ChangeLog revision 418dbc70e8e7b6b313a0a23455d24256c6807a46
12.1.5 2011-09-15 2 * Separate tunable from boolean during compile. 3 42.1.4 2011-08-26 5 * checkpolicy: fix spacing in output message 6 72.1.3 2011-08-17 8 * add missing ; to attribute_role_def 9 *Redo filename/filesystem syntax to support filename trans 10 112.1.2 2011-08-02 12 * .gitignore changes 13 * dispol output of role trans 14 * man page update: build a module with an older policy version 15 162.1.1 2011-08-01 17 * Minor updates to filename trans rule output in dis{mod,pol} 18 192.1.0 2011-07-27 20 * Release, minor version bump 21 222.0.27 2011-07-25 23 * Add role attribute support by Harry Ciao 24 252.0.26 2011-05-16 26 * Wrap file names in filename transitions with quotes by Steve Lawrence. 27 * Allow filesystem names to start with a digit by James Carter. 28 292.0.25 2011-05-02 30 * Add support for using the last path compnent in type transitions by Eric 31 Paris. 32 * Allow single digit module versions by Daniel Walsh. 33 * Use better filename identifier for filenames by Daniel Walsh. 34 * Use #defines for dismod selections by Eric Paris. 35 362.0.24 2011-04-11 37 * Add new class field in role_transition by Harry Ciao. 38 392.0.23 2010-12-16 40 * Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock 41 422.0.22 2010-06-14 43 * Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence 44 452.0.21 2009-11-27 46 * Add long options to checkpolicy and checkmodule by Guido 47 Trentalancia <guido@trentalancia.com> 48 492.0.20 2009-10-14 50 * Add support for building Xen policies from Paul Nuzzi. 51 522.0.19 2009-02-18 53 * Fix alias field in module format, caused by boundary format change 54 from Caleb Case. 55 562.0.18 2008-10-14 57 * Properly escape regex symbols in the lexer from Stephen Smalley. 58 592.0.17 2008-10-09 60 * Add bounds support from KaiGai Kohei. 61 622.0.16 2008-05-27 63 * Update checkpolicy for user and role mapping support from Joshua Brindle. 64 652.0.15 2008-05-05 66 * Fix for policy module versions that look like IPv4 addresses from Jim Carter. 67 Resolves bug 444451. 68 692.0.14 2008-03-24 70 * Add permissive domain support from Eric Paris. 71 722.0.13 2008-03-05 73 * Split out non-grammar parts of policy_parse.yacc into 74 policy_define.c and policy_define.h from Todd C. Miller. 75 762.0.12 2008-03-04 77 * Initialize struct policy_file before using it, from Todd C. Miller. 78 792.0.11 2008-03-03 80 * Remove unused define, move variable out of .y file, simplify COND_ERR, from Todd C. Miller. 81 822.0.10 2008-02-28 83 * Use yyerror2() where appropriate from Todd C. Miller. 84 852.0.9 2008-02-04 86 * Update dispol for libsepol avtab changes from Stephen Smalley. 87 882.0.8 2008-01-24 89 * Deprecate role dominance in parser. 90 912.0.7 2008-01-02 92 * Added support for policy capabilities from Todd Miller. 93 942.0.6 2007-11-15 95 * Initialize the source file name from the command line argument so that checkpolicy/checkmodule report something more useful than "unknown source". 96 972.0.5 2007-11-01 98 * Merged remove use of REJECT and trailing context in lex rules; make ipv4 address parsing like ipv6 from James Carter. 99 1002.0.4 2007-09-18 101 * Merged handle unknown policydb flag support from Eric Paris. 102 Adds new command line options -U {allow, reject, deny} for selecting 103 the flag when a base module or kernel policy is built. 104 1052.0.3 2007-05-31 106 * Merged fix for segfault on duplicate require of sensitivity from Caleb Case. 107 * Merged fix for dead URLs in checkpolicy man pages from Dan Walsh. 108 1092.0.2 2007-04-12 110 * Merged checkmodule man page fix from Dan Walsh. 111 1122.0.1 2007-02-20 113 * Merged patch to allow dots in class identifiers from Caleb Case. 114 1152.0.0 2007-02-01 116 * Merged patch to use new libsepol error codes by Karl MacMillan. 117 1181.34.0 2007-01-18 119 * Updated version for stable branch. 120 1211.33.1 2006-11-13 122 * Collapse user identifiers and identifiers together. 123 1241.32 2006-10-17 125 * Updated version for release. 126 1271.30.12 2006-09-28 128 * Merged user and range_transition support for modules from 129 Darrel Goeddel 130 1311.30.11 2006-09-05 132 * merged range_transition enhancements and user module format 133 changes from Darrel Goeddel 134 1351.30.10 2006-08-03 136 * Merged symtab datum patch from Karl MacMillan. 137 1381.30.9 2006-06-29 139 * Lindent. 140 1411.30.8 2006-06-29 142 * Merged patch to remove TE rule conflict checking from the parser 143 from Joshua Brindle. This can only be done properly by the 144 expander. 145 1461.30.7 2006-06-27 147 * Merged patch to make checkpolicy/checkmodule handling of 148 duplicate/conflicting TE rules the same as the expander 149 from Joshua Brindle. 150 1511.30.6 2006-06-26 152 * Merged optionals in base take 2 patch set from Joshua Brindle. 153 1541.30.5 2006-05-05 155 * Merged compiler cleanup patch from Karl MacMillan. 156 * Merged fix warnings patch from Karl MacMillan. 157 1581.30.4 2006-04-05 159 * Changed require_class to reject permissions that have not been 160 declared if building a base module. 161 1621.30.3 2006-03-28 163 * Fixed checkmodule to call link_modules prior to expand_module 164 to handle optionals. 165 1661.30.2 2006-03-28 167 * Fixed require_class to avoid shadowing permissions already defined 168 in an inherited common definition. 169 1701.30.1 2006-03-22 171 * Moved processing of role and user require statements to 2nd pass. 172 1731.30 2006-03-14 174 * Updated version for release. 175 1761.29.5 2006-03-09 177 * Fixed bug in role dominance (define_role_dom). 178 1791.29.4 2006-02-14 180 * Added a check for failure to declare each sensitivity in 181 a level definition. 182 1831.29.3 2006-02-13 184 * Changed to clone level data for aliased sensitivities to 185 avoid double free upon sens_destroy. Bug reported by Kevin 186 Carr of Tresys Technology. 187 1881.29.2 2006-02-13 189 * Merged optionals in base patch from Joshua Brindle. 190 1911.29.1 2006-02-01 192 * Merged sepol_av_to_string patch from Joshua Brindle. 193 1941.28 2005-12-07 195 * Updated version for release. 196 1971.27.20 2005-12-02 198 * Merged checkmodule man page from Dan Walsh, and edited it. 199 2001.27.19 2005-12-01 201 * Added error checking of all ebitmap_set_bit calls for out of 202 memory conditions. 203 2041.27.18 2005-12-01 205 * Merged removal of compatibility handling of netlink classes 206 (requirement that policies with newer versions include the 207 netlink class definitions, remapping of fine-grained netlink 208 classes in newer source policies to single netlink class when 209 generating older policies) from George Coker. 210 2111.27.17 2005-10-25 212 * Merged dismod fix from Joshua Brindle. 213 2141.27.16 2005-10-20 215 * Removed obsolete cond_check_type_rules() function and call and 216 cond_optimize_lists() call from checkpolicy.c; these are handled 217 during parsing and expansion now. 218 2191.27.15 2005-10-19 220 * Updated calls to expand_module for interface change. 221 2221.27.14 2005-10-19 223 * Changed checkmodule to verify that expand_module succeeds 224 when building base modules. 225 2261.27.13 2005-10-19 227 * Merged module compiler fixes from Joshua Brindle. 228 2291.27.12 2005-10-19 230 * Removed direct calls to hierarchy_check_constraints() and 231 check_assertions() from checkpolicy since they are now called 232 internally by expand_module(). 233 2341.27.11 2005-10-18 235 * Updated for changes to sepol policydb_index_others interface. 236 2371.27.10 2005-10-17 238 * Updated for changes to sepol expand_module and link_modules interfaces. 239 2401.27.9 2005-10-13 241 * Merged support for require blocks inside conditionals from 242 Joshua Brindle (Tresys). 243 2441.27.8 2005-10-06 245 * Updated for changes to libsepol. 246 2471.27.7 2005-10-05 248 * Merged several bug fixes from Joshua Brindle (Tresys). 249 2501.27.6 2005-10-03 251 * Merged MLS in modules patch from Joshua Brindle (Tresys). 252 2531.27.5 2005-09-28 254 * Merged error handling improvement in checkmodule from Karl MacMillan (Tresys). 255 2561.27.4 2005-09-26 257 * Merged bugfix for dup role transition error messages from 258 Karl MacMillan (Tresys). 259 2601.27.3 2005-09-23 261 * Merged policyver/modulever patches from Joshua Brindle (Tresys). 262 2631.27.2 2005-09-20 264 * Fixed parse_categories handling of undefined category. 265 2661.27.1 2005-09-16 267 * Merged bug fix for role dominance handling from Darrel Goeddel (TCS). 268 2691.26 2005-09-06 270 * Updated version for release. 271 2721.25.12 2005-08-22 273 * Fixed handling of validatetrans constraint expressions. 274 Bug reported by Dan Walsh for checkpolicy -M. 275 2761.25.11 2005-08-18 277 * Merged use-after-free fix from Serge Hallyn (IBM). 278 Bug found by Coverity. 279 2801.25.10 2005-08-15 281 * Fixed further memory leaks found by valgrind. 282 2831.25.9 2005-08-15 284 * Changed checkpolicy to destroy the policydbs prior to exit 285 to allow leak detection. 286 * Fixed several memory leaks found by valgrind. 287 2881.25.8 2005-08-11 289 * Updated checkpolicy and dispol for the new avtab format. 290 Converted users of ebitmaps to new inline operators. 291 Note: The binary policy format version has been incremented to 292 version 20 as a result of these changes. To build a policy 293 for a kernel that does not yet include these changes, use 294 the -c 19 option to checkpolicy. 295 2961.25.7 2005-08-11 297 * Merged patch to prohibit use of "self" as a type name from Jason Tang (Tresys). 298 2991.25.6 2005-08-10 300 * Merged patch to fix dismod compilation from Joshua Brindle (Tresys). 301 3021.25.5 2005-08-09 303 * Fixed call to hierarchy checking code to pass the right policydb. 304 3051.25.4 2005-08-02 306 * Merged patch to update dismod for the relocation of the 307 module read/write code from libsemanage to libsepol, and 308 to enable build of test subdirectory from Jason Tang (Tresys). 309 3101.25.3 2005-07-18 311 * Merged hierarchy check fix from Joshua Brindle (Tresys). 312 3131.25.2 2005-07-06 314 * Merged loadable module support from Tresys Technology. 315 3161.25.1 2005-06-24 317 * Merged patch to prohibit the use of * and ~ in type sets 318 (other than in neverallow statements) and in role sets 319 from Joshua Brindle (Tresys). 320 3211.24 2005-06-20 322 * Updated version for release. 323 3241.23.4 2005-05-19 325 * Merged cleanup patch from Dan Walsh. 326 3271.23.3 2005-05-13 328 * Added sepol_ prefix to Flask types to avoid namespace 329 collision with libselinux. 330 3311.23.2 2005-04-29 332 * Merged identifier fix from Joshua Brindle (Tresys). 333 3341.23.1 2005-04-13 335 * Merged hierarchical type/role patch from Tresys Technology. 336 * Merged MLS fixes from Darrel Goeddel of TCS. 337 3381.22 2005-03-09 339 * Updated version for release. 340 3411.21.4 2005-02-17 342 * Moved genpolusers utility to libsepol. 343 * Merged range_transition support from Darrel Goeddel (TCS). 344 3451.21.3 2005-02-16 346 * Merged define_user() cleanup patch from Darrel Goeddel (TCS). 347 3481.21.2 2005-02-09 349 * Changed relabel Makefile target to use restorecon. 350 3511.21.1 2005-01-26 352 * Merged enhanced MLS support from Darrel Goeddel (TCS). 353 3541.20 2005-01-04 355 * Merged typeattribute statement patch from Darrel Goeddel of TCS. 356 * Changed genpolusers to handle multiple user config files. 357 * Merged nodecon ordering patch from Chad Hanson of TCS. 358 3591.18 2004-10-07 360 * MLS build fix. 361 * Fixed Makefile dependencies (Chris PeBenito). 362 * Merged fix for role dominance ordering issue from Chad Hanson of TCS. 363 * Preserve portcon ordering and apply more checking. 364 3651.16 2004-08-13 366 * Allow empty conditional clauses. 367 * Moved genpolbools utility to libsepol. 368 * Updated for libsepol set functions. 369 * Changed to link with libsepol.a. 370 * Moved core functionality into libsepol. 371 * Merged bug fix for conditional self handling from Karl MacMillan, Dave Caplan, and Joshua Brindle of Tresys. 372 * Added genpolusers program. 373 * Fixed bug in checkpolicy conditional code. 374 3751.14 2004-06-28 376 * Merged fix for MLS logic from Daniel Thayer of TCS. 377 * Require semicolon terminator for typealias statement. 378 3791.12 2004-06-16 380 * Merged fine-grained netlink class support. 381 3821.10 2004-04-07 383 * Merged ipv6 support from James Morris of RedHat. 384 * Fixed compute_av bug discovered by Chad Hanson of TCS. 385 3861.8 2004-03-09 387 * Merged policydb MLS patch from Chad Hanson of TCS. 388 * Fixed mmap of policy file. 389 3901.6 2004-02-18 391 * Merged conditional policy extensions from Tresys Technology. 392 * Added typealias declaration support per Russell Coker's request. 393 * Added support for excluding types from type sets based on 394 a patch by David Caplan, but reimplemented as a change to the 395 policy grammar. 396 * Merged patch from Colin Walters to report source file name and line 397 number for errors when available. 398 * Un-deprecated role transitions. 399 4001.4 2003-12-01 401 * Regenerated headers. 402 * Merged patches from Bastian Blank and Joerg Hoh. 403 4041.2 2003-09-30 405 * Merged MLS build patch from Karl MacMillan of Tresys. 406 * Merged checkpolicy man page from Magosanyi Arpad. 407 4081.1 2003-08-13 409 * Fixed endian bug in policydb_write for behavior value. 410 * License -> GPL. 411 * Merged coding style cleanups from James Morris. 412 4131.0 2003-07-11 414 * Initial public release. 415 416