mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-25 07:29:24 -05:00
Further improve malware scanner
This commit is contained in:
parent
82758a5303
commit
82896187de
@ -48,25 +48,20 @@ gitReset() {
|
||||
export -f gitReset;
|
||||
|
||||
scanForMalware() {
|
||||
#This isn't perfect, but if it ever catches something be happy that it exists
|
||||
#Speed Goals (on a standard 7200 RPM drive):
|
||||
# - quick: < 10 mins
|
||||
# - extra: < 30 mins
|
||||
# - slow: < 1 hour
|
||||
#TODO: Scan more of /frameworks and /packages
|
||||
if [ -x /usr/bin/clamscan ] && [ -f /var/lib/clamav/main.cvd ]; then
|
||||
echo -e "\e[0;32mStarting a malware scan, this might take a while...\e[0m";
|
||||
$excludes="--exclude-dir=\".git\" --exclude-dir=\".repo\"";
|
||||
scanQueue="$base/android $base/art $base/bionic $base/bootable $base/build $base/compatibility $base/dalvik $base/device $base/hardware $base/libcore $base/libnativehelper $base/lineage-sdk $base/pdk $base/platform_testing $base/sdk"; #top-level directories
|
||||
scanQueue=$scanQueue" $base/frameworks/av $base/frameworks/native $base/packages/inputmethods $base/vendor/lineage";
|
||||
if [ "$MALWARE_SCAN_SETTING" != "quick" ] || [ "$MALWARE_SCAN_SETTING" = "extra" ]; then
|
||||
scanQueue=$scanQueue" $base/packages $base/vendor";
|
||||
fi;
|
||||
if [ "$MALWARE_SCAN_SETTING" = "slow" ]; then
|
||||
scanQueue=$scanQueue"$base/external $base/frameworks $base/prebuilts $base/system $base/toolchain $base/tools";
|
||||
fi;
|
||||
if [ "$MALWARE_SCAN_SETTING" = "full" ]; then
|
||||
scanQueue="$base";
|
||||
if [ -x /usr/bin/clamscan ] && [ -r /var/lib/clamav/main.cvd ]; then
|
||||
echo -e "\e[0;32mStarting a malware scan...\e[0m";
|
||||
excludes="--exclude-dir=\".git\" --exclude-dir=\".repo\"";
|
||||
scanQueue=$2;
|
||||
if [ "$1" = true ]; then
|
||||
if [ "$MALWARE_SCAN_SETTING" != "quick" ] || [ "$MALWARE_SCAN_SETTING" = "extra" ]; then
|
||||
scanQueue=$scanQueue" $base/frameworks $base/vendor";
|
||||
fi;
|
||||
if [ "$MALWARE_SCAN_SETTING" = "slow" ]; then
|
||||
scanQueue=$scanQueue"$base/external $base/prebuilts $base/toolchain $base/tools";
|
||||
fi;
|
||||
if [ "$MALWARE_SCAN_SETTING" = "full" ]; then
|
||||
scanQueue="$base";
|
||||
fi;
|
||||
fi;
|
||||
du -hsc $scanQueue;
|
||||
/usr/bin/clamscan --recursive --detect-pua --infected $excludes $scanQueue;
|
||||
@ -79,7 +74,6 @@ scanForMalware() {
|
||||
fi;
|
||||
if [ "$clamscanExit" -eq "0" ]; then
|
||||
echo -e "\e[0;32mNo malware found\e[0m";
|
||||
sleep 15;
|
||||
fi;
|
||||
if [ "$clamscanExit" -eq "2" ]; then
|
||||
echo -e "\e[0;33m----------------------------------------------------------------\e[0m";
|
||||
|
@ -45,8 +45,8 @@ export GRADLE_OPTS="-Xmx2048m";
|
||||
|
||||
export NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches
|
||||
|
||||
export MALWARE_SCAN_ON_PATCH=true; #Switch to true to perform a malware scan of certain directories before patching
|
||||
export MALWARE_SCAN_SETTING="quick"; #Options are quick, extra, slow, full
|
||||
export MALWARE_SCAN_ENABLED=true; #Set true to perform a fast scan on patchWorkspace() and a through scan on buildAll()
|
||||
export MALWARE_SCAN_SETTING="quick"; #buildAll() scan speed. Options are quick, extra, slow, full
|
||||
|
||||
source $scriptsCommon"/Functions.sh";
|
||||
source $scripts"/Functions.sh";
|
||||
|
@ -27,6 +27,13 @@ resetWorkspace() {
|
||||
}
|
||||
export -f resetWorkspace;
|
||||
|
||||
scanWorkspaceForMalware() {
|
||||
scanQueue="$base/abi $base/android $base/art $base/bionic $base/bootable $base/build $base/dalvik $base/device $base/hardware $base/libcore $base/libnativehelper $base/ndk $base/packages $base/pdk $base/platform_testing $base/sdk $base/system";
|
||||
scanQueue=$scanQueue" $base/vendor/cm $base/vendor/cmsdk";
|
||||
scanForMalware true "$scanQueue";
|
||||
}
|
||||
export -f scanWorkspaceForMalware;
|
||||
|
||||
buildDevice() {
|
||||
brunch lineage_$1-user;
|
||||
}
|
||||
@ -40,6 +47,8 @@ buildDeviceDebug() {
|
||||
export -f buildDeviceDebug;
|
||||
|
||||
buildAll() {
|
||||
if [ "$MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
|
||||
|
||||
#Select devices are userdebug due to SELinux policy issues
|
||||
#TODO: Add victara, athene, us997, us996, pme, t0lte, hlte
|
||||
brunch lineage_thor-userdebug; #deprecated
|
||||
@ -62,8 +71,7 @@ buildAll() {
|
||||
export -f buildAll;
|
||||
|
||||
patchWorkspace() {
|
||||
if [ "$MALWARE_SCAN_ON_PATCH" = true ]; then scanForMalware; fi;
|
||||
|
||||
if [ "$MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$base/build $base/vendor/cm"; fi;
|
||||
#source build/envsetup.sh;
|
||||
|
||||
source $scripts/Patch.sh;
|
||||
|
@ -45,8 +45,8 @@ export GRADLE_OPTS="-Xmx2048m";
|
||||
|
||||
export NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches
|
||||
|
||||
export MALWARE_SCAN_ON_PATCH=true; #Switch to true to perform a malware scan of certain directories before patching
|
||||
export MALWARE_SCAN_SETTING="quick"; #Options are quick, extra, slow, full
|
||||
export MALWARE_SCAN_ENABLED=true; #Set true to perform a fast scan on patchWorkspace() and a through scan on buildAll()
|
||||
export MALWARE_SCAN_SETTING="quick"; #buildAll() scan speed. Options are quick, extra, slow, full
|
||||
|
||||
source $scriptsCommon"/Functions.sh";
|
||||
source $scripts"/Functions.sh";
|
||||
|
@ -27,6 +27,13 @@ resetWorkspace() {
|
||||
}
|
||||
export -f resetWorkspace;
|
||||
|
||||
scanWorkspaceForMalware() {
|
||||
scanQueue="$base/android $base/art $base/bionic $base/bootable $base/build $base/compatibility $base/dalvik $base/device $base/hardware $base/libcore $base/libnativehelper $base/packages $base/pdk $base/platform_testing $base/sdk $base/system";
|
||||
scanQueue=$scanQueue" $base/lineage-sdk $base/vendor/lineage";
|
||||
scanForMalware true "$scanQueue";
|
||||
}
|
||||
export -f scanWorkspaceForMalware;
|
||||
|
||||
buildDevice() {
|
||||
brunch lineage_$1-user;
|
||||
}
|
||||
@ -40,6 +47,7 @@ buildDeviceDebug() {
|
||||
export -f buildDeviceDebug;
|
||||
|
||||
buildAll() {
|
||||
if [ "$MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
|
||||
#Select devices are userdebug due to SELinux policy issues
|
||||
brunch lineage_d852-user;
|
||||
brunch lineage_bacon-user;
|
||||
@ -62,7 +70,7 @@ buildAll() {
|
||||
export -f buildAll;
|
||||
|
||||
patchWorkspace() {
|
||||
if [ "$MALWARE_SCAN_ON_PATCH" = true ]; then scanForMalware; fi;
|
||||
if [ "$MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$base/build $base/vendor/lineage"; fi;
|
||||
|
||||
source build/envsetup.sh;
|
||||
repopick -f 206123; #bionic: Sort and cache hosts file data for fast lookup
|
||||
|
@ -225,6 +225,7 @@ cd $base;
|
||||
#Fix broken options enabled by hardenDefconfig()
|
||||
sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/google/msm/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile
|
||||
sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/lge/msm8996/arch/arm64/configs/lineageos_*_defconfig; #Breaks on compile
|
||||
sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/motorola/msm8996/arch/arm64/configs/*_defconfig; #Breaks on compile
|
||||
#
|
||||
#END OF DEVICE CHANGES
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user