diff --git a/.libsepol.metadata b/.libsepol.metadata
new file mode 100644
index 0000000..c6a3a67
--- /dev/null
+++ b/.libsepol.metadata
@@ -0,0 +1 @@
+5ca22f919652958cbcd3e026048ea831ea54de47 SOURCES/libsepol-2.1.9.tgz
diff --git a/README.md b/README.md
deleted file mode 100644
index 0e7897f..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-The master branch has no content
-
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
-
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/libsepol-rhat.patch b/SOURCES/libsepol-rhat.patch
new file mode 100644
index 0000000..552c827
--- /dev/null
+++ b/SOURCES/libsepol-rhat.patch
@@ -0,0 +1,1118 @@
+diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h
+index c27275e..0165eed 100644
+--- a/libsepol/include/sepol/policydb/policydb.h
++++ b/libsepol/include/sepol/policydb/policydb.h
+@@ -683,10 +683,11 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);
+ #define POLICYDB_VERSION_ROLETRANS 26
+ #define POLICYDB_VERSION_NEW_OBJECT_DEFAULTS 27
+ #define POLICYDB_VERSION_DEFAULT_TYPE 28
++#define POLICYDB_VERSION_CONSTRAINT_NAMES 29
+
+ /* Range of policy versions we understand*/
+ #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
+-#define POLICYDB_VERSION_MAX POLICYDB_VERSION_DEFAULT_TYPE
++#define POLICYDB_VERSION_MAX POLICYDB_VERSION_CONSTRAINT_NAMES
+
+ /* Module versions and specific changes*/
+ #define MOD_POLICYDB_VERSION_BASE 4
+@@ -704,9 +705,10 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);
+ #define MOD_POLICYDB_VERSION_TUNABLE_SEP 14
+ #define MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS 15
+ #define MOD_POLICYDB_VERSION_DEFAULT_TYPE 16
++#define MOD_POLICYDB_VERSION_CONSTRAINT_NAMES 17
+
+ #define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE
+-#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_DEFAULT_TYPE
++#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_CONSTRAINT_NAMES
+
+ #define POLICYDB_CONFIG_MLS 1
+
+diff --git a/libsepol/include/sepol/policydb/services.h b/libsepol/include/sepol/policydb/services.h
+index aef0c7b..1969a10 100644
+--- a/libsepol/include/sepol/policydb/services.h
++++ b/libsepol/include/sepol/policydb/services.h
+@@ -58,6 +58,38 @@ extern int sepol_compute_av_reason(sepol_security_id_t ssid,
+ struct sepol_av_decision *avd,
+ unsigned int *reason);
+
++/*
++ * Same as above, but also returns the constraint expression calculations
++ * whether allowed or denied in a buffer. This buffer is allocated by
++ * this call and must be free'd by the caller using free(3). The contraint
++ * buffer will contain any constraints in infix notation.
++ * If the SHOW_GRANTED flag is set it will show granted and denied
++ * constraints. The default is to show only denied constraints.
++ */
++#define SHOW_GRANTED 1
++extern int sepol_compute_av_reason_buffer(sepol_security_id_t ssid,
++ sepol_security_id_t tsid,
++ sepol_security_class_t tclass,
++ sepol_access_vector_t requested,
++ struct sepol_av_decision *avd,
++ unsigned int *reason,
++ char **reason_buf,
++ unsigned int flags);
++/*
++ * Return a class ID associated with the class string representation
++ * specified by `class_name'.
++ */
++extern int sepol_class_name_to_id(const char *class_name,
++ sepol_security_class_t *tclass);
++
++/*
++ * Return a permission av bit associated with tclass and the string
++ * representation of the `perm_name'.
++ */
++extern int sepol_perm_name_to_av(sepol_security_class_t tclass,
++ const char *perm_name,
++ sepol_access_vector_t *av);
++
+ /*
+ * Compute a SID to use for labeling a new object in the
+ * class `tclass' based on a SID pair.
+diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
+index f0555bb..6fd992f 100644
+--- a/libsepol/src/expand.c
++++ b/libsepol/src/expand.c
+@@ -384,6 +384,17 @@ static int constraint_node_clone(constraint_node_t ** dst,
+ new_expr->op = expr->op;
+ if (new_expr->expr_type == CEXPR_NAMES) {
+ if (new_expr->attr & CEXPR_TYPE) {
++ /*
++ * Copy over constraint policy source types and/or
++ * attributes for sepol_compute_av_reason_buffer(3) so that
++ * utilities can analyse constraint errors.
++ */
++ if (map_ebitmap(&expr->type_names->types,
++ &new_expr->type_names->types,
++ state->typemap)) {
++ ERR(NULL, "Failed to map type_names->types");
++ goto out_of_mem;
++ }
+ /* Type sets require expansion and conversion. */
+ if (expand_convert_type_set(state->out,
+ state->
+diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
+index 1f49261..8c7efbc 100644
+--- a/libsepol/src/policydb.c
++++ b/libsepol/src/policydb.c
+@@ -165,6 +165,13 @@ static struct policydb_compat_info policydb_compat[] = {
+ .target_platform = SEPOL_TARGET_SELINUX,
+ },
+ {
++ .type = POLICY_KERN,
++ .version = POLICYDB_VERSION_CONSTRAINT_NAMES,
++ .sym_num = SYM_NUM,
++ .ocon_num = OCON_NODE6 + 1,
++ .target_platform = SEPOL_TARGET_SELINUX,
++ },
++ {
+ .type = POLICY_BASE,
+ .version = MOD_POLICYDB_VERSION_BASE,
+ .sym_num = SYM_NUM,
+@@ -256,6 +263,13 @@ static struct policydb_compat_info policydb_compat[] = {
+ .target_platform = SEPOL_TARGET_SELINUX,
+ },
+ {
++ .type = POLICY_BASE,
++ .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES,
++ .sym_num = SYM_NUM,
++ .ocon_num = OCON_NODE6 + 1,
++ .target_platform = SEPOL_TARGET_SELINUX,
++ },
++ {
+ .type = POLICY_MOD,
+ .version = MOD_POLICYDB_VERSION_BASE,
+ .sym_num = SYM_NUM,
+@@ -346,6 +360,13 @@ static struct policydb_compat_info policydb_compat[] = {
+ .ocon_num = 0,
+ .target_platform = SEPOL_TARGET_SELINUX,
+ },
++ {
++ .type = POLICY_MOD,
++ .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES,
++ .sym_num = SYM_NUM,
++ .ocon_num = 0,
++ .target_platform = SEPOL_TARGET_SELINUX,
++ },
+ };
+
+ #if 0
+@@ -2019,6 +2040,10 @@ static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep,
+ if (p->policy_type != POLICY_KERN &&
+ type_set_read(e->type_names, fp))
+ return -1;
++ else if (p->policy_type == POLICY_KERN &&
++ p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES &&
++ type_set_read(e->type_names, fp))
++ return -1;
+ break;
+ default:
+ return -1;
+diff --git a/libsepol/src/services.c b/libsepol/src/services.c
+index 7fac4a0..43ec07e 100644
+--- a/libsepol/src/services.c
++++ b/libsepol/src/services.c
+@@ -43,6 +43,11 @@
+ * Implementation of the security services.
+ */
+
++/* The initial sizes malloc'd for sepol_compute_av_reason_buffer() support */
++#define REASON_BUF_SIZE 2048
++#define EXPR_BUF_SIZE 1024
++#define STACK_LEN 32
++
+ #include <stdlib.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
+@@ -54,6 +59,7 @@
+ #include <sepol/policydb/services.h>
+ #include <sepol/policydb/conditional.h>
+ #include <sepol/policydb/flask.h>
++#include <sepol/policydb/util.h>
+
+ #include "debug.h"
+ #include "private.h"
+@@ -70,6 +76,50 @@ static int selinux_enforcing = 1;
+ static sidtab_t mysidtab, *sidtab = &mysidtab;
+ static policydb_t mypolicydb, *policydb = &mypolicydb;
+
++/* Used by sepol_compute_av_reason_buffer() to keep track of entries */
++static int reason_buf_used;
++static int reason_buf_len;
++
++/* Stack services for RPN to infix conversion. */
++static char **stack;
++static int stack_len;
++static int next_stack_entry;
++
++static void push(char * expr_ptr)
++{
++ if (next_stack_entry >= stack_len) {
++ char **new_stack = stack;
++ int new_stack_len;
++
++ if (stack_len == 0)
++ new_stack_len = STACK_LEN;
++ else
++ new_stack_len = stack_len * 2;
++
++ new_stack = realloc(stack, new_stack_len * sizeof(*stack));
++ if (!new_stack) {
++ ERR(NULL, "unable to allocate stack space");
++ return;
++ }
++ stack_len = new_stack_len;
++ stack = new_stack;
++ }
++ stack[next_stack_entry] = expr_ptr;
++ next_stack_entry++;
++}
++
++static char *pop(void)
++{
++ next_stack_entry--;
++ if (next_stack_entry < 0) {
++ next_stack_entry = 0;
++ ERR(NULL, "pop called with no stack entries");
++ return NULL;
++ }
++ return stack[next_stack_entry];
++}
++/* End Stack services */
++
+ int hidden sepol_set_sidtab(sidtab_t * s)
+ {
+ sidtab = s;
+@@ -113,20 +163,195 @@ int sepol_set_policydb_from_file(FILE * fp)
+ static uint32_t latest_granting = 0;
+
+ /*
+- * Return the boolean value of a constraint expression
+- * when it is applied to the specified source and target
++ * cat_expr_buf adds a string to an expression buffer and handles realloc's if
++ * buffer is too small. The array of expression text buffer pointers and its
++ * counter are globally defined here as constraint_expr_eval_reason() sets
++ * them up and cat_expr_buf updates the e_buf pointer if the buffer is realloc'ed.
++ */
++static int expr_counter;
++static char **expr_list;
++static int expr_buf_used;
++static int expr_buf_len;
++
++static void cat_expr_buf(char *e_buf, char *string)
++{
++ int len, new_buf_len;
++ char *p, *new_buf = e_buf;
++
++ while (1) {
++ p = e_buf + expr_buf_used;
++ len = snprintf(p, expr_buf_len - expr_buf_used, "%s", string);
++ if (len < 0 || len >= expr_buf_len - expr_buf_used) {
++ new_buf_len = expr_buf_len + EXPR_BUF_SIZE;
++ new_buf = realloc(e_buf, new_buf_len);
++ if (!new_buf) {
++ ERR(NULL, "failed to realloc expr buffer");
++ return;
++ }
++ /* Update the new ptr in the expr list and locally + new len */
++ expr_list[expr_counter] = new_buf;
++ e_buf = new_buf;
++ expr_buf_len = new_buf_len;
++ } else {
++ expr_buf_used += len;
++ return;
++ }
++ }
++}
++
++/*
++ * If the POLICY_KERN version is < POLICYDB_VERSION_CONSTRAINT_NAMES,
++ * then just return.
++ *
++ * If the POLICY_KERN version is >= POLICYDB_VERSION_CONSTRAINT_NAMES,
++ * then for 'types' only, read the types_names->types list as it will
++ * contain a list of types and attributes that were defined in the
++ * policy source.
++ */
++static void get_names_list(constraint_expr_t *e, int type)
++{
++ ebitmap_t *types;
++ types = &e->type_names->types;
++ int rc = 0;
++ unsigned int i;
++ char tmp_buf[128];
++ /* if -type_names->types is 0, then output string <empty_set> */
++ int empty_set = 0;
++
++ if (policydb->policy_type == POLICY_KERN &&
++ policydb->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES &&
++ type == CEXPR_TYPE) {
++ /*
++ * Process >= POLICYDB_VERSION_CONSTRAINT_NAMES with CEXPR_TYPE, then
++ * obtain the list of names defined in the policy source.
++ */
++ cat_expr_buf(expr_list[expr_counter], "{ POLICY_SOURCE: ");
++ for (i = ebitmap_startbit(types); i < ebitmap_length(types); i++) {
++ if ((rc = ebitmap_get_bit(types, i)) == 0)
++ continue;
++ /* Collect entries */
++ snprintf(tmp_buf, sizeof(tmp_buf), "%s ", policydb->p_type_val_to_name[i]);
++ cat_expr_buf(expr_list[expr_counter], tmp_buf);
++ empty_set++;
++ }
++ if (empty_set == 0)
++ cat_expr_buf(expr_list[expr_counter], "<empty_set> ");
++ cat_expr_buf(expr_list[expr_counter], "} ");
++ }
++ return;
++}
++
++static void msgcat(char *src, char *tgt, char *rel, int failed)
++{
++ char tmp_buf[1024];
++ if (failed)
++ snprintf(tmp_buf, sizeof(tmp_buf), "(%s %s %s -Fail-) ",
++ src, rel, tgt);
++ else
++ snprintf(tmp_buf, sizeof(tmp_buf), "(%s %s %s -Pass-) ",
++ src, rel, tgt);
++ cat_expr_buf(expr_list[expr_counter], tmp_buf);
++}
++
++/* Returns a buffer with class, statement type and permissions */
++static char *get_class_info(sepol_security_class_t tclass,
++ constraint_node_t *constraint,
++ context_struct_t * xcontext)
++{
++ constraint_expr_t *e;
++ int mls, state_num;
++
++ /* Find if MLS statement or not */
++ mls = 0;
++ for (e = constraint->expr; e; e = e->next) {
++ if (e->attr >= CEXPR_L1L2) {
++ mls = 1;
++ break;
++ }
++ }
++
++ /* Determine statement type */
++ char *statements[] = {
++ "constrain ", /* 0 */
++ "mlsconstrain ", /* 1 */
++ "validatetrans ", /* 2 */
++ "mlsvalidatetrans ", /* 3 */
++ 0 };
++
++ if (xcontext == NULL)
++ state_num = mls + 0;
++ else
++ state_num = mls + 2;
++
++ int class_buf_len = 0;
++ int new_class_buf_len;
++ int len, buf_used;
++ char *class_buf = NULL, *p;
++ char *new_class_buf = NULL;
++
++ while (1) {
++ new_class_buf_len = class_buf_len + EXPR_BUF_SIZE;
++ new_class_buf = realloc(class_buf, new_class_buf_len);
++ if (!new_class_buf)
++ return NULL;
++ class_buf_len = new_class_buf_len;
++ class_buf = new_class_buf;
++ buf_used = 0;
++ p = class_buf;
++
++ /* Add statement type */
++ len = snprintf(p, class_buf_len - buf_used, "%s", statements[state_num]);
++ if (len < 0 || len >= class_buf_len - buf_used)
++ continue;
++
++ /* Add class entry */
++ p += len;
++ buf_used += len;
++ len = snprintf(p, class_buf_len - buf_used, "%s ",
++ policydb->p_class_val_to_name[tclass - 1]);
++ if (len < 0 || len >= class_buf_len - buf_used)
++ continue;
++
++ /* Add permission entries */
++ p += len;
++ buf_used += len;
++ len = snprintf(p, class_buf_len - buf_used, "{%s } (",
++ sepol_av_to_string(policydb, tclass, constraint->permissions));
++ if (len < 0 || len >= class_buf_len - buf_used)
++ continue;
++ break;
++ }
++ return class_buf;
++}
++
++/*
++ * Modified version of constraint_expr_eval that will process each
++ * constraint as before but adds the information to text buffers that
++ * will hold various components. The expression will be in RPN format,
++ * therefore there is a stack based RPN to infix converter to produce
++ * the final readable constraint.
++ *
++ * Return the boolean value of a constraint expression
++ * when it is applied to the specified source and target
+ * security contexts.
+ *
+ * xcontext is a special beast... It is used by the validatetrans rules
+ * only. For these rules, scontext is the context before the transition,
+ * tcontext is the context after the transition, and xcontext is the context
+ * of the process performing the transition. All other callers of
+- * constraint_expr_eval should pass in NULL for xcontext.
++ * constraint_expr_eval_reason should pass in NULL for xcontext.
++ *
++ * This function will also build a buffer as the constraint is processed
++ * for analysis. If this option is not required, then:
++ * 'tclass' should be '0' and r_buf MUST be NULL.
+ */
+-static int constraint_expr_eval(context_struct_t * scontext,
++static int constraint_expr_eval_reason(context_struct_t * scontext,
+ context_struct_t * tcontext,
+ context_struct_t * xcontext,
+- constraint_expr_t * cexpr)
++ sepol_security_class_t tclass,
++ constraint_node_t *constraint,
++ char **r_buf,
++ unsigned int flags)
+ {
+ uint32_t val1, val2;
+ context_struct_t *c;
+@@ -136,56 +361,137 @@ static int constraint_expr_eval(context_struct_t * scontext,
+ int s[CEXPR_MAXDEPTH];
+ int sp = -1;
+
+- for (e = cexpr; e; e = e->next) {
++ char tmp_buf[128];
++
++/*
++ * Define the s_t_x_num values that make up r1, t2 etc. in text strings
++ * Set 1 = source, 2 = target, 3 = xcontext for validatetrans
++ */
++#define SOURCE 1
++#define TARGET 2
++#define XTARGET 3
++
++ int s_t_x_num = SOURCE;
++
++ /* Set 0 = fail, u = CEXPR_USER, r = CEXPR_ROLE, t = CEXPR_TYPE */
++ int u_r_t = 0;
++
++ char *name1, *name2;
++ char *src = NULL;
++ char *tgt = NULL;
++
++ int rc = 0, x;
++
++ char *class_buf = NULL;
++
++ class_buf = get_class_info(tclass, constraint, xcontext);
++ if (!class_buf) {
++ ERR(NULL, "failed to allocate class buffer");
++ return -ENOMEM;
++ }
++
++ /* Original function but with buffer support */
++ int expr_list_len = 0;
++ expr_counter = 0;
++ expr_list = NULL;
++ for (e = constraint->expr; e; e = e->next) {
++ /* Allocate a stack to hold expression buffer entries */
++ if (expr_counter >= expr_list_len) {
++ char **new_expr_list = expr_list;
++ int new_expr_list_len;
++
++ if (expr_list_len == 0)
++ new_expr_list_len = STACK_LEN;
++ else
++ new_expr_list_len = expr_list_len * 2;
++
++ new_expr_list = realloc(expr_list, new_expr_list_len * sizeof(*expr_list));
++ if (!new_expr_list) {
++ ERR(NULL, "failed to allocate expr buffer stack");
++ rc = -ENOMEM;
++ goto out;
++ }
++ expr_list_len = new_expr_list_len;
++ expr_list = new_expr_list;
++ }
++
++ /*
++ * malloc a buffer to store each expression text component. If the
++ * buffer is too small cat_expr_buf() will realloc extra space.
++ */
++ expr_buf_len = EXPR_BUF_SIZE;
++ expr_list[expr_counter] = malloc(expr_buf_len);
++ if (!expr_list[expr_counter]) {
++ ERR(NULL, "failed to allocate expr buffer");
++ rc = -ENOMEM;
++ goto out;
++ }
++ expr_buf_used = 0;
++
++ /* Now process each expression of the constraint */
+ switch (e->expr_type) {
+ case CEXPR_NOT:
+ BUG_ON(sp < 0);
+ s[sp] = !s[sp];
++ cat_expr_buf(expr_list[expr_counter], "not");
+ break;
+ case CEXPR_AND:
+ BUG_ON(sp < 1);
+ sp--;
+ s[sp] &= s[sp + 1];
++ cat_expr_buf(expr_list[expr_counter], "and");
+ break;
+ case CEXPR_OR:
+ BUG_ON(sp < 1);
+ sp--;
+ s[sp] |= s[sp + 1];
++ cat_expr_buf(expr_list[expr_counter], "or");
+ break;
+ case CEXPR_ATTR:
+ if (sp == (CEXPR_MAXDEPTH - 1))
+- return 0;
++ goto out;
++
+ switch (e->attr) {
+ case CEXPR_USER:
+ val1 = scontext->user;
+ val2 = tcontext->user;
++ free(src); src = strdup("u1");
++ free(tgt); tgt = strdup("u2");
+ break;
+ case CEXPR_TYPE:
+ val1 = scontext->type;
+ val2 = tcontext->type;
++ free(src); src = strdup("t1");
++ free(tgt); tgt = strdup("t2");
+ break;
+ case CEXPR_ROLE:
+ val1 = scontext->role;
+ val2 = tcontext->role;
+ r1 = policydb->role_val_to_struct[val1 - 1];
+ r2 = policydb->role_val_to_struct[val2 - 1];
++ name1 = policydb->p_role_val_to_name[r1->s.value - 1];
++ name2 = policydb->p_role_val_to_name[r2->s.value - 1];
++ snprintf(tmp_buf, sizeof(tmp_buf), "r1=%s", name1);
++ free(src); src = strdup(tmp_buf);
++ snprintf(tmp_buf, sizeof(tmp_buf), "r2=%s ", name2);
++ free(tgt); tgt = strdup(tmp_buf);
++
+ switch (e->op) {
+ case CEXPR_DOM:
+- s[++sp] =
+- ebitmap_get_bit(&r1->dominates,
+- val2 - 1);
++ s[++sp] = ebitmap_get_bit(&r1->dominates, val2 - 1);
++ msgcat(src, tgt, "dom", s[sp] == 0);
++ expr_counter++;
+ continue;
+ case CEXPR_DOMBY:
+- s[++sp] =
+- ebitmap_get_bit(&r2->dominates,
+- val1 - 1);
++ s[++sp] = ebitmap_get_bit(&r2->dominates, val1 - 1);
++ msgcat(src, tgt, "domby", s[sp] == 0);
++ expr_counter++;
+ continue;
+ case CEXPR_INCOMP:
+- s[++sp] =
+- (!ebitmap_get_bit
+- (&r1->dominates, val2 - 1)
+- && !ebitmap_get_bit(&r2->dominates,
+- val1 - 1));
++ s[++sp] = (!ebitmap_get_bit(&r1->dominates, val2 - 1)
++ && !ebitmap_get_bit(&r2->dominates, val1 - 1));
++ msgcat(src, tgt, "incomp", s[sp] == 0);
++ expr_counter++;
+ continue;
+ default:
+ break;
+@@ -194,110 +500,327 @@ static int constraint_expr_eval(context_struct_t * scontext,
+ case CEXPR_L1L2:
+ l1 = &(scontext->range.level[0]);
+ l2 = &(tcontext->range.level[0]);
++ free(src); src = strdup("l1");
++ free(tgt); tgt = strdup("l2");
+ goto mls_ops;
+ case CEXPR_L1H2:
+ l1 = &(scontext->range.level[0]);
+ l2 = &(tcontext->range.level[1]);
++ free(src); src = strdup("l1");
++ free(tgt); tgt = strdup("h2");
+ goto mls_ops;
+ case CEXPR_H1L2:
+ l1 = &(scontext->range.level[1]);
+ l2 = &(tcontext->range.level[0]);
++ free(src); src = strdup("h1");
++ free(tgt); tgt = strdup("L2");
+ goto mls_ops;
+ case CEXPR_H1H2:
+ l1 = &(scontext->range.level[1]);
+ l2 = &(tcontext->range.level[1]);
++ free(src); src = strdup("h1");
++ free(tgt); tgt = strdup("h2");
+ goto mls_ops;
+ case CEXPR_L1H1:
+ l1 = &(scontext->range.level[0]);
+ l2 = &(scontext->range.level[1]);
++ free(src); src = strdup("l1");
++ free(tgt); tgt = strdup("h1");
+ goto mls_ops;
+ case CEXPR_L2H2:
+ l1 = &(tcontext->range.level[0]);
+ l2 = &(tcontext->range.level[1]);
+- goto mls_ops;
+- mls_ops:
++ free(src); src = strdup("l2");
++ free(tgt); tgt = strdup("h2");
++ mls_ops:
+ switch (e->op) {
+ case CEXPR_EQ:
+ s[++sp] = mls_level_eq(l1, l2);
++ msgcat(src, tgt, "eq", s[sp] == 0);
++ expr_counter++;
+ continue;
+ case CEXPR_NEQ:
+ s[++sp] = !mls_level_eq(l1, l2);
++ msgcat(src, tgt, "neq", s[sp] == 0);
++ expr_counter++;
+ continue;
+ case CEXPR_DOM:
+ s[++sp] = mls_level_dom(l1, l2);
++ msgcat(src, tgt, "dom", s[sp] == 0);
++ expr_counter++;
+ continue;
+ case CEXPR_DOMBY:
+ s[++sp] = mls_level_dom(l2, l1);
++ msgcat(src, tgt, "domby", s[sp] == 0);
++ expr_counter++;
+ continue;
+ case CEXPR_INCOMP:
+ s[++sp] = mls_level_incomp(l2, l1);
++ msgcat(src, tgt, "incomp", s[sp] == 0);
++ expr_counter++;
+ continue;
+ default:
+ BUG();
+- return 0;
++ goto out;
+ }
+ break;
+ default:
+ BUG();
+- return 0;
++ goto out;
+ }
+
+ switch (e->op) {
+ case CEXPR_EQ:
+ s[++sp] = (val1 == val2);
++ msgcat(src, tgt, "eq", s[sp] == 0);
+ break;
+ case CEXPR_NEQ:
+ s[++sp] = (val1 != val2);
++ msgcat(src, tgt, "neq", s[sp] == 0);
+ break;
+ default:
+ BUG();
+- return 0;
++ goto out;
+ }
+ break;
+ case CEXPR_NAMES:
+ if (sp == (CEXPR_MAXDEPTH - 1))
+- return 0;
++ goto out;
++ s_t_x_num = SOURCE;
+ c = scontext;
+- if (e->attr & CEXPR_TARGET)
++ if (e->attr & CEXPR_TARGET) {
++ s_t_x_num = TARGET;
+ c = tcontext;
+- else if (e->attr & CEXPR_XTARGET) {
++ } else if (e->attr & CEXPR_XTARGET) {
++ s_t_x_num = XTARGET;
+ c = xcontext;
+- if (!c) {
+- BUG();
+- return 0;
+- }
+ }
+- if (e->attr & CEXPR_USER)
++ if (!c) {
++ BUG();
++ goto out;
++ }
++ if (e->attr & CEXPR_USER) {
++ u_r_t = CEXPR_USER;
+ val1 = c->user;
+- else if (e->attr & CEXPR_ROLE)
++ name1 = policydb->p_user_val_to_name[val1 - 1];
++ snprintf(tmp_buf, sizeof(tmp_buf), "u%d=%s ",
++ s_t_x_num, name1);
++ free(src); src = strdup(tmp_buf);
++ }
++ else if (e->attr & CEXPR_ROLE) {
++ u_r_t = CEXPR_ROLE;
+ val1 = c->role;
+- else if (e->attr & CEXPR_TYPE)
++ name1 = policydb->p_role_val_to_name[val1 - 1];
++ snprintf(tmp_buf, sizeof(tmp_buf), "r%d=%s ", s_t_x_num, name1);
++ free(src); src = strdup(tmp_buf);
++ }
++ else if (e->attr & CEXPR_TYPE) {
++ u_r_t = CEXPR_TYPE;
+ val1 = c->type;
++ name1 = policydb->p_type_val_to_name[val1 - 1];
++ snprintf(tmp_buf, sizeof(tmp_buf),
++ "t%d=%s ", s_t_x_num, name1);
++ free(src); src = strdup(tmp_buf);
++ }
+ else {
+ BUG();
+- return 0;
++ goto out;
+ }
+
+ switch (e->op) {
+ case CEXPR_EQ:
++ switch (u_r_t) {
++ case CEXPR_USER:
++ free(tgt); tgt=strdup("USER_ENTRY");
++ break;
++ case CEXPR_ROLE:
++ free(tgt); tgt=strdup("ROLE_ENTRY");
++ break;
++ case CEXPR_TYPE:
++ free(tgt); tgt=strdup("TYPE_ENTRY");
++ break;
++ default:
++ ERR(NULL, "unrecognized u_r_t Value: %d", u_r_t);
++ break;
++ }
++
+ s[++sp] = ebitmap_get_bit(&e->names, val1 - 1);
++ msgcat(src, tgt, "eq", s[sp] == 0);
++ if (s[sp] == 0) {
++ get_names_list(e, u_r_t);
++ }
+ break;
++
+ case CEXPR_NEQ:
++ switch (u_r_t) {
++ case CEXPR_USER:
++ free(tgt); tgt=strdup("USER_ENTRY");
++ break;
++ case CEXPR_ROLE:
++ free(tgt); tgt=strdup("ROLE_ENTRY");
++ break;
++ case CEXPR_TYPE:
++ free(tgt); tgt=strdup("TYPE_ENTRY");
++ break;
++ default:
++ ERR(NULL, "unrecognized u_r_t Value: %d", u_r_t);
++ break;
++ }
++
+ s[++sp] = !ebitmap_get_bit(&e->names, val1 - 1);
++ msgcat(src, tgt, "neq", s[sp] == 0);
++ if (s[sp] == 0) {
++ get_names_list(e, u_r_t);
++ }
+ break;
+ default:
+ BUG();
+- return 0;
++ goto out;
+ }
+ break;
+ default:
+ BUG();
+- return 0;
++ goto out;
+ }
++ expr_counter++;
++ }
++
++ /*
++ * At this point each expression of the constraint is in
++ * expr_list[n+1] and in RPN format. Now convert to 'infix'
++ */
++
++ /*
++ * Save expr count but zero expr_counter to detect if 'BUG(); goto out;'
++ * was called as we need to release any used expr_list malloc's. Normally
++ * they are released by the RPN to infix code.
++ */
++ int expr_count = expr_counter;
++ expr_counter = 0;
++
++ /*
++ * The array of expression answer buffer pointers and counter. Generate
++ * the same number of answer buffer entries as expression buffers (as
++ * there will never be more required).
++ */
++ char **answer_list;
++ int answer_counter = 0;
++
++ answer_list = malloc(expr_count * sizeof(*answer_list));
++ if (!answer_list) {
++ ERR(NULL, "failed to allocate answer stack");
++ rc = -ENOMEM;
++ goto out;
+ }
+
+- BUG_ON(sp != 0);
+- return s[0];
++ /* The pop operands */
++ char *a;
++ char *b;
++ int a_len, b_len;
++
++ /* Convert constraint from RPN to infix notation. */
++ for (x = 0; x != expr_count; x++) {
++ if (strncmp(expr_list[x], "and", 3) == 0 || strncmp(expr_list[x],
++ "or", 2) == 0) {
++ b = pop();
++ b_len = strlen(b);
++ a = pop();
++ a_len = strlen(a);
++
++ /* get a buffer to hold the answer */
++ answer_list[answer_counter] = malloc(a_len + b_len + 8);
++ if (!answer_list[answer_counter]) {
++ ERR(NULL, "failed to allocate answer buffer");
++ rc = -ENOMEM;
++ goto out;
++ }
++ memset(answer_list[answer_counter], '\0', a_len + b_len + 8);
++
++ sprintf(answer_list[answer_counter], "%s %s %s", a, expr_list[x], b);
++ push(answer_list[answer_counter++]);
++ free(a);
++ free(b);
++ } else if (strncmp(expr_list[x], "not", 3) == 0) {
++ b = pop();
++ b_len = strlen(b);
++
++ answer_list[answer_counter] = malloc(b_len + 8);
++ if (!answer_list[answer_counter]) {
++ ERR(NULL, "failed to allocate answer buffer");
++ rc = -ENOMEM;
++ goto out;
++ }
++ memset(answer_list[answer_counter], '\0', b_len + 8);
++
++ if (strncmp(b, "not", 3) == 0)
++ sprintf(answer_list[answer_counter], "%s (%s)", expr_list[x], b);
++ else
++ sprintf(answer_list[answer_counter], "%s%s", expr_list[x], b);
++ push(answer_list[answer_counter++]);
++ free(b);
++ } else {
++ push(expr_list[x]);
++ }
++ }
++ /* Get the final answer from tos and build constraint text */
++ a = pop();
++
++ /* Constraint calculation: rc = 0 is denied, rc = 1 is granted */
++ sprintf(tmp_buf,"Constraint %s\n", s[0] ? "GRANTED" : "DENIED");
++
++ int len, new_buf_len;
++ char *p, **new_buf = r_buf;
++ /*
++ * These contain the constraint components that are added to the
++ * callers reason buffer.
++ */
++ char *buffers[] = { class_buf, a, "); ", tmp_buf, 0 };
++
++ /*
++ * This will add the constraints to the callers reason buffer (who is
++ * responsible for freeing the memory). It will handle any realloc's
++ * should the buffer be too short.
++ * The reason_buf_used and reason_buf_len counters are defined globally
++ * as multiple constraints can be in the buffer.
++ */
++ if (r_buf && ((s[0] == 0) || ((s[0] == 1 &&
++ (flags & SHOW_GRANTED) == SHOW_GRANTED)))) {
++ for (x = 0; buffers[x] != NULL; x++) {
++ while (1) {
++ p = *r_buf + reason_buf_used;
++ len = snprintf(p, reason_buf_len - reason_buf_used, "%s", buffers[x]);
++ if (len < 0 || len >= reason_buf_len - reason_buf_used) {
++ new_buf_len = reason_buf_len + REASON_BUF_SIZE;
++ *new_buf = realloc(*r_buf, new_buf_len);
++ if (!new_buf) {
++ ERR(NULL, "failed to realloc reason buffer");
++ goto out1;
++ }
++ **r_buf = **new_buf;
++ reason_buf_len = new_buf_len;
++ continue;
++ } else {
++ reason_buf_used += len;
++ break;
++ }
++ }
++ }
++ }
++
++out1:
++ rc = s[0];
++ free(a);
++
++out:
++ free(class_buf);
++ free(src);
++ free(tgt);
++
++ if (expr_counter) {
++ for (x = 0; expr_list[x] != NULL; x++)
++ free(expr_list[x]);
++ }
++ return rc;
+ }
+
+ /*
+@@ -309,7 +832,9 @@ static int context_struct_compute_av(context_struct_t * scontext,
+ sepol_security_class_t tclass,
+ sepol_access_vector_t requested,
+ struct sepol_av_decision *avd,
+- unsigned int *reason)
++ unsigned int *reason,
++ char **r_buf,
++ unsigned int flags)
+ {
+ constraint_node_t *constraint;
+ struct role_allow *ra;
+@@ -384,8 +909,8 @@ static int context_struct_compute_av(context_struct_t * scontext,
+ constraint = tclass_datum->constraints;
+ while (constraint) {
+ if ((constraint->permissions & (avd->allowed)) &&
+- !constraint_expr_eval(scontext, tcontext, NULL,
+- constraint->expr)) {
++ !constraint_expr_eval_reason(scontext, tcontext, NULL,
++ tclass, constraint, r_buf, flags)) {
+ avd->allowed =
+ (avd->allowed) & ~(constraint->permissions);
+ }
+@@ -460,8 +985,8 @@ int hidden sepol_validate_transition(sepol_security_id_t oldsid,
+
+ constraint = tclass_datum->validatetrans;
+ while (constraint) {
+- if (!constraint_expr_eval(ocontext, ncontext, tcontext,
+- constraint->expr)) {
++ if (!constraint_expr_eval_reason(ocontext, ncontext, tcontext,
++ 0, constraint, NULL, 0)) {
+ return -EPERM;
+ }
+ constraint = constraint->next;
+@@ -494,11 +1019,59 @@ int hidden sepol_compute_av_reason(sepol_security_id_t ssid,
+ }
+
+ rc = context_struct_compute_av(scontext, tcontext, tclass,
+- requested, avd, reason);
++ requested, avd, reason, NULL, 0);
+ out:
+ return rc;
+ }
+
++/*
++ * sepol_compute_av_reason_buffer - the reason buffer is malloc'd to
++ * REASON_BUF_SIZE. If the buffer size is exceeded, then it is realloc'd
++ * in the constraint_expr_eval_reason() function.
++ */
++int hidden sepol_compute_av_reason_buffer(sepol_security_id_t ssid,
++ sepol_security_id_t tsid,
++ sepol_security_class_t tclass,
++ sepol_access_vector_t requested,
++ struct sepol_av_decision *avd,
++ unsigned int *reason,
++ char **reason_buf,
++ unsigned int flags)
++{
++ *reason_buf = malloc(REASON_BUF_SIZE);
++ if (!*reason_buf) {
++ ERR(NULL, "failed to allocate reason buffer");
++ return -ENOMEM;
++ }
++ /*
++ * These are defined globally as the buffer can contain multiple
++ * constraint statements so need to keep track
++ */
++ reason_buf_used = 0;
++ reason_buf_len = REASON_BUF_SIZE;
++
++ context_struct_t *scontext = 0, *tcontext = 0;
++ int rc = 0;
++
++ scontext = sepol_sidtab_search(sidtab, ssid);
++ if (!scontext) {
++ ERR(NULL, "unrecognized SID %d", ssid);
++ rc = -EINVAL;
++ goto out;
++ }
++ tcontext = sepol_sidtab_search(sidtab, tsid);
++ if (!tcontext) {
++ ERR(NULL, "unrecognized SID %d", tsid);
++ rc = -EINVAL;
++ goto out;
++ }
++
++ rc = context_struct_compute_av(scontext, tcontext, tclass,
++ requested, avd, reason, reason_buf, flags);
++out:
++ return rc;
++}
++
+ int hidden sepol_compute_av(sepol_security_id_t ssid,
+ sepol_security_id_t tsid,
+ sepol_security_class_t tclass,
+@@ -511,6 +1084,70 @@ int hidden sepol_compute_av(sepol_security_id_t ssid,
+ }
+
+ /*
++ * Return a class ID associated with the class string specified by
++ * class_name.
++ */
++int hidden sepol_class_name_to_id(const char *class_name,
++ sepol_security_class_t *tclass)
++{
++ char *class = NULL;
++ sepol_security_class_t id;
++
++ for (id = 1; ; id++) {
++ if ((class = policydb->p_class_val_to_name[id - 1]) == NULL) {
++ ERR(NULL, "could not convert %s to class id", class_name);
++ return STATUS_ERR;
++ }
++ if ((strcmp(class, class_name)) == 0) {
++ *tclass = id;
++ return STATUS_SUCCESS;
++ }
++ }
++}
++
++/*
++ * Return access vector bit associated with the class ID and permission
++ * string.
++ */
++int hidden sepol_perm_name_to_av(sepol_security_class_t tclass,
++ const char *perm_name,
++ sepol_access_vector_t *av)
++{
++ class_datum_t *tclass_datum;
++ perm_datum_t *perm_datum;
++
++ if (!tclass || tclass > policydb->p_classes.nprim) {
++ ERR(NULL, "unrecognized class %d", tclass);
++ return -EINVAL;
++ }
++ tclass_datum = policydb->class_val_to_struct[tclass - 1];
++
++ /* Check for unique perms then the common ones (if any) */
++ perm_datum = (perm_datum_t *)
++ hashtab_search(tclass_datum->permissions.table,
++ (hashtab_key_t)perm_name);
++ if (perm_datum != NULL) {
++ *av = 0x1 << (perm_datum->s.value - 1);
++ return STATUS_SUCCESS;
++ }
++
++ if (tclass_datum->comdatum == NULL)
++ goto out;
++
++ perm_datum = (perm_datum_t *)
++ hashtab_search(tclass_datum->comdatum->permissions.table,
++ (hashtab_key_t)perm_name);
++
++ if (perm_datum != NULL) {
++ *av = 0x1 << (perm_datum->s.value - 1);
++ return STATUS_SUCCESS;
++ }
++out:
++ ERR(NULL, "could not convert %s to av bit", perm_name);
++ return STATUS_ERR;
++}
++
++/*
+ * Write the security context string representation of
+ * the context associated with `sid' into a dynamically
+ * allocated string of the correct size. Set `*scontext'
+@@ -1339,7 +1976,7 @@ int hidden sepol_get_user_sids(sepol_security_id_t fromsid,
+ rc = context_struct_compute_av(fromcon, &usercon,
+ SECCLASS_PROCESS,
+ PROCESS__TRANSITION,
+- &avd, &reason);
++ &avd, &reason, NULL, 0);
+ if (rc || !(avd.allowed & PROCESS__TRANSITION))
+ continue;
+ rc = sepol_sidtab_context_to_sid(sidtab, &usercon,
+diff --git a/libsepol/src/write.c b/libsepol/src/write.c
+index 55992f8..6fe73e6 100644
+--- a/libsepol/src/write.c
++++ b/libsepol/src/write.c
+@@ -893,8 +893,11 @@ static int write_cons_helper(policydb_t * p,
+ if (ebitmap_write(&e->names, fp)) {
+ return POLICYDB_ERROR;
+ }
+- if (p->policy_type != POLICY_KERN &&
+- type_set_write(e->type_names, fp)) {
++ if ((p->policy_type != POLICY_KERN &&
++ type_set_write(e->type_names, fp)) ||
++ (p->policy_type == POLICY_KERN &&
++ (p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES) &&
++ type_set_write(e->type_names, fp))) {
+ return POLICYDB_ERROR;
+ }
+ break;
diff --git a/SPECS/libsepol.spec b/SPECS/libsepol.spec
new file mode 100644
index 0000000..a792eba
--- /dev/null
+++ b/SPECS/libsepol.spec
@@ -0,0 +1,1123 @@
+Summary: SELinux binary policy manipulation library
+Name: libsepol
+Version: 2.1.9
+Release: 1%{?dist}
+License: LGPLv2+
+Group: System Environment/Libraries
+Source: http://www.nsa.gov/selinux/archives/libsepol-%{version}.tgz
+Patch: libsepol-rhat.patch
+URL: http://www.selinuxproject.org
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+%description
+Security-enhanced Linux is a feature of the Linux® kernel and a number
+of utilities with enhanced security functionality designed to add
+mandatory access controls to Linux. The Security-enhanced Linux
+kernel contains new architectural components originally developed to
+improve the security of the Flask operating system. These
+architectural components provide general support for the enforcement
+of many kinds of mandatory access control policies, including those
+based on the concepts of Type Enforcement®, Role-based Access
+Control, and Multi-level Security.
+
+libsepol provides an API for the manipulation of SELinux binary policies.
+It is used by checkpolicy (the policy compiler) and similar tools, as well
+as by programs like load_policy that need to perform specific transformations
+on binary policies such as customizing policy boolean settings.
+
+%package devel
+Summary: Header files and libraries used to build policy manipulation tools
+Group: Development/Libraries
+Requires: %{name} = %{version}-%{release}
+
+%description devel
+The libsepol-devel package contains the libraries and header files
+needed for developing applications that manipulate binary policies.
+
+%package static
+Summary: static libraries used to build policy manipulation tools
+Group: Development/Libraries
+Requires: %{name}-devel = %{version}-%{release}
+
+%description static
+The libsepol-static package contains the static libraries and header files
+needed for developing applications that manipulate binary policies.
+
+%prep
+%setup -q
+%patch -p2 -b .rhat
+
+# sparc64 is an -fPIC arch, so we need to fix it here
+%ifarch sparc64
+sed -i 's/fpic/fPIC/g' src/Makefile
+%endif
+
+%build
+make clean
+make %{?_smp_mflags} CFLAGS="%{optflags}"
+
+%install
+rm -rf ${RPM_BUILD_ROOT}
+mkdir -p ${RPM_BUILD_ROOT}/%{_lib}
+mkdir -p ${RPM_BUILD_ROOT}/%{_libdir}
+mkdir -p ${RPM_BUILD_ROOT}%{_includedir}
+mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
+mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man3
+mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8
+make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_lib}" install
+rm -f ${RPM_BUILD_ROOT}%{_bindir}/genpolbools
+rm -f ${RPM_BUILD_ROOT}%{_bindir}/genpolusers
+rm -f ${RPM_BUILD_ROOT}%{_bindir}/chkcon
+rm -rf ${RPM_BUILD_ROOT}%{_mandir}/man8
+
+%clean
+rm -rf ${RPM_BUILD_ROOT}
+
+%post
+/sbin/ldconfig
+[ -x /sbin/telinit ] && [ -p /dev/initctl ] && /sbin/telinit U
+exit 0
+
+%postun -p /sbin/ldconfig
+
+%files static
+%defattr(-,root,root)
+%{_libdir}/libsepol.a
+
+%files devel
+%defattr(-,root,root)
+%{_libdir}/libsepol.so
+%{_libdir}/pkgconfig/libsepol.pc
+%{_includedir}/sepol/*.h
+%{_mandir}/man3/*.3.gz
+%dir %{_includedir}/sepol
+%dir %{_includedir}/sepol/policydb
+%{_includedir}/sepol/policydb/*.h
+
+%files
+%defattr(-,root,root)
+/%{_lib}/libsepol.so.1
+
+%changelog
+* Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.9-1
+- Update to upstream
+ * filename_trans: use some better sorting to compare and merge
+ * coverity fixes
+ * implement default type policy syntax
+ * Fix memory leak issues found by Klocwork
+- Add CONTRAINT_NAMES to the kernel
+
+* Sun Jan 27 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.8-8
+- Update to latest patches from eparis/Upstream
+
+* Fri Jan 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.8-7
+- Update to latest patches from eparis/Upstream
+
+* Tue Jan 8 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.8-6
+- Fix libsepol.stack messages in audit2allow/audit2why
+
+* Fri Jan 4 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.8-5
+- Update to latest patches from eparis/Upstream
+
+* Tue Nov 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-4
+- Update Richard Haines patch to show constraint information
+
+* Mon Nov 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-3
+- Add sepol_compute_av_reason_buffer patch from Richard Haines
+
+* Wed Sep 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-2
+- Revert patch that was attempting to expand filetrans attributes, but is breaking filetrans rules
+
+* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-1
+- Update to upstream
+ * fix neverallow checking on attributes
+ * Move context_copy() after switch block in ocontext_copy_*().
+ * check for missing initial SID labeling statement.
+ * Add always_check_network policy capability
+ * role_fix_callback skips out-of-scope roles during expansion.
+
+* Mon Jul 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.7-4
+- Try new patches
+
+* Tue Jul 24 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.7-3
+- Revert patches
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.7-1
+- Update to upstream
+ * reserve policycapability for redhat testing of ptrace child
+ * cosmetic changes to make the source easier to read
+ * prepend instead of append to filename_trans list
+ * Android/MacOS X build support
+ * allocate enough space to hold filename in trans rules
+
+* Mon Apr 23 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.5-3
+- Fix off by one error that is causing file_name transition rules to be expanded- incorrectly on i686 machines
+
+* Tue Apr 17 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2
+- Add support for ptrace_child
+
+* Thu Mar 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
+- Update to upstream
+ * checkpolicy: implement new default labeling behaviors
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.4-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Wed Dec 21 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-5
+- Update to match eparis pool
+
+* Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-4
+- Additional fix for default transitioning labeling for semodule
+
+* Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-3
+- Add Eparis patch for handling of default transition labeling
+
+* Mon Dec 5 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2
+- Allow policy to specify the source of target for generating the default user,role
+- or mls label for a new target.
+
+* Fri Nov 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-1
+- Update to upstream
+ * regenerate .pc on VERSION change
+ * Move ebitmap_* functions from mcstrans to libsepol
+ * expand: do filename_trans type comparison on mapped representation
+
+* Mon Oct 31 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.3-2
+-The filename_trans code had a bug where duplicate detection was being
+done between the unmapped type value of a new rule and the type value of
+rules already in policy. This meant that duplicates were not being
+silently dropped and were instead outputting a message that there was a
+problem. It made things hard because the message WAS using the mapped
+type to convert to the string representation, so it didn't look like a
+dup!
+
+* Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.3-1
+-Update to upstream
+ * Skip writing role attributes for policy.X and
+ * Indicate when boolean is indeed a tunable.
+ * Separate tunable from boolean during compile.
+ * Write and read TUNABLE flags in related
+ * Copy and check the cond_bool_datum_t.flags during link.
+ * Permanently discard disabled branches of tunables in
+ * Skip tunable identifier and cond_node_t in expansion.
+ * Create a new preserve_tunables flag
+ * Preserve tunables when required by semodule program.
+ * setools expects expand_module_avrules to be an exported
+ * tree: default make target to all not
+
+* Thu Sep 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.2-3
+- Add patch to handle preserving tunables
+
+* Thu Sep 1 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.2-2
+- export expand_module_avrules
+
+* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.2-0
+- Update to upstream
+ * Only call role_fix_callback for base.p_roles during expansion.
+ * use mapped role number instead of module role number
+
+* Mon Aug 1 2011 Dan Walsh <dwalsh@redhat.com> 2.1.1-1
+- Update to upstream
+ * Minor fix to reading policy with filename transition rules
+
+* Wed Jul 27 2011 Dan Walsh <dwalsh@redhat.com> 2.1.0-1
+- Update to upstream
+ * Release, minor version bump
+
+* Tue May 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.45-1
+- Update to upstream
+ * Warn if filename_trans rules are dropped by Steve Lawrence.
+
+* Thu Apr 21 2011 Dan Walsh <dwalsh@redhat.com> 2.0.44-2
+- Fixes for new role_transition class field by Eric Paris.
+
+* Thu Apr 14 2011 Dan Walsh <dwalsh@redhat.com> 2.0.44-1
+-Update to upstream
+ * Fixes for new role_transition class field by Eric Paris.
+ * Add libsepol support for filename_trans rules by Eric Paris.
+
+* Tue Apr 12 2011 Dan Walsh <dwalsh@redhat.com> 2.0.43-3
+- re-add Erics patch for filename transitions
+
+* Tue Apr 12 2011 Dan Walsh <dwalsh@redhat.com> 2.0.43-1
+-Update to upstream
+ * Add new class field in role_transition by Harry Ciao.
+
+* Tue Mar 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.42-3
+- Apply Eparis Patch
+ This patch add libsepol support for filename_trans rules. These rules
+allow on to make labeling decisions for new objects based partially on
+the last path component. They are stored in a list. If we find that
+the number of rules grows to an significant size I will likely choose to
+store these in a hash, both in libsepol and in the kernel. But as long
+as the number of such rules stays small, this should be good.
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.42-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> 2.0.42-1
+- Upgrade to latest from NSA
+ * Fix compliation under GCC 4.6 by Justin Mattock
+
+* Thu Feb 18 2010 Dan Walsh <dwalsh@redhat.com> 2.0.41-3
+- Fix libsepol.pc file
+
+* Thu Jan 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.41-2
+- Resolve specfile problems
+Resolves: #555835
+
+* Wed Nov 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.41-1
+- Upgrade to latest from NSA
+ * Fixed typo in error message from Manoj Srivastava.
+
+* Mon Nov 2 2009 Dan Walsh <dwalsh@redhat.com> 2.0.40-1
+- Upgrade to latest from NSA
+ * Add pkgconfig file from Eamon Walsh.
+
+* Wed Oct 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.39-1
+- Upgrade to latest from NSA
+ * Add support for building Xen policies from Paul Nuzzi.
+
+* Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.38-1
+- Upgrade to latest from NSA
+ * Check last offset in the module package against the file size.
+ Reported by Manoj Srivastava for bug filed by Max Kellermann.
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.37-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> 2.0.37-1
+- Upgrade to latest from NSA
+ * Add method to check disable dontaudit flag from Christopher Pardy.
+
+* Wed Mar 25 2009 Dan Walsh <dwalsh@redhat.com> 2.0.36-1
+- Upgrade to latest from NSA
+ * Fix boolean state smashing from Joshua Brindle.
+
+* Thu Mar 5 2009 Dan Walsh <dwalsh@redhat.com> 2.0.35-3
+- Fix license specification to be LGPL instead of GPL
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.35-2
+
+* Wed Feb 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.35-1
+- Upgrade to latest from NSA
+ * Fix alias field in module format, caused by boundary format change
+ from Caleb Case.
+
+* Tue Oct 14 2008 Dan Walsh <dwalsh@redhat.com> 2.0.34-1
+- Upgrade to latest from NSA
+ * Add bounds support from KaiGai Kohei.
+ * Fix invalid aliases bug from Joshua Brindle.
+
+* Tue Sep 30 2008 Dan Walsh <dwalsh@redhat.com> 2.0.33-1
+- Upgrade to latest from NSA
+ * Revert patch that removed expand_rule.
+
+* Mon Jul 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.32-1
+- Upgrade to latest from NSA
+ * Allow require then declare in the source policy from Joshua Brindle.
+
+* Sun Jun 22 2008 Dan Walsh <dwalsh@redhat.com> 2.0.31-1
+- Upgrade to latest from NSA
+ * Fix mls_semantic_level_expand() to handle a user require w/o MLS information from Stephen Smalley.
+
+* Wed Jun 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.30-1
+- Upgrade to latest from NSA
+ * Fix endianness bug in the handling of network node addresses from Stephen Smalley.
+ Only affects big endian platforms.
+ Bug reported by John Weeks of Sun upon policy mismatch between x86 and sparc.
+
+* Wed May 28 2008 Dan Walsh <dwalsh@redhat.com> 2.0.29-1
+- Upgrade to latest from NSA
+ * Merge user and role mapping support from Joshua Brindle.
+
+* Mon May 19 2008 Dan Walsh <dwalsh@redhat.com> 2.0.28-1
+- Upgrade to latest from NSA
+ * Fix mls_level_convert() to gracefully handle an empty user declaration/require from Stephen Smalley.
+ * Belatedly merge test for policy downgrade from Todd Miller.
+
+* Thu Mar 27 2008 Dan Walsh <dwalsh@redhat.com> 2.0.26-1
+- Upgrade to latest from NSA
+ * Add permissive domain support from Eric Paris.
+
+* Thu Mar 13 2008 Dan Walsh <dwalsh@redhat.com> 2.0.25-1
+- Upgrade to latest from NSA
+ * Drop unused ->buffer field from struct policy_file.
+ * Add policy_file_init() initalizer for struct policy_file and use it, from Todd C. Miller.
+
+
+* Thu Feb 28 2008 Dan Walsh <dwalsh@redhat.com> 2.0.23-1
+- Upgrade to latest from NSA
+ * Accept "Flask" as an alternate identifier string in kernel policies from Stephen Smalley.
+ * Add support for open_perms policy capability from Eric Paris.
+
+* Wed Feb 20 2008 Dan Walsh <dwalsh@redhat.com> 2.0.21-1
+- Upgrade to latest from NSA
+ * Fix invalid memory allocation in policydb_index_others() from Jason Tang.
+
+* Mon Feb 4 2008 Dan Walsh <dwalsh@redhat.com> 2.0.20-1
+- Upgrade to latest from NSA
+ * Port of Yuichi Nakamura's tune avtab to reduce memory usage patch from the kernel avtab to libsepol from Stephen Smalley.
+
+* Sat Feb 2 2008 Dan Walsh <dwalsh@redhat.com> 2.0.19-1
+- Upgrade to latest from NSA
+ * Add support for consuming avrule_blocks during expansion to reduce
+ peak memory usage.
+
+* Mon Jan 21 2008 Dan Walsh <dwalsh@redhat.com> 2.0.18-2
+- Fixed for spec review
+
+* Fri Jan 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.18-1
+- Upgrade to latest from NSA
+ * Added support for policy capabilities from Todd Miller.
+ * Prevent generation of policy.18 with MLS enabled from Todd Miller.
+
+* Mon Dec 10 2007 Dan Walsh <dwalsh@redhat.com> 2.0.16-1
+- Upgrade to latest from NSA
+ * print module magic number in hex on mismatch, from Todd Miller.
+
+* Fri Nov 30 2007 Dan Walsh <dwalsh@redhat.com> 2.0.15-1
+- Upgrade to latest from NSA
+ * clarify and reduce neverallow error reporting from Stephen Smalley.
+
+* Tue Nov 6 2007 Dan Walsh <dwalsh@redhat.com> 2.0.14-1
+- Upgrade to latest from NSA
+ * Reject self aliasing at link time from Stephen Smalley.
+ * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley.
+ * Fixed bug in require checking from Stephen Smalley.
+ * Added user hierarchy checking from Todd Miller.
+
+* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> 2.0.11-1
+ * Pass CFLAGS to CC even on link command, per Dennis Gilmore.
+
+* Tue Sep 18 2007 Dan Walsh <dwalsh@redhat.com> 2.0.10-1
+- Upgrade to latest from NSA
+ * Merged support for the handle_unknown policydb flag from Eric Paris.
+
+* Fri Aug 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-1
+- Upgrade to latest from NSA
+ * Moved next_entry and put_entry out-of-line to reduce code size from Ulrich Drepper.
+ * Fixed module_package_read_offsets bug introduced by the prior patch.
+
+* Thu Aug 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-1
+- Upgrade to latest from NSA
+ * Eliminate unaligned accesses from policy reading code from Stephen Smalley.
+
+* Mon Aug 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.6-1
+- Upgrade to latest from NSA
+ * Allow dontaudits to be turned off during policy expansion
+
+
+* Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> 2.0.5-1
+- Upgrade to latest from NSA
+ * Fix sepol_context_clone to handle a NULL context correctly.
+ This happens for e.g. semanage_fcontext_set_con(sh, fcontext, NULL)
+ to set the file context entry to "<<none>>".
+- Apply patch from Joshua Brindle to disable dontaudit rules
+
+
+* Thu Jun 21 2007 Dan Walsh <dwalsh@redhat.com> 2.0.4-1
+- Upgrade to latest from NSA
+ * Merged error handling patch from Eamon Walsh.
+
+* Tue Apr 17 2007 Dan Walsh <dwalsh@redhat.com> 2.0.3-1
+- Upgrade to latest from NSA
+ * Merged add boolmap argument to expand_module_avrules() from Chris PeBenito.
+
+* Fri Mar 30 2007 Dan Walsh <dwalsh@redhat.com> 2.0.2-1
+- Upgrade to latest from NSA
+ * Merged fix from Karl to remap booleans at expand time to
+ avoid holes in the symbol table.
+
+* Wed Feb 7 2007 Dan Walsh <dwalsh@redhat.com> 2.0.1-1
+- Upgrade to latest from NSA
+ * Merged libsepol segfault fix from Stephen Smalley for when
+ sensitivities are required but not present in the base.
+ * Merged patch to add errcodes.h to libsepol by Karl MacMillan.
+
+* Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> 1.16.0-1
+- Upgrade to latest from NSA
+ * Updated version for stable branch.
+
+* Tue Dec 12 2006 Adam Jackson <ajax@redhat.com> 1.15.3-1
+- Add dist tag and rebuild, fixes 6 to 7 upgrades.
+
+* Tue Nov 28 2006 Dan Walsh <dwalsh@redhat.com> 1.15.3-1
+- Upgrade to latest from NSA
+ * Merged patch to compile wit -fPIC instead of -fpic from
+ Manoj Srivastava to prevent hitting the global offest table
+ limit. Patch changed to include libselinux and libsemanage in
+ addition to libselinux.
+
+* Wed Nov 1 2006 Dan Walsh <dwalsh@redhat.com> 1.15.2-1
+- Upgrade to latest from NSA
+ * Merged fix from Karl MacMillan for a segfault when linking
+ non-MLS modules with users in them.
+
+* Tue Oct 24 2006 Dan Walsh <dwalsh@redhat.com> 1.15.1-1
+- Upgrade to latest from NSA
+ * Merged fix for version comparison that was preventing range
+ transition rules from being written for a version 5 base policy
+ from Darrel Goeddel.
+
+* Tue Oct 17 2006 Dan Walsh <dwalsh@redhat.com> 1.14-1
+- NSA Released version - Same as previous but changed release number
+
+* Tue Oct 17 2006 Dan Walsh <dwalsh@redhat.com> 1.12.28-1
+- Upgrade to latest from NSA
+ * Build libsepol's static object files with -fpic
+
+* Thu Sep 28 2006 Dan Walsh <dwalsh@redhat.com> 1.12.27-1
+- Upgrade to latest from NSA
+ * Merged mls user and range_transition support in modules
+ from Darrel Goeddel
+
+* Wed Sep 6 2006 Dan Walsh <dwalsh@redhat.com> 1.12.26-1
+- Upgrade to latest from NSA
+ * Merged range transition enhancements and user format changes
+ Darrel Goeddel
+
+* Fri Aug 25 2006 Dan Walsh <dwalsh@redhat.com> 1.12.25-3
+- Fix location of include directory to devel package
+
+* Fri Aug 25 2006 Dan Walsh <dwalsh@redhat.com> 1.12.25-2
+- Remove invalid Requires
+
+* Thu Aug 24 2006 Dan Walsh <dwalsh@redhat.com> 1.12.25-1
+- Upgrade to latest from NSA
+ * Merged conditionally expand neverallows patch from Jeremy Mowery.
+ * Merged refactor expander patch from Jeremy Mowery.
+
+* Thu Aug 3 2006 Dan Walsh <dwalsh@redhat.com> 1.12.24-1
+- Upgrade to latest from NSA
+ * Merged libsepol unit tests from Joshua Brindle.
+ * Merged symtab datum patch from Karl MacMillan.
+ * Merged netfilter contexts support from Chris PeBenito.
+
+* Tue Aug 1 2006 Dan Walsh <dwalsh@redhat.com> 1.12.21-1
+- Upgrade to latest from NSA
+ * Merged helpful hierarchy check errors patch from Joshua Brindle.
+ * Merged semodule_deps patch from Karl MacMillan.
+ This adds source module names to the avrule decls.
+
+* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.12.19-1.1
+- rebuild
+
+* Tue Jul 4 2006 Dan Walsh <dwalsh@redhat.com> 1.12.19-1
+- Upgrade to latest from NSA
+ * Lindent.
+ * Merged optionals in base take 2 patch set from Joshua Brindle.
+
+* Tue Jun 13 2006 Bill Nottingham <notting@redhat.com> 1.12.17-2
+- bump so it's newer than the FC5 version
+
+* Mon Jun 5 2006 Dan Walsh <dwalsh@redhat.com> 1.12.17-1
+- Upgrade to latest from NSA
+ * Revert 1.12.16.
+ * Merged cleaner fix for bool_ids overflow from Karl MacMillan,
+ replacing the prior patch.
+ * Merged fixes for several memory leaks in the error paths during
+ policy read from Serge Hallyn.
+
+* Tue May 30 2006 Dan Walsh <dwalsh@redhat.com> 1.12.14-1
+- Upgrade to latest from NSA
+ * Fixed bool_ids overflow bug in cond_node_find and cond_copy_list,
+ based on bug report and suggested fix by Cedric Roux.
+ * Merged sens_copy_callback, check_role_hierarchy_callback,
+ and node_from_record fixes from Serge Hallyn.
+
+* Tue May 23 2006 Dan Walsh <dwalsh@redhat.com> 1.12.12-1
+- Upgrade to latest from NSA
+ * Added sepol_policydb_compat_net() interface for testing whether
+ a policy requires the compatibility support for network checks
+ to be enabled in the kernel.
+
+* Thu May 18 2006 Dan Walsh <dwalsh@redhat.com> 1.12.11-1
+- Upgrade to latest from NSA
+ * Merged patch to initialize sym_val_to_name arrays from Kevin Carr.
+ Reworked to use calloc in the first place, and converted some other
+ malloc/memset pairs to calloc calls.
+
+* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> 1.12.10-1
+- Upgrade to latest from NSA
+ * Merged patch to revert role/user decl upgrade from Karl MacMillan.
+
+* Thu May 11 2006 Steve Grubb <sgrubb@redhat.com> 1.12.9
+- Couple minor spec file clean ups
+
+* Mon May 8 2006 Dan Walsh <dwalsh@redhat.com> 1.12.9-1
+- Upgrade to latest from NSA
+ * Dropped tests from all Makefile target.
+ * Merged fix warnings patch from Karl MacMillan.
+ * Merged libsepol test framework patch from Karl MacMillan.
+
+* Mon May 1 2006 Dan Walsh <dwalsh@redhat.com> 1.12.6-1
+- Upgrade to latest from NSA
+ * Fixed cond_normalize to traverse the entire cond list at link time.
+
+* Wed Apr 5 2006 Dan Walsh <dwalsh@redhat.com> 1.12.5-1
+- Upgrade to latest from NSA
+ * Merged fix for leak of optional package sections from Ivan Gyurdiev.
+
+* Wed Mar 29 2006 Dan Walsh <dwalsh@redhat.com> 1.12.4-1
+- Upgrade to latest from NSA
+ * Generalize test for bitmap overflow in ebitmap_set_bit.
+
+* Mon Mar 27 2006 Dan Walsh <dwalsh@redhat.com> 1.12.3-1
+- Upgrade to latest from NSA
+ * Fixed attr_convert_callback and expand_convert_type_set
+ typemap bug.
+
+* Fri Mar 24 2006 Dan Walsh <dwalsh@redhat.com> 1.12.2-1
+- Upgrade to latest from NSA
+ * Fixed avrule_block_write num_decls endian bug.
+
+* Fri Mar 17 2006 Dan Walsh <dwalsh@redhat.com> 1.12.1-1
+- Upgrade to latest from NSA
+ * Fixed sepol_module_package_write buffer overflow bug.
+
+* Fri Mar 10 2006 Dan Walsh <dwalsh@redhat.com> 1.12-2
+- Upgrade to latest from NSA
+ * Updated version for release.
+ * Merged cond_evaluate_expr fix from Serge Hallyn (IBM).
+ * Fixed bug in copy_avrule_list reported by Ivan Gyurdiev.
+ * Merged sepol_policydb_mls_enabled interface and error handling
+ changes from Ivan Gyurdiev.
+
+* Mon Feb 20 2006 Dan Walsh <dwalsh@redhat.com> 1.11.18-2
+- Rebuild for fc5-head
+
+* Fri Feb 17 2006 Dan Walsh <dwalsh@redhat.com> 1.11.18-1
+- Upgrade to latest from NSA
+ * Merged node_expand_addr bugfix and node_compare* change from
+ Ivan Gyurdiev.
+
+* Thu Feb 16 2006 Dan Walsh <dwalsh@redhat.com> 1.11.17-1
+- Upgrade to latest from NSA
+ * Merged nodes, ports: always prepend patch from Ivan Gyurdiev.
+ * Merged bug fix patch from Ivan Gyurdiev.
+ * Added a defined flag to level_datum_t for use by checkpolicy.
+ * Merged nodecon support patch from Ivan Gyurdiev.
+ * Merged cleanups patch from Ivan Gyurdiev.
+
+* Mon Feb 13 2006 Dan Walsh <dwalsh@redhat.com> 1.11.14-2
+- Fix post install not to fire if /dev/initctr does not exist
+
+* Mon Feb 13 2006 Dan Walsh <dwalsh@redhat.com> 1.11.14-1
+- Upgrade to latest from NSA
+ * Merged optionals in base patch from Joshua Brindle.
+
+* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.11.13-1.1
+- bump again for double-long bug on ppc(64)
+
+* Tue Feb 7 2006 Dan Walsh <dwalsh@redhat.com> 1.11.13-1
+- Upgrade to latest from NSA
+ * Merged seuser/user_extra support patch from Joshua Brindle.
+ * Merged fix patch from Ivan Gyurdiev.
+
+* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.11.12-1.1
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Thu Feb 2 2006 Dan Walsh <dwalsh@redhat.com> 1.11.12-1
+- Upgrade to latest from NSA
+ * Merged assertion copying bugfix from Joshua Brindle.
+ * Merged sepol_av_to_string patch from Joshua Brindle.
+ * Merged clone record on set_con patch from Ivan Gyurdiev.
+
+* Mon Jan 30 2006 Dan Walsh <dwalsh@redhat.com> 1.11.10-1
+- Upgrade to latest from NSA
+ * Merged cond_expr mapping and package section count bug fixes
+ from Joshua Brindle.
+ * Merged improve port/fcontext API patch from Ivan Gyurdiev.
+ * Merged fixes for overflow bugs on 64-bit from Ivan Gyurdiev.
+
+* Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.11.9-1
+- Upgrade to latest from NSA
+ * Merged size_t -> unsigned int patch from Ivan Gyurdiev.
+
+* Tue Jan 10 2006 Dan Walsh <dwalsh@redhat.com> 1.11.8-1
+- Upgrade to latest from NSA
+ * Merged 2nd const in APIs patch from Ivan Gyurdiev.
+
+* Fri Jan 6 2006 Dan Walsh <dwalsh@redhat.com> 1.11.7-1
+- Upgrade to latest from NSA
+ * Merged const in APIs patch from Ivan Gyurdiev.
+ * Merged compare2 function patch from Ivan Gyurdiev.
+ * Fixed hierarchy checker to only check allow rules.
+
+* Thu Jan 5 2006 Dan Walsh <dwalsh@redhat.com> 1.11.5-1
+- Upgrade to latest from NSA
+ * Merged further fixes from Russell Coker, specifically:
+ - av_to_string overflow checking
+ - sepol_context_to_string error handling
+ - hierarchy checking memory leak fixes and optimizations
+ - avrule_block_read variable initialization
+ * Marked deprecated code in genbools and genusers.
+
+* Thu Jan 5 2006 Dan Walsh <dwalsh@redhat.com> 1.11.4-1
+- Upgrade to latest from NSA
+ * Merged bugfix for sepol_port_modify from Russell Coker.
+ * Fixed bug in sepol_iface_modify error path noted by Ivan Gyurdiev.
+ * Merged port ordering patch from Ivan Gyurdiev.
+
+* Wed Jan 4 2006 Dan Walsh <dwalsh@redhat.com> 1.11.2-2
+- Upgrade to latest from NSA
+ * Merged patch series from Ivan Gyurdiev.
+ This includes patches to:
+ - support ordering of records in compare function
+ - enable port interfaces
+ - add interfaces for context validity and range checks
+ - add include guards
+
+* Tue Dec 27 2005 Dan Walsh <dwalsh@redhat.com> 1.11.1-2
+- Add Ivans patch to make ports work
+
+* Fri Dec 16 2005 Dan Walsh <dwalsh@redhat.com> 1.11.1-1
+- Upgrade to latest from NSA
+ * Fixed mls_range_cpy bug.
+
+* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
+- rebuilt
+
+* Wed Dec 7 2005 Dan Walsh <dwalsh@redhat.com> 1.10-1
+- Upgrade to latest from NSA
+
+* Mon Dec 5 2005 Dan Walsh <dwalsh@redhat.com> 1.9.42-1
+- Upgrade to latest from NSA
+ * Dropped handle from user_del_role interface.
+
+* Mon Nov 28 2005 Dan Walsh <dwalsh@redhat.com> 1.9.41-1
+- Upgrade to latest from NSA
+ * Merged remove defrole from sepol patch from Ivan Gyurdiev.
+
+* Wed Nov 16 2005 Dan Walsh <dwalsh@redhat.com> 1.9.40-1
+- Upgrade to latest from NSA
+ * Merged module function and map file cleanup from Ivan Gyurdiev.
+ * Merged MLS and genusers cleanups from Ivan Gyurdiev.
+
+* Wed Nov 9 2005 Dan Walsh <dwalsh@redhat.com> 1.9.39-1
+- Upgrade to latest from NSA
+ Prepare for removal of booleans* and *.users files.
+ * Cleaned up sepol_genbools to not regenerate the image if
+ there were no changes in the boolean values, including the
+ degenerate case where there are no booleans or booleans.local
+ files.
+ * Cleaned up sepol_genusers to not warn on missing local.users.
+
+* Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.9.38-1
+- Upgrade to latest from NSA
+ * Removed sepol_port_* from libsepol.map, as the port interfaces
+ are not yet stable.
+
+* Mon Nov 7 2005 Dan Walsh <dwalsh@redhat.com> 1.9.37-1
+- Upgrade to latest from NSA
+ * Merged context destroy cleanup patch from Ivan Gyurdiev.
+
+* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 1.9.36-1
+- Upgrade to latest from NSA
+ * Merged context_to_string interface change patch from Ivan Gyurdiev.
+
+* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 1.9.35-1
+- Upgrade to latest from NSA
+ * Added src/dso.h and src/*_internal.h.
+ Added hidden_def for exported symbols used within libsepol.
+ Added hidden for symbols that should not be exported by
+ the wildcards in libsepol.map.
+
+* Mon Oct 31 2005 Dan Walsh <dwalsh@redhat.com> 1.9.34-1
+- Upgrade to latest from NSA
+ * Merged record interface, record bugfix, and set_roles patches
+ from Ivan Gyurdiev.
+
+* Fri Oct 28 2005 Dan Walsh <dwalsh@redhat.com> 1.9.33-1
+- Upgrade to latest from NSA
+ * Merged count specification change from Ivan Gyurdiev.
+
+* Wed Oct 26 2005 Dan Walsh <dwalsh@redhat.com> 1.9.32-1
+- Upgrade to latest from NSA
+ * Added further checking and error reporting to
+ sepol_module_package_read and _info.
+ * Merged sepol handle passing, DEBUG conversion, and memory leak
+ fix patches from Ivan Gyurdiev.
+
+* Tue Oct 25 2005 Dan Walsh <dwalsh@redhat.com> 1.9.30-1
+- Upgrade to latest from NSA
+ * Removed processing of system.users from sepol_genusers and
+ dropped delusers logic.
+ * Removed policydb_destroy from error path of policydb_read,
+ since create/init/destroy/free of policydb is handled by the
+ caller now.
+ * Fixed sepol_module_package_read to handle a failed policydb_read
+ properly.
+ * Merged query/exists and count patches from Ivan Gyurdiev.
+ * Merged fix for pruned types in expand code from Joshua Brindle.
+ * Merged new module package format code from Joshua Brindle.
+
+
+* Mon Oct 24 2005 Dan Walsh <dwalsh@redhat.com> 1.9.26-1
+- Upgrade to latest from NSA
+ * Merged context interface cleanup, record conversion code,
+ key passing, and bug fix patches from Ivan Gyurdiev.
+
+* Fri Oct 21 2005 Dan Walsh <dwalsh@redhat.com> 1.9.25-1
+- Upgrade to latest from NSA
+ * Merged users cleanup patch from Ivan Gyurdiev.
+ * Merged user record memory leak fix from Ivan Gyurdiev.
+ * Merged reorganize users patch from Ivan Gyurdiev.
+
+- Need to check for /sbin/telinit
+
+* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.9.23-1
+- Upgrade to latest from NSA
+ * Added check flag to expand_module() to control assertion
+ and hierarchy checking on expansion.
+ * Reworked check_assertions() and hierarchy_check_constraints()
+ to take handles and use callback-based error reporting.
+ * Changed expand_module() to call check_assertions() and
+ hierarchy_check_constraints() prior to returning the expanded
+ policy.
+
+* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.9.21-1
+- Upgrade to latest from NSA
+ * Changed sepol_module_package_set_file_contexts to copy the
+ file contexts data since it is internally managed.
+ * Added sepol_policy_file_set_handle interface to associate
+ a handle with a policy file.
+ * Added handle argument to policydb_from_image/to_image.
+ * Added sepol_module_package_set_file_contexts interface.
+ * Dropped sepol_module_package_create_file interface.
+ * Reworked policydb_read/write, policydb_from_image/to_image,
+ and sepol_module_package_read/write to use callback-based error
+ reporting system rather than DEBUG.
+
+* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.9.19-1
+- Upgrade to latest from NSA
+ * Reworked link_packages, link_modules, and expand_module to use
+ callback-based error reporting system rather than error buffering.
+
+* Sat Oct 15 2005 Dan Walsh <dwalsh@redhat.com> 1.9.18-1
+- Upgrade to latest from NSA
+ * Merged conditional expression mapping fix in the module linking
+ code from Joshua Brindle.
+
+* Fri Oct 14 2005 Dan Walsh <dwalsh@redhat.com> 1.9.17-2
+- Tell init to reexec itself in post script
+
+* Mon Oct 10 2005 Dan Walsh <dwalsh@redhat.com> 1.9.17-1
+- Upgrade to latest from NSA
+ * Hid sepol_module_package type definition, and added get interfaces.
+ * Merged new callback-based error reporting system from Ivan
+ Gyurdiev.
+ * Merged support for require blocks inside conditionals from
+ Joshua Brindle (Tresys).
+
+* Mon Oct 10 2005 Dan Walsh <dwalsh@redhat.com> 1.9.14.1-1
+- Upgrade to latest from NSA
+ * Fixed use of policydb_from_image/to_image to ensure proper
+ init of policydb.
+ * Isolated policydb internal headers under <sepol/policydb/*.h>.
+ These headers should only be used by users of the static libsepol.
+ Created new <sepol/policydb.h> with new public types and interfaces
+ for shared libsepol.
+ Created new <sepol/module.h> with public types and interfaces moved
+ or wrapped from old module.h, link.h, and expand.h, adjusted for
+ new public types for policydb and policy_file.
+ Added public interfaces to libsepol.map.
+ Some implementation changes visible to users of the static libsepol:
+ 1) policydb_read no longer calls policydb_init.
+ Caller must do so first.
+ 2) policydb_init no longer takes policy_type argument.
+ Caller must set policy_type separately.
+ 3) expand_module automatically enables the global branch.
+ Caller no longer needs to do so.
+ 4) policydb_write uses the policy_type and policyvers from the
+ policydb itself, and sepol_set_policyvers() has been removed.
+
+* Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.9.12-1
+- Upgrade to latest from NSA
+ * Merged function renaming and static cleanup from Ivan Gyurdiev.
+
+* Thu Oct 6 2005 Dan Walsh <dwalsh@redhat.com> 1.9.11-1
+- Upgrade to latest from NSA
+ * Merged bug fix for check_assertions handling of no assertions
+ from Joshua Brindle (Tresys).
+
+* Tue Oct 4 2005 Dan Walsh <dwalsh@redhat.com> 1.9.10-1
+- Upgrade to latest from NSA
+ * Merged iterate patch from Ivan Gyurdiev.
+ * Merged MLS in modules patch from Joshua Brindle (Tresys).
+
+* Mon Oct 3 2005 Dan Walsh <dwalsh@redhat.com> 1.9.8-1
+- Upgrade to latest from NSA
+ * Merged pointer typedef elimination patch from Ivan Gyurdiev.
+ * Merged user list function, new mls functions, and bugfix patch
+ from Ivan Gyurdiev.
+
+* Wed Sep 28 2005 Dan Walsh <dwalsh@redhat.com> 1.9.7-1
+- Upgrade to latest from NSA
+ * Merged sepol_get_num_roles fix from Karl MacMillan (Tresys).
+
+* Fri Sep 23 2005 Dan Walsh <dwalsh@redhat.com> 1.9.6-1
+- Upgrade to latest from NSA
+ * Merged bug fix patches from Joshua Brindle (Tresys).
+
+* Wed Sep 21 2005 Dan Walsh <dwalsh@redhat.com> 1.9.5-1
+- Upgrade to latest from NSA
+ * Merged boolean record and memory leak fix patches from Ivan
+ Gyurdiev.
+
+* Tue Sep 20 2005 Dan Walsh <dwalsh@redhat.com> 1.9.4-1
+- Upgrade to latest from NSA
+ * Merged interface record patch from Ivan Gyurdiev.
+
+* Thu Sep 15 2005 Dan Walsh <dwalsh@redhat.com> 1.9.3-1
+- Upgrade to latest from NSA
+ * Merged fix for sepol_enable/disable_debug from Ivan
+ Gyurdiev.
+
+* Wed Sep 14 2005 Dan Walsh <dwalsh@redhat.com> 1.9.1-2
+- Upgrade to latest from NSA
+ * Merged stddef.h patch and debug conversion patch from
+ Ivan Gyurdiev.
+
+* Mon Sep 12 2005 Dan Walsh <dwalsh@redhat.com> 1.9.1-1
+- Upgrade to latest from NSA
+ * Fixed expand_avtab and expand_cond_av_list to keep separate
+ entries with identical keys but different enabled flags.
+ * Updated version for release.
+
+* Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 1.7.24-1
+- Upgrade to latest from NSA
+ * Fixed symtab_insert return value for duplicate declarations.
+ * Merged fix for memory error in policy_module_destroy from
+ Jason Tang (Tresys).
+
+* Mon Aug 29 2005 Dan Walsh <dwalsh@redhat.com> 1.7.22-1
+- Upgrade to latest from NSA
+ * Merged fix for memory leak in sepol_context_to_sid from
+ Jason Tang (Tresys).
+ * Merged fixes for resource leaks on error paths and
+ change to scope_destroy from Joshua Brindle (Tresys).
+
+* Tue Aug 23 2005 Dan Walsh <dwalsh@redhat.com> 1.7.20-1
+- Upgrade to latest from NSA
+ * Merged more fixes for resource leaks on error paths
+ from Serge Hallyn (IBM). Bugs found by Coverity.
+
+* Fri Aug 19 2005 Dan Walsh <dwalsh@redhat.com> 1.7.19-1
+- Upgrade to latest from NSA
+ * Changed to treat all type conflicts as fatal errors.
+ * Merged several error handling fixes from
+ Serge Hallyn (IBM). Bugs found by Coverity.
+
+* Mon Aug 15 2005 Dan Walsh <dwalsh@redhat.com> 1.7.17-1
+- Upgrade to latest from NSA
+ * Fixed several memory leaks found by valgrind.
+
+* Sun Aug 14 2005 Dan Walsh <dwalsh@redhat.com> 1.7.15-1
+- Upgrade to latest from NSA
+ * Fixed empty list test in cond_write_av_list. Bug found by
+ Coverity, reported by Serge Hallyn (IBM).
+ * Merged patch to policydb_write to check errors
+ when writing the type->attribute reverse map from
+ Serge Hallyn (IBM). Bug found by Coverity.
+ * Fixed policydb_destroy to properly handle NULL type_attr_map
+ or attr_type_map.
+
+* Sat Aug 13 2005 Dan Walsh <dwalsh@redhat.com> 1.7.14-1
+- Upgrade to latest from NSA
+ * Fixed empty list test in cond_write_av_list. Bug found by
+ Coverity, reported by Serge Hallyn (IBM).
+ * Merged patch to policydb_write to check errors
+ when writing the type->attribute reverse map from
+ Serge Hallyn (IBM). Bug found by Coverity.
+ * Fixed policydb_destroy to properly handle NULL type_attr_map
+ or attr_type_map.
+
+
+* Thu Aug 11 2005 Dan Walsh <dwalsh@redhat.com> 1.7.13-1
+- Upgrade to latest from NSA
+ * Improved memory use by SELinux by both reducing the avtab
+ node size and reducing the number of avtab nodes (by not
+ expanding attributes in TE rules when possible). Added
+ expand_avtab and expand_cond_av_list functions for use by
+ assertion checker, hierarchy checker, compatibility code,
+ and dispol. Added new inline ebitmap operators and converted
+ existing users of ebitmaps to the new operators for greater
+ efficiency.
+ Note: The binary policy format version has been incremented to
+ version 20 as a result of these changes.
+
+* Thu Aug 11 2005 Dan Walsh <dwalsh@redhat.com> 1.7.12-1
+- Upgrade to latest from NSA
+ * Fixed bug in constraint_node_clone handling of name sets.
+
+* Wed Aug 10 2005 Dan Walsh <dwalsh@redhat.com> 1.7.11-1
+- Upgrade to latest from NSA
+ * Fix range_trans_clone to map the type values properly.
+
+* Fri Aug 5 2005 Dan Walsh <dwalsh@redhat.com> 1.7.10-1
+- Upgrade to latest from NSA
+ * Merged patch to move module read/write code from libsemanage
+ to libsepol from Jason Tang (Tresys).
+
+* Tue Aug 2 2005 Dan Walsh <dwalsh@redhat.com> 1.7.9-1
+- Upgrade to latest from NSA
+ * Enabled further compiler warning flags and fixed them.
+ * Merged user, context, port records patch from Ivan Gyurdiev.
+ * Merged key extract function patch from Ivan Gyurdiev.
+ * Merged mls_context_to_sid bugfix from Ivan Gyurdiev.
+
+* Wed Jul 27 2005 Dan Walsh <dwalsh@redhat.com> 1.7.6-2
+- Fix MLS Free
+
+* Mon Jul 25 2005 Dan Walsh <dwalsh@redhat.com> 1.7.6-1
+- Upgrade to latest from NSA
+ * Merged context reorganization, memory leak fixes,
+ port and interface loading, replacements for genusers and
+ genbools, debug traceback, and bugfix patches from Ivan Gyurdiev.
+ * Merged uninitialized variable bugfix from Dan Walsh.
+
+* Mon Jul 25 2005 Dan Walsh <dwalsh@redhat.com> 1.7.5-2
+- Fix unitialized variable problem
+
+* Mon Jul 18 2005 Dan Walsh <dwalsh@redhat.com> 1.7.5-1
+- Upgrade to latest from NSA
+ * Merged debug support, policydb conversion functions from Ivan Gyurdiev (Red Hat).
+ * Removed genpolbools and genpolusers utilities.
+ * Merged hierarchy check fix from Joshua Brindle (Tresys).
+
+
+
+* Thu Jul 14 2005 Dan Walsh <dwalsh@redhat.com> 1.7.3-1
+- Upgrade to latest from NSA
+ * Merged header file cleanup and memory leak fix from Ivan Gyurdiev (Red Hat).
+ * Merged genbools debugging message cleanup from Red Hat.
+
+* Thu Jul 7 2005 Dan Walsh <dwalsh@redhat.com> 1.7-2
+- Remove genpolbools and genpoluser
+
+* Thu Jul 7 2005 Dan Walsh <dwalsh@redhat.com> 1.7-1
+- Upgrade to latest from NSA
+ * Merged loadable module support from Tresys Technology.
+
+* Wed Jun 29 2005 Dan Walsh <dwalsh@redhat.com> 1.6-1
+- Upgrade to latest from NSA
+ * Updated version for release.
+
+* Tue May 17 2005 Dan Walsh <dwalsh@redhat.com> 1.5.10-1
+- Fix reset booleans warning message
+- Upgrade to latest from NSA
+ * License changed to LGPL v2.1, see COPYING.
+
+* Tue May 17 2005 Dan Walsh <dwalsh@redhat.com> 1.5.9-2
+- Upgrade to latest from NSA
+ * Added sepol_genbools_policydb and sepol_genusers_policydb for
+ audit2why.
+
+* Mon May 16 2005 Dan Walsh <dwalsh@redhat.com> 1.5.8-2
+- export sepol_context_to_sid
+
+* Mon May 16 2005 Dan Walsh <dwalsh@redhat.com> 1.5.8-1
+- Upgrade to latest from NSA
+ * Added sepol_ prefix to Flask types to avoid
+ namespace collision with libselinux.
+
+* Fri May 13 2005 Dan Walsh <dwalsh@redhat.com> 1.5.7-1
+- Upgrade to latest from NSA
+ * Added sepol_compute_av_reason() for audit2why.
+
+* Tue Apr 26 2005 Dan Walsh <dwalsh@redhat.com> 1.5.6-1
+- Upgrade to latest from NSA
+ * Fixed bug in role hierarchy checker.
+
+* Mon Apr 25 2005 Dan Walsh <dwalsh@redhat.com> 1.5.5-2
+- Fixes found via intel compiler
+
+* Thu Apr 14 2005 Dan Walsh <dwalsh@redhat.com> 1.5.5-1
+- Update from NSA
+
+* Tue Mar 29 2005 Dan Walsh <dwalsh@redhat.com> 1.5.3-1
+- Update from NSA
+
+* Thu Mar 24 2005 Dan Walsh <dwalsh@redhat.com> 1.5.2-2
+- Handle booleans.local
+
+* Thu Mar 17 2005 Dan Walsh <dwalsh@redhat.com> 1.5.2-1
+- Update to latest from NSA
+ * Added man page for sepol_check_context.
+ * Added man page for sepol_genusers function.
+ * Merged man pages for genpolusers and chkcon from Manoj Srivastava.
+
+* Thu Mar 10 2005 Dan Walsh <dwalsh@redhat.com> 1.4-1
+- Update to latest from NSA
+
+* Tue Mar 8 2005 Dan Walsh <dwalsh@redhat.com> 1.3.8-1
+- Update to latest from NSA
+ * Cleaned up error handling in sepol_genusers and sepol_genbools.
+
+* Tue Mar 1 2005 Dan Walsh <dwalsh@redhat.com> 1.3.7-1
+- Update to latest from NSA
+ * Merged sepol_debug and fclose patch from Dan Walsh.
+
+* Fri Feb 18 2005 Dan Walsh <dwalsh@redhat.com> 1.3.6-3
+- Make sure local_files file pointer is closed
+- Stop outputing error messages
+
+* Thu Feb 17 2005 Dan Walsh <dwalsh@redhat.com> 1.3.6-1
+- Update to latest from NSA
+ * Changed sepol_genusers to also use getline and correctly handle
+ EOL.
+* Thu Feb 17 2005 Dan Walsh <dwalsh@redhat.com> 1.3.5-1
+- Update to latest from NSA
+ * Merged endianness and compute_av patches from Darrel Goeddel (TCS).
+ * Merged range_transition support from Darrel Goeddel (TCS).
+ * Added sepol_genusers function.
+
+* Thu Feb 10 2005 Dan Walsh <dwalsh@redhat.com> 1.3.2-1
+- Update to latest from NSA
+ * Changed relabel Makefile target to use restorecon.
+
+* Mon Feb 7 2005 Dan Walsh <dwalsh@redhat.com> 1.3.1-1
+- Update to latest from NSA
+ * Merged enhanced MLS support from Darrel Goeddel (TCS).
+
+* Thu Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.2.1.1-1
+- Update to latest from NSA
+ * Merged build fix patch from Manoj Srivastava.
+
+* Thu Nov 4 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-1
+- Update to latest from NSA
+
+* Mon Aug 30 2004 Dan Walsh <dwalsh@redhat.com> 1.1.1-2
+- Add optargs for build
+
+* Sun Aug 22 2004 Dan Walsh <dwalsh@redhat.com> 1.1.1-1
+- New version from NSA
+
+* Fri Aug 20 2004 Colin Walters <walters@redhat.com> 1.0-2
+- Apply Stephen's chkcon patch
+
+* Thu Aug 19 2004 Colin Walters <walters@redhat.com> 1.0-1
+- New upstream version
+
+* Mon Aug 16 2004 Dan Walsh <dwalsh@redhat.com> 0.4.2-1
+- Newversion from upstream implementing stringcase compare
+
+* Fri Aug 13 2004 Bill Nottingham <notting@redhat.com> 0.4.1-2
+- ldconfig tweaks
+
+* Thu Aug 12 2004 Dan Walsh <dwalsh@redhat.com> 0.4.1-1
+- Ignore case of true/false
+
+* Wed Aug 11 2004 Dan Walsh <dwalsh@redhat.com> 0.4.1-1
+- New version from NSA
+
+* Tue Aug 10 2004 Dan Walsh <dwalsh@redhat.com> 0.3.1-1
+- Initial version
+- Created by Stephen Smalley <sds@epoch.ncsc.mil>
+
+