None + | Some sp \ Some (S_proc sp True) + else co2sobj s obj + | _ \ co2sobj s obj)" +apply (frule vt_grant_os, frule vd_cons, case_tac obj) +apply (simp_all add:current_files_simps is_dir_simps ch2sshm_other cq2smsgq_other tainted_eq_Tainted co2sobj.simps) - " +apply (frule current_proc_has_sp, simp, erule exE, (erule conjE)+) +apply (case_tac "cp2sproc (Attach p h flag # s) nat", drule current_proc_has_sp', simp+) +apply (case_tac "cp2sproc (Attach p h flag # s) p", drule current_proc_has_sp', simp+) +apply (simp add:tainted_eq_Tainted attach_Tainted_procs_prop1 del:Tainted.simps) +apply (simp add:cp2sproc_attach split:if_splits) + +apply (auto split:if_splits option.splits dest!:current_file_has_sfile' + simp:current_files_simps cf2sfiles_simps cf2sfile_simps tainted_eq_Tainted + same_inode_files_prop6 + dest:is_file_in_current is_dir_in_current) +done -lemma s2ss_attach1: - "\valid (Attach p h flag # s); O_proc p \ Tainted s; (p', SHM_RDWR) \ procs_of_shm s; O_proc p' \ Tainted s\ - \ s2ss (Attach p h SHM_RDONLY # s) = " +lemma s2ss_attach: + "valid (Attach p h flag # s) \ s2ss (Attach p h flag # s) = + update_s2ss_procs s (s2ss s) (Attach p h flag) (attach_Tainted_procs s p h flag \ {p})" +apply (frule vt_grant_os, frule vd_cons) +apply (case_tac "cp2sproc s p", drule current_proc_has_sp', simp, simp) +apply (case_tac "ch2sshm s h", drule current_shm_has_sh', simp, simp) +apply (case_tac "cp2sproc (Attach p h flag # s) p", drule current_proc_has_sp', simp, simp) -lemma s2ss_attach1: - "valid (Attach p h flag # s) \ s2ss (Attach p h flag # s) = " +unfolding update_s2ss_procs_def +apply (tactic {*my_seteq_tac 1*}) +apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (case_tac "pa = p") +apply (rule DiffI, rule UnI2, simp, rule_tac x = pa in exI, simp) +apply (rule notI, drule_tac p = pa in unbked_sps_D, simp, simp) +apply (case_tac "pa \ attach_Tainted_procs s p h flag") +apply (rule DiffI, rule UnI2, simp) +apply (rule_tac x = pa in exI, simp) +apply (rule notI, drule_tac p = pa in unbked_sps_D, simp, simp) +apply (rule DiffI, rule UnI1, simp) +apply (rule_tac x = obj in exI, simp add:co2sobj_attach') +apply (rule notI, drule_tac p = pa in unbked_sps_D', simp+) +apply (simp add:co2sobj_attach') +apply (simp add:co2sobj_attach') +apply (rule DiffI, rule UnI1, simp, rule_tac x = obj in exI, simp add:co2sobj_attach' is_file_simps) +apply (erule unbked_sps_I, simp) +apply (rule DiffI,rule UnI1, simp, rule_tac x = obj in exI, simp add:co2sobj_attach') +apply (erule unbked_sps_I, simp) +apply (rule DiffI, rule UnI1, simp, rule_tac x = obj in exI, simp add:co2sobj_attach' is_dir_simps) +apply (erule unbked_sps_I, simp) +apply (rule DiffI, rule UnI1, simp, rule_tac x = obj in exI, simp add:co2sobj_attach') +apply (erule unbked_sps_I, simp) -lemma s2ss_Detach: - "valid (Detach p h # s) \ s2ss (Detach p h # s) = " +apply (erule DiffE, erule UnE) +apply (tactic {*my_setiff_tac 1*}) +apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (case_tac "pa \ attach_Tainted_procs s p h flag \ {p}") +apply (drule_tac p = pa in not_unbked_sps_D, simp, simp) +apply (erule disjE, erule bexE) +apply (rule_tac x = "O_proc p'" in exI, simp) +apply (erule disjE, simp, simp add:attach_Tainted_procs_prop3) +apply (erule bexE, simp, (erule conjE)+) +apply (rule_tac x = "O_proc p'" in exI, simp add:co2sobj_attach') +apply (rule_tac x = "O_proc pa" in exI, simp add:co2sobj_attach') +apply (rule_tac x = obj in exI, simp add:co2sobj_attach' is_file_simps) +apply (rule_tac x = obj in exI, simp add:co2sobj_attach') +apply (rule_tac x = obj in exI, simp add:co2sobj_attach' is_dir_simps) +apply (rule_tac x = obj in exI, simp add:co2sobj_attach') +apply (tactic {*my_setiff_tac 1*}, clarsimp) +apply (rule_tac x = "O_proc pa" in exI, simp) +apply (erule disjE, simp, simp add:attach_Tainted_procs_prop3) +done lemmas s2ss_simps = s2ss_execve s2ss_clone s2ss_ptrace s2ss_kill s2ss_exit s2ss_open s2ss_readfile s2ss_writefile s2ss_closefd s2ss_unlink s2ss_rmdir s2ss_linkhard s2ss_truncate s2ss_createmsgq s2ss_sendmsg s2ss_removemsgq s2ss_recvmsg - s2ss_createshm + s2ss_createshm s2ss_detach s2ss_deleteshm s2ss_attach end