12.1.11 2012-09-13 2 * fd leak reading policy 3 * check return code on ebitmap_set_bit 4 52.1.10 2012-06-28 6 * sepolgen: We need to support files that have a + in them 7 * Android/MacOS X build support 8 92.1.9 2012-03-28 10 * implement new default labeling behaviors for usr, role, range 11 * Fix dead links to www.nsa.gov/selinux 12 132.1.8 2011-12-21 14 * add new helper to translate class sets into bitmaps 15 162.1.7 2011-12-05 17 * dis* fixed signed vs unsigned errors 18 * dismod: fix unused parameter errors 19 * test: Makefile: include -W and -Werror 20 * allow ~ in filename transition rules 21 222.1.6 2011-11-03 23 * Revert "checkpolicy: Redo filename/filesystem syntax to support filename trans rules" 24 * drop libsepol dynamic link in checkpolicy 25 262.1.5 2011-09-15 27 * Separate tunable from boolean during compile. 28 292.1.4 2011-08-26 30 * checkpolicy: fix spacing in output message 31 322.1.3 2011-08-17 33 * add missing ; to attribute_role_def 34 *Redo filename/filesystem syntax to support filename trans 35 362.1.2 2011-08-02 37 * .gitignore changes 38 * dispol output of role trans 39 * man page update: build a module with an older policy version 40 412.1.1 2011-08-01 42 * Minor updates to filename trans rule output in dis{mod,pol} 43 442.1.0 2011-07-27 45 * Release, minor version bump 46 472.0.27 2011-07-25 48 * Add role attribute support by Harry Ciao 49 502.0.26 2011-05-16 51 * Wrap file names in filename transitions with quotes by Steve Lawrence. 52 * Allow filesystem names to start with a digit by James Carter. 53 542.0.25 2011-05-02 55 * Add support for using the last path compnent in type transitions by Eric 56 Paris. 57 * Allow single digit module versions by Daniel Walsh. 58 * Use better filename identifier for filenames by Daniel Walsh. 59 * Use #defines for dismod selections by Eric Paris. 60 612.0.24 2011-04-11 62 * Add new class field in role_transition by Harry Ciao. 63 642.0.23 2010-12-16 65 * Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock 66 672.0.22 2010-06-14 68 * Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence 69 702.0.21 2009-11-27 71 * Add long options to checkpolicy and checkmodule by Guido 72 Trentalancia <guido@trentalancia.com> 73 742.0.20 2009-10-14 75 * Add support for building Xen policies from Paul Nuzzi. 76 772.0.19 2009-02-18 78 * Fix alias field in module format, caused by boundary format change 79 from Caleb Case. 80 812.0.18 2008-10-14 82 * Properly escape regex symbols in the lexer from Stephen Smalley. 83 842.0.17 2008-10-09 85 * Add bounds support from KaiGai Kohei. 86 872.0.16 2008-05-27 88 * Update checkpolicy for user and role mapping support from Joshua Brindle. 89 902.0.15 2008-05-05 91 * Fix for policy module versions that look like IPv4 addresses from Jim Carter. 92 Resolves bug 444451. 93 942.0.14 2008-03-24 95 * Add permissive domain support from Eric Paris. 96 972.0.13 2008-03-05 98 * Split out non-grammar parts of policy_parse.yacc into 99 policy_define.c and policy_define.h from Todd C. Miller. 100 1012.0.12 2008-03-04 102 * Initialize struct policy_file before using it, from Todd C. Miller. 103 1042.0.11 2008-03-03 105 * Remove unused define, move variable out of .y file, simplify COND_ERR, from Todd C. Miller. 106 1072.0.10 2008-02-28 108 * Use yyerror2() where appropriate from Todd C. Miller. 109 1102.0.9 2008-02-04 111 * Update dispol for libsepol avtab changes from Stephen Smalley. 112 1132.0.8 2008-01-24 114 * Deprecate role dominance in parser. 115 1162.0.7 2008-01-02 117 * Added support for policy capabilities from Todd Miller. 118 1192.0.6 2007-11-15 120 * Initialize the source file name from the command line argument so that checkpolicy/checkmodule report something more useful than "unknown source". 121 1222.0.5 2007-11-01 123 * Merged remove use of REJECT and trailing context in lex rules; make ipv4 address parsing like ipv6 from James Carter. 124 1252.0.4 2007-09-18 126 * Merged handle unknown policydb flag support from Eric Paris. 127 Adds new command line options -U {allow, reject, deny} for selecting 128 the flag when a base module or kernel policy is built. 129 1302.0.3 2007-05-31 131 * Merged fix for segfault on duplicate require of sensitivity from Caleb Case. 132 * Merged fix for dead URLs in checkpolicy man pages from Dan Walsh. 133 1342.0.2 2007-04-12 135 * Merged checkmodule man page fix from Dan Walsh. 136 1372.0.1 2007-02-20 138 * Merged patch to allow dots in class identifiers from Caleb Case. 139 1402.0.0 2007-02-01 141 * Merged patch to use new libsepol error codes by Karl MacMillan. 142 1431.34.0 2007-01-18 144 * Updated version for stable branch. 145 1461.33.1 2006-11-13 147 * Collapse user identifiers and identifiers together. 148 1491.32 2006-10-17 150 * Updated version for release. 151 1521.30.12 2006-09-28 153 * Merged user and range_transition support for modules from 154 Darrel Goeddel 155 1561.30.11 2006-09-05 157 * merged range_transition enhancements and user module format 158 changes from Darrel Goeddel 159 1601.30.10 2006-08-03 161 * Merged symtab datum patch from Karl MacMillan. 162 1631.30.9 2006-06-29 164 * Lindent. 165 1661.30.8 2006-06-29 167 * Merged patch to remove TE rule conflict checking from the parser 168 from Joshua Brindle. This can only be done properly by the 169 expander. 170 1711.30.7 2006-06-27 172 * Merged patch to make checkpolicy/checkmodule handling of 173 duplicate/conflicting TE rules the same as the expander 174 from Joshua Brindle. 175 1761.30.6 2006-06-26 177 * Merged optionals in base take 2 patch set from Joshua Brindle. 178 1791.30.5 2006-05-05 180 * Merged compiler cleanup patch from Karl MacMillan. 181 * Merged fix warnings patch from Karl MacMillan. 182 1831.30.4 2006-04-05 184 * Changed require_class to reject permissions that have not been 185 declared if building a base module. 186 1871.30.3 2006-03-28 188 * Fixed checkmodule to call link_modules prior to expand_module 189 to handle optionals. 190 1911.30.2 2006-03-28 192 * Fixed require_class to avoid shadowing permissions already defined 193 in an inherited common definition. 194 1951.30.1 2006-03-22 196 * Moved processing of role and user require statements to 2nd pass. 197 1981.30 2006-03-14 199 * Updated version for release. 200 2011.29.5 2006-03-09 202 * Fixed bug in role dominance (define_role_dom). 203 2041.29.4 2006-02-14 205 * Added a check for failure to declare each sensitivity in 206 a level definition. 207 2081.29.3 2006-02-13 209 * Changed to clone level data for aliased sensitivities to 210 avoid double free upon sens_destroy. Bug reported by Kevin 211 Carr of Tresys Technology. 212 2131.29.2 2006-02-13 214 * Merged optionals in base patch from Joshua Brindle. 215 2161.29.1 2006-02-01 217 * Merged sepol_av_to_string patch from Joshua Brindle. 218 2191.28 2005-12-07 220 * Updated version for release. 221 2221.27.20 2005-12-02 223 * Merged checkmodule man page from Dan Walsh, and edited it. 224 2251.27.19 2005-12-01 226 * Added error checking of all ebitmap_set_bit calls for out of 227 memory conditions. 228 2291.27.18 2005-12-01 230 * Merged removal of compatibility handling of netlink classes 231 (requirement that policies with newer versions include the 232 netlink class definitions, remapping of fine-grained netlink 233 classes in newer source policies to single netlink class when 234 generating older policies) from George Coker. 235 2361.27.17 2005-10-25 237 * Merged dismod fix from Joshua Brindle. 238 2391.27.16 2005-10-20 240 * Removed obsolete cond_check_type_rules() function and call and 241 cond_optimize_lists() call from checkpolicy.c; these are handled 242 during parsing and expansion now. 243 2441.27.15 2005-10-19 245 * Updated calls to expand_module for interface change. 246 2471.27.14 2005-10-19 248 * Changed checkmodule to verify that expand_module succeeds 249 when building base modules. 250 2511.27.13 2005-10-19 252 * Merged module compiler fixes from Joshua Brindle. 253 2541.27.12 2005-10-19 255 * Removed direct calls to hierarchy_check_constraints() and 256 check_assertions() from checkpolicy since they are now called 257 internally by expand_module(). 258 2591.27.11 2005-10-18 260 * Updated for changes to sepol policydb_index_others interface. 261 2621.27.10 2005-10-17 263 * Updated for changes to sepol expand_module and link_modules interfaces. 264 2651.27.9 2005-10-13 266 * Merged support for require blocks inside conditionals from 267 Joshua Brindle (Tresys). 268 2691.27.8 2005-10-06 270 * Updated for changes to libsepol. 271 2721.27.7 2005-10-05 273 * Merged several bug fixes from Joshua Brindle (Tresys). 274 2751.27.6 2005-10-03 276 * Merged MLS in modules patch from Joshua Brindle (Tresys). 277 2781.27.5 2005-09-28 279 * Merged error handling improvement in checkmodule from Karl MacMillan (Tresys). 280 2811.27.4 2005-09-26 282 * Merged bugfix for dup role transition error messages from 283 Karl MacMillan (Tresys). 284 2851.27.3 2005-09-23 286 * Merged policyver/modulever patches from Joshua Brindle (Tresys). 287 2881.27.2 2005-09-20 289 * Fixed parse_categories handling of undefined category. 290 2911.27.1 2005-09-16 292 * Merged bug fix for role dominance handling from Darrel Goeddel (TCS). 293 2941.26 2005-09-06 295 * Updated version for release. 296 2971.25.12 2005-08-22 298 * Fixed handling of validatetrans constraint expressions. 299 Bug reported by Dan Walsh for checkpolicy -M. 300 3011.25.11 2005-08-18 302 * Merged use-after-free fix from Serge Hallyn (IBM). 303 Bug found by Coverity. 304 3051.25.10 2005-08-15 306 * Fixed further memory leaks found by valgrind. 307 3081.25.9 2005-08-15 309 * Changed checkpolicy to destroy the policydbs prior to exit 310 to allow leak detection. 311 * Fixed several memory leaks found by valgrind. 312 3131.25.8 2005-08-11 314 * Updated checkpolicy and dispol for the new avtab format. 315 Converted users of ebitmaps to new inline operators. 316 Note: The binary policy format version has been incremented to 317 version 20 as a result of these changes. To build a policy 318 for a kernel that does not yet include these changes, use 319 the -c 19 option to checkpolicy. 320 3211.25.7 2005-08-11 322 * Merged patch to prohibit use of "self" as a type name from Jason Tang (Tresys). 323 3241.25.6 2005-08-10 325 * Merged patch to fix dismod compilation from Joshua Brindle (Tresys). 326 3271.25.5 2005-08-09 328 * Fixed call to hierarchy checking code to pass the right policydb. 329 3301.25.4 2005-08-02 331 * Merged patch to update dismod for the relocation of the 332 module read/write code from libsemanage to libsepol, and 333 to enable build of test subdirectory from Jason Tang (Tresys). 334 3351.25.3 2005-07-18 336 * Merged hierarchy check fix from Joshua Brindle (Tresys). 337 3381.25.2 2005-07-06 339 * Merged loadable module support from Tresys Technology. 340 3411.25.1 2005-06-24 342 * Merged patch to prohibit the use of * and ~ in type sets 343 (other than in neverallow statements) and in role sets 344 from Joshua Brindle (Tresys). 345 3461.24 2005-06-20 347 * Updated version for release. 348 3491.23.4 2005-05-19 350 * Merged cleanup patch from Dan Walsh. 351 3521.23.3 2005-05-13 353 * Added sepol_ prefix to Flask types to avoid namespace 354 collision with libselinux. 355 3561.23.2 2005-04-29 357 * Merged identifier fix from Joshua Brindle (Tresys). 358 3591.23.1 2005-04-13 360 * Merged hierarchical type/role patch from Tresys Technology. 361 * Merged MLS fixes from Darrel Goeddel of TCS. 362 3631.22 2005-03-09 364 * Updated version for release. 365 3661.21.4 2005-02-17 367 * Moved genpolusers utility to libsepol. 368 * Merged range_transition support from Darrel Goeddel (TCS). 369 3701.21.3 2005-02-16 371 * Merged define_user() cleanup patch from Darrel Goeddel (TCS). 372 3731.21.2 2005-02-09 374 * Changed relabel Makefile target to use restorecon. 375 3761.21.1 2005-01-26 377 * Merged enhanced MLS support from Darrel Goeddel (TCS). 378 3791.20 2005-01-04 380 * Merged typeattribute statement patch from Darrel Goeddel of TCS. 381 * Changed genpolusers to handle multiple user config files. 382 * Merged nodecon ordering patch from Chad Hanson of TCS. 383 3841.18 2004-10-07 385 * MLS build fix. 386 * Fixed Makefile dependencies (Chris PeBenito). 387 * Merged fix for role dominance ordering issue from Chad Hanson of TCS. 388 * Preserve portcon ordering and apply more checking. 389 3901.16 2004-08-13 391 * Allow empty conditional clauses. 392 * Moved genpolbools utility to libsepol. 393 * Updated for libsepol set functions. 394 * Changed to link with libsepol.a. 395 * Moved core functionality into libsepol. 396 * Merged bug fix for conditional self handling from Karl MacMillan, Dave Caplan, and Joshua Brindle of Tresys. 397 * Added genpolusers program. 398 * Fixed bug in checkpolicy conditional code. 399 4001.14 2004-06-28 401 * Merged fix for MLS logic from Daniel Thayer of TCS. 402 * Require semicolon terminator for typealias statement. 403 4041.12 2004-06-16 405 * Merged fine-grained netlink class support. 406 4071.10 2004-04-07 408 * Merged ipv6 support from James Morris of RedHat. 409 * Fixed compute_av bug discovered by Chad Hanson of TCS. 410 4111.8 2004-03-09 412 * Merged policydb MLS patch from Chad Hanson of TCS. 413 * Fixed mmap of policy file. 414 4151.6 2004-02-18 416 * Merged conditional policy extensions from Tresys Technology. 417 * Added typealias declaration support per Russell Coker's request. 418 * Added support for excluding types from type sets based on 419 a patch by David Caplan, but reimplemented as a change to the 420 policy grammar. 421 * Merged patch from Colin Walters to report source file name and line 422 number for errors when available. 423 * Un-deprecated role transitions. 424 4251.4 2003-12-01 426 * Regenerated headers. 427 * Merged patches from Bastian Blank and Joerg Hoh. 428 4291.2 2003-09-30 430 * Merged MLS build patch from Karl MacMillan of Tresys. 431 * Merged checkpolicy man page from Magosanyi Arpad. 432 4331.1 2003-08-13 434 * Fixed endian bug in policydb_write for behavior value. 435 * License -> GPL. 436 * Merged coding style cleanups from James Morris. 437 4381.0 2003-07-11 439 * Initial public release. 440 441