12.2 2013-10-30 2 * Fix hyphen usage in man pages from Laurent Bigonville. 3 * handle-unknown / -U required argument fix from Laurent Bigonville. 4 * Support overriding Makefile PATH and LIBDIR from Laurent Bigonville. 5 * Support space and : in filenames from Dan Walsh. 6 72.1.12 2013-02-01 8 * Fix errors found by coverity 9 * implement default type policy syntax 10 * Free allocated memory when clean up / exit. 11 122.1.11 2012-09-13 13 * fd leak reading policy 14 * check return code on ebitmap_set_bit 15 162.1.10 2012-06-28 17 * sepolgen: We need to support files that have a + in them 18 * Android/MacOS X build support 19 202.1.9 2012-03-28 21 * implement new default labeling behaviors for usr, role, range 22 * Fix dead links to www.nsa.gov/selinux 23 242.1.8 2011-12-21 25 * add new helper to translate class sets into bitmaps 26 272.1.7 2011-12-05 28 * dis* fixed signed vs unsigned errors 29 * dismod: fix unused parameter errors 30 * test: Makefile: include -W and -Werror 31 * allow ~ in filename transition rules 32 332.1.6 2011-11-03 34 * Revert "checkpolicy: Redo filename/filesystem syntax to support filename trans rules" 35 * drop libsepol dynamic link in checkpolicy 36 372.1.5 2011-09-15 38 * Separate tunable from boolean during compile. 39 402.1.4 2011-08-26 41 * checkpolicy: fix spacing in output message 42 432.1.3 2011-08-17 44 * add missing ; to attribute_role_def 45 *Redo filename/filesystem syntax to support filename trans 46 472.1.2 2011-08-02 48 * .gitignore changes 49 * dispol output of role trans 50 * man page update: build a module with an older policy version 51 522.1.1 2011-08-01 53 * Minor updates to filename trans rule output in dis{mod,pol} 54 552.1.0 2011-07-27 56 * Release, minor version bump 57 582.0.27 2011-07-25 59 * Add role attribute support by Harry Ciao 60 612.0.26 2011-05-16 62 * Wrap file names in filename transitions with quotes by Steve Lawrence. 63 * Allow filesystem names to start with a digit by James Carter. 64 652.0.25 2011-05-02 66 * Add support for using the last path compnent in type transitions by Eric 67 Paris. 68 * Allow single digit module versions by Daniel Walsh. 69 * Use better filename identifier for filenames by Daniel Walsh. 70 * Use #defines for dismod selections by Eric Paris. 71 722.0.24 2011-04-11 73 * Add new class field in role_transition by Harry Ciao. 74 752.0.23 2010-12-16 76 * Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock 77 782.0.22 2010-06-14 79 * Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence 80 812.0.21 2009-11-27 82 * Add long options to checkpolicy and checkmodule by Guido 83 Trentalancia <guido@trentalancia.com> 84 852.0.20 2009-10-14 86 * Add support for building Xen policies from Paul Nuzzi. 87 882.0.19 2009-02-18 89 * Fix alias field in module format, caused by boundary format change 90 from Caleb Case. 91 922.0.18 2008-10-14 93 * Properly escape regex symbols in the lexer from Stephen Smalley. 94 952.0.17 2008-10-09 96 * Add bounds support from KaiGai Kohei. 97 982.0.16 2008-05-27 99 * Update checkpolicy for user and role mapping support from Joshua Brindle. 100 1012.0.15 2008-05-05 102 * Fix for policy module versions that look like IPv4 addresses from Jim Carter. 103 Resolves bug 444451. 104 1052.0.14 2008-03-24 106 * Add permissive domain support from Eric Paris. 107 1082.0.13 2008-03-05 109 * Split out non-grammar parts of policy_parse.yacc into 110 policy_define.c and policy_define.h from Todd C. Miller. 111 1122.0.12 2008-03-04 113 * Initialize struct policy_file before using it, from Todd C. Miller. 114 1152.0.11 2008-03-03 116 * Remove unused define, move variable out of .y file, simplify COND_ERR, from Todd C. Miller. 117 1182.0.10 2008-02-28 119 * Use yyerror2() where appropriate from Todd C. Miller. 120 1212.0.9 2008-02-04 122 * Update dispol for libsepol avtab changes from Stephen Smalley. 123 1242.0.8 2008-01-24 125 * Deprecate role dominance in parser. 126 1272.0.7 2008-01-02 128 * Added support for policy capabilities from Todd Miller. 129 1302.0.6 2007-11-15 131 * Initialize the source file name from the command line argument so that checkpolicy/checkmodule report something more useful than "unknown source". 132 1332.0.5 2007-11-01 134 * Merged remove use of REJECT and trailing context in lex rules; make ipv4 address parsing like ipv6 from James Carter. 135 1362.0.4 2007-09-18 137 * Merged handle unknown policydb flag support from Eric Paris. 138 Adds new command line options -U {allow, reject, deny} for selecting 139 the flag when a base module or kernel policy is built. 140 1412.0.3 2007-05-31 142 * Merged fix for segfault on duplicate require of sensitivity from Caleb Case. 143 * Merged fix for dead URLs in checkpolicy man pages from Dan Walsh. 144 1452.0.2 2007-04-12 146 * Merged checkmodule man page fix from Dan Walsh. 147 1482.0.1 2007-02-20 149 * Merged patch to allow dots in class identifiers from Caleb Case. 150 1512.0.0 2007-02-01 152 * Merged patch to use new libsepol error codes by Karl MacMillan. 153 1541.34.0 2007-01-18 155 * Updated version for stable branch. 156 1571.33.1 2006-11-13 158 * Collapse user identifiers and identifiers together. 159 1601.32 2006-10-17 161 * Updated version for release. 162 1631.30.12 2006-09-28 164 * Merged user and range_transition support for modules from 165 Darrel Goeddel 166 1671.30.11 2006-09-05 168 * merged range_transition enhancements and user module format 169 changes from Darrel Goeddel 170 1711.30.10 2006-08-03 172 * Merged symtab datum patch from Karl MacMillan. 173 1741.30.9 2006-06-29 175 * Lindent. 176 1771.30.8 2006-06-29 178 * Merged patch to remove TE rule conflict checking from the parser 179 from Joshua Brindle. This can only be done properly by the 180 expander. 181 1821.30.7 2006-06-27 183 * Merged patch to make checkpolicy/checkmodule handling of 184 duplicate/conflicting TE rules the same as the expander 185 from Joshua Brindle. 186 1871.30.6 2006-06-26 188 * Merged optionals in base take 2 patch set from Joshua Brindle. 189 1901.30.5 2006-05-05 191 * Merged compiler cleanup patch from Karl MacMillan. 192 * Merged fix warnings patch from Karl MacMillan. 193 1941.30.4 2006-04-05 195 * Changed require_class to reject permissions that have not been 196 declared if building a base module. 197 1981.30.3 2006-03-28 199 * Fixed checkmodule to call link_modules prior to expand_module 200 to handle optionals. 201 2021.30.2 2006-03-28 203 * Fixed require_class to avoid shadowing permissions already defined 204 in an inherited common definition. 205 2061.30.1 2006-03-22 207 * Moved processing of role and user require statements to 2nd pass. 208 2091.30 2006-03-14 210 * Updated version for release. 211 2121.29.5 2006-03-09 213 * Fixed bug in role dominance (define_role_dom). 214 2151.29.4 2006-02-14 216 * Added a check for failure to declare each sensitivity in 217 a level definition. 218 2191.29.3 2006-02-13 220 * Changed to clone level data for aliased sensitivities to 221 avoid double free upon sens_destroy. Bug reported by Kevin 222 Carr of Tresys Technology. 223 2241.29.2 2006-02-13 225 * Merged optionals in base patch from Joshua Brindle. 226 2271.29.1 2006-02-01 228 * Merged sepol_av_to_string patch from Joshua Brindle. 229 2301.28 2005-12-07 231 * Updated version for release. 232 2331.27.20 2005-12-02 234 * Merged checkmodule man page from Dan Walsh, and edited it. 235 2361.27.19 2005-12-01 237 * Added error checking of all ebitmap_set_bit calls for out of 238 memory conditions. 239 2401.27.18 2005-12-01 241 * Merged removal of compatibility handling of netlink classes 242 (requirement that policies with newer versions include the 243 netlink class definitions, remapping of fine-grained netlink 244 classes in newer source policies to single netlink class when 245 generating older policies) from George Coker. 246 2471.27.17 2005-10-25 248 * Merged dismod fix from Joshua Brindle. 249 2501.27.16 2005-10-20 251 * Removed obsolete cond_check_type_rules() function and call and 252 cond_optimize_lists() call from checkpolicy.c; these are handled 253 during parsing and expansion now. 254 2551.27.15 2005-10-19 256 * Updated calls to expand_module for interface change. 257 2581.27.14 2005-10-19 259 * Changed checkmodule to verify that expand_module succeeds 260 when building base modules. 261 2621.27.13 2005-10-19 263 * Merged module compiler fixes from Joshua Brindle. 264 2651.27.12 2005-10-19 266 * Removed direct calls to hierarchy_check_constraints() and 267 check_assertions() from checkpolicy since they are now called 268 internally by expand_module(). 269 2701.27.11 2005-10-18 271 * Updated for changes to sepol policydb_index_others interface. 272 2731.27.10 2005-10-17 274 * Updated for changes to sepol expand_module and link_modules interfaces. 275 2761.27.9 2005-10-13 277 * Merged support for require blocks inside conditionals from 278 Joshua Brindle (Tresys). 279 2801.27.8 2005-10-06 281 * Updated for changes to libsepol. 282 2831.27.7 2005-10-05 284 * Merged several bug fixes from Joshua Brindle (Tresys). 285 2861.27.6 2005-10-03 287 * Merged MLS in modules patch from Joshua Brindle (Tresys). 288 2891.27.5 2005-09-28 290 * Merged error handling improvement in checkmodule from Karl MacMillan (Tresys). 291 2921.27.4 2005-09-26 293 * Merged bugfix for dup role transition error messages from 294 Karl MacMillan (Tresys). 295 2961.27.3 2005-09-23 297 * Merged policyver/modulever patches from Joshua Brindle (Tresys). 298 2991.27.2 2005-09-20 300 * Fixed parse_categories handling of undefined category. 301 3021.27.1 2005-09-16 303 * Merged bug fix for role dominance handling from Darrel Goeddel (TCS). 304 3051.26 2005-09-06 306 * Updated version for release. 307 3081.25.12 2005-08-22 309 * Fixed handling of validatetrans constraint expressions. 310 Bug reported by Dan Walsh for checkpolicy -M. 311 3121.25.11 2005-08-18 313 * Merged use-after-free fix from Serge Hallyn (IBM). 314 Bug found by Coverity. 315 3161.25.10 2005-08-15 317 * Fixed further memory leaks found by valgrind. 318 3191.25.9 2005-08-15 320 * Changed checkpolicy to destroy the policydbs prior to exit 321 to allow leak detection. 322 * Fixed several memory leaks found by valgrind. 323 3241.25.8 2005-08-11 325 * Updated checkpolicy and dispol for the new avtab format. 326 Converted users of ebitmaps to new inline operators. 327 Note: The binary policy format version has been incremented to 328 version 20 as a result of these changes. To build a policy 329 for a kernel that does not yet include these changes, use 330 the -c 19 option to checkpolicy. 331 3321.25.7 2005-08-11 333 * Merged patch to prohibit use of "self" as a type name from Jason Tang (Tresys). 334 3351.25.6 2005-08-10 336 * Merged patch to fix dismod compilation from Joshua Brindle (Tresys). 337 3381.25.5 2005-08-09 339 * Fixed call to hierarchy checking code to pass the right policydb. 340 3411.25.4 2005-08-02 342 * Merged patch to update dismod for the relocation of the 343 module read/write code from libsemanage to libsepol, and 344 to enable build of test subdirectory from Jason Tang (Tresys). 345 3461.25.3 2005-07-18 347 * Merged hierarchy check fix from Joshua Brindle (Tresys). 348 3491.25.2 2005-07-06 350 * Merged loadable module support from Tresys Technology. 351 3521.25.1 2005-06-24 353 * Merged patch to prohibit the use of * and ~ in type sets 354 (other than in neverallow statements) and in role sets 355 from Joshua Brindle (Tresys). 356 3571.24 2005-06-20 358 * Updated version for release. 359 3601.23.4 2005-05-19 361 * Merged cleanup patch from Dan Walsh. 362 3631.23.3 2005-05-13 364 * Added sepol_ prefix to Flask types to avoid namespace 365 collision with libselinux. 366 3671.23.2 2005-04-29 368 * Merged identifier fix from Joshua Brindle (Tresys). 369 3701.23.1 2005-04-13 371 * Merged hierarchical type/role patch from Tresys Technology. 372 * Merged MLS fixes from Darrel Goeddel of TCS. 373 3741.22 2005-03-09 375 * Updated version for release. 376 3771.21.4 2005-02-17 378 * Moved genpolusers utility to libsepol. 379 * Merged range_transition support from Darrel Goeddel (TCS). 380 3811.21.3 2005-02-16 382 * Merged define_user() cleanup patch from Darrel Goeddel (TCS). 383 3841.21.2 2005-02-09 385 * Changed relabel Makefile target to use restorecon. 386 3871.21.1 2005-01-26 388 * Merged enhanced MLS support from Darrel Goeddel (TCS). 389 3901.20 2005-01-04 391 * Merged typeattribute statement patch from Darrel Goeddel of TCS. 392 * Changed genpolusers to handle multiple user config files. 393 * Merged nodecon ordering patch from Chad Hanson of TCS. 394 3951.18 2004-10-07 396 * MLS build fix. 397 * Fixed Makefile dependencies (Chris PeBenito). 398 * Merged fix for role dominance ordering issue from Chad Hanson of TCS. 399 * Preserve portcon ordering and apply more checking. 400 4011.16 2004-08-13 402 * Allow empty conditional clauses. 403 * Moved genpolbools utility to libsepol. 404 * Updated for libsepol set functions. 405 * Changed to link with libsepol.a. 406 * Moved core functionality into libsepol. 407 * Merged bug fix for conditional self handling from Karl MacMillan, Dave Caplan, and Joshua Brindle of Tresys. 408 * Added genpolusers program. 409 * Fixed bug in checkpolicy conditional code. 410 4111.14 2004-06-28 412 * Merged fix for MLS logic from Daniel Thayer of TCS. 413 * Require semicolon terminator for typealias statement. 414 4151.12 2004-06-16 416 * Merged fine-grained netlink class support. 417 4181.10 2004-04-07 419 * Merged ipv6 support from James Morris of RedHat. 420 * Fixed compute_av bug discovered by Chad Hanson of TCS. 421 4221.8 2004-03-09 423 * Merged policydb MLS patch from Chad Hanson of TCS. 424 * Fixed mmap of policy file. 425 4261.6 2004-02-18 427 * Merged conditional policy extensions from Tresys Technology. 428 * Added typealias declaration support per Russell Coker's request. 429 * Added support for excluding types from type sets based on 430 a patch by David Caplan, but reimplemented as a change to the 431 policy grammar. 432 * Merged patch from Colin Walters to report source file name and line 433 number for errors when available. 434 * Un-deprecated role transitions. 435 4361.4 2003-12-01 437 * Regenerated headers. 438 * Merged patches from Bastian Blank and Joerg Hoh. 439 4401.2 2003-09-30 441 * Merged MLS build patch from Karl MacMillan of Tresys. 442 * Merged checkpolicy man page from Magosanyi Arpad. 443 4441.1 2003-08-13 445 * Fixed endian bug in policydb_write for behavior value. 446 * License -> GPL. 447 * Merged coding style cleanups from James Morris. 448 4491.0 2003-07-11 450 * Initial public release. 451 452