diff options
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 1155 |
1 files changed, 1155 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..e492df4 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,1155 @@ +2010-05-07 Spencer Shimko <sshimko@tresys.com> + + * SETools 3.3.7. + +2010-04-30 Spencer Shimko <sshimko@tresys.com> + + * Update the spec file for release. + * Update versions for release. + +2010-04-28 John Oliver <joliver@tresys.com> + + * Restore close button in transitive info flow. + * Wrapped new policy db components so we can build against + new and old SELinux userspace. + +2010-04-28 Spencer Shimko <sshimko@tresys.com> + + * Switch to a non-modal advanced filtering window. + +2010-04-23 Spencer Shimko <sshimko@tresys.com> + + * Rebase module loading code on upstream userspace. + + * Automatically detect base module instead of asking + user to identify the base. + + * Support for bzipped policy packages (.pp) found in + Fedora 12 and later. + +2010-04-20 Chris PeBenito <cpebenito@tresys.com> + + * Fix seinfo to correctly handle cases where there are + no nodecon statements in the policy. + +2010-04-20 Spencer Shimko <sshimko@tresys.com> + + * Fixes error conditions that prevent apol from exiting. If + window/tab was already destroyed on exit + then apol threw an error and refused to exit. + +2010-04-15 Spencer Shimko <sshimko@tresys.com> + + * Add support for displaying constraints to seinfo. + * Add constraint CUnit tests. + +2010-03-12 John Oliver <joliver@tresys.com> + + * Ensure architecture independent parts of python SWIG wrapper + get installed into the same directory as the architecture + dependent parts. + +2010-03-12 Chris PeBenito <cpebenito@tresys.com> + + * Fix seaudit/libseaudit headers. + +2010-03-02 John Oliver <joliver@tresys.com> + + * Fix error message when Tk can not be loaded by apol. Make it + clear that it is Tk, not an SETools library that connot be loaded. + +2010-03-01 John Oliver <joliver@tresys.com> + + * Fix error in Apol which would disable new and updated search + buttons in rule search. + +2009-12-09 John Oliver <joliver@tresys.com> + + * Fix seaudit-report to correctly handle -c and --config + options. + +2009-07-22 Chris PeBenito <cpebenito@tresys.com> + + * SETools 3.3.6. + +2009-07-16 Chris PeBenito <cpebenito@tresys.com> + + * Change default log for seaudit to /var/log/audit/audit.log. + +2009-07-16 Chris PeBenito <cpebenito@tresys.com> + + * Change context parsing in libseaudit to use libselinux functions. + +2009-06-04 Jeremy Solt <jsolt@tresys.com> + + * Add support for display of level and clearance of contexts to seaudit. + * Add support for filterting by level and clearance to seaudit. + +2009-05-26 Jeremy Solt <jsolt@tresys.com> + + * Modified seaudit to show the raw audit message when doubleclicking + an entry. + +2009-05-19 Steve Lawrence <slawrence@tresys.com> + + * Add libqpol and libapol support for policy capabilites and + permissive domains. + * Add policy capabilities and permissive domains querying to seinfo. + +2009-05-15 Jeremy Solt <jsolt@tresys.com> + + * Add support for using attribute names available in version 24 + binary policies. + +2008-09-11 J. Tang <jtang@tresys.com> + + * Fixed error in qpol_policy_rebuild_opt() where a policy's + neverallow rules are expanded when the rebuild option is + QPOL_POLICY_OPTION_NO_RULES. + +2008-08-15 J. Tang <jtang@tresys.com> + + * This is the official release of SETools 3.3.5. + + * Fixed errors in libapol's AV and TE rule rendering functions + where errno was not being set properly. + + * Fixed error in apol_syn_avrule_render() where braces were not + being added around the target set when there is exactly one target + type and the keyword 'self'. Thanks to Ryan Kagin for reporting + this error. + +2008-08-14 J. Tang <jtang@tresys.com> + + * Synched libqpol to libsepol version 2.0.32, policy parser to + 2.0.16. + + * Synched libqpol to libsepol version 2.0.26, policy parser to + 2.0.14. + + * Added qpol_type_get_ispermissive(). SETools can now handle + version 23 policy; bumped libqpol to version 1.4. + +2008-03-07 J. Tang <jtang@tresys.com> + + * This is the official release of SETools 3.3.4. + + * debian/control: Added transitional packages for libapol1, + libseaudit1, libsefs1, and their associated development package. + + * packages/rpm/fc9-compile.diff: Added a patch to allow building + of SETools on Fedora 9, due to possible buggy gcc/glibc-header + interaction in libseaudit/swig/python. + +2008-03-05 J. Tang <jtang@tresys.com> + + * Fixes to libapol and libqpol to allow SETools to compile under + gcc/g++ 4.3. + + * Added autodetection of Tk, needed for Tk 8.5. + + * Synced libqpol to policy parser to 2.0.13. + +2008-02-29 J. Tang <jtang@tresys.com> + + * Synced libqpol to libsepol version 2.0.23, policy parser to + 2.0.10. + +2008-02-21 J. Tang <jtang@tresys.com> + + * This is the official release of SETools 3.3.3. + + * Fixes to qpol_default_policy_find() to properly return policies + whose versions are greater than the currently running system. + +2008-02-19 J. Tang <jtang@tresys.com> + + * Added QPOL_POLICY_OPTION_MATCH_SYSTEM as a policy load option to + qpol_policy_open_from_file(). The tools seinfo, sesearch, and + sechecker will now use this flag when loading the system's default + policy. + + * Modified libqpol to understand version 22 policy. Added + QPOL_CAP_POLCAPS to qpol_capability enum. + +2008-02-15 J. Tang <jtang@tresys.com> + + * Synced libqpol to libsepol version 2.0.20. The configure script + will check if dynamic avtabs exist (introduced in libsepol 2.0.20) + and will adjust policy loading as necessary. + +2008-01-09 J. Tang <jtang@tresys.com> + + * Added initial attempt at Debian-izing SETools. The Debian + control files are only present in the SVN checkout of SETools, not + in the distributed tarball. + +2007-11-02 J. Tang <jtang@tresys.com> + + * Ported bug fixes in branches/setools-devel to trunk. This is + the official release of SETools 3.3.2. + + * Fixed error in libsefs/Java where the library has not been built + correctly since version 4 of libsefs. + +2007-10-31 J. Mowery <jmowery@tresys.com> + + * Fix to libqpol when querying policies with no genfscon statements. + + * Fix to SWIG wrappers to correctly report exceptions in multi-threaded + Java environments. + +2007-10-31 J. Tang <jtang@tresys.com> + + * Modifed libqpol to explicitly ignore disabled aliases. + + * Merged RedHat's spec file changes. + +2007-10-08 J. Tang <jtang@tresys.com> + + * Fix to libqpol when qpol_type_get_alias_iter() could erroneously + be set to an initially wrong position for certain primary types. + +2007-10-02 J. Tang <jtang@tresys.com> + + * Fix to libqpol to synthesize object_r. This was previously + (erroneously) handled in libapol. + +2007-09-26 J. Tang <jtang@tresys.com> + + * Fix to apol where empty levels would throw an error during + validation. + +2007-09-04 J. Mowery <jmowery@tresys.com> + + * Fixes to libsefs and apol if an invalid regular expression is + given. + +2007-08-30 J. Mowery <jmowery@tresys.com> + + * Do not look for neverallow rules on default avrule query if not + available. + +2007-08-22 J. Tang <jtang@tresys.com> + + * Ported bug fixes in branches/setools-devel to trunk. This is + the official release of SETools 3.3.1. + +2007-08-20 J. Tang <jtang@tresys.com> + + * Fixed memory leak in libapol/infoflow analysis, where edges were + not being freed. Thanks to Ben Martin for spotting this error. + +2007-08-16 J. Tang <jtang@tresys.com> + + * Fixed an error in libapol's infoflow. When performing a + transitive search, let there be an intermediate rule with source + A, an attribute. If a member of A, type T, is excluded by not + calling apol_infoflow_analysis_append_intermediate(), it was still + possible to return an infoflow result that uses T. This has been + fixed. + +2007-08-13 J. Tang <jtang@tresys.com> + + * Fix error in libsefs when querying a filesystem or fcfile by + range, but the fclist is not MLS. + +2007-08-06 J. Tang <jtang@tresys.com> + + * configure.ac: Tk is checked only if --enable-swig-tcl and + --enable-gui are given. Also, if tclconfig.sh is not found, then + abort configuration. + + * apol/top.tcl: Fixed error where reading from an older .apol file + (from SETools < 3.2) would cause a startup problem. + + * libapol/include/apol/domain-trans-analysis.h: Upon invalid + transition, empty vectors are returned rather than NULL pointers. + +2007-08-02 J. Tang <jtang@tresys.com> + + * Official release of SETools 3.3. + +2007-08-02 J. Mowery <jmowery@tresys.com> + + * Corrected sechecker module incomplete domain transitions + to once again return results for missing RBAC and user policy + for transitions that have sufficient type enforcement rules. + +2007-07-27 J. Tang <jtang@tresys.com> + + * Library jar files are now installed in + $PREFIX/share/setools-<version>, with symlinks in + $PREFIX/share/java. They used to be placed in + $PREFIX/lib/setools. + + * Added framework for CUnit tests for libseaudit. + +2007-07-26 J. Tang <jtang@tresys.com> + + * Updated all linker map and SWIG interface files to match + exported library headers. + + * libseaudit/src/filter.c (seaudit_filter_set_match): Added + ability to set strictness of libseaudit filters. Be default, + filters are not strict; this matches previous libseaudit behavior. + See seaudit_filter_set_match() for definition of "strictness". + +2007-07-26 M. Goldman <mgoldman@tresys.com> + * Added tooltip to glade interface noting that diffing never + allow rules could dramaticly increase run time + + * Fixed names in sediffx to be more descriptive (the tree view + in the upper left hand corner). Names changed from + AVRules auditallow to Audit Allow Rules as an example. + +2007-07-24 J. Tang <jtang@tresys.com> + + * Added framework for CUnit tests for libapol. + +2007-07-23 J. Tang <jtang@tresys.com> + + * Added framework for CUnit tests for libpoldiff and libqpol. + configure now has the option --with-test-policies to specify where + the test policies reside. + +2007-07-20 J. Tang <jtang@tresys.com> + + * Added seaudit_filter for PID. + +2007-07-19 J. Tang <jtang@tresys.com> + + * Added many optimizations to qpol_policy_build_syn_rule_table() + and associated functions. With some code rewrites, a doubling of + the syntactic rule hash table size, and an improved hashing + function, it is at least three times faster to build the table. + +2007-07-18 J. Tang <jtang@tresys.com> + + * Fixed error in libpoldiff where if an AV or a TE rule was within + a conditional that had multiple boolean variables, the diff + algorithm would generate an incorrect STC key for that rule. + +2007-07-17 J. Mowery <jmowery@tresys.com> + + * Updated domain transition analysis to use the BST internally; + this should result in improved performance. + +2007-07-13 J. Tang <jtang@tresys.com> + + * Java SWIG libraries now check if the libraries needs to be + loaded before doing such. + + * Added more filtering options to libseaudit. + +2007-07-12 J. Tang <jtang@tresys.com> + + * seaudit_filter_set_ipaddress() is renamed to + seaudit_filter_set_anyaddr(). seaudit_filter_set_port() is now + seaudit_filter_set_anyport(). Similar changes occurred to the + respective accessors. + +2007-07-11 M. Goldman <mgoldman@tresys.com> + + * Split functions relating to item records out into their own + file. Added documentation for same. + +2007-07-09 J. Tang <jtang@tresys.com> + + * Added additional sort constructors to libseaudit. + +2007-07-05 J. Tang <jtang@tresys.com> + + * seaudit now has a button to clear all messages from a view. + This is useful when doing log monitoring, to show only new + messages. + + * Added seaudit_model_hide_message(), to suppress display of + certain messages within a model. + +2007-06-28 J. Tang <jtang@tresys.com> + + * Updated apol and sediffx to delay loading neverallow rules + unless the user requested analyzing them. + +2007-06-25 J. Tang <jtang@tresys.com> + + * Updated apol(1) to use new libsefs + + * Updated replcon(1) to use new libsefs. + +2007-06-19 J. Tang <jtang@tresys.com> + + * Updated indexcon(1) to use new libsefs. + + * Merged searchcon(1) functionality into findcon(1); man pages + updated. searchcon(1) has been removed from SETools. + + * libsefs.so.4 is now wrapped by SWIG, for Python, Java, and + Tcl. + + * Rewrite of libsefs to meet coding standards. libsefs.so.4 is an + object-oriented library that abstracts away filesystems, + file_contexts files, and databases into a unified object that can + be queried easily. + +2007-06-18 J. Tang <jtang@tresys.com> + + * libpoldiff/include/poldiff/rbac_diff.h: Added + poldiff_role_allow_get_unmodified_roles(). The return values + poldiff_role_allow_get_added_roles() and + poldiff_role_allow_get_removed_roles() have been changed for forms + POLDIFF_FORM_ADDED and POLDIFF_FORM_REMOVED. + +2007-06-14 J. Tang <jtang@tresys.com> + + * SETools can now compile against GTK+ 2.4. Nonetheless, GTK+ 2.8 + is still the recommended toolkit. + +2007-06-13 J. Tang <jtang@tresys.com> + + * libseaudit/src/log.c (seaudit_log_clear): Added ability to clear + a log of its messages. + +2007-06-12 J. Tang <jtang@tresys.com> + + * SETools now requires libsqlite3, version 3.2.0 or greater. It + used to ship with its own copy of sqlite3; that is no longer the + case. + +2007-06-11 M. Goldman <mgoldman@tresys.com> + * Updated swig interface to properly expose av and te rule + vector accessor functions for libpoldiff. + +2007-06-08 J. Mowery <jmowery@tresys.com> + + * Fixed an error in libpoldiff where + poldiff_terule_get_modified_default() was returning the + original default; it now correctly returns the modified + default type. + +2007-06-08 M. Goldman <mgoldman@tresys.com> + + * updated sediffx diffs so that the subrules for avrules and + terules are broken out into allow, neverallow, auditallow, + dontaudit type_member, type_change, and type_transition rules + +2007-06-04 J. Tang <jtang@tresys.com> + + * added convert functions to apol_context_t and + apol_mls_range_t; added constructors + apol_mls_range_create_from_string() and + apol_mls_range_create_from_literal(). + +2007-05-31 J. Tang <jtang@tresys.com> + + * libapol/src/util.c (apol_str_to_objclass): Added this function, + as the complement to apol_objclass_to_str(). + + * libapol/src/mls_level.c (apol_mls_level_is_literal), + libapol/src/mls_range.c (apol_mls_range_is_literal): Added + ability to query if level/range is literal. This is needed when + printing an apol_context_t containing a literal level. + + * libapol: split mls-query.h into mls-query.h, mls_level.h, and + mls_range.h. This file was much too large. + +2007-05-30 J. Tang <jtang@tresys.com> + + * libapol/src/mls-query.c (apol_mls_level_create_from_literal) + (apol_mls_level_convert): The apol_mls_level_t object can now be + created without relying upon a policy. Call + apol_mls_level_convert() to complete its category list. + +2007-05-30 J. Mowery <jmowery@tresys.com> + + * The --regex flag in sesearch now also applies to --class. + +2007-05-29 J. Tang <jtang@tresys.com> + + * ./configure no longer has --enable-sefs flag, for libselinux is + required to build SETools. (The kernel does need to have SELinux + running, though.) Therefore, libsefs is now always built. + + * apol converted to use the SWIG interface for Tcl. + + * libapol/src/types-relation-analysis.c + (apol_types_relation_domain): Domain transition table was not + correctly reset when intermixing calls between + apol_types_relation_analysis_do() and + apol_domain_trans_analysis_do(). + +2007-05-22 J. Tang <jtang@tresys.com> + + * Added infoflow defines to apol.i. Added apol_file_find_path() + to apol.i. They were inadvertently missing from the interface + file. + +2007-05-22 J. Mowery <jmowery@tresys.com> + + * Renamed apol_permmap_*() to apol_policy_*_permmap() to + correctly reflect the fact that the policy owns the permmap. + +2007-05-21 J. Mowery <jmowery@tresys.com> + + * Renamed apol_policy_domain_trans_table_build() and + apol_domain_trans_table_reset() to apol_policy_build_domain_trans_table() + and apol_polciy_reset_domain_trans_table() respectively. This change + reflects the correct namespace for these operations. + +2007-05-18 J. Mowery <jmowery@tresys.com> + + * Deprecated qpol_policy_extend(); this function is called + automatically by qpol_policy_open* and qpol_policy_rebuild() + and therefore does not need to be called separately. + +2007-05-16 J. Tang <jtang@tresys.com> + + * Right-clicking an apol results display now pops up a menu, that + allows the user to copy and to select all. + + * libapol/swig/apol.i: Within the SWIG interfaces, there now + exists an object "apol_ip_t", that represents both an IP address + and a protocol. apol_str_to_internal_ip() returns an apol_ip_t, + which may then be used when setting an apol_nodecon_query_t. Note + that this only affects the SWIG generated libraries, not the + original libapol. + + * SETools now requires a C99 compliant C compiler. The supplied + configure script will check for a working C99 compiler. + +2007-05-16 M. Goldman <mgoldman@tresys.com> + * modified libpoldiff to support partial diffing of avrules + + * modified sediff to expose partial diffing of avrules functionality + +2007-05-15 J. Tang <jtang@tresys.com> + + * libqpol/src/mls_query.c (qpol_level_get_alias_iter): Fixed + possible error when getting a level's alias iterator, where the + first element returned might be the original level instead of one + of its alias. + + * libapol/include/apol/policy-path.h, libapol/include/apol/util.h: + Headers errantly included <config.h>. + + * libapol/src/netcon-query.c (apol_nodecon_query_set_proto) + (apol_portcon_query_set_proto): These have been renamed to + apol_nodecon_query_set_protocol() and + apol_portcon_query_set_protocol() respectively. + + * libapol/src/util.c (apol_str_to_protocol): Added this function, + to complement existing apol_protocol_to_str(). + + * libapol/src/mls-query.c (apol_mls_range_contain_subrange): Fixed + potential segfault if a range's high level is not yet set when + comparison occurs. + +2007-05-14 J. Mowery <jmowery@tresys.com> + + * correctly marked libqpol defines for genfscon object classes + and fs_use behaviors as unsigned constants. + +2007-05-14 J. Tang <jtang@tresys.com> + + * libapol/src/role-query.c (apol_role_get_by_query), + libapol/src/user-query.c (apol_user_get_by_query): Extra logic + added when "object_r" is given as the role. For user queries, all + users implicitly have object_r assigned to them. For role + queries, all types are assigned to object_r. + + * libapol/swig/apol.i: apol_context_validate() and + apol_context_validate_partial() are now member functions of class + apol_context_t, rather than being a library function. + + * libapol/include/mls-query.h (apol_mls_cat_name_compare): Removed + apol_mls_cat_name_compare() from the libapol public API. This + function should never have been made public. + + * libapol/src/context-query.c: Fixed potential segfaults in + modifiers to apol_context_t object, if the same pointer returned + by its accessor is then passed back in the modifier modifier. + + * libapol/src/context-query.c (apol_context_render): When + rendering a partial context, unset fields are now explicitly + represented by an asterisk, rather than by an empty string. + +2007-05-11 J. Mowery <jmowery@tresys.com> + + * removed usage of typedef'ed bool_t and replaced with bool as + defined by stdbool.h; also replaced defined TRUE and FALSE + with true and false constants as defined by stdbool.h. + +2007-05-11 J. Tang <jtang@tresys.com> + + * Fix potential segfaults in apol_mls_range functions if the high + level is not set. + + * Added apol_mls_level_validate() to SWIG wrappers. Added + apol_mls_range_get_low() and apol_mls_range_get_high(). + apol_mls_range_validate() is now a member function of class + apol_mls_range_t, rather than a library function. + + * Within the SWIG wrappers, apol_mls_level_get_cats() returns a + vector. This should have been a string vector instead. + + * Added function apol_mls_level_validate(). + +2007-05-10 J. Tang <jtang@tresys.com> + + * Added setools-libs-tcl target to setools.spec. + + * Removed apol/apol.c; apol is now just a Tcl script that is + executed by tclsh, rather than a custom compiled Tcl interpreter. + + * Removed the deprecated header apol/avl-util.h and its associated + source file. + +2007-05-08 M. Goldman <mgoldman@tresys.com> + * Added next and previous buttons to seaudit + + * Added apol_bst_inorder_map() + +2007-05-07 J. Mowery <jmowery@tresys.com> + + * Changed apol_ipv4_addr_render so that it now takes an array + of uint32_t's instead of a single uint32_t. + + * Changed SWIG wrapping for apol_perm_query_t::run() to return + apol_string_vector_t instead of apol_vector_t. + + * Added exported pointers to SWIG wrappers of each library + to allow changing of the message handler callback and its + void * argument. + + * qpol_policy_rebuild() no longer requires a modular policy; + it can safely be called for any type of policy. + +2007-05-04 J. Tang <jtang@tresys.com> + + * Fixed qpol_module function names in the libqpol SWIG wrappers. + +2007-05-04 J. Mowery <jmowery@tresys.com> + + * Added SWIG wrappers for tcl to libpoldiff and libseaudit. + +2007-05-02 J. Mowery <jmowery@tresys.com> + + * Versioned symbols in other libraries. + +2007-05-01 J. Mowery <jmowery@tresys.com> + + * Versioned symbols in libqpol to allow conditional expansion + of neverallow rules from qpol_policy_open_from_*. + +2007-05-01 J. Tang <jtang@tresys.com> + + * Added apol_avrule_query_set_all_perms(). This changes the + behavior when matching multiple permissions. + +2007-04-30 J. Tang <jtang@tresys.com> + + * Added --enable-swig-tcl flag to configure script. + +2007-04-25 J. Tang <jtang@tresys.com> + + * Official release of SETools-3.2. + +2007-04-20 J. Tang <jtang@tresys.com> + + * Added seaudit_log_parse_buffer(), needed because + seaudit_log_parse() is not possible with the Java SWIG library. + + * Build system updated to suppress warnings from automake + 1.10, and for parallel compilation (i.e., make -j). + +2007-04-18 J. Mowery <jmowery@tresys.com> + + * The function apol_domain_trans_result_create_from_domain_trans_result() + is now publicly exported. Also added is apol_domain_trans_result_destroy() + to free memory used by duplicated results. + +2007-04-17 J. Tang <jtang@tresys.com> + + * Fixed potential segfault in seaudit_filter_set_date() when + called using the same struct tm pointers that were returned by + seaudit_filter_get_date(). The old code would dereference + memory that was just free()d. + +2007-04-16 J. Tang <jtang@tresys.com> + + * apol_mls_range_get_levels() fixed so that its returned levels + only include categories that are valid for the given policy. + Before it just copied the categories for the high level, even if a + lower level could not actually have one of those categories. + + * apol_mls_level_get_cats() now always returns categories in + alphabetical order. + +2007-04-06 J. Tang <jtang@tresys.com> + + * Added seaudit_avc_message_get_name() and + seaudit_sort_by_name(). seaudit now shows AVC messages' name + field; this column may be be hidden through the updated + preferences dialog. + + * Updated libqpol to use libsepol >= 2.0.0 if available. + configure should be able to autodetect this. + +2007-04-05 J. Tang <jtang@tresys.com> + + * sediffx now allows the user to select which components to diff, + rather than always diffing everything. + + * fix to domain transition analysis, where setexec rules might not + be found correctly given certain policies. + +2007-04-04 J. Tang <jtang@tresys.com> + + * New configure option --enable-swig-java to enable build of Java + SWIG wrappers. + +2007-04-03 J. Mowery <jmowery@tresys.com> + + * Added apol_file_is_policy_path_list() to validate policy path + list files. + + * Added ability to specify policy path list files from command + line for all tools taking a policy as an argument. + +2007-04-02 J. Mowery <jmowery@tresys.com> + + * Removed the "all_files" symbol from libsefs; this symbol was + previously marked as deprecated. + +2007-03-29 J. Mowery <jmowery@tresys.com> + + * Libpoldiff SWIG wrapper added; wrapper treats all structures as + classes in the target language. + +2007-03-28 J. Tang <jtang@tresys.com> + + * Introduced 'policy list' in apol, seaudit, and sediffx. This is + a small text file that contains references to a base policy and + any number of modules. + +2007-03-27 J. Tang <jtang@tresys.com> + + * added apol_policy_path_create_from_file() and + apol_policy_path_to_file(). + + * apol_str_trim() no longer has a return value; it also operates + directly on a string, rather than a reference to a string. + + * apol_vector_t and apol_bst_t now require a destructor function + to be given during creation time, rather than being passed as a + second parameter respectively to apol_vector_destroy() and + apol_bst_destroy(). All of SETools has been updated to this + scheme. + +2007-03-26 J. Tang <jtang@tresys.com> + + * apol_context_t is now an opaque structure. Accessors added to + the user, role, type, and range fields. + +2007-03-23 J. Tang <jtang@tresys.com> + + * added apol_mls_level_get_sens() and apol_mls_level_get_cats(). + +2007-03-23 J. Mowery <jmowery@tresys.com> + + * Libseaudit SWIG wrapper added; wrapper treats all structures as + classes in the target language. + +2007-03-23 J. Tang <jtang@tresys.com> + + * apol_mls_level_t and apol_mls_range_t are now opaque structures. + + * fixed error in seaudit_model_create_from_model(), where the + duplicate's filters and sorts were being linked to the original + model, not the newly created one. + + * fixed potential segfault in seaudit_filter_set_name() and + seaudit_filter_set_description() if the passed in pointer was the + same one obtained by the respecitve accessor function. + +2007-03-22 J. Mowery <jmowery@tresys.com> + + * Libapol SWIG wrapper updated to treat all structures as classes + in the target language. + +2007-03-21 J. Tang <jtang@tresys.com> + + * Added ability for user to specify type joins and splits in + sediffx. The libpoldiff library had always supported this + feature; it just was not available through the user interface. + +2007-03-20 J. Mowery <jmowery@tresys.com> + + * Renamed apol_domain_trans_table_destroy to domain_trans_table_destroy + and moved to policy-query-internal.h; this function was not intended + for external use. + +2007-03-19 J. Tang <jtang@tresys.com> + + * When viewing AV rule differences, click (either left or right) a + permission name. This will now popup a menu that gives line + numbers for rules that contributed just that permission, rather + than the entire AV rule. This is enabled when source policies are + used. + +2007-03-16 J. Tang <jtang@tresys.com> + + * Added poldiff_avrule_get_orig_line_numbers_for_perm() and + poldiff_avrule_get_mod_line_numbers_for_perm(). + +2007-03-15 J. Tang <jtang@tresys.com> + + * Split libpoldiff/include/rule_diff.h into + libpoldiff/include/avrule_diff.h and + libpoldiff/include/terule_diff.h. None of the function names were + changed. + + * Re-standardized all programs' command line options. -V always + shows the version, -c always deals with object classes, and so + forth. Man pages updated. + + * Renamed libapol/include/rangetrans-query.h to + libapol/include/range_trans-query.h. Likewise renamed + libpoldiff's rangetrans_diff.h None of the function names were + changed. + +2007-03-13 J. Tang <jtang@tresys.com> + + * fixed segfault in libseaudit when, while parsing an AVC + message's permissions list it does not encounter a closing brace. + + * information flow graphs are now being constructed via a BST and + its O(log n), rather than via a vector and O(n). It should be + noticeably faster now. + + * fixed error in information flow analysis, transitive mode. The + returned flows were mistakenly all set to be the same object + class. For example if a step was foo_t -> bar_t by way of class + baz_c, subsequent flows were accidentally being constrained to + also be of baz_c. + + * fixed error in apol_bst_insert() and apol_bst_insert_and_get(), + where the return values of 0 and 1 were flipped. The comment was + correct, but the code was not. + +2007-03-12 J. Tang <jtang@tresys.com> + + * fixed share libraries's soname, such that SETools's programs + depend upon the correct name. For example, seaudit's .dynamic + section should have as a dependency on libseaudit.so.4, not + libseaudit.so.4.1. + + * sediffx now diffs and displays range transitions + + * sediff -E now diffs range transitions + + * range transition diff added libpoldiff + +2007-03-08 J. Tang <jtang@tresys.com> + + * poldiff_user_get_added_roles() and + poldiff_user_get_removed_roles() now return all roles when the + form is POLDIFF_FORM_ADDED / POLDIFF_FORM_REMOVED. + + * sediffx updated to show users' MLS differences + +2007-03-07 J. Tang <jtang@tresys.com> + + * in libpoldiff, if either policy is MLS then when diffing users, + those users' default MLS level and assigned ranges are also + diffed. + + * added poldiff_range_t object + + * fixed segfault in libqpol when loading an invalid source policy + + * error messages were not being shown correctly in apol's open + policy dialog; fixed. + +2007-03-06 J. Mowery <jmowery@tresys.com> + + * added SWIG wrapper for libqpol. The wrapper treats all libqpol + structs as classes in the target language. + +2007-03-06 J. Tang <jtang@tresys.com> + + * apol_mls_level_create() will now always return an allocated (and + empty) category vector as part of the level. Before it would + initialize the field as NULL. + + * poldiff_avrule_get_unmodified_perms() no longer returns all + permissions whenever a rule is added or removed; it only returns + permissions when the form is POLDIFF_FORM_MODIFIED. The new + behavior matches the other policy components. + +2007-03-05 J. Tang <jtang@tresys.com> + + * added apol_mls_level_free() and apol_mls_range_get_levels() + +2007-03-02 J. Tang <jtang@tresys.com> + + * qpol_user_get_range() and qpol_user_get_dfltlevel() now return + NULL if the policy is not MLS. (It used to return a garbage + pointer.) + +2007-03-01 J. Tang <jtang@tresys.com> + + * added additional accessors to the seaudit_avc_message_t object. + +2007-02-28 J. Tang <jtang@tresys.com> + + * added apol_mls_level_create_from_mls_level() and + apol_mls_range_create_from_mls_range() copy constructors. + + * Fixed segfault when libseaudit attempts to parse certain load + policy messages. + +2007-02-23 J. Tang <jtang@tresys.com> + + * Implemented new sediffx results design. Results are implemented + as subclasses of an abstract result_item_t class. This will allow + easier future modifications of the sediffx interface. + +2007-02-21 J. Tang <jtang@tresys.com> + + * fixed segfault when opening a policy with + APOL_POLICY_OPTION_NO_RULES when the policy has an unconditional + type_transition rule. + +2007-02-16 J. Mowery <jmowery@tresys.com> + + * Moved libqpol/include/qpol/expand.h to libqpol/src/expand.h. + This header file was never supposed to be visible. + + * added SWIG wrappers to libapol; build system updated. configure + must be passed --enable-swig-python to build the wrappers. + +2007-02-14 J. Tang <jtang@tresys.com> + + * sesearch and apol now allow searching range transitions based + upon the target class. (Target classes were introduced in version + 21 policies.) + + * added to apol_range_trans_query_append_class() to + libapol/include/apol/rangetrans-query.h + +2007-02-07 J. Mowery <jmowery@tresys.com> + + * split --audit flag in sesearch to --auditallow and --dontaudit; + the --audit flag is now deprecated. + +2007-02-06 J. Tang <jtang@tresys.com> + + * Official release of SETools-3.1. + + * Compile fixes for 64-bit Linux. + +2007-02-02 J. Tang <jtang@tresys.com> + + * added RPM spec files. + +2007-01-30 J. Tang <jtang@tresys.com> + + * fixed error in apol when right-clicking an attribute when a file + contexts database is loaded. + + * fixed error in SQLite configuration in which a pointer size was + defined as the size of an integer. this is a no longer valid + assumption on 64-bit architectures. + + * if apol has a modular policy loaded, then its "policy version" + for purposes of permission maps is now set to the maximum policy + version as defined in libsepol. this mimics the linking behavior + of sepol. + +2007-01-25 J. Tang <jtang@tresys.com> + + * fixed error where aliases within modules were not being detected + properly + +2007-01-19 J. Mowery <jmowery@tresys.com> + + * all files now have correct copyright and license notices + +2007-01-19 J. Tang <jtang@tresys.com> + + * updated all help documentation + +2007-01-17 J. Mowery <jmowery@tresys.com> + + * updated all man pages + +2007-01-17 J. Tang <jtang@tresys.com> + + * added poldiff_type_remap_entry_get_is_inferred() + + * sediffx converted to use modular policies. + +2007-01-08 J. Tang <jtang@tresys.com> + + * apol converted to use modular policies. + +2007-01-05 J. Mowery <jmowery@tresys.com> + + * Added capability QPOL_CAP_SOURCE to detect ability to display + the policy source. + + * Deprecated qpol_policy_is_mls_enabled() use + qpol_policy_has_capability() for QPOL_CAP_MLS instead. + +2007-01-04 J. Tang <jtang@tresys.com> + + * seaudit converted to use modular policies. + +2007-01-03 J. Tang <jtang@tresys.com> + + * Deprecated apol_policy_open() and apol_policy_open_no_rules(); + use apol_policy_create_from_policy_path() instead. + +2006-12-14 J. Tang <jtang@tresys.com> + + * Added apol_policy_path_t object. This is needed because policy + paths are not just a single string, but rather a base policy and + any number of modules. + + * New functions apol_config_join_var() generalized to be + apol_str_join(). Same with apol_config_split_var() -> + apol_str_split(). + +2006-12-12 J. Tang <jtang@tresys.com> + + * Renamed qpol_find_default_policy_file() in qpol/policy.h to + qpol_default_policy_find() in qpol/util.h. Removed + qpol_find_default_policy_file_strerr(). These functions were + never supposed to be in these locations. + + * Deprecated apol_policy_is_binary(); use qpol policy capabilities + instead. + + * Deprecated qpol_open_policy_from_file(); it is now called + qpol_policy_open_from_file(). Similar change to + qpol_open_policy_from_file_no_rules() and + qpol_open_policy_from_memory(). + + * Merged qpol/policy_query.h into qpol/policy.h. Split module + related code into qpol/module.h. + + * Rewrite of seaudit to utilize libseaudit.so.4; tweaked numerous + interface issues. + + * Rewrite of libseaudit to meet coding standards. libseaudit.so.4 + is now a shared object file with proper namespacing. + +2006-12-11 J. Mowery <jmowery@tresys.com> + + * Added qpol_policy_has_capability() to qpol/policy_query.h + This function and the enumeration qpol_capability_e allows + a user of the library to check if a loaded policy is + capable of supporting various policy features. + + * Support has been added to libqpol for loading policy modules. + See qpol/policy.h for details. + +2006-12-01 J. Tang <jtang@tresys.com> + + * deprecated apol_config_get_varlist() and + apol_config_varlist_to_str(); added apol_file_find_path(), + apol_config_split_var(), and apol_config_join_var() + +2006-12-01 J. Tang <jtang@tresys.com> + + * Official release of SETools 3.0.1. + +2006-11-29 J. Tang <jtang@tresys.com> + + * synced source parser to libsepol 1.15.2. + +2006-11-27 J. Tang <jtang@tresys.com> + + * added application icons to apol, seaudit, and sediffx + +2006-11-09 j. Mowery <jmowery@tresys.com> + + * added __cplusplus guards to all external headers + +2006-11-08 J. Tang <jtang@tresys.com> + + * apol_permmap_t is now a hidden declaration. + apol_permmap_destroy() has been removed. (It should never have + been publicly visible.) + + * apol_policy_t is now an opaque structure. Added accessors such + as apol_policy_get_qpol() to retrieve some of those fields. This + also means that the apol callback function changed, so as to be + similar to qpol's callback. + +2006-11-07 J. Mowery <jmowery@tresys.com> + + * renamed apol_get_*_by_query() to apol_*_get_by_query to match + naming conventions of other functions. Old versions were retained and + marked as deprecated. + +2006-11-02 J. Tang <jtang@tresys.com> + + * added apol_str_strdup() (declared in apol/util.h) + + * apol_vector_create_from_vector() takes two additional arguments, + so that it can act more like a copy constructor. + + +2006-11-01 J. Mowery <jmowery@tresys.com> + + * added ability for avrule and terule queries to search to only types or + only attributes for both source and target fields (separate option for + each field, default is to search both types and attributes). + + * added apol_get_syn_avrule_by_query() and apol_get_syn_terule_by_query() + +2006-10-27 J. Tang <jtang@tresys.com> + + * added apol_str_appendf() (declared in apol/util.h) + +2006-10-27 J. Mowery <jmowery@tresys.com> + + * added make indent to standardize code indentation style + + * indented all .c and .h files with make indent (except sqlite which it skips) + +2006-10-25 J. Tang <jtang@tresys.com> + + * seaudit-report Logwatch script will look for + $(bindir)/seaudit-report, rather than the hard-coded + /usr/bin/seaudit-report + +2006-10-25 J. Mowery <jmowery@tresys.com> + + * numbered steps for loading + + * loading syntactic rule table is now off by default + + * updated tools requiring line numbers to build syntactic table as needed + +2006-10-24 J. Tang <jtang@tresys.com> + + * exclude the sqlite files from the Doxygen configuration + +2006-10-19 J. Tang <jtang@tresys.com> + + * added lib<foo>_get_version() functions to libqpol, libpoldiff, + and libsefs + +2006-10-17 J. Tang <jtang@tresys.com> + + * seaudit-report binary was mistakenly called "seaudit_report" + + * Updated man pages to match programs' help files. + +2006-10-13 J. Tang <jtang@tresys.com> + + * Official release of SETools 3.0. |