Stephen Smalley | 534f5a7 | 2013-11-06 09:35:58 -0500 | [diff] [blame^] | 1 | * Fix valgrind errors in constraint_expr_eval_reason from Richard Haines. |
| 2 | * Add sepol_validate_transition_reason_buffer function from Richard Haines. |
| 3 | |
Stephen Smalley | 7c4bb77 | 2013-10-30 12:45:19 -0400 | [diff] [blame] | 4 | 2.2 2013-10-30 |
Stephen Smalley | 8e5d465 | 2013-10-30 12:42:05 -0400 | [diff] [blame] | 5 | * Allow constraint denial cause to be determined from Richard Haines. |
| 6 | - Add kernel policy version 29. |
| 7 | - Add modular policy version 17. |
| 8 | - Add sepol_compute_av_reason_buffer(), sepol_string_to_security_class(), sepol_string_to_av_perm(). |
Stephen Smalley | a080100 | 2013-10-25 15:14:23 -0400 | [diff] [blame] | 9 | * Support overriding Makefile RANLIB from Sven Vermeulen. |
| 10 | * Fix man pages from Laurent Bigonville. |
| 11 | |
Eric Paris | e9410c9 | 2013-02-01 16:57:55 -0500 | [diff] [blame] | 12 | 2.1.9 2013-02-01 |
| 13 | * filename_trans: use some better sorting to compare and merge |
| 14 | * coverity fixes |
| 15 | * implement default type policy syntax |
| 16 | * Fix memory leak issues found by Klocwork |
| 17 | |
Stephen Smalley | 0135eaa | 2013-10-31 09:40:00 -0400 | [diff] [blame] | 18 | 2.1.8 2012-09-13 |
Eric Paris | 8638197 | 2012-09-13 10:33:58 -0400 | [diff] [blame] | 19 | * fix neverallow checking on attributes |
| 20 | * Move context_copy() after switch block in ocontext_copy_*(). |
| 21 | * check for missing initial SID labeling statement. |
| 22 | * Add always_check_network policy capability |
| 23 | * role_fix_callback skips out-of-scope roles during expansion. |
| 24 | |
Stephen Smalley | 0135eaa | 2013-10-31 09:40:00 -0400 | [diff] [blame] | 25 | 2.1.7 2012-06-28 |
Eric Paris | f05a71b | 2012-06-28 14:02:29 -0400 | [diff] [blame] | 26 | * reserve policycapability for redhat testing of ptrace child |
| 27 | * cosmetic changes to make the source easier to read |
| 28 | * prepend instead of append to filename_trans list |
| 29 | * Android/MacOS X build support |
| 30 | |
Stephen Smalley | 0135eaa | 2013-10-31 09:40:00 -0400 | [diff] [blame] | 31 | 2.1.6 2012-04-23 |
Eric Paris | f508a29 | 2012-04-23 16:57:23 -0400 | [diff] [blame] | 32 | * allocate enough space to hold filename in trans rules |
| 33 | |
Stephen Smalley | 0135eaa | 2013-10-31 09:40:00 -0400 | [diff] [blame] | 34 | 2.1.5 2012-03-28 |
Eric Paris | 7a86fe1 | 2012-03-28 15:44:05 -0400 | [diff] [blame] | 35 | * checkpolicy: implement new default labeling behaviors |
| 36 | |
Eric Paris | 14e4b70 | 2011-11-03 15:26:36 -0400 | [diff] [blame] | 37 | 2.1.4 2011-10-03 |
| 38 | * regenerate .pc on VERSION change |
| 39 | * Move ebitmap_* functions from mcstrans to libsepol |
| 40 | * expand: do filename_trans type comparison on mapped representation |
| 41 | |
Eric Paris | 418dbc7 | 2011-09-16 15:34:36 -0400 | [diff] [blame] | 42 | 2.1.3 2011-09-15 |
| 43 | * Skip writing role attributes for policy.X and |
| 44 | * Indicate when boolean is indeed a tunable. |
| 45 | * Separate tunable from boolean during compile. |
| 46 | * Write and read TUNABLE flags in related |
| 47 | * Copy and check the cond_bool_datum_t.flags during link. |
| 48 | * Permanently discard disabled branches of tunables in |
| 49 | * Skip tunable identifier and cond_node_t in expansion. |
| 50 | * Create a new preserve_tunables flag |
| 51 | * Preserve tunables when required by semodule program. |
| 52 | * setools expects expand_module_avrules to be an exported |
| 53 | * tree: default make target to all not |
| 54 | |
Eric Paris | 4749940 | 2011-08-03 18:09:02 -0400 | [diff] [blame] | 55 | 2.1.2 2011-08-03 |
| 56 | * Only call role_fix_callback for base.p_roles during expansion. |
| 57 | * use mapped role number instead of module role number |
| 58 | |
Eric Paris | 510003b | 2011-08-01 13:49:21 -0400 | [diff] [blame] | 59 | 2.1.1 2011-08-01 |
| 60 | * Minor fix to reading policy with filename transition rules |
| 61 | |
Steve Lawrence | 44121f6 | 2011-07-26 09:39:09 -0400 | [diff] [blame] | 62 | 2.1.0 2011-07-27 |
| 63 | * Release, minor version bump |
| 64 | |
Steve Lawrence | 5050408 | 2011-07-25 10:12:15 -0400 | [diff] [blame] | 65 | 2.0.46 2011-07-25 |
| 66 | * Add role attribute support by Harry Ciao |
| 67 | |
Steve Lawrence | 2ecb2bf | 2011-04-29 15:56:00 -0400 | [diff] [blame] | 68 | 2.0.45 2011-05-02 |
| 69 | * Warn if filename_trans rules are dropped by Steve Lawrence. |
| 70 | |
Steve Lawrence | 16c6605 | 2011-04-13 15:18:51 -0400 | [diff] [blame] | 71 | 2.0.44 2011-04-13 |
| 72 | * Fixes for new role_transition class field by Eric Paris. |
| 73 | * Add libsepol support for filename_trans rules by Eric Paris. |
| 74 | |
Steve Lawrence | c7512cf | 2011-04-11 16:10:04 -0400 | [diff] [blame] | 75 | 2.0.43 2011-04-11 |
| 76 | * Add new class field in role_transition by Harry Ciao. |
| 77 | |
Chad Sellers | d17ed0d | 2010-12-16 14:11:57 -0500 | [diff] [blame] | 78 | 2.0.42 2010-12-16 |
| 79 | * Fix compliation under GCC 4.6 by Justin Mattock |
| 80 | |
Chad Sellers | 88a57ca | 2009-11-18 16:44:55 -0500 | [diff] [blame] | 81 | 2.0.41 2009-11-18 |
| 82 | * Fixed typo in error message from Manoj Srivastava. |
| 83 | |
Eamon Walsh | 7cdfd6e | 2009-10-29 15:33:37 -0400 | [diff] [blame] | 84 | 2.0.40 2009-10-29 |
| 85 | * Add pkgconfig file from Eamon Walsh. |
| 86 | |
Joshua Brindle | f3c3bbd | 2009-10-14 15:54:16 -0400 | [diff] [blame] | 87 | 2.0.39 2009-10-14 |
| 88 | * Add support for building Xen policies from Paul Nuzzi. |
| 89 | |
Stephen Smalley | acc3a04 | 2009-09-01 10:03:46 -0400 | [diff] [blame] | 90 | 2.0.38 2009-09-01 |
| 91 | * Check last offset in the module package against the file size. |
| 92 | Reported by Manoj Srivastava for bug filed by Max Kellermann. |
| 93 | |
Stephen Smalley | 667edaa | 2009-07-07 14:25:12 -0400 | [diff] [blame] | 94 | 2.0.37 2009-07-07 |
| 95 | * Add method to check disable dontaudit flag from Christopher Pardy. |
| 96 | |
Joshua Brindle | 94dd685 | 2009-03-21 11:13:59 -0400 | [diff] [blame] | 97 | 2.0.36 2009-03-25 |
| 98 | * Fix boolean state smashing from Joshua Brindle. |
| 99 | |
Joshua Brindle | 46d0b2c | 2009-02-17 12:23:41 -0500 | [diff] [blame] | 100 | 2.0.35 2009-02-19 |
| 101 | * Fix alias field in module format, caused by boundary format change |
| 102 | from Caleb Case. |
| 103 | |
Joshua Brindle | b04f2af | 2008-10-09 08:31:43 -0400 | [diff] [blame] | 104 | 2.0.34 2008-10-09 |
| 105 | * Add bounds support from KaiGai Kohei. |
| 106 | * Fix invalid aliases bug from Joshua Brindle. |
| 107 | |
Joshua Brindle | 57671a5 | 2008-09-29 21:11:42 -0400 | [diff] [blame] | 108 | 2.0.33 2008-09-29 |
| 109 | * Revert patch that removed expand_rule. |
| 110 | |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 111 | 2.0.32 2008-07-07 |
| 112 | * Allow require then declare in the source policy from Joshua Brindle. |
| 113 | |
| 114 | 2.0.31 2008-06-13 |
| 115 | * Fix mls_semantic_level_expand() to handle a user require w/o MLS information from Stephen Smalley. |
| 116 | |
| 117 | 2.0.30 2008-06-06 |
| 118 | * Fix endianness bug in the handling of network node addresses from Stephen Smalley. |
| 119 | Only affects big endian platforms. |
| 120 | Bug reported by John Weeks of Sun upon policy mismatch between x86 and sparc. |
| 121 | |
| 122 | 2.0.29 2008-05-27 |
| 123 | * Merge user and role mapping support from Joshua Brindle. |
| 124 | |
| 125 | 2.0.28 2008-05-05 |
| 126 | * Fix mls_level_convert() to gracefully handle an empty user declaration/require from Stephen Smalley. |
| 127 | |
| 128 | 2.0.27 2008-04-18 |
| 129 | * Belatedly merge test for policy downgrade from Todd Miller. |
| 130 | |
| 131 | 2.0.26 2008-03-24 |
| 132 | * Add permissive domain support from Eric Paris. |
| 133 | |
| 134 | 2.0.25 2008-03-04 |
| 135 | * Drop unused ->buffer field from struct policy_file. |
| 136 | |
| 137 | 2.0.24 2008-03-04 |
| 138 | * Add policy_file_init() initalizer for struct policy_file and use it, from Todd C. Miller. |
| 139 | |
| 140 | 2.0.23 2008-02-28 |
| 141 | * Accept "Flask" as an alternate identifier string in kernel policies from Stephen Smalley. |
| 142 | |
| 143 | 2.0.22 2008-02-28 |
| 144 | * Add support for open_perms policy capability from Eric Paris. |
| 145 | |
| 146 | 2.0.21 2008-02-20 |
| 147 | * Fix invalid memory allocation in policydb_index_others() from Jason Tang. |
| 148 | |
| 149 | 2.0.20 2008-02-04 |
| 150 | * Port of Yuichi Nakamura's tune avtab to reduce memory usage patch from the kernel avtab to libsepol from Stephen Smalley. |
| 151 | |
| 152 | 2.0.19 2008-02-02 |
| 153 | * Add support for consuming avrule_blocks during expansion to reduce |
| 154 | peak memory usage from Joshua Brindle. |
| 155 | |
| 156 | 2.0.18 2008-01-02 |
| 157 | * Added support for policy capabilities from Todd Miller. |
| 158 | |
| 159 | 2.0.17 2007-12-21 |
| 160 | * Prevent generation of policy.18 with MLS enabled from Todd Miller. |
| 161 | |
| 162 | 2.0.16 2007-12-07 |
| 163 | * print module magic number in hex on mismatch, from Todd Miller. |
| 164 | |
| 165 | 2.0.15 2007-11-29 |
| 166 | * clarify and reduce neverallow error reporting from Stephen Smalley. |
| 167 | |
| 168 | 2.0.14 2007-11-05 |
| 169 | * Reject self aliasing at link time from Stephen Smalley. |
| 170 | |
| 171 | 2.0.13 2007-11-05 |
| 172 | * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley. |
| 173 | |
| 174 | 2.0.12 2007-10-11 |
| 175 | * Fixed bug in require checking from Stephen Smalley. |
| 176 | * Added user hierarchy checking from Todd Miller. |
| 177 | |
| 178 | 2.0.11 2007-09-24 |
| 179 | * Pass CFLAGS to CC even on link command, per Dennis Gilmore. |
| 180 | |
| 181 | 2.0.10 2007-09-18 |
| 182 | * Merged support for the handle_unknown policydb flag from Eric Paris. |
| 183 | |
| 184 | 2.0.9 2007-08-29 |
| 185 | * Moved next_entry and put_entry out-of-line to reduce code size from Ulrich Drepper. |
| 186 | |
| 187 | 2.0.8 2007-08-28 |
| 188 | * Fixed module_package_read_offsets bug introduced by the prior patch. |
| 189 | |
| 190 | 2.0.7 2007-08-23 |
| 191 | * Eliminate unaligned accesses from policy reading code from Stephen Smalley. |
| 192 | |
| 193 | 2.0.6 2007-08-16 |
| 194 | * Allow dontaudits to be turned off during policy expansion from |
| 195 | Joshua Brindle. |
| 196 | |
| 197 | 2.0.5 2007-08-01 |
| 198 | * Fix sepol_context_clone to handle a NULL context correctly. |
| 199 | This happens for e.g. semanage_fcontext_set_con(sh, fcontext, NULL) |
| 200 | to set the file context entry to "<<none>>". |
| 201 | |
| 202 | 2.0.4 2007-06-20 |
| 203 | * Merged error handling patch from Eamon Walsh. |
| 204 | |
| 205 | 2.0.3 2007-04-13 |
| 206 | * Merged add boolmap argument to expand_module_avrules() from Chris PeBenito. |
| 207 | |
| 208 | 2.0.2 2007-03-30 |
| 209 | * Merged fix from Karl to remap booleans at expand time to |
| 210 | avoid holes in the symbol table. |
| 211 | |
| 212 | 2.0.1 2007-02-06 |
| 213 | * Merged libsepol segfault fix from Stephen Smalley for when |
| 214 | sensitivities are required but not present in the base. |
| 215 | |
| 216 | 2.0.0 2007-02-01 |
| 217 | * Merged patch to add errcodes.h to libsepol by Karl MacMillan. |
| 218 | |
| 219 | 1.16.0 2007-01-18 |
| 220 | * Updated version for stable branch. |
| 221 | |
| 222 | 1.15.3 2006-11-27 |
| 223 | * Merged patch to compile wit -fPIC instead of -fpic from |
| 224 | Manoj Srivastava to prevent hitting the global offest table |
| 225 | limit. Patch changed to include libselinux and libsemanage in |
| 226 | addition to libselinux. |
| 227 | 1.15.2 2006-10-31 |
| 228 | * Merged fix from Karl MacMillan for a segfault when linking |
| 229 | non-MLS modules with users in them. |
| 230 | |
| 231 | 1.15.1 2006-10-24 |
| 232 | * Merged fix for version comparison that was preventing range |
| 233 | transition rules from being written for a version 5 base policy |
| 234 | from Darrel Goeddel. |
| 235 | |
| 236 | 1.14 2006-10-17 |
| 237 | * Updated version for release. |
| 238 | |
| 239 | 1.12.28 2006-09-28 |
| 240 | * Build libsepol's static object files with -fpic |
| 241 | |
| 242 | 1.12.27 2006-09-28 |
| 243 | * Merged mls user and range_transition support in modules |
| 244 | from Darrel Goeddel |
| 245 | |
| 246 | 1.12.26 2006-09-05 |
| 247 | * Merged range transition enhancements and user format changes |
| 248 | Darrel Goeddel |
| 249 | |
| 250 | 1.12.25 2006-08-24 |
| 251 | * Merged conditionally expand neverallows patch from Jeremy Mowery. |
| 252 | * Merged refactor expander patch from Jeremy Mowery. |
| 253 | |
| 254 | 1.12.24 2006-08-03 |
| 255 | * Merged libsepol unit tests from Joshua Brindle. |
| 256 | |
| 257 | 1.12.23 2006-08-03 |
| 258 | * Merged symtab datum patch from Karl MacMillan. |
| 259 | |
| 260 | 1.12.22 2006-08-03 |
| 261 | * Merged netfilter contexts support from Chris PeBenito. |
| 262 | |
| 263 | 1.12.21 2006-07-28 |
| 264 | * Merged helpful hierarchy check errors patch from Joshua Brindle. |
| 265 | |
| 266 | 1.12.20 2006-07-25 |
| 267 | * Merged semodule_deps patch from Karl MacMillan. |
| 268 | This adds source module names to the avrule decls. |
| 269 | |
| 270 | 1.12.19 2006-06-29 |
| 271 | * Lindent. |
| 272 | |
| 273 | 1.12.18 2006-06-26 |
| 274 | * Merged optionals in base take 2 patch set from Joshua Brindle. |
| 275 | |
| 276 | 1.12.17 2006-05-30 |
| 277 | * Revert 1.12.16. |
| 278 | |
| 279 | 1.12.16 2006-05-30 |
| 280 | * Merged cleaner fix for bool_ids overflow from Karl MacMillan, |
| 281 | replacing the prior patch. |
| 282 | |
| 283 | 1.12.15 2006-05-30 |
| 284 | * Merged fixes for several memory leaks in the error paths during |
| 285 | policy read from Serge Hallyn. |
| 286 | |
| 287 | 1.12.14 2006-05-25 |
| 288 | * Fixed bool_ids overflow bug in cond_node_find and cond_copy_list, |
| 289 | based on bug report and suggested fix by Cedric Roux. |
| 290 | |
| 291 | 1.12.13 2006-05-24 |
| 292 | * Merged sens_copy_callback, check_role_hierarchy_callback, |
| 293 | and node_from_record fixes from Serge Hallyn. |
| 294 | |
| 295 | 1.12.12 2006-05-22 |
| 296 | * Added sepol_policydb_compat_net() interface for testing whether |
| 297 | a policy requires the compatibility support for network checks |
| 298 | to be enabled in the kernel. |
| 299 | |
| 300 | 1.12.11 2006-05-17 |
| 301 | * Merged patch to initialize sym_val_to_name arrays from Kevin Carr. |
| 302 | Reworked to use calloc in the first place, and converted some other |
| 303 | malloc/memset pairs to calloc calls. |
| 304 | |
| 305 | 1.12.10 2006-05-08 |
| 306 | * Merged patch to revert role/user decl upgrade from Karl MacMillan. |
| 307 | |
| 308 | 1.12.9 2006-05-08 |
| 309 | * Dropped tests from all Makefile target. |
| 310 | |
| 311 | 1.12.8 2006-05-05 |
| 312 | * Merged fix warnings patch from Karl MacMillan. |
| 313 | |
| 314 | 1.12.7 2006-05-05 |
| 315 | * Merged libsepol test framework patch from Karl MacMillan. |
| 316 | |
| 317 | 1.12.6 2006-04-28 |
| 318 | * Fixed cond_normalize to traverse the entire cond list at link time. |
| 319 | |
| 320 | 1.12.5 2006-04-03 |
| 321 | * Merged fix for leak of optional package sections from Ivan Gyurdiev. |
| 322 | |
| 323 | 1.12.4 2006-03-29 |
| 324 | * Generalize test for bitmap overflow in ebitmap_set_bit. |
| 325 | |
| 326 | 1.12.3 2006-03-27 |
| 327 | * Fixed attr_convert_callback and expand_convert_type_set |
| 328 | typemap bug. |
| 329 | |
| 330 | 1.12.2 2006-03-24 |
| 331 | * Fixed avrule_block_write num_decls endian bug. |
| 332 | |
| 333 | 1.12.1 2006-03-20 |
| 334 | * Fixed sepol_module_package_write buffer overflow bug. |
| 335 | |
| 336 | 1.12 2006-03-14 |
| 337 | * Updated version for release. |
| 338 | |
| 339 | 1.11.20 2006-03-08 |
| 340 | * Merged cond_evaluate_expr fix from Serge Hallyn (IBM). |
| 341 | * Fixed bug in copy_avrule_list reported by Ivan Gyurdiev. |
| 342 | |
| 343 | 1.11.19 2006-02-21 |
| 344 | * Merged sepol_policydb_mls_enabled interface and error handling |
| 345 | changes from Ivan Gyurdiev. |
| 346 | |
| 347 | 1.11.18 2006-02-16 |
| 348 | * Merged node_expand_addr bugfix and node_compare* change from |
| 349 | Ivan Gyurdiev. |
| 350 | |
| 351 | 1.11.17 2006-02-15 |
| 352 | * Merged nodes, ports: always prepend patch from Ivan Gyurdiev. |
| 353 | * Merged bug fix patch from Ivan Gyurdiev. |
| 354 | |
| 355 | 1.11.16 2006-02-14 |
| 356 | * Added a defined flag to level_datum_t for use by checkpolicy. |
| 357 | |
| 358 | 1.11.15 2006-02-14 |
| 359 | * Merged nodecon support patch from Ivan Gyurdiev. |
| 360 | * Merged cleanups patch from Ivan Gyurdiev. |
| 361 | |
| 362 | 1.11.14 2006-02-13 |
| 363 | * Merged optionals in base patch from Joshua Brindle. |
| 364 | |
| 365 | 1.11.13 2006-02-07 |
| 366 | * Merged seuser/user_extra support patch from Joshua Brindle. |
| 367 | * Merged fix patch from Ivan Gyurdiev. |
| 368 | |
| 369 | 1.11.12 2006-02-02 |
| 370 | * Merged clone record on set_con patch from Ivan Gyurdiev. |
| 371 | |
| 372 | 1.11.11 2006-02-01 |
| 373 | * Merged assertion copying bugfix from Joshua Brindle. |
| 374 | * Merged sepol_av_to_string patch from Joshua Brindle. |
| 375 | |
| 376 | 1.11.10 2006-01-30 |
| 377 | * Merged cond_expr mapping and package section count bug fixes |
| 378 | from Joshua Brindle. |
| 379 | * Merged improve port/fcontext API patch from Ivan Gyurdiev. |
| 380 | * Merged fixes for overflow bugs on 64-bit from Ivan Gyurdiev. |
| 381 | |
| 382 | 1.11.9 2006-01-12 |
| 383 | * Merged size_t -> unsigned int patch from Ivan Gyurdiev. |
| 384 | |
| 385 | 1.11.8 2006-01-09 |
| 386 | * Merged 2nd const in APIs patch from Ivan Gyurdiev. |
| 387 | |
| 388 | 1.11.7 2006-01-06 |
| 389 | * Merged const in APIs patch from Ivan Gyurdiev. |
| 390 | * Merged compare2 function patch from Ivan Gyurdiev. |
| 391 | |
| 392 | 1.11.6 2006-01-06 |
| 393 | * Fixed hierarchy checker to only check allow rules. |
| 394 | |
| 395 | 1.11.5 2006-01-05 |
| 396 | * Merged further fixes from Russell Coker, specifically: |
| 397 | - av_to_string overflow checking |
| 398 | - sepol_context_to_string error handling |
| 399 | - hierarchy checking memory leak fixes and optimizations |
| 400 | - avrule_block_read variable initialization |
| 401 | * Marked deprecated code in genbools and genusers. |
| 402 | |
| 403 | 1.11.4 2006-01-05 |
| 404 | * Merged bugfix for sepol_port_modify from Russell Coker. |
| 405 | |
| 406 | 1.11.3 2006-01-05 |
| 407 | * Fixed bug in sepol_iface_modify error path noted by Ivan Gyurdiev. |
| 408 | * Merged port ordering patch from Ivan Gyurdiev. |
| 409 | |
| 410 | 1.11.2 2006-01-04 |
| 411 | * Merged patch series from Ivan Gyurdiev. |
| 412 | This includes patches to: |
| 413 | - support ordering of records in compare function |
| 414 | - enable port interfaces |
| 415 | - add interfaces for context validity and range checks |
| 416 | - add include guards |
| 417 | |
| 418 | 1.11.1 2005-12-16 |
| 419 | * Fixed mls_range_cpy bug. |
| 420 | |
| 421 | 1.10 2005-12-07 |
| 422 | * Updated version for release. |
| 423 | |
| 424 | 1.9.42 2005-12-05 |
| 425 | * Dropped handle from user_del_role interface. |
| 426 | |
| 427 | 1.9.41 2005-11-28 |
| 428 | * Merged remove defrole from sepol patch from Ivan Gyurdiev. |
| 429 | |
| 430 | 1.9.40 2005-11-15 |
| 431 | * Merged module function and map file cleanup from Ivan Gyurdiev. |
| 432 | * Merged MLS and genusers cleanups from Ivan Gyurdiev. |
| 433 | |
| 434 | 1.9.39 2005-11-09 |
| 435 | Prepare for removal of booleans* and *.users files. |
| 436 | * Cleaned up sepol_genbools to not regenerate the image if |
| 437 | there were no changes in the boolean values, including the |
| 438 | degenerate case where there are no booleans or booleans.local |
| 439 | files. |
| 440 | * Cleaned up sepol_genusers to not warn on missing local.users. |
| 441 | |
| 442 | 1.9.38 2005-11-08 |
| 443 | * Removed sepol_port_* from libsepol.map, as the port interfaces |
| 444 | are not yet stable. |
| 445 | |
| 446 | 1.9.37 2005-11-04 |
| 447 | * Merged context destroy cleanup patch from Ivan Gyurdiev. |
| 448 | |
| 449 | 1.9.36 2005-11-03 |
| 450 | * Merged context_to_string interface change patch from Ivan Gyurdiev. |
| 451 | |
| 452 | 1.9.35 2005-11-01 |
| 453 | * Added src/dso.h and src/*_internal.h. |
| 454 | Added hidden_def for exported symbols used within libsepol. |
| 455 | Added hidden for symbols that should not be exported by |
| 456 | the wildcards in libsepol.map. |
| 457 | |
| 458 | 1.9.34 2005-10-31 |
| 459 | * Merged record interface, record bugfix, and set_roles patches |
| 460 | from Ivan Gyurdiev. |
| 461 | |
| 462 | 1.9.33 2005-10-27 |
| 463 | * Merged count specification change from Ivan Gyurdiev. |
| 464 | |
| 465 | 1.9.32 2005-10-26 |
| 466 | * Added further checking and error reporting to |
| 467 | sepol_module_package_read and _info. |
| 468 | |
| 469 | 1.9.31 2005-10-26 |
| 470 | * Merged sepol handle passing, DEBUG conversion, and memory leak |
| 471 | fix patches from Ivan Gyurdiev. |
| 472 | |
| 473 | 1.9.30 2005-10-25 |
| 474 | * Removed processing of system.users from sepol_genusers and |
| 475 | dropped delusers logic. |
| 476 | |
| 477 | 1.9.29 2005-10-25 |
| 478 | * Removed policydb_destroy from error path of policydb_read, |
| 479 | since create/init/destroy/free of policydb is handled by the |
| 480 | caller now. |
| 481 | * Fixed sepol_module_package_read to handle a failed policydb_read |
| 482 | properly. |
| 483 | |
| 484 | 1.9.28 2005-10-25 |
| 485 | * Merged query/exists and count patches from Ivan Gyurdiev. |
| 486 | |
| 487 | 1.9.27 2005-10-25 |
| 488 | * Merged fix for pruned types in expand code from Joshua Brindle. |
| 489 | * Merged new module package format code from Joshua Brindle. |
| 490 | |
| 491 | 1.9.26 2005-10-24 |
| 492 | * Merged context interface cleanup, record conversion code, |
| 493 | key passing, and bug fix patches from Ivan Gyurdiev. |
| 494 | |
| 495 | 1.9.25 2005-10-21 |
| 496 | * Merged users cleanup patch from Ivan Gyurdiev. |
| 497 | |
| 498 | 1.9.24 2005-10-21 |
| 499 | * Merged user record memory leak fix from Ivan Gyurdiev. |
| 500 | * Merged reorganize users patch from Ivan Gyurdiev. |
| 501 | |
| 502 | 1.9.23 2005-10-19 |
| 503 | * Added check flag to expand_module() to control assertion |
| 504 | and hierarchy checking on expansion. |
| 505 | |
| 506 | 1.9.22 2005-10-19 |
| 507 | * Reworked check_assertions() and hierarchy_check_constraints() |
| 508 | to take handles and use callback-based error reporting. |
| 509 | * Changed expand_module() to call check_assertions() and |
| 510 | hierarchy_check_constraints() prior to returning the expanded |
| 511 | policy. |
| 512 | |
| 513 | 1.9.21 2005-10-18 |
| 514 | * Changed sepol_module_package_set_file_contexts to copy the |
| 515 | file contexts data since it is internally managed. |
| 516 | |
| 517 | 1.9.20 2005-10-18 |
| 518 | * Added sepol_policy_file_set_handle interface to associate |
| 519 | a handle with a policy file. |
| 520 | * Added handle argument to policydb_from_image/to_image. |
| 521 | * Added sepol_module_package_set_file_contexts interface. |
| 522 | * Dropped sepol_module_package_create_file interface. |
| 523 | * Reworked policydb_read/write, policydb_from_image/to_image, |
| 524 | and sepol_module_package_read/write to use callback-based error |
| 525 | reporting system rather than DEBUG. |
| 526 | |
| 527 | 1.9.19 2005-10-17 |
| 528 | * Reworked link_packages, link_modules, and expand_module to use |
| 529 | callback-based error reporting system rather than error buffering. |
| 530 | |
| 531 | 1.9.18 2005-10-14 |
| 532 | * Merged conditional expression mapping fix in the module linking |
| 533 | code from Joshua Brindle. |
| 534 | |
| 535 | 1.9.17 2005-10-13 |
| 536 | * Hid sepol_module_package type definition, and added get interfaces. |
| 537 | |
| 538 | 1.9.16 2005-10-13 |
| 539 | * Merged new callback-based error reporting system from Ivan |
| 540 | Gyurdiev. |
| 541 | |
| 542 | 1.9.15 2005-10-13 |
| 543 | * Merged support for require blocks inside conditionals from |
| 544 | Joshua Brindle (Tresys). |
| 545 | |
| 546 | 1.9.14 2005-10-07 |
| 547 | * Fixed use of policydb_from_image/to_image to ensure proper |
| 548 | init of policydb. |
| 549 | |
| 550 | 1.9.13 2005-10-07 |
| 551 | * Isolated policydb internal headers under <sepol/policydb/*.h>. |
| 552 | These headers should only be used by users of the static libsepol. |
| 553 | Created new <sepol/policydb.h> with new public types and interfaces |
| 554 | for shared libsepol. |
| 555 | Created new <sepol/module.h> with public types and interfaces moved |
| 556 | or wrapped from old module.h, link.h, and expand.h, adjusted for |
| 557 | new public types for policydb and policy_file. |
| 558 | Added public interfaces to libsepol.map. |
| 559 | Some implementation changes visible to users of the static libsepol: |
| 560 | 1) policydb_read no longer calls policydb_init. |
| 561 | Caller must do so first. |
| 562 | 2) policydb_init no longer takes policy_type argument. |
| 563 | Caller must set policy_type separately. |
| 564 | 3) expand_module automatically enables the global branch. |
| 565 | Caller no longer needs to do so. |
| 566 | 4) policydb_write uses the policy_type and policyvers from the |
| 567 | policydb itself, and sepol_set_policyvers() has been removed. |
| 568 | |
| 569 | 1.9.12 2005-10-06 |
| 570 | * Merged function renaming and static cleanup from Ivan Gyurdiev. |
| 571 | |
| 572 | 1.9.11 2005-10-05 |
| 573 | * Merged bug fix for check_assertions handling of no assertions |
| 574 | from Joshua Brindle (Tresys). |
| 575 | |
| 576 | 1.9.10 2005-10-04 |
| 577 | * Merged iterate patch from Ivan Gyurdiev. |
| 578 | |
| 579 | 1.9.9 2005-10-03 |
| 580 | * Merged MLS in modules patch from Joshua Brindle (Tresys). |
| 581 | |
| 582 | 1.9.8 2005-09-30 |
| 583 | * Merged pointer typedef elimination patch from Ivan Gyurdiev. |
| 584 | * Merged user list function, new mls functions, and bugfix patch |
| 585 | from Ivan Gyurdiev. |
| 586 | |
| 587 | 1.9.7 2005-09-28 |
| 588 | * Merged sepol_get_num_roles fix from Karl MacMillan (Tresys). |
| 589 | |
| 590 | 1.9.6 2005-09-23 |
| 591 | * Merged bug fix patches from Joshua Brindle (Tresys). |
| 592 | |
| 593 | 1.9.5 2005-09-21 |
| 594 | * Merged boolean record and memory leak fix patches from Ivan |
| 595 | Gyurdiev. |
| 596 | |
| 597 | 1.9.4 2005-09-19 |
| 598 | * Merged interface record patch from Ivan Gyurdiev. |
| 599 | |
| 600 | 1.9.3 2005-09-14 |
| 601 | * Merged fix for sepol_enable/disable_debug from Ivan |
| 602 | Gyurdiev. |
| 603 | |
| 604 | 1.9.2 2005-09-14 |
| 605 | * Merged stddef.h patch and debug conversion patch from |
| 606 | Ivan Gyurdiev. |
| 607 | |
| 608 | 1.9.1 2005-09-09 |
| 609 | * Fixed expand_avtab and expand_cond_av_list to keep separate |
| 610 | entries with identical keys but different enabled flags. |
| 611 | |
| 612 | 1.8 2005-09-06 |
| 613 | * Updated version for release. |
| 614 | |
| 615 | 1.7.24 2005-08-31 |
| 616 | * Fixed symtab_insert return value for duplicate declarations. |
| 617 | |
| 618 | 1.7.23 2005-08-31 |
| 619 | * Merged fix for memory error in policy_module_destroy from |
| 620 | Jason Tang (Tresys). |
| 621 | |
| 622 | 1.7.22 2005-08-26 |
| 623 | * Merged fix for memory leak in sepol_context_to_sid from |
| 624 | Jason Tang (Tresys). |
| 625 | |
| 626 | 1.7.21 2005-08-25 |
| 627 | * Merged fixes for resource leaks on error paths and |
| 628 | change to scope_destroy from Joshua Brindle (Tresys). |
| 629 | |
| 630 | 1.7.20 2005-08-23 |
| 631 | * Merged more fixes for resource leaks on error paths |
| 632 | from Serge Hallyn (IBM). Bugs found by Coverity. |
| 633 | |
| 634 | 1.7.19 2005-08-19 |
| 635 | * Changed to treat all type conflicts as fatal errors. |
| 636 | |
| 637 | 1.7.18 2005-08-18 |
| 638 | * Merged several error handling fixes from |
| 639 | Serge Hallyn (IBM). Bugs found by Coverity. |
| 640 | |
| 641 | 1.7.17 2005-08-15 |
| 642 | * Fixed further memory leaks found by valgrind. |
| 643 | |
| 644 | 1.7.16 2005-08-15 |
| 645 | * Fixed several memory leaks found by valgrind. |
| 646 | |
| 647 | 1.7.15 2005-08-12 |
| 648 | * Fixed empty list test in cond_write_av_list. Bug found by |
| 649 | Coverity, reported by Serge Hallyn (IBM). |
| 650 | * Merged patch to policydb_write to check errors |
| 651 | when writing the type->attribute reverse map from |
| 652 | Serge Hallyn (IBM). Bug found by Coverity. |
| 653 | * Fixed policydb_destroy to properly handle NULL type_attr_map |
| 654 | or attr_type_map. |
| 655 | |
| 656 | 1.7.14 2005-08-12 |
| 657 | * Fixed use of uninitialized data by expand_avtab_node by |
| 658 | clearing type_val_to_struct in policydb_index_others. |
| 659 | |
| 660 | 1.7.13 2005-08-11 |
| 661 | * Improved memory use by SELinux by both reducing the avtab |
| 662 | node size and reducing the number of avtab nodes (by not |
| 663 | expanding attributes in TE rules when possible). Added |
| 664 | expand_avtab and expand_cond_av_list functions for use by |
| 665 | assertion checker, hierarchy checker, compatibility code, |
| 666 | and dispol. Added new inline ebitmap operators and converted |
| 667 | existing users of ebitmaps to the new operators for greater |
| 668 | efficiency. |
| 669 | Note: The binary policy format version has been incremented to |
| 670 | version 20 as a result of these changes. |
| 671 | |
| 672 | 1.7.12 2005-08-10 |
| 673 | * Fixed bug in constraint_node_clone handling of name sets. |
| 674 | |
| 675 | 1.7.11 2005-08-08 |
| 676 | * Fix range_trans_clone to map the type values properly. |
| 677 | |
| 678 | 1.7.10 2005-08-02 |
| 679 | * Merged patch to move module read/write code from libsemanage |
| 680 | to libsepol from Jason Tang (Tresys). |
| 681 | |
| 682 | 1.7.9 2005-08-02 |
| 683 | * Enabled further compiler warning flags and fixed them. |
| 684 | |
| 685 | 1.7.8 2005-08-02 |
| 686 | * Merged user, context, port records patch from Ivan Gyurdiev. |
| 687 | * Merged key extract function patch from Ivan Gyurdiev. |
| 688 | |
| 689 | 1.7.7 2005-07-27 |
| 690 | * Merged mls_context_to_sid bugfix from Ivan Gyurdiev. |
| 691 | |
| 692 | 1.7.6 2005-07-26 |
| 693 | * Merged context reorganization, memory leak fixes, |
| 694 | port and interface loading, replacements for genusers and |
| 695 | genbools, debug traceback, and bugfix patches from Ivan Gyurdiev. |
| 696 | * Merged uninitialized variable bugfix from Dan Walsh. |
| 697 | |
| 698 | 1.7.5 2005-07-18 |
| 699 | * Merged debug support, policydb conversion functions from Ivan Gyurdiev (Red Hat). |
| 700 | * Removed genpolbools and genpolusers utilities. |
| 701 | |
| 702 | 1.7.4 2005-07-18 |
| 703 | * Merged hierarchy check fix from Joshua Brindle (Tresys). |
| 704 | |
| 705 | 1.7.3 2005-07-13 |
| 706 | * Merged header file cleanup and memory leak fix from Ivan Gyurdiev (Red Hat). |
| 707 | |
| 708 | 1.7.2 2005-07-11 |
| 709 | * Merged genbools debugging message cleanup from Red Hat. |
| 710 | |
| 711 | 1.7.1 2005-07-06 |
| 712 | * Merged loadable module support from Tresys Technology. |
| 713 | |
| 714 | 1.6 2005-06-20 |
| 715 | * Updated version for release. |
| 716 | |
| 717 | 1.5.10 2005-05-19 |
| 718 | * License changed to LGPL v2.1, see COPYING. |
| 719 | |
| 720 | 1.5.9 2005-05-16 |
| 721 | * Added sepol_genbools_policydb and sepol_genusers_policydb for |
| 722 | audit2why. |
| 723 | |
| 724 | 1.5.8 2005-05-13 |
| 725 | * Added sepol_ prefix to Flask types to avoid |
| 726 | namespace collision with libselinux. |
| 727 | |
| 728 | 1.5.7 2005-05-13 |
| 729 | * Added sepol_compute_av_reason() for audit2why. |
| 730 | |
| 731 | 1.5.6 2005-04-25 |
| 732 | * Fixed bug in role hierarchy checker. |
| 733 | |
| 734 | 1.5.5 2005-04-13 |
| 735 | * Merged hierarchical type/role patch from Tresys Technology. |
| 736 | * Merged MLS fixes from Darrel Goeddel of TCS. |
| 737 | |
| 738 | 1.5.4 2005-04-13 |
| 739 | * Changed sepol_genusers to not delete users by default, |
| 740 | and added a sepol_set_delusers function to enable deletion. |
| 741 | Also, removed special case handling of system_u and user_u. |
| 742 | |
| 743 | 1.5.3 2005-03-29 |
| 744 | * Merged booleans.local patch from Dan Walsh. |
| 745 | |
| 746 | 1.5.2 2005-03-16 |
| 747 | * Added man page for sepol_check_context. |
| 748 | |
| 749 | 1.5.1 2005-03-15 |
| 750 | * Added man page for sepol_genusers function. |
| 751 | * Merged man pages for genpolusers and chkcon from Manoj Srivastava. |
| 752 | |
| 753 | 1.4 2005-03-09 |
| 754 | * Updated version for release. |
| 755 | |
| 756 | 1.3.8 2005-03-08 |
| 757 | * Cleaned up error handling in sepol_genusers and sepol_genbools. |
| 758 | |
| 759 | 1.3.7 2005-02-28 |
| 760 | * Merged sepol_debug and fclose patch from Dan Walsh. |
| 761 | |
| 762 | 1.3.6 2005-02-22 |
| 763 | * Changed sepol_genusers to also use getline and correctly handle |
| 764 | EOL. |
| 765 | |
| 766 | 1.3.5 2005-02-17 |
| 767 | * Merged range_transition support from Darrel Goeddel (TCS). |
| 768 | |
| 769 | 1.3.4 2005-02-16 |
| 770 | * Added sepol_genusers function. |
| 771 | |
| 772 | 1.3.3 2005-02-14 |
| 773 | * Merged endianness and compute_av patches from Darrel Goeddel (TCS). |
| 774 | |
| 775 | 1.3.2 2005-02-09 |
| 776 | * Changed relabel Makefile target to use restorecon. |
| 777 | |
| 778 | 1.3.1 2005-01-26 |
| 779 | * Merged enhanced MLS support from Darrel Goeddel (TCS). |
| 780 | |
| 781 | 1.2.1 2005-01-19 |
| 782 | * Merged build fix patch from Manoj Srivastava. |
| 783 | |
| 784 | 1.2 2004-10-07 |
| 785 | * MLS build fixes. |
| 786 | * Added sepol_set_policydb_from_file and sepol_check_context for setfiles. |
| 787 | |
| 788 | 1.0 2004-08-19 |
| 789 | * Initial public release. |
| 790 | |
| 791 | 0.4 2004-08-13 |
| 792 | * Merged patch from Dan Walsh to ignore case on booleans. |
| 793 | * Changed sepol_genbools* to preserve the original policy version. |
| 794 | * Replaced exported global variables with set functions. |
| 795 | * Moved genpolbools utility from checkpolicy to libsepol. |
| 796 | * Added man pages for sepol_genbools* and genpolbools. |
| 797 | |
| 798 | 0.3 2004-08-10 |
| 799 | * Added ChangeLog, COPYING, spec file. |
| 800 | * Added sepol_genbools_array() for load_policy. |
| 801 | * Created libsepol.map to limit exported symbols in shared library. |
| 802 | |
| 803 | 0.2 2004-08-09 |
| 804 | * Exported other functions for checkpolicy and friends. |
| 805 | * Renamed service and sidtab functions to avoid libselinux conflict. |
| 806 | * Removed original code from checkpolicy, which now uses libsepol. |
| 807 | * Code cleanup: kill legacy references to kernel types/functions. |
| 808 | |
| 809 | 0.1 2004-08-06 |
| 810 | * Moved checkpolicy core logic into a library. |
| 811 | * Exported sepol_genbools() for load_policy. |