blob: 95e56d4f257f036cfc89d5af0470f46722621387 [file] [log] [blame] [edit]
* Fix neverallowxperm checking on attributes, from Jeff Vander Stoep.
* Remove libsepol.map when cleaning, from Nicolas Iooss.
* Add high-level language line marking support to CIL, from James Carter.
* Change logic of bounds checking to match change in kernel, from James Carter.
* Fix multiple spelling errors, from Laurent Bigonville.
* Only apply bounds checking to source types in rules, from Stephen Smalley.
* Fix CIL and not add an attribute as a type in the attr_type_map, from James Carter
* Build policy on systems not supporting DCCP protocol, from Richard Haines.
* Fix extended permissions neverallow checking, from Jeff Vander Stoep.
* Fix CIL neverallow and bounds checking, from James Carter
* Android.mk: Add -D_GNU_SOURCE to common_cflags, from Nick Kralevich.
* Add support for portcon dccp protocol, from Richard Haines
* Fix bug in CIL when resetting classes, from Steve Lawrence
2.5 2016-02-23
* Fix unused variable annotations, from Nicolas Iooss.
* Fix uninitialized variable in CIL, from Nicolas Iooss.
* Validate extended avrules and permissionxs in CIL, from Steve Lawrence.
* Add support in CIL for neverallowx, from Steve Lawrence.
* Fully expand neverallowxperm rules, from Richard Haines.
* Add support for unordered classes to CIL, from Yuli Khodorkovskiy.
* Add neverallow support for ioctl extended permissions, from Jeff Vander Stoep.
* Improve CIL block and macro call recursion detection, from Steve Lawrence
* Fix CIL uninitialized false positive in cil_binary, from Yuli Khodorkovskiy
* Provide error in CIL if classperms are empty, from Yuli Khodorkovskiy
* Add userattribute{set} functionality to CIL, from Yuli Khodorkovskiy
* fix CIL blockinherit copying segfault and add macro restrictions, from Steve Lawrence
* fix CIL NULL pointer dereference when copying classpermission/set, from Steve Lawrence
* Add CIL support for ioctl whitelists, from Steve Lawrence
* Fix memory leak when destroying avtab, from Steve Lawrence
* Replace sscanf in module_to_cil, from Yuli Khodorkovskiy.
* Improve CIL resolution error messages, from Steve Lawrence
* Fix policydb_read for policy versions < 24, from Stephen Smalley.
* Added CIL bounds checking and refactored CIL Neverallow checking, from James Carter
* Refactored libsepol Neverallow and bounds (hierarchy) checking, from James Carter
* Treat types like an attribute in the attr_type_map, from James Carter
* Add new ebitmap function named ebitmap_match_any(), from James Carter
* switch operations to extended perms, from Jeff Vander Stoep.
* Write auditadm_r and secadm_r roles to base module when writing CIL, from Steve Lawrence
* Fix module to CIL to only associate declared roleattributes with in-scope types, from Steve Lawrence
* Don't allow categories/sensitivities inside blocks in CIL, from Yuli Khodorkovskiy.
* Replace fmemopen() with internal function in libsepol, from James Carter.
* Verify users prior to evaluating users in cil, from Yuli Khodorkovskiy.
* Binary modules do not support ioctl rules, from Stephen Smalley.
* Add support for ioctl command whitelisting, from Jeff Vander Stoep.
* Don't use symbol versioning for static object files, from Yuli Khodorkovskiy.
* Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(), and sepol_ppfile_to_module_package(), from James Carter.
* Move secilc out of libsepol, from Yuli Khodorkovskiy.
* fix building Xen policy with devicetreecon, and add devicetreecon
CIL documentation, from Richard Haines.
* bool_copy_callback set state on creation, from Thomas Hurd.
* Add device tree ocontext nodes to Xen policy, from Daniel De Graaf.
* Widen Xen IOMEM context entries, from Daniel De Graaf.
* Update CIL documentation, from Richard Haines
* Fix error path in mls_semantic_level_expand(), from Chris PeBenito.
* Fix MacOS X build, from Stephen Smalley.
* Enabling building CIL in Android, from Stephen Smalley.
* Update to latest CIL, includes new name resolution and fixes ordering
issues with blockinherit statements, and bug fixes
2.4 2015-02-02
* Remove assumption that SHLIBDIR is ../../ relative to LIBDIR, from Steve
Lawrence
* Fix bugs found by hardened gcc flags, from Nicolas Iooss.
* Build CIL into libsepol. libsepol can be built without CIL by setting the
DISABLE_CIL flag to 'y', from Steve Lawrence
* Add an API function to set target_platform, from Steve Lawrence
* Report all neverallow violations, from Stephen Smalley
* Improve check_assertions performance through hash tweaks from John Brooks.
* Allow libsepol C++ static library on device from Daniel Cashman.
2.3 2014-05-06
* Improve error message for name-based transition conflicts.
* Revert libsepol: filename_trans: use some better sorting to compare and merge.
* Report source file and line information for neverallow failures.
* Fix valgrind errors in constraint_expr_eval_reason from Richard Haines.
* Add sepol_validate_transition_reason_buffer function from Richard Haines.
2.2 2013-10-30
* Allow constraint denial cause to be determined from Richard Haines.
- Add kernel policy version 29.
- Add modular policy version 17.
- Add sepol_compute_av_reason_buffer(), sepol_string_to_security_class(), sepol_string_to_av_perm().
* Support overriding Makefile RANLIB from Sven Vermeulen.
* Fix man pages from Laurent Bigonville.
2.1.9 2013-02-01
* filename_trans: use some better sorting to compare and merge
* coverity fixes
* implement default type policy syntax
* Fix memory leak issues found by Klocwork
2.1.8 2012-09-13
* fix neverallow checking on attributes
* Move context_copy() after switch block in ocontext_copy_*().
* check for missing initial SID labeling statement.
* Add always_check_network policy capability
* role_fix_callback skips out-of-scope roles during expansion.
2.1.7 2012-06-28
* reserve policycapability for redhat testing of ptrace child
* cosmetic changes to make the source easier to read
* prepend instead of append to filename_trans list
* Android/MacOS X build support
2.1.6 2012-04-23
* allocate enough space to hold filename in trans rules
2.1.5 2012-03-28
* checkpolicy: implement new default labeling behaviors
2.1.4 2011-10-03
* regenerate .pc on VERSION change
* Move ebitmap_* functions from mcstrans to libsepol
* expand: do filename_trans type comparison on mapped representation
2.1.3 2011-09-15
* Skip writing role attributes for policy.X and
* Indicate when boolean is indeed a tunable.
* Separate tunable from boolean during compile.
* Write and read TUNABLE flags in related
* Copy and check the cond_bool_datum_t.flags during link.
* Permanently discard disabled branches of tunables in
* Skip tunable identifier and cond_node_t in expansion.
* Create a new preserve_tunables flag
* Preserve tunables when required by semodule program.
* setools expects expand_module_avrules to be an exported
* tree: default make target to all not
2.1.2 2011-08-03
* Only call role_fix_callback for base.p_roles during expansion.
* use mapped role number instead of module role number
2.1.1 2011-08-01
* Minor fix to reading policy with filename transition rules
2.1.0 2011-07-27
* Release, minor version bump
2.0.46 2011-07-25
* Add role attribute support by Harry Ciao
2.0.45 2011-05-02
* Warn if filename_trans rules are dropped by Steve Lawrence.
2.0.44 2011-04-13
* Fixes for new role_transition class field by Eric Paris.
* Add libsepol support for filename_trans rules by Eric Paris.
2.0.43 2011-04-11
* Add new class field in role_transition by Harry Ciao.
2.0.42 2010-12-16
* Fix compliation under GCC 4.6 by Justin Mattock
2.0.41 2009-11-18
* Fixed typo in error message from Manoj Srivastava.
2.0.40 2009-10-29
* Add pkgconfig file from Eamon Walsh.
2.0.39 2009-10-14
* Add support for building Xen policies from Paul Nuzzi.
2.0.38 2009-09-01
* Check last offset in the module package against the file size.
Reported by Manoj Srivastava for bug filed by Max Kellermann.
2.0.37 2009-07-07
* Add method to check disable dontaudit flag from Christopher Pardy.
2.0.36 2009-03-25
* Fix boolean state smashing from Joshua Brindle.
2.0.35 2009-02-19
* Fix alias field in module format, caused by boundary format change
from Caleb Case.
2.0.34 2008-10-09
* Add bounds support from KaiGai Kohei.
* Fix invalid aliases bug from Joshua Brindle.
2.0.33 2008-09-29
* Revert patch that removed expand_rule.
2.0.32 2008-07-07
* Allow require then declare in the source policy from Joshua Brindle.
2.0.31 2008-06-13
* Fix mls_semantic_level_expand() to handle a user require w/o MLS information from Stephen Smalley.
2.0.30 2008-06-06
* Fix endianness bug in the handling of network node addresses from Stephen Smalley.
Only affects big endian platforms.
Bug reported by John Weeks of Sun upon policy mismatch between x86 and sparc.
2.0.29 2008-05-27
* Merge user and role mapping support from Joshua Brindle.
2.0.28 2008-05-05
* Fix mls_level_convert() to gracefully handle an empty user declaration/require from Stephen Smalley.
2.0.27 2008-04-18
* Belatedly merge test for policy downgrade from Todd Miller.
2.0.26 2008-03-24
* Add permissive domain support from Eric Paris.
2.0.25 2008-03-04
* Drop unused ->buffer field from struct policy_file.
2.0.24 2008-03-04
* Add policy_file_init() initalizer for struct policy_file and use it, from Todd C. Miller.
2.0.23 2008-02-28
* Accept "Flask" as an alternate identifier string in kernel policies from Stephen Smalley.
2.0.22 2008-02-28
* Add support for open_perms policy capability from Eric Paris.
2.0.21 2008-02-20
* Fix invalid memory allocation in policydb_index_others() from Jason Tang.
2.0.20 2008-02-04
* Port of Yuichi Nakamura's tune avtab to reduce memory usage patch from the kernel avtab to libsepol from Stephen Smalley.
2.0.19 2008-02-02
* Add support for consuming avrule_blocks during expansion to reduce
peak memory usage from Joshua Brindle.
2.0.18 2008-01-02
* Added support for policy capabilities from Todd Miller.
2.0.17 2007-12-21
* Prevent generation of policy.18 with MLS enabled from Todd Miller.
2.0.16 2007-12-07
* print module magic number in hex on mismatch, from Todd Miller.
2.0.15 2007-11-29
* clarify and reduce neverallow error reporting from Stephen Smalley.
2.0.14 2007-11-05
* Reject self aliasing at link time from Stephen Smalley.
2.0.13 2007-11-05
* Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley.
2.0.12 2007-10-11
* Fixed bug in require checking from Stephen Smalley.
* Added user hierarchy checking from Todd Miller.
2.0.11 2007-09-24
* Pass CFLAGS to CC even on link command, per Dennis Gilmore.
2.0.10 2007-09-18
* Merged support for the handle_unknown policydb flag from Eric Paris.
2.0.9 2007-08-29
* Moved next_entry and put_entry out-of-line to reduce code size from Ulrich Drepper.
2.0.8 2007-08-28
* Fixed module_package_read_offsets bug introduced by the prior patch.
2.0.7 2007-08-23
* Eliminate unaligned accesses from policy reading code from Stephen Smalley.
2.0.6 2007-08-16
* Allow dontaudits to be turned off during policy expansion from
Joshua Brindle.
2.0.5 2007-08-01
* Fix sepol_context_clone to handle a NULL context correctly.
This happens for e.g. semanage_fcontext_set_con(sh, fcontext, NULL)
to set the file context entry to "<<none>>".
2.0.4 2007-06-20
* Merged error handling patch from Eamon Walsh.
2.0.3 2007-04-13
* Merged add boolmap argument to expand_module_avrules() from Chris PeBenito.
2.0.2 2007-03-30
* Merged fix from Karl to remap booleans at expand time to
avoid holes in the symbol table.
2.0.1 2007-02-06
* Merged libsepol segfault fix from Stephen Smalley for when
sensitivities are required but not present in the base.
2.0.0 2007-02-01
* Merged patch to add errcodes.h to libsepol by Karl MacMillan.
1.16.0 2007-01-18
* Updated version for stable branch.
1.15.3 2006-11-27
* Merged patch to compile wit -fPIC instead of -fpic from
Manoj Srivastava to prevent hitting the global offest table
limit. Patch changed to include libselinux and libsemanage in
addition to libselinux.
1.15.2 2006-10-31
* Merged fix from Karl MacMillan for a segfault when linking
non-MLS modules with users in them.
1.15.1 2006-10-24
* Merged fix for version comparison that was preventing range
transition rules from being written for a version 5 base policy
from Darrel Goeddel.
1.14 2006-10-17
* Updated version for release.
1.12.28 2006-09-28
* Build libsepol's static object files with -fpic
1.12.27 2006-09-28
* Merged mls user and range_transition support in modules
from Darrel Goeddel
1.12.26 2006-09-05
* Merged range transition enhancements and user format changes
Darrel Goeddel
1.12.25 2006-08-24
* Merged conditionally expand neverallows patch from Jeremy Mowery.
* Merged refactor expander patch from Jeremy Mowery.
1.12.24 2006-08-03
* Merged libsepol unit tests from Joshua Brindle.
1.12.23 2006-08-03
* Merged symtab datum patch from Karl MacMillan.
1.12.22 2006-08-03
* Merged netfilter contexts support from Chris PeBenito.
1.12.21 2006-07-28
* Merged helpful hierarchy check errors patch from Joshua Brindle.
1.12.20 2006-07-25
* Merged semodule_deps patch from Karl MacMillan.
This adds source module names to the avrule decls.
1.12.19 2006-06-29
* Lindent.
1.12.18 2006-06-26
* Merged optionals in base take 2 patch set from Joshua Brindle.
1.12.17 2006-05-30
* Revert 1.12.16.
1.12.16 2006-05-30
* Merged cleaner fix for bool_ids overflow from Karl MacMillan,
replacing the prior patch.
1.12.15 2006-05-30
* Merged fixes for several memory leaks in the error paths during
policy read from Serge Hallyn.
1.12.14 2006-05-25
* Fixed bool_ids overflow bug in cond_node_find and cond_copy_list,
based on bug report and suggested fix by Cedric Roux.
1.12.13 2006-05-24
* Merged sens_copy_callback, check_role_hierarchy_callback,
and node_from_record fixes from Serge Hallyn.
1.12.12 2006-05-22
* Added sepol_policydb_compat_net() interface for testing whether
a policy requires the compatibility support for network checks
to be enabled in the kernel.
1.12.11 2006-05-17
* Merged patch to initialize sym_val_to_name arrays from Kevin Carr.
Reworked to use calloc in the first place, and converted some other
malloc/memset pairs to calloc calls.
1.12.10 2006-05-08
* Merged patch to revert role/user decl upgrade from Karl MacMillan.
1.12.9 2006-05-08
* Dropped tests from all Makefile target.
1.12.8 2006-05-05
* Merged fix warnings patch from Karl MacMillan.
1.12.7 2006-05-05
* Merged libsepol test framework patch from Karl MacMillan.
1.12.6 2006-04-28
* Fixed cond_normalize to traverse the entire cond list at link time.
1.12.5 2006-04-03
* Merged fix for leak of optional package sections from Ivan Gyurdiev.
1.12.4 2006-03-29
* Generalize test for bitmap overflow in ebitmap_set_bit.
1.12.3 2006-03-27
* Fixed attr_convert_callback and expand_convert_type_set
typemap bug.
1.12.2 2006-03-24
* Fixed avrule_block_write num_decls endian bug.
1.12.1 2006-03-20
* Fixed sepol_module_package_write buffer overflow bug.
1.12 2006-03-14
* Updated version for release.
1.11.20 2006-03-08
* Merged cond_evaluate_expr fix from Serge Hallyn (IBM).
* Fixed bug in copy_avrule_list reported by Ivan Gyurdiev.
1.11.19 2006-02-21
* Merged sepol_policydb_mls_enabled interface and error handling
changes from Ivan Gyurdiev.
1.11.18 2006-02-16
* Merged node_expand_addr bugfix and node_compare* change from
Ivan Gyurdiev.
1.11.17 2006-02-15
* Merged nodes, ports: always prepend patch from Ivan Gyurdiev.
* Merged bug fix patch from Ivan Gyurdiev.
1.11.16 2006-02-14
* Added a defined flag to level_datum_t for use by checkpolicy.
1.11.15 2006-02-14
* Merged nodecon support patch from Ivan Gyurdiev.
* Merged cleanups patch from Ivan Gyurdiev.
1.11.14 2006-02-13
* Merged optionals in base patch from Joshua Brindle.
1.11.13 2006-02-07
* Merged seuser/user_extra support patch from Joshua Brindle.
* Merged fix patch from Ivan Gyurdiev.
1.11.12 2006-02-02
* Merged clone record on set_con patch from Ivan Gyurdiev.
1.11.11 2006-02-01
* Merged assertion copying bugfix from Joshua Brindle.
* Merged sepol_av_to_string patch from Joshua Brindle.
1.11.10 2006-01-30
* Merged cond_expr mapping and package section count bug fixes
from Joshua Brindle.
* Merged improve port/fcontext API patch from Ivan Gyurdiev.
* Merged fixes for overflow bugs on 64-bit from Ivan Gyurdiev.
1.11.9 2006-01-12
* Merged size_t -> unsigned int patch from Ivan Gyurdiev.
1.11.8 2006-01-09
* Merged 2nd const in APIs patch from Ivan Gyurdiev.
1.11.7 2006-01-06
* Merged const in APIs patch from Ivan Gyurdiev.
* Merged compare2 function patch from Ivan Gyurdiev.
1.11.6 2006-01-06
* Fixed hierarchy checker to only check allow rules.
1.11.5 2006-01-05
* Merged further fixes from Russell Coker, specifically:
- av_to_string overflow checking
- sepol_context_to_string error handling
- hierarchy checking memory leak fixes and optimizations
- avrule_block_read variable initialization
* Marked deprecated code in genbools and genusers.
1.11.4 2006-01-05
* Merged bugfix for sepol_port_modify from Russell Coker.
1.11.3 2006-01-05
* Fixed bug in sepol_iface_modify error path noted by Ivan Gyurdiev.
* Merged port ordering patch from Ivan Gyurdiev.
1.11.2 2006-01-04
* Merged patch series from Ivan Gyurdiev.
This includes patches to:
- support ordering of records in compare function
- enable port interfaces
- add interfaces for context validity and range checks
- add include guards
1.11.1 2005-12-16
* Fixed mls_range_cpy bug.
1.10 2005-12-07
* Updated version for release.
1.9.42 2005-12-05
* Dropped handle from user_del_role interface.
1.9.41 2005-11-28
* Merged remove defrole from sepol patch from Ivan Gyurdiev.
1.9.40 2005-11-15
* Merged module function and map file cleanup from Ivan Gyurdiev.
* Merged MLS and genusers cleanups from Ivan Gyurdiev.
1.9.39 2005-11-09
Prepare for removal of booleans* and *.users files.
* Cleaned up sepol_genbools to not regenerate the image if
there were no changes in the boolean values, including the
degenerate case where there are no booleans or booleans.local
files.
* Cleaned up sepol_genusers to not warn on missing local.users.
1.9.38 2005-11-08
* Removed sepol_port_* from libsepol.map, as the port interfaces
are not yet stable.
1.9.37 2005-11-04
* Merged context destroy cleanup patch from Ivan Gyurdiev.
1.9.36 2005-11-03
* Merged context_to_string interface change patch from Ivan Gyurdiev.
1.9.35 2005-11-01
* Added src/dso.h and src/*_internal.h.
Added hidden_def for exported symbols used within libsepol.
Added hidden for symbols that should not be exported by
the wildcards in libsepol.map.
1.9.34 2005-10-31
* Merged record interface, record bugfix, and set_roles patches
from Ivan Gyurdiev.
1.9.33 2005-10-27
* Merged count specification change from Ivan Gyurdiev.
1.9.32 2005-10-26
* Added further checking and error reporting to
sepol_module_package_read and _info.
1.9.31 2005-10-26
* Merged sepol handle passing, DEBUG conversion, and memory leak
fix patches from Ivan Gyurdiev.
1.9.30 2005-10-25
* Removed processing of system.users from sepol_genusers and
dropped delusers logic.
1.9.29 2005-10-25
* Removed policydb_destroy from error path of policydb_read,
since create/init/destroy/free of policydb is handled by the
caller now.
* Fixed sepol_module_package_read to handle a failed policydb_read
properly.
1.9.28 2005-10-25
* Merged query/exists and count patches from Ivan Gyurdiev.
1.9.27 2005-10-25
* Merged fix for pruned types in expand code from Joshua Brindle.
* Merged new module package format code from Joshua Brindle.
1.9.26 2005-10-24
* Merged context interface cleanup, record conversion code,
key passing, and bug fix patches from Ivan Gyurdiev.
1.9.25 2005-10-21
* Merged users cleanup patch from Ivan Gyurdiev.
1.9.24 2005-10-21
* Merged user record memory leak fix from Ivan Gyurdiev.
* Merged reorganize users patch from Ivan Gyurdiev.
1.9.23 2005-10-19
* Added check flag to expand_module() to control assertion
and hierarchy checking on expansion.
1.9.22 2005-10-19
* Reworked check_assertions() and hierarchy_check_constraints()
to take handles and use callback-based error reporting.
* Changed expand_module() to call check_assertions() and
hierarchy_check_constraints() prior to returning the expanded
policy.
1.9.21 2005-10-18
* Changed sepol_module_package_set_file_contexts to copy the
file contexts data since it is internally managed.
1.9.20 2005-10-18
* Added sepol_policy_file_set_handle interface to associate
a handle with a policy file.
* Added handle argument to policydb_from_image/to_image.
* Added sepol_module_package_set_file_contexts interface.
* Dropped sepol_module_package_create_file interface.
* Reworked policydb_read/write, policydb_from_image/to_image,
and sepol_module_package_read/write to use callback-based error
reporting system rather than DEBUG.
1.9.19 2005-10-17
* Reworked link_packages, link_modules, and expand_module to use
callback-based error reporting system rather than error buffering.
1.9.18 2005-10-14
* Merged conditional expression mapping fix in the module linking
code from Joshua Brindle.
1.9.17 2005-10-13
* Hid sepol_module_package type definition, and added get interfaces.
1.9.16 2005-10-13
* Merged new callback-based error reporting system from Ivan
Gyurdiev.
1.9.15 2005-10-13
* Merged support for require blocks inside conditionals from
Joshua Brindle (Tresys).
1.9.14 2005-10-07
* Fixed use of policydb_from_image/to_image to ensure proper
init of policydb.
1.9.13 2005-10-07
* Isolated policydb internal headers under <sepol/policydb/*.h>.
These headers should only be used by users of the static libsepol.
Created new <sepol/policydb.h> with new public types and interfaces
for shared libsepol.
Created new <sepol/module.h> with public types and interfaces moved
or wrapped from old module.h, link.h, and expand.h, adjusted for
new public types for policydb and policy_file.
Added public interfaces to libsepol.map.
Some implementation changes visible to users of the static libsepol:
1) policydb_read no longer calls policydb_init.
Caller must do so first.
2) policydb_init no longer takes policy_type argument.
Caller must set policy_type separately.
3) expand_module automatically enables the global branch.
Caller no longer needs to do so.
4) policydb_write uses the policy_type and policyvers from the
policydb itself, and sepol_set_policyvers() has been removed.
1.9.12 2005-10-06
* Merged function renaming and static cleanup from Ivan Gyurdiev.
1.9.11 2005-10-05
* Merged bug fix for check_assertions handling of no assertions
from Joshua Brindle (Tresys).
1.9.10 2005-10-04
* Merged iterate patch from Ivan Gyurdiev.
1.9.9 2005-10-03
* Merged MLS in modules patch from Joshua Brindle (Tresys).
1.9.8 2005-09-30
* Merged pointer typedef elimination patch from Ivan Gyurdiev.
* Merged user list function, new mls functions, and bugfix patch
from Ivan Gyurdiev.
1.9.7 2005-09-28
* Merged sepol_get_num_roles fix from Karl MacMillan (Tresys).
1.9.6 2005-09-23
* Merged bug fix patches from Joshua Brindle (Tresys).
1.9.5 2005-09-21
* Merged boolean record and memory leak fix patches from Ivan
Gyurdiev.
1.9.4 2005-09-19
* Merged interface record patch from Ivan Gyurdiev.
1.9.3 2005-09-14
* Merged fix for sepol_enable/disable_debug from Ivan
Gyurdiev.
1.9.2 2005-09-14
* Merged stddef.h patch and debug conversion patch from
Ivan Gyurdiev.
1.9.1 2005-09-09
* Fixed expand_avtab and expand_cond_av_list to keep separate
entries with identical keys but different enabled flags.
1.8 2005-09-06
* Updated version for release.
1.7.24 2005-08-31
* Fixed symtab_insert return value for duplicate declarations.
1.7.23 2005-08-31
* Merged fix for memory error in policy_module_destroy from
Jason Tang (Tresys).
1.7.22 2005-08-26
* Merged fix for memory leak in sepol_context_to_sid from
Jason Tang (Tresys).
1.7.21 2005-08-25
* Merged fixes for resource leaks on error paths and
change to scope_destroy from Joshua Brindle (Tresys).
1.7.20 2005-08-23
* Merged more fixes for resource leaks on error paths
from Serge Hallyn (IBM). Bugs found by Coverity.
1.7.19 2005-08-19
* Changed to treat all type conflicts as fatal errors.
1.7.18 2005-08-18
* Merged several error handling fixes from
Serge Hallyn (IBM). Bugs found by Coverity.
1.7.17 2005-08-15
* Fixed further memory leaks found by valgrind.
1.7.16 2005-08-15
* Fixed several memory leaks found by valgrind.
1.7.15 2005-08-12
* Fixed empty list test in cond_write_av_list. Bug found by
Coverity, reported by Serge Hallyn (IBM).
* Merged patch to policydb_write to check errors
when writing the type->attribute reverse map from
Serge Hallyn (IBM). Bug found by Coverity.
* Fixed policydb_destroy to properly handle NULL type_attr_map
or attr_type_map.
1.7.14 2005-08-12
* Fixed use of uninitialized data by expand_avtab_node by
clearing type_val_to_struct in policydb_index_others.
1.7.13 2005-08-11
* Improved memory use by SELinux by both reducing the avtab
node size and reducing the number of avtab nodes (by not
expanding attributes in TE rules when possible). Added
expand_avtab and expand_cond_av_list functions for use by
assertion checker, hierarchy checker, compatibility code,
and dispol. Added new inline ebitmap operators and converted
existing users of ebitmaps to the new operators for greater
efficiency.
Note: The binary policy format version has been incremented to
version 20 as a result of these changes.
1.7.12 2005-08-10
* Fixed bug in constraint_node_clone handling of name sets.
1.7.11 2005-08-08
* Fix range_trans_clone to map the type values properly.
1.7.10 2005-08-02
* Merged patch to move module read/write code from libsemanage
to libsepol from Jason Tang (Tresys).
1.7.9 2005-08-02
* Enabled further compiler warning flags and fixed them.
1.7.8 2005-08-02
* Merged user, context, port records patch from Ivan Gyurdiev.
* Merged key extract function patch from Ivan Gyurdiev.
1.7.7 2005-07-27
* Merged mls_context_to_sid bugfix from Ivan Gyurdiev.
1.7.6 2005-07-26
* Merged context reorganization, memory leak fixes,
port and interface loading, replacements for genusers and
genbools, debug traceback, and bugfix patches from Ivan Gyurdiev.
* Merged uninitialized variable bugfix from Dan Walsh.
1.7.5 2005-07-18
* Merged debug support, policydb conversion functions from Ivan Gyurdiev (Red Hat).
* Removed genpolbools and genpolusers utilities.
1.7.4 2005-07-18
* Merged hierarchy check fix from Joshua Brindle (Tresys).
1.7.3 2005-07-13
* Merged header file cleanup and memory leak fix from Ivan Gyurdiev (Red Hat).
1.7.2 2005-07-11
* Merged genbools debugging message cleanup from Red Hat.
1.7.1 2005-07-06
* Merged loadable module support from Tresys Technology.
1.6 2005-06-20
* Updated version for release.
1.5.10 2005-05-19
* License changed to LGPL v2.1, see COPYING.
1.5.9 2005-05-16
* Added sepol_genbools_policydb and sepol_genusers_policydb for
audit2why.
1.5.8 2005-05-13
* Added sepol_ prefix to Flask types to avoid
namespace collision with libselinux.
1.5.7 2005-05-13
* Added sepol_compute_av_reason() for audit2why.
1.5.6 2005-04-25
* Fixed bug in role hierarchy checker.
1.5.5 2005-04-13
* Merged hierarchical type/role patch from Tresys Technology.
* Merged MLS fixes from Darrel Goeddel of TCS.
1.5.4 2005-04-13
* Changed sepol_genusers to not delete users by default,
and added a sepol_set_delusers function to enable deletion.
Also, removed special case handling of system_u and user_u.
1.5.3 2005-03-29
* Merged booleans.local patch from Dan Walsh.
1.5.2 2005-03-16
* Added man page for sepol_check_context.
1.5.1 2005-03-15
* Added man page for sepol_genusers function.
* Merged man pages for genpolusers and chkcon from Manoj Srivastava.
1.4 2005-03-09
* Updated version for release.
1.3.8 2005-03-08
* Cleaned up error handling in sepol_genusers and sepol_genbools.
1.3.7 2005-02-28
* Merged sepol_debug and fclose patch from Dan Walsh.
1.3.6 2005-02-22
* Changed sepol_genusers to also use getline and correctly handle
EOL.
1.3.5 2005-02-17
* Merged range_transition support from Darrel Goeddel (TCS).
1.3.4 2005-02-16
* Added sepol_genusers function.
1.3.3 2005-02-14
* Merged endianness and compute_av patches from Darrel Goeddel (TCS).
1.3.2 2005-02-09
* Changed relabel Makefile target to use restorecon.
1.3.1 2005-01-26
* Merged enhanced MLS support from Darrel Goeddel (TCS).
1.2.1 2005-01-19
* Merged build fix patch from Manoj Srivastava.
1.2 2004-10-07
* MLS build fixes.
* Added sepol_set_policydb_from_file and sepol_check_context for setfiles.
1.0 2004-08-19
* Initial public release.
0.4 2004-08-13
* Merged patch from Dan Walsh to ignore case on booleans.
* Changed sepol_genbools* to preserve the original policy version.
* Replaced exported global variables with set functions.
* Moved genpolbools utility from checkpolicy to libsepol.
* Added man pages for sepol_genbools* and genpolbools.
0.3 2004-08-10
* Added ChangeLog, COPYING, spec file.
* Added sepol_genbools_array() for load_policy.
* Created libsepol.map to limit exported symbols in shared library.
0.2 2004-08-09
* Exported other functions for checkpolicy and friends.
* Renamed service and sidtab functions to avoid libselinux conflict.
* Removed original code from checkpolicy, which now uses libsepol.
* Code cleanup: kill legacy references to kernel types/functions.
0.1 2004-08-06
* Moved checkpolicy core logic into a library.
* Exported sepol_genbools() for load_policy.