# SELint Changelog

## [1.5] 2024-01-09

### Changed
- Checks about requires now support userspace classperm requires
- Various CI improvements
- Clearer message for W-011

### Fixed
- Support quoted genfscon paths
- Compile with gcc 14

## [1.4.0] 2023-02-03

### Added (checks)
- W-013 for audit_access permissions in allow and auditallow rules

### Changed
- Warn if duplicate configuration files are detected in a policy
- selint-disable commands now work on tunable blocks

### Fixed
- Support ifn?def blocks in .if files
- Various bug fixes

## [1.3.0] 2022-09-17

### Added (checks)
- New check level: eXtra.  Checks intended to be run on occasion for code
  inspection, not regularly
- X-001 for unused interfaces
- X-002 for av rule exclusions
- C-008 for valid conditional identifiers

### Changed
- Improve ordering to be more permissive in line with user expectations
- Parser errors now display the full path to the unparsed file

### Fixed
- Various parser fixes
- Support anonymous inodes
- Handle selint-disable correctly with require blocks
- Avoid false positive W-002 warnings in the presence of S-004
- Various bug fixes

## [1.2.1] 2022-01-10

### Changed
- Checks referencing attributes now see attributes assigned to a type as part
  of a type declaration

### Fixed
- Various parser fixes and enhancements
- Support IVv4 address embedding

## [1.2.0] 2021-01-18
### Added (general features)
- New ./configure option --enable-werror to compile treating errors as
  warnings.
- Parse errors now display info about exactly where in the line the failure occurred
- spec file for building on rpm based distros

### Added (checks)
- C-006 for unordered declarations in require blocks
- C-007 for missing use of the self keyword
- E-009 for empty optional and require blocks
- E-010 for stray bare words

### Changed
- New C-001 ordering option refpolicy-light (see sample selint.conf for details)
- Extend S-009 to support multi-class av rules
- Improved error messages for various error cases
- selint-disable now allows a space before check ids
- You can now use multiple --context arguments

### Fixed
- Support object class specifications in role transitions
- Lots of cleanup and fixes for C-001 ordering checks
- Support extended permission class av rules (allowxperm etc)
- Internal cleanup and improvements
- Allow multiple roles in role allow statements

## [1.1.0] 2020-05-19
### Added (general features)
- -S flag to print a summary of issue found following an analysis
- --context flag to specify additional files to parse but not scan.
  This is primarily helpful if you want to only scan your modified files
  in a full source repository.  (If you are planning on loading your local
  modules into your already installed policy and have local development
  headers in a standard location, selint should find them by default and you
  don't need to use this option)
- -F flag to return an error code on issues found
- --summary-only flag to output a summary of issues found without displaying
  the actual issues
- ./configure flag to disable unit testing.  This can be used on systems with
  older versions of libcheck.
- Colored output

### Added (checks)
- C-005 for permission ordering
- S-003 for unneeded semicolons
- S-004 for template calls from interfaces
- S-005 for declarations in an interface
- S-006 for the use of a bare module statement instead of policy_module() macro
- S-007 for the use of a gen_context() macro with no mls component specified
- S-008 for gen_require() macro calls with unquoted arguments
- S-009 for permission macros that don't match object class
- S-010 suggestiong usage of permission macros
- W-006 for interface call with empty arguments
- W-007 for unexpected spaces in interface arguments
- W-008 for permission lists with * or ~
- W-009 for module name not matching file name
- E-006 for declaration/interface name clash
- E-007 for usage of unknown permission macros

### Changed
- Turn C-001 off by default.
- Assume the presence of system_u user and object_r role if no config is loaded.
- SELint will no longer scan file_contexts file that are probably generated by the build system.
  This behavior can be turned off by setting skip_checking_generated_fcs=false in the config
- W-001 and W-002 check additional types of rules

### Fixed
- Man page generation in distribution tarballs now works after make clean
- documentation cleanup
- Various parser fixes
- Clean up of check C-001

## [1.0.2] - 2020-01-30
### Fixed
- (Issue #11) Include CHANGELOG, LICENSE and testing input files in release tarballs

## [1.0.1] - 2020-01-28
### Added
- Warning for invalid check ids in config or on command line
- CI for github pushes
- Enabled many warnings in build system
- Changelog

### Fixed
- Check W-002 now handles multiple requires in the same interface correctly
- (Issue #2) Handle types prefixed with "-" correctly in checks
- Handle type aliases correctly in checks W-002 and W-003
- Fix double free in certain parse error corner cases
- Look at role transitions in relevant checks (C-001, W-002, W-003)
- Fix false positives on W-004 when a regex character is in square brackets
- General Code Cleanup

## [1.0.0] - 2020-01-15
Initial Release
