Permalink
Cannot retrieve contributors at this time
#!/bin/bash | |
FILE=$1 | |
[ -f "$FILE" ] || { | |
echo "Provide a config file as argument" | |
exit | |
} | |
write=false | |
if [ "$2" = "-w" ]; then | |
write=true | |
fi | |
CONFIGS_ON=" | |
CONFIG_IKCONFIG | |
CONFIG_IKCONFIG_PROC | |
CONFIG_SYSVIPC | |
CONFIG_CGROUPS | |
CONFIG_CGROUP_FREEZER | |
CONFIG_NAMESPACES | |
CONFIG_UTS_NS | |
CONFIG_IPC_NS | |
CONFIG_USER_NS | |
CONFIG_PID_NS | |
CONFIG_NET_NS | |
CONFIG_AUDIT | |
CONFIG_AUDITSYSCALL | |
CONFIG_AUDIT_TREE | |
CONFIG_AUDIT_WATCH | |
CONFIG_CC_STACKPROTECTOR | |
CONFIG_DEBUG_RODATA | |
CONFIG_DEVTMPFS | |
CONFIG_DEVTMPFS_MOUNT | |
CONFIG_DEVPTS_MULTIPLE_INSTANCES | |
CONFIG_ECRYPT_FS | |
CONFIG_ECRYPT_FS_MESSAGING | |
CONFIG_ENCRYPTED_KEYS | |
CONFIG_EXT4_FS_POSIX_ACL | |
CONFIG_EXT4_FS_SECURITY | |
CONFIG_FSNOTIFY | |
CONFIG_DNOTIFY | |
CONFIG_INOTIFY_USER | |
CONFIG_FANOTIFY | |
CONFIG_FANOTIFY_ACCESS_PERMISSIONS | |
CONFIG_KEYS | |
CONFIG_SWAP | |
CONFIG_VT | |
CONFIG_VT_CONSOLE | |
CONFIG_SECCOMP | |
CONFIG_SECURITY | |
CONFIG_SECURITYFS | |
CONFIG_SECURITY_NETWORK | |
CONFIG_NETLABEL | |
CONFIG_SECURITY_PATH | |
CONFIG_SECURITY_SELINUX | |
CONFIG_SECURITY_SELINUX_BOOTPARAM | |
CONFIG_SECURITY_SELINUX_DISABLE | |
CONFIG_SECURITY_SELINUX_DEVELOP | |
CONFIG_SECURITY_SELINUX_AVC_STATS | |
CONFIG_SECURITY_SMACK | |
CONFIG_SECURITY_TOMOYO | |
CONFIG_DEFAULT_SECURITY_APPARMOR | |
CONFIG_SECURITY_APPARMOR | |
CONFIG_SECURITY_APPARMOR_HASH | |
CONFIG_SECURITY_APPARMOR_UNCONFINED_INIT | |
CONFIG_SECURITY_YAMA | |
CONFIG_SECURITY_YAMA_STACKED | |
CONFIG_STRICT_DEVMEM | |
CONFIG_SYN_COOKIES | |
CONFIG_BT | |
CONFIG_BT_RFCOMM | |
CONFIG_BT_RFCOMM_TTY | |
CONFIG_BT_BNEP | |
CONFIG_BT_BNEP_MC_FILTER | |
CONFIG_BT_BNEP_PROTO_FILTER | |
CONFIG_BT_HIDP | |
CONFIG_XFRM_USER | |
CONFIG_NET_KEY | |
CONFIG_INET | |
CONFIG_IP_ADVANCED_ROUTER | |
CONFIG_IP_MULTIPLE_TABLES | |
CONFIG_INET_AH | |
CONFIG_INET_ESP | |
CONFIG_INET_IPCOMP | |
CONFIG_INET_XFRM_MODE_TRANSPORT | |
CONFIG_INET_XFRM_MODE_TUNNEL | |
CONFIG_INET_XFRM_MODE_BEET | |
CONFIG_IPV6 | |
CONFIG_INET6_AH | |
CONFIG_INET6_ESP | |
CONFIG_INET6_IPCOMP | |
CONFIG_INET6_XFRM_MODE_TRANSPORT | |
CONFIG_INET6_XFRM_MODE_TUNNEL | |
CONFIG_INET6_XFRM_MODE_BEET | |
CONFIG_IPV6_MULTIPLE_TABLES | |
CONFIG_NETFILTER | |
CONFIG_NETFILTER_ADVANCED | |
CONFIG_NETFILTER_NETLINK | |
CONFIG_NETFILTER_NETLINK_ACCT | |
CONFIG_NETFILTER_NETLINK_LOG | |
CONFIG_NETFILTER_NETLINK_QUEUE | |
CONFIG_NETFILTER_TPROXY | |
CONFIG_NETFILTER_XTABLES | |
CONFIG_NETFILTER_XT_CONNMARK | |
CONFIG_NETFILTER_XT_MARK | |
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE | |
CONFIG_NETFILTER_XT_MATCH_CLUSTER | |
CONFIG_NETFILTER_XT_MATCH_COMMENT | |
CONFIG_NETFILTER_XT_MATCH_CONNBYTES | |
CONFIG_NETFILTER_XT_MATCH_CONNLIMIT | |
CONFIG_NETFILTER_XT_MATCH_CONNMARK | |
CONFIG_NETFILTER_XT_MATCH_CONNTRACK | |
CONFIG_NETFILTER_XT_MATCH_CPU | |
CONFIG_NETFILTER_XT_MATCH_DCCP | |
CONFIG_NETFILTER_XT_MATCH_DEVGROUP | |
CONFIG_NETFILTER_XT_MATCH_DSCP | |
CONFIG_NETFILTER_XT_MATCH_ECN | |
CONFIG_NETFILTER_XT_MATCH_ESP | |
CONFIG_NETFILTER_XT_MATCH_HASHLIMIT | |
CONFIG_NETFILTER_XT_MATCH_HELPER | |
CONFIG_NETFILTER_XT_MATCH_HL | |
CONFIG_NETFILTER_XT_MATCH_IPRANGE | |
CONFIG_NETFILTER_XT_MATCH_LENGTH | |
CONFIG_NETFILTER_XT_MATCH_LIMIT | |
CONFIG_NETFILTER_XT_MATCH_MAC | |
CONFIG_NETFILTER_XT_MATCH_MARK | |
CONFIG_NETFILTER_XT_MATCH_MULTIPORT | |
CONFIG_NETFILTER_XT_MATCH_NFACCT | |
CONFIG_NETFILTER_XT_MATCH_OSF | |
CONFIG_NETFILTER_XT_MATCH_OWNER | |
CONFIG_NETFILTER_XT_MATCH_PKTTYPE | |
CONFIG_NETFILTER_XT_MATCH_POLICY | |
CONFIG_NETFILTER_XT_MATCH_QUOTA | |
CONFIG_NETFILTER_XT_MATCH_QUOTA2 | |
CONFIG_NETFILTER_XT_MATCH_RATEEST | |
CONFIG_NETFILTER_XT_MATCH_REALM | |
CONFIG_NETFILTER_XT_MATCH_RECENT | |
CONFIG_NETFILTER_XT_MATCH_SCTP | |
CONFIG_NETFILTER_XT_MATCH_SOCKET | |
CONFIG_NETFILTER_XT_MATCH_STATE | |
CONFIG_NETFILTER_XT_MATCH_STATISTIC | |
CONFIG_NETFILTER_XT_MATCH_STRING | |
CONFIG_NETFILTER_XT_MATCH_TCPMSS | |
CONFIG_NETFILTER_XT_MATCH_TIME | |
CONFIG_NETFILTER_XT_MATCH_U32 | |
CONFIG_NETFILTER_XT_TARGET_AUDIT | |
CONFIG_NETFILTER_XT_TARGET_CHECKSUM | |
CONFIG_NETFILTER_XT_TARGET_CLASSIFY | |
CONFIG_NETFILTER_XT_TARGET_CONNMARK | |
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK | |
CONFIG_NETFILTER_XT_TARGET_CT | |
CONFIG_NETFILTER_XT_TARGET_DSCP | |
CONFIG_NETFILTER_XT_TARGET_HL | |
CONFIG_NETFILTER_XT_TARGET_IDLETIMER | |
CONFIG_NETFILTER_XT_TARGET_LED | |
CONFIG_NETFILTER_XT_TARGET_LOG | |
CONFIG_NETFILTER_XT_TARGET_MARK | |
CONFIG_NETFILTER_XT_TARGET_NFLOG | |
CONFIG_NETFILTER_XT_TARGET_NFQUEUE | |
CONFIG_NETFILTER_XT_TARGET_NOTRACK | |
CONFIG_NETFILTER_XT_TARGET_RATEEST | |
CONFIG_NETFILTER_XT_TARGET_SECMARK | |
CONFIG_NETFILTER_XT_TARGET_TCPMSS | |
CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP | |
CONFIG_NETFILTER_XT_TARGET_TEE | |
CONFIG_NETFILTER_XT_TARGET_TPROXY | |
CONFIG_NETFILTER_XT_TARGET_TRACE | |
CONFIG_NF_CONNTRACK_ZONES | |
CONFIG_IP6_NF_FILTER | |
CONFIG_IP6_NF_IPTABLES | |
CONFIG_IP6_NF_MANGLE | |
CONFIG_IP6_NF_MATCH_AH | |
CONFIG_IP6_NF_MATCH_EUI64 | |
CONFIG_IP6_NF_MATCH_FRAG | |
CONFIG_IP6_NF_MATCH_HL | |
CONFIG_IP6_NF_MATCH_IPV6HEADER | |
CONFIG_IP6_NF_MATCH_MH | |
CONFIG_IP6_NF_MATCH_OPTS | |
CONFIG_IP6_NF_MATCH_RPFILTER | |
CONFIG_IP6_NF_MATCH_RT | |
CONFIG_IP6_NF_QUEUE | |
CONFIG_IP6_NF_RAW | |
CONFIG_IP6_NF_SECURITY | |
CONFIG_IP6_NF_TARGET_HL | |
CONFIG_IP6_NF_TARGET_REJECT | |
CONFIG_IP6_NF_TARGET_REJECT_SKERR | |
CONFIG_DNS_RESOLVER | |
CONFIG_IOSCHED_DEADLINE | |
CONFIG_SUSPEND_TIME | |
CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS | |
CONFIG_CONSOLE_TRANSLATIONS | |
CONFIG_EVM | |
CONFIG_INTEGRITY_SIGNATURE | |
CONFIG_FHANDLE | |
CONFIG_EPOLL | |
CONFIG_SIGNALFD | |
CONFIG_TIMERFD | |
CONFIG_TMPFS_POSIX_ACL | |
" | |
CONFIGS_OFF=" | |
CONFIG_ANDROID_PARANOID_NETWORK | |
CONFIG_DEFAULT_SECURITY_DAC | |
CONFIG_DEFAULT_SECURITY_SELINUX | |
CONFIG_DEFAULT_SECURITY_TOMOYO | |
CONFIG_DEFAULT_SECURITY_YAMA | |
CONFIG_DEFAULT_SECURITY_SMACK | |
CONFIG_SECURITY_APPARMOR_STATS | |
CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX | |
CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER | |
CONFIG_BT_HCIBTUSB | |
CONFIG_BT_HCIBTSDIO | |
CONFIG_BT_HCIUART | |
CONFIG_BT_HCIBCM203X | |
CONFIG_BT_HCIBPA10X | |
CONFIG_BT_HCIBFUSB | |
CONFIG_BT_HCIVHCI | |
CONFIG_BT_MRVL | |
CONFIG_AF_RXRPC | |
CONFIG_KEYS_DEBUG_PROC_KEYS | |
CONFIG_XFRM_MIGRATE | |
CONFIG_XFRM_STATISTICS | |
CONFIG_XFRM_SUB_POLICY | |
CONFIG_COMPAT_BRK | |
CONFIG_DEVKMEM | |
CONFIG_NETFILTER_DEBUG | |
CONFIG_IP_SET | |
CONFIG_IP_VS | |
CONFIG_RT_GROUP_SCHED | |
CONFIG_ARM_UNWIND | |
CONFIG_VT_HW_CONSOLE_BINDING | |
CONFIG_FRAMEBUFFER_CONSOLE | |
CONFIG_SPEAKUP | |
CONFIG_CIFS_UPCALL | |
CONFIG_CIFS_DFS_UPCALL | |
CONFIG_KGDB | |
" | |
CONFIGS_EQ=" | |
CONFIG_DEFAULT_SECURITY=\"apparmor\" | |
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 | |
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 | |
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 | |
CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 | |
CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 | |
CONFIG_SECURITY_TOMOYO_POLICY_LOADER=\"/sbin/tomoyo-init\" | |
CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER=\"/sbin/init\" | |
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 | |
CONFIG_DEFAULT_MMAP_MIN_ADDR=32768 | |
CONFIG_DEFAULT_IOSCHED=\"deadline\" | |
CONFIG_EVM_HMAC_VERSION=2 | |
" | |
ered() { | |
echo -e "\033[31m" $@ | |
} | |
egreen() { | |
echo -e "\033[32m" $@ | |
} | |
ewhite() { | |
echo -e "\033[37m" $@ | |
} | |
echo -e "\n\nChecking config file for Ubuntu Touch specific config options.\n\n" | |
errors=0 | |
fixes=0 | |
for c in $CONFIGS_ON $CONFIGS_OFF;do | |
cnt=`grep -w -c $c $FILE` | |
if [ $cnt -gt 1 ];then | |
ered "$c appears more than once in the config file, fix this" | |
errors=$((errors+1)) | |
fi | |
if [ $cnt -eq 0 ];then | |
if $write ; then | |
ewhite "Creating $c" | |
echo "# $c is not set" >> "$FILE" | |
fixes=$((fixes+1)) | |
else | |
ered "$c is neither enabled nor disabled in the config file" | |
errors=$((errors+1)) | |
fi | |
fi | |
done | |
for c in $CONFIGS_ON;do | |
if grep "$c=y\|$c=m" "$FILE" >/dev/null;then | |
egreen "$c is already set" | |
else | |
if $write ; then | |
ewhite "Setting $c" | |
sed -i "s,# $c is not set,$c=y," "$FILE" | |
fixes=$((fixes+1)) | |
else | |
ered "$c is not set, set it" | |
errors=$((errors+1)) | |
fi | |
fi | |
done | |
for c in $CONFIGS_EQ;do | |
lhs=$(awk -F= '{ print $1 }' <(echo $c)) | |
rhs=$(awk -F= '{ print $2 }' <(echo $c)) | |
if grep "^$c" "$FILE" >/dev/null;then | |
egreen "$c is already set correctly." | |
continue | |
elif grep "^$lhs" "$FILE" >/dev/null;then | |
cur=$(awk -F= '{ print $2 }' <(grep "$lhs" "$FILE")) | |
ered "$lhs is set, but to $cur not $rhs." | |
if $write ; then | |
egreen "Setting $c correctly" | |
sed -i 's,^'"$lhs"'.*,# '"$lhs"' was '"$cur"'\n'"$c"',' "$FILE" | |
fixes=$((fixes+1)) | |
fi | |
else | |
if $write ; then | |
ewhite "Setting $c" | |
echo "$c" >> "$FILE" | |
fixes=$((fixes+1)) | |
else | |
ered "$c is not set" | |
errors=$((errors+1)) | |
fi | |
fi | |
done | |
for c in $CONFIGS_OFF;do | |
if grep "$c=y\|$c=m" "$FILE" >/dev/null;then | |
if $write ; then | |
ewhite "Unsetting $c" | |
sed -i "s,$c=.*,# $c is not set," $FILE | |
fixes=$((fixes+1)) | |
else | |
ered "$c is set, unset it" | |
errors=$((errors+1)) | |
fi | |
else | |
egreen "$c is already unset" | |
fi | |
done | |
if [ $errors -eq 0 ];then | |
egreen "\n\nConfig file checked, found no errors.\n\n" | |
else | |
ered "\n\nConfig file checked, found $errors errors that I did not fix.\n\n" | |
fi | |
if [ $fixes -gt 0 ];then | |
egreen "Made $fixes fixes.\n\n" | |
fi | |
ewhite " " |