diff --git a/.libsepol.metadata b/.libsepol.metadata new file mode 100644 index 0000000..c6a3a67 --- /dev/null +++ b/.libsepol.metadata @@ -0,0 +1 @@ +5ca22f919652958cbcd3e026048ea831ea54de47 SOURCES/libsepol-2.1.9.tgz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/libsepol-rhat.patch b/SOURCES/libsepol-rhat.patch new file mode 100644 index 0000000..552c827 --- /dev/null +++ b/SOURCES/libsepol-rhat.patch @@ -0,0 +1,1118 @@ +diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h +index c27275e..0165eed 100644 +--- a/libsepol/include/sepol/policydb/policydb.h ++++ b/libsepol/include/sepol/policydb/policydb.h +@@ -683,10 +683,11 @@ extern int policydb_set_target_platform(policydb_t *p, int platform); + #define POLICYDB_VERSION_ROLETRANS 26 + #define POLICYDB_VERSION_NEW_OBJECT_DEFAULTS 27 + #define POLICYDB_VERSION_DEFAULT_TYPE 28 ++#define POLICYDB_VERSION_CONSTRAINT_NAMES 29 + + /* Range of policy versions we understand*/ + #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE +-#define POLICYDB_VERSION_MAX POLICYDB_VERSION_DEFAULT_TYPE ++#define POLICYDB_VERSION_MAX POLICYDB_VERSION_CONSTRAINT_NAMES + + /* Module versions and specific changes*/ + #define MOD_POLICYDB_VERSION_BASE 4 +@@ -704,9 +705,10 @@ extern int policydb_set_target_platform(policydb_t *p, int platform); + #define MOD_POLICYDB_VERSION_TUNABLE_SEP 14 + #define MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS 15 + #define MOD_POLICYDB_VERSION_DEFAULT_TYPE 16 ++#define MOD_POLICYDB_VERSION_CONSTRAINT_NAMES 17 + + #define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE +-#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_DEFAULT_TYPE ++#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_CONSTRAINT_NAMES + + #define POLICYDB_CONFIG_MLS 1 + +diff --git a/libsepol/include/sepol/policydb/services.h b/libsepol/include/sepol/policydb/services.h +index aef0c7b..1969a10 100644 +--- a/libsepol/include/sepol/policydb/services.h ++++ b/libsepol/include/sepol/policydb/services.h +@@ -58,6 +58,38 @@ extern int sepol_compute_av_reason(sepol_security_id_t ssid, + struct sepol_av_decision *avd, + unsigned int *reason); + ++/* ++ * Same as above, but also returns the constraint expression calculations ++ * whether allowed or denied in a buffer. This buffer is allocated by ++ * this call and must be free'd by the caller using free(3). The contraint ++ * buffer will contain any constraints in infix notation. ++ * If the SHOW_GRANTED flag is set it will show granted and denied ++ * constraints. The default is to show only denied constraints. ++ */ ++#define SHOW_GRANTED 1 ++extern int sepol_compute_av_reason_buffer(sepol_security_id_t ssid, ++ sepol_security_id_t tsid, ++ sepol_security_class_t tclass, ++ sepol_access_vector_t requested, ++ struct sepol_av_decision *avd, ++ unsigned int *reason, ++ char **reason_buf, ++ unsigned int flags); ++/* ++ * Return a class ID associated with the class string representation ++ * specified by `class_name'. ++ */ ++extern int sepol_class_name_to_id(const char *class_name, ++ sepol_security_class_t *tclass); ++ ++/* ++ * Return a permission av bit associated with tclass and the string ++ * representation of the `perm_name'. ++ */ ++extern int sepol_perm_name_to_av(sepol_security_class_t tclass, ++ const char *perm_name, ++ sepol_access_vector_t *av); ++ + /* + * Compute a SID to use for labeling a new object in the + * class `tclass' based on a SID pair. +diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c +index f0555bb..6fd992f 100644 +--- a/libsepol/src/expand.c ++++ b/libsepol/src/expand.c +@@ -384,6 +384,17 @@ static int constraint_node_clone(constraint_node_t ** dst, + new_expr->op = expr->op; + if (new_expr->expr_type == CEXPR_NAMES) { + if (new_expr->attr & CEXPR_TYPE) { ++ /* ++ * Copy over constraint policy source types and/or ++ * attributes for sepol_compute_av_reason_buffer(3) so that ++ * utilities can analyse constraint errors. ++ */ ++ if (map_ebitmap(&expr->type_names->types, ++ &new_expr->type_names->types, ++ state->typemap)) { ++ ERR(NULL, "Failed to map type_names->types"); ++ goto out_of_mem; ++ } + /* Type sets require expansion and conversion. */ + if (expand_convert_type_set(state->out, + state-> +diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c +index 1f49261..8c7efbc 100644 +--- a/libsepol/src/policydb.c ++++ b/libsepol/src/policydb.c +@@ -165,6 +165,13 @@ static struct policydb_compat_info policydb_compat[] = { + .target_platform = SEPOL_TARGET_SELINUX, + }, + { ++ .type = POLICY_KERN, ++ .version = POLICYDB_VERSION_CONSTRAINT_NAMES, ++ .sym_num = SYM_NUM, ++ .ocon_num = OCON_NODE6 + 1, ++ .target_platform = SEPOL_TARGET_SELINUX, ++ }, ++ { + .type = POLICY_BASE, + .version = MOD_POLICYDB_VERSION_BASE, + .sym_num = SYM_NUM, +@@ -256,6 +263,13 @@ static struct policydb_compat_info policydb_compat[] = { + .target_platform = SEPOL_TARGET_SELINUX, + }, + { ++ .type = POLICY_BASE, ++ .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES, ++ .sym_num = SYM_NUM, ++ .ocon_num = OCON_NODE6 + 1, ++ .target_platform = SEPOL_TARGET_SELINUX, ++ }, ++ { + .type = POLICY_MOD, + .version = MOD_POLICYDB_VERSION_BASE, + .sym_num = SYM_NUM, +@@ -346,6 +360,13 @@ static struct policydb_compat_info policydb_compat[] = { + .ocon_num = 0, + .target_platform = SEPOL_TARGET_SELINUX, + }, ++ { ++ .type = POLICY_MOD, ++ .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES, ++ .sym_num = SYM_NUM, ++ .ocon_num = 0, ++ .target_platform = SEPOL_TARGET_SELINUX, ++ }, + }; + + #if 0 +@@ -2019,6 +2040,10 @@ static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep, + if (p->policy_type != POLICY_KERN && + type_set_read(e->type_names, fp)) + return -1; ++ else if (p->policy_type == POLICY_KERN && ++ p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES && ++ type_set_read(e->type_names, fp)) ++ return -1; + break; + default: + return -1; +diff --git a/libsepol/src/services.c b/libsepol/src/services.c +index 7fac4a0..43ec07e 100644 +--- a/libsepol/src/services.c ++++ b/libsepol/src/services.c +@@ -43,6 +43,11 @@ + * Implementation of the security services. + */ + ++/* The initial sizes malloc'd for sepol_compute_av_reason_buffer() support */ ++#define REASON_BUF_SIZE 2048 ++#define EXPR_BUF_SIZE 1024 ++#define STACK_LEN 32 ++ + #include + #include + #include +@@ -54,6 +59,7 @@ + #include + #include + #include ++#include + + #include "debug.h" + #include "private.h" +@@ -70,6 +76,50 @@ static int selinux_enforcing = 1; + static sidtab_t mysidtab, *sidtab = &mysidtab; + static policydb_t mypolicydb, *policydb = &mypolicydb; + ++/* Used by sepol_compute_av_reason_buffer() to keep track of entries */ ++static int reason_buf_used; ++static int reason_buf_len; ++ ++/* Stack services for RPN to infix conversion. */ ++static char **stack; ++static int stack_len; ++static int next_stack_entry; ++ ++static void push(char * expr_ptr) ++{ ++ if (next_stack_entry >= stack_len) { ++ char **new_stack = stack; ++ int new_stack_len; ++ ++ if (stack_len == 0) ++ new_stack_len = STACK_LEN; ++ else ++ new_stack_len = stack_len * 2; ++ ++ new_stack = realloc(stack, new_stack_len * sizeof(*stack)); ++ if (!new_stack) { ++ ERR(NULL, "unable to allocate stack space"); ++ return; ++ } ++ stack_len = new_stack_len; ++ stack = new_stack; ++ } ++ stack[next_stack_entry] = expr_ptr; ++ next_stack_entry++; ++} ++ ++static char *pop(void) ++{ ++ next_stack_entry--; ++ if (next_stack_entry < 0) { ++ next_stack_entry = 0; ++ ERR(NULL, "pop called with no stack entries"); ++ return NULL; ++ } ++ return stack[next_stack_entry]; ++} ++/* End Stack services */ ++ + int hidden sepol_set_sidtab(sidtab_t * s) + { + sidtab = s; +@@ -113,20 +163,195 @@ int sepol_set_policydb_from_file(FILE * fp) + static uint32_t latest_granting = 0; + + /* +- * Return the boolean value of a constraint expression +- * when it is applied to the specified source and target ++ * cat_expr_buf adds a string to an expression buffer and handles realloc's if ++ * buffer is too small. The array of expression text buffer pointers and its ++ * counter are globally defined here as constraint_expr_eval_reason() sets ++ * them up and cat_expr_buf updates the e_buf pointer if the buffer is realloc'ed. ++ */ ++static int expr_counter; ++static char **expr_list; ++static int expr_buf_used; ++static int expr_buf_len; ++ ++static void cat_expr_buf(char *e_buf, char *string) ++{ ++ int len, new_buf_len; ++ char *p, *new_buf = e_buf; ++ ++ while (1) { ++ p = e_buf + expr_buf_used; ++ len = snprintf(p, expr_buf_len - expr_buf_used, "%s", string); ++ if (len < 0 || len >= expr_buf_len - expr_buf_used) { ++ new_buf_len = expr_buf_len + EXPR_BUF_SIZE; ++ new_buf = realloc(e_buf, new_buf_len); ++ if (!new_buf) { ++ ERR(NULL, "failed to realloc expr buffer"); ++ return; ++ } ++ /* Update the new ptr in the expr list and locally + new len */ ++ expr_list[expr_counter] = new_buf; ++ e_buf = new_buf; ++ expr_buf_len = new_buf_len; ++ } else { ++ expr_buf_used += len; ++ return; ++ } ++ } ++} ++ ++/* ++ * If the POLICY_KERN version is < POLICYDB_VERSION_CONSTRAINT_NAMES, ++ * then just return. ++ * ++ * If the POLICY_KERN version is >= POLICYDB_VERSION_CONSTRAINT_NAMES, ++ * then for 'types' only, read the types_names->types list as it will ++ * contain a list of types and attributes that were defined in the ++ * policy source. ++ */ ++static void get_names_list(constraint_expr_t *e, int type) ++{ ++ ebitmap_t *types; ++ types = &e->type_names->types; ++ int rc = 0; ++ unsigned int i; ++ char tmp_buf[128]; ++ /* if -type_names->types is 0, then output string */ ++ int empty_set = 0; ++ ++ if (policydb->policy_type == POLICY_KERN && ++ policydb->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES && ++ type == CEXPR_TYPE) { ++ /* ++ * Process >= POLICYDB_VERSION_CONSTRAINT_NAMES with CEXPR_TYPE, then ++ * obtain the list of names defined in the policy source. ++ */ ++ cat_expr_buf(expr_list[expr_counter], "{ POLICY_SOURCE: "); ++ for (i = ebitmap_startbit(types); i < ebitmap_length(types); i++) { ++ if ((rc = ebitmap_get_bit(types, i)) == 0) ++ continue; ++ /* Collect entries */ ++ snprintf(tmp_buf, sizeof(tmp_buf), "%s ", policydb->p_type_val_to_name[i]); ++ cat_expr_buf(expr_list[expr_counter], tmp_buf); ++ empty_set++; ++ } ++ if (empty_set == 0) ++ cat_expr_buf(expr_list[expr_counter], " "); ++ cat_expr_buf(expr_list[expr_counter], "} "); ++ } ++ return; ++} ++ ++static void msgcat(char *src, char *tgt, char *rel, int failed) ++{ ++ char tmp_buf[1024]; ++ if (failed) ++ snprintf(tmp_buf, sizeof(tmp_buf), "(%s %s %s -Fail-) ", ++ src, rel, tgt); ++ else ++ snprintf(tmp_buf, sizeof(tmp_buf), "(%s %s %s -Pass-) ", ++ src, rel, tgt); ++ cat_expr_buf(expr_list[expr_counter], tmp_buf); ++} ++ ++/* Returns a buffer with class, statement type and permissions */ ++static char *get_class_info(sepol_security_class_t tclass, ++ constraint_node_t *constraint, ++ context_struct_t * xcontext) ++{ ++ constraint_expr_t *e; ++ int mls, state_num; ++ ++ /* Find if MLS statement or not */ ++ mls = 0; ++ for (e = constraint->expr; e; e = e->next) { ++ if (e->attr >= CEXPR_L1L2) { ++ mls = 1; ++ break; ++ } ++ } ++ ++ /* Determine statement type */ ++ char *statements[] = { ++ "constrain ", /* 0 */ ++ "mlsconstrain ", /* 1 */ ++ "validatetrans ", /* 2 */ ++ "mlsvalidatetrans ", /* 3 */ ++ 0 }; ++ ++ if (xcontext == NULL) ++ state_num = mls + 0; ++ else ++ state_num = mls + 2; ++ ++ int class_buf_len = 0; ++ int new_class_buf_len; ++ int len, buf_used; ++ char *class_buf = NULL, *p; ++ char *new_class_buf = NULL; ++ ++ while (1) { ++ new_class_buf_len = class_buf_len + EXPR_BUF_SIZE; ++ new_class_buf = realloc(class_buf, new_class_buf_len); ++ if (!new_class_buf) ++ return NULL; ++ class_buf_len = new_class_buf_len; ++ class_buf = new_class_buf; ++ buf_used = 0; ++ p = class_buf; ++ ++ /* Add statement type */ ++ len = snprintf(p, class_buf_len - buf_used, "%s", statements[state_num]); ++ if (len < 0 || len >= class_buf_len - buf_used) ++ continue; ++ ++ /* Add class entry */ ++ p += len; ++ buf_used += len; ++ len = snprintf(p, class_buf_len - buf_used, "%s ", ++ policydb->p_class_val_to_name[tclass - 1]); ++ if (len < 0 || len >= class_buf_len - buf_used) ++ continue; ++ ++ /* Add permission entries */ ++ p += len; ++ buf_used += len; ++ len = snprintf(p, class_buf_len - buf_used, "{%s } (", ++ sepol_av_to_string(policydb, tclass, constraint->permissions)); ++ if (len < 0 || len >= class_buf_len - buf_used) ++ continue; ++ break; ++ } ++ return class_buf; ++} ++ ++/* ++ * Modified version of constraint_expr_eval that will process each ++ * constraint as before but adds the information to text buffers that ++ * will hold various components. The expression will be in RPN format, ++ * therefore there is a stack based RPN to infix converter to produce ++ * the final readable constraint. ++ * ++ * Return the boolean value of a constraint expression ++ * when it is applied to the specified source and target + * security contexts. + * + * xcontext is a special beast... It is used by the validatetrans rules + * only. For these rules, scontext is the context before the transition, + * tcontext is the context after the transition, and xcontext is the context + * of the process performing the transition. All other callers of +- * constraint_expr_eval should pass in NULL for xcontext. ++ * constraint_expr_eval_reason should pass in NULL for xcontext. ++ * ++ * This function will also build a buffer as the constraint is processed ++ * for analysis. If this option is not required, then: ++ * 'tclass' should be '0' and r_buf MUST be NULL. + */ +-static int constraint_expr_eval(context_struct_t * scontext, ++static int constraint_expr_eval_reason(context_struct_t * scontext, + context_struct_t * tcontext, + context_struct_t * xcontext, +- constraint_expr_t * cexpr) ++ sepol_security_class_t tclass, ++ constraint_node_t *constraint, ++ char **r_buf, ++ unsigned int flags) + { + uint32_t val1, val2; + context_struct_t *c; +@@ -136,56 +361,137 @@ static int constraint_expr_eval(context_struct_t * scontext, + int s[CEXPR_MAXDEPTH]; + int sp = -1; + +- for (e = cexpr; e; e = e->next) { ++ char tmp_buf[128]; ++ ++/* ++ * Define the s_t_x_num values that make up r1, t2 etc. in text strings ++ * Set 1 = source, 2 = target, 3 = xcontext for validatetrans ++ */ ++#define SOURCE 1 ++#define TARGET 2 ++#define XTARGET 3 ++ ++ int s_t_x_num = SOURCE; ++ ++ /* Set 0 = fail, u = CEXPR_USER, r = CEXPR_ROLE, t = CEXPR_TYPE */ ++ int u_r_t = 0; ++ ++ char *name1, *name2; ++ char *src = NULL; ++ char *tgt = NULL; ++ ++ int rc = 0, x; ++ ++ char *class_buf = NULL; ++ ++ class_buf = get_class_info(tclass, constraint, xcontext); ++ if (!class_buf) { ++ ERR(NULL, "failed to allocate class buffer"); ++ return -ENOMEM; ++ } ++ ++ /* Original function but with buffer support */ ++ int expr_list_len = 0; ++ expr_counter = 0; ++ expr_list = NULL; ++ for (e = constraint->expr; e; e = e->next) { ++ /* Allocate a stack to hold expression buffer entries */ ++ if (expr_counter >= expr_list_len) { ++ char **new_expr_list = expr_list; ++ int new_expr_list_len; ++ ++ if (expr_list_len == 0) ++ new_expr_list_len = STACK_LEN; ++ else ++ new_expr_list_len = expr_list_len * 2; ++ ++ new_expr_list = realloc(expr_list, new_expr_list_len * sizeof(*expr_list)); ++ if (!new_expr_list) { ++ ERR(NULL, "failed to allocate expr buffer stack"); ++ rc = -ENOMEM; ++ goto out; ++ } ++ expr_list_len = new_expr_list_len; ++ expr_list = new_expr_list; ++ } ++ ++ /* ++ * malloc a buffer to store each expression text component. If the ++ * buffer is too small cat_expr_buf() will realloc extra space. ++ */ ++ expr_buf_len = EXPR_BUF_SIZE; ++ expr_list[expr_counter] = malloc(expr_buf_len); ++ if (!expr_list[expr_counter]) { ++ ERR(NULL, "failed to allocate expr buffer"); ++ rc = -ENOMEM; ++ goto out; ++ } ++ expr_buf_used = 0; ++ ++ /* Now process each expression of the constraint */ + switch (e->expr_type) { + case CEXPR_NOT: + BUG_ON(sp < 0); + s[sp] = !s[sp]; ++ cat_expr_buf(expr_list[expr_counter], "not"); + break; + case CEXPR_AND: + BUG_ON(sp < 1); + sp--; + s[sp] &= s[sp + 1]; ++ cat_expr_buf(expr_list[expr_counter], "and"); + break; + case CEXPR_OR: + BUG_ON(sp < 1); + sp--; + s[sp] |= s[sp + 1]; ++ cat_expr_buf(expr_list[expr_counter], "or"); + break; + case CEXPR_ATTR: + if (sp == (CEXPR_MAXDEPTH - 1)) +- return 0; ++ goto out; ++ + switch (e->attr) { + case CEXPR_USER: + val1 = scontext->user; + val2 = tcontext->user; ++ free(src); src = strdup("u1"); ++ free(tgt); tgt = strdup("u2"); + break; + case CEXPR_TYPE: + val1 = scontext->type; + val2 = tcontext->type; ++ free(src); src = strdup("t1"); ++ free(tgt); tgt = strdup("t2"); + break; + case CEXPR_ROLE: + val1 = scontext->role; + val2 = tcontext->role; + r1 = policydb->role_val_to_struct[val1 - 1]; + r2 = policydb->role_val_to_struct[val2 - 1]; ++ name1 = policydb->p_role_val_to_name[r1->s.value - 1]; ++ name2 = policydb->p_role_val_to_name[r2->s.value - 1]; ++ snprintf(tmp_buf, sizeof(tmp_buf), "r1=%s", name1); ++ free(src); src = strdup(tmp_buf); ++ snprintf(tmp_buf, sizeof(tmp_buf), "r2=%s ", name2); ++ free(tgt); tgt = strdup(tmp_buf); ++ + switch (e->op) { + case CEXPR_DOM: +- s[++sp] = +- ebitmap_get_bit(&r1->dominates, +- val2 - 1); ++ s[++sp] = ebitmap_get_bit(&r1->dominates, val2 - 1); ++ msgcat(src, tgt, "dom", s[sp] == 0); ++ expr_counter++; + continue; + case CEXPR_DOMBY: +- s[++sp] = +- ebitmap_get_bit(&r2->dominates, +- val1 - 1); ++ s[++sp] = ebitmap_get_bit(&r2->dominates, val1 - 1); ++ msgcat(src, tgt, "domby", s[sp] == 0); ++ expr_counter++; + continue; + case CEXPR_INCOMP: +- s[++sp] = +- (!ebitmap_get_bit +- (&r1->dominates, val2 - 1) +- && !ebitmap_get_bit(&r2->dominates, +- val1 - 1)); ++ s[++sp] = (!ebitmap_get_bit(&r1->dominates, val2 - 1) ++ && !ebitmap_get_bit(&r2->dominates, val1 - 1)); ++ msgcat(src, tgt, "incomp", s[sp] == 0); ++ expr_counter++; + continue; + default: + break; +@@ -194,110 +500,327 @@ static int constraint_expr_eval(context_struct_t * scontext, + case CEXPR_L1L2: + l1 = &(scontext->range.level[0]); + l2 = &(tcontext->range.level[0]); ++ free(src); src = strdup("l1"); ++ free(tgt); tgt = strdup("l2"); + goto mls_ops; + case CEXPR_L1H2: + l1 = &(scontext->range.level[0]); + l2 = &(tcontext->range.level[1]); ++ free(src); src = strdup("l1"); ++ free(tgt); tgt = strdup("h2"); + goto mls_ops; + case CEXPR_H1L2: + l1 = &(scontext->range.level[1]); + l2 = &(tcontext->range.level[0]); ++ free(src); src = strdup("h1"); ++ free(tgt); tgt = strdup("L2"); + goto mls_ops; + case CEXPR_H1H2: + l1 = &(scontext->range.level[1]); + l2 = &(tcontext->range.level[1]); ++ free(src); src = strdup("h1"); ++ free(tgt); tgt = strdup("h2"); + goto mls_ops; + case CEXPR_L1H1: + l1 = &(scontext->range.level[0]); + l2 = &(scontext->range.level[1]); ++ free(src); src = strdup("l1"); ++ free(tgt); tgt = strdup("h1"); + goto mls_ops; + case CEXPR_L2H2: + l1 = &(tcontext->range.level[0]); + l2 = &(tcontext->range.level[1]); +- goto mls_ops; +- mls_ops: ++ free(src); src = strdup("l2"); ++ free(tgt); tgt = strdup("h2"); ++ mls_ops: + switch (e->op) { + case CEXPR_EQ: + s[++sp] = mls_level_eq(l1, l2); ++ msgcat(src, tgt, "eq", s[sp] == 0); ++ expr_counter++; + continue; + case CEXPR_NEQ: + s[++sp] = !mls_level_eq(l1, l2); ++ msgcat(src, tgt, "neq", s[sp] == 0); ++ expr_counter++; + continue; + case CEXPR_DOM: + s[++sp] = mls_level_dom(l1, l2); ++ msgcat(src, tgt, "dom", s[sp] == 0); ++ expr_counter++; + continue; + case CEXPR_DOMBY: + s[++sp] = mls_level_dom(l2, l1); ++ msgcat(src, tgt, "domby", s[sp] == 0); ++ expr_counter++; + continue; + case CEXPR_INCOMP: + s[++sp] = mls_level_incomp(l2, l1); ++ msgcat(src, tgt, "incomp", s[sp] == 0); ++ expr_counter++; + continue; + default: + BUG(); +- return 0; ++ goto out; + } + break; + default: + BUG(); +- return 0; ++ goto out; + } + + switch (e->op) { + case CEXPR_EQ: + s[++sp] = (val1 == val2); ++ msgcat(src, tgt, "eq", s[sp] == 0); + break; + case CEXPR_NEQ: + s[++sp] = (val1 != val2); ++ msgcat(src, tgt, "neq", s[sp] == 0); + break; + default: + BUG(); +- return 0; ++ goto out; + } + break; + case CEXPR_NAMES: + if (sp == (CEXPR_MAXDEPTH - 1)) +- return 0; ++ goto out; ++ s_t_x_num = SOURCE; + c = scontext; +- if (e->attr & CEXPR_TARGET) ++ if (e->attr & CEXPR_TARGET) { ++ s_t_x_num = TARGET; + c = tcontext; +- else if (e->attr & CEXPR_XTARGET) { ++ } else if (e->attr & CEXPR_XTARGET) { ++ s_t_x_num = XTARGET; + c = xcontext; +- if (!c) { +- BUG(); +- return 0; +- } + } +- if (e->attr & CEXPR_USER) ++ if (!c) { ++ BUG(); ++ goto out; ++ } ++ if (e->attr & CEXPR_USER) { ++ u_r_t = CEXPR_USER; + val1 = c->user; +- else if (e->attr & CEXPR_ROLE) ++ name1 = policydb->p_user_val_to_name[val1 - 1]; ++ snprintf(tmp_buf, sizeof(tmp_buf), "u%d=%s ", ++ s_t_x_num, name1); ++ free(src); src = strdup(tmp_buf); ++ } ++ else if (e->attr & CEXPR_ROLE) { ++ u_r_t = CEXPR_ROLE; + val1 = c->role; +- else if (e->attr & CEXPR_TYPE) ++ name1 = policydb->p_role_val_to_name[val1 - 1]; ++ snprintf(tmp_buf, sizeof(tmp_buf), "r%d=%s ", s_t_x_num, name1); ++ free(src); src = strdup(tmp_buf); ++ } ++ else if (e->attr & CEXPR_TYPE) { ++ u_r_t = CEXPR_TYPE; + val1 = c->type; ++ name1 = policydb->p_type_val_to_name[val1 - 1]; ++ snprintf(tmp_buf, sizeof(tmp_buf), ++ "t%d=%s ", s_t_x_num, name1); ++ free(src); src = strdup(tmp_buf); ++ } + else { + BUG(); +- return 0; ++ goto out; + } + + switch (e->op) { + case CEXPR_EQ: ++ switch (u_r_t) { ++ case CEXPR_USER: ++ free(tgt); tgt=strdup("USER_ENTRY"); ++ break; ++ case CEXPR_ROLE: ++ free(tgt); tgt=strdup("ROLE_ENTRY"); ++ break; ++ case CEXPR_TYPE: ++ free(tgt); tgt=strdup("TYPE_ENTRY"); ++ break; ++ default: ++ ERR(NULL, "unrecognized u_r_t Value: %d", u_r_t); ++ break; ++ } ++ + s[++sp] = ebitmap_get_bit(&e->names, val1 - 1); ++ msgcat(src, tgt, "eq", s[sp] == 0); ++ if (s[sp] == 0) { ++ get_names_list(e, u_r_t); ++ } + break; ++ + case CEXPR_NEQ: ++ switch (u_r_t) { ++ case CEXPR_USER: ++ free(tgt); tgt=strdup("USER_ENTRY"); ++ break; ++ case CEXPR_ROLE: ++ free(tgt); tgt=strdup("ROLE_ENTRY"); ++ break; ++ case CEXPR_TYPE: ++ free(tgt); tgt=strdup("TYPE_ENTRY"); ++ break; ++ default: ++ ERR(NULL, "unrecognized u_r_t Value: %d", u_r_t); ++ break; ++ } ++ + s[++sp] = !ebitmap_get_bit(&e->names, val1 - 1); ++ msgcat(src, tgt, "neq", s[sp] == 0); ++ if (s[sp] == 0) { ++ get_names_list(e, u_r_t); ++ } + break; + default: + BUG(); +- return 0; ++ goto out; + } + break; + default: + BUG(); +- return 0; ++ goto out; + } ++ expr_counter++; ++ } ++ ++ /* ++ * At this point each expression of the constraint is in ++ * expr_list[n+1] and in RPN format. Now convert to 'infix' ++ */ ++ ++ /* ++ * Save expr count but zero expr_counter to detect if 'BUG(); goto out;' ++ * was called as we need to release any used expr_list malloc's. Normally ++ * they are released by the RPN to infix code. ++ */ ++ int expr_count = expr_counter; ++ expr_counter = 0; ++ ++ /* ++ * The array of expression answer buffer pointers and counter. Generate ++ * the same number of answer buffer entries as expression buffers (as ++ * there will never be more required). ++ */ ++ char **answer_list; ++ int answer_counter = 0; ++ ++ answer_list = malloc(expr_count * sizeof(*answer_list)); ++ if (!answer_list) { ++ ERR(NULL, "failed to allocate answer stack"); ++ rc = -ENOMEM; ++ goto out; + } + +- BUG_ON(sp != 0); +- return s[0]; ++ /* The pop operands */ ++ char *a; ++ char *b; ++ int a_len, b_len; ++ ++ /* Convert constraint from RPN to infix notation. */ ++ for (x = 0; x != expr_count; x++) { ++ if (strncmp(expr_list[x], "and", 3) == 0 || strncmp(expr_list[x], ++ "or", 2) == 0) { ++ b = pop(); ++ b_len = strlen(b); ++ a = pop(); ++ a_len = strlen(a); ++ ++ /* get a buffer to hold the answer */ ++ answer_list[answer_counter] = malloc(a_len + b_len + 8); ++ if (!answer_list[answer_counter]) { ++ ERR(NULL, "failed to allocate answer buffer"); ++ rc = -ENOMEM; ++ goto out; ++ } ++ memset(answer_list[answer_counter], '\0', a_len + b_len + 8); ++ ++ sprintf(answer_list[answer_counter], "%s %s %s", a, expr_list[x], b); ++ push(answer_list[answer_counter++]); ++ free(a); ++ free(b); ++ } else if (strncmp(expr_list[x], "not", 3) == 0) { ++ b = pop(); ++ b_len = strlen(b); ++ ++ answer_list[answer_counter] = malloc(b_len + 8); ++ if (!answer_list[answer_counter]) { ++ ERR(NULL, "failed to allocate answer buffer"); ++ rc = -ENOMEM; ++ goto out; ++ } ++ memset(answer_list[answer_counter], '\0', b_len + 8); ++ ++ if (strncmp(b, "not", 3) == 0) ++ sprintf(answer_list[answer_counter], "%s (%s)", expr_list[x], b); ++ else ++ sprintf(answer_list[answer_counter], "%s%s", expr_list[x], b); ++ push(answer_list[answer_counter++]); ++ free(b); ++ } else { ++ push(expr_list[x]); ++ } ++ } ++ /* Get the final answer from tos and build constraint text */ ++ a = pop(); ++ ++ /* Constraint calculation: rc = 0 is denied, rc = 1 is granted */ ++ sprintf(tmp_buf,"Constraint %s\n", s[0] ? "GRANTED" : "DENIED"); ++ ++ int len, new_buf_len; ++ char *p, **new_buf = r_buf; ++ /* ++ * These contain the constraint components that are added to the ++ * callers reason buffer. ++ */ ++ char *buffers[] = { class_buf, a, "); ", tmp_buf, 0 }; ++ ++ /* ++ * This will add the constraints to the callers reason buffer (who is ++ * responsible for freeing the memory). It will handle any realloc's ++ * should the buffer be too short. ++ * The reason_buf_used and reason_buf_len counters are defined globally ++ * as multiple constraints can be in the buffer. ++ */ ++ if (r_buf && ((s[0] == 0) || ((s[0] == 1 && ++ (flags & SHOW_GRANTED) == SHOW_GRANTED)))) { ++ for (x = 0; buffers[x] != NULL; x++) { ++ while (1) { ++ p = *r_buf + reason_buf_used; ++ len = snprintf(p, reason_buf_len - reason_buf_used, "%s", buffers[x]); ++ if (len < 0 || len >= reason_buf_len - reason_buf_used) { ++ new_buf_len = reason_buf_len + REASON_BUF_SIZE; ++ *new_buf = realloc(*r_buf, new_buf_len); ++ if (!new_buf) { ++ ERR(NULL, "failed to realloc reason buffer"); ++ goto out1; ++ } ++ **r_buf = **new_buf; ++ reason_buf_len = new_buf_len; ++ continue; ++ } else { ++ reason_buf_used += len; ++ break; ++ } ++ } ++ } ++ } ++ ++out1: ++ rc = s[0]; ++ free(a); ++ ++out: ++ free(class_buf); ++ free(src); ++ free(tgt); ++ ++ if (expr_counter) { ++ for (x = 0; expr_list[x] != NULL; x++) ++ free(expr_list[x]); ++ } ++ return rc; + } + + /* +@@ -309,7 +832,9 @@ static int context_struct_compute_av(context_struct_t * scontext, + sepol_security_class_t tclass, + sepol_access_vector_t requested, + struct sepol_av_decision *avd, +- unsigned int *reason) ++ unsigned int *reason, ++ char **r_buf, ++ unsigned int flags) + { + constraint_node_t *constraint; + struct role_allow *ra; +@@ -384,8 +909,8 @@ static int context_struct_compute_av(context_struct_t * scontext, + constraint = tclass_datum->constraints; + while (constraint) { + if ((constraint->permissions & (avd->allowed)) && +- !constraint_expr_eval(scontext, tcontext, NULL, +- constraint->expr)) { ++ !constraint_expr_eval_reason(scontext, tcontext, NULL, ++ tclass, constraint, r_buf, flags)) { + avd->allowed = + (avd->allowed) & ~(constraint->permissions); + } +@@ -460,8 +985,8 @@ int hidden sepol_validate_transition(sepol_security_id_t oldsid, + + constraint = tclass_datum->validatetrans; + while (constraint) { +- if (!constraint_expr_eval(ocontext, ncontext, tcontext, +- constraint->expr)) { ++ if (!constraint_expr_eval_reason(ocontext, ncontext, tcontext, ++ 0, constraint, NULL, 0)) { + return -EPERM; + } + constraint = constraint->next; +@@ -494,11 +1019,59 @@ int hidden sepol_compute_av_reason(sepol_security_id_t ssid, + } + + rc = context_struct_compute_av(scontext, tcontext, tclass, +- requested, avd, reason); ++ requested, avd, reason, NULL, 0); + out: + return rc; + } + ++/* ++ * sepol_compute_av_reason_buffer - the reason buffer is malloc'd to ++ * REASON_BUF_SIZE. If the buffer size is exceeded, then it is realloc'd ++ * in the constraint_expr_eval_reason() function. ++ */ ++int hidden sepol_compute_av_reason_buffer(sepol_security_id_t ssid, ++ sepol_security_id_t tsid, ++ sepol_security_class_t tclass, ++ sepol_access_vector_t requested, ++ struct sepol_av_decision *avd, ++ unsigned int *reason, ++ char **reason_buf, ++ unsigned int flags) ++{ ++ *reason_buf = malloc(REASON_BUF_SIZE); ++ if (!*reason_buf) { ++ ERR(NULL, "failed to allocate reason buffer"); ++ return -ENOMEM; ++ } ++ /* ++ * These are defined globally as the buffer can contain multiple ++ * constraint statements so need to keep track ++ */ ++ reason_buf_used = 0; ++ reason_buf_len = REASON_BUF_SIZE; ++ ++ context_struct_t *scontext = 0, *tcontext = 0; ++ int rc = 0; ++ ++ scontext = sepol_sidtab_search(sidtab, ssid); ++ if (!scontext) { ++ ERR(NULL, "unrecognized SID %d", ssid); ++ rc = -EINVAL; ++ goto out; ++ } ++ tcontext = sepol_sidtab_search(sidtab, tsid); ++ if (!tcontext) { ++ ERR(NULL, "unrecognized SID %d", tsid); ++ rc = -EINVAL; ++ goto out; ++ } ++ ++ rc = context_struct_compute_av(scontext, tcontext, tclass, ++ requested, avd, reason, reason_buf, flags); ++out: ++ return rc; ++} ++ + int hidden sepol_compute_av(sepol_security_id_t ssid, + sepol_security_id_t tsid, + sepol_security_class_t tclass, +@@ -511,6 +1084,70 @@ int hidden sepol_compute_av(sepol_security_id_t ssid, + } + + /* ++ * Return a class ID associated with the class string specified by ++ * class_name. ++ */ ++int hidden sepol_class_name_to_id(const char *class_name, ++ sepol_security_class_t *tclass) ++{ ++ char *class = NULL; ++ sepol_security_class_t id; ++ ++ for (id = 1; ; id++) { ++ if ((class = policydb->p_class_val_to_name[id - 1]) == NULL) { ++ ERR(NULL, "could not convert %s to class id", class_name); ++ return STATUS_ERR; ++ } ++ if ((strcmp(class, class_name)) == 0) { ++ *tclass = id; ++ return STATUS_SUCCESS; ++ } ++ } ++} ++ ++/* ++ * Return access vector bit associated with the class ID and permission ++ * string. ++ */ ++int hidden sepol_perm_name_to_av(sepol_security_class_t tclass, ++ const char *perm_name, ++ sepol_access_vector_t *av) ++{ ++ class_datum_t *tclass_datum; ++ perm_datum_t *perm_datum; ++ ++ if (!tclass || tclass > policydb->p_classes.nprim) { ++ ERR(NULL, "unrecognized class %d", tclass); ++ return -EINVAL; ++ } ++ tclass_datum = policydb->class_val_to_struct[tclass - 1]; ++ ++ /* Check for unique perms then the common ones (if any) */ ++ perm_datum = (perm_datum_t *) ++ hashtab_search(tclass_datum->permissions.table, ++ (hashtab_key_t)perm_name); ++ if (perm_datum != NULL) { ++ *av = 0x1 << (perm_datum->s.value - 1); ++ return STATUS_SUCCESS; ++ } ++ ++ if (tclass_datum->comdatum == NULL) ++ goto out; ++ ++ perm_datum = (perm_datum_t *) ++ hashtab_search(tclass_datum->comdatum->permissions.table, ++ (hashtab_key_t)perm_name); ++ ++ if (perm_datum != NULL) { ++ *av = 0x1 << (perm_datum->s.value - 1); ++ return STATUS_SUCCESS; ++ } ++out: ++ ERR(NULL, "could not convert %s to av bit", perm_name); ++ return STATUS_ERR; ++} ++ ++/* + * Write the security context string representation of + * the context associated with `sid' into a dynamically + * allocated string of the correct size. Set `*scontext' +@@ -1339,7 +1976,7 @@ int hidden sepol_get_user_sids(sepol_security_id_t fromsid, + rc = context_struct_compute_av(fromcon, &usercon, + SECCLASS_PROCESS, + PROCESS__TRANSITION, +- &avd, &reason); ++ &avd, &reason, NULL, 0); + if (rc || !(avd.allowed & PROCESS__TRANSITION)) + continue; + rc = sepol_sidtab_context_to_sid(sidtab, &usercon, +diff --git a/libsepol/src/write.c b/libsepol/src/write.c +index 55992f8..6fe73e6 100644 +--- a/libsepol/src/write.c ++++ b/libsepol/src/write.c +@@ -893,8 +893,11 @@ static int write_cons_helper(policydb_t * p, + if (ebitmap_write(&e->names, fp)) { + return POLICYDB_ERROR; + } +- if (p->policy_type != POLICY_KERN && +- type_set_write(e->type_names, fp)) { ++ if ((p->policy_type != POLICY_KERN && ++ type_set_write(e->type_names, fp)) || ++ (p->policy_type == POLICY_KERN && ++ (p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES) && ++ type_set_write(e->type_names, fp))) { + return POLICYDB_ERROR; + } + break; diff --git a/SPECS/libsepol.spec b/SPECS/libsepol.spec new file mode 100644 index 0000000..a792eba --- /dev/null +++ b/SPECS/libsepol.spec @@ -0,0 +1,1123 @@ +Summary: SELinux binary policy manipulation library +Name: libsepol +Version: 2.1.9 +Release: 1%{?dist} +License: LGPLv2+ +Group: System Environment/Libraries +Source: http://www.nsa.gov/selinux/archives/libsepol-%{version}.tgz +Patch: libsepol-rhat.patch +URL: http://www.selinuxproject.org +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +%description +Security-enhanced Linux is a feature of the Linux® kernel and a number +of utilities with enhanced security functionality designed to add +mandatory access controls to Linux. The Security-enhanced Linux +kernel contains new architectural components originally developed to +improve the security of the Flask operating system. These +architectural components provide general support for the enforcement +of many kinds of mandatory access control policies, including those +based on the concepts of Type Enforcement®, Role-based Access +Control, and Multi-level Security. + +libsepol provides an API for the manipulation of SELinux binary policies. +It is used by checkpolicy (the policy compiler) and similar tools, as well +as by programs like load_policy that need to perform specific transformations +on binary policies such as customizing policy boolean settings. + +%package devel +Summary: Header files and libraries used to build policy manipulation tools +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} + +%description devel +The libsepol-devel package contains the libraries and header files +needed for developing applications that manipulate binary policies. + +%package static +Summary: static libraries used to build policy manipulation tools +Group: Development/Libraries +Requires: %{name}-devel = %{version}-%{release} + +%description static +The libsepol-static package contains the static libraries and header files +needed for developing applications that manipulate binary policies. + +%prep +%setup -q +%patch -p2 -b .rhat + +# sparc64 is an -fPIC arch, so we need to fix it here +%ifarch sparc64 +sed -i 's/fpic/fPIC/g' src/Makefile +%endif + +%build +make clean +make %{?_smp_mflags} CFLAGS="%{optflags}" + +%install +rm -rf ${RPM_BUILD_ROOT} +mkdir -p ${RPM_BUILD_ROOT}/%{_lib} +mkdir -p ${RPM_BUILD_ROOT}/%{_libdir} +mkdir -p ${RPM_BUILD_ROOT}%{_includedir} +mkdir -p ${RPM_BUILD_ROOT}%{_bindir} +mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man3 +mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8 +make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_lib}" install +rm -f ${RPM_BUILD_ROOT}%{_bindir}/genpolbools +rm -f ${RPM_BUILD_ROOT}%{_bindir}/genpolusers +rm -f ${RPM_BUILD_ROOT}%{_bindir}/chkcon +rm -rf ${RPM_BUILD_ROOT}%{_mandir}/man8 + +%clean +rm -rf ${RPM_BUILD_ROOT} + +%post +/sbin/ldconfig +[ -x /sbin/telinit ] && [ -p /dev/initctl ] && /sbin/telinit U +exit 0 + +%postun -p /sbin/ldconfig + +%files static +%defattr(-,root,root) +%{_libdir}/libsepol.a + +%files devel +%defattr(-,root,root) +%{_libdir}/libsepol.so +%{_libdir}/pkgconfig/libsepol.pc +%{_includedir}/sepol/*.h +%{_mandir}/man3/*.3.gz +%dir %{_includedir}/sepol +%dir %{_includedir}/sepol/policydb +%{_includedir}/sepol/policydb/*.h + +%files +%defattr(-,root,root) +/%{_lib}/libsepol.so.1 + +%changelog +* Thu Feb 7 2013 Dan Walsh - 2.1.9-1 +- Update to upstream + * filename_trans: use some better sorting to compare and merge + * coverity fixes + * implement default type policy syntax + * Fix memory leak issues found by Klocwork +- Add CONTRAINT_NAMES to the kernel + +* Sun Jan 27 2013 Dan Walsh - 2.1.8-8 +- Update to latest patches from eparis/Upstream + +* Fri Jan 25 2013 Dan Walsh - 2.1.8-7 +- Update to latest patches from eparis/Upstream + +* Tue Jan 8 2013 Dan Walsh - 2.1.8-6 +- Fix libsepol.stack messages in audit2allow/audit2why + +* Fri Jan 4 2013 Dan Walsh - 2.1.8-5 +- Update to latest patches from eparis/Upstream + +* Tue Nov 27 2012 Dan Walsh - 2.1.8-4 +- Update Richard Haines patch to show constraint information + +* Mon Nov 19 2012 Dan Walsh - 2.1.8-3 +- Add sepol_compute_av_reason_buffer patch from Richard Haines + +* Wed Sep 19 2012 Dan Walsh - 2.1.8-2 +- Revert patch that was attempting to expand filetrans attributes, but is breaking filetrans rules + +* Thu Sep 13 2012 Dan Walsh - 2.1.8-1 +- Update to upstream + * fix neverallow checking on attributes + * Move context_copy() after switch block in ocontext_copy_*(). + * check for missing initial SID labeling statement. + * Add always_check_network policy capability + * role_fix_callback skips out-of-scope roles during expansion. + +* Mon Jul 30 2012 Dan Walsh - 2.1.7-4 +- Try new patches + +* Tue Jul 24 2012 Dan Walsh - 2.1.7-3 +- Revert patches + +* Thu Jul 19 2012 Fedora Release Engineering - 2.1.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Jul 4 2012 Dan Walsh - 2.1.7-1 +- Update to upstream + * reserve policycapability for redhat testing of ptrace child + * cosmetic changes to make the source easier to read + * prepend instead of append to filename_trans list + * Android/MacOS X build support + * allocate enough space to hold filename in trans rules + +* Mon Apr 23 2012 Dan Walsh - 2.1.5-3 +- Fix off by one error that is causing file_name transition rules to be expanded- incorrectly on i686 machines + +* Tue Apr 17 2012 Dan Walsh - 2.1.5-2 +- Add support for ptrace_child + +* Thu Mar 29 2012 Dan Walsh - 2.1.5-1 +- Update to upstream + * checkpolicy: implement new default labeling behaviors + +* Fri Jan 13 2012 Fedora Release Engineering - 2.1.4-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Dec 21 2011 Dan Walsh - 2.1.4-5 +- Update to match eparis pool + +* Thu Dec 15 2011 Dan Walsh - 2.1.4-4 +- Additional fix for default transitioning labeling for semodule + +* Thu Dec 15 2011 Dan Walsh - 2.1.4-3 +- Add Eparis patch for handling of default transition labeling + +* Mon Dec 5 2011 Dan Walsh - 2.1.4-2 +- Allow policy to specify the source of target for generating the default user,role +- or mls label for a new target. + +* Fri Nov 4 2011 Dan Walsh - 2.1.4-1 +- Update to upstream + * regenerate .pc on VERSION change + * Move ebitmap_* functions from mcstrans to libsepol + * expand: do filename_trans type comparison on mapped representation + +* Mon Oct 31 2011 Dan Walsh - 2.1.3-2 +-The filename_trans code had a bug where duplicate detection was being +done between the unmapped type value of a new rule and the type value of +rules already in policy. This meant that duplicates were not being +silently dropped and were instead outputting a message that there was a +problem. It made things hard because the message WAS using the mapped +type to convert to the string representation, so it didn't look like a +dup! + +* Mon Sep 19 2011 Dan Walsh - 2.1.3-1 +-Update to upstream + * Skip writing role attributes for policy.X and + * Indicate when boolean is indeed a tunable. + * Separate tunable from boolean during compile. + * Write and read TUNABLE flags in related + * Copy and check the cond_bool_datum_t.flags during link. + * Permanently discard disabled branches of tunables in + * Skip tunable identifier and cond_node_t in expansion. + * Create a new preserve_tunables flag + * Preserve tunables when required by semodule program. + * setools expects expand_module_avrules to be an exported + * tree: default make target to all not + +* Thu Sep 15 2011 Dan Walsh - 2.1.2-3 +- Add patch to handle preserving tunables + +* Thu Sep 1 2011 Dan Walsh - 2.1.2-2 +- export expand_module_avrules + +* Thu Aug 18 2011 Dan Walsh - 2.1.2-0 +- Update to upstream + * Only call role_fix_callback for base.p_roles during expansion. + * use mapped role number instead of module role number + +* Mon Aug 1 2011 Dan Walsh 2.1.1-1 +- Update to upstream + * Minor fix to reading policy with filename transition rules + +* Wed Jul 27 2011 Dan Walsh 2.1.0-1 +- Update to upstream + * Release, minor version bump + +* Tue May 3 2011 Dan Walsh 2.0.45-1 +- Update to upstream + * Warn if filename_trans rules are dropped by Steve Lawrence. + +* Thu Apr 21 2011 Dan Walsh 2.0.44-2 +- Fixes for new role_transition class field by Eric Paris. + +* Thu Apr 14 2011 Dan Walsh 2.0.44-1 +-Update to upstream + * Fixes for new role_transition class field by Eric Paris. + * Add libsepol support for filename_trans rules by Eric Paris. + +* Tue Apr 12 2011 Dan Walsh 2.0.43-3 +- re-add Erics patch for filename transitions + +* Tue Apr 12 2011 Dan Walsh 2.0.43-1 +-Update to upstream + * Add new class field in role_transition by Harry Ciao. + +* Tue Mar 29 2011 Dan Walsh 2.0.42-3 +- Apply Eparis Patch + This patch add libsepol support for filename_trans rules. These rules +allow on to make labeling decisions for new objects based partially on +the last path component. They are stored in a list. If we find that +the number of rules grows to an significant size I will likely choose to +store these in a hash, both in libsepol and in the kernel. But as long +as the number of such rules stays small, this should be good. + +* Tue Feb 08 2011 Fedora Release Engineering - 2.0.42-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Dec 21 2010 Dan Walsh 2.0.42-1 +- Upgrade to latest from NSA + * Fix compliation under GCC 4.6 by Justin Mattock + +* Thu Feb 18 2010 Dan Walsh 2.0.41-3 +- Fix libsepol.pc file + +* Thu Jan 28 2010 Dan Walsh 2.0.41-2 +- Resolve specfile problems +Resolves: #555835 + +* Wed Nov 18 2009 Dan Walsh 2.0.41-1 +- Upgrade to latest from NSA + * Fixed typo in error message from Manoj Srivastava. + +* Mon Nov 2 2009 Dan Walsh 2.0.40-1 +- Upgrade to latest from NSA + * Add pkgconfig file from Eamon Walsh. + +* Wed Oct 14 2009 Dan Walsh 2.0.39-1 +- Upgrade to latest from NSA + * Add support for building Xen policies from Paul Nuzzi. + +* Tue Sep 8 2009 Dan Walsh 2.0.38-1 +- Upgrade to latest from NSA + * Check last offset in the module package against the file size. + Reported by Manoj Srivastava for bug filed by Max Kellermann. + +* Sat Jul 25 2009 Fedora Release Engineering - 2.0.37-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Jul 7 2009 Dan Walsh 2.0.37-1 +- Upgrade to latest from NSA + * Add method to check disable dontaudit flag from Christopher Pardy. + +* Wed Mar 25 2009 Dan Walsh 2.0.36-1 +- Upgrade to latest from NSA + * Fix boolean state smashing from Joshua Brindle. + +* Thu Mar 5 2009 Dan Walsh 2.0.35-3 +- Fix license specification to be LGPL instead of GPL + +* Wed Feb 25 2009 Fedora Release Engineering - 2.0.35-2 + +* Wed Feb 18 2009 Dan Walsh 2.0.35-1 +- Upgrade to latest from NSA + * Fix alias field in module format, caused by boundary format change + from Caleb Case. + +* Tue Oct 14 2008 Dan Walsh 2.0.34-1 +- Upgrade to latest from NSA + * Add bounds support from KaiGai Kohei. + * Fix invalid aliases bug from Joshua Brindle. + +* Tue Sep 30 2008 Dan Walsh 2.0.33-1 +- Upgrade to latest from NSA + * Revert patch that removed expand_rule. + +* Mon Jul 7 2008 Dan Walsh 2.0.32-1 +- Upgrade to latest from NSA + * Allow require then declare in the source policy from Joshua Brindle. + +* Sun Jun 22 2008 Dan Walsh 2.0.31-1 +- Upgrade to latest from NSA + * Fix mls_semantic_level_expand() to handle a user require w/o MLS information from Stephen Smalley. + +* Wed Jun 11 2008 Dan Walsh 2.0.30-1 +- Upgrade to latest from NSA + * Fix endianness bug in the handling of network node addresses from Stephen Smalley. + Only affects big endian platforms. + Bug reported by John Weeks of Sun upon policy mismatch between x86 and sparc. + +* Wed May 28 2008 Dan Walsh 2.0.29-1 +- Upgrade to latest from NSA + * Merge user and role mapping support from Joshua Brindle. + +* Mon May 19 2008 Dan Walsh 2.0.28-1 +- Upgrade to latest from NSA + * Fix mls_level_convert() to gracefully handle an empty user declaration/require from Stephen Smalley. + * Belatedly merge test for policy downgrade from Todd Miller. + +* Thu Mar 27 2008 Dan Walsh 2.0.26-1 +- Upgrade to latest from NSA + * Add permissive domain support from Eric Paris. + +* Thu Mar 13 2008 Dan Walsh 2.0.25-1 +- Upgrade to latest from NSA + * Drop unused ->buffer field from struct policy_file. + * Add policy_file_init() initalizer for struct policy_file and use it, from Todd C. Miller. + + +* Thu Feb 28 2008 Dan Walsh 2.0.23-1 +- Upgrade to latest from NSA + * Accept "Flask" as an alternate identifier string in kernel policies from Stephen Smalley. + * Add support for open_perms policy capability from Eric Paris. + +* Wed Feb 20 2008 Dan Walsh 2.0.21-1 +- Upgrade to latest from NSA + * Fix invalid memory allocation in policydb_index_others() from Jason Tang. + +* Mon Feb 4 2008 Dan Walsh 2.0.20-1 +- Upgrade to latest from NSA + * Port of Yuichi Nakamura's tune avtab to reduce memory usage patch from the kernel avtab to libsepol from Stephen Smalley. + +* Sat Feb 2 2008 Dan Walsh 2.0.19-1 +- Upgrade to latest from NSA + * Add support for consuming avrule_blocks during expansion to reduce + peak memory usage. + +* Mon Jan 21 2008 Dan Walsh 2.0.18-2 +- Fixed for spec review + +* Fri Jan 11 2008 Dan Walsh 2.0.18-1 +- Upgrade to latest from NSA + * Added support for policy capabilities from Todd Miller. + * Prevent generation of policy.18 with MLS enabled from Todd Miller. + +* Mon Dec 10 2007 Dan Walsh 2.0.16-1 +- Upgrade to latest from NSA + * print module magic number in hex on mismatch, from Todd Miller. + +* Fri Nov 30 2007 Dan Walsh 2.0.15-1 +- Upgrade to latest from NSA + * clarify and reduce neverallow error reporting from Stephen Smalley. + +* Tue Nov 6 2007 Dan Walsh 2.0.14-1 +- Upgrade to latest from NSA + * Reject self aliasing at link time from Stephen Smalley. + * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley. + * Fixed bug in require checking from Stephen Smalley. + * Added user hierarchy checking from Todd Miller. + +* Wed Sep 26 2007 Dan Walsh 2.0.11-1 + * Pass CFLAGS to CC even on link command, per Dennis Gilmore. + +* Tue Sep 18 2007 Dan Walsh 2.0.10-1 +- Upgrade to latest from NSA + * Merged support for the handle_unknown policydb flag from Eric Paris. + +* Fri Aug 31 2007 Dan Walsh 2.0.9-1 +- Upgrade to latest from NSA + * Moved next_entry and put_entry out-of-line to reduce code size from Ulrich Drepper. + * Fixed module_package_read_offsets bug introduced by the prior patch. + +* Thu Aug 23 2007 Dan Walsh 2.0.7-1 +- Upgrade to latest from NSA + * Eliminate unaligned accesses from policy reading code from Stephen Smalley. + +* Mon Aug 20 2007 Dan Walsh 2.0.6-1 +- Upgrade to latest from NSA + * Allow dontaudits to be turned off during policy expansion + + +* Fri Aug 10 2007 Dan Walsh 2.0.5-1 +- Upgrade to latest from NSA + * Fix sepol_context_clone to handle a NULL context correctly. + This happens for e.g. semanage_fcontext_set_con(sh, fcontext, NULL) + to set the file context entry to "<>". +- Apply patch from Joshua Brindle to disable dontaudit rules + + +* Thu Jun 21 2007 Dan Walsh 2.0.4-1 +- Upgrade to latest from NSA + * Merged error handling patch from Eamon Walsh. + +* Tue Apr 17 2007 Dan Walsh 2.0.3-1 +- Upgrade to latest from NSA + * Merged add boolmap argument to expand_module_avrules() from Chris PeBenito. + +* Fri Mar 30 2007 Dan Walsh 2.0.2-1 +- Upgrade to latest from NSA + * Merged fix from Karl to remap booleans at expand time to + avoid holes in the symbol table. + +* Wed Feb 7 2007 Dan Walsh 2.0.1-1 +- Upgrade to latest from NSA + * Merged libsepol segfault fix from Stephen Smalley for when + sensitivities are required but not present in the base. + * Merged patch to add errcodes.h to libsepol by Karl MacMillan. + +* Fri Jan 19 2007 Dan Walsh 1.16.0-1 +- Upgrade to latest from NSA + * Updated version for stable branch. + +* Tue Dec 12 2006 Adam Jackson 1.15.3-1 +- Add dist tag and rebuild, fixes 6 to 7 upgrades. + +* Tue Nov 28 2006 Dan Walsh 1.15.3-1 +- Upgrade to latest from NSA + * Merged patch to compile wit -fPIC instead of -fpic from + Manoj Srivastava to prevent hitting the global offest table + limit. Patch changed to include libselinux and libsemanage in + addition to libselinux. + +* Wed Nov 1 2006 Dan Walsh 1.15.2-1 +- Upgrade to latest from NSA + * Merged fix from Karl MacMillan for a segfault when linking + non-MLS modules with users in them. + +* Tue Oct 24 2006 Dan Walsh 1.15.1-1 +- Upgrade to latest from NSA + * Merged fix for version comparison that was preventing range + transition rules from being written for a version 5 base policy + from Darrel Goeddel. + +* Tue Oct 17 2006 Dan Walsh 1.14-1 +- NSA Released version - Same as previous but changed release number + +* Tue Oct 17 2006 Dan Walsh 1.12.28-1 +- Upgrade to latest from NSA + * Build libsepol's static object files with -fpic + +* Thu Sep 28 2006 Dan Walsh 1.12.27-1 +- Upgrade to latest from NSA + * Merged mls user and range_transition support in modules + from Darrel Goeddel + +* Wed Sep 6 2006 Dan Walsh 1.12.26-1 +- Upgrade to latest from NSA + * Merged range transition enhancements and user format changes + Darrel Goeddel + +* Fri Aug 25 2006 Dan Walsh 1.12.25-3 +- Fix location of include directory to devel package + +* Fri Aug 25 2006 Dan Walsh 1.12.25-2 +- Remove invalid Requires + +* Thu Aug 24 2006 Dan Walsh 1.12.25-1 +- Upgrade to latest from NSA + * Merged conditionally expand neverallows patch from Jeremy Mowery. + * Merged refactor expander patch from Jeremy Mowery. + +* Thu Aug 3 2006 Dan Walsh 1.12.24-1 +- Upgrade to latest from NSA + * Merged libsepol unit tests from Joshua Brindle. + * Merged symtab datum patch from Karl MacMillan. + * Merged netfilter contexts support from Chris PeBenito. + +* Tue Aug 1 2006 Dan Walsh 1.12.21-1 +- Upgrade to latest from NSA + * Merged helpful hierarchy check errors patch from Joshua Brindle. + * Merged semodule_deps patch from Karl MacMillan. + This adds source module names to the avrule decls. + +* Wed Jul 12 2006 Jesse Keating - 1.12.19-1.1 +- rebuild + +* Tue Jul 4 2006 Dan Walsh 1.12.19-1 +- Upgrade to latest from NSA + * Lindent. + * Merged optionals in base take 2 patch set from Joshua Brindle. + +* Tue Jun 13 2006 Bill Nottingham 1.12.17-2 +- bump so it's newer than the FC5 version + +* Mon Jun 5 2006 Dan Walsh 1.12.17-1 +- Upgrade to latest from NSA + * Revert 1.12.16. + * Merged cleaner fix for bool_ids overflow from Karl MacMillan, + replacing the prior patch. + * Merged fixes for several memory leaks in the error paths during + policy read from Serge Hallyn. + +* Tue May 30 2006 Dan Walsh 1.12.14-1 +- Upgrade to latest from NSA + * Fixed bool_ids overflow bug in cond_node_find and cond_copy_list, + based on bug report and suggested fix by Cedric Roux. + * Merged sens_copy_callback, check_role_hierarchy_callback, + and node_from_record fixes from Serge Hallyn. + +* Tue May 23 2006 Dan Walsh 1.12.12-1 +- Upgrade to latest from NSA + * Added sepol_policydb_compat_net() interface for testing whether + a policy requires the compatibility support for network checks + to be enabled in the kernel. + +* Thu May 18 2006 Dan Walsh 1.12.11-1 +- Upgrade to latest from NSA + * Merged patch to initialize sym_val_to_name arrays from Kevin Carr. + Reworked to use calloc in the first place, and converted some other + malloc/memset pairs to calloc calls. + +* Mon May 15 2006 Dan Walsh 1.12.10-1 +- Upgrade to latest from NSA + * Merged patch to revert role/user decl upgrade from Karl MacMillan. + +* Thu May 11 2006 Steve Grubb 1.12.9 +- Couple minor spec file clean ups + +* Mon May 8 2006 Dan Walsh 1.12.9-1 +- Upgrade to latest from NSA + * Dropped tests from all Makefile target. + * Merged fix warnings patch from Karl MacMillan. + * Merged libsepol test framework patch from Karl MacMillan. + +* Mon May 1 2006 Dan Walsh 1.12.6-1 +- Upgrade to latest from NSA + * Fixed cond_normalize to traverse the entire cond list at link time. + +* Wed Apr 5 2006 Dan Walsh 1.12.5-1 +- Upgrade to latest from NSA + * Merged fix for leak of optional package sections from Ivan Gyurdiev. + +* Wed Mar 29 2006 Dan Walsh 1.12.4-1 +- Upgrade to latest from NSA + * Generalize test for bitmap overflow in ebitmap_set_bit. + +* Mon Mar 27 2006 Dan Walsh 1.12.3-1 +- Upgrade to latest from NSA + * Fixed attr_convert_callback and expand_convert_type_set + typemap bug. + +* Fri Mar 24 2006 Dan Walsh 1.12.2-1 +- Upgrade to latest from NSA + * Fixed avrule_block_write num_decls endian bug. + +* Fri Mar 17 2006 Dan Walsh 1.12.1-1 +- Upgrade to latest from NSA + * Fixed sepol_module_package_write buffer overflow bug. + +* Fri Mar 10 2006 Dan Walsh 1.12-2 +- Upgrade to latest from NSA + * Updated version for release. + * Merged cond_evaluate_expr fix from Serge Hallyn (IBM). + * Fixed bug in copy_avrule_list reported by Ivan Gyurdiev. + * Merged sepol_policydb_mls_enabled interface and error handling + changes from Ivan Gyurdiev. + +* Mon Feb 20 2006 Dan Walsh 1.11.18-2 +- Rebuild for fc5-head + +* Fri Feb 17 2006 Dan Walsh 1.11.18-1 +- Upgrade to latest from NSA + * Merged node_expand_addr bugfix and node_compare* change from + Ivan Gyurdiev. + +* Thu Feb 16 2006 Dan Walsh 1.11.17-1 +- Upgrade to latest from NSA + * Merged nodes, ports: always prepend patch from Ivan Gyurdiev. + * Merged bug fix patch from Ivan Gyurdiev. + * Added a defined flag to level_datum_t for use by checkpolicy. + * Merged nodecon support patch from Ivan Gyurdiev. + * Merged cleanups patch from Ivan Gyurdiev. + +* Mon Feb 13 2006 Dan Walsh 1.11.14-2 +- Fix post install not to fire if /dev/initctr does not exist + +* Mon Feb 13 2006 Dan Walsh 1.11.14-1 +- Upgrade to latest from NSA + * Merged optionals in base patch from Joshua Brindle. + +* Fri Feb 10 2006 Jesse Keating - 1.11.13-1.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 7 2006 Dan Walsh 1.11.13-1 +- Upgrade to latest from NSA + * Merged seuser/user_extra support patch from Joshua Brindle. + * Merged fix patch from Ivan Gyurdiev. + +* Tue Feb 07 2006 Jesse Keating - 1.11.12-1.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Thu Feb 2 2006 Dan Walsh 1.11.12-1 +- Upgrade to latest from NSA + * Merged assertion copying bugfix from Joshua Brindle. + * Merged sepol_av_to_string patch from Joshua Brindle. + * Merged clone record on set_con patch from Ivan Gyurdiev. + +* Mon Jan 30 2006 Dan Walsh 1.11.10-1 +- Upgrade to latest from NSA + * Merged cond_expr mapping and package section count bug fixes + from Joshua Brindle. + * Merged improve port/fcontext API patch from Ivan Gyurdiev. + * Merged fixes for overflow bugs on 64-bit from Ivan Gyurdiev. + +* Fri Jan 13 2006 Dan Walsh 1.11.9-1 +- Upgrade to latest from NSA + * Merged size_t -> unsigned int patch from Ivan Gyurdiev. + +* Tue Jan 10 2006 Dan Walsh 1.11.8-1 +- Upgrade to latest from NSA + * Merged 2nd const in APIs patch from Ivan Gyurdiev. + +* Fri Jan 6 2006 Dan Walsh 1.11.7-1 +- Upgrade to latest from NSA + * Merged const in APIs patch from Ivan Gyurdiev. + * Merged compare2 function patch from Ivan Gyurdiev. + * Fixed hierarchy checker to only check allow rules. + +* Thu Jan 5 2006 Dan Walsh 1.11.5-1 +- Upgrade to latest from NSA + * Merged further fixes from Russell Coker, specifically: + - av_to_string overflow checking + - sepol_context_to_string error handling + - hierarchy checking memory leak fixes and optimizations + - avrule_block_read variable initialization + * Marked deprecated code in genbools and genusers. + +* Thu Jan 5 2006 Dan Walsh 1.11.4-1 +- Upgrade to latest from NSA + * Merged bugfix for sepol_port_modify from Russell Coker. + * Fixed bug in sepol_iface_modify error path noted by Ivan Gyurdiev. + * Merged port ordering patch from Ivan Gyurdiev. + +* Wed Jan 4 2006 Dan Walsh 1.11.2-2 +- Upgrade to latest from NSA + * Merged patch series from Ivan Gyurdiev. + This includes patches to: + - support ordering of records in compare function + - enable port interfaces + - add interfaces for context validity and range checks + - add include guards + +* Tue Dec 27 2005 Dan Walsh 1.11.1-2 +- Add Ivans patch to make ports work + +* Fri Dec 16 2005 Dan Walsh 1.11.1-1 +- Upgrade to latest from NSA + * Fixed mls_range_cpy bug. + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Wed Dec 7 2005 Dan Walsh 1.10-1 +- Upgrade to latest from NSA + +* Mon Dec 5 2005 Dan Walsh 1.9.42-1 +- Upgrade to latest from NSA + * Dropped handle from user_del_role interface. + +* Mon Nov 28 2005 Dan Walsh 1.9.41-1 +- Upgrade to latest from NSA + * Merged remove defrole from sepol patch from Ivan Gyurdiev. + +* Wed Nov 16 2005 Dan Walsh 1.9.40-1 +- Upgrade to latest from NSA + * Merged module function and map file cleanup from Ivan Gyurdiev. + * Merged MLS and genusers cleanups from Ivan Gyurdiev. + +* Wed Nov 9 2005 Dan Walsh 1.9.39-1 +- Upgrade to latest from NSA + Prepare for removal of booleans* and *.users files. + * Cleaned up sepol_genbools to not regenerate the image if + there were no changes in the boolean values, including the + degenerate case where there are no booleans or booleans.local + files. + * Cleaned up sepol_genusers to not warn on missing local.users. + +* Tue Nov 8 2005 Dan Walsh 1.9.38-1 +- Upgrade to latest from NSA + * Removed sepol_port_* from libsepol.map, as the port interfaces + are not yet stable. + +* Mon Nov 7 2005 Dan Walsh 1.9.37-1 +- Upgrade to latest from NSA + * Merged context destroy cleanup patch from Ivan Gyurdiev. + +* Thu Nov 3 2005 Dan Walsh 1.9.36-1 +- Upgrade to latest from NSA + * Merged context_to_string interface change patch from Ivan Gyurdiev. + +* Thu Nov 3 2005 Dan Walsh 1.9.35-1 +- Upgrade to latest from NSA + * Added src/dso.h and src/*_internal.h. + Added hidden_def for exported symbols used within libsepol. + Added hidden for symbols that should not be exported by + the wildcards in libsepol.map. + +* Mon Oct 31 2005 Dan Walsh 1.9.34-1 +- Upgrade to latest from NSA + * Merged record interface, record bugfix, and set_roles patches + from Ivan Gyurdiev. + +* Fri Oct 28 2005 Dan Walsh 1.9.33-1 +- Upgrade to latest from NSA + * Merged count specification change from Ivan Gyurdiev. + +* Wed Oct 26 2005 Dan Walsh 1.9.32-1 +- Upgrade to latest from NSA + * Added further checking and error reporting to + sepol_module_package_read and _info. + * Merged sepol handle passing, DEBUG conversion, and memory leak + fix patches from Ivan Gyurdiev. + +* Tue Oct 25 2005 Dan Walsh 1.9.30-1 +- Upgrade to latest from NSA + * Removed processing of system.users from sepol_genusers and + dropped delusers logic. + * Removed policydb_destroy from error path of policydb_read, + since create/init/destroy/free of policydb is handled by the + caller now. + * Fixed sepol_module_package_read to handle a failed policydb_read + properly. + * Merged query/exists and count patches from Ivan Gyurdiev. + * Merged fix for pruned types in expand code from Joshua Brindle. + * Merged new module package format code from Joshua Brindle. + + +* Mon Oct 24 2005 Dan Walsh 1.9.26-1 +- Upgrade to latest from NSA + * Merged context interface cleanup, record conversion code, + key passing, and bug fix patches from Ivan Gyurdiev. + +* Fri Oct 21 2005 Dan Walsh 1.9.25-1 +- Upgrade to latest from NSA + * Merged users cleanup patch from Ivan Gyurdiev. + * Merged user record memory leak fix from Ivan Gyurdiev. + * Merged reorganize users patch from Ivan Gyurdiev. + +- Need to check for /sbin/telinit + +* Tue Oct 18 2005 Dan Walsh 1.9.23-1 +- Upgrade to latest from NSA + * Added check flag to expand_module() to control assertion + and hierarchy checking on expansion. + * Reworked check_assertions() and hierarchy_check_constraints() + to take handles and use callback-based error reporting. + * Changed expand_module() to call check_assertions() and + hierarchy_check_constraints() prior to returning the expanded + policy. + +* Tue Oct 18 2005 Dan Walsh 1.9.21-1 +- Upgrade to latest from NSA + * Changed sepol_module_package_set_file_contexts to copy the + file contexts data since it is internally managed. + * Added sepol_policy_file_set_handle interface to associate + a handle with a policy file. + * Added handle argument to policydb_from_image/to_image. + * Added sepol_module_package_set_file_contexts interface. + * Dropped sepol_module_package_create_file interface. + * Reworked policydb_read/write, policydb_from_image/to_image, + and sepol_module_package_read/write to use callback-based error + reporting system rather than DEBUG. + +* Tue Oct 18 2005 Dan Walsh 1.9.19-1 +- Upgrade to latest from NSA + * Reworked link_packages, link_modules, and expand_module to use + callback-based error reporting system rather than error buffering. + +* Sat Oct 15 2005 Dan Walsh 1.9.18-1 +- Upgrade to latest from NSA + * Merged conditional expression mapping fix in the module linking + code from Joshua Brindle. + +* Fri Oct 14 2005 Dan Walsh 1.9.17-2 +- Tell init to reexec itself in post script + +* Mon Oct 10 2005 Dan Walsh 1.9.17-1 +- Upgrade to latest from NSA + * Hid sepol_module_package type definition, and added get interfaces. + * Merged new callback-based error reporting system from Ivan + Gyurdiev. + * Merged support for require blocks inside conditionals from + Joshua Brindle (Tresys). + +* Mon Oct 10 2005 Dan Walsh 1.9.14.1-1 +- Upgrade to latest from NSA + * Fixed use of policydb_from_image/to_image to ensure proper + init of policydb. + * Isolated policydb internal headers under . + These headers should only be used by users of the static libsepol. + Created new with new public types and interfaces + for shared libsepol. + Created new with public types and interfaces moved + or wrapped from old module.h, link.h, and expand.h, adjusted for + new public types for policydb and policy_file. + Added public interfaces to libsepol.map. + Some implementation changes visible to users of the static libsepol: + 1) policydb_read no longer calls policydb_init. + Caller must do so first. + 2) policydb_init no longer takes policy_type argument. + Caller must set policy_type separately. + 3) expand_module automatically enables the global branch. + Caller no longer needs to do so. + 4) policydb_write uses the policy_type and policyvers from the + policydb itself, and sepol_set_policyvers() has been removed. + +* Fri Oct 7 2005 Dan Walsh 1.9.12-1 +- Upgrade to latest from NSA + * Merged function renaming and static cleanup from Ivan Gyurdiev. + +* Thu Oct 6 2005 Dan Walsh 1.9.11-1 +- Upgrade to latest from NSA + * Merged bug fix for check_assertions handling of no assertions + from Joshua Brindle (Tresys). + +* Tue Oct 4 2005 Dan Walsh 1.9.10-1 +- Upgrade to latest from NSA + * Merged iterate patch from Ivan Gyurdiev. + * Merged MLS in modules patch from Joshua Brindle (Tresys). + +* Mon Oct 3 2005 Dan Walsh 1.9.8-1 +- Upgrade to latest from NSA + * Merged pointer typedef elimination patch from Ivan Gyurdiev. + * Merged user list function, new mls functions, and bugfix patch + from Ivan Gyurdiev. + +* Wed Sep 28 2005 Dan Walsh 1.9.7-1 +- Upgrade to latest from NSA + * Merged sepol_get_num_roles fix from Karl MacMillan (Tresys). + +* Fri Sep 23 2005 Dan Walsh 1.9.6-1 +- Upgrade to latest from NSA + * Merged bug fix patches from Joshua Brindle (Tresys). + +* Wed Sep 21 2005 Dan Walsh 1.9.5-1 +- Upgrade to latest from NSA + * Merged boolean record and memory leak fix patches from Ivan + Gyurdiev. + +* Tue Sep 20 2005 Dan Walsh 1.9.4-1 +- Upgrade to latest from NSA + * Merged interface record patch from Ivan Gyurdiev. + +* Thu Sep 15 2005 Dan Walsh 1.9.3-1 +- Upgrade to latest from NSA + * Merged fix for sepol_enable/disable_debug from Ivan + Gyurdiev. + +* Wed Sep 14 2005 Dan Walsh 1.9.1-2 +- Upgrade to latest from NSA + * Merged stddef.h patch and debug conversion patch from + Ivan Gyurdiev. + +* Mon Sep 12 2005 Dan Walsh 1.9.1-1 +- Upgrade to latest from NSA + * Fixed expand_avtab and expand_cond_av_list to keep separate + entries with identical keys but different enabled flags. + * Updated version for release. + +* Thu Sep 1 2005 Dan Walsh 1.7.24-1 +- Upgrade to latest from NSA + * Fixed symtab_insert return value for duplicate declarations. + * Merged fix for memory error in policy_module_destroy from + Jason Tang (Tresys). + +* Mon Aug 29 2005 Dan Walsh 1.7.22-1 +- Upgrade to latest from NSA + * Merged fix for memory leak in sepol_context_to_sid from + Jason Tang (Tresys). + * Merged fixes for resource leaks on error paths and + change to scope_destroy from Joshua Brindle (Tresys). + +* Tue Aug 23 2005 Dan Walsh 1.7.20-1 +- Upgrade to latest from NSA + * Merged more fixes for resource leaks on error paths + from Serge Hallyn (IBM). Bugs found by Coverity. + +* Fri Aug 19 2005 Dan Walsh 1.7.19-1 +- Upgrade to latest from NSA + * Changed to treat all type conflicts as fatal errors. + * Merged several error handling fixes from + Serge Hallyn (IBM). Bugs found by Coverity. + +* Mon Aug 15 2005 Dan Walsh 1.7.17-1 +- Upgrade to latest from NSA + * Fixed several memory leaks found by valgrind. + +* Sun Aug 14 2005 Dan Walsh 1.7.15-1 +- Upgrade to latest from NSA + * Fixed empty list test in cond_write_av_list. Bug found by + Coverity, reported by Serge Hallyn (IBM). + * Merged patch to policydb_write to check errors + when writing the type->attribute reverse map from + Serge Hallyn (IBM). Bug found by Coverity. + * Fixed policydb_destroy to properly handle NULL type_attr_map + or attr_type_map. + +* Sat Aug 13 2005 Dan Walsh 1.7.14-1 +- Upgrade to latest from NSA + * Fixed empty list test in cond_write_av_list. Bug found by + Coverity, reported by Serge Hallyn (IBM). + * Merged patch to policydb_write to check errors + when writing the type->attribute reverse map from + Serge Hallyn (IBM). Bug found by Coverity. + * Fixed policydb_destroy to properly handle NULL type_attr_map + or attr_type_map. + + +* Thu Aug 11 2005 Dan Walsh 1.7.13-1 +- Upgrade to latest from NSA + * Improved memory use by SELinux by both reducing the avtab + node size and reducing the number of avtab nodes (by not + expanding attributes in TE rules when possible). Added + expand_avtab and expand_cond_av_list functions for use by + assertion checker, hierarchy checker, compatibility code, + and dispol. Added new inline ebitmap operators and converted + existing users of ebitmaps to the new operators for greater + efficiency. + Note: The binary policy format version has been incremented to + version 20 as a result of these changes. + +* Thu Aug 11 2005 Dan Walsh 1.7.12-1 +- Upgrade to latest from NSA + * Fixed bug in constraint_node_clone handling of name sets. + +* Wed Aug 10 2005 Dan Walsh 1.7.11-1 +- Upgrade to latest from NSA + * Fix range_trans_clone to map the type values properly. + +* Fri Aug 5 2005 Dan Walsh 1.7.10-1 +- Upgrade to latest from NSA + * Merged patch to move module read/write code from libsemanage + to libsepol from Jason Tang (Tresys). + +* Tue Aug 2 2005 Dan Walsh 1.7.9-1 +- Upgrade to latest from NSA + * Enabled further compiler warning flags and fixed them. + * Merged user, context, port records patch from Ivan Gyurdiev. + * Merged key extract function patch from Ivan Gyurdiev. + * Merged mls_context_to_sid bugfix from Ivan Gyurdiev. + +* Wed Jul 27 2005 Dan Walsh 1.7.6-2 +- Fix MLS Free + +* Mon Jul 25 2005 Dan Walsh 1.7.6-1 +- Upgrade to latest from NSA + * Merged context reorganization, memory leak fixes, + port and interface loading, replacements for genusers and + genbools, debug traceback, and bugfix patches from Ivan Gyurdiev. + * Merged uninitialized variable bugfix from Dan Walsh. + +* Mon Jul 25 2005 Dan Walsh 1.7.5-2 +- Fix unitialized variable problem + +* Mon Jul 18 2005 Dan Walsh 1.7.5-1 +- Upgrade to latest from NSA + * Merged debug support, policydb conversion functions from Ivan Gyurdiev (Red Hat). + * Removed genpolbools and genpolusers utilities. + * Merged hierarchy check fix from Joshua Brindle (Tresys). + + + +* Thu Jul 14 2005 Dan Walsh 1.7.3-1 +- Upgrade to latest from NSA + * Merged header file cleanup and memory leak fix from Ivan Gyurdiev (Red Hat). + * Merged genbools debugging message cleanup from Red Hat. + +* Thu Jul 7 2005 Dan Walsh 1.7-2 +- Remove genpolbools and genpoluser + +* Thu Jul 7 2005 Dan Walsh 1.7-1 +- Upgrade to latest from NSA + * Merged loadable module support from Tresys Technology. + +* Wed Jun 29 2005 Dan Walsh 1.6-1 +- Upgrade to latest from NSA + * Updated version for release. + +* Tue May 17 2005 Dan Walsh 1.5.10-1 +- Fix reset booleans warning message +- Upgrade to latest from NSA + * License changed to LGPL v2.1, see COPYING. + +* Tue May 17 2005 Dan Walsh 1.5.9-2 +- Upgrade to latest from NSA + * Added sepol_genbools_policydb and sepol_genusers_policydb for + audit2why. + +* Mon May 16 2005 Dan Walsh 1.5.8-2 +- export sepol_context_to_sid + +* Mon May 16 2005 Dan Walsh 1.5.8-1 +- Upgrade to latest from NSA + * Added sepol_ prefix to Flask types to avoid + namespace collision with libselinux. + +* Fri May 13 2005 Dan Walsh 1.5.7-1 +- Upgrade to latest from NSA + * Added sepol_compute_av_reason() for audit2why. + +* Tue Apr 26 2005 Dan Walsh 1.5.6-1 +- Upgrade to latest from NSA + * Fixed bug in role hierarchy checker. + +* Mon Apr 25 2005 Dan Walsh 1.5.5-2 +- Fixes found via intel compiler + +* Thu Apr 14 2005 Dan Walsh 1.5.5-1 +- Update from NSA + +* Tue Mar 29 2005 Dan Walsh 1.5.3-1 +- Update from NSA + +* Thu Mar 24 2005 Dan Walsh 1.5.2-2 +- Handle booleans.local + +* Thu Mar 17 2005 Dan Walsh 1.5.2-1 +- Update to latest from NSA + * Added man page for sepol_check_context. + * Added man page for sepol_genusers function. + * Merged man pages for genpolusers and chkcon from Manoj Srivastava. + +* Thu Mar 10 2005 Dan Walsh 1.4-1 +- Update to latest from NSA + +* Tue Mar 8 2005 Dan Walsh 1.3.8-1 +- Update to latest from NSA + * Cleaned up error handling in sepol_genusers and sepol_genbools. + +* Tue Mar 1 2005 Dan Walsh 1.3.7-1 +- Update to latest from NSA + * Merged sepol_debug and fclose patch from Dan Walsh. + +* Fri Feb 18 2005 Dan Walsh 1.3.6-3 +- Make sure local_files file pointer is closed +- Stop outputing error messages + +* Thu Feb 17 2005 Dan Walsh 1.3.6-1 +- Update to latest from NSA + * Changed sepol_genusers to also use getline and correctly handle + EOL. +* Thu Feb 17 2005 Dan Walsh 1.3.5-1 +- Update to latest from NSA + * Merged endianness and compute_av patches from Darrel Goeddel (TCS). + * Merged range_transition support from Darrel Goeddel (TCS). + * Added sepol_genusers function. + +* Thu Feb 10 2005 Dan Walsh 1.3.2-1 +- Update to latest from NSA + * Changed relabel Makefile target to use restorecon. + +* Mon Feb 7 2005 Dan Walsh 1.3.1-1 +- Update to latest from NSA + * Merged enhanced MLS support from Darrel Goeddel (TCS). + +* Thu Jan 20 2005 Dan Walsh 1.2.1.1-1 +- Update to latest from NSA + * Merged build fix patch from Manoj Srivastava. + +* Thu Nov 4 2004 Dan Walsh 1.2.1-1 +- Update to latest from NSA + +* Mon Aug 30 2004 Dan Walsh 1.1.1-2 +- Add optargs for build + +* Sun Aug 22 2004 Dan Walsh 1.1.1-1 +- New version from NSA + +* Fri Aug 20 2004 Colin Walters 1.0-2 +- Apply Stephen's chkcon patch + +* Thu Aug 19 2004 Colin Walters 1.0-1 +- New upstream version + +* Mon Aug 16 2004 Dan Walsh 0.4.2-1 +- Newversion from upstream implementing stringcase compare + +* Fri Aug 13 2004 Bill Nottingham 0.4.1-2 +- ldconfig tweaks + +* Thu Aug 12 2004 Dan Walsh 0.4.1-1 +- Ignore case of true/false + +* Wed Aug 11 2004 Dan Walsh 0.4.1-1 +- New version from NSA + +* Tue Aug 10 2004 Dan Walsh 0.3.1-1 +- Initial version +- Created by Stephen Smalley + +