Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux: [2036] tags
|
From: <mad...@us...> - 2006-09-28 12:19:13
|
Revision: 2036
http://svn.sourceforge.net/selinux/?rev=2036&view=rev
Author: madmethod
Date: 2006-09-28 05:18:30 -0700 (Thu, 28 Sep 2006)
Log Message:
-----------
tag for libsepol 1.12.27
Added Paths:
-----------
tags/libsepol_1_12_27/
tags/libsepol_1_12_27/libsepol/
tags/libsepol_1_12_27/libsepol/ChangeLog
tags/libsepol_1_12_27/libsepol/VERSION
tags/libsepol_1_12_27/libsepol/include/sepol/policydb/policydb.h
tags/libsepol_1_12_27/libsepol/src/expand.c
tags/libsepol_1_12_27/libsepol/src/link.c
tags/libsepol_1_12_27/libsepol/src/policydb.c
Removed Paths:
-------------
tags/libsepol_1_12_27/libsepol/ChangeLog
tags/libsepol_1_12_27/libsepol/VERSION
tags/libsepol_1_12_27/libsepol/include/sepol/policydb/policydb.h
tags/libsepol_1_12_27/libsepol/src/expand.c
tags/libsepol_1_12_27/libsepol/src/link.c
tags/libsepol_1_12_27/libsepol/src/policydb.c
Copied: tags/libsepol_1_12_27/libsepol (from rev 2032, trunk/libsepol)
Deleted: tags/libsepol_1_12_27/libsepol/ChangeLog
===================================================================
--- trunk/libsepol/ChangeLog 2006-09-18 19:13:13 UTC (rev 2032)
+++ tags/libsepol_1_12_27/libsepol/ChangeLog 2006-09-28 12:18:30 UTC (rev 2036)
@@ -1,566 +0,0 @@
-1.12.26 2006-09-05
- * Merged range transition enhancements and user format changes
- Darrel Goeddel
-
-1.12.25 2006-08-24
- * Merged conditionally expand neverallows patch from Jeremy Mowery.
- * Merged refactor expander patch from Jeremy Mowery.
-
-1.12.24 2006-08-03
- * Merged libsepol unit tests from Joshua Brindle.
-
-1.12.23 2006-08-03
- * Merged symtab datum patch from Karl MacMillan.
-
-1.12.22 2006-08-03
- * Merged netfilter contexts support from Chris PeBenito.
-
-1.12.21 2006-07-28
- * Merged helpful hierarchy check errors patch from Joshua Brindle.
-
-1.12.20 2006-07-25
- * Merged semodule_deps patch from Karl MacMillan.
- This adds source module names to the avrule decls.
-
-1.12.19 2006-06-29
- * Lindent.
-
-1.12.18 2006-06-26
- * Merged optionals in base take 2 patch set from Joshua Brindle.
-
-1.12.17 2006-05-30
- * Revert 1.12.16.
-
-1.12.16 2006-05-30
- * Merged cleaner fix for bool_ids overflow from Karl MacMillan,
- replacing the prior patch.
-
-1.12.15 2006-05-30
- * Merged fixes for several memory leaks in the error paths during
- policy read from Serge Hallyn.
-
-1.12.14 2006-05-25
- * Fixed bool_ids overflow bug in cond_node_find and cond_copy_list,
- based on bug report and suggested fix by Cedric Roux.
-
-1.12.13 2006-05-24
- * Merged sens_copy_callback, check_role_hierarchy_callback,
- and node_from_record fixes from Serge Hallyn.
-
-1.12.12 2006-05-22
- * Added sepol_policydb_compat_net() interface for testing whether
- a policy requires the compatibility support for network checks
- to be enabled in the kernel.
-
-1.12.11 2006-05-17
- * Merged patch to initialize sym_val_to_name arrays from Kevin Carr.
- Reworked to use calloc in the first place, and converted some other
- malloc/memset pairs to calloc calls.
-
-1.12.10 2006-05-08
- * Merged patch to revert role/user decl upgrade from Karl MacMillan.
-
-1.12.9 2006-05-08
- * Dropped tests from all Makefile target.
-
-1.12.8 2006-05-05
- * Merged fix warnings patch from Karl MacMillan.
-
-1.12.7 2006-05-05
- * Merged libsepol test framework patch from Karl MacMillan.
-
-1.12.6 2006-04-28
- * Fixed cond_normalize to traverse the entire cond list at link time.
-
-1.12.5 2006-04-03
- * Merged fix for leak of optional package sections from Ivan Gyurdiev.
-
-1.12.4 2006-03-29
- * Generalize test for bitmap overflow in ebitmap_set_bit.
-
-1.12.3 2006-03-27
- * Fixed attr_convert_callback and expand_convert_type_set
- typemap bug.
-
-1.12.2 2006-03-24
- * Fixed avrule_block_write num_decls endian bug.
-
-1.12.1 2006-03-20
- * Fixed sepol_module_package_write buffer overflow bug.
-
-1.12 2006-03-14
- * Updated version for release.
-
-1.11.20 2006-03-08
- * Merged cond_evaluate_expr fix from Serge Hallyn (IBM).
- * Fixed bug in copy_avrule_list reported by Ivan Gyurdiev.
-
-1.11.19 2006-02-21
- * Merged sepol_policydb_mls_enabled interface and error handling
- changes from Ivan Gyurdiev.
-
-1.11.18 2006-02-16
- * Merged node_expand_addr bugfix and node_compare* change from
- Ivan Gyurdiev.
-
-1.11.17 2006-02-15
- * Merged nodes, ports: always prepend patch from Ivan Gyurdiev.
- * Merged bug fix patch from Ivan Gyurdiev.
-
-1.11.16 2006-02-14
- * Added a defined flag to level_datum_t for use by checkpolicy.
-
-1.11.15 2006-02-14
- * Merged nodecon support patch from Ivan Gyurdiev.
- * Merged cleanups patch from Ivan Gyurdiev.
-
-1.11.14 2006-02-13
- * Merged optionals in base patch from Joshua Brindle.
-
-1.11.13 2006-02-07
- * Merged seuser/user_extra support patch from Joshua Brindle.
- * Merged fix patch from Ivan Gyurdiev.
-
-1.11.12 2006-02-02
- * Merged clone record on set_con patch from Ivan Gyurdiev.
-
-1.11.11 2006-02-01
- * Merged assertion copying bugfix from Joshua Brindle.
- * Merged sepol_av_to_string patch from Joshua Brindle.
-
-1.11.10 2006-01-30
- * Merged cond_expr mapping and package section count bug fixes
- from Joshua Brindle.
- * Merged improve port/fcontext API patch from Ivan Gyurdiev.
- * Merged fixes for overflow bugs on 64-bit from Ivan Gyurdiev.
-
-1.11.9 2006-01-12
- * Merged size_t -> unsigned int patch from Ivan Gyurdiev.
-
-1.11.8 2006-01-09
- * Merged 2nd const in APIs patch from Ivan Gyurdiev.
-
-1.11.7 2006-01-06
- * Merged const in APIs patch from Ivan Gyurdiev.
- * Merged compare2 function patch from Ivan Gyurdiev.
-
-1.11.6 2006-01-06
- * Fixed hierarchy checker to only check allow rules.
-
-1.11.5 2006-01-05
- * Merged further fixes from Russell Coker, specifically:
- - av_to_string overflow checking
- - sepol_context_to_string error handling
- - hierarchy checking memory leak fixes and optimizations
- - avrule_block_read variable initialization
- * Marked deprecated code in genbools and genusers.
-
-1.11.4 2006-01-05
- * Merged bugfix for sepol_port_modify from Russell Coker.
-
-1.11.3 2006-01-05
- * Fixed bug in sepol_iface_modify error path noted by Ivan Gyurdiev.
- * Merged port ordering patch from Ivan Gyurdiev.
-
-1.11.2 2006-01-04
- * Merged patch series from Ivan Gyurdiev.
- This includes patches to:
- - support ordering of records in compare function
- - enable port interfaces
- - add interfaces for context validity and range checks
- - add include guards
-
-1.11.1 2005-12-16
- * Fixed mls_range_cpy bug.
-
-1.10 2005-12-07
- * Updated version for release.
-
-1.9.42 2005-12-05
- * Dropped handle from user_del_role interface.
-
-1.9.41 2005-11-28
- * Merged remove defrole from sepol patch from Ivan Gyurdiev.
-
-1.9.40 2005-11-15
- * Merged module function and map file cleanup from Ivan Gyurdiev.
- * Merged MLS and genusers cleanups from Ivan Gyurdiev.
-
-1.9.39 2005-11-09
- Prepare for removal of booleans* and *.users files.
- * Cleaned up sepol_genbools to not regenerate the image if
- there were no changes in the boolean values, including the
- degenerate case where there are no booleans or booleans.local
- files.
- * Cleaned up sepol_genusers to not warn on missing local.users.
-
-1.9.38 2005-11-08
- * Removed sepol_port_* from libsepol.map, as the port interfaces
- are not yet stable.
-
-1.9.37 2005-11-04
- * Merged context destroy cleanup patch from Ivan Gyurdiev.
-
-1.9.36 2005-11-03
- * Merged context_to_string interface change patch from Ivan Gyurdiev.
-
-1.9.35 2005-11-01
- * Added src/dso.h and src/*_internal.h.
- Added hidden_def for exported symbols used within libsepol.
- Added hidden for symbols that should not be exported by
- the wildcards in libsepol.map.
-
-1.9.34 2005-10-31
- * Merged record interface, record bugfix, and set_roles patches
- from Ivan Gyurdiev.
-
-1.9.33 2005-10-27
- * Merged count specification change from Ivan Gyurdiev.
-
-1.9.32 2005-10-26
- * Added further checking and error reporting to
- sepol_module_package_read and _info.
-
-1.9.31 2005-10-26
- * Merged sepol handle passing, DEBUG conversion, and memory leak
- fix patches from Ivan Gyurdiev.
-
-1.9.30 2005-10-25
- * Removed processing of system.users from sepol_genusers and
- dropped delusers logic.
-
-1.9.29 2005-10-25
- * Removed policydb_destroy from error path of policydb_read,
- since create/init/destroy/free of policydb is handled by the
- caller now.
- * Fixed sepol_module_package_read to handle a failed policydb_read
- properly.
-
-1.9.28 2005-10-25
- * Merged query/exists and count patches from Ivan Gyurdiev.
-
-1.9.27 2005-10-25
- * Merged fix for pruned types in expand code from Joshua Brindle.
- * Merged new module package format code from Joshua Brindle.
-
-1.9.26 2005-10-24
- * Merged context interface cleanup, record conversion code,
- key passing, and bug fix patches from Ivan Gyurdiev.
-
-1.9.25 2005-10-21
- * Merged users cleanup patch from Ivan Gyurdiev.
-
-1.9.24 2005-10-21
- * Merged user record memory leak fix from Ivan Gyurdiev.
- * Merged reorganize users patch from Ivan Gyurdiev.
-
-1.9.23 2005-10-19
- * Added check flag to expand_module() to control assertion
- and hierarchy checking on expansion.
-
-1.9.22 2005-10-19
- * Reworked check_assertions() and hierarchy_check_constraints()
- to take handles and use callback-based error reporting.
- * Changed expand_module() to call check_assertions() and
- hierarchy_check_constraints() prior to returning the expanded
- policy.
-
-1.9.21 2005-10-18
- * Changed sepol_module_package_set_file_contexts to copy the
- file contexts data since it is internally managed.
-
-1.9.20 2005-10-18
- * Added sepol_policy_file_set_handle interface to associate
- a handle with a policy file.
- * Added handle argument to policydb_from_image/to_image.
- * Added sepol_module_package_set_file_contexts interface.
- * Dropped sepol_module_package_create_file interface.
- * Reworked policydb_read/write, policydb_from_image/to_image,
- and sepol_module_package_read/write to use callback-based error
- reporting system rather than DEBUG.
-
-1.9.19 2005-10-17
- * Reworked link_packages, link_modules, and expand_module to use
- callback-based error reporting system rather than error buffering.
-
-1.9.18 2005-10-14
- * Merged conditional expression mapping fix in the module linking
- code from Joshua Brindle.
-
-1.9.17 2005-10-13
- * Hid sepol_module_package type definition, and added get interfaces.
-
-1.9.16 2005-10-13
- * Merged new callback-based error reporting system from Ivan
- Gyurdiev.
-
-1.9.15 2005-10-13
- * Merged support for require blocks inside conditionals from
- Joshua Brindle (Tresys).
-
-1.9.14 2005-10-07
- * Fixed use of policydb_from_image/to_image to ensure proper
- init of policydb.
-
-1.9.13 2005-10-07
- * Isolated policydb internal headers under <sepol/policydb/*.h>.
- These headers should only be used by users of the static libsepol.
- Created new <sepol/policydb.h> with new public types and interfaces
- for shared libsepol.
- Created new <sepol/module.h> with public types and interfaces moved
- or wrapped from old module.h, link.h, and expand.h, adjusted for
- new public types for policydb and policy_file.
- Added public interfaces to libsepol.map.
- Some implementation changes visible to users of the static libsepol:
- 1) policydb_read no longer calls policydb_init.
- Caller must do so first.
- 2) policydb_init no longer takes policy_type argument.
- Caller must set policy_type separately.
- 3) expand_module automatically enables the global branch.
- Caller no longer needs to do so.
- 4) policydb_write uses the policy_type and policyvers from the
- policydb itself, and sepol_set_policyvers() has been removed.
-
-1.9.12 2005-10-06
- * Merged function renaming and static cleanup from Ivan Gyurdiev.
-
-1.9.11 2005-10-05
- * Merged bug fix for check_assertions handling of no assertions
- from Joshua Brindle (Tresys).
-
-1.9.10 2005-10-04
- * Merged iterate patch from Ivan Gyurdiev.
-
-1.9.9 2005-10-03
- * Merged MLS in modules patch from Joshua Brindle (Tresys).
-
-1.9.8 2005-09-30
- * Merged pointer typedef elimination patch from Ivan Gyurdiev.
- * Merged user list function, new mls functions, and bugfix patch
- from Ivan Gyurdiev.
-
-1.9.7 2005-09-28
- * Merged sepol_get_num_roles fix from Karl MacMillan (Tresys).
-
-1.9.6 2005-09-23
- * Merged bug fix patches from Joshua Brindle (Tresys).
-
-1.9.5 2005-09-21
- * Merged boolean record and memory leak fix patches from Ivan
- Gyurdiev.
-
-1.9.4 2005-09-19
- * Merged interface record patch from Ivan Gyurdiev.
-
-1.9.3 2005-09-14
- * Merged fix for sepol_enable/disable_debug from Ivan
- Gyurdiev.
-
-1.9.2 2005-09-14
- * Merged stddef.h patch and debug conversion patch from
- Ivan Gyurdiev.
-
-1.9.1 2005-09-09
- * Fixed expand_avtab and expand_cond_av_list to keep separate
- entries with identical keys but different enabled flags.
-
-1.8 2005-09-06
- * Updated version for release.
-
-1.7.24 2005-08-31
- * Fixed symtab_insert return value for duplicate declarations.
-
-1.7.23 2005-08-31
- * Merged fix for memory error in policy_module_destroy from
- Jason Tang (Tresys).
-
-1.7.22 2005-08-26
- * Merged fix for memory leak in sepol_context_to_sid from
- Jason Tang (Tresys).
-
-1.7.21 2005-08-25
- * Merged fixes for resource leaks on error paths and
- change to scope_destroy from Joshua Brindle (Tresys).
-
-1.7.20 2005-08-23
- * Merged more fixes for resource leaks on error paths
- from Serge Hallyn (IBM). Bugs found by Coverity.
-
-1.7.19 2005-08-19
- * Changed to treat all type conflicts as fatal errors.
-
-1.7.18 2005-08-18
- * Merged several error handling fixes from
- Serge Hallyn (IBM). Bugs found by Coverity.
-
-1.7.17 2005-08-15
- * Fixed further memory leaks found by valgrind.
-
-1.7.16 2005-08-15
- * Fixed several memory leaks found by valgrind.
-
-1.7.15 2005-08-12
- * Fixed empty list test in cond_write_av_list. Bug found by
- Coverity, reported by Serge Hallyn (IBM).
- * Merged patch to policydb_write to check errors
- when writing the type->attribute reverse map from
- Serge Hallyn (IBM). Bug found by Coverity.
- * Fixed policydb_destroy to properly handle NULL type_attr_map
- or attr_type_map.
-
-1.7.14 2005-08-12
- * Fixed use of uninitialized data by expand_avtab_node by
- clearing type_val_to_struct in policydb_index_others.
-
-1.7.13 2005-08-11
- * Improved memory use by SELinux by both reducing the avtab
- node size and reducing the number of avtab nodes (by not
- expanding attributes in TE rules when possible). Added
- expand_avtab and expand_cond_av_list functions for use by
- assertion checker, hierarchy checker, compatibility code,
- and dispol. Added new inline ebitmap operators and converted
- existing users of ebitmaps to the new operators for greater
- efficiency.
- Note: The binary policy format version has been incremented to
- version 20 as a result of these changes.
-
-1.7.12 2005-08-10
- * Fixed bug in constraint_node_clone handling of name sets.
-
-1.7.11 2005-08-08
- * Fix range_trans_clone to map the type values properly.
-
-1.7.10 2005-08-02
- * Merged patch to move module read/write code from libsemanage
- to libsepol from Jason Tang (Tresys).
-
-1.7.9 2005-08-02
- * Enabled further compiler warning flags and fixed them.
-
-1.7.8 2005-08-02
- * Merged user, context, port records patch from Ivan Gyurdiev.
- * Merged key extract function patch from Ivan Gyurdiev.
-
-1.7.7 2005-07-27
- * Merged mls_context_to_sid bugfix from Ivan Gyurdiev.
-
-1.7.6 2005-07-26
- * Merged context reorganization, memory leak fixes,
- port and interface loading, replacements for genusers and
- genbools, debug traceback, and bugfix patches from Ivan Gyurdiev.
- * Merged uninitialized variable bugfix from Dan Walsh.
-
-1.7.5 2005-07-18
- * Merged debug support, policydb conversion functions from Ivan Gyurdiev (Red Hat).
- * Removed genpolbools and genpolusers utilities.
-
-1.7.4 2005-07-18
- * Merged hierarchy check fix from Joshua Brindle (Tresys).
-
-1.7.3 2005-07-13
- * Merged header file cleanup and memory leak fix from Ivan Gyurdiev (Red Hat).
-
-1.7.2 2005-07-11
- * Merged genbools debugging message cleanup from Red Hat.
-
-1.7.1 2005-07-06
- * Merged loadable module support from Tresys Technology.
-
-1.6 2005-06-20
- * Updated version for release.
-
-1.5.10 2005-05-19
- * License changed to LGPL v2.1, see COPYING.
-
-1.5.9 2005-05-16
- * Added sepol_genbools_policydb and sepol_genusers_policydb for
- audit2why.
-
-1.5.8 2005-05-13
- * Added sepol_ prefix to Flask types to avoid
- namespace collision with libselinux.
-
-1.5.7 2005-05-13
- * Added sepol_compute_av_reason() for audit2why.
-
-1.5.6 2005-04-25
- * Fixed bug in role hierarchy checker.
-
-1.5.5 2005-04-13
- * Merged hierarchical type/role patch from Tresys Technology.
- * Merged MLS fixes from Darrel Goeddel of TCS.
-
-1.5.4 2005-04-13
- * Changed sepol_genusers to not delete users by default,
- and added a sepol_set_delusers function to enable deletion.
- Also, removed special case handling of system_u and user_u.
-
-1.5.3 2005-03-29
- * Merged booleans.local patch from Dan Walsh.
-
-1.5.2 2005-03-16
- * Added man page for sepol_check_context.
-
-1.5.1 2005-03-15
- * Added man page for sepol_genusers function.
- * Merged man pages for genpolusers and chkcon from Manoj Srivastava.
-
-1.4 2005-03-09
- * Updated version for release.
-
-1.3.8 2005-03-08
- * Cleaned up error handling in sepol_genusers and sepol_genbools.
-
-1.3.7 2005-02-28
- * Merged sepol_debug and fclose patch from Dan Walsh.
-
-1.3.6 2005-02-22
- * Changed sepol_genusers to also use getline and correctly handle
- EOL.
-
-1.3.5 2005-02-17
- * Merged range_transition support from Darrel Goeddel (TCS).
-
-1.3.4 2005-02-16
- * Added sepol_genusers function.
-
-1.3.3 2005-02-14
- * Merged endianness and compute_av patches from Darrel Goeddel (TCS).
-
-1.3.2 2005-02-09
- * Changed relabel Makefile target to use restorecon.
-
-1.3.1 2005-01-26
- * Merged enhanced MLS support from Darrel Goeddel (TCS).
-
-1.2.1 2005-01-19
- * Merged build fix patch from Manoj Srivastava.
-
-1.2 2004-10-07
- * MLS build fixes.
- * Added sepol_set_policydb_from_file and sepol_check_context for setfiles.
-
-1.0 2004-08-19
- * Initial public release.
-
-0.4 2004-08-13
- * Merged patch from Dan Walsh to ignore case on booleans.
- * Changed sepol_genbools* to preserve the original policy version.
- * Replaced exported global variables with set functions.
- * Moved genpolbools utility from checkpolicy to libsepol.
- * Added man pages for sepol_genbools* and genpolbools.
-
-0.3 2004-08-10
- * Added ChangeLog, COPYING, spec file.
- * Added sepol_genbools_array() for load_policy.
- * Created libsepol.map to limit exported symbols in shared library.
-
-0.2 2004-08-09
- * Exported other functions for checkpolicy and friends.
- * Renamed service and sidtab functions to avoid libselinux conflict.
- * Removed original code from checkpolicy, which now uses libsepol.
- * Code cleanup: kill legacy references to kernel types/functions.
-
-0.1 2004-08-06
- * Moved checkpolicy core logic into a library.
- * Exported sepol_genbools() for load_policy.
Copied: tags/libsepol_1_12_27/libsepol/ChangeLog (from rev 2034, trunk/libsepol/ChangeLog)
===================================================================
--- tags/libsepol_1_12_27/libsepol/ChangeLog (rev 0)
+++ tags/libsepol_1_12_27/libsepol/ChangeLog 2006-09-28 12:18:30 UTC (rev 2036)
@@ -0,0 +1,570 @@
+1.12.27 2006-09-28
+ * Merged mls user and range_transition support in modules
+ from Darrel Goeddel
+
+1.12.26 2006-09-05
+ * Merged range transition enhancements and user format changes
+ Darrel Goeddel
+
+1.12.25 2006-08-24
+ * Merged conditionally expand neverallows patch from Jeremy Mowery.
+ * Merged refactor expander patch from Jeremy Mowery.
+
+1.12.24 2006-08-03
+ * Merged libsepol unit tests from Joshua Brindle.
+
+1.12.23 2006-08-03
+ * Merged symtab datum patch from Karl MacMillan.
+
+1.12.22 2006-08-03
+ * Merged netfilter contexts support from Chris PeBenito.
+
+1.12.21 2006-07-28
+ * Merged helpful hierarchy check errors patch from Joshua Brindle.
+
+1.12.20 2006-07-25
+ * Merged semodule_deps patch from Karl MacMillan.
+ This adds source module names to the avrule decls.
+
+1.12.19 2006-06-29
+ * Lindent.
+
+1.12.18 2006-06-26
+ * Merged optionals in base take 2 patch set from Joshua Brindle.
+
+1.12.17 2006-05-30
+ * Revert 1.12.16.
+
+1.12.16 2006-05-30
+ * Merged cleaner fix for bool_ids overflow from Karl MacMillan,
+ replacing the prior patch.
+
+1.12.15 2006-05-30
+ * Merged fixes for several memory leaks in the error paths during
+ policy read from Serge Hallyn.
+
+1.12.14 2006-05-25
+ * Fixed bool_ids overflow bug in cond_node_find and cond_copy_list,
+ based on bug report and suggested fix by Cedric Roux.
+
+1.12.13 2006-05-24
+ * Merged sens_copy_callback, check_role_hierarchy_callback,
+ and node_from_record fixes from Serge Hallyn.
+
+1.12.12 2006-05-22
+ * Added sepol_policydb_compat_net() interface for testing whether
+ a policy requires the compatibility support for network checks
+ to be enabled in the kernel.
+
+1.12.11 2006-05-17
+ * Merged patch to initialize sym_val_to_name arrays from Kevin Carr.
+ Reworked to use calloc in the first place, and converted some other
+ malloc/memset pairs to calloc calls.
+
+1.12.10 2006-05-08
+ * Merged patch to revert role/user decl upgrade from Karl MacMillan.
+
+1.12.9 2006-05-08
+ * Dropped tests from all Makefile target.
+
+1.12.8 2006-05-05
+ * Merged fix warnings patch from Karl MacMillan.
+
+1.12.7 2006-05-05
+ * Merged libsepol test framework patch from Karl MacMillan.
+
+1.12.6 2006-04-28
+ * Fixed cond_normalize to traverse the entire cond list at link time.
+
+1.12.5 2006-04-03
+ * Merged fix for leak of optional package sections from Ivan Gyurdiev.
+
+1.12.4 2006-03-29
+ * Generalize test for bitmap overflow in ebitmap_set_bit.
+
+1.12.3 2006-03-27
+ * Fixed attr_convert_callback and expand_convert_type_set
+ typemap bug.
+
+1.12.2 2006-03-24
+ * Fixed avrule_block_write num_decls endian bug.
+
+1.12.1 2006-03-20
+ * Fixed sepol_module_package_write buffer overflow bug.
+
+1.12 2006-03-14
+ * Updated version for release.
+
+1.11.20 2006-03-08
+ * Merged cond_evaluate_expr fix from Serge Hallyn (IBM).
+ * Fixed bug in copy_avrule_list reported by Ivan Gyurdiev.
+
+1.11.19 2006-02-21
+ * Merged sepol_policydb_mls_enabled interface and error handling
+ changes from Ivan Gyurdiev.
+
+1.11.18 2006-02-16
+ * Merged node_expand_addr bugfix and node_compare* change from
+ Ivan Gyurdiev.
+
+1.11.17 2006-02-15
+ * Merged nodes, ports: always prepend patch from Ivan Gyurdiev.
+ * Merged bug fix patch from Ivan Gyurdiev.
+
+1.11.16 2006-02-14
+ * Added a defined flag to level_datum_t for use by checkpolicy.
+
+1.11.15 2006-02-14
+ * Merged nodecon support patch from Ivan Gyurdiev.
+ * Merged cleanups patch from Ivan Gyurdiev.
+
+1.11.14 2006-02-13
+ * Merged optionals in base patch from Joshua Brindle.
+
+1.11.13 2006-02-07
+ * Merged seuser/user_extra support patch from Joshua Brindle.
+ * Merged fix patch from Ivan Gyurdiev.
+
+1.11.12 2006-02-02
+ * Merged clone record on set_con patch from Ivan Gyurdiev.
+
+1.11.11 2006-02-01
+ * Merged assertion copying bugfix from Joshua Brindle.
+ * Merged sepol_av_to_string patch from Joshua Brindle.
+
+1.11.10 2006-01-30
+ * Merged cond_expr mapping and package section count bug fixes
+ from Joshua Brindle.
+ * Merged improve port/fcontext API patch from Ivan Gyurdiev.
+ * Merged fixes for overflow bugs on 64-bit from Ivan Gyurdiev.
+
+1.11.9 2006-01-12
+ * Merged size_t -> unsigned int patch from Ivan Gyurdiev.
+
+1.11.8 2006-01-09
+ * Merged 2nd const in APIs patch from Ivan Gyurdiev.
+
+1.11.7 2006-01-06
+ * Merged const in APIs patch from Ivan Gyurdiev.
+ * Merged compare2 function patch from Ivan Gyurdiev.
+
+1.11.6 2006-01-06
+ * Fixed hierarchy checker to only check allow rules.
+
+1.11.5 2006-01-05
+ * Merged further fixes from Russell Coker, specifically:
+ - av_to_string overflow checking
+ - sepol_context_to_string error handling
+ - hierarchy checking memory leak fixes and optimizations
+ - avrule_block_read variable initialization
+ * Marked deprecated code in genbools and genusers.
+
+1.11.4 2006-01-05
+ * Merged bugfix for sepol_port_modify from Russell Coker.
+
+1.11.3 2006-01-05
+ * Fixed bug in sepol_iface_modify error path noted by Ivan Gyurdiev.
+ * Merged port ordering patch from Ivan Gyurdiev.
+
+1.11.2 2006-01-04
+ * Merged patch series from Ivan Gyurdiev.
+ This includes patches to:
+ - support ordering of records in compare function
+ - enable port interfaces
+ - add interfaces for context validity and range checks
+ - add include guards
+
+1.11.1 2005-12-16
+ * Fixed mls_range_cpy bug.
+
+1.10 2005-12-07
+ * Updated version for release.
+
+1.9.42 2005-12-05
+ * Dropped handle from user_del_role interface.
+
+1.9.41 2005-11-28
+ * Merged remove defrole from sepol patch from Ivan Gyurdiev.
+
+1.9.40 2005-11-15
+ * Merged module function and map file cleanup from Ivan Gyurdiev.
+ * Merged MLS and genusers cleanups from Ivan Gyurdiev.
+
+1.9.39 2005-11-09
+ Prepare for removal of booleans* and *.users files.
+ * Cleaned up sepol_genbools to not regenerate the image if
+ there were no changes in the boolean values, including the
+ degenerate case where there are no booleans or booleans.local
+ files.
+ * Cleaned up sepol_genusers to not warn on missing local.users.
+
+1.9.38 2005-11-08
+ * Removed sepol_port_* from libsepol.map, as the port interfaces
+ are not yet stable.
+
+1.9.37 2005-11-04
+ * Merged context destroy cleanup patch from Ivan Gyurdiev.
+
+1.9.36 2005-11-03
+ * Merged context_to_string interface change patch from Ivan Gyurdiev.
+
+1.9.35 2005-11-01
+ * Added src/dso.h and src/*_internal.h.
+ Added hidden_def for exported symbols used within libsepol.
+ Added hidden for symbols that should not be exported by
+ the wildcards in libsepol.map.
+
+1.9.34 2005-10-31
+ * Merged record interface, record bugfix, and set_roles patches
+ from Ivan Gyurdiev.
+
+1.9.33 2005-10-27
+ * Merged count specification change from Ivan Gyurdiev.
+
+1.9.32 2005-10-26
+ * Added further checking and error reporting to
+ sepol_module_package_read and _info.
+
+1.9.31 2005-10-26
+ * Merged sepol handle passing, DEBUG conversion, and memory leak
+ fix patches from Ivan Gyurdiev.
+
+1.9.30 2005-10-25
+ * Removed processing of system.users from sepol_genusers and
+ dropped delusers logic.
+
+1.9.29 2005-10-25
+ * Removed policydb_destroy from error path of policydb_read,
+ since create/init/destroy/free of policydb is handled by the
+ caller now.
+ * Fixed sepol_module_package_read to handle a failed policydb_read
+ properly.
+
+1.9.28 2005-10-25
+ * Merged query/exists and count patches from Ivan Gyurdiev.
+
+1.9.27 2005-10-25
+ * Merged fix for pruned types in expand code from Joshua Brindle.
+ * Merged new module package format code from Joshua Brindle.
+
+1.9.26 2005-10-24
+ * Merged context interface cleanup, record conversion code,
+ key passing, and bug fix patches from Ivan Gyurdiev.
+
+1.9.25 2005-10-21
+ * Merged users cleanup patch from Ivan Gyurdiev.
+
+1.9.24 2005-10-21
+ * Merged user record memory leak fix from Ivan Gyurdiev.
+ * Merged reorganize users patch from Ivan Gyurdiev.
+
+1.9.23 2005-10-19
+ * Added check flag to expand_module() to control assertion
+ and hierarchy checking on expansion.
+
+1.9.22 2005-10-19
+ * Reworked check_assertions() and hierarchy_check_constraints()
+ to take handles and use callback-based error reporting.
+ * Changed expand_module() to call check_assertions() and
+ hierarchy_check_constraints() prior to returning the expanded
+ policy.
+
+1.9.21 2005-10-18
+ * Changed sepol_module_package_set_file_contexts to copy the
+ file contexts data since it is internally managed.
+
+1.9.20 2005-10-18
+ * Added sepol_policy_file_set_handle interface to associate
+ a handle with a policy file.
+ * Added handle argument to policydb_from_image/to_image.
+ * Added sepol_module_package_set_file_contexts interface.
+ * Dropped sepol_module_package_create_file interface.
+ * Reworked policydb_read/write, policydb_from_image/to_image,
+ and sepol_module_package_read/write to use callback-based error
+ reporting system rather than DEBUG.
+
+1.9.19 2005-10-17
+ * Reworked link_packages, link_modules, and expand_module to use
+ callback-based error reporting system rather than error buffering.
+
+1.9.18 2005-10-14
+ * Merged conditional expression mapping fix in the module linking
+ code from Joshua Brindle.
+
+1.9.17 2005-10-13
+ * Hid sepol_module_package type definition, and added get interfaces.
+
+1.9.16 2005-10-13
+ * Merged new callback-based error reporting system from Ivan
+ Gyurdiev.
+
+1.9.15 2005-10-13
+ * Merged support for require blocks inside conditionals from
+ Joshua Brindle (Tresys).
+
+1.9.14 2005-10-07
+ * Fixed use of policydb_from_image/to_image to ensure proper
+ init of policydb.
+
+1.9.13 2005-10-07
+ * Isolated policydb internal headers under <sepol/policydb/*.h>.
+ These headers should only be used by users of the static libsepol.
+ Created new <sepol/policydb.h> with new public types and interfaces
+ for shared libsepol.
+ Created new <sepol/module.h> with public types and interfaces moved
+ or wrapped from old module.h, link.h, and expand.h, adjusted for
+ new public types for policydb and policy_file.
+ Added public interfaces to libsepol.map.
+ Some implementation changes visible to users of the static libsepol:
+ 1) policydb_read no longer calls policydb_init.
+ Caller must do so first.
+ 2) policydb_init no longer takes policy_type argument.
+ Caller must set policy_type separately.
+ 3) expand_module automatically enables the global branch.
+ Caller no longer needs to do so.
+ 4) policydb_write uses the policy_type and policyvers from the
+ policydb itself, and sepol_set_policyvers() has been removed.
+
+1.9.12 2005-10-06
+ * Merged function renaming and static cleanup from Ivan Gyurdiev.
+
+1.9.11 2005-10-05
+ * Merged bug fix for check_assertions handling of no assertions
+ from Joshua Brindle (Tresys).
+
+1.9.10 2005-10-04
+ * Merged iterate patch from Ivan Gyurdiev.
+
+1.9.9 2005-10-03
+ * Merged MLS in modules patch from Joshua Brindle (Tresys).
+
+1.9.8 2005-09-30
+ * Merged pointer typedef elimination patch from Ivan Gyurdiev.
+ * Merged user list function, new mls functions, and bugfix patch
+ from Ivan Gyurdiev.
+
+1.9.7 2005-09-28
+ * Merged sepol_get_num_roles fix from Karl MacMillan (Tresys).
+
+1.9.6 2005-09-23
+ * Merged bug fix patches from Joshua Brindle (Tresys).
+
+1.9.5 2005-09-21
+ * Merged boolean record and memory leak fix patches from Ivan
+ Gyurdiev.
+
+1.9.4 2005-09-19
+ * Merged interface record patch from Ivan Gyurdiev.
+
+1.9.3 2005-09-14
+ * Merged fix for sepol_enable/disable_debug from Ivan
+ Gyurdiev.
+
+1.9.2 2005-09-14
+ * Merged stddef.h patch and debug conversion patch from
+ Ivan Gyurdiev.
+
+1.9.1 2005-09-09
+ * Fixed expand_avtab and expand_cond_av_list to keep separate
+ entries with identical keys but different enabled flags.
+
+1.8 2005-09-06
+ * Updated version for release.
+
+1.7.24 2005-08-31
+ * Fixed symtab_insert return value for duplicate declarations.
+
+1.7.23 2005-08-31
+ * Merged fix for memory error in policy_module_destroy from
+ Jason Tang (Tresys).
+
+1.7.22 2005-08-26
+ * Merged fix for memory leak in sepol_context_to_sid from
+ Jason Tang (Tresys).
+
+1.7.21 2005-08-25
+ * Merged fixes for resource leaks on error paths and
+ change to scope_destroy from Joshua Brindle (Tresys).
+
+1.7.20 2005-08-23
+ * Merged more fixes for resource leaks on error paths
+ from Serge Hallyn (IBM). Bugs found by Coverity.
+
+1.7.19 2005-08-19
+ * Changed to treat all type conflicts as fatal errors.
+
+1.7.18 2005-08-18
+ * Merged several error handling fixes from
+ Serge Hallyn (IBM). Bugs found by Coverity.
+
+1.7.17 2005-08-15
+ * Fixed further memory leaks found by valgrind.
+
+1.7.16 2005-08-15
+ * Fixed several memory leaks found by valgrind.
+
+1.7.15 2005-08-12
+ * Fixed empty list test in cond_write_av_list. Bug found by
+ Coverity, reported by Serge Hallyn (IBM).
+ * Merged patch to policydb_write to check errors
+ when writing the type->attribute reverse map from
+ Serge Hallyn (IBM). Bug found by Coverity.
+ * Fixed policydb_destroy to properly handle NULL type_attr_map
+ or attr_type_map.
+
+1.7.14 2005-08-12
+ * Fixed use of uninitialized data by expand_avtab_node by
+ clearing type_val_to_struct in policydb_index_others.
+
+1.7.13 2005-08-11
+ * Improved memory use by SELinux by both reducing the avtab
+ node size and reducing the number of avtab nodes (by not
+ expanding attributes in TE rules when possible). Added
+ expand_avtab and expand_cond_av_list functions for use by
+ assertion checker, hierarchy checker, compatibility code,
+ and dispol. Added new inline ebitmap operators and converted
+ existing users of ebitmaps to the new operators for greater
+ efficiency.
+ Note: The binary policy format version has been incremented to
+ version 20 as a result of these changes.
+
+1.7.12 2005-08-10
+ * Fixed bug in constraint_node_clone handling of name sets.
+
+1.7.11 2005-08-08
+ * Fix range_trans_clone to map the type values properly.
+
+1.7.10 2005-08-02
+ * Merged patch to move module read/write code from libsemanage
+ to libsepol from Jason Tang (Tresys).
+
+1.7.9 2005-08-02
+ * Enabled further compiler warning flags and fixed them.
+
+1.7.8 2005-08-02
+ * Merged user, context, port records patch from Ivan Gyurdiev.
+ * Merged key extract function patch from Ivan Gyurdiev.
+
+1.7.7 2005-07-27
+ * Merged mls_context_to_sid bugfix from Ivan Gyurdiev.
+
+1.7.6 2005-07-26
+ * Merged context reorganization, memory leak fixes,
+ port and interface loading, replacements for genusers and
+ genbools, debug traceback, and bugfix patches from Ivan Gyurdiev.
+ * Merged uninitialized variable bugfix from Dan Walsh.
+
+1.7.5 2005-07-18
+ * Merged debug support, policydb conversion functions from Ivan Gyurdiev (Red Hat).
+ * Removed genpolbools and genpolusers utilities.
+
+1.7.4 2005-07-18
+ * Merged hierarchy check fix from Joshua Brindle (Tresys).
+
+1.7.3 2005-07-13
+ * Merged header file cleanup and memory leak fix from Ivan Gyurdiev (Red Hat).
+
+1.7.2 2005-07-11
+ * Merged genbools debugging message cleanup from Red Hat.
+
+1.7.1 2005-07-06
+ * Merged loadable module support from Tresys Technology.
+
+1.6 2005-06-20
+ * Updated version for release.
+
+1.5.10 2005-05-19
+ * License changed to LGPL v2.1, see COPYING.
+
+1.5.9 2005-05-16
+ * Added sepol_genbools_policydb and sepol_genusers_policydb for
+ audit2why.
+
+1.5.8 2005-05-13
+ * Added sepol_ prefix to Flask types to avoid
+ namespace collision with libselinux.
+
+1.5.7 2005-05-13
+ * Added sepol_compute_av_reason() for audit2why.
+
+1.5.6 2005-04-25
+ * Fixed bug in role hierarchy checker.
+
+1.5.5 2005-04-13
+ * Merged hierarchical type/role patch from Tresys Technology.
+ * Merged MLS fixes from Darrel Goeddel of TCS.
+
+1.5.4 2005-04-13
+ * Changed sepol_genusers to not delete users by default,
+ and added a sepol_set_delusers function to enable deletion.
+ Also, removed special case handling of system_u and user_u.
+
+1.5.3 2005-03-29
+ * Merged booleans.local patch from Dan Walsh.
+
+1.5.2 2005-03-16
+ * Added man page for sepol_check_context.
+
+1.5.1 2005-03-15
+ * Added man page for sepol_genusers function.
+ * Merged man pages for genpolusers and chkcon from Manoj Srivastava.
+
+1.4 2005-03-09
+ * Updated version for release.
+
+1.3.8 2005-03-08
+ * Cleaned up error handling in sepol_genusers and sepol_genbools.
+
+1.3.7 2005-02-28
+ * Merged sepol_debug and fclose patch from Dan Walsh.
+
+1.3.6 2005-02-22
+ * Changed sepol_genusers to also use getline and correctly handle
+ EOL.
+
+1.3.5 2005-02-17
+ * Merged range_transition support from Darrel Goeddel (TCS).
+
+1.3.4 2005-02-16
+ * Added sepol_genusers function.
+
+1.3.3 2005-02-14
+ * Merged endianness and compute_av patches from Darrel Goeddel (TCS).
+
+1.3.2 2005-02-09
+ * Changed relabel Makefile target to use restorecon.
+
+1.3.1 2005-01-26
+ * Merged enhanced MLS support from Darrel Goeddel (TCS).
+
+1.2.1 2005-01-19
+ * Merged build fix patch from Manoj Srivastava.
+
+1.2 2004-10-07
+ * MLS build fixes.
+ * Added sepol_set_policydb_from_file and sepol_check_context for setfiles.
+
+1.0 2004-08-19
+ * Initial public release.
+
+0.4 2004-08-13
+ * Merged patch from Dan Walsh to ignore case on booleans.
+ * Changed sepol_genbools* to preserve the original policy version.
+ * Replaced exported global variables with set functions.
+ * Moved genpolbools utility from checkpolicy to libsepol.
+ * Added man pages for sepol_genbools* and genpolbools.
+
+0.3 2004-08-10
+ * Added ChangeLog, COPYING, spec file.
+ * Added sepol_genbools_array() for load_policy.
+ * Created libsepol.map to limit exported symbols in shared library.
+
+0.2 2004-08-09
+ * Exported other functions for checkpolicy and friends.
+ * Renamed service and sidtab functions to avoid libselinux conflict.
+ * Removed original code from checkpolicy, which now uses libsepol.
+ * Code cleanup: kill legacy references to kernel types/functions.
+
+0.1 2004-08-06
+ * Moved checkpolicy core logic into a library.
+ * Exported sepol_genbools() for load_policy.
Deleted: tags/libsepol_1_12_27/libsepol/VERSION
===================================================================
--- trunk/libsepol/VERSION 2006-09-18 19:13:13 UTC (rev 2032)
+++ tags/libsepol_1_12_27/libsepol/VERSION 2006-09-28 12:18:30 UTC (rev 2036)
@@ -1 +0,0 @@
-1.12.26
Copied: tags/libsepol_1_12_27/libsepol/VERSION (from rev 2034, trunk/libsepol/VERSION)
===================================================================
--- tags/libsepol_1_12_27/libsepol/VERSION (rev 0)
+++ tags/libsepol_1_12_27/libsepol/VERSION 2006-09-28 12:18:30 UTC (rev 2036)
@@ -0,0 +1 @@
+1.12.27
Deleted: tags/libsepol_1_12_27/libsepol/include/sepol/policydb/policydb.h
===================================================================
--- trunk/libsepol/include/sepol/policydb/policydb.h 2006-09-18 19:13:13 UTC (rev 2032)
+++ tags/libsepol_1_12_27/libsepol/include/sepol/policydb/policydb.h 2006-09-28 12:18:30 UTC (rev 2036)
@@ -1,608 +0,0 @@
-
-/* Author : Stephen Smalley, <sd...@ep...> */
-
-/*
- * Updated: Joshua Brindle <jbr...@tr...>
- * Karl MacMillan <kma...@tr...>
- * Jason Tang <jt...@tr...>
- *
- * Module support
- *
- * Updated: Trusted Computer Solutions, Inc. <dgo...@tr...>
- *
- * Support for enhanced MLS infrastructure.
- *
- * Updated: Frank Mayer <ma...@tr...> and Karl MacMillan <kma...@tr...>
- *
- * Added conditional policy language extensions
- *
- * Updated: Red Hat, Inc. James Morris <jm...@re...>
- *
- * Fine-grained netlink support
- * IPv6 support
- * Code cleanup
- *
- * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
- * Copyright (C) 2003 - 2004 Tresys Technology, LLC
- * Copyright (C) 2003 - 2004 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- */
-
-/* FLASK */
-
-/*
- * A policy database (policydb) specifies the
- * configuration data for the security policy.
- */
-
-#ifndef _SEPOL_POLICYDB_POLICYDB_H_
-#define _SEPOL_POLICYDB_POLICYDB_H_
-
-#include <stdio.h>
-#include <stddef.h>
-
-#include <sepol/policydb.h>
-
-#include <sepol/policydb/flask_types.h>
-#include <sepol/policydb/symtab.h>
-#include <sepol/policydb/avtab.h>
-#include <sepol/policydb/context.h>
-#include <sepol/policydb/constraint.h>
-#include <sepol/policydb/sidtab.h>
-
-#define ERRMSG_LEN 1024
-
-#define POLICYDB_SUCCESS 0
-#define POLICYDB_ERROR -1
-#define POLICYDB_UNSUPPORTED -2
-
-/*
- * A datum type is defined for each kind of symbol
- * in the configuration data: individual permissions,
- * common prefixes for access vectors, classes,
- * users, roles, types, sensitivities, categories, etc.
- */
-
-/* type set preserves data needed by modules such as *, ~ and attributes */
-typedef struct type_set {
- ebitmap_t types;
- ebitmap_t negset;
-#define TYPE_STAR 1
-#define TYPE_COMP 2
- uint32_t flags;
-} type_set_t;
-
-typedef struct role_set {
- ebitmap_t roles;
-#define ROLE_STAR 1
-#define ROLE_COMP 2
- uint32_t flags;
-} role_set_t;
-
-/* Permission attributes */
-typedef struct perm_datum {
- symtab_datum_t s;
-} perm_datum_t;
-
-/* Attributes of a common prefix for access vectors */
-typedef struct common_datum {
- symtab_datum_t s;
- symtab_t permissions; /* common permissions */
-} common_datum_t;
-
-/* Class attributes */
-typedef struct class_datum {
- symtab_datum_t s;
- char *comkey; /* common name */
- common_datum_t *comdatum; /* common datum */
- symtab_t permissions; /* class-specific permission symbol table */
- constraint_node_t *constraints; /* constraints on class permissions */
- constraint_node_t *validatetrans; /* special transition rules */
-} class_datum_t;
-
-/* Role attributes */
-typedef struct role_datum {
- symtab_datum_t s;
- ebitmap_t dominates; /* set of roles dominated by this role */
- type_set_t types; /* set of authorized types for role */
- ebitmap_t cache; /* This is an expanded set used for context validation during parsing */
-} role_datum_t;
-
-typedef struct role_trans {
- uint32_t role; /* current role */
- uint32_t type; /* program executable type */
- uint32_t new_role; /* new role */
- struct role_trans *next;
-} role_trans_t;
-
-typedef struct role_allow {
- uint32_t role; /* current role */
- uint32_t new_role; /* new role */
- struct role_allow *next;
-} role_allow_t;
-
-/* Type attributes */
-typedef struct type_datum {
- symtab_datum_t s;
- uint32_t primary; /* primary name? can be set to primary value if below is TYPE_ */
-#define TYPE_TYPE 0 /* regular type or alias in kernel policies */
-#define TYPE_ATTRIB 1 /* attribute */
-#define TYPE_ALIAS 2 /* alias in modular policy */
- uint32_t flavor;
- ebitmap_t types; /* types with this attribute */
-} type_datum_t;
-
-/* User attributes */
-typedef struct user_datum {
- symtab_datum_t s;
- role_set_t roles; /* set of authorized roles for user */
- mls_semantic_range_t range; /* MLS range (min. - max.) for user */
- mls_semantic_level_t dfltlevel; /* default login MLS level for user */
- ebitmap_t cache; /* This is an expanded set used for context validation during parsing */
- mls_range_t exp_range; /* expanded range used for validation */
- mls_level_t exp_dfltlevel; /* expanded range used for validation */
-} user_datum_t;
-
-/* Sensitivity attributes */
-typedef struct level_datum {
- mls_level_t *level; /* sensitivity and associated categories */
- unsigned char isalias; /* is this sensitivity an alias for another? */
- unsigned char defined;
-} level_datum_t;
-
-/* Category attributes */
-typedef struct cat_datum {
- symtab_datum_t s;
- unsigned char isalias; /* is this category an alias for another? */
-} cat_datum_t;
-
-typedef struct range_trans {
- uint32_t source_type;
- uint32_t target_type;
- uint32_t target_class;
- mls_range_t target_range;
- struct range_trans *next;
-} range_trans_t;
-
-/* Boolean data type */
-typedef struct cond_bool_datum {
- symtab_datum_t s;
- int state;
-} cond_bool_datum_t;
-
-struct cond_node;
-
-typedef struct cond_node cond_list_t;
-struct cond_av_list;
-
-typedef struct class_perm_node {
- uint32_t class;
- uint32_t data; /* permissions or new type */
- struct class_perm_node *next;
-} class_perm_node_t;
-
-typedef struct avrule {
-/* these typedefs are almost exactly the same as those in avtab.h - they are
- * here because of the need to include neverallow and dontaudit messages */
-#define AVRULE_ALLOWED 1
-#define AVRULE_AUDITALLOW 2
-#define AVRULE_AUDITDENY 4
-#define AVRULE_DONTAUDIT 8
-#define AVRULE_NEVERALLOW 128
-#define AVRULE_AV (AVRULE_ALLOWED | AVRULE_AUDITALLOW | AVRULE_AUDITDENY | AVRULE_DONTAUDIT | AVRULE_NEVERALLOW)
-#define AVRULE_TRANSITION 16
-#define AVRULE_MEMBER 32
-#define AVRULE_CHANGE 64
-#define AVRULE_TYPE (AVRULE_TRANSITION | AVRULE_MEMBER | AVRULE_CHANGE)
- uint32_t specified;
-#define RULE_SELF 1
- uint32_t flags;
- type_set_t stypes;
- type_set_t ttypes;
- class_perm_node_t *perms;
- unsigned long line; /* line number from policy.conf where
- * this rule originated */
- struct avrule *next;
-} avrule_t;
-
-typedef struct role_trans_rule {
- role_set_t roles; /* current role */
- type_set_t types; /* program executable type */
- uint32_t new_role; /* new role */
- struct role_trans_rule *next;
-} role_trans_rule_t;
-
-typedef struct role_allow_rule {
- role_set_t roles; /* current role */
- role_set_t new_roles; /* new roles */
- struct role_allow_rule *next;
-} role_allow_rule_t;
-
-typedef struct range_trans_rule {
- type_set_t stypes;
- type_set_t ttypes;
- ebitmap_t tclasses;
- mls_semantic_range_t trange;
- struct range_trans_rule *next;
-} range_trans_rule_t;
-
-/*
- * The configuration data includes security contexts for
- * initial SIDs, unlabeled file systems, TCP and UDP port numbers,
- * network interfaces, and nodes. This structure stores the
- * relevant data for one such entry. Entries of the same kind
- * (e.g. all initial SIDs) are linked together into a list.
- */
-typedef struct ocontext {
- union {
- char *name; /* name of initial SID, fs, netif, fstype, path */
- struct {
- uint8_t protocol;
- uint16_t low_port;
- uint16_t high_port;
- } port; /* TCP or UDP port information */
- struct {
- uint32_t addr;
- uint32_t mask;
- } node; /* node information */
- struct {
- uint32_t addr[4];
- uint32_t mask[4];
- } node6; /* IPv6 node information */
- } u;
- union {
- uint32_t sclass; /* security class for genfs */
- uint32_t behavior; /* labeling behavior for fs_use */
- } v;
- context_struct_t context[2]; /* security context(s) */
- sepol_security_id_t sid[2]; /* SID(s) */
- struct ocontext *next;
-} ocontext_t;
-
-typedef struct genfs {
- char *fstype;
- struct ocontext *head;
- struct genfs *next;
-} genfs_t;
-
-/* symbol table array indices */
-#define SYM_COMMONS 0
-#define SYM_CLASSES 1
-#define SYM_ROLES 2
-#define SYM_TYPES 3
-#define SYM_USERS 4
-#define SYM_BOOLS 5
-#define SYM_LEVELS 6
-#define SYM_CATS 7
-#define SYM_NUM 8
-
-/* object context array indices */
-#define OCON_ISID 0 /* initial SIDs */
-#define OCON_FS 1 /* unlabeled file systems */
-#define OCON_PORT 2 /* TCP and UDP port numbers */
-#define OCON_NETIF 3 /* network interfaces */
-#define OCON_NODE 4 /* nodes */
-#define OCON_FSUSE 5 /* fs_use */
-#define OCON_NODE6 6 /* IPv6 nodes */
-#define OCON_NUM 7
-
-/* section: module information */
-
-/* scope_index_t holds all of the symbols that are in scope in a
- * particular situation. The bitmaps are indices (and thus must
- * subtract one) into the global policydb->scope array. */
-typedef struct scope_index {
- ebitmap_t scope[SYM_NUM];
-#define p_classes_scope scope[SYM_CLASSES]
-#define p_roles_scope scope[SYM_ROLES]
-#define p_types_scope scope[SYM_TYPES]
-#define p_users_scope scope[SYM_USERS]
-#define p_bools_scope scope[SYM_BOOLS]
-#define p_sens_scope scope[SYM_LEVELS]
-#define p_cat_scope scope[SYM_CATS]
-
- /* this array maps from class->value to the permissions within
- * scope. if bit (perm->value - 1) is set in map
- * class_perms_map[class->value - 1] then that permission is
- * enabled for this class within this decl. */
- ebitmap_t *class_perms_map;
- /* total number of classes in class_perms_map array */
- uint32_t class_perms_len;
-} scope_index_t;
-
-/* a list of declarations for a particular avrule_decl */
-
-/* These two structs declare a block of policy that has TE and RBAC
- * statements and declarations. The root block (the global policy)
- * can never have an ELSE branch. */
-typedef struct avrule_decl {
- uint32_t decl_id;
- uint32_t enabled; /* whether this block is enabled */
-
- cond_list_t *cond_list;
- avrule_t *avrules;
- role_trans_rule_t *role_tr_rules;
- role_allow_rule_t *role_allow_rules;
- range_trans_rule_t *range_tr_rules;
- scope_index_t required; /* symbols needed to activate this block */
- scope_index_t declared; /* symbols declared within this block */
-
- /* for additive statements (type attribute, roles, and users) */
- symtab_t symtab[SYM_NUM];
-
- /* In a linked module this will contain the name of the module
- * from which this avrule_decl originated. */
- char *module_name;
-
- struct avrule_decl *next;
-} avrule_decl_t;
-
-typedef struct avrule_block {
- avrule_decl_t *branch_list;
- avrule_decl_t *enabled; /* pointer to which branch is enabled. this is
- used in linking and never written to disk */
-#define AVRULE_OPTIONAL 1
- uint32_t flags; /* any flags for this block, currently just optional */
- struct avrule_block *next;
-} avrule_block_t;
-
-/* Every identifier has its own scope datum. The datum describes if
- * the item is to be included into the final policy during
- * expansion. */
-typedef struct scope_datum {
-/* Required for this decl */
-#define SCOPE_REQ 1
-/* Declared in this decl */
-#define SCOPE_DECL 2
- uint32_t scope;
- uint32_t *decl_ids;
- uint32_t decl_ids_len;
- /* decl_ids is a list of avrule_decl's that declare/require
- * this symbol. If scope==SCOPE_DECL then this is a list of
- * declarations. If the symbol may only be declared once
- * (types, bools) then decl_ids_len will be exactly 1. For
- * implicitly declared things (roles, users) then decl_ids_len
- * will be at least 1. */
-} scope_datum_t;
-
-/* The policy database */
-typedef struct policydb {
-#define POLICY_KERN SEPOL_POLICY_KERN
-#define POLICY_BASE SEPOL_POLICY_BASE
-#define POLICY_MOD SEPOL_POLICY_MOD
- uint32_t policy_type;
- char *name;
- char *version;
-
- /* Set when the policydb is modified such that writing is unsupported */
- int unsupported_format;
-
- /* Whether this policydb is mls, should always be set */
- int mls;
-
- /* symbol tables */
- symtab_t symtab[SYM_NUM];
-#define p_commons symtab[SYM_COMMONS]
-#define p_classes symtab[SYM_CLASSES]
-#define p_roles symtab[SYM_ROLES]
-#define p_types symtab[SYM_TYPES]
-#define p_users symtab[SYM_USERS]
-#define p_bools symtab[SYM_BOOLS]
-#define p_levels symtab[SYM_LEVELS]
-#define p_cats symtab[SYM_CATS]
-
- /* symbol names indexed by (value - 1) */
- char **sym_val_to_name[SYM_NUM];
-#define p_common_val_to_name sym_val_to_name[SYM_COMMONS]
-#define p_class_val_to_name sym_val_to_name[SYM_CLASSES]
-#define p_role_val_to_name sym_val_to_name[SYM_ROLES]
-#define p_type_val_to_name sym_val_to_name[SYM_TYPES]
-#define p_user_val_to_name sym_val_to_name[SYM_USERS]
-#define p_bool_val_to_name sym_val_to_name[SYM_BOOLS]
-#define p_sens_val_to_name sym_val_to_name[SYM_LEVELS]
-#define p_cat_val_to_name sym_val_to_name[SYM_CATS]
-
- /* class, role, and user attributes indexed by (value - 1) */
- class_datum_t **class_val_to_struct;
- role_datum_t **role_val_to_struct;
- user_datum_t **user_val_to_struct;
- type_datum_t **type_val_to_struct;
-
- /* module stuff section -- used in parsing and for modules */
-
- /* keep track of the scope for every identifier. these are
- * hash tables, where the key is the identifier name and value
- * a scope_datum_t. as a convenience, one may use the
- * p_*_macros (cf. struct scope_index_t declaration). */
- symtab_t scope[SYM_NUM];
-
- /* module rule storage */
- avrule_block_t *global;
- /* avrule_decl index used for link/expand */
- avrule_decl_t **decl_val_to_struct;
-
- /* compiled storage of rules - use for the kernel policy */
-
- /* type enforcement access vectors and transitions */
- avtab_t te_avtab;
-
- /* bools indexed by (value - 1) */
- cond_bool_datum_t **bool_val_to_struct;
- /* type enforcement conditional access vectors and transitions */
- avtab_t te_cond_avtab;
- /* linked list indexing te_cond_avtab by conditional */
- cond_list_t *cond_list;
-
- /* role transitions */
- role_trans_t *role_tr;
-
- /* role allows */
- role_allow_t *role_allow;
-
- /* security contexts of initial SIDs, unlabeled file systems,
- TCP or UDP port numbers, network interfaces and nodes */
- ocontext_t *ocontexts[OCON_NUM];
-
- /* security contexts for files in filesystems that cannot support
- a persistent label mapping or use another
- fixed labeling behavior. */
- genfs_t *genfs;
-
- /* range transitions */
- range_trans_t *range_tr;
-
- ebitmap_t *type_attr_map;
-
- ebitmap_t *attr_type_map; /* not saved in the binary policy */
-
- unsigned policyvers;
-} policydb_t;
-
-struct sepol_policydb {
- struct policydb p;
-};
-
-extern int policydb_init(policydb_t * p);
-
-extern int policydb_from_image(sepol_handle_t * handle,
- void *data, size_t len, policydb_t * policydb);
-
-extern int policydb_to_image(sepol_handle_t * handle,
- policydb_t * policydb, void **newdata,
- size_t * newlen);
-
-extern int policydb_index_classes(policydb_t * p);
-
-extern int policydb_index_bools(policydb_t * p);
-
-extern int policydb_index_others(sepol_handle_t * handle, policydb_t * p,
- unsigned int verbose);
-
-extern int policydb_reindex_users(policydb_t * p);
-
-extern void policydb_destroy(policydb_t * p);
-
-extern int policydb_load_isids(policydb_t * p, sidtab_t * s);
-
-/* Deprecated */
-extern int policydb_context_isvalid(const policydb_t * p,
- const context_struct_t * c);
-
-extern void symtabs_destroy(symtab_t * symtab);
-extern int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p);
-typedef void (*hashtab_destroy_func_t) (hashtab_key_t k, hashtab_datum_t d,
- void *args);
-extern hashtab_destroy_func_t get_symtab_destroy_func(int sym_num);
-
-extern void class_perm_node_init(class_perm_node_t * x);
-extern void type_set_init(type_set_t * x);
-extern void type_set_destroy(type_set_t * x);
-extern int type_set_cpy(type_set_t * dst, type_set_t * src);
-extern int type_set_or_eq(type_set_t * dst, type_set_t * other);
-extern void role_set_init(role_set_t * x);
-extern void role_set_destroy(role_set_t * x);
-extern void avrule_init(avrule_t * x);
-extern void avrule_destroy(avrule_t * x);
-extern void avrule_list_destroy(avrule_t * x);
-extern void role_trans_rule_init(role_trans_rule_t * x);
-extern void role_trans_rule_list_destroy(role_trans_rule_t * x);
-
-extern void role_datum_init(role_datum_t * x);
-extern void role_datum_destroy(role_datum_t * x);
-extern void role_allow_rule_init(role_allow_rule_t * x);
-extern void role_allow_rule_destroy(role_allow_rule_t * x);
-extern void role_allow_rule_list_destroy(role_allow_rule_t * x);
-extern void range_trans_rule_init(range_trans_rule_t *x);
-extern void range_trans_rule_destroy(range_trans_rule_t *x);
-extern void range_trans_rule_list_destroy(range_trans_rule_t *x);
-extern void type_datum_init(type_datum_t * x);
-extern void type_datum_destroy(type_datum_t * x);
-extern void user_datum_init(user_datum_t * x);
-extern void user_datum_destroy(user_datum_t * x);
-
-extern int check_assertions(sepol_handle_t * handle,
- policydb_t * p, avrule_t * avrules);
-
-extern int symtab_insert(policydb_t * x, uint32_t sym,
- hashtab_key_t key, hashtab_datum_t datum,
- uint32_t scope, uint32_t avrule_decl_id,
- uint32_t * value);
-
-/* A policy "file" may be a memory region referenced by a (data, len) pair
- or a file referenced by a FILE pointer. */
-typedef struct policy_file {
-#define PF_USE_MEMORY 0
-#define PF_USE_STDIO 1
-#define PF_LEN 2 /* total up length in len field */
- unsigned type;
- char *data;
- size_t len;
- size_t size;
- FILE *fp;
- struct sepol_handle *handle;
- unsigned char buffer[BUFSIZ];
-} policy_file_t;
-
-struct sepol_policy_file {
- struct policy_file pf;
-};
-
-extern int policydb_read(policydb_t * p, struct policy_file *fp,
- unsigned int verbose);
-extern int avrule_read_list(policydb_t * p, avrule_t ** avrules,
- struct policy_file *fp);
-
-extern int policydb_write(struct policydb *p, struct policy_file *pf);
-
-#define PERM_SYMTAB_SIZE 32
-
-/* Identify specific policy version changes */
-#define POLICYDB_VERSION_BASE 15
-#define POLICYDB_VERSION_BOOL 16
-#define POLICYDB_VERSION_IPV6 17
-#define POLICYDB_VERSION_NLCLASS 18
-#define POLICYDB_VERSION_VALIDATETRANS 19
-#define POLICYDB_VERSION_MLS 19
-#define POLICYDB_VERSION_AVTAB 20
-#define POLICYDB_VERSION_RANGETRANS 21
-
-/* Range of policy versions we understand*/
-#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
-#define POLICYDB_VERSION_MAX POLICYDB_VERSION_RANGETRANS
-
-/* Module versions and specific changes*/
-#define MOD_POLICYDB_VERSION_BASE 4
-#define MOD_POLICYDB_VERSION_VALIDATETRANS 5
-#define MOD_POLICYDB_VERSION_MLS 5
-#define MOD_POLICYDB_VERSION_RANGETRANS 6
-#define MOD_POLICYDB_VERSION_MLS_USERS 6
-
-#define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE
-#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_MLS_USERS
-
-#define POLICYDB_CONFIG_MLS 1
-
-#define OBJECT_R "object_r"
-#define OBJECT_R_VAL 1
-
-#define POLICYDB_MAGIC SELINUX_MAGIC
-#define POLICYDB_STRING "SE Linux"
-#define POLICYDB_MOD_MAGIC SELINUX_MOD_MAGIC
-#define POLICYDB_MOD_STRING "SE Linux Module"
-
-#endif /* _POLICYDB_H_ */
-
-/* FLASK */
Copied: tags/libsepol_1_12_27/libsepol/include/sepol/policydb/policydb.h (from rev 2033, trunk/libsepol/include/sepol/policydb/policydb.h)
===================================================================
--- tags/libsepol_1_12_27/libsepol/include/sepol/policydb/policydb.h (rev 0)
+++ tags/libsepol_1_12_27/libsepol/include/sepol/policydb/policydb.h 2006-09-28 12:18:30 UTC (rev 2036)
@@ -0,0 +1,612 @@
+
+/* Author : Stephen Smalley, <sd...@ep...> */
+
+/*
+ * Updated: Joshua Brindle <jbr...@tr...>
+ * Karl MacMillan <kma...@tr...>
+ * Jason Tang <jt...@tr...>
+ *
+ * Module support
+ *
+ * Updated: Trusted Computer Solutions, Inc. <dgo...@tr...>
+ *
+ * Support for enhanced MLS infrastructure.
+ *
+ * Updated: Frank Mayer <ma...@tr...> and Karl MacMillan <kma...@tr...>
+ *
+ * Added conditional policy language extensions
+ *
+ * Updated: Red Hat, Inc. James Morris <jm...@re...>
+ *
+ * Fine-grained netlink support
+ * IPv6 support
+ * Code cleanup
+ *
+ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
+ * Copyright (C) 2003 - 2004 Tresys Technology, LLC
+ * Copyright (C) 2003 - 2004 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* FLASK */
+
+/*
+ * A policy database (policydb) specifies the
+ * configuration data for the security policy.
+ */
+
+#ifndef _SEPOL_POLICYDB_POLICYDB_H_
+#define _SEPOL_POLICYDB_POLICYDB_H_
+
+#include <stdio.h>
+#include <stddef.h>
+
+#include <sepol/policydb.h>
+
+#include <sepol/policydb...
[truncated message content] |
