files.
Cleaned up sepol_genbools to not regenerate the image if there were no
changes in the boolean values, including the degenerate case where
there are no booleans or booleans.local files.
Cleaned up sepol_genusers to not warn on missing local.users.
Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.9.38-1
- Upgrade to latest from NSA
Removed sepol_port_* from libsepol.map, as the port interfaces are not yet
stable.
Added src/dso.h and src/*_internal.h. Added hidden_def for exported symbols
used within libsepol. Added hidden for symbols that should not be
exported by the wildcards in libsepol.map.
Added further checking and error reporting to sepol_module_package_read and
_info.
Merged sepol handle passing, DEBUG conversion, and memory leak fix patches
from Ivan Gyurdiev.
Removed processing of system.users from sepol_genusers and dropped delusers
logic.
Removed policydb_destroy from error path of policydb_read, since
create/init/destroy/free of policydb is handled by the caller now.
Fixed sepol_module_package_read to handle a failed policydb_read properly.
Merged query/exists and count patches from Ivan Gyurdiev.
Merged fix for pruned types in expand code from Joshua Brindle.
Merged new module package format code from Joshua Brindle.
Merged users cleanup patch from Ivan Gyurdiev.
Merged user record memory leak fix from Ivan Gyurdiev.
Merged reorganize users patch from Ivan Gyurdiev.
checking on expansion.
Reworked check_assertions() and hierarchy_check_constraints() to take
handles and use callback-based error reporting.
Changed expand_module() to call check_assertions() and
hierarchy_check_constraints() prior to returning the expanded policy.
Changed sepol_module_package_set_file_contexts to copy the file contexts
data since it is internally managed.
Added sepol_policy_file_set_handle interface to associate a handle with a
policy file.
Added handle argument to policydb_from_image/to_image.
Added sepol_module_package_set_file_contexts interface.
Dropped sepol_module_package_create_file interface.
Reworked policydb_read/write, policydb_from_image/to_image, and
sepol_module_package_read/write to use callback-based error reporting
system rather than DEBUG.
Hid sepol_module_package type definition, and added get interfaces.
Merged new callback-based error reporting system from Ivan Gyurdiev.
Merged support for require blocks inside conditionals from Joshua Brindle
(Tresys).
Hid sepol_module_package type definition, and added get interfaces.
Merged new callback-based error reporting system from Ivan Gyurdiev.
Merged support for require blocks inside conditionals from Joshua Brindle
(Tresys).
Fixed use of policydb_from_image/to_image to ensure proper init of
policydb.
1) policydb_read no longer calls policydb_init. Caller must do so first.
2) policydb_init no longer takes policy_type argument. Caller must set
policy_type separately.
3) expand_module automatically enables the global branch. Caller no longer
needs to do so.
4) policydb_write uses the policy_type and policyvers from the policydb
itself, and sepol_set_policyvers() has been removed.
Fixed use of policydb_from_image/to_image to ensure proper init of
policydb.
1) policydb_read no longer calls policydb_init. Caller must do so first.
2) policydb_init no longer takes policy_type argument. Caller must set
policy_type separately.
3) expand_module automatically enables the global branch. Caller no longer
needs to do so.
4) policydb_write uses the policy_type and policyvers from the policydb
itself, and sepol_set_policyvers() has been removed.
Fixed use of policydb_from_image/to_image to ensure proper init of
policydb.
1) policydb_read no longer calls policydb_init. Caller must do so first.
2) policydb_init no longer takes policy_type argument. Caller must set
policy_type separately.
3) expand_module automatically enables the global branch. Caller no longer
needs to do so.
4) policydb_write uses the policy_type and policyvers from the policydb
itself, and sepol_set_policyvers() has been removed.
Fixed use of policydb_from_image/to_image to ensure proper init of
policydb.
1) policydb_read no longer calls policydb_init. Caller must do so first.
2) policydb_init no longer takes policy_type argument. Caller must set
policy_type separately.
3) expand_module automatically enables the global branch. Caller no longer
needs to do so.
4) policydb_write uses the policy_type and policyvers from the policydb
itself, and sepol_set_policyvers() has been removed.
Merged bug fix for check_assertions handling of no assertions from Joshua
Brindle (Tresys).
Tue Oct 4 2005 Dan Walsh <dwalsh@redhat.com> 1.9.10-1
- Upgrade to latest from NSA
Merged iterate patch from Ivan Gyurdiev.
Merged MLS in modules patch from Joshua Brindle (Tresys).
Merged fix for memory leak in sepol_context_to_sid from Jason Tang
(Tresys).
Merged fixes for resource leaks on error paths and change to scope_destroy
from Joshua Brindle (Tresys).
Fixed empty list test in cond_write_av_list. Bug found by Coverity,
reported by Serge Hallyn (IBM).
Merged patch to policydb_write to check errors when writing the
type->attribute reverse map from Serge Hallyn (IBM). Bug found by
Coverity.
Fixed policydb_destroy to properly handle NULL type_attr_map or
attr_type_map.
Fixed empty list test in cond_write_av_list. Bug found by Coverity,
reported by Serge Hallyn (IBM).
Merged patch to policydb_write to check errors when writing the
type->attribute reverse map from Serge Hallyn (IBM). Bug found by
Coverity.
Fixed policydb_destroy to properly handle NULL type_attr_map or
attr_type_map.
Enabled further compiler warning flags and fixed them.
Merged user, context, port records patch from Ivan Gyurdiev.
Merged key extract function patch from Ivan Gyurdiev.
Merged mls_context_to_sid bugfix from Ivan Gyurdiev.