Lindent.
Merged patch to remove TE rule conflict checking from the parser from
Joshua Brindle. This can only be done properly by the expander.
Merged patch to make checkpolicy/checkmodule handling of
duplicate/conflicting TE rules the same as the expander from Joshua
Brindle.
Merged optionals in base take 2 patch set from Joshua Brindle.
Fixed checkmodule to call link_modules prior to expand_module to handle
optionals.
Fixed require_class to avoid shadowing permissions already defined in an
inherited common definition.
Added a check for failure to declare each sensitivity in a level
definition.
Changed to clone level data for aliased sensitivities to avoid double free
upon sens_destroy. Bug reported by Kevin Carr of Tresys Technology.
Added a check for failure to declare each sensitivity in a level
definition.
Changed to clone level data for aliased sensitivities to avoid double free
upon sens_destroy. Bug reported by Kevin Carr of Tresys Technology.
Added error checking of all ebitmap_set_bit calls for out of memory
conditions.
Merged removal of compatibility handling of netlink classes (requirement
that policies with newer versions include the netlink class
definitions, remapping of fine-grained netlink classes in newer source
policies to single netlink class when generating older policies) from
George Coker.
Removed obsolete cond_check_type_rules() function and call and
cond_optimize_lists() call from checkpolicy.c; these are handled during
parsing and expansion now.
Updated calls to expand_module for interface change.
Changed checkmodule to verify that expand_module succeeds when building
base modules.
Merged module compiler fixes from Joshua Brindle.
Removed direct calls to hierarchy_check_constraints() and
check_assertions() from checkpolicy since they are now called
internally by expand_module().
Removed obsolete cond_check_type_rules() function and call and
cond_optimize_lists() call from checkpolicy.c; these are handled during
parsing and expansion now.
Updated calls to expand_module for interface change.
Changed checkmodule to verify that expand_module succeeds when building
base modules.
Merged module compiler fixes from Joshua Brindle.
Removed direct calls to hierarchy_check_constraints() and
check_assertions() from checkpolicy since they are now called
internally by expand_module().
Updated for changes to sepol expand_module and link_modules interfaces.
Sat Oct 15 2005 Dan Walsh <dwalsh@redhat.com> 1.27.9-2
- Rebuild to get latest libsepol
Merged bug fix for role dominance handling from Darrel Goeddel (TCS).
Wed Sep 14 2005 Dan Walsh <dwalsh@redhat.com> 1.26-2
- Rebuild to get latest libsepol
Fixed further memory leaks found by valgrind.
Changed checkpolicy to destroy the policydbs prior to exit to allow leak
detection.
Fixed several memory leaks found by valgrind.
The binary policy format version has been incremented to version 20 as a
result of these changes. To build a policy for a kernel that does not
yet include these changes, use the -c 19 option to checkpolicy.
Merged patch to prohibit use of "self" as a type name from Jason Tang
(Tresys).
Merged patch to fix dismod compilation from Joshua Brindle (Tresys).
Fixed call to hierarchy checking code to pass the right policydb.
Merged patch to update dismod for the relocation of the module read/write
code from libsemanage to libsepol, and to enable build of test
subdirectory from Jason Tang (Tresys).
Merged loadable module support from Tresys Technology.
Merged patch to prohibit the use of * and ~ in type sets (other than in
neverallow statements) and in role sets from Joshua Brindle (Tresys).
Updated version for release.
Merged loadable module support from Tresys Technology.
Merged patch to prohibit the use of * and ~ in type sets (other than in
neverallow statements) and in role sets from Joshua Brindle (Tresys).
Updated version for release.
Merged typeattribute statement patch from Darrel Goeddel of TCS.
Changed genpolusers to handle multiple user config files.
Merged nodecon ordering patch from Chad Hanson of TCS.
