Permalink
Cannot retrieve contributors at this time
Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign up
Fetching contributors…
Cannot retrieve contributors at this time
| #!/bin/bash | |
| FILE=$1 | |
| [ -f "$FILE" ] || { | |
| echo "Provide a config file as argument" | |
| exit | |
| } | |
| write=false | |
| if [ "$2" = "-w" ]; then | |
| write=true | |
| fi | |
| CONFIGS_ON=" | |
| CONFIG_IKCONFIG | |
| CONFIG_IKCONFIG_PROC | |
| CONFIG_SYSVIPC | |
| CONFIG_CGROUPS | |
| CONFIG_CGROUP_FREEZER | |
| CONFIG_NAMESPACES | |
| CONFIG_UTS_NS | |
| CONFIG_IPC_NS | |
| CONFIG_USER_NS | |
| CONFIG_PID_NS | |
| CONFIG_NET_NS | |
| CONFIG_AUDIT | |
| CONFIG_AUDITSYSCALL | |
| CONFIG_AUDIT_TREE | |
| CONFIG_AUDIT_WATCH | |
| CONFIG_CC_STACKPROTECTOR | |
| CONFIG_DEBUG_RODATA | |
| CONFIG_DEVTMPFS | |
| CONFIG_DEVTMPFS_MOUNT | |
| CONFIG_DEVPTS_MULTIPLE_INSTANCES | |
| CONFIG_ECRYPT_FS | |
| CONFIG_ECRYPT_FS_MESSAGING | |
| CONFIG_ENCRYPTED_KEYS | |
| CONFIG_EXT4_FS_POSIX_ACL | |
| CONFIG_EXT4_FS_SECURITY | |
| CONFIG_FSNOTIFY | |
| CONFIG_DNOTIFY | |
| CONFIG_INOTIFY_USER | |
| CONFIG_FANOTIFY | |
| CONFIG_FANOTIFY_ACCESS_PERMISSIONS | |
| CONFIG_KEYS | |
| CONFIG_SWAP | |
| CONFIG_VT | |
| CONFIG_VT_CONSOLE | |
| CONFIG_SECCOMP | |
| CONFIG_SECURITY | |
| CONFIG_SECURITYFS | |
| CONFIG_SECURITY_NETWORK | |
| CONFIG_NETLABEL | |
| CONFIG_SECURITY_PATH | |
| CONFIG_SECURITY_SELINUX | |
| CONFIG_SECURITY_SELINUX_BOOTPARAM | |
| CONFIG_SECURITY_SELINUX_DISABLE | |
| CONFIG_SECURITY_SELINUX_DEVELOP | |
| CONFIG_SECURITY_SELINUX_AVC_STATS | |
| CONFIG_SECURITY_SMACK | |
| CONFIG_SECURITY_TOMOYO | |
| CONFIG_DEFAULT_SECURITY_APPARMOR | |
| CONFIG_SECURITY_APPARMOR | |
| CONFIG_SECURITY_APPARMOR_HASH | |
| CONFIG_SECURITY_APPARMOR_UNCONFINED_INIT | |
| CONFIG_SECURITY_YAMA | |
| CONFIG_SECURITY_YAMA_STACKED | |
| CONFIG_STRICT_DEVMEM | |
| CONFIG_SYN_COOKIES | |
| CONFIG_BT | |
| CONFIG_BT_RFCOMM | |
| CONFIG_BT_RFCOMM_TTY | |
| CONFIG_BT_BNEP | |
| CONFIG_BT_BNEP_MC_FILTER | |
| CONFIG_BT_BNEP_PROTO_FILTER | |
| CONFIG_BT_HIDP | |
| CONFIG_XFRM_USER | |
| CONFIG_NET_KEY | |
| CONFIG_INET | |
| CONFIG_IP_ADVANCED_ROUTER | |
| CONFIG_IP_MULTIPLE_TABLES | |
| CONFIG_INET_AH | |
| CONFIG_INET_ESP | |
| CONFIG_INET_IPCOMP | |
| CONFIG_INET_XFRM_MODE_TRANSPORT | |
| CONFIG_INET_XFRM_MODE_TUNNEL | |
| CONFIG_INET_XFRM_MODE_BEET | |
| CONFIG_IPV6 | |
| CONFIG_INET6_AH | |
| CONFIG_INET6_ESP | |
| CONFIG_INET6_IPCOMP | |
| CONFIG_INET6_XFRM_MODE_TRANSPORT | |
| CONFIG_INET6_XFRM_MODE_TUNNEL | |
| CONFIG_INET6_XFRM_MODE_BEET | |
| CONFIG_IPV6_MULTIPLE_TABLES | |
| CONFIG_NETFILTER | |
| CONFIG_NETFILTER_ADVANCED | |
| CONFIG_NETFILTER_NETLINK | |
| CONFIG_NETFILTER_NETLINK_ACCT | |
| CONFIG_NETFILTER_NETLINK_LOG | |
| CONFIG_NETFILTER_NETLINK_QUEUE | |
| CONFIG_NETFILTER_TPROXY | |
| CONFIG_NETFILTER_XTABLES | |
| CONFIG_NETFILTER_XT_CONNMARK | |
| CONFIG_NETFILTER_XT_MARK | |
| CONFIG_NETFILTER_XT_MATCH_ADDRTYPE | |
| CONFIG_NETFILTER_XT_MATCH_CLUSTER | |
| CONFIG_NETFILTER_XT_MATCH_COMMENT | |
| CONFIG_NETFILTER_XT_MATCH_CONNBYTES | |
| CONFIG_NETFILTER_XT_MATCH_CONNLIMIT | |
| CONFIG_NETFILTER_XT_MATCH_CONNMARK | |
| CONFIG_NETFILTER_XT_MATCH_CONNTRACK | |
| CONFIG_NETFILTER_XT_MATCH_CPU | |
| CONFIG_NETFILTER_XT_MATCH_DCCP | |
| CONFIG_NETFILTER_XT_MATCH_DEVGROUP | |
| CONFIG_NETFILTER_XT_MATCH_DSCP | |
| CONFIG_NETFILTER_XT_MATCH_ECN | |
| CONFIG_NETFILTER_XT_MATCH_ESP | |
| CONFIG_NETFILTER_XT_MATCH_HASHLIMIT | |
| CONFIG_NETFILTER_XT_MATCH_HELPER | |
| CONFIG_NETFILTER_XT_MATCH_HL | |
| CONFIG_NETFILTER_XT_MATCH_IPRANGE | |
| CONFIG_NETFILTER_XT_MATCH_LENGTH | |
| CONFIG_NETFILTER_XT_MATCH_LIMIT | |
| CONFIG_NETFILTER_XT_MATCH_MAC | |
| CONFIG_NETFILTER_XT_MATCH_MARK | |
| CONFIG_NETFILTER_XT_MATCH_MULTIPORT | |
| CONFIG_NETFILTER_XT_MATCH_NFACCT | |
| CONFIG_NETFILTER_XT_MATCH_OSF | |
| CONFIG_NETFILTER_XT_MATCH_OWNER | |
| CONFIG_NETFILTER_XT_MATCH_PKTTYPE | |
| CONFIG_NETFILTER_XT_MATCH_POLICY | |
| CONFIG_NETFILTER_XT_MATCH_QUOTA | |
| CONFIG_NETFILTER_XT_MATCH_QUOTA2 | |
| CONFIG_NETFILTER_XT_MATCH_RATEEST | |
| CONFIG_NETFILTER_XT_MATCH_REALM | |
| CONFIG_NETFILTER_XT_MATCH_RECENT | |
| CONFIG_NETFILTER_XT_MATCH_SCTP | |
| CONFIG_NETFILTER_XT_MATCH_SOCKET | |
| CONFIG_NETFILTER_XT_MATCH_STATE | |
| CONFIG_NETFILTER_XT_MATCH_STATISTIC | |
| CONFIG_NETFILTER_XT_MATCH_STRING | |
| CONFIG_NETFILTER_XT_MATCH_TCPMSS | |
| CONFIG_NETFILTER_XT_MATCH_TIME | |
| CONFIG_NETFILTER_XT_MATCH_U32 | |
| CONFIG_NETFILTER_XT_TARGET_AUDIT | |
| CONFIG_NETFILTER_XT_TARGET_CHECKSUM | |
| CONFIG_NETFILTER_XT_TARGET_CLASSIFY | |
| CONFIG_NETFILTER_XT_TARGET_CONNMARK | |
| CONFIG_NETFILTER_XT_TARGET_CONNSECMARK | |
| CONFIG_NETFILTER_XT_TARGET_CT | |
| CONFIG_NETFILTER_XT_TARGET_DSCP | |
| CONFIG_NETFILTER_XT_TARGET_HL | |
| CONFIG_NETFILTER_XT_TARGET_IDLETIMER | |
| CONFIG_NETFILTER_XT_TARGET_LED | |
| CONFIG_NETFILTER_XT_TARGET_LOG | |
| CONFIG_NETFILTER_XT_TARGET_MARK | |
| CONFIG_NETFILTER_XT_TARGET_NFLOG | |
| CONFIG_NETFILTER_XT_TARGET_NFQUEUE | |
| CONFIG_NETFILTER_XT_TARGET_NOTRACK | |
| CONFIG_NETFILTER_XT_TARGET_RATEEST | |
| CONFIG_NETFILTER_XT_TARGET_SECMARK | |
| CONFIG_NETFILTER_XT_TARGET_TCPMSS | |
| CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP | |
| CONFIG_NETFILTER_XT_TARGET_TEE | |
| CONFIG_NETFILTER_XT_TARGET_TPROXY | |
| CONFIG_NETFILTER_XT_TARGET_TRACE | |
| CONFIG_NF_CONNTRACK_ZONES | |
| CONFIG_IP6_NF_FILTER | |
| CONFIG_IP6_NF_IPTABLES | |
| CONFIG_IP6_NF_MANGLE | |
| CONFIG_IP6_NF_MATCH_AH | |
| CONFIG_IP6_NF_MATCH_EUI64 | |
| CONFIG_IP6_NF_MATCH_FRAG | |
| CONFIG_IP6_NF_MATCH_HL | |
| CONFIG_IP6_NF_MATCH_IPV6HEADER | |
| CONFIG_IP6_NF_MATCH_MH | |
| CONFIG_IP6_NF_MATCH_OPTS | |
| CONFIG_IP6_NF_MATCH_RPFILTER | |
| CONFIG_IP6_NF_MATCH_RT | |
| CONFIG_IP6_NF_QUEUE | |
| CONFIG_IP6_NF_RAW | |
| CONFIG_IP6_NF_SECURITY | |
| CONFIG_IP6_NF_TARGET_HL | |
| CONFIG_IP6_NF_TARGET_REJECT | |
| CONFIG_IP6_NF_TARGET_REJECT_SKERR | |
| CONFIG_DNS_RESOLVER | |
| CONFIG_IOSCHED_DEADLINE | |
| CONFIG_SUSPEND_TIME | |
| CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS | |
| CONFIG_CONSOLE_TRANSLATIONS | |
| CONFIG_EVM | |
| CONFIG_INTEGRITY_SIGNATURE | |
| CONFIG_FHANDLE | |
| CONFIG_EPOLL | |
| CONFIG_SIGNALFD | |
| CONFIG_TIMERFD | |
| CONFIG_TMPFS_POSIX_ACL | |
| " | |
| CONFIGS_OFF=" | |
| CONFIG_ANDROID_PARANOID_NETWORK | |
| CONFIG_DEFAULT_SECURITY_DAC | |
| CONFIG_DEFAULT_SECURITY_SELINUX | |
| CONFIG_DEFAULT_SECURITY_TOMOYO | |
| CONFIG_DEFAULT_SECURITY_YAMA | |
| CONFIG_DEFAULT_SECURITY_SMACK | |
| CONFIG_SECURITY_APPARMOR_STATS | |
| CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX | |
| CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER | |
| CONFIG_BT_HCIBTUSB | |
| CONFIG_BT_HCIBTSDIO | |
| CONFIG_BT_HCIUART | |
| CONFIG_BT_HCIBCM203X | |
| CONFIG_BT_HCIBPA10X | |
| CONFIG_BT_HCIBFUSB | |
| CONFIG_BT_HCIVHCI | |
| CONFIG_BT_MRVL | |
| CONFIG_AF_RXRPC | |
| CONFIG_KEYS_DEBUG_PROC_KEYS | |
| CONFIG_XFRM_MIGRATE | |
| CONFIG_XFRM_STATISTICS | |
| CONFIG_XFRM_SUB_POLICY | |
| CONFIG_COMPAT_BRK | |
| CONFIG_DEVKMEM | |
| CONFIG_NETFILTER_DEBUG | |
| CONFIG_IP_SET | |
| CONFIG_IP_VS | |
| CONFIG_RT_GROUP_SCHED | |
| CONFIG_ARM_UNWIND | |
| CONFIG_VT_HW_CONSOLE_BINDING | |
| CONFIG_FRAMEBUFFER_CONSOLE | |
| CONFIG_SPEAKUP | |
| CONFIG_CIFS_UPCALL | |
| CONFIG_CIFS_DFS_UPCALL | |
| CONFIG_KGDB | |
| " | |
| CONFIGS_EQ=" | |
| CONFIG_DEFAULT_SECURITY=\"apparmor\" | |
| CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 | |
| CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 | |
| CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 | |
| CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 | |
| CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 | |
| CONFIG_SECURITY_TOMOYO_POLICY_LOADER=\"/sbin/tomoyo-init\" | |
| CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER=\"/sbin/init\" | |
| CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 | |
| CONFIG_DEFAULT_MMAP_MIN_ADDR=32768 | |
| CONFIG_DEFAULT_IOSCHED=\"deadline\" | |
| CONFIG_EVM_HMAC_VERSION=2 | |
| " | |
| ered() { | |
| echo -e "\033[31m" $@ | |
| } | |
| egreen() { | |
| echo -e "\033[32m" $@ | |
| } | |
| ewhite() { | |
| echo -e "\033[37m" $@ | |
| } | |
| echo -e "\n\nChecking config file for Ubuntu Touch specific config options.\n\n" | |
| errors=0 | |
| fixes=0 | |
| for c in $CONFIGS_ON $CONFIGS_OFF;do | |
| cnt=`grep -w -c $c $FILE` | |
| if [ $cnt -gt 1 ];then | |
| ered "$c appears more than once in the config file, fix this" | |
| errors=$((errors+1)) | |
| fi | |
| if [ $cnt -eq 0 ];then | |
| if $write ; then | |
| ewhite "Creating $c" | |
| echo "# $c is not set" >> "$FILE" | |
| fixes=$((fixes+1)) | |
| else | |
| ered "$c is neither enabled nor disabled in the config file" | |
| errors=$((errors+1)) | |
| fi | |
| fi | |
| done | |
| for c in $CONFIGS_ON;do | |
| if grep "$c=y\|$c=m" "$FILE" >/dev/null;then | |
| egreen "$c is already set" | |
| else | |
| if $write ; then | |
| ewhite "Setting $c" | |
| sed -i "s,# $c is not set,$c=y," "$FILE" | |
| fixes=$((fixes+1)) | |
| else | |
| ered "$c is not set, set it" | |
| errors=$((errors+1)) | |
| fi | |
| fi | |
| done | |
| for c in $CONFIGS_EQ;do | |
| lhs=$(awk -F= '{ print $1 }' <(echo $c)) | |
| rhs=$(awk -F= '{ print $2 }' <(echo $c)) | |
| if grep "^$c" "$FILE" >/dev/null;then | |
| egreen "$c is already set correctly." | |
| continue | |
| elif grep "^$lhs" "$FILE" >/dev/null;then | |
| cur=$(awk -F= '{ print $2 }' <(grep "$lhs" "$FILE")) | |
| ered "$lhs is set, but to $cur not $rhs." | |
| if $write ; then | |
| egreen "Setting $c correctly" | |
| sed -i 's,^'"$lhs"'.*,# '"$lhs"' was '"$cur"'\n'"$c"',' "$FILE" | |
| fixes=$((fixes+1)) | |
| fi | |
| else | |
| if $write ; then | |
| ewhite "Setting $c" | |
| echo "$c" >> "$FILE" | |
| fixes=$((fixes+1)) | |
| else | |
| ered "$c is not set" | |
| errors=$((errors+1)) | |
| fi | |
| fi | |
| done | |
| for c in $CONFIGS_OFF;do | |
| if grep "$c=y\|$c=m" "$FILE" >/dev/null;then | |
| if $write ; then | |
| ewhite "Unsetting $c" | |
| sed -i "s,$c=.*,# $c is not set," $FILE | |
| fixes=$((fixes+1)) | |
| else | |
| ered "$c is set, unset it" | |
| errors=$((errors+1)) | |
| fi | |
| else | |
| egreen "$c is already unset" | |
| fi | |
| done | |
| if [ $errors -eq 0 ];then | |
| egreen "\n\nConfig file checked, found no errors.\n\n" | |
| else | |
| ered "\n\nConfig file checked, found $errors errors that I did not fix.\n\n" | |
| fi | |
| if [ $fixes -gt 0 ];then | |
| egreen "Made $fixes fixes.\n\n" | |
| fi | |
| ewhite " " |