Lines Matching refs:from
2 * Validate extended avrules and permissionxs in CIL, from Steve Lawrence.
3 * Add support in CIL for neverallowx, from Steve Lawrence.
4 * Fully expand neverallowxperm rules, from Richard Haines.
5 * Add support for unordered classes to CIL, from Yuli Khodorkovskiy.
6 * Add neverallow support for ioctl extended permissions, from Jeff Vander Stoep.
7 * Improve CIL block and macro call recursion detection, from Steve Lawrence
8 * Fix CIL uninitialized false positive in cil_binary, from Yuli Khodorkovskiy
9 * Provide error in CIL if classperms are empty, from Yuli Khodorkovskiy
10 * Add userattribute{set} functionality to CIL, from Yuli Khodorkovskiy
11 * fix CIL blockinherit copying segfault and add macro restrictions, from Steve Lawrence
12 * fix CIL NULL pointer dereference when copying classpermission/set, from Steve Lawrence
13 * Add CIL support for ioctl whitelists, from Steve Lawrence
14 * Fix memory leak when destroying avtab, from Steve Lawrence
15 * Replace sscanf in module_to_cil, from Yuli Khodorkovskiy.
16 * Improve CIL resolution error messages, from Steve Lawrence
17 * Fix policydb_read for policy versions < 24, from Stephen Smalley.
18 * Added CIL bounds checking and refactored CIL Neverallow checking, from James Carter
19 * Refactored libsepol Neverallow and bounds (hierarchy) checking, from James Carter
20 * Treat types like an attribute in the attr_type_map, from James Carter
21 * Add new ebitmap function named ebitmap_match_any(), from James Carter
22 * switch operations to extended perms, from Jeff Vander Stoep.
23 * Write auditadm_r and secadm_r roles to base module when writing CIL, from Steve Lawrence
24 …* Fix module to CIL to only associate declared roleattributes with in-scope types, from Steve Lawr…
25 * Don't allow categories/sensitivities inside blocks in CIL, from Yuli Khodorkovskiy.
26 * Replace fmemopen() with internal function in libsepol, from James Carter.
27 * Verify users prior to evaluating users in cil, from Yuli Khodorkovskiy.
28 * Binary modules do not support ioctl rules, from Stephen Smalley.
29 * Add support for ioctl command whitelisting, from Jeff Vander Stoep.
30 * Don't use symbol versioning for static object files, from Yuli Khodorkovskiy.
31 …b_to_cil(), sepol_module_package_to_cil(), and sepol_ppfile_to_module_package(), from James Carter.
32 * Move secilc out of libsepol, from Yuli Khodorkovskiy.
34 CIL documentation, from Richard Haines.
35 * bool_copy_callback set state on creation, from Thomas Hurd.
36 * Add device tree ocontext nodes to Xen policy, from Daniel De Graaf.
37 * Widen Xen IOMEM context entries, from Daniel De Graaf.
38 * Update CIL documentation, from Richard Haines
39 * Fix error path in mls_semantic_level_expand(), from Chris PeBenito.
40 * Fix MacOS X build, from Stephen Smalley.
41 * Enabling building CIL in Android, from Stephen Smalley.
46 * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR, from Steve
48 * Fix bugs found by hardened gcc flags, from Nicolas Iooss.
50 DISABLE_CIL flag to 'y', from Steve Lawrence
51 * Add an API function to set target_platform, from Steve Lawrence
52 * Report all neverallow violations, from Stephen Smalley
53 * Improve check_assertions performance through hash tweaks from John Brooks.
54 * Allow libsepol C++ static library on device from Daniel Cashman.
60 * Fix valgrind errors in constraint_expr_eval_reason from Richard Haines.
61 * Add sepol_validate_transition_reason_buffer function from Richard Haines.
64 * Allow constraint denial cause to be determined from Richard Haines.
68 * Support overriding Makefile RANLIB from Sven Vermeulen.
69 * Fix man pages from Laurent Bigonville.
98 * Move ebitmap_* functions from mcstrans to libsepol
104 * Separate tunable from boolean during compile.
141 * Fixed typo in error message from Manoj Srivastava.
144 * Add pkgconfig file from Eamon Walsh.
147 * Add support for building Xen policies from Paul Nuzzi.
154 * Add method to check disable dontaudit flag from Christopher Pardy.
157 * Fix boolean state smashing from Joshua Brindle.
161 from Caleb Case.
164 * Add bounds support from KaiGai Kohei.
165 * Fix invalid aliases bug from Joshua Brindle.
171 * Allow require then declare in the source policy from Joshua Brindle.
174 …* Fix mls_semantic_level_expand() to handle a user require w/o MLS information from Stephen Smalle…
177 * Fix endianness bug in the handling of network node addresses from Stephen Smalley.
182 * Merge user and role mapping support from Joshua Brindle.
185 …* Fix mls_level_convert() to gracefully handle an empty user declaration/require from Stephen Smal…
188 * Belatedly merge test for policy downgrade from Todd Miller.
191 * Add permissive domain support from Eric Paris.
194 * Drop unused ->buffer field from struct policy_file.
197 * Add policy_file_init() initalizer for struct policy_file and use it, from Todd C. Miller.
200 * Accept "Flask" as an alternate identifier string in kernel policies from Stephen Smalley.
203 * Add support for open_perms policy capability from Eric Paris.
206 * Fix invalid memory allocation in policydb_index_others() from Jason Tang.
209 …uichi Nakamura's tune avtab to reduce memory usage patch from the kernel avtab to libsepol from St…
213 peak memory usage from Joshua Brindle.
216 * Added support for policy capabilities from Todd Miller.
219 * Prevent generation of policy.18 with MLS enabled from Todd Miller.
222 * print module magic number in hex on mismatch, from Todd Miller.
225 * clarify and reduce neverallow error reporting from Stephen Smalley.
228 * Reject self aliasing at link time from Stephen Smalley.
231 * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley.
234 * Fixed bug in require checking from Stephen Smalley.
235 * Added user hierarchy checking from Todd Miller.
241 * Merged support for the handle_unknown policydb flag from Eric Paris.
244 * Moved next_entry and put_entry out-of-line to reduce code size from Ulrich Drepper.
250 * Eliminate unaligned accesses from policy reading code from Stephen Smalley.
253 * Allow dontaudits to be turned off during policy expansion from
262 * Merged error handling patch from Eamon Walsh.
265 * Merged add boolmap argument to expand_module_avrules() from Chris PeBenito.
268 * Merged fix from Karl to remap booleans at expand time to
272 * Merged libsepol segfault fix from Stephen Smalley for when
282 * Merged patch to compile wit -fPIC instead of -fpic from
287 * Merged fix from Karl MacMillan for a segfault when linking
292 transition rules from being written for a version 5 base policy
293 from Darrel Goeddel.
303 from Darrel Goeddel
310 * Merged conditionally expand neverallows patch from Jeremy Mowery.
311 * Merged refactor expander patch from Jeremy Mowery.
314 * Merged libsepol unit tests from Joshua Brindle.
317 * Merged symtab datum patch from Karl MacMillan.
320 * Merged netfilter contexts support from Chris PeBenito.
323 * Merged helpful hierarchy check errors patch from Joshua Brindle.
326 * Merged semodule_deps patch from Karl MacMillan.
333 * Merged optionals in base take 2 patch set from Joshua Brindle.
339 * Merged cleaner fix for bool_ids overflow from Karl MacMillan,
344 policy read from Serge Hallyn.
352 and node_from_record fixes from Serge Hallyn.
360 * Merged patch to initialize sym_val_to_name arrays from Kevin Carr.
365 * Merged patch to revert role/user decl upgrade from Karl MacMillan.
368 * Dropped tests from all Makefile target.
371 * Merged fix warnings patch from Karl MacMillan.
374 * Merged libsepol test framework patch from Karl MacMillan.
380 * Merged fix for leak of optional package sections from Ivan Gyurdiev.
399 * Merged cond_evaluate_expr fix from Serge Hallyn (IBM).
404 changes from Ivan Gyurdiev.
407 * Merged node_expand_addr bugfix and node_compare* change from
411 * Merged nodes, ports: always prepend patch from Ivan Gyurdiev.
412 * Merged bug fix patch from Ivan Gyurdiev.
418 * Merged nodecon support patch from Ivan Gyurdiev.
419 * Merged cleanups patch from Ivan Gyurdiev.
422 * Merged optionals in base patch from Joshua Brindle.
425 * Merged seuser/user_extra support patch from Joshua Brindle.
426 * Merged fix patch from Ivan Gyurdiev.
429 * Merged clone record on set_con patch from Ivan Gyurdiev.
432 * Merged assertion copying bugfix from Joshua Brindle.
433 * Merged sepol_av_to_string patch from Joshua Brindle.
437 from Joshua Brindle.
438 * Merged improve port/fcontext API patch from Ivan Gyurdiev.
439 * Merged fixes for overflow bugs on 64-bit from Ivan Gyurdiev.
442 * Merged size_t -> unsigned int patch from Ivan Gyurdiev.
445 * Merged 2nd const in APIs patch from Ivan Gyurdiev.
448 * Merged const in APIs patch from Ivan Gyurdiev.
449 * Merged compare2 function patch from Ivan Gyurdiev.
455 * Merged further fixes from Russell Coker, specifically:
463 * Merged bugfix for sepol_port_modify from Russell Coker.
467 * Merged port ordering patch from Ivan Gyurdiev.
470 * Merged patch series from Ivan Gyurdiev.
484 * Dropped handle from user_del_role interface.
487 * Merged remove defrole from sepol patch from Ivan Gyurdiev.
490 * Merged module function and map file cleanup from Ivan Gyurdiev.
491 * Merged MLS and genusers cleanups from Ivan Gyurdiev.
502 * Removed sepol_port_* from libsepol.map, as the port interfaces
506 * Merged context destroy cleanup patch from Ivan Gyurdiev.
509 * Merged context_to_string interface change patch from Ivan Gyurdiev.
519 from Ivan Gyurdiev.
522 * Merged count specification change from Ivan Gyurdiev.
530 fix patches from Ivan Gyurdiev.
533 * Removed processing of system.users from sepol_genusers and
537 * Removed policydb_destroy from error path of policydb_read,
544 * Merged query/exists and count patches from Ivan Gyurdiev.
547 * Merged fix for pruned types in expand code from Joshua Brindle.
548 * Merged new module package format code from Joshua Brindle.
552 key passing, and bug fix patches from Ivan Gyurdiev.
555 * Merged users cleanup patch from Ivan Gyurdiev.
558 * Merged user record memory leak fix from Ivan Gyurdiev.
559 * Merged reorganize users patch from Ivan Gyurdiev.
592 code from Joshua Brindle.
598 * Merged new callback-based error reporting system from Ivan
602 * Merged support for require blocks inside conditionals from
615 or wrapped from old module.h, link.h, and expand.h, adjusted for
625 4) policydb_write uses the policy_type and policyvers from the
629 * Merged function renaming and static cleanup from Ivan Gyurdiev.
633 from Joshua Brindle (Tresys).
636 * Merged iterate patch from Ivan Gyurdiev.
639 * Merged MLS in modules patch from Joshua Brindle (Tresys).
642 * Merged pointer typedef elimination patch from Ivan Gyurdiev.
644 from Ivan Gyurdiev.
647 * Merged sepol_get_num_roles fix from Karl MacMillan (Tresys).
650 * Merged bug fix patches from Joshua Brindle (Tresys).
653 * Merged boolean record and memory leak fix patches from Ivan
657 * Merged interface record patch from Ivan Gyurdiev.
660 * Merged fix for sepol_enable/disable_debug from Ivan
664 * Merged stddef.h patch and debug conversion patch from
678 * Merged fix for memory error in policy_module_destroy from
682 * Merged fix for memory leak in sepol_context_to_sid from
687 change to scope_destroy from Joshua Brindle (Tresys).
691 from Serge Hallyn (IBM). Bugs found by Coverity.
697 * Merged several error handling fixes from
710 when writing the type->attribute reverse map from
738 * Merged patch to move module read/write code from libsemanage
739 to libsepol from Jason Tang (Tresys).
745 * Merged user, context, port records patch from Ivan Gyurdiev.
746 * Merged key extract function patch from Ivan Gyurdiev.
749 * Merged mls_context_to_sid bugfix from Ivan Gyurdiev.
754 genbools, debug traceback, and bugfix patches from Ivan Gyurdiev.
755 * Merged uninitialized variable bugfix from Dan Walsh.
758 * Merged debug support, policydb conversion functions from Ivan Gyurdiev (Red Hat).
762 * Merged hierarchy check fix from Joshua Brindle (Tresys).
765 * Merged header file cleanup and memory leak fix from Ivan Gyurdiev (Red Hat).
768 * Merged genbools debugging message cleanup from Red Hat.
771 * Merged loadable module support from Tresys Technology.
794 * Merged hierarchical type/role patch from Tresys Technology.
795 * Merged MLS fixes from Darrel Goeddel of TCS.
803 * Merged booleans.local patch from Dan Walsh.
810 * Merged man pages for genpolusers and chkcon from Manoj Srivastava.
819 * Merged sepol_debug and fclose patch from Dan Walsh.
826 * Merged range_transition support from Darrel Goeddel (TCS).
832 * Merged endianness and compute_av patches from Darrel Goeddel (TCS).
838 * Merged enhanced MLS support from Darrel Goeddel (TCS).
841 * Merged build fix patch from Manoj Srivastava.
851 * Merged patch from Dan Walsh to ignore case on booleans.
854 * Moved genpolbools utility from checkpolicy to libsepol.
865 * Removed original code from checkpolicy, which now uses libsepol.