Eric Paris | 339f807 | 2011-12-21 12:46:04 -0500 | [diff] [blame^] | 1 | 2.1.8 2011-12-21 |
| 2 | * add new helper to translate class sets into bitmaps |
| 3 | |
Eric Paris | d65c02f | 2011-12-05 16:20:45 -0500 | [diff] [blame] | 4 | 2.1.7 2011-12-05 |
| 5 | * dis* fixed signed vs unsigned errors |
| 6 | * dismod: fix unused parameter errors |
| 7 | * test: Makefile: include -W and -Werror |
| 8 | * allow ~ in filename transition rules |
| 9 | |
Eric Paris | 14e4b70 | 2011-11-03 15:26:36 -0400 | [diff] [blame] | 10 | 2.1.6 2011-11-03 |
| 11 | * Revert "checkpolicy: Redo filename/filesystem syntax to support filename trans rules" |
| 12 | * drop libsepol dynamic link in checkpolicy |
| 13 | |
Eric Paris | 418dbc7 | 2011-09-16 15:34:36 -0400 | [diff] [blame] | 14 | 2.1.5 2011-09-15 |
| 15 | * Separate tunable from boolean during compile. |
| 16 | |
Eric Paris | 1f8cf40 | 2011-08-26 15:11:58 -0400 | [diff] [blame] | 17 | 2.1.4 2011-08-26 |
| 18 | * checkpolicy: fix spacing in output message |
| 19 | |
Eric Paris | 6b6b475 | 2011-08-17 11:17:28 -0400 | [diff] [blame] | 20 | 2.1.3 2011-08-17 |
| 21 | * add missing ; to attribute_role_def |
| 22 | *Redo filename/filesystem syntax to support filename trans |
| 23 | |
Eric Paris | 78b4b56 | 2011-08-02 14:10:39 -0400 | [diff] [blame] | 24 | 2.1.2 2011-08-02 |
| 25 | * .gitignore changes |
| 26 | * dispol output of role trans |
| 27 | * man page update: build a module with an older policy version |
| 28 | |
Eric Paris | 510003b | 2011-08-01 13:49:21 -0400 | [diff] [blame] | 29 | 2.1.1 2011-08-01 |
| 30 | * Minor updates to filename trans rule output in dis{mod,pol} |
| 31 | |
Steve Lawrence | 44121f6 | 2011-07-26 09:39:09 -0400 | [diff] [blame] | 32 | 2.1.0 2011-07-27 |
| 33 | * Release, minor version bump |
| 34 | |
Steve Lawrence | 5050408 | 2011-07-25 10:12:15 -0400 | [diff] [blame] | 35 | 2.0.27 2011-07-25 |
| 36 | * Add role attribute support by Harry Ciao |
| 37 | |
Steve Lawrence | 0acd0ea | 2011-05-16 09:25:08 -0400 | [diff] [blame] | 38 | 2.0.26 2011-05-16 |
| 39 | * Wrap file names in filename transitions with quotes by Steve Lawrence. |
| 40 | * Allow filesystem names to start with a digit by James Carter. |
| 41 | |
Steve Lawrence | 2ecb2bf | 2011-04-29 15:56:00 -0400 | [diff] [blame] | 42 | 2.0.25 2011-05-02 |
| 43 | * Add support for using the last path compnent in type transitions by Eric |
| 44 | Paris. |
| 45 | * Allow single digit module versions by Daniel Walsh. |
| 46 | * Use better filename identifier for filenames by Daniel Walsh. |
| 47 | * Use #defines for dismod selections by Eric Paris. |
| 48 | |
Steve Lawrence | c7512cf | 2011-04-11 16:10:04 -0400 | [diff] [blame] | 49 | 2.0.24 2011-04-11 |
| 50 | * Add new class field in role_transition by Harry Ciao. |
| 51 | |
Chad Sellers | d17ed0d | 2010-12-16 14:11:57 -0500 | [diff] [blame] | 52 | 2.0.23 2010-12-16 |
| 53 | * Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock |
| 54 | |
Chad Sellers | fe19c7a | 2010-06-14 16:33:29 -0400 | [diff] [blame] | 55 | 2.0.22 2010-06-14 |
| 56 | * Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence |
| 57 | |
Joshua Brindle | 32cf5d5 | 2009-11-27 15:03:02 -0500 | [diff] [blame] | 58 | 2.0.21 2009-11-27 |
| 59 | * Add long options to checkpolicy and checkmodule by Guido |
| 60 | Trentalancia <guido@trentalancia.com> |
| 61 | |
Joshua Brindle | f3c3bbd | 2009-10-14 15:54:16 -0400 | [diff] [blame] | 62 | 2.0.20 2009-10-14 |
| 63 | * Add support for building Xen policies from Paul Nuzzi. |
| 64 | |
Joshua Brindle | 4e23951 | 2009-02-17 12:22:40 -0500 | [diff] [blame] | 65 | 2.0.19 2009-02-18 |
| 66 | * Fix alias field in module format, caused by boundary format change |
| 67 | from Caleb Case. |
| 68 | |
Joshua Brindle | 3d431ae | 2008-10-14 08:12:59 -0400 | [diff] [blame] | 69 | 2.0.18 2008-10-14 |
| 70 | * Properly escape regex symbols in the lexer from Stephen Smalley. |
| 71 | |
Joshua Brindle | b04f2af | 2008-10-09 08:31:43 -0400 | [diff] [blame] | 72 | 2.0.17 2008-10-09 |
| 73 | * Add bounds support from KaiGai Kohei. |
| 74 | |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 75 | 2.0.16 2008-05-27 |
| 76 | * Update checkpolicy for user and role mapping support from Joshua Brindle. |
| 77 | |
| 78 | 2.0.15 2008-05-05 |
| 79 | * Fix for policy module versions that look like IPv4 addresses from Jim Carter. |
| 80 | Resolves bug 444451. |
| 81 | |
| 82 | 2.0.14 2008-03-24 |
| 83 | * Add permissive domain support from Eric Paris. |
| 84 | |
| 85 | 2.0.13 2008-03-05 |
| 86 | * Split out non-grammar parts of policy_parse.yacc into |
| 87 | policy_define.c and policy_define.h from Todd C. Miller. |
| 88 | |
| 89 | 2.0.12 2008-03-04 |
| 90 | * Initialize struct policy_file before using it, from Todd C. Miller. |
| 91 | |
| 92 | 2.0.11 2008-03-03 |
| 93 | * Remove unused define, move variable out of .y file, simplify COND_ERR, from Todd C. Miller. |
| 94 | |
| 95 | 2.0.10 2008-02-28 |
| 96 | * Use yyerror2() where appropriate from Todd C. Miller. |
| 97 | |
| 98 | 2.0.9 2008-02-04 |
| 99 | * Update dispol for libsepol avtab changes from Stephen Smalley. |
| 100 | |
| 101 | 2.0.8 2008-01-24 |
| 102 | * Deprecate role dominance in parser. |
| 103 | |
| 104 | 2.0.7 2008-01-02 |
| 105 | * Added support for policy capabilities from Todd Miller. |
| 106 | |
| 107 | 2.0.6 2007-11-15 |
| 108 | * Initialize the source file name from the command line argument so that checkpolicy/checkmodule report something more useful than "unknown source". |
| 109 | |
| 110 | 2.0.5 2007-11-01 |
| 111 | * Merged remove use of REJECT and trailing context in lex rules; make ipv4 address parsing like ipv6 from James Carter. |
| 112 | |
| 113 | 2.0.4 2007-09-18 |
| 114 | * Merged handle unknown policydb flag support from Eric Paris. |
| 115 | Adds new command line options -U {allow, reject, deny} for selecting |
| 116 | the flag when a base module or kernel policy is built. |
| 117 | |
| 118 | 2.0.3 2007-05-31 |
| 119 | * Merged fix for segfault on duplicate require of sensitivity from Caleb Case. |
| 120 | * Merged fix for dead URLs in checkpolicy man pages from Dan Walsh. |
| 121 | |
| 122 | 2.0.2 2007-04-12 |
| 123 | * Merged checkmodule man page fix from Dan Walsh. |
| 124 | |
| 125 | 2.0.1 2007-02-20 |
| 126 | * Merged patch to allow dots in class identifiers from Caleb Case. |
| 127 | |
| 128 | 2.0.0 2007-02-01 |
| 129 | * Merged patch to use new libsepol error codes by Karl MacMillan. |
| 130 | |
| 131 | 1.34.0 2007-01-18 |
| 132 | * Updated version for stable branch. |
| 133 | |
| 134 | 1.33.1 2006-11-13 |
| 135 | * Collapse user identifiers and identifiers together. |
| 136 | |
| 137 | 1.32 2006-10-17 |
| 138 | * Updated version for release. |
| 139 | |
| 140 | 1.30.12 2006-09-28 |
| 141 | * Merged user and range_transition support for modules from |
| 142 | Darrel Goeddel |
| 143 | |
| 144 | 1.30.11 2006-09-05 |
| 145 | * merged range_transition enhancements and user module format |
| 146 | changes from Darrel Goeddel |
| 147 | |
| 148 | 1.30.10 2006-08-03 |
| 149 | * Merged symtab datum patch from Karl MacMillan. |
| 150 | |
| 151 | 1.30.9 2006-06-29 |
| 152 | * Lindent. |
| 153 | |
| 154 | 1.30.8 2006-06-29 |
| 155 | * Merged patch to remove TE rule conflict checking from the parser |
| 156 | from Joshua Brindle. This can only be done properly by the |
| 157 | expander. |
| 158 | |
| 159 | 1.30.7 2006-06-27 |
| 160 | * Merged patch to make checkpolicy/checkmodule handling of |
| 161 | duplicate/conflicting TE rules the same as the expander |
| 162 | from Joshua Brindle. |
| 163 | |
| 164 | 1.30.6 2006-06-26 |
| 165 | * Merged optionals in base take 2 patch set from Joshua Brindle. |
| 166 | |
| 167 | 1.30.5 2006-05-05 |
| 168 | * Merged compiler cleanup patch from Karl MacMillan. |
| 169 | * Merged fix warnings patch from Karl MacMillan. |
| 170 | |
| 171 | 1.30.4 2006-04-05 |
| 172 | * Changed require_class to reject permissions that have not been |
| 173 | declared if building a base module. |
| 174 | |
| 175 | 1.30.3 2006-03-28 |
| 176 | * Fixed checkmodule to call link_modules prior to expand_module |
| 177 | to handle optionals. |
| 178 | |
| 179 | 1.30.2 2006-03-28 |
| 180 | * Fixed require_class to avoid shadowing permissions already defined |
| 181 | in an inherited common definition. |
| 182 | |
| 183 | 1.30.1 2006-03-22 |
| 184 | * Moved processing of role and user require statements to 2nd pass. |
| 185 | |
| 186 | 1.30 2006-03-14 |
| 187 | * Updated version for release. |
| 188 | |
| 189 | 1.29.5 2006-03-09 |
| 190 | * Fixed bug in role dominance (define_role_dom). |
| 191 | |
| 192 | 1.29.4 2006-02-14 |
| 193 | * Added a check for failure to declare each sensitivity in |
| 194 | a level definition. |
| 195 | |
| 196 | 1.29.3 2006-02-13 |
| 197 | * Changed to clone level data for aliased sensitivities to |
| 198 | avoid double free upon sens_destroy. Bug reported by Kevin |
| 199 | Carr of Tresys Technology. |
| 200 | |
| 201 | 1.29.2 2006-02-13 |
| 202 | * Merged optionals in base patch from Joshua Brindle. |
| 203 | |
| 204 | 1.29.1 2006-02-01 |
| 205 | * Merged sepol_av_to_string patch from Joshua Brindle. |
| 206 | |
| 207 | 1.28 2005-12-07 |
| 208 | * Updated version for release. |
| 209 | |
| 210 | 1.27.20 2005-12-02 |
| 211 | * Merged checkmodule man page from Dan Walsh, and edited it. |
| 212 | |
| 213 | 1.27.19 2005-12-01 |
| 214 | * Added error checking of all ebitmap_set_bit calls for out of |
| 215 | memory conditions. |
| 216 | |
| 217 | 1.27.18 2005-12-01 |
| 218 | * Merged removal of compatibility handling of netlink classes |
| 219 | (requirement that policies with newer versions include the |
| 220 | netlink class definitions, remapping of fine-grained netlink |
| 221 | classes in newer source policies to single netlink class when |
| 222 | generating older policies) from George Coker. |
| 223 | |
| 224 | 1.27.17 2005-10-25 |
| 225 | * Merged dismod fix from Joshua Brindle. |
| 226 | |
| 227 | 1.27.16 2005-10-20 |
| 228 | * Removed obsolete cond_check_type_rules() function and call and |
| 229 | cond_optimize_lists() call from checkpolicy.c; these are handled |
| 230 | during parsing and expansion now. |
| 231 | |
| 232 | 1.27.15 2005-10-19 |
| 233 | * Updated calls to expand_module for interface change. |
| 234 | |
| 235 | 1.27.14 2005-10-19 |
| 236 | * Changed checkmodule to verify that expand_module succeeds |
| 237 | when building base modules. |
| 238 | |
| 239 | 1.27.13 2005-10-19 |
| 240 | * Merged module compiler fixes from Joshua Brindle. |
| 241 | |
| 242 | 1.27.12 2005-10-19 |
| 243 | * Removed direct calls to hierarchy_check_constraints() and |
| 244 | check_assertions() from checkpolicy since they are now called |
| 245 | internally by expand_module(). |
| 246 | |
| 247 | 1.27.11 2005-10-18 |
| 248 | * Updated for changes to sepol policydb_index_others interface. |
| 249 | |
| 250 | 1.27.10 2005-10-17 |
| 251 | * Updated for changes to sepol expand_module and link_modules interfaces. |
| 252 | |
| 253 | 1.27.9 2005-10-13 |
| 254 | * Merged support for require blocks inside conditionals from |
| 255 | Joshua Brindle (Tresys). |
| 256 | |
| 257 | 1.27.8 2005-10-06 |
| 258 | * Updated for changes to libsepol. |
| 259 | |
| 260 | 1.27.7 2005-10-05 |
| 261 | * Merged several bug fixes from Joshua Brindle (Tresys). |
| 262 | |
| 263 | 1.27.6 2005-10-03 |
| 264 | * Merged MLS in modules patch from Joshua Brindle (Tresys). |
| 265 | |
| 266 | 1.27.5 2005-09-28 |
| 267 | * Merged error handling improvement in checkmodule from Karl MacMillan (Tresys). |
| 268 | |
| 269 | 1.27.4 2005-09-26 |
| 270 | * Merged bugfix for dup role transition error messages from |
| 271 | Karl MacMillan (Tresys). |
| 272 | |
| 273 | 1.27.3 2005-09-23 |
| 274 | * Merged policyver/modulever patches from Joshua Brindle (Tresys). |
| 275 | |
| 276 | 1.27.2 2005-09-20 |
| 277 | * Fixed parse_categories handling of undefined category. |
| 278 | |
| 279 | 1.27.1 2005-09-16 |
| 280 | * Merged bug fix for role dominance handling from Darrel Goeddel (TCS). |
| 281 | |
| 282 | 1.26 2005-09-06 |
| 283 | * Updated version for release. |
| 284 | |
| 285 | 1.25.12 2005-08-22 |
| 286 | * Fixed handling of validatetrans constraint expressions. |
| 287 | Bug reported by Dan Walsh for checkpolicy -M. |
| 288 | |
| 289 | 1.25.11 2005-08-18 |
| 290 | * Merged use-after-free fix from Serge Hallyn (IBM). |
| 291 | Bug found by Coverity. |
| 292 | |
| 293 | 1.25.10 2005-08-15 |
| 294 | * Fixed further memory leaks found by valgrind. |
| 295 | |
| 296 | 1.25.9 2005-08-15 |
| 297 | * Changed checkpolicy to destroy the policydbs prior to exit |
| 298 | to allow leak detection. |
| 299 | * Fixed several memory leaks found by valgrind. |
| 300 | |
| 301 | 1.25.8 2005-08-11 |
| 302 | * Updated checkpolicy and dispol for the new avtab format. |
| 303 | Converted users of ebitmaps to new inline operators. |
| 304 | Note: The binary policy format version has been incremented to |
| 305 | version 20 as a result of these changes. To build a policy |
| 306 | for a kernel that does not yet include these changes, use |
| 307 | the -c 19 option to checkpolicy. |
| 308 | |
| 309 | 1.25.7 2005-08-11 |
| 310 | * Merged patch to prohibit use of "self" as a type name from Jason Tang (Tresys). |
| 311 | |
| 312 | 1.25.6 2005-08-10 |
| 313 | * Merged patch to fix dismod compilation from Joshua Brindle (Tresys). |
| 314 | |
| 315 | 1.25.5 2005-08-09 |
| 316 | * Fixed call to hierarchy checking code to pass the right policydb. |
| 317 | |
| 318 | 1.25.4 2005-08-02 |
| 319 | * Merged patch to update dismod for the relocation of the |
| 320 | module read/write code from libsemanage to libsepol, and |
| 321 | to enable build of test subdirectory from Jason Tang (Tresys). |
| 322 | |
| 323 | 1.25.3 2005-07-18 |
| 324 | * Merged hierarchy check fix from Joshua Brindle (Tresys). |
| 325 | |
| 326 | 1.25.2 2005-07-06 |
| 327 | * Merged loadable module support from Tresys Technology. |
| 328 | |
| 329 | 1.25.1 2005-06-24 |
| 330 | * Merged patch to prohibit the use of * and ~ in type sets |
| 331 | (other than in neverallow statements) and in role sets |
| 332 | from Joshua Brindle (Tresys). |
| 333 | |
| 334 | 1.24 2005-06-20 |
| 335 | * Updated version for release. |
| 336 | |
| 337 | 1.23.4 2005-05-19 |
| 338 | * Merged cleanup patch from Dan Walsh. |
| 339 | |
| 340 | 1.23.3 2005-05-13 |
| 341 | * Added sepol_ prefix to Flask types to avoid namespace |
| 342 | collision with libselinux. |
| 343 | |
| 344 | 1.23.2 2005-04-29 |
| 345 | * Merged identifier fix from Joshua Brindle (Tresys). |
| 346 | |
| 347 | 1.23.1 2005-04-13 |
| 348 | * Merged hierarchical type/role patch from Tresys Technology. |
| 349 | * Merged MLS fixes from Darrel Goeddel of TCS. |
| 350 | |
| 351 | 1.22 2005-03-09 |
| 352 | * Updated version for release. |
| 353 | |
| 354 | 1.21.4 2005-02-17 |
| 355 | * Moved genpolusers utility to libsepol. |
| 356 | * Merged range_transition support from Darrel Goeddel (TCS). |
| 357 | |
| 358 | 1.21.3 2005-02-16 |
| 359 | * Merged define_user() cleanup patch from Darrel Goeddel (TCS). |
| 360 | |
| 361 | 1.21.2 2005-02-09 |
| 362 | * Changed relabel Makefile target to use restorecon. |
| 363 | |
| 364 | 1.21.1 2005-01-26 |
| 365 | * Merged enhanced MLS support from Darrel Goeddel (TCS). |
| 366 | |
| 367 | 1.20 2005-01-04 |
| 368 | * Merged typeattribute statement patch from Darrel Goeddel of TCS. |
| 369 | * Changed genpolusers to handle multiple user config files. |
| 370 | * Merged nodecon ordering patch from Chad Hanson of TCS. |
| 371 | |
| 372 | 1.18 2004-10-07 |
| 373 | * MLS build fix. |
| 374 | * Fixed Makefile dependencies (Chris PeBenito). |
| 375 | * Merged fix for role dominance ordering issue from Chad Hanson of TCS. |
| 376 | * Preserve portcon ordering and apply more checking. |
| 377 | |
| 378 | 1.16 2004-08-13 |
| 379 | * Allow empty conditional clauses. |
| 380 | * Moved genpolbools utility to libsepol. |
| 381 | * Updated for libsepol set functions. |
| 382 | * Changed to link with libsepol.a. |
| 383 | * Moved core functionality into libsepol. |
| 384 | * Merged bug fix for conditional self handling from Karl MacMillan, Dave Caplan, and Joshua Brindle of Tresys. |
| 385 | * Added genpolusers program. |
| 386 | * Fixed bug in checkpolicy conditional code. |
| 387 | |
| 388 | 1.14 2004-06-28 |
| 389 | * Merged fix for MLS logic from Daniel Thayer of TCS. |
| 390 | * Require semicolon terminator for typealias statement. |
| 391 | |
| 392 | 1.12 2004-06-16 |
| 393 | * Merged fine-grained netlink class support. |
| 394 | |
| 395 | 1.10 2004-04-07 |
| 396 | * Merged ipv6 support from James Morris of RedHat. |
| 397 | * Fixed compute_av bug discovered by Chad Hanson of TCS. |
| 398 | |
| 399 | 1.8 2004-03-09 |
| 400 | * Merged policydb MLS patch from Chad Hanson of TCS. |
| 401 | * Fixed mmap of policy file. |
| 402 | |
| 403 | 1.6 2004-02-18 |
| 404 | * Merged conditional policy extensions from Tresys Technology. |
| 405 | * Added typealias declaration support per Russell Coker's request. |
| 406 | * Added support for excluding types from type sets based on |
| 407 | a patch by David Caplan, but reimplemented as a change to the |
| 408 | policy grammar. |
| 409 | * Merged patch from Colin Walters to report source file name and line |
| 410 | number for errors when available. |
| 411 | * Un-deprecated role transitions. |
| 412 | |
| 413 | 1.4 2003-12-01 |
| 414 | * Regenerated headers. |
| 415 | * Merged patches from Bastian Blank and Joerg Hoh. |
| 416 | |
| 417 | 1.2 2003-09-30 |
| 418 | * Merged MLS build patch from Karl MacMillan of Tresys. |
| 419 | * Merged checkpolicy man page from Magosanyi Arpad. |
| 420 | |
| 421 | 1.1 2003-08-13 |
| 422 | * Fixed endian bug in policydb_write for behavior value. |
| 423 | * License -> GPL. |
| 424 | * Merged coding style cleanups from James Morris. |
| 425 | |
| 426 | 1.0 2003-07-11 |
| 427 | * Initial public release. |
| 428 | |