ChangeLog revision e9410c9b0622c05761002994dfbd0746bbe6aaf7
12.1.12 2013-02-01 2 * Fix errors found by coverity 3 * implement default type policy syntax 4 * Free allocated memory when clean up / exit. 5 62.1.11 2012-09-13 7 * fd leak reading policy 8 * check return code on ebitmap_set_bit 9 102.1.10 2012-06-28 11 * sepolgen: We need to support files that have a + in them 12 * Android/MacOS X build support 13 142.1.9 2012-03-28 15 * implement new default labeling behaviors for usr, role, range 16 * Fix dead links to www.nsa.gov/selinux 17 182.1.8 2011-12-21 19 * add new helper to translate class sets into bitmaps 20 212.1.7 2011-12-05 22 * dis* fixed signed vs unsigned errors 23 * dismod: fix unused parameter errors 24 * test: Makefile: include -W and -Werror 25 * allow ~ in filename transition rules 26 272.1.6 2011-11-03 28 * Revert "checkpolicy: Redo filename/filesystem syntax to support filename trans rules" 29 * drop libsepol dynamic link in checkpolicy 30 312.1.5 2011-09-15 32 * Separate tunable from boolean during compile. 33 342.1.4 2011-08-26 35 * checkpolicy: fix spacing in output message 36 372.1.3 2011-08-17 38 * add missing ; to attribute_role_def 39 *Redo filename/filesystem syntax to support filename trans 40 412.1.2 2011-08-02 42 * .gitignore changes 43 * dispol output of role trans 44 * man page update: build a module with an older policy version 45 462.1.1 2011-08-01 47 * Minor updates to filename trans rule output in dis{mod,pol} 48 492.1.0 2011-07-27 50 * Release, minor version bump 51 522.0.27 2011-07-25 53 * Add role attribute support by Harry Ciao 54 552.0.26 2011-05-16 56 * Wrap file names in filename transitions with quotes by Steve Lawrence. 57 * Allow filesystem names to start with a digit by James Carter. 58 592.0.25 2011-05-02 60 * Add support for using the last path compnent in type transitions by Eric 61 Paris. 62 * Allow single digit module versions by Daniel Walsh. 63 * Use better filename identifier for filenames by Daniel Walsh. 64 * Use #defines for dismod selections by Eric Paris. 65 662.0.24 2011-04-11 67 * Add new class field in role_transition by Harry Ciao. 68 692.0.23 2010-12-16 70 * Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock 71 722.0.22 2010-06-14 73 * Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence 74 752.0.21 2009-11-27 76 * Add long options to checkpolicy and checkmodule by Guido 77 Trentalancia <guido@trentalancia.com> 78 792.0.20 2009-10-14 80 * Add support for building Xen policies from Paul Nuzzi. 81 822.0.19 2009-02-18 83 * Fix alias field in module format, caused by boundary format change 84 from Caleb Case. 85 862.0.18 2008-10-14 87 * Properly escape regex symbols in the lexer from Stephen Smalley. 88 892.0.17 2008-10-09 90 * Add bounds support from KaiGai Kohei. 91 922.0.16 2008-05-27 93 * Update checkpolicy for user and role mapping support from Joshua Brindle. 94 952.0.15 2008-05-05 96 * Fix for policy module versions that look like IPv4 addresses from Jim Carter. 97 Resolves bug 444451. 98 992.0.14 2008-03-24 100 * Add permissive domain support from Eric Paris. 101 1022.0.13 2008-03-05 103 * Split out non-grammar parts of policy_parse.yacc into 104 policy_define.c and policy_define.h from Todd C. Miller. 105 1062.0.12 2008-03-04 107 * Initialize struct policy_file before using it, from Todd C. Miller. 108 1092.0.11 2008-03-03 110 * Remove unused define, move variable out of .y file, simplify COND_ERR, from Todd C. Miller. 111 1122.0.10 2008-02-28 113 * Use yyerror2() where appropriate from Todd C. Miller. 114 1152.0.9 2008-02-04 116 * Update dispol for libsepol avtab changes from Stephen Smalley. 117 1182.0.8 2008-01-24 119 * Deprecate role dominance in parser. 120 1212.0.7 2008-01-02 122 * Added support for policy capabilities from Todd Miller. 123 1242.0.6 2007-11-15 125 * Initialize the source file name from the command line argument so that checkpolicy/checkmodule report something more useful than "unknown source". 126 1272.0.5 2007-11-01 128 * Merged remove use of REJECT and trailing context in lex rules; make ipv4 address parsing like ipv6 from James Carter. 129 1302.0.4 2007-09-18 131 * Merged handle unknown policydb flag support from Eric Paris. 132 Adds new command line options -U {allow, reject, deny} for selecting 133 the flag when a base module or kernel policy is built. 134 1352.0.3 2007-05-31 136 * Merged fix for segfault on duplicate require of sensitivity from Caleb Case. 137 * Merged fix for dead URLs in checkpolicy man pages from Dan Walsh. 138 1392.0.2 2007-04-12 140 * Merged checkmodule man page fix from Dan Walsh. 141 1422.0.1 2007-02-20 143 * Merged patch to allow dots in class identifiers from Caleb Case. 144 1452.0.0 2007-02-01 146 * Merged patch to use new libsepol error codes by Karl MacMillan. 147 1481.34.0 2007-01-18 149 * Updated version for stable branch. 150 1511.33.1 2006-11-13 152 * Collapse user identifiers and identifiers together. 153 1541.32 2006-10-17 155 * Updated version for release. 156 1571.30.12 2006-09-28 158 * Merged user and range_transition support for modules from 159 Darrel Goeddel 160 1611.30.11 2006-09-05 162 * merged range_transition enhancements and user module format 163 changes from Darrel Goeddel 164 1651.30.10 2006-08-03 166 * Merged symtab datum patch from Karl MacMillan. 167 1681.30.9 2006-06-29 169 * Lindent. 170 1711.30.8 2006-06-29 172 * Merged patch to remove TE rule conflict checking from the parser 173 from Joshua Brindle. This can only be done properly by the 174 expander. 175 1761.30.7 2006-06-27 177 * Merged patch to make checkpolicy/checkmodule handling of 178 duplicate/conflicting TE rules the same as the expander 179 from Joshua Brindle. 180 1811.30.6 2006-06-26 182 * Merged optionals in base take 2 patch set from Joshua Brindle. 183 1841.30.5 2006-05-05 185 * Merged compiler cleanup patch from Karl MacMillan. 186 * Merged fix warnings patch from Karl MacMillan. 187 1881.30.4 2006-04-05 189 * Changed require_class to reject permissions that have not been 190 declared if building a base module. 191 1921.30.3 2006-03-28 193 * Fixed checkmodule to call link_modules prior to expand_module 194 to handle optionals. 195 1961.30.2 2006-03-28 197 * Fixed require_class to avoid shadowing permissions already defined 198 in an inherited common definition. 199 2001.30.1 2006-03-22 201 * Moved processing of role and user require statements to 2nd pass. 202 2031.30 2006-03-14 204 * Updated version for release. 205 2061.29.5 2006-03-09 207 * Fixed bug in role dominance (define_role_dom). 208 2091.29.4 2006-02-14 210 * Added a check for failure to declare each sensitivity in 211 a level definition. 212 2131.29.3 2006-02-13 214 * Changed to clone level data for aliased sensitivities to 215 avoid double free upon sens_destroy. Bug reported by Kevin 216 Carr of Tresys Technology. 217 2181.29.2 2006-02-13 219 * Merged optionals in base patch from Joshua Brindle. 220 2211.29.1 2006-02-01 222 * Merged sepol_av_to_string patch from Joshua Brindle. 223 2241.28 2005-12-07 225 * Updated version for release. 226 2271.27.20 2005-12-02 228 * Merged checkmodule man page from Dan Walsh, and edited it. 229 2301.27.19 2005-12-01 231 * Added error checking of all ebitmap_set_bit calls for out of 232 memory conditions. 233 2341.27.18 2005-12-01 235 * Merged removal of compatibility handling of netlink classes 236 (requirement that policies with newer versions include the 237 netlink class definitions, remapping of fine-grained netlink 238 classes in newer source policies to single netlink class when 239 generating older policies) from George Coker. 240 2411.27.17 2005-10-25 242 * Merged dismod fix from Joshua Brindle. 243 2441.27.16 2005-10-20 245 * Removed obsolete cond_check_type_rules() function and call and 246 cond_optimize_lists() call from checkpolicy.c; these are handled 247 during parsing and expansion now. 248 2491.27.15 2005-10-19 250 * Updated calls to expand_module for interface change. 251 2521.27.14 2005-10-19 253 * Changed checkmodule to verify that expand_module succeeds 254 when building base modules. 255 2561.27.13 2005-10-19 257 * Merged module compiler fixes from Joshua Brindle. 258 2591.27.12 2005-10-19 260 * Removed direct calls to hierarchy_check_constraints() and 261 check_assertions() from checkpolicy since they are now called 262 internally by expand_module(). 263 2641.27.11 2005-10-18 265 * Updated for changes to sepol policydb_index_others interface. 266 2671.27.10 2005-10-17 268 * Updated for changes to sepol expand_module and link_modules interfaces. 269 2701.27.9 2005-10-13 271 * Merged support for require blocks inside conditionals from 272 Joshua Brindle (Tresys). 273 2741.27.8 2005-10-06 275 * Updated for changes to libsepol. 276 2771.27.7 2005-10-05 278 * Merged several bug fixes from Joshua Brindle (Tresys). 279 2801.27.6 2005-10-03 281 * Merged MLS in modules patch from Joshua Brindle (Tresys). 282 2831.27.5 2005-09-28 284 * Merged error handling improvement in checkmodule from Karl MacMillan (Tresys). 285 2861.27.4 2005-09-26 287 * Merged bugfix for dup role transition error messages from 288 Karl MacMillan (Tresys). 289 2901.27.3 2005-09-23 291 * Merged policyver/modulever patches from Joshua Brindle (Tresys). 292 2931.27.2 2005-09-20 294 * Fixed parse_categories handling of undefined category. 295 2961.27.1 2005-09-16 297 * Merged bug fix for role dominance handling from Darrel Goeddel (TCS). 298 2991.26 2005-09-06 300 * Updated version for release. 301 3021.25.12 2005-08-22 303 * Fixed handling of validatetrans constraint expressions. 304 Bug reported by Dan Walsh for checkpolicy -M. 305 3061.25.11 2005-08-18 307 * Merged use-after-free fix from Serge Hallyn (IBM). 308 Bug found by Coverity. 309 3101.25.10 2005-08-15 311 * Fixed further memory leaks found by valgrind. 312 3131.25.9 2005-08-15 314 * Changed checkpolicy to destroy the policydbs prior to exit 315 to allow leak detection. 316 * Fixed several memory leaks found by valgrind. 317 3181.25.8 2005-08-11 319 * Updated checkpolicy and dispol for the new avtab format. 320 Converted users of ebitmaps to new inline operators. 321 Note: The binary policy format version has been incremented to 322 version 20 as a result of these changes. To build a policy 323 for a kernel that does not yet include these changes, use 324 the -c 19 option to checkpolicy. 325 3261.25.7 2005-08-11 327 * Merged patch to prohibit use of "self" as a type name from Jason Tang (Tresys). 328 3291.25.6 2005-08-10 330 * Merged patch to fix dismod compilation from Joshua Brindle (Tresys). 331 3321.25.5 2005-08-09 333 * Fixed call to hierarchy checking code to pass the right policydb. 334 3351.25.4 2005-08-02 336 * Merged patch to update dismod for the relocation of the 337 module read/write code from libsemanage to libsepol, and 338 to enable build of test subdirectory from Jason Tang (Tresys). 339 3401.25.3 2005-07-18 341 * Merged hierarchy check fix from Joshua Brindle (Tresys). 342 3431.25.2 2005-07-06 344 * Merged loadable module support from Tresys Technology. 345 3461.25.1 2005-06-24 347 * Merged patch to prohibit the use of * and ~ in type sets 348 (other than in neverallow statements) and in role sets 349 from Joshua Brindle (Tresys). 350 3511.24 2005-06-20 352 * Updated version for release. 353 3541.23.4 2005-05-19 355 * Merged cleanup patch from Dan Walsh. 356 3571.23.3 2005-05-13 358 * Added sepol_ prefix to Flask types to avoid namespace 359 collision with libselinux. 360 3611.23.2 2005-04-29 362 * Merged identifier fix from Joshua Brindle (Tresys). 363 3641.23.1 2005-04-13 365 * Merged hierarchical type/role patch from Tresys Technology. 366 * Merged MLS fixes from Darrel Goeddel of TCS. 367 3681.22 2005-03-09 369 * Updated version for release. 370 3711.21.4 2005-02-17 372 * Moved genpolusers utility to libsepol. 373 * Merged range_transition support from Darrel Goeddel (TCS). 374 3751.21.3 2005-02-16 376 * Merged define_user() cleanup patch from Darrel Goeddel (TCS). 377 3781.21.2 2005-02-09 379 * Changed relabel Makefile target to use restorecon. 380 3811.21.1 2005-01-26 382 * Merged enhanced MLS support from Darrel Goeddel (TCS). 383 3841.20 2005-01-04 385 * Merged typeattribute statement patch from Darrel Goeddel of TCS. 386 * Changed genpolusers to handle multiple user config files. 387 * Merged nodecon ordering patch from Chad Hanson of TCS. 388 3891.18 2004-10-07 390 * MLS build fix. 391 * Fixed Makefile dependencies (Chris PeBenito). 392 * Merged fix for role dominance ordering issue from Chad Hanson of TCS. 393 * Preserve portcon ordering and apply more checking. 394 3951.16 2004-08-13 396 * Allow empty conditional clauses. 397 * Moved genpolbools utility to libsepol. 398 * Updated for libsepol set functions. 399 * Changed to link with libsepol.a. 400 * Moved core functionality into libsepol. 401 * Merged bug fix for conditional self handling from Karl MacMillan, Dave Caplan, and Joshua Brindle of Tresys. 402 * Added genpolusers program. 403 * Fixed bug in checkpolicy conditional code. 404 4051.14 2004-06-28 406 * Merged fix for MLS logic from Daniel Thayer of TCS. 407 * Require semicolon terminator for typealias statement. 408 4091.12 2004-06-16 410 * Merged fine-grained netlink class support. 411 4121.10 2004-04-07 413 * Merged ipv6 support from James Morris of RedHat. 414 * Fixed compute_av bug discovered by Chad Hanson of TCS. 415 4161.8 2004-03-09 417 * Merged policydb MLS patch from Chad Hanson of TCS. 418 * Fixed mmap of policy file. 419 4201.6 2004-02-18 421 * Merged conditional policy extensions from Tresys Technology. 422 * Added typealias declaration support per Russell Coker's request. 423 * Added support for excluding types from type sets based on 424 a patch by David Caplan, but reimplemented as a change to the 425 policy grammar. 426 * Merged patch from Colin Walters to report source file name and line 427 number for errors when available. 428 * Un-deprecated role transitions. 429 4301.4 2003-12-01 431 * Regenerated headers. 432 * Merged patches from Bastian Blank and Joerg Hoh. 433 4341.2 2003-09-30 435 * Merged MLS build patch from Karl MacMillan of Tresys. 436 * Merged checkpolicy man page from Magosanyi Arpad. 437 4381.1 2003-08-13 439 * Fixed endian bug in policydb_write for behavior value. 440 * License -> GPL. 441 * Merged coding style cleanups from James Morris. 442 4431.0 2003-07-11 444 * Initial public release. 445 446