RELEASE 20191204 (3.0)

User-visible changes:

• Optional support for kernel policy optimization (enable with
  optimize-policy=true in /etc/selinux/semanage.conf for modular policy or -O
  option to checkpolicy/secilc for monolithic policy); this is optional because it
  provides relatively small savings with non-trivial policy compile-time overhead
  for some policies e.g. Android.

• New digest scheme for setfiles/restorecon -D; instead of a single hash of the
  entire file contexts configuration stored in a security.restorecon_last xattr on
  only the top-level directory, use a hash of all partial matches from file
  contexts stored in a security.sehash xattr on each directory,

• Support for default_range glblub in source policy (.te/policy.conf and CIL)
  and kernel policy version 32,

• New libselinux APIs for querying validatetrans rules,

• Unknown permissions are now handled as errors in CIL,

• security_av_string() no longer returns immediately upon encountering an
  unknown permission and will log all known permissions,

• checkmodule -c support for specifying module policy version,

• mcstransd reverted to original color range matching based on dominance,

• Support for 'dccp' and 'sctp' protocols in semanage port command,

• 'checkpolicy -o -' writes policy to standard output,

• 'semodule -v' sets also cil's log level

• Python 2 code is not be supported in this project anymore and new Python code
  should be written only for Python 3.

• Messages about the statement failing to resolve and the optional block being
  disabled are displayed at the highest verbosity level.

• Fixed redundant console log output error in restorecond

Issues fixed:

• #61
• #137
• #138
• #167
• #169
• #170
• #176