dbase_file_cache: deref of uninit data on error path. dbase_policydb_cache:
clear fp to avoid double fclose semanage_fc_sort: destroy temp on error
paths
Merged updated file context sorting patch from Christopher Ashworth, with
bug fix for escaped character flag.
Merged file context sorting code from Christopher Ashworth (Tresys
Technology), based on fc_sort.c code in refpolicy.
Merged python binding t_output_helper removal patch from Dan Walsh.
Regenerated swig files.
Merged file context sorting code from Christopher Ashworth (Tresys
Technology), based on fc_sort.c code in refpolicy.
Merged python binding t_output_helper removal patch from Dan Walsh.
Regenerated swig files.
- Upgrade to latest from NSA
Merged abort early on merge errors patch from Ivan Gyurdiev.
Cleaned up error handling in semanage_split_fc based on a patch by Serge
Hallyn (IBM) and suggestions by Ivan Gyurdiev.
Merged MLS handling fixes from Ivan Gyurdiev.
Merged paths array patch from Ivan Gyurdiev.
Merged bug fix patch from Ivan Gyurdiev.
Merged improve bindings patch from Ivan Gyurdiev.
Merged use PyList patch from Ivan Gyurdiev.
Merged memory leak fix patch from Ivan Gyurdiev.
Merged nodecon support patch from Ivan Gyurdiev.
Merged cleanups patch from Ivan Gyurdiev.
Merged split swig patch from Ivan Gyurdiev.
Merged optionals in base patch from Joshua Brindle.
Merged treat seusers/users_extra as optional sections patch from Ivan
Gyurdiev.
Merged parse_optional fixes from Ivan Gyurdiev.
Clarified error messages from parse_module_headers and parse_base_headers
for base/module mismatches.
Merged string and file optimization patch from Russell Coker.
Merged swig header reordering patch from Ivan Gyurdiev.
Merged toggle modify on add patch from Ivan Gyurdiev.
Merged ports parser bugfix patch from Ivan Gyurdiev.
Merged fcontext swig patch from Ivan Gyurdiev.
Merged remove add/modify/delete for active booleans patch from Ivan
Gyurdiev.
Merged man pages for dbase functions patch from Ivan Gyurdiev.
Merged pywrap tests patch from Ivan Gyurdiev.
- separate file rw code from linked list
- annotate objects
- fold together internal headers
- support ordering of records in compare function
- add active dbase backend, active booleans
- return commit numbers for ro database calls
- use modified flags to skip rebuild whenever possible
- enable port interfaces
- update swig interfaces and typemaps
- add an API for file_contexts.local and file_contexts
- flip the traversal order in iterate/list
- reorganize sandbox_expand
- add seusers MLS validation
- improve dbase spec/documentation
- clone record on set/add/modify
Merged further header cleanups from Ivan Gyurdiev.
Merged toggle modified flag in policydb_modify, fix memory leak in
clear_obsolete, polymorphism vs headers fix, and include guards for
internal headers patches from Ivan Gyurdiev.
Merged toggle modified flag in policydb_modify, fix memory leak in
clear_obsolete, polymorphism vs headers fix, and include guards for
internal headers patches from Ivan Gyurdiev.
Added file-mode= setting to semanage.conf, default to 0644. Changed
semanage_copy_file and callers to use this mode when installing policy
files to runtime locations.
Changed semanage_handle_create() to set do_reload based on
is_selinux_enabled(). This prevents improper attempts to load policy on
a non-SELinux system.
Merged wrap char*** for user_get_roles patch from Joshua Brindle.
Merged remove defrole from sepol patch from Ivan Gyurdiev.
Merged swig wrappers for modifying users and seusers from Joshua Brindle.
Fixed free->key_free bug.
Merged clear obsolete patch from Ivan Gyurdiev.
Merged modified swigify patch from Dan Walsh (original patch from Joshua
Brindle).
Merged move genhomedircon call patch from Chad Sellers.
Merged cleanup patch from Ivan Gyurdiev. This renames semanage_module_conn
to semanage_direct_handle, and moves sepol handle create/destroy into
semanage handle create/destroy to allow use even when disconnected (for
the record interfaces).
Clear modules modified flag upon disconnect and commit.
Added tracking of module modifications and use it to determine whether
expand-time checks should be applied on commit.
Reverted semanage_set_reload_bools() interface.
Disabled calls to port dbase for merge and commit and stubbed out calls to
sepol_port interfaces since they are not exported.
Merged rename instead of copy patch from Joshua Brindle (Tresys).
Added hidden_def/hidden_proto for exported symbols used within libsemanage
to eliminate relocations. Wrapped type definitions in exported headers
as needed to avoid conflicts. Added src/context_internal.h and
src/iface_internal.h.
Added semanage_is_managed() interface to allow detection of whether the
policy is managed via libsemanage. This enables proper handling in
setsebool for non-managed systems.
Merged semanage_set_reload_bools() interface from Ivan Gyurdiev, to enable
runtime control over preserving active boolean values versus reloading
their saved settings upon commit.
Merged seuser parser resync, dbase tracking and cleanup, strtol bug,
copyright, and assert space patches from Ivan Gyurdiev.
Added src/*_internal.h in preparation for other changes.
Added hidden/hidden_proto/hidden_def to src/debug.[hc] and
src/seusers.[hc].
Merged interface parse/print, context_to_string interface change, move
assert_noeof, and order preserving patches from Ivan Gyurdiev.
Added src/dso.h in preparation for other changes.
Merged install seusers, handle/error messages, MLS parsing, and seusers
validation patches from Ivan Gyurdiev.
Merged resync to sepol changes and booleans fixes/improvements patches from
Ivan Gyurdiev.
Merged support for genhomedircon/homedir template, store selection,
explicit policy reload, and semanage.conf relocation from Joshua
Brindle.
Merged resync to sepol changes and booleans fixes/improvements patches from
Ivan Gyurdiev.
Merged support for genhomedircon/homedir template, store selection,
explicit policy reload, and semanage.conf relocation from Joshua
Brindle.
Merged resync to sepol changes and transaction fix patches from Ivan
Gyurdiev.
Merged reorganize users patch from Ivan Gyurdiev.
Merged remove unused relay functions patch from Ivan Gyurdiev.
Fixed policy file leaks in semanage_load_module and semanage_write_module.
Merged further database work from Ivan Gyurdiev.
Fixed bug in semanage_direct_disconnect.
Fixed policy file leaks in semanage_load_module and semanage_write_module.
Merged further database work from Ivan Gyurdiev.
Fixed bug in semanage_direct_disconnect.
Merged interface renaming patch from Ivan Gyurdiev.
Merged policy component patch from Ivan Gyurdiev.
Renamed 'check=' configuration value to 'expand-check=' for clarity.
Changed semanage_commit_sandbox to check for and report errors on rename(2)
calls performed during rollback.
Added optional check= configuration value to semanage.conf and updated call
to sepol_expand_module to pass its value to control assertion and
hierarchy checking on module expansion.
Merged fixes for make DESTDIR= builds from Joshua Brindle.
Merged default database from Ivan Gyurdiev.
Merged removal of connect requirement in policydb backend from Ivan
Gyurdiev.
Merged commit locking fix and lock rename from Joshua Brindle.
Merged transaction rollback in lock patch from Joshua Brindle.
Changed default args for load_policy to be null, as it no longer takes a
pathname argument and we want to preserve booleans.
Merged move local dbase initialization patch from Ivan Gyurdiev.
Merged acquire/release read lock in databases patch from Ivan Gyurdiev.
Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev.
Added calls to sepol_policy_file_set_handle interface prior to invoking
sepol operations on policy files.
Updated call to sepol_policydb_from_image to pass the handle.
Changed default args for load_policy to be null, as it no longer takes a
pathname argument and we want to preserve booleans.
Merged move local dbase initialization patch from Ivan Gyurdiev.
Merged acquire/release read lock in databases patch from Ivan Gyurdiev.
Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev.
Added calls to sepol_policy_file_set_handle interface prior to invoking
sepol operations on policy files.
Updated call to sepol_policydb_from_image to pass the handle.
Merged user and port APIs - policy database patch from Ivan Gyurdiev.
Converted calls to sepol link_packages and expand_module interfaces from
using buffers to using sepol handles for error reporting, and changed
direct_connect/disconnect to create/destroy sepol handles.
Merged bugfix patch from Ivan Gyurdiev.
Merged seuser database patch from Ivan Gyurdiev. Merged direct user/port
databases to the handle from Ivan Gyurdiev.
Removed obsolete include/semanage/commit_api.h (leftover). Merged seuser
record patch from Ivan Gyurdiev.
Merged boolean and interface databases from Ivan Gyurdiev.
Updated to use get interfaces for hidden sepol_module_package type.
Changed semanage_expand_sandbox and semanage_install_active to
generate/install the latest policy version supported by libsepol by
default (unless overridden by semanage.conf), since libselinux will now
downgrade automatically for load_policy.
Merged new callback-based error reporting system and ongoing database work
from Ivan Gyurdiev.
Fixed semanage_install_active() to use the same logic for selecting a
policy version as semanage_expand_sandbox(). Dropped dead code from
semanage_install_sandbox().