Adds a scripts/ dir with a script to check kernel configs

b47cf06a · Florent Revest · 8e6d8482 · b47cf06a
Commit b47cf06a authored Aug 02, 2015 by Florent Revest
Hide whitespace changes
Inline Side-by-side

Showing with 314 additions and 0 deletions

check-config scripts/check-config +314 -0

No files found.
--- a/scripts/check-config
+++ b/scripts/check-config
+#!/bin/bash
+
+FILE=$1
+
+[ -f "$FILE" ] || {
+	echo "Provide a config file as argument"
+	exit
+}
+
+write=false
+
+if [ "$2" = "-w" ]; then
+	write=true
+fi
+
+CONFIGS_ON="
+CONFIG_IKCONFIG
+CONFIG_IKCONFIG_PROC
+CONFIG_SYSVIPC
+CONFIG_CGROUPS
+CONFIG_CGROUP_FREEZER
+CONFIG_NAMESPACES
+CONFIG_UTS_NS
+CONFIG_IPC_NS
+CONFIG_PID_NS
+CONFIG_NET_NS
+CONFIG_AUDIT
+CONFIG_AUDITSYSCALL
+CONFIG_AUDIT_TREE
+CONFIG_AUDIT_WATCH
+CONFIG_CC_STACKPROTECTOR
+CONFIG_DEBUG_RODATA
+CONFIG_DEVTMPFS
+CONFIG_DEVTMPFS_MOUNT
+CONFIG_DEVPTS_FS
+CONFIG_ECRYPT_FS
+CONFIG_ECRYPT_FS_MESSAGING
+CONFIG_ENCRYPTED_KEYS
+CONFIG_EXT4_FS_POSIX_ACL
+CONFIG_EXT4_FS_SECURITY
+CONFIG_FSNOTIFY
+CONFIG_DNOTIFY
+CONFIG_INOTIFY_USER
+CONFIG_FANOTIFY
+CONFIG_FANOTIFY_ACCESS_PERMISSIONS
+CONFIG_KEYS
+CONFIG_SWAP
+CONFIG_VT
+CONFIG_VT_CONSOLE
+CONFIG_SECCOMP
+CONFIG_NETLABEL
+CONFIG_STRICT_DEVMEM
+CONFIG_SYN_COOKIES
+CONFIG_BT
+CONFIG_BT_RFCOMM
+CONFIG_BT_RFCOMM_TTY
+CONFIG_BT_BNEP
+CONFIG_BT_BNEP_MC_FILTER
+CONFIG_BT_BNEP_PROTO_FILTER
+CONFIG_BT_HIDP
+CONFIG_XFRM_USER
+CONFIG_NET_KEY
+CONFIG_INET
+CONFIG_IP_ADVANCED_ROUTER
+CONFIG_IP_MULTIPLE_TABLES
+CONFIG_INET_AH
+CONFIG_INET_ESP
+CONFIG_INET_IPCOMP
+CONFIG_INET_XFRM_MODE_TRANSPORT
+CONFIG_INET_XFRM_MODE_TUNNEL
+CONFIG_INET_XFRM_MODE_BEET
+CONFIG_IPV6
+CONFIG_INET6_AH
+CONFIG_INET6_ESP
+CONFIG_INET6_IPCOMP
+CONFIG_INET6_XFRM_MODE_TRANSPORT
+CONFIG_INET6_XFRM_MODE_TUNNEL
+CONFIG_INET6_XFRM_MODE_BEET
+CONFIG_IPV6_MULTIPLE_TABLES
+CONFIG_NETFILTER
+CONFIG_NETFILTER_ADVANCED
+CONFIG_NETFILTER_NETLINK
+CONFIG_NETFILTER_NETLINK_ACCT
+CONFIG_NETFILTER_NETLINK_LOG
+CONFIG_NETFILTER_NETLINK_QUEUE
+CONFIG_NETFILTER_TPROXY
+CONFIG_NETFILTER_XTABLES
+CONFIG_NETFILTER_XT_CONNMARK
+CONFIG_NETFILTER_XT_MARK
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE
+CONFIG_NETFILTER_XT_MATCH_CLUSTER
+CONFIG_NETFILTER_XT_MATCH_COMMENT
+CONFIG_NETFILTER_XT_MATCH_CONNBYTES
+CONFIG_NETFILTER_XT_MATCH_CONNLIMIT
+CONFIG_NETFILTER_XT_MATCH_CONNMARK
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK
+CONFIG_NETFILTER_XT_MATCH_CPU
+CONFIG_NETFILTER_XT_MATCH_DCCP
+CONFIG_NETFILTER_XT_MATCH_DEVGROUP
+CONFIG_NETFILTER_XT_MATCH_DSCP
+CONFIG_NETFILTER_XT_MATCH_ECN
+CONFIG_NETFILTER_XT_MATCH_ESP
+CONFIG_NETFILTER_XT_MATCH_HASHLIMIT
+CONFIG_NETFILTER_XT_MATCH_HELPER
+CONFIG_NETFILTER_XT_MATCH_HL
+CONFIG_NETFILTER_XT_MATCH_IPRANGE
+CONFIG_NETFILTER_XT_MATCH_LENGTH
+CONFIG_NETFILTER_XT_MATCH_LIMIT
+CONFIG_NETFILTER_XT_MATCH_MAC
+CONFIG_NETFILTER_XT_MATCH_MARK
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT
+CONFIG_NETFILTER_XT_MATCH_NFACCT
+CONFIG_NETFILTER_XT_MATCH_OSF
+CONFIG_NETFILTER_XT_MATCH_OWNER
+CONFIG_NETFILTER_XT_MATCH_PKTTYPE
+CONFIG_NETFILTER_XT_MATCH_POLICY
+CONFIG_NETFILTER_XT_MATCH_QUOTA
+CONFIG_NETFILTER_XT_MATCH_QUOTA2
+CONFIG_NETFILTER_XT_MATCH_RATEEST
+CONFIG_NETFILTER_XT_MATCH_REALM
+CONFIG_NETFILTER_XT_MATCH_RECENT
+CONFIG_NETFILTER_XT_MATCH_SCTP
+CONFIG_NETFILTER_XT_MATCH_SOCKET
+CONFIG_NETFILTER_XT_MATCH_STATE
+CONFIG_NETFILTER_XT_MATCH_STATISTIC
+CONFIG_NETFILTER_XT_MATCH_STRING
+CONFIG_NETFILTER_XT_MATCH_TCPMSS
+CONFIG_NETFILTER_XT_MATCH_TIME
+CONFIG_NETFILTER_XT_MATCH_U32
+CONFIG_NETFILTER_XT_TARGET_AUDIT
+CONFIG_NETFILTER_XT_TARGET_CHECKSUM
+CONFIG_NETFILTER_XT_TARGET_CLASSIFY
+CONFIG_NETFILTER_XT_TARGET_CONNMARK
+CONFIG_NETFILTER_XT_TARGET_CONNSECMARK
+CONFIG_NETFILTER_XT_TARGET_CT
+CONFIG_NETFILTER_XT_TARGET_DSCP
+CONFIG_NETFILTER_XT_TARGET_HL
+CONFIG_NETFILTER_XT_TARGET_IDLETIMER
+CONFIG_NETFILTER_XT_TARGET_LED
+CONFIG_NETFILTER_XT_TARGET_LOG
+CONFIG_NETFILTER_XT_TARGET_MARK
+CONFIG_NETFILTER_XT_TARGET_NFLOG
+CONFIG_NETFILTER_XT_TARGET_NFQUEUE
+CONFIG_NETFILTER_XT_TARGET_NOTRACK
+CONFIG_NETFILTER_XT_TARGET_RATEEST
+CONFIG_NETFILTER_XT_TARGET_SECMARK
+CONFIG_NETFILTER_XT_TARGET_TCPMSS
+CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP
+CONFIG_NETFILTER_XT_TARGET_TEE
+CONFIG_NETFILTER_XT_TARGET_TPROXY
+CONFIG_NETFILTER_XT_TARGET_TRACE
+CONFIG_NF_CONNTRACK_ZONES
+CONFIG_IP6_NF_FILTER
+CONFIG_IP6_NF_IPTABLES
+CONFIG_IP6_NF_MANGLE
+CONFIG_IP6_NF_MATCH_AH
+CONFIG_IP6_NF_MATCH_EUI64
+CONFIG_IP6_NF_MATCH_FRAG
+CONFIG_IP6_NF_MATCH_HL
+CONFIG_IP6_NF_MATCH_IPV6HEADER
+CONFIG_IP6_NF_MATCH_MH
+CONFIG_IP6_NF_MATCH_OPTS
+CONFIG_IP6_NF_MATCH_RPFILTER
+CONFIG_IP6_NF_MATCH_RT
+CONFIG_IP6_NF_QUEUE
+CONFIG_IP6_NF_RAW
+CONFIG_IP6_NF_SECURITY
+CONFIG_IP6_NF_TARGET_HL
+CONFIG_IP6_NF_TARGET_REJECT
+CONFIG_IP6_NF_TARGET_REJECT_SKERR
+CONFIG_DNS_RESOLVER
+CONFIG_SUSPEND_TIME
+CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS
+CONFIG_CONSOLE_TRANSLATIONS
+CONFIG_EVM
+CONFIG_INTEGRITY_SIGNATURE
+CONFIG_FHANDLE
+CONFIG_EPOLL
+CONFIG_SIGNALFD
+CONFIG_TIMERFD
+"
+
+CONFIGS_OFF="
+CONFIG_ANDROID_PARANOID_NETWORK
+CONFIG_SECURITY
+CONFIG_DEFAULT_SECURITY_DAC
+CONFIG_DEFAULT_SECURITY_SELINUX
+CONFIG_DEFAULT_SECURITY_TOMOYO
+CONFIG_DEFAULT_SECURITY_YAMA
+CONFIG_DEFAULT_SECURITY_SMACK
+CONFIG_DEFAULT_SECURITY_APPARMOR
+CONFIG_SECURITY_APPARMOR_STATS
+CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX
+CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
+CONFIG_BT_HCIBTUSB
+CONFIG_BT_HCIBTSDIO
+CONFIG_BT_HCIUART
+CONFIG_BT_HCIBCM203X
+CONFIG_BT_HCIBPA10X
+CONFIG_BT_HCIBFUSB
+CONFIG_BT_HCIVHCI
+CONFIG_BT_MRVL
+CONFIG_AF_RXRPC
+CONFIG_KEYS_DEBUG_PROC_KEYS
+CONFIG_XFRM_MIGRATE
+CONFIG_XFRM_STATISTICS
+CONFIG_XFRM_SUB_POLICY
+CONFIG_COMPAT_BRK
+CONFIG_DEVKMEM
+CONFIG_NETFILTER_DEBUG
+CONFIG_IP_SET
+CONFIG_IP_VS
+CONFIG_RT_GROUP_SCHED
+CONFIG_ARM_UNWIND
+CONFIG_VT_HW_CONSOLE_BINDING
+CONFIG_FRAMEBUFFER_CONSOLE
+CONFIG_SPEAKUP
+CONFIG_CIFS_UPCALL
+CONFIG_CIFS_DFS_UPCALL
+CONFIG_KGDB
+"
+CONFIGS_EQ="
+"
+
+ered() {
+	echo -e "\033[31m" $@
+}
+
+egreen() {
+	echo -e "\033[32m" $@
+}
+
+ewhite() {
+	echo -e "\033[37m" $@
+}
+
+echo -e "\n\nChecking config file for Asteroid specific config options.\n\n"
+
+errors=0
+fixes=0
+
+for c in $CONFIGS_ON $CONFIGS_OFF;do
+	cnt=`grep -w -c $c $FILE`
+	if [ $cnt -gt 1 ];then
+		ered "$c appears more than once in the config file, fix this"
+		errors=$((errors+1))
+	fi
+
+	if [ $cnt -eq 0 ];then
+		if $write ; then
+			ewhite "Creating $c"
+			echo "# $c is not set" >> $FILE
+			fixes=$((fixes+1))
+		else
+			ered "$c is neither enabled nor disabled in the config file"
+			errors=$((errors+1))
+		fi
+	fi
+done
+
+for c in $CONFIGS_ON;do
+	if grep "$c=y\|$c=m" $FILE >/dev/null;then
+		egreen "$c is already set"
+	else
+		if $write ; then
+			ewhite "Setting $c"
+			sed  -i "s,# $c is not set,$c=y," $FILE
+			fixes=$((fixes+1))
+		else
+			ered "$c is not set, set it"
+			errors=$((errors+1))
+		fi
+	fi
+done
+
+for c in $CONFIGS_EQ;do
+	if grep "$c" $FILE >/dev/null;then
+		egreen "$c is already set"
+	else
+		if $write ; then
+			ewhite "Setting $c"
+			echo  "$c" >> $FILE
+			fixes=$((fixes+1))
+		else
+			ered "$c is not set, set it"
+			errors=$((errors+1))
+		fi
+	fi
+done
+
+for c in $CONFIGS_OFF;do
+	if grep "$c=y\|$c=m" $FILE >/dev/null;then
+		if $write ; then
+			ewhite "Unsetting $c"
+			sed  -i "s,$c=.*,# $c is not set," $FILE
+			fixes=$((fixes+1))
+		else
+			ered "$c is set, unset it"
+			errors=$((errors+1))
+		fi
+	else
+		egreen "$c is already unset"
+	fi
+done
+
+if [ $errors -eq 0 ];then
+	egreen "\n\nConfig file checked, found no errors.\n\n"
+else
+	ered "\n\nConfig file checked, found $errors errors that I did not fix.\n\n"
+fi
+
+if [ $fixes -gt 0 ];then
+	egreen "Made $fixes fixes.\n\n"
+fi