Chad Sellers | fe19c7a | 2010-06-14 16:33:29 -0400 | [diff] [blame] | 1 | 2.0.22 2010-06-14 |
| 2 | * Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence |
| 3 | |
Joshua Brindle | 32cf5d5 | 2009-11-27 15:03:02 -0500 | [diff] [blame] | 4 | 2.0.21 2009-11-27 |
| 5 | * Add long options to checkpolicy and checkmodule by Guido |
| 6 | Trentalancia <guido@trentalancia.com> |
| 7 | |
Joshua Brindle | f3c3bbd | 2009-10-14 15:54:16 -0400 | [diff] [blame] | 8 | 2.0.20 2009-10-14 |
| 9 | * Add support for building Xen policies from Paul Nuzzi. |
| 10 | |
Joshua Brindle | 4e23951 | 2009-02-17 12:22:40 -0500 | [diff] [blame] | 11 | 2.0.19 2009-02-18 |
| 12 | * Fix alias field in module format, caused by boundary format change |
| 13 | from Caleb Case. |
| 14 | |
Joshua Brindle | 3d431ae | 2008-10-14 08:12:59 -0400 | [diff] [blame] | 15 | 2.0.18 2008-10-14 |
| 16 | * Properly escape regex symbols in the lexer from Stephen Smalley. |
| 17 | |
Joshua Brindle | b04f2af | 2008-10-09 08:31:43 -0400 | [diff] [blame] | 18 | 2.0.17 2008-10-09 |
| 19 | * Add bounds support from KaiGai Kohei. |
| 20 | |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 21 | 2.0.16 2008-05-27 |
| 22 | * Update checkpolicy for user and role mapping support from Joshua Brindle. |
| 23 | |
| 24 | 2.0.15 2008-05-05 |
| 25 | * Fix for policy module versions that look like IPv4 addresses from Jim Carter. |
| 26 | Resolves bug 444451. |
| 27 | |
| 28 | 2.0.14 2008-03-24 |
| 29 | * Add permissive domain support from Eric Paris. |
| 30 | |
| 31 | 2.0.13 2008-03-05 |
| 32 | * Split out non-grammar parts of policy_parse.yacc into |
| 33 | policy_define.c and policy_define.h from Todd C. Miller. |
| 34 | |
| 35 | 2.0.12 2008-03-04 |
| 36 | * Initialize struct policy_file before using it, from Todd C. Miller. |
| 37 | |
| 38 | 2.0.11 2008-03-03 |
| 39 | * Remove unused define, move variable out of .y file, simplify COND_ERR, from Todd C. Miller. |
| 40 | |
| 41 | 2.0.10 2008-02-28 |
| 42 | * Use yyerror2() where appropriate from Todd C. Miller. |
| 43 | |
| 44 | 2.0.9 2008-02-04 |
| 45 | * Update dispol for libsepol avtab changes from Stephen Smalley. |
| 46 | |
| 47 | 2.0.8 2008-01-24 |
| 48 | * Deprecate role dominance in parser. |
| 49 | |
| 50 | 2.0.7 2008-01-02 |
| 51 | * Added support for policy capabilities from Todd Miller. |
| 52 | |
| 53 | 2.0.6 2007-11-15 |
| 54 | * Initialize the source file name from the command line argument so that checkpolicy/checkmodule report something more useful than "unknown source". |
| 55 | |
| 56 | 2.0.5 2007-11-01 |
| 57 | * Merged remove use of REJECT and trailing context in lex rules; make ipv4 address parsing like ipv6 from James Carter. |
| 58 | |
| 59 | 2.0.4 2007-09-18 |
| 60 | * Merged handle unknown policydb flag support from Eric Paris. |
| 61 | Adds new command line options -U {allow, reject, deny} for selecting |
| 62 | the flag when a base module or kernel policy is built. |
| 63 | |
| 64 | 2.0.3 2007-05-31 |
| 65 | * Merged fix for segfault on duplicate require of sensitivity from Caleb Case. |
| 66 | * Merged fix for dead URLs in checkpolicy man pages from Dan Walsh. |
| 67 | |
| 68 | 2.0.2 2007-04-12 |
| 69 | * Merged checkmodule man page fix from Dan Walsh. |
| 70 | |
| 71 | 2.0.1 2007-02-20 |
| 72 | * Merged patch to allow dots in class identifiers from Caleb Case. |
| 73 | |
| 74 | 2.0.0 2007-02-01 |
| 75 | * Merged patch to use new libsepol error codes by Karl MacMillan. |
| 76 | |
| 77 | 1.34.0 2007-01-18 |
| 78 | * Updated version for stable branch. |
| 79 | |
| 80 | 1.33.1 2006-11-13 |
| 81 | * Collapse user identifiers and identifiers together. |
| 82 | |
| 83 | 1.32 2006-10-17 |
| 84 | * Updated version for release. |
| 85 | |
| 86 | 1.30.12 2006-09-28 |
| 87 | * Merged user and range_transition support for modules from |
| 88 | Darrel Goeddel |
| 89 | |
| 90 | 1.30.11 2006-09-05 |
| 91 | * merged range_transition enhancements and user module format |
| 92 | changes from Darrel Goeddel |
| 93 | |
| 94 | 1.30.10 2006-08-03 |
| 95 | * Merged symtab datum patch from Karl MacMillan. |
| 96 | |
| 97 | 1.30.9 2006-06-29 |
| 98 | * Lindent. |
| 99 | |
| 100 | 1.30.8 2006-06-29 |
| 101 | * Merged patch to remove TE rule conflict checking from the parser |
| 102 | from Joshua Brindle. This can only be done properly by the |
| 103 | expander. |
| 104 | |
| 105 | 1.30.7 2006-06-27 |
| 106 | * Merged patch to make checkpolicy/checkmodule handling of |
| 107 | duplicate/conflicting TE rules the same as the expander |
| 108 | from Joshua Brindle. |
| 109 | |
| 110 | 1.30.6 2006-06-26 |
| 111 | * Merged optionals in base take 2 patch set from Joshua Brindle. |
| 112 | |
| 113 | 1.30.5 2006-05-05 |
| 114 | * Merged compiler cleanup patch from Karl MacMillan. |
| 115 | * Merged fix warnings patch from Karl MacMillan. |
| 116 | |
| 117 | 1.30.4 2006-04-05 |
| 118 | * Changed require_class to reject permissions that have not been |
| 119 | declared if building a base module. |
| 120 | |
| 121 | 1.30.3 2006-03-28 |
| 122 | * Fixed checkmodule to call link_modules prior to expand_module |
| 123 | to handle optionals. |
| 124 | |
| 125 | 1.30.2 2006-03-28 |
| 126 | * Fixed require_class to avoid shadowing permissions already defined |
| 127 | in an inherited common definition. |
| 128 | |
| 129 | 1.30.1 2006-03-22 |
| 130 | * Moved processing of role and user require statements to 2nd pass. |
| 131 | |
| 132 | 1.30 2006-03-14 |
| 133 | * Updated version for release. |
| 134 | |
| 135 | 1.29.5 2006-03-09 |
| 136 | * Fixed bug in role dominance (define_role_dom). |
| 137 | |
| 138 | 1.29.4 2006-02-14 |
| 139 | * Added a check for failure to declare each sensitivity in |
| 140 | a level definition. |
| 141 | |
| 142 | 1.29.3 2006-02-13 |
| 143 | * Changed to clone level data for aliased sensitivities to |
| 144 | avoid double free upon sens_destroy. Bug reported by Kevin |
| 145 | Carr of Tresys Technology. |
| 146 | |
| 147 | 1.29.2 2006-02-13 |
| 148 | * Merged optionals in base patch from Joshua Brindle. |
| 149 | |
| 150 | 1.29.1 2006-02-01 |
| 151 | * Merged sepol_av_to_string patch from Joshua Brindle. |
| 152 | |
| 153 | 1.28 2005-12-07 |
| 154 | * Updated version for release. |
| 155 | |
| 156 | 1.27.20 2005-12-02 |
| 157 | * Merged checkmodule man page from Dan Walsh, and edited it. |
| 158 | |
| 159 | 1.27.19 2005-12-01 |
| 160 | * Added error checking of all ebitmap_set_bit calls for out of |
| 161 | memory conditions. |
| 162 | |
| 163 | 1.27.18 2005-12-01 |
| 164 | * Merged removal of compatibility handling of netlink classes |
| 165 | (requirement that policies with newer versions include the |
| 166 | netlink class definitions, remapping of fine-grained netlink |
| 167 | classes in newer source policies to single netlink class when |
| 168 | generating older policies) from George Coker. |
| 169 | |
| 170 | 1.27.17 2005-10-25 |
| 171 | * Merged dismod fix from Joshua Brindle. |
| 172 | |
| 173 | 1.27.16 2005-10-20 |
| 174 | * Removed obsolete cond_check_type_rules() function and call and |
| 175 | cond_optimize_lists() call from checkpolicy.c; these are handled |
| 176 | during parsing and expansion now. |
| 177 | |
| 178 | 1.27.15 2005-10-19 |
| 179 | * Updated calls to expand_module for interface change. |
| 180 | |
| 181 | 1.27.14 2005-10-19 |
| 182 | * Changed checkmodule to verify that expand_module succeeds |
| 183 | when building base modules. |
| 184 | |
| 185 | 1.27.13 2005-10-19 |
| 186 | * Merged module compiler fixes from Joshua Brindle. |
| 187 | |
| 188 | 1.27.12 2005-10-19 |
| 189 | * Removed direct calls to hierarchy_check_constraints() and |
| 190 | check_assertions() from checkpolicy since they are now called |
| 191 | internally by expand_module(). |
| 192 | |
| 193 | 1.27.11 2005-10-18 |
| 194 | * Updated for changes to sepol policydb_index_others interface. |
| 195 | |
| 196 | 1.27.10 2005-10-17 |
| 197 | * Updated for changes to sepol expand_module and link_modules interfaces. |
| 198 | |
| 199 | 1.27.9 2005-10-13 |
| 200 | * Merged support for require blocks inside conditionals from |
| 201 | Joshua Brindle (Tresys). |
| 202 | |
| 203 | 1.27.8 2005-10-06 |
| 204 | * Updated for changes to libsepol. |
| 205 | |
| 206 | 1.27.7 2005-10-05 |
| 207 | * Merged several bug fixes from Joshua Brindle (Tresys). |
| 208 | |
| 209 | 1.27.6 2005-10-03 |
| 210 | * Merged MLS in modules patch from Joshua Brindle (Tresys). |
| 211 | |
| 212 | 1.27.5 2005-09-28 |
| 213 | * Merged error handling improvement in checkmodule from Karl MacMillan (Tresys). |
| 214 | |
| 215 | 1.27.4 2005-09-26 |
| 216 | * Merged bugfix for dup role transition error messages from |
| 217 | Karl MacMillan (Tresys). |
| 218 | |
| 219 | 1.27.3 2005-09-23 |
| 220 | * Merged policyver/modulever patches from Joshua Brindle (Tresys). |
| 221 | |
| 222 | 1.27.2 2005-09-20 |
| 223 | * Fixed parse_categories handling of undefined category. |
| 224 | |
| 225 | 1.27.1 2005-09-16 |
| 226 | * Merged bug fix for role dominance handling from Darrel Goeddel (TCS). |
| 227 | |
| 228 | 1.26 2005-09-06 |
| 229 | * Updated version for release. |
| 230 | |
| 231 | 1.25.12 2005-08-22 |
| 232 | * Fixed handling of validatetrans constraint expressions. |
| 233 | Bug reported by Dan Walsh for checkpolicy -M. |
| 234 | |
| 235 | 1.25.11 2005-08-18 |
| 236 | * Merged use-after-free fix from Serge Hallyn (IBM). |
| 237 | Bug found by Coverity. |
| 238 | |
| 239 | 1.25.10 2005-08-15 |
| 240 | * Fixed further memory leaks found by valgrind. |
| 241 | |
| 242 | 1.25.9 2005-08-15 |
| 243 | * Changed checkpolicy to destroy the policydbs prior to exit |
| 244 | to allow leak detection. |
| 245 | * Fixed several memory leaks found by valgrind. |
| 246 | |
| 247 | 1.25.8 2005-08-11 |
| 248 | * Updated checkpolicy and dispol for the new avtab format. |
| 249 | Converted users of ebitmaps to new inline operators. |
| 250 | Note: The binary policy format version has been incremented to |
| 251 | version 20 as a result of these changes. To build a policy |
| 252 | for a kernel that does not yet include these changes, use |
| 253 | the -c 19 option to checkpolicy. |
| 254 | |
| 255 | 1.25.7 2005-08-11 |
| 256 | * Merged patch to prohibit use of "self" as a type name from Jason Tang (Tresys). |
| 257 | |
| 258 | 1.25.6 2005-08-10 |
| 259 | * Merged patch to fix dismod compilation from Joshua Brindle (Tresys). |
| 260 | |
| 261 | 1.25.5 2005-08-09 |
| 262 | * Fixed call to hierarchy checking code to pass the right policydb. |
| 263 | |
| 264 | 1.25.4 2005-08-02 |
| 265 | * Merged patch to update dismod for the relocation of the |
| 266 | module read/write code from libsemanage to libsepol, and |
| 267 | to enable build of test subdirectory from Jason Tang (Tresys). |
| 268 | |
| 269 | 1.25.3 2005-07-18 |
| 270 | * Merged hierarchy check fix from Joshua Brindle (Tresys). |
| 271 | |
| 272 | 1.25.2 2005-07-06 |
| 273 | * Merged loadable module support from Tresys Technology. |
| 274 | |
| 275 | 1.25.1 2005-06-24 |
| 276 | * Merged patch to prohibit the use of * and ~ in type sets |
| 277 | (other than in neverallow statements) and in role sets |
| 278 | from Joshua Brindle (Tresys). |
| 279 | |
| 280 | 1.24 2005-06-20 |
| 281 | * Updated version for release. |
| 282 | |
| 283 | 1.23.4 2005-05-19 |
| 284 | * Merged cleanup patch from Dan Walsh. |
| 285 | |
| 286 | 1.23.3 2005-05-13 |
| 287 | * Added sepol_ prefix to Flask types to avoid namespace |
| 288 | collision with libselinux. |
| 289 | |
| 290 | 1.23.2 2005-04-29 |
| 291 | * Merged identifier fix from Joshua Brindle (Tresys). |
| 292 | |
| 293 | 1.23.1 2005-04-13 |
| 294 | * Merged hierarchical type/role patch from Tresys Technology. |
| 295 | * Merged MLS fixes from Darrel Goeddel of TCS. |
| 296 | |
| 297 | 1.22 2005-03-09 |
| 298 | * Updated version for release. |
| 299 | |
| 300 | 1.21.4 2005-02-17 |
| 301 | * Moved genpolusers utility to libsepol. |
| 302 | * Merged range_transition support from Darrel Goeddel (TCS). |
| 303 | |
| 304 | 1.21.3 2005-02-16 |
| 305 | * Merged define_user() cleanup patch from Darrel Goeddel (TCS). |
| 306 | |
| 307 | 1.21.2 2005-02-09 |
| 308 | * Changed relabel Makefile target to use restorecon. |
| 309 | |
| 310 | 1.21.1 2005-01-26 |
| 311 | * Merged enhanced MLS support from Darrel Goeddel (TCS). |
| 312 | |
| 313 | 1.20 2005-01-04 |
| 314 | * Merged typeattribute statement patch from Darrel Goeddel of TCS. |
| 315 | * Changed genpolusers to handle multiple user config files. |
| 316 | * Merged nodecon ordering patch from Chad Hanson of TCS. |
| 317 | |
| 318 | 1.18 2004-10-07 |
| 319 | * MLS build fix. |
| 320 | * Fixed Makefile dependencies (Chris PeBenito). |
| 321 | * Merged fix for role dominance ordering issue from Chad Hanson of TCS. |
| 322 | * Preserve portcon ordering and apply more checking. |
| 323 | |
| 324 | 1.16 2004-08-13 |
| 325 | * Allow empty conditional clauses. |
| 326 | * Moved genpolbools utility to libsepol. |
| 327 | * Updated for libsepol set functions. |
| 328 | * Changed to link with libsepol.a. |
| 329 | * Moved core functionality into libsepol. |
| 330 | * Merged bug fix for conditional self handling from Karl MacMillan, Dave Caplan, and Joshua Brindle of Tresys. |
| 331 | * Added genpolusers program. |
| 332 | * Fixed bug in checkpolicy conditional code. |
| 333 | |
| 334 | 1.14 2004-06-28 |
| 335 | * Merged fix for MLS logic from Daniel Thayer of TCS. |
| 336 | * Require semicolon terminator for typealias statement. |
| 337 | |
| 338 | 1.12 2004-06-16 |
| 339 | * Merged fine-grained netlink class support. |
| 340 | |
| 341 | 1.10 2004-04-07 |
| 342 | * Merged ipv6 support from James Morris of RedHat. |
| 343 | * Fixed compute_av bug discovered by Chad Hanson of TCS. |
| 344 | |
| 345 | 1.8 2004-03-09 |
| 346 | * Merged policydb MLS patch from Chad Hanson of TCS. |
| 347 | * Fixed mmap of policy file. |
| 348 | |
| 349 | 1.6 2004-02-18 |
| 350 | * Merged conditional policy extensions from Tresys Technology. |
| 351 | * Added typealias declaration support per Russell Coker's request. |
| 352 | * Added support for excluding types from type sets based on |
| 353 | a patch by David Caplan, but reimplemented as a change to the |
| 354 | policy grammar. |
| 355 | * Merged patch from Colin Walters to report source file name and line |
| 356 | number for errors when available. |
| 357 | * Un-deprecated role transitions. |
| 358 | |
| 359 | 1.4 2003-12-01 |
| 360 | * Regenerated headers. |
| 361 | * Merged patches from Bastian Blank and Joerg Hoh. |
| 362 | |
| 363 | 1.2 2003-09-30 |
| 364 | * Merged MLS build patch from Karl MacMillan of Tresys. |
| 365 | * Merged checkpolicy man page from Magosanyi Arpad. |
| 366 | |
| 367 | 1.1 2003-08-13 |
| 368 | * Fixed endian bug in policydb_write for behavior value. |
| 369 | * License -> GPL. |
| 370 | * Merged coding style cleanups from James Morris. |
| 371 | |
| 372 | 1.0 2003-07-11 |
| 373 | * Initial public release. |
| 374 | |