| * Fix neverallowxperm checking on attributes, from Jeff Vander Stoep. |
| * Remove libsepol.map when cleaning, from Nicolas Iooss. |
| * Add high-level language line marking support to CIL, from James Carter. |
| * Change logic of bounds checking to match change in kernel, from James Carter. |
| * Fix multiple spelling errors, from Laurent Bigonville. |
| * Only apply bounds checking to source types in rules, from Stephen Smalley. |
| * Fix CIL and not add an attribute as a type in the attr_type_map, from James Carter |
| * Build policy on systems not supporting DCCP protocol, from Richard Haines. |
| * Fix extended permissions neverallow checking, from Jeff Vander Stoep. |
| * Fix CIL neverallow and bounds checking, from James Carter |
| * Android.mk: Add -D_GNU_SOURCE to common_cflags, from Nick Kralevich. |
| * Add support for portcon dccp protocol, from Richard Haines |
| * Fix bug in CIL when resetting classes, from Steve Lawrence |
| |
| 2.5 2016-02-23 |
| * Fix unused variable annotations, from Nicolas Iooss. |
| * Fix uninitialized variable in CIL, from Nicolas Iooss. |
| * Validate extended avrules and permissionxs in CIL, from Steve Lawrence. |
| * Add support in CIL for neverallowx, from Steve Lawrence. |
| * Fully expand neverallowxperm rules, from Richard Haines. |
| * Add support for unordered classes to CIL, from Yuli Khodorkovskiy. |
| * Add neverallow support for ioctl extended permissions, from Jeff Vander Stoep. |
| * Improve CIL block and macro call recursion detection, from Steve Lawrence |
| * Fix CIL uninitialized false positive in cil_binary, from Yuli Khodorkovskiy |
| * Provide error in CIL if classperms are empty, from Yuli Khodorkovskiy |
| * Add userattribute{set} functionality to CIL, from Yuli Khodorkovskiy |
| * fix CIL blockinherit copying segfault and add macro restrictions, from Steve Lawrence |
| * fix CIL NULL pointer dereference when copying classpermission/set, from Steve Lawrence |
| * Add CIL support for ioctl whitelists, from Steve Lawrence |
| * Fix memory leak when destroying avtab, from Steve Lawrence |
| * Replace sscanf in module_to_cil, from Yuli Khodorkovskiy. |
| * Improve CIL resolution error messages, from Steve Lawrence |
| * Fix policydb_read for policy versions < 24, from Stephen Smalley. |
| * Added CIL bounds checking and refactored CIL Neverallow checking, from James Carter |
| * Refactored libsepol Neverallow and bounds (hierarchy) checking, from James Carter |
| * Treat types like an attribute in the attr_type_map, from James Carter |
| * Add new ebitmap function named ebitmap_match_any(), from James Carter |
| * switch operations to extended perms, from Jeff Vander Stoep. |
| * Write auditadm_r and secadm_r roles to base module when writing CIL, from Steve Lawrence |
| * Fix module to CIL to only associate declared roleattributes with in-scope types, from Steve Lawrence |
| * Don't allow categories/sensitivities inside blocks in CIL, from Yuli Khodorkovskiy. |
| * Replace fmemopen() with internal function in libsepol, from James Carter. |
| * Verify users prior to evaluating users in cil, from Yuli Khodorkovskiy. |
| * Binary modules do not support ioctl rules, from Stephen Smalley. |
| * Add support for ioctl command whitelisting, from Jeff Vander Stoep. |
| * Don't use symbol versioning for static object files, from Yuli Khodorkovskiy. |
| * Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(), and sepol_ppfile_to_module_package(), from James Carter. |
| * Move secilc out of libsepol, from Yuli Khodorkovskiy. |
| * fix building Xen policy with devicetreecon, and add devicetreecon |
| CIL documentation, from Richard Haines. |
| * bool_copy_callback set state on creation, from Thomas Hurd. |
| * Add device tree ocontext nodes to Xen policy, from Daniel De Graaf. |
| * Widen Xen IOMEM context entries, from Daniel De Graaf. |
| * Update CIL documentation, from Richard Haines |
| * Fix error path in mls_semantic_level_expand(), from Chris PeBenito. |
| * Fix MacOS X build, from Stephen Smalley. |
| * Enabling building CIL in Android, from Stephen Smalley. |
| * Update to latest CIL, includes new name resolution and fixes ordering |
| issues with blockinherit statements, and bug fixes |
| |
| 2.4 2015-02-02 |
| * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR, from Steve |
| Lawrence |
| * Fix bugs found by hardened gcc flags, from Nicolas Iooss. |
| * Build CIL into libsepol. libsepol can be built without CIL by setting the |
| DISABLE_CIL flag to 'y', from Steve Lawrence |
| * Add an API function to set target_platform, from Steve Lawrence |
| * Report all neverallow violations, from Stephen Smalley |
| * Improve check_assertions performance through hash tweaks from John Brooks. |
| * Allow libsepol C++ static library on device from Daniel Cashman. |
| |
| 2.3 2014-05-06 |
| * Improve error message for name-based transition conflicts. |
| * Revert libsepol: filename_trans: use some better sorting to compare and merge. |
| * Report source file and line information for neverallow failures. |
| * Fix valgrind errors in constraint_expr_eval_reason from Richard Haines. |
| * Add sepol_validate_transition_reason_buffer function from Richard Haines. |
| |
| 2.2 2013-10-30 |
| * Allow constraint denial cause to be determined from Richard Haines. |
| - Add kernel policy version 29. |
| - Add modular policy version 17. |
| - Add sepol_compute_av_reason_buffer(), sepol_string_to_security_class(), sepol_string_to_av_perm(). |
| * Support overriding Makefile RANLIB from Sven Vermeulen. |
| * Fix man pages from Laurent Bigonville. |
| |
| 2.1.9 2013-02-01 |
| * filename_trans: use some better sorting to compare and merge |
| * coverity fixes |
| * implement default type policy syntax |
| * Fix memory leak issues found by Klocwork |
| |
| 2.1.8 2012-09-13 |
| * fix neverallow checking on attributes |
| * Move context_copy() after switch block in ocontext_copy_*(). |
| * check for missing initial SID labeling statement. |
| * Add always_check_network policy capability |
| * role_fix_callback skips out-of-scope roles during expansion. |
| |
| 2.1.7 2012-06-28 |
| * reserve policycapability for redhat testing of ptrace child |
| * cosmetic changes to make the source easier to read |
| * prepend instead of append to filename_trans list |
| * Android/MacOS X build support |
| |
| 2.1.6 2012-04-23 |
| * allocate enough space to hold filename in trans rules |
| |
| 2.1.5 2012-03-28 |
| * checkpolicy: implement new default labeling behaviors |
| |
| 2.1.4 2011-10-03 |
| * regenerate .pc on VERSION change |
| * Move ebitmap_* functions from mcstrans to libsepol |
| * expand: do filename_trans type comparison on mapped representation |
| |
| 2.1.3 2011-09-15 |
| * Skip writing role attributes for policy.X and |
| * Indicate when boolean is indeed a tunable. |
| * Separate tunable from boolean during compile. |
| * Write and read TUNABLE flags in related |
| * Copy and check the cond_bool_datum_t.flags during link. |
| * Permanently discard disabled branches of tunables in |
| * Skip tunable identifier and cond_node_t in expansion. |
| * Create a new preserve_tunables flag |
| * Preserve tunables when required by semodule program. |
| * setools expects expand_module_avrules to be an exported |
| * tree: default make target to all not |
| |
| 2.1.2 2011-08-03 |
| * Only call role_fix_callback for base.p_roles during expansion. |
| * use mapped role number instead of module role number |
| |
| 2.1.1 2011-08-01 |
| * Minor fix to reading policy with filename transition rules |
| |
| 2.1.0 2011-07-27 |
| * Release, minor version bump |
| |
| 2.0.46 2011-07-25 |
| * Add role attribute support by Harry Ciao |
| |
| 2.0.45 2011-05-02 |
| * Warn if filename_trans rules are dropped by Steve Lawrence. |
| |
| 2.0.44 2011-04-13 |
| * Fixes for new role_transition class field by Eric Paris. |
| * Add libsepol support for filename_trans rules by Eric Paris. |
| |
| 2.0.43 2011-04-11 |
| * Add new class field in role_transition by Harry Ciao. |
| |
| 2.0.42 2010-12-16 |
| * Fix compliation under GCC 4.6 by Justin Mattock |
| |
| 2.0.41 2009-11-18 |
| * Fixed typo in error message from Manoj Srivastava. |
| |
| 2.0.40 2009-10-29 |
| * Add pkgconfig file from Eamon Walsh. |
| |
| 2.0.39 2009-10-14 |
| * Add support for building Xen policies from Paul Nuzzi. |
| |
| 2.0.38 2009-09-01 |
| * Check last offset in the module package against the file size. |
| Reported by Manoj Srivastava for bug filed by Max Kellermann. |
| |
| 2.0.37 2009-07-07 |
| * Add method to check disable dontaudit flag from Christopher Pardy. |
| |
| 2.0.36 2009-03-25 |
| * Fix boolean state smashing from Joshua Brindle. |
| |
| 2.0.35 2009-02-19 |
| * Fix alias field in module format, caused by boundary format change |
| from Caleb Case. |
| |
| 2.0.34 2008-10-09 |
| * Add bounds support from KaiGai Kohei. |
| * Fix invalid aliases bug from Joshua Brindle. |
| |
| 2.0.33 2008-09-29 |
| * Revert patch that removed expand_rule. |
| |
| 2.0.32 2008-07-07 |
| * Allow require then declare in the source policy from Joshua Brindle. |
| |
| 2.0.31 2008-06-13 |
| * Fix mls_semantic_level_expand() to handle a user require w/o MLS information from Stephen Smalley. |
| |
| 2.0.30 2008-06-06 |
| * Fix endianness bug in the handling of network node addresses from Stephen Smalley. |
| Only affects big endian platforms. |
| Bug reported by John Weeks of Sun upon policy mismatch between x86 and sparc. |
| |
| 2.0.29 2008-05-27 |
| * Merge user and role mapping support from Joshua Brindle. |
| |
| 2.0.28 2008-05-05 |
| * Fix mls_level_convert() to gracefully handle an empty user declaration/require from Stephen Smalley. |
| |
| 2.0.27 2008-04-18 |
| * Belatedly merge test for policy downgrade from Todd Miller. |
| |
| 2.0.26 2008-03-24 |
| * Add permissive domain support from Eric Paris. |
| |
| 2.0.25 2008-03-04 |
| * Drop unused ->buffer field from struct policy_file. |
| |
| 2.0.24 2008-03-04 |
| * Add policy_file_init() initalizer for struct policy_file and use it, from Todd C. Miller. |
| |
| 2.0.23 2008-02-28 |
| * Accept "Flask" as an alternate identifier string in kernel policies from Stephen Smalley. |
| |
| 2.0.22 2008-02-28 |
| * Add support for open_perms policy capability from Eric Paris. |
| |
| 2.0.21 2008-02-20 |
| * Fix invalid memory allocation in policydb_index_others() from Jason Tang. |
| |
| 2.0.20 2008-02-04 |
| * Port of Yuichi Nakamura's tune avtab to reduce memory usage patch from the kernel avtab to libsepol from Stephen Smalley. |
| |
| 2.0.19 2008-02-02 |
| * Add support for consuming avrule_blocks during expansion to reduce |
| peak memory usage from Joshua Brindle. |
| |
| 2.0.18 2008-01-02 |
| * Added support for policy capabilities from Todd Miller. |
| |
| 2.0.17 2007-12-21 |
| * Prevent generation of policy.18 with MLS enabled from Todd Miller. |
| |
| 2.0.16 2007-12-07 |
| * print module magic number in hex on mismatch, from Todd Miller. |
| |
| 2.0.15 2007-11-29 |
| * clarify and reduce neverallow error reporting from Stephen Smalley. |
| |
| 2.0.14 2007-11-05 |
| * Reject self aliasing at link time from Stephen Smalley. |
| |
| 2.0.13 2007-11-05 |
| * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley. |
| |
| 2.0.12 2007-10-11 |
| * Fixed bug in require checking from Stephen Smalley. |
| * Added user hierarchy checking from Todd Miller. |
| |
| 2.0.11 2007-09-24 |
| * Pass CFLAGS to CC even on link command, per Dennis Gilmore. |
| |
| 2.0.10 2007-09-18 |
| * Merged support for the handle_unknown policydb flag from Eric Paris. |
| |
| 2.0.9 2007-08-29 |
| * Moved next_entry and put_entry out-of-line to reduce code size from Ulrich Drepper. |
| |
| 2.0.8 2007-08-28 |
| * Fixed module_package_read_offsets bug introduced by the prior patch. |
| |
| 2.0.7 2007-08-23 |
| * Eliminate unaligned accesses from policy reading code from Stephen Smalley. |
| |
| 2.0.6 2007-08-16 |
| * Allow dontaudits to be turned off during policy expansion from |
| Joshua Brindle. |
| |
| 2.0.5 2007-08-01 |
| * Fix sepol_context_clone to handle a NULL context correctly. |
| This happens for e.g. semanage_fcontext_set_con(sh, fcontext, NULL) |
| to set the file context entry to "<<none>>". |
| |
| 2.0.4 2007-06-20 |
| * Merged error handling patch from Eamon Walsh. |
| |
| 2.0.3 2007-04-13 |
| * Merged add boolmap argument to expand_module_avrules() from Chris PeBenito. |
| |
| 2.0.2 2007-03-30 |
| * Merged fix from Karl to remap booleans at expand time to |
| avoid holes in the symbol table. |
| |
| 2.0.1 2007-02-06 |
| * Merged libsepol segfault fix from Stephen Smalley for when |
| sensitivities are required but not present in the base. |
| |
| 2.0.0 2007-02-01 |
| * Merged patch to add errcodes.h to libsepol by Karl MacMillan. |
| |
| 1.16.0 2007-01-18 |
| * Updated version for stable branch. |
| |
| 1.15.3 2006-11-27 |
| * Merged patch to compile wit -fPIC instead of -fpic from |
| Manoj Srivastava to prevent hitting the global offest table |
| limit. Patch changed to include libselinux and libsemanage in |
| addition to libselinux. |
| 1.15.2 2006-10-31 |
| * Merged fix from Karl MacMillan for a segfault when linking |
| non-MLS modules with users in them. |
| |
| 1.15.1 2006-10-24 |
| * Merged fix for version comparison that was preventing range |
| transition rules from being written for a version 5 base policy |
| from Darrel Goeddel. |
| |
| 1.14 2006-10-17 |
| * Updated version for release. |
| |
| 1.12.28 2006-09-28 |
| * Build libsepol's static object files with -fpic |
| |
| 1.12.27 2006-09-28 |
| * Merged mls user and range_transition support in modules |
| from Darrel Goeddel |
| |
| 1.12.26 2006-09-05 |
| * Merged range transition enhancements and user format changes |
| Darrel Goeddel |
| |
| 1.12.25 2006-08-24 |
| * Merged conditionally expand neverallows patch from Jeremy Mowery. |
| * Merged refactor expander patch from Jeremy Mowery. |
| |
| 1.12.24 2006-08-03 |
| * Merged libsepol unit tests from Joshua Brindle. |
| |
| 1.12.23 2006-08-03 |
| * Merged symtab datum patch from Karl MacMillan. |
| |
| 1.12.22 2006-08-03 |
| * Merged netfilter contexts support from Chris PeBenito. |
| |
| 1.12.21 2006-07-28 |
| * Merged helpful hierarchy check errors patch from Joshua Brindle. |
| |
| 1.12.20 2006-07-25 |
| * Merged semodule_deps patch from Karl MacMillan. |
| This adds source module names to the avrule decls. |
| |
| 1.12.19 2006-06-29 |
| * Lindent. |
| |
| 1.12.18 2006-06-26 |
| * Merged optionals in base take 2 patch set from Joshua Brindle. |
| |
| 1.12.17 2006-05-30 |
| * Revert 1.12.16. |
| |
| 1.12.16 2006-05-30 |
| * Merged cleaner fix for bool_ids overflow from Karl MacMillan, |
| replacing the prior patch. |
| |
| 1.12.15 2006-05-30 |
| * Merged fixes for several memory leaks in the error paths during |
| policy read from Serge Hallyn. |
| |
| 1.12.14 2006-05-25 |
| * Fixed bool_ids overflow bug in cond_node_find and cond_copy_list, |
| based on bug report and suggested fix by Cedric Roux. |
| |
| 1.12.13 2006-05-24 |
| * Merged sens_copy_callback, check_role_hierarchy_callback, |
| and node_from_record fixes from Serge Hallyn. |
| |
| 1.12.12 2006-05-22 |
| * Added sepol_policydb_compat_net() interface for testing whether |
| a policy requires the compatibility support for network checks |
| to be enabled in the kernel. |
| |
| 1.12.11 2006-05-17 |
| * Merged patch to initialize sym_val_to_name arrays from Kevin Carr. |
| Reworked to use calloc in the first place, and converted some other |
| malloc/memset pairs to calloc calls. |
| |
| 1.12.10 2006-05-08 |
| * Merged patch to revert role/user decl upgrade from Karl MacMillan. |
| |
| 1.12.9 2006-05-08 |
| * Dropped tests from all Makefile target. |
| |
| 1.12.8 2006-05-05 |
| * Merged fix warnings patch from Karl MacMillan. |
| |
| 1.12.7 2006-05-05 |
| * Merged libsepol test framework patch from Karl MacMillan. |
| |
| 1.12.6 2006-04-28 |
| * Fixed cond_normalize to traverse the entire cond list at link time. |
| |
| 1.12.5 2006-04-03 |
| * Merged fix for leak of optional package sections from Ivan Gyurdiev. |
| |
| 1.12.4 2006-03-29 |
| * Generalize test for bitmap overflow in ebitmap_set_bit. |
| |
| 1.12.3 2006-03-27 |
| * Fixed attr_convert_callback and expand_convert_type_set |
| typemap bug. |
| |
| 1.12.2 2006-03-24 |
| * Fixed avrule_block_write num_decls endian bug. |
| |
| 1.12.1 2006-03-20 |
| * Fixed sepol_module_package_write buffer overflow bug. |
| |
| 1.12 2006-03-14 |
| * Updated version for release. |
| |
| 1.11.20 2006-03-08 |
| * Merged cond_evaluate_expr fix from Serge Hallyn (IBM). |
| * Fixed bug in copy_avrule_list reported by Ivan Gyurdiev. |
| |
| 1.11.19 2006-02-21 |
| * Merged sepol_policydb_mls_enabled interface and error handling |
| changes from Ivan Gyurdiev. |
| |
| 1.11.18 2006-02-16 |
| * Merged node_expand_addr bugfix and node_compare* change from |
| Ivan Gyurdiev. |
| |
| 1.11.17 2006-02-15 |
| * Merged nodes, ports: always prepend patch from Ivan Gyurdiev. |
| * Merged bug fix patch from Ivan Gyurdiev. |
| |
| 1.11.16 2006-02-14 |
| * Added a defined flag to level_datum_t for use by checkpolicy. |
| |
| 1.11.15 2006-02-14 |
| * Merged nodecon support patch from Ivan Gyurdiev. |
| * Merged cleanups patch from Ivan Gyurdiev. |
| |
| 1.11.14 2006-02-13 |
| * Merged optionals in base patch from Joshua Brindle. |
| |
| 1.11.13 2006-02-07 |
| * Merged seuser/user_extra support patch from Joshua Brindle. |
| * Merged fix patch from Ivan Gyurdiev. |
| |
| 1.11.12 2006-02-02 |
| * Merged clone record on set_con patch from Ivan Gyurdiev. |
| |
| 1.11.11 2006-02-01 |
| * Merged assertion copying bugfix from Joshua Brindle. |
| * Merged sepol_av_to_string patch from Joshua Brindle. |
| |
| 1.11.10 2006-01-30 |
| * Merged cond_expr mapping and package section count bug fixes |
| from Joshua Brindle. |
| * Merged improve port/fcontext API patch from Ivan Gyurdiev. |
| * Merged fixes for overflow bugs on 64-bit from Ivan Gyurdiev. |
| |
| 1.11.9 2006-01-12 |
| * Merged size_t -> unsigned int patch from Ivan Gyurdiev. |
| |
| 1.11.8 2006-01-09 |
| * Merged 2nd const in APIs patch from Ivan Gyurdiev. |
| |
| 1.11.7 2006-01-06 |
| * Merged const in APIs patch from Ivan Gyurdiev. |
| * Merged compare2 function patch from Ivan Gyurdiev. |
| |
| 1.11.6 2006-01-06 |
| * Fixed hierarchy checker to only check allow rules. |
| |
| 1.11.5 2006-01-05 |
| * Merged further fixes from Russell Coker, specifically: |
| - av_to_string overflow checking |
| - sepol_context_to_string error handling |
| - hierarchy checking memory leak fixes and optimizations |
| - avrule_block_read variable initialization |
| * Marked deprecated code in genbools and genusers. |
| |
| 1.11.4 2006-01-05 |
| * Merged bugfix for sepol_port_modify from Russell Coker. |
| |
| 1.11.3 2006-01-05 |
| * Fixed bug in sepol_iface_modify error path noted by Ivan Gyurdiev. |
| * Merged port ordering patch from Ivan Gyurdiev. |
| |
| 1.11.2 2006-01-04 |
| * Merged patch series from Ivan Gyurdiev. |
| This includes patches to: |
| - support ordering of records in compare function |
| - enable port interfaces |
| - add interfaces for context validity and range checks |
| - add include guards |
| |
| 1.11.1 2005-12-16 |
| * Fixed mls_range_cpy bug. |
| |
| 1.10 2005-12-07 |
| * Updated version for release. |
| |
| 1.9.42 2005-12-05 |
| * Dropped handle from user_del_role interface. |
| |
| 1.9.41 2005-11-28 |
| * Merged remove defrole from sepol patch from Ivan Gyurdiev. |
| |
| 1.9.40 2005-11-15 |
| * Merged module function and map file cleanup from Ivan Gyurdiev. |
| * Merged MLS and genusers cleanups from Ivan Gyurdiev. |
| |
| 1.9.39 2005-11-09 |
| Prepare for removal of booleans* and *.users files. |
| * Cleaned up sepol_genbools to not regenerate the image if |
| there were no changes in the boolean values, including the |
| degenerate case where there are no booleans or booleans.local |
| files. |
| * Cleaned up sepol_genusers to not warn on missing local.users. |
| |
| 1.9.38 2005-11-08 |
| * Removed sepol_port_* from libsepol.map, as the port interfaces |
| are not yet stable. |
| |
| 1.9.37 2005-11-04 |
| * Merged context destroy cleanup patch from Ivan Gyurdiev. |
| |
| 1.9.36 2005-11-03 |
| * Merged context_to_string interface change patch from Ivan Gyurdiev. |
| |
| 1.9.35 2005-11-01 |
| * Added src/dso.h and src/*_internal.h. |
| Added hidden_def for exported symbols used within libsepol. |
| Added hidden for symbols that should not be exported by |
| the wildcards in libsepol.map. |
| |
| 1.9.34 2005-10-31 |
| * Merged record interface, record bugfix, and set_roles patches |
| from Ivan Gyurdiev. |
| |
| 1.9.33 2005-10-27 |
| * Merged count specification change from Ivan Gyurdiev. |
| |
| 1.9.32 2005-10-26 |
| * Added further checking and error reporting to |
| sepol_module_package_read and _info. |
| |
| 1.9.31 2005-10-26 |
| * Merged sepol handle passing, DEBUG conversion, and memory leak |
| fix patches from Ivan Gyurdiev. |
| |
| 1.9.30 2005-10-25 |
| * Removed processing of system.users from sepol_genusers and |
| dropped delusers logic. |
| |
| 1.9.29 2005-10-25 |
| * Removed policydb_destroy from error path of policydb_read, |
| since create/init/destroy/free of policydb is handled by the |
| caller now. |
| * Fixed sepol_module_package_read to handle a failed policydb_read |
| properly. |
| |
| 1.9.28 2005-10-25 |
| * Merged query/exists and count patches from Ivan Gyurdiev. |
| |
| 1.9.27 2005-10-25 |
| * Merged fix for pruned types in expand code from Joshua Brindle. |
| * Merged new module package format code from Joshua Brindle. |
| |
| 1.9.26 2005-10-24 |
| * Merged context interface cleanup, record conversion code, |
| key passing, and bug fix patches from Ivan Gyurdiev. |
| |
| 1.9.25 2005-10-21 |
| * Merged users cleanup patch from Ivan Gyurdiev. |
| |
| 1.9.24 2005-10-21 |
| * Merged user record memory leak fix from Ivan Gyurdiev. |
| * Merged reorganize users patch from Ivan Gyurdiev. |
| |
| 1.9.23 2005-10-19 |
| * Added check flag to expand_module() to control assertion |
| and hierarchy checking on expansion. |
| |
| 1.9.22 2005-10-19 |
| * Reworked check_assertions() and hierarchy_check_constraints() |
| to take handles and use callback-based error reporting. |
| * Changed expand_module() to call check_assertions() and |
| hierarchy_check_constraints() prior to returning the expanded |
| policy. |
| |
| 1.9.21 2005-10-18 |
| * Changed sepol_module_package_set_file_contexts to copy the |
| file contexts data since it is internally managed. |
| |
| 1.9.20 2005-10-18 |
| * Added sepol_policy_file_set_handle interface to associate |
| a handle with a policy file. |
| * Added handle argument to policydb_from_image/to_image. |
| * Added sepol_module_package_set_file_contexts interface. |
| * Dropped sepol_module_package_create_file interface. |
| * Reworked policydb_read/write, policydb_from_image/to_image, |
| and sepol_module_package_read/write to use callback-based error |
| reporting system rather than DEBUG. |
| |
| 1.9.19 2005-10-17 |
| * Reworked link_packages, link_modules, and expand_module to use |
| callback-based error reporting system rather than error buffering. |
| |
| 1.9.18 2005-10-14 |
| * Merged conditional expression mapping fix in the module linking |
| code from Joshua Brindle. |
| |
| 1.9.17 2005-10-13 |
| * Hid sepol_module_package type definition, and added get interfaces. |
| |
| 1.9.16 2005-10-13 |
| * Merged new callback-based error reporting system from Ivan |
| Gyurdiev. |
| |
| 1.9.15 2005-10-13 |
| * Merged support for require blocks inside conditionals from |
| Joshua Brindle (Tresys). |
| |
| 1.9.14 2005-10-07 |
| * Fixed use of policydb_from_image/to_image to ensure proper |
| init of policydb. |
| |
| 1.9.13 2005-10-07 |
| * Isolated policydb internal headers under <sepol/policydb/*.h>. |
| These headers should only be used by users of the static libsepol. |
| Created new <sepol/policydb.h> with new public types and interfaces |
| for shared libsepol. |
| Created new <sepol/module.h> with public types and interfaces moved |
| or wrapped from old module.h, link.h, and expand.h, adjusted for |
| new public types for policydb and policy_file. |
| Added public interfaces to libsepol.map. |
| Some implementation changes visible to users of the static libsepol: |
| 1) policydb_read no longer calls policydb_init. |
| Caller must do so first. |
| 2) policydb_init no longer takes policy_type argument. |
| Caller must set policy_type separately. |
| 3) expand_module automatically enables the global branch. |
| Caller no longer needs to do so. |
| 4) policydb_write uses the policy_type and policyvers from the |
| policydb itself, and sepol_set_policyvers() has been removed. |
| |
| 1.9.12 2005-10-06 |
| * Merged function renaming and static cleanup from Ivan Gyurdiev. |
| |
| 1.9.11 2005-10-05 |
| * Merged bug fix for check_assertions handling of no assertions |
| from Joshua Brindle (Tresys). |
| |
| 1.9.10 2005-10-04 |
| * Merged iterate patch from Ivan Gyurdiev. |
| |
| 1.9.9 2005-10-03 |
| * Merged MLS in modules patch from Joshua Brindle (Tresys). |
| |
| 1.9.8 2005-09-30 |
| * Merged pointer typedef elimination patch from Ivan Gyurdiev. |
| * Merged user list function, new mls functions, and bugfix patch |
| from Ivan Gyurdiev. |
| |
| 1.9.7 2005-09-28 |
| * Merged sepol_get_num_roles fix from Karl MacMillan (Tresys). |
| |
| 1.9.6 2005-09-23 |
| * Merged bug fix patches from Joshua Brindle (Tresys). |
| |
| 1.9.5 2005-09-21 |
| * Merged boolean record and memory leak fix patches from Ivan |
| Gyurdiev. |
| |
| 1.9.4 2005-09-19 |
| * Merged interface record patch from Ivan Gyurdiev. |
| |
| 1.9.3 2005-09-14 |
| * Merged fix for sepol_enable/disable_debug from Ivan |
| Gyurdiev. |
| |
| 1.9.2 2005-09-14 |
| * Merged stddef.h patch and debug conversion patch from |
| Ivan Gyurdiev. |
| |
| 1.9.1 2005-09-09 |
| * Fixed expand_avtab and expand_cond_av_list to keep separate |
| entries with identical keys but different enabled flags. |
| |
| 1.8 2005-09-06 |
| * Updated version for release. |
| |
| 1.7.24 2005-08-31 |
| * Fixed symtab_insert return value for duplicate declarations. |
| |
| 1.7.23 2005-08-31 |
| * Merged fix for memory error in policy_module_destroy from |
| Jason Tang (Tresys). |
| |
| 1.7.22 2005-08-26 |
| * Merged fix for memory leak in sepol_context_to_sid from |
| Jason Tang (Tresys). |
| |
| 1.7.21 2005-08-25 |
| * Merged fixes for resource leaks on error paths and |
| change to scope_destroy from Joshua Brindle (Tresys). |
| |
| 1.7.20 2005-08-23 |
| * Merged more fixes for resource leaks on error paths |
| from Serge Hallyn (IBM). Bugs found by Coverity. |
| |
| 1.7.19 2005-08-19 |
| * Changed to treat all type conflicts as fatal errors. |
| |
| 1.7.18 2005-08-18 |
| * Merged several error handling fixes from |
| Serge Hallyn (IBM). Bugs found by Coverity. |
| |
| 1.7.17 2005-08-15 |
| * Fixed further memory leaks found by valgrind. |
| |
| 1.7.16 2005-08-15 |
| * Fixed several memory leaks found by valgrind. |
| |
| 1.7.15 2005-08-12 |
| * Fixed empty list test in cond_write_av_list. Bug found by |
| Coverity, reported by Serge Hallyn (IBM). |
| * Merged patch to policydb_write to check errors |
| when writing the type->attribute reverse map from |
| Serge Hallyn (IBM). Bug found by Coverity. |
| * Fixed policydb_destroy to properly handle NULL type_attr_map |
| or attr_type_map. |
| |
| 1.7.14 2005-08-12 |
| * Fixed use of uninitialized data by expand_avtab_node by |
| clearing type_val_to_struct in policydb_index_others. |
| |
| 1.7.13 2005-08-11 |
| * Improved memory use by SELinux by both reducing the avtab |
| node size and reducing the number of avtab nodes (by not |
| expanding attributes in TE rules when possible). Added |
| expand_avtab and expand_cond_av_list functions for use by |
| assertion checker, hierarchy checker, compatibility code, |
| and dispol. Added new inline ebitmap operators and converted |
| existing users of ebitmaps to the new operators for greater |
| efficiency. |
| Note: The binary policy format version has been incremented to |
| version 20 as a result of these changes. |
| |
| 1.7.12 2005-08-10 |
| * Fixed bug in constraint_node_clone handling of name sets. |
| |
| 1.7.11 2005-08-08 |
| * Fix range_trans_clone to map the type values properly. |
| |
| 1.7.10 2005-08-02 |
| * Merged patch to move module read/write code from libsemanage |
| to libsepol from Jason Tang (Tresys). |
| |
| 1.7.9 2005-08-02 |
| * Enabled further compiler warning flags and fixed them. |
| |
| 1.7.8 2005-08-02 |
| * Merged user, context, port records patch from Ivan Gyurdiev. |
| * Merged key extract function patch from Ivan Gyurdiev. |
| |
| 1.7.7 2005-07-27 |
| * Merged mls_context_to_sid bugfix from Ivan Gyurdiev. |
| |
| 1.7.6 2005-07-26 |
| * Merged context reorganization, memory leak fixes, |
| port and interface loading, replacements for genusers and |
| genbools, debug traceback, and bugfix patches from Ivan Gyurdiev. |
| * Merged uninitialized variable bugfix from Dan Walsh. |
| |
| 1.7.5 2005-07-18 |
| * Merged debug support, policydb conversion functions from Ivan Gyurdiev (Red Hat). |
| * Removed genpolbools and genpolusers utilities. |
| |
| 1.7.4 2005-07-18 |
| * Merged hierarchy check fix from Joshua Brindle (Tresys). |
| |
| 1.7.3 2005-07-13 |
| * Merged header file cleanup and memory leak fix from Ivan Gyurdiev (Red Hat). |
| |
| 1.7.2 2005-07-11 |
| * Merged genbools debugging message cleanup from Red Hat. |
| |
| 1.7.1 2005-07-06 |
| * Merged loadable module support from Tresys Technology. |
| |
| 1.6 2005-06-20 |
| * Updated version for release. |
| |
| 1.5.10 2005-05-19 |
| * License changed to LGPL v2.1, see COPYING. |
| |
| 1.5.9 2005-05-16 |
| * Added sepol_genbools_policydb and sepol_genusers_policydb for |
| audit2why. |
| |
| 1.5.8 2005-05-13 |
| * Added sepol_ prefix to Flask types to avoid |
| namespace collision with libselinux. |
| |
| 1.5.7 2005-05-13 |
| * Added sepol_compute_av_reason() for audit2why. |
| |
| 1.5.6 2005-04-25 |
| * Fixed bug in role hierarchy checker. |
| |
| 1.5.5 2005-04-13 |
| * Merged hierarchical type/role patch from Tresys Technology. |
| * Merged MLS fixes from Darrel Goeddel of TCS. |
| |
| 1.5.4 2005-04-13 |
| * Changed sepol_genusers to not delete users by default, |
| and added a sepol_set_delusers function to enable deletion. |
| Also, removed special case handling of system_u and user_u. |
| |
| 1.5.3 2005-03-29 |
| * Merged booleans.local patch from Dan Walsh. |
| |
| 1.5.2 2005-03-16 |
| * Added man page for sepol_check_context. |
| |
| 1.5.1 2005-03-15 |
| * Added man page for sepol_genusers function. |
| * Merged man pages for genpolusers and chkcon from Manoj Srivastava. |
| |
| 1.4 2005-03-09 |
| * Updated version for release. |
| |
| 1.3.8 2005-03-08 |
| * Cleaned up error handling in sepol_genusers and sepol_genbools. |
| |
| 1.3.7 2005-02-28 |
| * Merged sepol_debug and fclose patch from Dan Walsh. |
| |
| 1.3.6 2005-02-22 |
| * Changed sepol_genusers to also use getline and correctly handle |
| EOL. |
| |
| 1.3.5 2005-02-17 |
| * Merged range_transition support from Darrel Goeddel (TCS). |
| |
| 1.3.4 2005-02-16 |
| * Added sepol_genusers function. |
| |
| 1.3.3 2005-02-14 |
| * Merged endianness and compute_av patches from Darrel Goeddel (TCS). |
| |
| 1.3.2 2005-02-09 |
| * Changed relabel Makefile target to use restorecon. |
| |
| 1.3.1 2005-01-26 |
| * Merged enhanced MLS support from Darrel Goeddel (TCS). |
| |
| 1.2.1 2005-01-19 |
| * Merged build fix patch from Manoj Srivastava. |
| |
| 1.2 2004-10-07 |
| * MLS build fixes. |
| * Added sepol_set_policydb_from_file and sepol_check_context for setfiles. |
| |
| 1.0 2004-08-19 |
| * Initial public release. |
| |
| 0.4 2004-08-13 |
| * Merged patch from Dan Walsh to ignore case on booleans. |
| * Changed sepol_genbools* to preserve the original policy version. |
| * Replaced exported global variables with set functions. |
| * Moved genpolbools utility from checkpolicy to libsepol. |
| * Added man pages for sepol_genbools* and genpolbools. |
| |
| 0.3 2004-08-10 |
| * Added ChangeLog, COPYING, spec file. |
| * Added sepol_genbools_array() for load_policy. |
| * Created libsepol.map to limit exported symbols in shared library. |
| |
| 0.2 2004-08-09 |
| * Exported other functions for checkpolicy and friends. |
| * Renamed service and sidtab functions to avoid libselinux conflict. |
| * Removed original code from checkpolicy, which now uses libsepol. |
| * Code cleanup: kill legacy references to kernel types/functions. |
| |
| 0.1 2004-08-06 |
| * Moved checkpolicy core logic into a library. |
| * Exported sepol_genbools() for load_policy. |