| * Set flex as default lexer, from Julien Pivotto. |
| * Fix checkmodule output message, from Petr Lautrbach. |
| * Build policy on systems not supporting DCCP protocol, from Richard Haines. |
| * Fail if module name different than output base filename, from James Carter |
| * Add support for portcon dccp protocol, from Richard Haines |
| |
| 2.5 2016-02-23 |
| * Add neverallow support for ioctl extended permissions, from Jeff Vander Stoep. |
| * fix double free on name-based type transitions, from Stephen Smalley. |
| * switch operations to extended perms, from Jeff Vander Stoep. |
| * policy_define.c: fix compiler warnings, from Nick Kralevich. |
| * Remove uses of -Wno-return-type, from Dan Albert. |
| * Fix -Wreturn-type issues, from Dan Albert. |
| * dispol: display operations as ranges, from Jeff Vander Stoep. |
| * dispol: Extend to display operations, from Stephen Smalley. |
| * Add support for ioctl command whitelisting, from Jeff Vander Stoep. |
| * Add option to write CIL policy, from James Carter |
| * Add device tree ocontext nodes to Xen policy, from Daniel De Graaf. |
| * Widen Xen IOMEM context entries, from Daniel De Graaf. |
| * Expand allowed character set in paths, from Daniel De Graaf. |
| * Fix precedence between number and filesystem tokens, from Stephen Smalley. |
| * dispol/dismod fgets function warnings fix, from Emre Can Kucukoglu. |
| |
| 2.4 2015-02-02 |
| * Fix bugs found by hardened gcc flags, from Nicolas Iooss. |
| * Add missing semicolon in cond_else parser rule, from Steven Capelli. |
| * Clear errno before call to strtol(3) from Dan Albert. |
| * Global C++11 compatibility from Dan Albert. |
| * Allow libsepol C++ static library on device from Daniel Cashman. |
| |
| 2.3 2014-05-06 |
| * Add Android support for building dispol. |
| * Report source file and line information for neverallow failures. |
| * Prevent incompatible option combinations for checkmodule. |
| * Drop -lselinux from LDLIBS for test programs; not used. |
| * Add debug feature to display constraints/validatetrans from Richard Haines. |
| |
| 2.2 2013-10-30 |
| * Fix hyphen usage in man pages from Laurent Bigonville. |
| * handle-unknown / -U required argument fix from Laurent Bigonville. |
| * Support overriding Makefile PATH and LIBDIR from Laurent Bigonville. |
| * Support space and : in filenames from Dan Walsh. |
| |
| 2.1.12 2013-02-01 |
| * Fix errors found by coverity |
| * implement default type policy syntax |
| * Free allocated memory when clean up / exit. |
| |
| 2.1.11 2012-09-13 |
| * fd leak reading policy |
| * check return code on ebitmap_set_bit |
| |
| 2.1.10 2012-06-28 |
| * sepolgen: We need to support files that have a + in them |
| * Android/MacOS X build support |
| |
| 2.1.9 2012-03-28 |
| * implement new default labeling behaviors for usr, role, range |
| * Fix dead links to www.nsa.gov/selinux |
| |
| 2.1.8 2011-12-21 |
| * add new helper to translate class sets into bitmaps |
| |
| 2.1.7 2011-12-05 |
| * dis* fixed signed vs unsigned errors |
| * dismod: fix unused parameter errors |
| * test: Makefile: include -W and -Werror |
| * allow ~ in filename transition rules |
| |
| 2.1.6 2011-11-03 |
| * Revert "checkpolicy: Redo filename/filesystem syntax to support filename trans rules" |
| * drop libsepol dynamic link in checkpolicy |
| |
| 2.1.5 2011-09-15 |
| * Separate tunable from boolean during compile. |
| |
| 2.1.4 2011-08-26 |
| * checkpolicy: fix spacing in output message |
| |
| 2.1.3 2011-08-17 |
| * add missing ; to attribute_role_def |
| *Redo filename/filesystem syntax to support filename trans |
| |
| 2.1.2 2011-08-02 |
| * .gitignore changes |
| * dispol output of role trans |
| * man page update: build a module with an older policy version |
| |
| 2.1.1 2011-08-01 |
| * Minor updates to filename trans rule output in dis{mod,pol} |
| |
| 2.1.0 2011-07-27 |
| * Release, minor version bump |
| |
| 2.0.27 2011-07-25 |
| * Add role attribute support by Harry Ciao |
| |
| 2.0.26 2011-05-16 |
| * Wrap file names in filename transitions with quotes by Steve Lawrence. |
| * Allow filesystem names to start with a digit by James Carter. |
| |
| 2.0.25 2011-05-02 |
| * Add support for using the last path compnent in type transitions by Eric |
| Paris. |
| * Allow single digit module versions by Daniel Walsh. |
| * Use better filename identifier for filenames by Daniel Walsh. |
| * Use #defines for dismod selections by Eric Paris. |
| |
| 2.0.24 2011-04-11 |
| * Add new class field in role_transition by Harry Ciao. |
| |
| 2.0.23 2010-12-16 |
| * Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock |
| |
| 2.0.22 2010-06-14 |
| * Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence |
| |
| 2.0.21 2009-11-27 |
| * Add long options to checkpolicy and checkmodule by Guido |
| Trentalancia <guido@trentalancia.com> |
| |
| 2.0.20 2009-10-14 |
| * Add support for building Xen policies from Paul Nuzzi. |
| |
| 2.0.19 2009-02-18 |
| * Fix alias field in module format, caused by boundary format change |
| from Caleb Case. |
| |
| 2.0.18 2008-10-14 |
| * Properly escape regex symbols in the lexer from Stephen Smalley. |
| |
| 2.0.17 2008-10-09 |
| * Add bounds support from KaiGai Kohei. |
| |
| 2.0.16 2008-05-27 |
| * Update checkpolicy for user and role mapping support from Joshua Brindle. |
| |
| 2.0.15 2008-05-05 |
| * Fix for policy module versions that look like IPv4 addresses from Jim Carter. |
| Resolves bug 444451. |
| |
| 2.0.14 2008-03-24 |
| * Add permissive domain support from Eric Paris. |
| |
| 2.0.13 2008-03-05 |
| * Split out non-grammar parts of policy_parse.yacc into |
| policy_define.c and policy_define.h from Todd C. Miller. |
| |
| 2.0.12 2008-03-04 |
| * Initialize struct policy_file before using it, from Todd C. Miller. |
| |
| 2.0.11 2008-03-03 |
| * Remove unused define, move variable out of .y file, simplify COND_ERR, from Todd C. Miller. |
| |
| 2.0.10 2008-02-28 |
| * Use yyerror2() where appropriate from Todd C. Miller. |
| |
| 2.0.9 2008-02-04 |
| * Update dispol for libsepol avtab changes from Stephen Smalley. |
| |
| 2.0.8 2008-01-24 |
| * Deprecate role dominance in parser. |
| |
| 2.0.7 2008-01-02 |
| * Added support for policy capabilities from Todd Miller. |
| |
| 2.0.6 2007-11-15 |
| * Initialize the source file name from the command line argument so that checkpolicy/checkmodule report something more useful than "unknown source". |
| |
| 2.0.5 2007-11-01 |
| * Merged remove use of REJECT and trailing context in lex rules; make ipv4 address parsing like ipv6 from James Carter. |
| |
| 2.0.4 2007-09-18 |
| * Merged handle unknown policydb flag support from Eric Paris. |
| Adds new command line options -U {allow, reject, deny} for selecting |
| the flag when a base module or kernel policy is built. |
| |
| 2.0.3 2007-05-31 |
| * Merged fix for segfault on duplicate require of sensitivity from Caleb Case. |
| * Merged fix for dead URLs in checkpolicy man pages from Dan Walsh. |
| |
| 2.0.2 2007-04-12 |
| * Merged checkmodule man page fix from Dan Walsh. |
| |
| 2.0.1 2007-02-20 |
| * Merged patch to allow dots in class identifiers from Caleb Case. |
| |
| 2.0.0 2007-02-01 |
| * Merged patch to use new libsepol error codes by Karl MacMillan. |
| |
| 1.34.0 2007-01-18 |
| * Updated version for stable branch. |
| |
| 1.33.1 2006-11-13 |
| * Collapse user identifiers and identifiers together. |
| |
| 1.32 2006-10-17 |
| * Updated version for release. |
| |
| 1.30.12 2006-09-28 |
| * Merged user and range_transition support for modules from |
| Darrel Goeddel |
| |
| 1.30.11 2006-09-05 |
| * merged range_transition enhancements and user module format |
| changes from Darrel Goeddel |
| |
| 1.30.10 2006-08-03 |
| * Merged symtab datum patch from Karl MacMillan. |
| |
| 1.30.9 2006-06-29 |
| * Lindent. |
| |
| 1.30.8 2006-06-29 |
| * Merged patch to remove TE rule conflict checking from the parser |
| from Joshua Brindle. This can only be done properly by the |
| expander. |
| |
| 1.30.7 2006-06-27 |
| * Merged patch to make checkpolicy/checkmodule handling of |
| duplicate/conflicting TE rules the same as the expander |
| from Joshua Brindle. |
| |
| 1.30.6 2006-06-26 |
| * Merged optionals in base take 2 patch set from Joshua Brindle. |
| |
| 1.30.5 2006-05-05 |
| * Merged compiler cleanup patch from Karl MacMillan. |
| * Merged fix warnings patch from Karl MacMillan. |
| |
| 1.30.4 2006-04-05 |
| * Changed require_class to reject permissions that have not been |
| declared if building a base module. |
| |
| 1.30.3 2006-03-28 |
| * Fixed checkmodule to call link_modules prior to expand_module |
| to handle optionals. |
| |
| 1.30.2 2006-03-28 |
| * Fixed require_class to avoid shadowing permissions already defined |
| in an inherited common definition. |
| |
| 1.30.1 2006-03-22 |
| * Moved processing of role and user require statements to 2nd pass. |
| |
| 1.30 2006-03-14 |
| * Updated version for release. |
| |
| 1.29.5 2006-03-09 |
| * Fixed bug in role dominance (define_role_dom). |
| |
| 1.29.4 2006-02-14 |
| * Added a check for failure to declare each sensitivity in |
| a level definition. |
| |
| 1.29.3 2006-02-13 |
| * Changed to clone level data for aliased sensitivities to |
| avoid double free upon sens_destroy. Bug reported by Kevin |
| Carr of Tresys Technology. |
| |
| 1.29.2 2006-02-13 |
| * Merged optionals in base patch from Joshua Brindle. |
| |
| 1.29.1 2006-02-01 |
| * Merged sepol_av_to_string patch from Joshua Brindle. |
| |
| 1.28 2005-12-07 |
| * Updated version for release. |
| |
| 1.27.20 2005-12-02 |
| * Merged checkmodule man page from Dan Walsh, and edited it. |
| |
| 1.27.19 2005-12-01 |
| * Added error checking of all ebitmap_set_bit calls for out of |
| memory conditions. |
| |
| 1.27.18 2005-12-01 |
| * Merged removal of compatibility handling of netlink classes |
| (requirement that policies with newer versions include the |
| netlink class definitions, remapping of fine-grained netlink |
| classes in newer source policies to single netlink class when |
| generating older policies) from George Coker. |
| |
| 1.27.17 2005-10-25 |
| * Merged dismod fix from Joshua Brindle. |
| |
| 1.27.16 2005-10-20 |
| * Removed obsolete cond_check_type_rules() function and call and |
| cond_optimize_lists() call from checkpolicy.c; these are handled |
| during parsing and expansion now. |
| |
| 1.27.15 2005-10-19 |
| * Updated calls to expand_module for interface change. |
| |
| 1.27.14 2005-10-19 |
| * Changed checkmodule to verify that expand_module succeeds |
| when building base modules. |
| |
| 1.27.13 2005-10-19 |
| * Merged module compiler fixes from Joshua Brindle. |
| |
| 1.27.12 2005-10-19 |
| * Removed direct calls to hierarchy_check_constraints() and |
| check_assertions() from checkpolicy since they are now called |
| internally by expand_module(). |
| |
| 1.27.11 2005-10-18 |
| * Updated for changes to sepol policydb_index_others interface. |
| |
| 1.27.10 2005-10-17 |
| * Updated for changes to sepol expand_module and link_modules interfaces. |
| |
| 1.27.9 2005-10-13 |
| * Merged support for require blocks inside conditionals from |
| Joshua Brindle (Tresys). |
| |
| 1.27.8 2005-10-06 |
| * Updated for changes to libsepol. |
| |
| 1.27.7 2005-10-05 |
| * Merged several bug fixes from Joshua Brindle (Tresys). |
| |
| 1.27.6 2005-10-03 |
| * Merged MLS in modules patch from Joshua Brindle (Tresys). |
| |
| 1.27.5 2005-09-28 |
| * Merged error handling improvement in checkmodule from Karl MacMillan (Tresys). |
| |
| 1.27.4 2005-09-26 |
| * Merged bugfix for dup role transition error messages from |
| Karl MacMillan (Tresys). |
| |
| 1.27.3 2005-09-23 |
| * Merged policyver/modulever patches from Joshua Brindle (Tresys). |
| |
| 1.27.2 2005-09-20 |
| * Fixed parse_categories handling of undefined category. |
| |
| 1.27.1 2005-09-16 |
| * Merged bug fix for role dominance handling from Darrel Goeddel (TCS). |
| |
| 1.26 2005-09-06 |
| * Updated version for release. |
| |
| 1.25.12 2005-08-22 |
| * Fixed handling of validatetrans constraint expressions. |
| Bug reported by Dan Walsh for checkpolicy -M. |
| |
| 1.25.11 2005-08-18 |
| * Merged use-after-free fix from Serge Hallyn (IBM). |
| Bug found by Coverity. |
| |
| 1.25.10 2005-08-15 |
| * Fixed further memory leaks found by valgrind. |
| |
| 1.25.9 2005-08-15 |
| * Changed checkpolicy to destroy the policydbs prior to exit |
| to allow leak detection. |
| * Fixed several memory leaks found by valgrind. |
| |
| 1.25.8 2005-08-11 |
| * Updated checkpolicy and dispol for the new avtab format. |
| Converted users of ebitmaps to new inline operators. |
| Note: The binary policy format version has been incremented to |
| version 20 as a result of these changes. To build a policy |
| for a kernel that does not yet include these changes, use |
| the -c 19 option to checkpolicy. |
| |
| 1.25.7 2005-08-11 |
| * Merged patch to prohibit use of "self" as a type name from Jason Tang (Tresys). |
| |
| 1.25.6 2005-08-10 |
| * Merged patch to fix dismod compilation from Joshua Brindle (Tresys). |
| |
| 1.25.5 2005-08-09 |
| * Fixed call to hierarchy checking code to pass the right policydb. |
| |
| 1.25.4 2005-08-02 |
| * Merged patch to update dismod for the relocation of the |
| module read/write code from libsemanage to libsepol, and |
| to enable build of test subdirectory from Jason Tang (Tresys). |
| |
| 1.25.3 2005-07-18 |
| * Merged hierarchy check fix from Joshua Brindle (Tresys). |
| |
| 1.25.2 2005-07-06 |
| * Merged loadable module support from Tresys Technology. |
| |
| 1.25.1 2005-06-24 |
| * Merged patch to prohibit the use of * and ~ in type sets |
| (other than in neverallow statements) and in role sets |
| from Joshua Brindle (Tresys). |
| |
| 1.24 2005-06-20 |
| * Updated version for release. |
| |
| 1.23.4 2005-05-19 |
| * Merged cleanup patch from Dan Walsh. |
| |
| 1.23.3 2005-05-13 |
| * Added sepol_ prefix to Flask types to avoid namespace |
| collision with libselinux. |
| |
| 1.23.2 2005-04-29 |
| * Merged identifier fix from Joshua Brindle (Tresys). |
| |
| 1.23.1 2005-04-13 |
| * Merged hierarchical type/role patch from Tresys Technology. |
| * Merged MLS fixes from Darrel Goeddel of TCS. |
| |
| 1.22 2005-03-09 |
| * Updated version for release. |
| |
| 1.21.4 2005-02-17 |
| * Moved genpolusers utility to libsepol. |
| * Merged range_transition support from Darrel Goeddel (TCS). |
| |
| 1.21.3 2005-02-16 |
| * Merged define_user() cleanup patch from Darrel Goeddel (TCS). |
| |
| 1.21.2 2005-02-09 |
| * Changed relabel Makefile target to use restorecon. |
| |
| 1.21.1 2005-01-26 |
| * Merged enhanced MLS support from Darrel Goeddel (TCS). |
| |
| 1.20 2005-01-04 |
| * Merged typeattribute statement patch from Darrel Goeddel of TCS. |
| * Changed genpolusers to handle multiple user config files. |
| * Merged nodecon ordering patch from Chad Hanson of TCS. |
| |
| 1.18 2004-10-07 |
| * MLS build fix. |
| * Fixed Makefile dependencies (Chris PeBenito). |
| * Merged fix for role dominance ordering issue from Chad Hanson of TCS. |
| * Preserve portcon ordering and apply more checking. |
| |
| 1.16 2004-08-13 |
| * Allow empty conditional clauses. |
| * Moved genpolbools utility to libsepol. |
| * Updated for libsepol set functions. |
| * Changed to link with libsepol.a. |
| * Moved core functionality into libsepol. |
| * Merged bug fix for conditional self handling from Karl MacMillan, Dave Caplan, and Joshua Brindle of Tresys. |
| * Added genpolusers program. |
| * Fixed bug in checkpolicy conditional code. |
| |
| 1.14 2004-06-28 |
| * Merged fix for MLS logic from Daniel Thayer of TCS. |
| * Require semicolon terminator for typealias statement. |
| |
| 1.12 2004-06-16 |
| * Merged fine-grained netlink class support. |
| |
| 1.10 2004-04-07 |
| * Merged ipv6 support from James Morris of RedHat. |
| * Fixed compute_av bug discovered by Chad Hanson of TCS. |
| |
| 1.8 2004-03-09 |
| * Merged policydb MLS patch from Chad Hanson of TCS. |
| * Fixed mmap of policy file. |
| |
| 1.6 2004-02-18 |
| * Merged conditional policy extensions from Tresys Technology. |
| * Added typealias declaration support per Russell Coker's request. |
| * Added support for excluding types from type sets based on |
| a patch by David Caplan, but reimplemented as a change to the |
| policy grammar. |
| * Merged patch from Colin Walters to report source file name and line |
| number for errors when available. |
| * Un-deprecated role transitions. |
| |
| 1.4 2003-12-01 |
| * Regenerated headers. |
| * Merged patches from Bastian Blank and Joerg Hoh. |
| |
| 1.2 2003-09-30 |
| * Merged MLS build patch from Karl MacMillan of Tresys. |
| * Merged checkpolicy man page from Magosanyi Arpad. |
| |
| 1.1 2003-08-13 |
| * Fixed endian bug in policydb_write for behavior value. |
| * License -> GPL. |
| * Merged coding style cleanups from James Morris. |
| |
| 1.0 2003-07-11 |
| * Initial public release. |
| |