ChangeLog revision 07e75a9cc711b46e4c691defbb570624d2c5b2d7
12.4-rc6 2014-08-26 2 * Fix bugs found by hardened gcc flags, from Nicolas Iooss. 3 * Add missing semicolon in cond_else parser rule, from Steven Capelli 4 52.3 2014-05-06 6 * Add Android support for building dispol. 7 * Report source file and line information for neverallow failures. 8 * Prevent incompatible option combinations for checkmodule. 9 * Drop -lselinux from LDLIBS for test programs; not used. 10 * Add debug feature to display constraints/validatetrans from Richard Haines. 11 122.2 2013-10-30 13 * Fix hyphen usage in man pages from Laurent Bigonville. 14 * handle-unknown / -U required argument fix from Laurent Bigonville. 15 * Support overriding Makefile PATH and LIBDIR from Laurent Bigonville. 16 * Support space and : in filenames from Dan Walsh. 17 182.1.12 2013-02-01 19 * Fix errors found by coverity 20 * implement default type policy syntax 21 * Free allocated memory when clean up / exit. 22 232.1.11 2012-09-13 24 * fd leak reading policy 25 * check return code on ebitmap_set_bit 26 272.1.10 2012-06-28 28 * sepolgen: We need to support files that have a + in them 29 * Android/MacOS X build support 30 312.1.9 2012-03-28 32 * implement new default labeling behaviors for usr, role, range 33 * Fix dead links to www.nsa.gov/selinux 34 352.1.8 2011-12-21 36 * add new helper to translate class sets into bitmaps 37 382.1.7 2011-12-05 39 * dis* fixed signed vs unsigned errors 40 * dismod: fix unused parameter errors 41 * test: Makefile: include -W and -Werror 42 * allow ~ in filename transition rules 43 442.1.6 2011-11-03 45 * Revert "checkpolicy: Redo filename/filesystem syntax to support filename trans rules" 46 * drop libsepol dynamic link in checkpolicy 47 482.1.5 2011-09-15 49 * Separate tunable from boolean during compile. 50 512.1.4 2011-08-26 52 * checkpolicy: fix spacing in output message 53 542.1.3 2011-08-17 55 * add missing ; to attribute_role_def 56 *Redo filename/filesystem syntax to support filename trans 57 582.1.2 2011-08-02 59 * .gitignore changes 60 * dispol output of role trans 61 * man page update: build a module with an older policy version 62 632.1.1 2011-08-01 64 * Minor updates to filename trans rule output in dis{mod,pol} 65 662.1.0 2011-07-27 67 * Release, minor version bump 68 692.0.27 2011-07-25 70 * Add role attribute support by Harry Ciao 71 722.0.26 2011-05-16 73 * Wrap file names in filename transitions with quotes by Steve Lawrence. 74 * Allow filesystem names to start with a digit by James Carter. 75 762.0.25 2011-05-02 77 * Add support for using the last path compnent in type transitions by Eric 78 Paris. 79 * Allow single digit module versions by Daniel Walsh. 80 * Use better filename identifier for filenames by Daniel Walsh. 81 * Use #defines for dismod selections by Eric Paris. 82 832.0.24 2011-04-11 84 * Add new class field in role_transition by Harry Ciao. 85 862.0.23 2010-12-16 87 * Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock 88 892.0.22 2010-06-14 90 * Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence 91 922.0.21 2009-11-27 93 * Add long options to checkpolicy and checkmodule by Guido 94 Trentalancia <guido@trentalancia.com> 95 962.0.20 2009-10-14 97 * Add support for building Xen policies from Paul Nuzzi. 98 992.0.19 2009-02-18 100 * Fix alias field in module format, caused by boundary format change 101 from Caleb Case. 102 1032.0.18 2008-10-14 104 * Properly escape regex symbols in the lexer from Stephen Smalley. 105 1062.0.17 2008-10-09 107 * Add bounds support from KaiGai Kohei. 108 1092.0.16 2008-05-27 110 * Update checkpolicy for user and role mapping support from Joshua Brindle. 111 1122.0.15 2008-05-05 113 * Fix for policy module versions that look like IPv4 addresses from Jim Carter. 114 Resolves bug 444451. 115 1162.0.14 2008-03-24 117 * Add permissive domain support from Eric Paris. 118 1192.0.13 2008-03-05 120 * Split out non-grammar parts of policy_parse.yacc into 121 policy_define.c and policy_define.h from Todd C. Miller. 122 1232.0.12 2008-03-04 124 * Initialize struct policy_file before using it, from Todd C. Miller. 125 1262.0.11 2008-03-03 127 * Remove unused define, move variable out of .y file, simplify COND_ERR, from Todd C. Miller. 128 1292.0.10 2008-02-28 130 * Use yyerror2() where appropriate from Todd C. Miller. 131 1322.0.9 2008-02-04 133 * Update dispol for libsepol avtab changes from Stephen Smalley. 134 1352.0.8 2008-01-24 136 * Deprecate role dominance in parser. 137 1382.0.7 2008-01-02 139 * Added support for policy capabilities from Todd Miller. 140 1412.0.6 2007-11-15 142 * Initialize the source file name from the command line argument so that checkpolicy/checkmodule report something more useful than "unknown source". 143 1442.0.5 2007-11-01 145 * Merged remove use of REJECT and trailing context in lex rules; make ipv4 address parsing like ipv6 from James Carter. 146 1472.0.4 2007-09-18 148 * Merged handle unknown policydb flag support from Eric Paris. 149 Adds new command line options -U {allow, reject, deny} for selecting 150 the flag when a base module or kernel policy is built. 151 1522.0.3 2007-05-31 153 * Merged fix for segfault on duplicate require of sensitivity from Caleb Case. 154 * Merged fix for dead URLs in checkpolicy man pages from Dan Walsh. 155 1562.0.2 2007-04-12 157 * Merged checkmodule man page fix from Dan Walsh. 158 1592.0.1 2007-02-20 160 * Merged patch to allow dots in class identifiers from Caleb Case. 161 1622.0.0 2007-02-01 163 * Merged patch to use new libsepol error codes by Karl MacMillan. 164 1651.34.0 2007-01-18 166 * Updated version for stable branch. 167 1681.33.1 2006-11-13 169 * Collapse user identifiers and identifiers together. 170 1711.32 2006-10-17 172 * Updated version for release. 173 1741.30.12 2006-09-28 175 * Merged user and range_transition support for modules from 176 Darrel Goeddel 177 1781.30.11 2006-09-05 179 * merged range_transition enhancements and user module format 180 changes from Darrel Goeddel 181 1821.30.10 2006-08-03 183 * Merged symtab datum patch from Karl MacMillan. 184 1851.30.9 2006-06-29 186 * Lindent. 187 1881.30.8 2006-06-29 189 * Merged patch to remove TE rule conflict checking from the parser 190 from Joshua Brindle. This can only be done properly by the 191 expander. 192 1931.30.7 2006-06-27 194 * Merged patch to make checkpolicy/checkmodule handling of 195 duplicate/conflicting TE rules the same as the expander 196 from Joshua Brindle. 197 1981.30.6 2006-06-26 199 * Merged optionals in base take 2 patch set from Joshua Brindle. 200 2011.30.5 2006-05-05 202 * Merged compiler cleanup patch from Karl MacMillan. 203 * Merged fix warnings patch from Karl MacMillan. 204 2051.30.4 2006-04-05 206 * Changed require_class to reject permissions that have not been 207 declared if building a base module. 208 2091.30.3 2006-03-28 210 * Fixed checkmodule to call link_modules prior to expand_module 211 to handle optionals. 212 2131.30.2 2006-03-28 214 * Fixed require_class to avoid shadowing permissions already defined 215 in an inherited common definition. 216 2171.30.1 2006-03-22 218 * Moved processing of role and user require statements to 2nd pass. 219 2201.30 2006-03-14 221 * Updated version for release. 222 2231.29.5 2006-03-09 224 * Fixed bug in role dominance (define_role_dom). 225 2261.29.4 2006-02-14 227 * Added a check for failure to declare each sensitivity in 228 a level definition. 229 2301.29.3 2006-02-13 231 * Changed to clone level data for aliased sensitivities to 232 avoid double free upon sens_destroy. Bug reported by Kevin 233 Carr of Tresys Technology. 234 2351.29.2 2006-02-13 236 * Merged optionals in base patch from Joshua Brindle. 237 2381.29.1 2006-02-01 239 * Merged sepol_av_to_string patch from Joshua Brindle. 240 2411.28 2005-12-07 242 * Updated version for release. 243 2441.27.20 2005-12-02 245 * Merged checkmodule man page from Dan Walsh, and edited it. 246 2471.27.19 2005-12-01 248 * Added error checking of all ebitmap_set_bit calls for out of 249 memory conditions. 250 2511.27.18 2005-12-01 252 * Merged removal of compatibility handling of netlink classes 253 (requirement that policies with newer versions include the 254 netlink class definitions, remapping of fine-grained netlink 255 classes in newer source policies to single netlink class when 256 generating older policies) from George Coker. 257 2581.27.17 2005-10-25 259 * Merged dismod fix from Joshua Brindle. 260 2611.27.16 2005-10-20 262 * Removed obsolete cond_check_type_rules() function and call and 263 cond_optimize_lists() call from checkpolicy.c; these are handled 264 during parsing and expansion now. 265 2661.27.15 2005-10-19 267 * Updated calls to expand_module for interface change. 268 2691.27.14 2005-10-19 270 * Changed checkmodule to verify that expand_module succeeds 271 when building base modules. 272 2731.27.13 2005-10-19 274 * Merged module compiler fixes from Joshua Brindle. 275 2761.27.12 2005-10-19 277 * Removed direct calls to hierarchy_check_constraints() and 278 check_assertions() from checkpolicy since they are now called 279 internally by expand_module(). 280 2811.27.11 2005-10-18 282 * Updated for changes to sepol policydb_index_others interface. 283 2841.27.10 2005-10-17 285 * Updated for changes to sepol expand_module and link_modules interfaces. 286 2871.27.9 2005-10-13 288 * Merged support for require blocks inside conditionals from 289 Joshua Brindle (Tresys). 290 2911.27.8 2005-10-06 292 * Updated for changes to libsepol. 293 2941.27.7 2005-10-05 295 * Merged several bug fixes from Joshua Brindle (Tresys). 296 2971.27.6 2005-10-03 298 * Merged MLS in modules patch from Joshua Brindle (Tresys). 299 3001.27.5 2005-09-28 301 * Merged error handling improvement in checkmodule from Karl MacMillan (Tresys). 302 3031.27.4 2005-09-26 304 * Merged bugfix for dup role transition error messages from 305 Karl MacMillan (Tresys). 306 3071.27.3 2005-09-23 308 * Merged policyver/modulever patches from Joshua Brindle (Tresys). 309 3101.27.2 2005-09-20 311 * Fixed parse_categories handling of undefined category. 312 3131.27.1 2005-09-16 314 * Merged bug fix for role dominance handling from Darrel Goeddel (TCS). 315 3161.26 2005-09-06 317 * Updated version for release. 318 3191.25.12 2005-08-22 320 * Fixed handling of validatetrans constraint expressions. 321 Bug reported by Dan Walsh for checkpolicy -M. 322 3231.25.11 2005-08-18 324 * Merged use-after-free fix from Serge Hallyn (IBM). 325 Bug found by Coverity. 326 3271.25.10 2005-08-15 328 * Fixed further memory leaks found by valgrind. 329 3301.25.9 2005-08-15 331 * Changed checkpolicy to destroy the policydbs prior to exit 332 to allow leak detection. 333 * Fixed several memory leaks found by valgrind. 334 3351.25.8 2005-08-11 336 * Updated checkpolicy and dispol for the new avtab format. 337 Converted users of ebitmaps to new inline operators. 338 Note: The binary policy format version has been incremented to 339 version 20 as a result of these changes. To build a policy 340 for a kernel that does not yet include these changes, use 341 the -c 19 option to checkpolicy. 342 3431.25.7 2005-08-11 344 * Merged patch to prohibit use of "self" as a type name from Jason Tang (Tresys). 345 3461.25.6 2005-08-10 347 * Merged patch to fix dismod compilation from Joshua Brindle (Tresys). 348 3491.25.5 2005-08-09 350 * Fixed call to hierarchy checking code to pass the right policydb. 351 3521.25.4 2005-08-02 353 * Merged patch to update dismod for the relocation of the 354 module read/write code from libsemanage to libsepol, and 355 to enable build of test subdirectory from Jason Tang (Tresys). 356 3571.25.3 2005-07-18 358 * Merged hierarchy check fix from Joshua Brindle (Tresys). 359 3601.25.2 2005-07-06 361 * Merged loadable module support from Tresys Technology. 362 3631.25.1 2005-06-24 364 * Merged patch to prohibit the use of * and ~ in type sets 365 (other than in neverallow statements) and in role sets 366 from Joshua Brindle (Tresys). 367 3681.24 2005-06-20 369 * Updated version for release. 370 3711.23.4 2005-05-19 372 * Merged cleanup patch from Dan Walsh. 373 3741.23.3 2005-05-13 375 * Added sepol_ prefix to Flask types to avoid namespace 376 collision with libselinux. 377 3781.23.2 2005-04-29 379 * Merged identifier fix from Joshua Brindle (Tresys). 380 3811.23.1 2005-04-13 382 * Merged hierarchical type/role patch from Tresys Technology. 383 * Merged MLS fixes from Darrel Goeddel of TCS. 384 3851.22 2005-03-09 386 * Updated version for release. 387 3881.21.4 2005-02-17 389 * Moved genpolusers utility to libsepol. 390 * Merged range_transition support from Darrel Goeddel (TCS). 391 3921.21.3 2005-02-16 393 * Merged define_user() cleanup patch from Darrel Goeddel (TCS). 394 3951.21.2 2005-02-09 396 * Changed relabel Makefile target to use restorecon. 397 3981.21.1 2005-01-26 399 * Merged enhanced MLS support from Darrel Goeddel (TCS). 400 4011.20 2005-01-04 402 * Merged typeattribute statement patch from Darrel Goeddel of TCS. 403 * Changed genpolusers to handle multiple user config files. 404 * Merged nodecon ordering patch from Chad Hanson of TCS. 405 4061.18 2004-10-07 407 * MLS build fix. 408 * Fixed Makefile dependencies (Chris PeBenito). 409 * Merged fix for role dominance ordering issue from Chad Hanson of TCS. 410 * Preserve portcon ordering and apply more checking. 411 4121.16 2004-08-13 413 * Allow empty conditional clauses. 414 * Moved genpolbools utility to libsepol. 415 * Updated for libsepol set functions. 416 * Changed to link with libsepol.a. 417 * Moved core functionality into libsepol. 418 * Merged bug fix for conditional self handling from Karl MacMillan, Dave Caplan, and Joshua Brindle of Tresys. 419 * Added genpolusers program. 420 * Fixed bug in checkpolicy conditional code. 421 4221.14 2004-06-28 423 * Merged fix for MLS logic from Daniel Thayer of TCS. 424 * Require semicolon terminator for typealias statement. 425 4261.12 2004-06-16 427 * Merged fine-grained netlink class support. 428 4291.10 2004-04-07 430 * Merged ipv6 support from James Morris of RedHat. 431 * Fixed compute_av bug discovered by Chad Hanson of TCS. 432 4331.8 2004-03-09 434 * Merged policydb MLS patch from Chad Hanson of TCS. 435 * Fixed mmap of policy file. 436 4371.6 2004-02-18 438 * Merged conditional policy extensions from Tresys Technology. 439 * Added typealias declaration support per Russell Coker's request. 440 * Added support for excluding types from type sets based on 441 a patch by David Caplan, but reimplemented as a change to the 442 policy grammar. 443 * Merged patch from Colin Walters to report source file name and line 444 number for errors when available. 445 * Un-deprecated role transitions. 446 4471.4 2003-12-01 448 * Regenerated headers. 449 * Merged patches from Bastian Blank and Joerg Hoh. 450 4511.2 2003-09-30 452 * Merged MLS build patch from Karl MacMillan of Tresys. 453 * Merged checkpolicy man page from Magosanyi Arpad. 454 4551.1 2003-08-13 456 * Fixed endian bug in policydb_write for behavior value. 457 * License -> GPL. 458 * Merged coding style cleanups from James Morris. 459 4601.0 2003-07-11 461 * Initial public release. 462 463