1 * dispol: display operations as ranges, from Jeff Vander Stoep. 2 * dispol: Extend to display operations, from Stephen Smalley. 3 * Add support for ioctl command whitelisting, from Jeff Vander Stoep. 4 * Add option to write CIL policy, from James Carter 5 * Add device tree ocontext nodes to Xen policy, from Daniel De Graaf. 6 * Widen Xen IOMEM context entries, from Daniel De Graaf. 7 * Expand allowed character set in paths, from Daniel De Graaf. 8 * Fix precedence between number and filesystem tokens, from Stephen Smalley. 9 * dispol/dismod fgets function warnings fix, from Emre Can Kucukoglu. 10 11 2.4 2015-02-02 12 * Fix bugs found by hardened gcc flags, from Nicolas Iooss. 13 * Add missing semicolon in cond_else parser rule, from Steven Capelli. 14 * Clear errno before call to strtol(3) from Dan Albert. 15 * Global C++11 compatibility from Dan Albert. 16 * Allow libsepol C++ static library on device from Daniel Cashman. 17 18 2.3 2014-05-06 19 * Add Android support for building dispol. 20 * Report source file and line information for neverallow failures. 21 * Prevent incompatible option combinations for checkmodule. 22 * Drop -lselinux from LDLIBS for test programs; not used. 23 * Add debug feature to display constraints/validatetrans from Richard Haines. 24 25 2.2 2013-10-30 26 * Fix hyphen usage in man pages from Laurent Bigonville. 27 * handle-unknown / -U required argument fix from Laurent Bigonville. 28 * Support overriding Makefile PATH and LIBDIR from Laurent Bigonville. 29 * Support space and : in filenames from Dan Walsh. 30 31 2.1.12 2013-02-01 32 * Fix errors found by coverity 33 * implement default type policy syntax 34 * Free allocated memory when clean up / exit. 35 36 2.1.11 2012-09-13 37 * fd leak reading policy 38 * check return code on ebitmap_set_bit 39 40 2.1.10 2012-06-28 41 * sepolgen: We need to support files that have a + in them 42 * Android/MacOS X build support 43 44 2.1.9 2012-03-28 45 * implement new default labeling behaviors for usr, role, range 46 * Fix dead links to www.nsa.gov/selinux 47 48 2.1.8 2011-12-21 49 * add new helper to translate class sets into bitmaps 50 51 2.1.7 2011-12-05 52 * dis* fixed signed vs unsigned errors 53 * dismod: fix unused parameter errors 54 * test: Makefile: include -W and -Werror 55 * allow ~ in filename transition rules 56 57 2.1.6 2011-11-03 58 * Revert "checkpolicy: Redo filename/filesystem syntax to support filename trans rules" 59 * drop libsepol dynamic link in checkpolicy 60 61 2.1.5 2011-09-15 62 * Separate tunable from boolean during compile. 63 64 2.1.4 2011-08-26 65 * checkpolicy: fix spacing in output message 66 67 2.1.3 2011-08-17 68 * add missing ; to attribute_role_def 69 *Redo filename/filesystem syntax to support filename trans 70 71 2.1.2 2011-08-02 72 * .gitignore changes 73 * dispol output of role trans 74 * man page update: build a module with an older policy version 75 76 2.1.1 2011-08-01 77 * Minor updates to filename trans rule output in dis{mod,pol} 78 79 2.1.0 2011-07-27 80 * Release, minor version bump 81 82 2.0.27 2011-07-25 83 * Add role attribute support by Harry Ciao 84 85 2.0.26 2011-05-16 86 * Wrap file names in filename transitions with quotes by Steve Lawrence. 87 * Allow filesystem names to start with a digit by James Carter. 88 89 2.0.25 2011-05-02 90 * Add support for using the last path compnent in type transitions by Eric 91 Paris. 92 * Allow single digit module versions by Daniel Walsh. 93 * Use better filename identifier for filenames by Daniel Walsh. 94 * Use #defines for dismod selections by Eric Paris. 95 96 2.0.24 2011-04-11 97 * Add new class field in role_transition by Harry Ciao. 98 99 2.0.23 2010-12-16 100 * Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock 101 102 2.0.22 2010-06-14 103 * Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence 104 105 2.0.21 2009-11-27 106 * Add long options to checkpolicy and checkmodule by Guido 107 Trentalancia <guido (a] trentalancia.com> 108 109 2.0.20 2009-10-14 110 * Add support for building Xen policies from Paul Nuzzi. 111 112 2.0.19 2009-02-18 113 * Fix alias field in module format, caused by boundary format change 114 from Caleb Case. 115 116 2.0.18 2008-10-14 117 * Properly escape regex symbols in the lexer from Stephen Smalley. 118 119 2.0.17 2008-10-09 120 * Add bounds support from KaiGai Kohei. 121 122 2.0.16 2008-05-27 123 * Update checkpolicy for user and role mapping support from Joshua Brindle. 124 125 2.0.15 2008-05-05 126 * Fix for policy module versions that look like IPv4 addresses from Jim Carter. 127 Resolves bug 444451. 128 129 2.0.14 2008-03-24 130 * Add permissive domain support from Eric Paris. 131 132 2.0.13 2008-03-05 133 * Split out non-grammar parts of policy_parse.yacc into 134 policy_define.c and policy_define.h from Todd C. Miller. 135 136 2.0.12 2008-03-04 137 * Initialize struct policy_file before using it, from Todd C. Miller. 138 139 2.0.11 2008-03-03 140 * Remove unused define, move variable out of .y file, simplify COND_ERR, from Todd C. Miller. 141 142 2.0.10 2008-02-28 143 * Use yyerror2() where appropriate from Todd C. Miller. 144 145 2.0.9 2008-02-04 146 * Update dispol for libsepol avtab changes from Stephen Smalley. 147 148 2.0.8 2008-01-24 149 * Deprecate role dominance in parser. 150 151 2.0.7 2008-01-02 152 * Added support for policy capabilities from Todd Miller. 153 154 2.0.6 2007-11-15 155 * Initialize the source file name from the command line argument so that checkpolicy/checkmodule report something more useful than "unknown source". 156 157 2.0.5 2007-11-01 158 * Merged remove use of REJECT and trailing context in lex rules; make ipv4 address parsing like ipv6 from James Carter. 159 160 2.0.4 2007-09-18 161 * Merged handle unknown policydb flag support from Eric Paris. 162 Adds new command line options -U {allow, reject, deny} for selecting 163 the flag when a base module or kernel policy is built. 164 165 2.0.3 2007-05-31 166 * Merged fix for segfault on duplicate require of sensitivity from Caleb Case. 167 * Merged fix for dead URLs in checkpolicy man pages from Dan Walsh. 168 169 2.0.2 2007-04-12 170 * Merged checkmodule man page fix from Dan Walsh. 171 172 2.0.1 2007-02-20 173 * Merged patch to allow dots in class identifiers from Caleb Case. 174 175 2.0.0 2007-02-01 176 * Merged patch to use new libsepol error codes by Karl MacMillan. 177 178 1.34.0 2007-01-18 179 * Updated version for stable branch. 180 181 1.33.1 2006-11-13 182 * Collapse user identifiers and identifiers together. 183 184 1.32 2006-10-17 185 * Updated version for release. 186 187 1.30.12 2006-09-28 188 * Merged user and range_transition support for modules from 189 Darrel Goeddel 190 191 1.30.11 2006-09-05 192 * merged range_transition enhancements and user module format 193 changes from Darrel Goeddel 194 195 1.30.10 2006-08-03 196 * Merged symtab datum patch from Karl MacMillan. 197 198 1.30.9 2006-06-29 199 * Lindent. 200 201 1.30.8 2006-06-29 202 * Merged patch to remove TE rule conflict checking from the parser 203 from Joshua Brindle. This can only be done properly by the 204 expander. 205 206 1.30.7 2006-06-27 207 * Merged patch to make checkpolicy/checkmodule handling of 208 duplicate/conflicting TE rules the same as the expander 209 from Joshua Brindle. 210 211 1.30.6 2006-06-26 212 * Merged optionals in base take 2 patch set from Joshua Brindle. 213 214 1.30.5 2006-05-05 215 * Merged compiler cleanup patch from Karl MacMillan. 216 * Merged fix warnings patch from Karl MacMillan. 217 218 1.30.4 2006-04-05 219 * Changed require_class to reject permissions that have not been 220 declared if building a base module. 221 222 1.30.3 2006-03-28 223 * Fixed checkmodule to call link_modules prior to expand_module 224 to handle optionals. 225 226 1.30.2 2006-03-28 227 * Fixed require_class to avoid shadowing permissions already defined 228 in an inherited common definition. 229 230 1.30.1 2006-03-22 231 * Moved processing of role and user require statements to 2nd pass. 232 233 1.30 2006-03-14 234 * Updated version for release. 235 236 1.29.5 2006-03-09 237 * Fixed bug in role dominance (define_role_dom). 238 239 1.29.4 2006-02-14 240 * Added a check for failure to declare each sensitivity in 241 a level definition. 242 243 1.29.3 2006-02-13 244 * Changed to clone level data for aliased sensitivities to 245 avoid double free upon sens_destroy. Bug reported by Kevin 246 Carr of Tresys Technology. 247 248 1.29.2 2006-02-13 249 * Merged optionals in base patch from Joshua Brindle. 250 251 1.29.1 2006-02-01 252 * Merged sepol_av_to_string patch from Joshua Brindle. 253 254 1.28 2005-12-07 255 * Updated version for release. 256 257 1.27.20 2005-12-02 258 * Merged checkmodule man page from Dan Walsh, and edited it. 259 260 1.27.19 2005-12-01 261 * Added error checking of all ebitmap_set_bit calls for out of 262 memory conditions. 263 264 1.27.18 2005-12-01 265 * Merged removal of compatibility handling of netlink classes 266 (requirement that policies with newer versions include the 267 netlink class definitions, remapping of fine-grained netlink 268 classes in newer source policies to single netlink class when 269 generating older policies) from George Coker. 270 271 1.27.17 2005-10-25 272 * Merged dismod fix from Joshua Brindle. 273 274 1.27.16 2005-10-20 275 * Removed obsolete cond_check_type_rules() function and call and 276 cond_optimize_lists() call from checkpolicy.c; these are handled 277 during parsing and expansion now. 278 279 1.27.15 2005-10-19 280 * Updated calls to expand_module for interface change. 281 282 1.27.14 2005-10-19 283 * Changed checkmodule to verify that expand_module succeeds 284 when building base modules. 285 286 1.27.13 2005-10-19 287 * Merged module compiler fixes from Joshua Brindle. 288 289 1.27.12 2005-10-19 290 * Removed direct calls to hierarchy_check_constraints() and 291 check_assertions() from checkpolicy since they are now called 292 internally by expand_module(). 293 294 1.27.11 2005-10-18 295 * Updated for changes to sepol policydb_index_others interface. 296 297 1.27.10 2005-10-17 298 * Updated for changes to sepol expand_module and link_modules interfaces. 299 300 1.27.9 2005-10-13 301 * Merged support for require blocks inside conditionals from 302 Joshua Brindle (Tresys). 303 304 1.27.8 2005-10-06 305 * Updated for changes to libsepol. 306 307 1.27.7 2005-10-05 308 * Merged several bug fixes from Joshua Brindle (Tresys). 309 310 1.27.6 2005-10-03 311 * Merged MLS in modules patch from Joshua Brindle (Tresys). 312 313 1.27.5 2005-09-28 314 * Merged error handling improvement in checkmodule from Karl MacMillan (Tresys). 315 316 1.27.4 2005-09-26 317 * Merged bugfix for dup role transition error messages from 318 Karl MacMillan (Tresys). 319 320 1.27.3 2005-09-23 321 * Merged policyver/modulever patches from Joshua Brindle (Tresys). 322 323 1.27.2 2005-09-20 324 * Fixed parse_categories handling of undefined category. 325 326 1.27.1 2005-09-16 327 * Merged bug fix for role dominance handling from Darrel Goeddel (TCS). 328 329 1.26 2005-09-06 330 * Updated version for release. 331 332 1.25.12 2005-08-22 333 * Fixed handling of validatetrans constraint expressions. 334 Bug reported by Dan Walsh for checkpolicy -M. 335 336 1.25.11 2005-08-18 337 * Merged use-after-free fix from Serge Hallyn (IBM). 338 Bug found by Coverity. 339 340 1.25.10 2005-08-15 341 * Fixed further memory leaks found by valgrind. 342 343 1.25.9 2005-08-15 344 * Changed checkpolicy to destroy the policydbs prior to exit 345 to allow leak detection. 346 * Fixed several memory leaks found by valgrind. 347 348 1.25.8 2005-08-11 349 * Updated checkpolicy and dispol for the new avtab format. 350 Converted users of ebitmaps to new inline operators. 351 Note: The binary policy format version has been incremented to 352 version 20 as a result of these changes. To build a policy 353 for a kernel that does not yet include these changes, use 354 the -c 19 option to checkpolicy. 355 356 1.25.7 2005-08-11 357 * Merged patch to prohibit use of "self" as a type name from Jason Tang (Tresys). 358 359 1.25.6 2005-08-10 360 * Merged patch to fix dismod compilation from Joshua Brindle (Tresys). 361 362 1.25.5 2005-08-09 363 * Fixed call to hierarchy checking code to pass the right policydb. 364 365 1.25.4 2005-08-02 366 * Merged patch to update dismod for the relocation of the 367 module read/write code from libsemanage to libsepol, and 368 to enable build of test subdirectory from Jason Tang (Tresys). 369 370 1.25.3 2005-07-18 371 * Merged hierarchy check fix from Joshua Brindle (Tresys). 372 373 1.25.2 2005-07-06 374 * Merged loadable module support from Tresys Technology. 375 376 1.25.1 2005-06-24 377 * Merged patch to prohibit the use of * and ~ in type sets 378 (other than in neverallow statements) and in role sets 379 from Joshua Brindle (Tresys). 380 381 1.24 2005-06-20 382 * Updated version for release. 383 384 1.23.4 2005-05-19 385 * Merged cleanup patch from Dan Walsh. 386 387 1.23.3 2005-05-13 388 * Added sepol_ prefix to Flask types to avoid namespace 389 collision with libselinux. 390 391 1.23.2 2005-04-29 392 * Merged identifier fix from Joshua Brindle (Tresys). 393 394 1.23.1 2005-04-13 395 * Merged hierarchical type/role patch from Tresys Technology. 396 * Merged MLS fixes from Darrel Goeddel of TCS. 397 398 1.22 2005-03-09 399 * Updated version for release. 400 401 1.21.4 2005-02-17 402 * Moved genpolusers utility to libsepol. 403 * Merged range_transition support from Darrel Goeddel (TCS). 404 405 1.21.3 2005-02-16 406 * Merged define_user() cleanup patch from Darrel Goeddel (TCS). 407 408 1.21.2 2005-02-09 409 * Changed relabel Makefile target to use restorecon. 410 411 1.21.1 2005-01-26 412 * Merged enhanced MLS support from Darrel Goeddel (TCS). 413 414 1.20 2005-01-04 415 * Merged typeattribute statement patch from Darrel Goeddel of TCS. 416 * Changed genpolusers to handle multiple user config files. 417 * Merged nodecon ordering patch from Chad Hanson of TCS. 418 419 1.18 2004-10-07 420 * MLS build fix. 421 * Fixed Makefile dependencies (Chris PeBenito). 422 * Merged fix for role dominance ordering issue from Chad Hanson of TCS. 423 * Preserve portcon ordering and apply more checking. 424 425 1.16 2004-08-13 426 * Allow empty conditional clauses. 427 * Moved genpolbools utility to libsepol. 428 * Updated for libsepol set functions. 429 * Changed to link with libsepol.a. 430 * Moved core functionality into libsepol. 431 * Merged bug fix for conditional self handling from Karl MacMillan, Dave Caplan, and Joshua Brindle of Tresys. 432 * Added genpolusers program. 433 * Fixed bug in checkpolicy conditional code. 434 435 1.14 2004-06-28 436 * Merged fix for MLS logic from Daniel Thayer of TCS. 437 * Require semicolon terminator for typealias statement. 438 439 1.12 2004-06-16 440 * Merged fine-grained netlink class support. 441 442 1.10 2004-04-07 443 * Merged ipv6 support from James Morris of RedHat. 444 * Fixed compute_av bug discovered by Chad Hanson of TCS. 445 446 1.8 2004-03-09 447 * Merged policydb MLS patch from Chad Hanson of TCS. 448 * Fixed mmap of policy file. 449 450 1.6 2004-02-18 451 * Merged conditional policy extensions from Tresys Technology. 452 * Added typealias declaration support per Russell Coker's request. 453 * Added support for excluding types from type sets based on 454 a patch by David Caplan, but reimplemented as a change to the 455 policy grammar. 456 * Merged patch from Colin Walters to report source file name and line 457 number for errors when available. 458 * Un-deprecated role transitions. 459 460 1.4 2003-12-01 461 * Regenerated headers. 462 * Merged patches from Bastian Blank and Joerg Hoh. 463 464 1.2 2003-09-30 465 * Merged MLS build patch from Karl MacMillan of Tresys. 466 * Merged checkpolicy man page from Magosanyi Arpad. 467 468 1.1 2003-08-13 469 * Fixed endian bug in policydb_write for behavior value. 470 * License -> GPL. 471 * Merged coding style cleanups from James Morris. 472 473 1.0 2003-07-11 474 * Initial public release. 475 476
