halium-boot/check-kernel-config

#!/bin/bash

FILE=$1

[ -f "$FILE" ] || {
	echo "Provide a config file as argument"
	exit
}

write=false

if [ "$2" = "-w" ]; then
	write=true
fi

CONFIGS_ON="
CONFIG_IKCONFIG
CONFIG_CPUSETS
CONFIG_AUTOFS4_FS
CONFIG_TMPFS_XATTR
CONFIG_TMPFS_POSIX_ACL
CONFIG_CGROUP_DEVICE
CONFIG_CGROUP_MEM_RES_CTLR
CONFIG_CGROUP_MEM_RES_CTLR_SWAP
CONFIG_CGROUP_MEM_RES_CTLR_KMEM
CONFIG_RTC_DRV_CMOS
CONFIG_BLK_CGROUP
CONFIG_CGROUP_PERF
CONFIG_IKCONFIG_PROC
CONFIG_SYSVIPC
CONFIG_CGROUPS
CONFIG_CGROUP_FREEZER
CONFIG_NAMESPACES
CONFIG_UTS_NS
CONFIG_IPC_NS
CONFIG_USER_NS
CONFIG_PID_NS
CONFIG_NET_NS
CONFIG_AUDIT
CONFIG_AUDITSYSCALL
CONFIG_AUDIT_TREE
CONFIG_AUDIT_WATCH
CONFIG_CC_STACKPROTECTOR
CONFIG_DEBUG_RODATA
CONFIG_DEVTMPFS
CONFIG_DEVTMPFS_MOUNT
CONFIG_DEVPTS_MULTIPLE_INSTANCES
CONFIG_ECRYPT_FS
CONFIG_ECRYPT_FS_MESSAGING
CONFIG_ENCRYPTED_KEYS
CONFIG_EXT4_FS_POSIX_ACL
CONFIG_EXT4_FS_SECURITY
CONFIG_FSNOTIFY
CONFIG_DNOTIFY
CONFIG_INOTIFY_USER
CONFIG_FANOTIFY
CONFIG_FANOTIFY_ACCESS_PERMISSIONS
CONFIG_KEYS
CONFIG_SWAP
CONFIG_VT
CONFIG_VT_CONSOLE
CONFIG_SECCOMP
CONFIG_SECURITY
CONFIG_SECURITYFS
CONFIG_SECURITY_NETWORK
CONFIG_NETLABEL
CONFIG_SECURITY_PATH
CONFIG_SECURITY_SELINUX
CONFIG_SECURITY_SELINUX_BOOTPARAM
CONFIG_SECURITY_SELINUX_DISABLE
CONFIG_SECURITY_SELINUX_DEVELOP
CONFIG_SECURITY_SELINUX_AVC_STATS
CONFIG_SECURITY_SMACK
CONFIG_SECURITY_TOMOYO
CONFIG_DEFAULT_SECURITY_APPARMOR
CONFIG_SECURITY_APPARMOR
CONFIG_SECURITY_APPARMOR_HASH
CONFIG_SECURITY_APPARMOR_UNCONFINED_INIT
CONFIG_SECURITY_YAMA
CONFIG_SECURITY_YAMA_STACKED
CONFIG_STRICT_DEVMEM
CONFIG_SYN_COOKIES
CONFIG_BT
CONFIG_BT_RFCOMM
CONFIG_BT_RFCOMM_TTY
CONFIG_BT_BNEP
CONFIG_BT_BNEP_MC_FILTER
CONFIG_BT_BNEP_PROTO_FILTER
CONFIG_BT_HIDP
CONFIG_XFRM_USER
CONFIG_NET_KEY
CONFIG_INET
CONFIG_IP_ADVANCED_ROUTER
CONFIG_IP_MULTIPLE_TABLES
CONFIG_INET_AH
CONFIG_INET_ESP
CONFIG_INET_IPCOMP
CONFIG_INET_XFRM_MODE_TRANSPORT
CONFIG_INET_XFRM_MODE_TUNNEL
CONFIG_INET_XFRM_MODE_BEET
CONFIG_IPV6
CONFIG_INET6_AH
CONFIG_INET6_ESP
CONFIG_INET6_IPCOMP
CONFIG_INET6_XFRM_MODE_TRANSPORT
CONFIG_INET6_XFRM_MODE_TUNNEL
CONFIG_INET6_XFRM_MODE_BEET
CONFIG_IPV6_MULTIPLE_TABLES
CONFIG_NETFILTER
CONFIG_NETFILTER_ADVANCED
CONFIG_NETFILTER_NETLINK
CONFIG_NETFILTER_NETLINK_ACCT
CONFIG_NETFILTER_NETLINK_LOG
CONFIG_NETFILTER_NETLINK_QUEUE
CONFIG_NETFILTER_TPROXY
CONFIG_NETFILTER_XTABLES
CONFIG_NETFILTER_XT_CONNMARK
CONFIG_NETFILTER_XT_MARK
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE
CONFIG_NETFILTER_XT_MATCH_CLUSTER
CONFIG_NETFILTER_XT_MATCH_COMMENT
CONFIG_NETFILTER_XT_MATCH_CONNBYTES
CONFIG_NETFILTER_XT_MATCH_CONNLIMIT
CONFIG_NETFILTER_XT_MATCH_CONNMARK
CONFIG_NETFILTER_XT_MATCH_CONNTRACK
CONFIG_NETFILTER_XT_MATCH_CPU
CONFIG_NETFILTER_XT_MATCH_DCCP
CONFIG_NETFILTER_XT_MATCH_DEVGROUP
CONFIG_NETFILTER_XT_MATCH_DSCP
CONFIG_NETFILTER_XT_MATCH_ECN
CONFIG_NETFILTER_XT_MATCH_ESP
CONFIG_NETFILTER_XT_MATCH_HASHLIMIT
CONFIG_NETFILTER_XT_MATCH_HELPER
CONFIG_NETFILTER_XT_MATCH_HL
CONFIG_NETFILTER_XT_MATCH_IPRANGE
CONFIG_NETFILTER_XT_MATCH_LENGTH
CONFIG_NETFILTER_XT_MATCH_LIMIT
CONFIG_NETFILTER_XT_MATCH_MAC
CONFIG_NETFILTER_XT_MATCH_MARK
CONFIG_NETFILTER_XT_MATCH_MULTIPORT
CONFIG_NETFILTER_XT_MATCH_NFACCT
CONFIG_NETFILTER_XT_MATCH_OSF
CONFIG_NETFILTER_XT_MATCH_OWNER
CONFIG_NETFILTER_XT_MATCH_PKTTYPE
CONFIG_NETFILTER_XT_MATCH_POLICY
CONFIG_NETFILTER_XT_MATCH_QUOTA
CONFIG_NETFILTER_XT_MATCH_QUOTA2
CONFIG_NETFILTER_XT_MATCH_RATEEST
CONFIG_NETFILTER_XT_MATCH_REALM
CONFIG_NETFILTER_XT_MATCH_RECENT
CONFIG_NETFILTER_XT_MATCH_SCTP
CONFIG_NETFILTER_XT_MATCH_SOCKET
CONFIG_NETFILTER_XT_MATCH_STATE
CONFIG_NETFILTER_XT_MATCH_STATISTIC
CONFIG_NETFILTER_XT_MATCH_STRING
CONFIG_NETFILTER_XT_MATCH_TCPMSS
CONFIG_NETFILTER_XT_MATCH_TIME
CONFIG_NETFILTER_XT_MATCH_U32
CONFIG_NETFILTER_XT_TARGET_AUDIT
CONFIG_NETFILTER_XT_TARGET_CHECKSUM
CONFIG_NETFILTER_XT_TARGET_CLASSIFY
CONFIG_NETFILTER_XT_TARGET_CONNMARK
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK
CONFIG_NETFILTER_XT_TARGET_CT
CONFIG_NETFILTER_XT_TARGET_DSCP
CONFIG_NETFILTER_XT_TARGET_HL
CONFIG_NETFILTER_XT_TARGET_IDLETIMER
CONFIG_NETFILTER_XT_TARGET_LED
CONFIG_NETFILTER_XT_TARGET_LOG
CONFIG_NETFILTER_XT_TARGET_MARK
CONFIG_NETFILTER_XT_TARGET_NFLOG
CONFIG_NETFILTER_XT_TARGET_NFQUEUE
CONFIG_NETFILTER_XT_TARGET_NOTRACK
CONFIG_NETFILTER_XT_TARGET_RATEEST
CONFIG_NETFILTER_XT_TARGET_SECMARK
CONFIG_NETFILTER_XT_TARGET_TCPMSS
CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP
CONFIG_NETFILTER_XT_TARGET_TEE
CONFIG_NETFILTER_XT_TARGET_TPROXY
CONFIG_NETFILTER_XT_TARGET_TRACE
CONFIG_NF_CONNTRACK_ZONES
CONFIG_IP6_NF_FILTER
CONFIG_IP6_NF_IPTABLES
CONFIG_IP6_NF_MANGLE
CONFIG_IP6_NF_MATCH_AH
CONFIG_IP6_NF_MATCH_EUI64
CONFIG_IP6_NF_MATCH_FRAG
CONFIG_IP6_NF_MATCH_HL
CONFIG_IP6_NF_MATCH_IPV6HEADER
CONFIG_IP6_NF_MATCH_MH
CONFIG_IP6_NF_MATCH_OPTS
CONFIG_IP6_NF_MATCH_RPFILTER
CONFIG_IP6_NF_MATCH_RT
CONFIG_IP6_NF_QUEUE
CONFIG_IP6_NF_RAW
CONFIG_IP6_NF_SECURITY
CONFIG_IP6_NF_TARGET_HL
CONFIG_IP6_NF_TARGET_REJECT
CONFIG_IP6_NF_TARGET_REJECT_SKERR
CONFIG_DNS_RESOLVER
CONFIG_IOSCHED_DEADLINE
CONFIG_SUSPEND_TIME
CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS
CONFIG_CONSOLE_TRANSLATIONS
CONFIG_EVM
CONFIG_INTEGRITY_SIGNATURE
CONFIG_FHANDLE
CONFIG_EPOLL
CONFIG_SIGNALFD
CONFIG_TIMERFD
CONFIG_TMPFS_POSIX_ACL
"

CONFIGS_OFF="
CONFIG_NETPRIO_CGROUP
CONFIG_NET_CLS_CGROUP
CONFIG_FW_LOADER_USER_HELPER
CONFIG_ANDROID_LOW_MEMORY_KILLER
CONFIG_ANDROID_PARANOID_NETWORK
CONFIG_DEFAULT_SECURITY_DAC
CONFIG_DEFAULT_SECURITY_SELINUX
CONFIG_DEFAULT_SECURITY_TOMOYO
CONFIG_DEFAULT_SECURITY_YAMA
CONFIG_DEFAULT_SECURITY_SMACK
CONFIG_SECURITY_APPARMOR_STATS
CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX
CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
CONFIG_BT_HCIBTUSB
CONFIG_BT_HCIBTSDIO
CONFIG_BT_HCIUART
CONFIG_BT_HCIBCM203X
CONFIG_BT_HCIBPA10X
CONFIG_BT_HCIBFUSB
CONFIG_BT_HCIVHCI
CONFIG_BT_MRVL
CONFIG_AF_RXRPC
CONFIG_KEYS_DEBUG_PROC_KEYS
CONFIG_XFRM_MIGRATE
CONFIG_XFRM_STATISTICS
CONFIG_XFRM_SUB_POLICY
CONFIG_COMPAT_BRK
CONFIG_DEVKMEM
CONFIG_NETFILTER_DEBUG
CONFIG_IP_SET
CONFIG_IP_VS
CONFIG_RT_GROUP_SCHED
CONFIG_ARM_UNWIND
CONFIG_VT_HW_CONSOLE_BINDING
CONFIG_FRAMEBUFFER_CONSOLE
CONFIG_SPEAKUP
CONFIG_CIFS_UPCALL
CONFIG_CIFS_DFS_UPCALL
CONFIG_KGDB
"
CONFIGS_EQ="
CONFIG_DEFAULT_SECURITY=\"apparmor\"
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
CONFIG_SECURITY_TOMOYO_POLICY_LOADER=\"/sbin/tomoyo-init\"
CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER=\"/sbin/init\"
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
CONFIG_DEFAULT_MMAP_MIN_ADDR=32768
CONFIG_DEFAULT_IOSCHED=\"deadline\"
CONFIG_EVM_HMAC_VERSION=2
"

ered() {
	echo -e "\033[31m" $@
}

egreen() {
	echo -e "\033[32m" $@
}

ewhite() {
	echo -e "\033[37m" $@
}

echo -e "\n\nChecking config file for Halium specific config options.\n\n"

errors=0
fixes=0

for c in $CONFIGS_ON $CONFIGS_OFF;do
	cnt=`grep -w -c $c $FILE`
	if [ $cnt -gt 1 ];then
		ered "$c appears more than once in the config file, fix this"
		errors=$((errors+1))
	fi

	if [ $cnt -eq 0 ];then
		if $write ; then
			ewhite "Creating $c"
			echo "# $c is not set" >> "$FILE"
			fixes=$((fixes+1))
		else
			ered "$c is neither enabled nor disabled in the config file"
			errors=$((errors+1))
		fi
	fi
done

for c in $CONFIGS_ON;do
	if grep "$c=y\|$c=m" "$FILE" >/dev/null;then
		egreen "$c is already set"
	else
		if $write ; then
			ewhite "Setting $c"
			sed  -i "s,# $c is not set,$c=y," "$FILE"
			fixes=$((fixes+1))
		else
			ered "$c is not set, set it"
			errors=$((errors+1))
		fi
	fi
done

for c in $CONFIGS_EQ;do
	lhs=$(awk -F= '{ print $1 }' <(echo $c))
	rhs=$(awk -F= '{ print $2 }' <(echo $c))
	if grep "^$c" "$FILE" >/dev/null;then
		egreen "$c is already set correctly."
		continue
	elif grep "^$lhs" "$FILE" >/dev/null;then
		cur=$(awk -F= '{ print $2 }' <(grep "^$lhs=" "$FILE"))
		ered "$lhs is set, but to $cur not $rhs."
		if $write ; then
			egreen "Setting $c correctly"
			sed -i 's,^'"$lhs"'.*,# '"$lhs"' was '"$cur"'\n'"$c"',' "$FILE"
			fixes=$((fixes+1))
		fi
	else
		if $write ; then
			ewhite "Setting $c"
			echo  "$c" >> "$FILE"
			fixes=$((fixes+1))
		else
			ered "$c is not set"
			errors=$((errors+1))
		fi
	fi
done

for c in $CONFIGS_OFF;do
	if grep "$c=y\|$c=m" "$FILE" >/dev/null;then
		if $write ; then
			ewhite "Unsetting $c"
			sed  -i "s,$c=.*,# $c is not set," $FILE
			fixes=$((fixes+1))
		else
			ered "$c is set, unset it"
			errors=$((errors+1))
		fi
	else
		egreen "$c is already unset"
	fi
done

if [ $errors -eq 0 ];then
	egreen "\n\nConfig file checked, found no errors.\n\n"
else
	ered "\n\nConfig file checked, found $errors errors that I did not fix.\n\n"
fi

if [ $fixes -gt 0 ];then
	egreen "Made $fixes fixes.\n\n"
fi

ewhite " "
Initial commit 2018-02-07 19:25:02 +00:00			`#!/bin/bash`

			`FILE=$1`

			`[ -f "$FILE" ] \|\| {`
			`echo "Provide a config file as argument"`
			`exit`
			`}`

			`write=false`

			`if [ "$2" = "-w" ]; then`
			`write=true`
			`fi`

			`CONFIGS_ON="`
			`CONFIG_IKCONFIG`
			`CONFIG_CPUSETS`
			`CONFIG_AUTOFS4_FS`
			`CONFIG_TMPFS_XATTR`
			`CONFIG_TMPFS_POSIX_ACL`
			`CONFIG_CGROUP_DEVICE`
			`CONFIG_CGROUP_MEM_RES_CTLR`
			`CONFIG_CGROUP_MEM_RES_CTLR_SWAP`
			`CONFIG_CGROUP_MEM_RES_CTLR_KMEM`
			`CONFIG_RTC_DRV_CMOS`
			`CONFIG_BLK_CGROUP`
			`CONFIG_CGROUP_PERF`
			`CONFIG_IKCONFIG_PROC`
			`CONFIG_SYSVIPC`
			`CONFIG_CGROUPS`
			`CONFIG_CGROUP_FREEZER`
			`CONFIG_NAMESPACES`
			`CONFIG_UTS_NS`
			`CONFIG_IPC_NS`
			`CONFIG_USER_NS`
			`CONFIG_PID_NS`
			`CONFIG_NET_NS`
			`CONFIG_AUDIT`
			`CONFIG_AUDITSYSCALL`
			`CONFIG_AUDIT_TREE`
			`CONFIG_AUDIT_WATCH`
			`CONFIG_CC_STACKPROTECTOR`
			`CONFIG_DEBUG_RODATA`
			`CONFIG_DEVTMPFS`
			`CONFIG_DEVTMPFS_MOUNT`
			`CONFIG_DEVPTS_MULTIPLE_INSTANCES`
			`CONFIG_ECRYPT_FS`
			`CONFIG_ECRYPT_FS_MESSAGING`
			`CONFIG_ENCRYPTED_KEYS`
			`CONFIG_EXT4_FS_POSIX_ACL`
			`CONFIG_EXT4_FS_SECURITY`
			`CONFIG_FSNOTIFY`
			`CONFIG_DNOTIFY`
			`CONFIG_INOTIFY_USER`
			`CONFIG_FANOTIFY`
			`CONFIG_FANOTIFY_ACCESS_PERMISSIONS`
			`CONFIG_KEYS`
			`CONFIG_SWAP`
			`CONFIG_VT`
			`CONFIG_VT_CONSOLE`
			`CONFIG_SECCOMP`
			`CONFIG_SECURITY`
			`CONFIG_SECURITYFS`
			`CONFIG_SECURITY_NETWORK`
			`CONFIG_NETLABEL`
			`CONFIG_SECURITY_PATH`
			`CONFIG_SECURITY_SELINUX`
			`CONFIG_SECURITY_SELINUX_BOOTPARAM`
			`CONFIG_SECURITY_SELINUX_DISABLE`
			`CONFIG_SECURITY_SELINUX_DEVELOP`
			`CONFIG_SECURITY_SELINUX_AVC_STATS`
			`CONFIG_SECURITY_SMACK`
			`CONFIG_SECURITY_TOMOYO`
			`CONFIG_DEFAULT_SECURITY_APPARMOR`
			`CONFIG_SECURITY_APPARMOR`
			`CONFIG_SECURITY_APPARMOR_HASH`
			`CONFIG_SECURITY_APPARMOR_UNCONFINED_INIT`
			`CONFIG_SECURITY_YAMA`
			`CONFIG_SECURITY_YAMA_STACKED`
			`CONFIG_STRICT_DEVMEM`
			`CONFIG_SYN_COOKIES`
			`CONFIG_BT`
			`CONFIG_BT_RFCOMM`
			`CONFIG_BT_RFCOMM_TTY`
			`CONFIG_BT_BNEP`
			`CONFIG_BT_BNEP_MC_FILTER`
			`CONFIG_BT_BNEP_PROTO_FILTER`
			`CONFIG_BT_HIDP`
			`CONFIG_XFRM_USER`
			`CONFIG_NET_KEY`
			`CONFIG_INET`
			`CONFIG_IP_ADVANCED_ROUTER`
			`CONFIG_IP_MULTIPLE_TABLES`
			`CONFIG_INET_AH`
			`CONFIG_INET_ESP`
			`CONFIG_INET_IPCOMP`
			`CONFIG_INET_XFRM_MODE_TRANSPORT`
			`CONFIG_INET_XFRM_MODE_TUNNEL`
			`CONFIG_INET_XFRM_MODE_BEET`
			`CONFIG_IPV6`
			`CONFIG_INET6_AH`
			`CONFIG_INET6_ESP`
			`CONFIG_INET6_IPCOMP`
			`CONFIG_INET6_XFRM_MODE_TRANSPORT`
			`CONFIG_INET6_XFRM_MODE_TUNNEL`
			`CONFIG_INET6_XFRM_MODE_BEET`
			`CONFIG_IPV6_MULTIPLE_TABLES`
			`CONFIG_NETFILTER`
			`CONFIG_NETFILTER_ADVANCED`
			`CONFIG_NETFILTER_NETLINK`
			`CONFIG_NETFILTER_NETLINK_ACCT`
			`CONFIG_NETFILTER_NETLINK_LOG`
			`CONFIG_NETFILTER_NETLINK_QUEUE`
			`CONFIG_NETFILTER_TPROXY`
			`CONFIG_NETFILTER_XTABLES`
			`CONFIG_NETFILTER_XT_CONNMARK`
			`CONFIG_NETFILTER_XT_MARK`
			`CONFIG_NETFILTER_XT_MATCH_ADDRTYPE`
			`CONFIG_NETFILTER_XT_MATCH_CLUSTER`
			`CONFIG_NETFILTER_XT_MATCH_COMMENT`
			`CONFIG_NETFILTER_XT_MATCH_CONNBYTES`
			`CONFIG_NETFILTER_XT_MATCH_CONNLIMIT`
			`CONFIG_NETFILTER_XT_MATCH_CONNMARK`
			`CONFIG_NETFILTER_XT_MATCH_CONNTRACK`
			`CONFIG_NETFILTER_XT_MATCH_CPU`
			`CONFIG_NETFILTER_XT_MATCH_DCCP`
			`CONFIG_NETFILTER_XT_MATCH_DEVGROUP`
			`CONFIG_NETFILTER_XT_MATCH_DSCP`
			`CONFIG_NETFILTER_XT_MATCH_ECN`
			`CONFIG_NETFILTER_XT_MATCH_ESP`
			`CONFIG_NETFILTER_XT_MATCH_HASHLIMIT`
			`CONFIG_NETFILTER_XT_MATCH_HELPER`
			`CONFIG_NETFILTER_XT_MATCH_HL`
			`CONFIG_NETFILTER_XT_MATCH_IPRANGE`
			`CONFIG_NETFILTER_XT_MATCH_LENGTH`
			`CONFIG_NETFILTER_XT_MATCH_LIMIT`
			`CONFIG_NETFILTER_XT_MATCH_MAC`
			`CONFIG_NETFILTER_XT_MATCH_MARK`
			`CONFIG_NETFILTER_XT_MATCH_MULTIPORT`
			`CONFIG_NETFILTER_XT_MATCH_NFACCT`
			`CONFIG_NETFILTER_XT_MATCH_OSF`
			`CONFIG_NETFILTER_XT_MATCH_OWNER`
			`CONFIG_NETFILTER_XT_MATCH_PKTTYPE`
			`CONFIG_NETFILTER_XT_MATCH_POLICY`
			`CONFIG_NETFILTER_XT_MATCH_QUOTA`
			`CONFIG_NETFILTER_XT_MATCH_QUOTA2`
			`CONFIG_NETFILTER_XT_MATCH_RATEEST`
			`CONFIG_NETFILTER_XT_MATCH_REALM`
			`CONFIG_NETFILTER_XT_MATCH_RECENT`
			`CONFIG_NETFILTER_XT_MATCH_SCTP`
			`CONFIG_NETFILTER_XT_MATCH_SOCKET`
			`CONFIG_NETFILTER_XT_MATCH_STATE`
			`CONFIG_NETFILTER_XT_MATCH_STATISTIC`
			`CONFIG_NETFILTER_XT_MATCH_STRING`
			`CONFIG_NETFILTER_XT_MATCH_TCPMSS`
			`CONFIG_NETFILTER_XT_MATCH_TIME`
			`CONFIG_NETFILTER_XT_MATCH_U32`
			`CONFIG_NETFILTER_XT_TARGET_AUDIT`
			`CONFIG_NETFILTER_XT_TARGET_CHECKSUM`
			`CONFIG_NETFILTER_XT_TARGET_CLASSIFY`
			`CONFIG_NETFILTER_XT_TARGET_CONNMARK`
			`CONFIG_NETFILTER_XT_TARGET_CONNSECMARK`
			`CONFIG_NETFILTER_XT_TARGET_CT`
			`CONFIG_NETFILTER_XT_TARGET_DSCP`
			`CONFIG_NETFILTER_XT_TARGET_HL`
			`CONFIG_NETFILTER_XT_TARGET_IDLETIMER`
			`CONFIG_NETFILTER_XT_TARGET_LED`
			`CONFIG_NETFILTER_XT_TARGET_LOG`
			`CONFIG_NETFILTER_XT_TARGET_MARK`
			`CONFIG_NETFILTER_XT_TARGET_NFLOG`
			`CONFIG_NETFILTER_XT_TARGET_NFQUEUE`
			`CONFIG_NETFILTER_XT_TARGET_NOTRACK`
			`CONFIG_NETFILTER_XT_TARGET_RATEEST`
			`CONFIG_NETFILTER_XT_TARGET_SECMARK`
			`CONFIG_NETFILTER_XT_TARGET_TCPMSS`
			`CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP`
			`CONFIG_NETFILTER_XT_TARGET_TEE`
			`CONFIG_NETFILTER_XT_TARGET_TPROXY`
			`CONFIG_NETFILTER_XT_TARGET_TRACE`
			`CONFIG_NF_CONNTRACK_ZONES`
			`CONFIG_IP6_NF_FILTER`
			`CONFIG_IP6_NF_IPTABLES`
			`CONFIG_IP6_NF_MANGLE`
			`CONFIG_IP6_NF_MATCH_AH`
			`CONFIG_IP6_NF_MATCH_EUI64`
			`CONFIG_IP6_NF_MATCH_FRAG`
			`CONFIG_IP6_NF_MATCH_HL`
			`CONFIG_IP6_NF_MATCH_IPV6HEADER`
			`CONFIG_IP6_NF_MATCH_MH`
			`CONFIG_IP6_NF_MATCH_OPTS`
			`CONFIG_IP6_NF_MATCH_RPFILTER`
			`CONFIG_IP6_NF_MATCH_RT`
			`CONFIG_IP6_NF_QUEUE`
			`CONFIG_IP6_NF_RAW`
			`CONFIG_IP6_NF_SECURITY`
			`CONFIG_IP6_NF_TARGET_HL`
			`CONFIG_IP6_NF_TARGET_REJECT`
			`CONFIG_IP6_NF_TARGET_REJECT_SKERR`
			`CONFIG_DNS_RESOLVER`
			`CONFIG_IOSCHED_DEADLINE`
			`CONFIG_SUSPEND_TIME`
			`CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS`
			`CONFIG_CONSOLE_TRANSLATIONS`
			`CONFIG_EVM`
			`CONFIG_INTEGRITY_SIGNATURE`
			`CONFIG_FHANDLE`
			`CONFIG_EPOLL`
			`CONFIG_SIGNALFD`
			`CONFIG_TIMERFD`
			`CONFIG_TMPFS_POSIX_ACL`
			`"`

			`CONFIGS_OFF="`
			`CONFIG_NETPRIO_CGROUP`
			`CONFIG_NET_CLS_CGROUP`
			`CONFIG_FW_LOADER_USER_HELPER`
			`CONFIG_ANDROID_LOW_MEMORY_KILLER`
			`CONFIG_ANDROID_PARANOID_NETWORK`
			`CONFIG_DEFAULT_SECURITY_DAC`
			`CONFIG_DEFAULT_SECURITY_SELINUX`
			`CONFIG_DEFAULT_SECURITY_TOMOYO`
			`CONFIG_DEFAULT_SECURITY_YAMA`
			`CONFIG_DEFAULT_SECURITY_SMACK`
			`CONFIG_SECURITY_APPARMOR_STATS`
			`CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX`
			`CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER`
			`CONFIG_BT_HCIBTUSB`
			`CONFIG_BT_HCIBTSDIO`
			`CONFIG_BT_HCIUART`
			`CONFIG_BT_HCIBCM203X`
			`CONFIG_BT_HCIBPA10X`
			`CONFIG_BT_HCIBFUSB`
			`CONFIG_BT_HCIVHCI`
			`CONFIG_BT_MRVL`
			`CONFIG_AF_RXRPC`
			`CONFIG_KEYS_DEBUG_PROC_KEYS`
			`CONFIG_XFRM_MIGRATE`
			`CONFIG_XFRM_STATISTICS`
			`CONFIG_XFRM_SUB_POLICY`
			`CONFIG_COMPAT_BRK`
			`CONFIG_DEVKMEM`
			`CONFIG_NETFILTER_DEBUG`
			`CONFIG_IP_SET`
			`CONFIG_IP_VS`
			`CONFIG_RT_GROUP_SCHED`
			`CONFIG_ARM_UNWIND`
			`CONFIG_VT_HW_CONSOLE_BINDING`
			`CONFIG_FRAMEBUFFER_CONSOLE`
			`CONFIG_SPEAKUP`
			`CONFIG_CIFS_UPCALL`
			`CONFIG_CIFS_DFS_UPCALL`
			`CONFIG_KGDB`
			`"`
			`CONFIGS_EQ="`
			`CONFIG_DEFAULT_SECURITY=\"apparmor\"`
			`CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1`
			`CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0`
			`CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1`
			`CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048`
			`CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024`
			`CONFIG_SECURITY_TOMOYO_POLICY_LOADER=\"/sbin/tomoyo-init\"`
			`CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER=\"/sbin/init\"`
			`CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1`
			`CONFIG_DEFAULT_MMAP_MIN_ADDR=32768`
			`CONFIG_DEFAULT_IOSCHED=\"deadline\"`
			`CONFIG_EVM_HMAC_VERSION=2`
			`"`

			`ered() {`
			`echo -e "\033[31m" $@`
			`}`

			`egreen() {`
			`echo -e "\033[32m" $@`
			`}`

			`ewhite() {`
			`echo -e "\033[37m" $@`
			`}`

check-kernel-config: Ubuntu Touch -> Halium 2018-02-11 20:02:00 +00:00			`echo -e "\n\nChecking config file for Halium specific config options.\n\n"`
Initial commit 2018-02-07 19:25:02 +00:00
			`errors=0`
			`fixes=0`

			`for c in $CONFIGS_ON $CONFIGS_OFF;do`
			cnt=`grep -w -c $c $FILE`
			`if [ $cnt -gt 1 ];then`
			`ered "$c appears more than once in the config file, fix this"`
			`errors=$((errors+1))`
			`fi`

			`if [ $cnt -eq 0 ];then`
			`if $write ; then`
			`ewhite "Creating $c"`
			`echo "# $c is not set" >> "$FILE"`
			`fixes=$((fixes+1))`
			`else`
			`ered "$c is neither enabled nor disabled in the config file"`
			`errors=$((errors+1))`
			`fi`
			`fi`
			`done`

			`for c in $CONFIGS_ON;do`
			`if grep "$c=y\\|$c=m" "$FILE" >/dev/null;then`
			`egreen "$c is already set"`
			`else`
			`if $write ; then`
			`ewhite "Setting $c"`
			`sed -i "s,# $c is not set,$c=y," "$FILE"`
			`fixes=$((fixes+1))`
			`else`
			`ered "$c is not set, set it"`
			`errors=$((errors+1))`
			`fi`
			`fi`
			`done`

			`for c in $CONFIGS_EQ;do`
			`lhs=$(awk -F= '{ print $1 }' <(echo $c))`
			`rhs=$(awk -F= '{ print $2 }' <(echo $c))`
			`if grep "^$c" "$FILE" >/dev/null;then`
			`egreen "$c is already set correctly."`
			`continue`
			`elif grep "^$lhs" "$FILE" >/dev/null;then`
Fix regex: Would otherwise return more values from grep (#9) 2021-07-27 06:44:03 +00:00			`cur=$(awk -F= '{ print $2 }' <(grep "^$lhs=" "$FILE"))`
Initial commit 2018-02-07 19:25:02 +00:00			`ered "$lhs is set, but to $cur not $rhs."`
			`if $write ; then`
			`egreen "Setting $c correctly"`
			`sed -i 's,^'"$lhs"'.*,# '"$lhs"' was '"$cur"'\n'"$c"',' "$FILE"`
			`fixes=$((fixes+1))`
			`fi`
			`else`
			`if $write ; then`
			`ewhite "Setting $c"`
			`echo "$c" >> "$FILE"`
			`fixes=$((fixes+1))`
			`else`
			`ered "$c is not set"`
			`errors=$((errors+1))`
			`fi`
			`fi`
			`done`

			`for c in $CONFIGS_OFF;do`
			`if grep "$c=y\\|$c=m" "$FILE" >/dev/null;then`
			`if $write ; then`
			`ewhite "Unsetting $c"`
			`sed -i "s,$c=.*,# $c is not set," $FILE`
			`fixes=$((fixes+1))`
			`else`
			`ered "$c is set, unset it"`
			`errors=$((errors+1))`
			`fi`
			`else`
			`egreen "$c is already unset"`
			`fi`
			`done`

			`if [ $errors -eq 0 ];then`
			`egreen "\n\nConfig file checked, found no errors.\n\n"`
			`else`
			`ered "\n\nConfig file checked, found $errors errors that I did not fix.\n\n"`
			`fi`

			`if [ $fixes -gt 0 ];then`
			`egreen "Made $fixes fixes.\n\n"`
			`fi`

			`ewhite " "`