diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh index 3a162d85..170cf10f 100644 --- a/Scripts/Common/Functions.sh +++ b/Scripts/Common/Functions.sh @@ -48,25 +48,20 @@ gitReset() { export -f gitReset; scanForMalware() { -#This isn't perfect, but if it ever catches something be happy that it exists -#Speed Goals (on a standard 7200 RPM drive): -# - quick: < 10 mins -# - extra: < 30 mins -# - slow: < 1 hour -#TODO: Scan more of /frameworks and /packages - if [ -x /usr/bin/clamscan ] && [ -f /var/lib/clamav/main.cvd ]; then - echo -e "\e[0;32mStarting a malware scan, this might take a while...\e[0m"; - $excludes="--exclude-dir=\".git\" --exclude-dir=\".repo\""; - scanQueue="$base/android $base/art $base/bionic $base/bootable $base/build $base/compatibility $base/dalvik $base/device $base/hardware $base/libcore $base/libnativehelper $base/lineage-sdk $base/pdk $base/platform_testing $base/sdk"; #top-level directories - scanQueue=$scanQueue" $base/frameworks/av $base/frameworks/native $base/packages/inputmethods $base/vendor/lineage"; - if [ "$MALWARE_SCAN_SETTING" != "quick" ] || [ "$MALWARE_SCAN_SETTING" = "extra" ]; then - scanQueue=$scanQueue" $base/packages $base/vendor"; - fi; - if [ "$MALWARE_SCAN_SETTING" = "slow" ]; then - scanQueue=$scanQueue"$base/external $base/frameworks $base/prebuilts $base/system $base/toolchain $base/tools"; - fi; - if [ "$MALWARE_SCAN_SETTING" = "full" ]; then - scanQueue="$base"; + if [ -x /usr/bin/clamscan ] && [ -r /var/lib/clamav/main.cvd ]; then + echo -e "\e[0;32mStarting a malware scan...\e[0m"; + excludes="--exclude-dir=\".git\" --exclude-dir=\".repo\""; + scanQueue=$2; + if [ "$1" = true ]; then + if [ "$MALWARE_SCAN_SETTING" != "quick" ] || [ "$MALWARE_SCAN_SETTING" = "extra" ]; then + scanQueue=$scanQueue" $base/frameworks $base/vendor"; + fi; + if [ "$MALWARE_SCAN_SETTING" = "slow" ]; then + scanQueue=$scanQueue"$base/external $base/prebuilts $base/toolchain $base/tools"; + fi; + if [ "$MALWARE_SCAN_SETTING" = "full" ]; then + scanQueue="$base"; + fi; fi; du -hsc $scanQueue; /usr/bin/clamscan --recursive --detect-pua --infected $excludes $scanQueue; @@ -79,7 +74,6 @@ scanForMalware() { fi; if [ "$clamscanExit" -eq "0" ]; then echo -e "\e[0;32mNo malware found\e[0m"; - sleep 15; fi; if [ "$clamscanExit" -eq "2" ]; then echo -e "\e[0;33m----------------------------------------------------------------\e[0m"; diff --git a/Scripts/LineageOS-14.1/00init.sh b/Scripts/LineageOS-14.1/00init.sh index e89a5826..fb96fe3d 100644 --- a/Scripts/LineageOS-14.1/00init.sh +++ b/Scripts/LineageOS-14.1/00init.sh @@ -45,8 +45,8 @@ export GRADLE_OPTS="-Xmx2048m"; export NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches -export MALWARE_SCAN_ON_PATCH=true; #Switch to true to perform a malware scan of certain directories before patching -export MALWARE_SCAN_SETTING="quick"; #Options are quick, extra, slow, full +export MALWARE_SCAN_ENABLED=true; #Set true to perform a fast scan on patchWorkspace() and a through scan on buildAll() +export MALWARE_SCAN_SETTING="quick"; #buildAll() scan speed. Options are quick, extra, slow, full source $scriptsCommon"/Functions.sh"; source $scripts"/Functions.sh"; diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh index 43dd710e..fe53c7c2 100644 --- a/Scripts/LineageOS-14.1/Functions.sh +++ b/Scripts/LineageOS-14.1/Functions.sh @@ -27,6 +27,13 @@ resetWorkspace() { } export -f resetWorkspace; +scanWorkspaceForMalware() { + scanQueue="$base/abi $base/android $base/art $base/bionic $base/bootable $base/build $base/dalvik $base/device $base/hardware $base/libcore $base/libnativehelper $base/ndk $base/packages $base/pdk $base/platform_testing $base/sdk $base/system"; + scanQueue=$scanQueue" $base/vendor/cm $base/vendor/cmsdk"; + scanForMalware true "$scanQueue"; +} +export -f scanWorkspaceForMalware; + buildDevice() { brunch lineage_$1-user; } @@ -40,6 +47,8 @@ buildDeviceDebug() { export -f buildDeviceDebug; buildAll() { + if [ "$MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi; + #Select devices are userdebug due to SELinux policy issues #TODO: Add victara, athene, us997, us996, pme, t0lte, hlte brunch lineage_thor-userdebug; #deprecated @@ -62,8 +71,7 @@ buildAll() { export -f buildAll; patchWorkspace() { - if [ "$MALWARE_SCAN_ON_PATCH" = true ]; then scanForMalware; fi; - + if [ "$MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$base/build $base/vendor/cm"; fi; #source build/envsetup.sh; source $scripts/Patch.sh; diff --git a/Scripts/LineageOS-15.1/00init.sh b/Scripts/LineageOS-15.1/00init.sh index 26e3054c..4e395249 100644 --- a/Scripts/LineageOS-15.1/00init.sh +++ b/Scripts/LineageOS-15.1/00init.sh @@ -45,8 +45,8 @@ export GRADLE_OPTS="-Xmx2048m"; export NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches -export MALWARE_SCAN_ON_PATCH=true; #Switch to true to perform a malware scan of certain directories before patching -export MALWARE_SCAN_SETTING="quick"; #Options are quick, extra, slow, full +export MALWARE_SCAN_ENABLED=true; #Set true to perform a fast scan on patchWorkspace() and a through scan on buildAll() +export MALWARE_SCAN_SETTING="quick"; #buildAll() scan speed. Options are quick, extra, slow, full source $scriptsCommon"/Functions.sh"; source $scripts"/Functions.sh"; diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh index d1b3b026..749bbed7 100644 --- a/Scripts/LineageOS-15.1/Functions.sh +++ b/Scripts/LineageOS-15.1/Functions.sh @@ -27,6 +27,13 @@ resetWorkspace() { } export -f resetWorkspace; +scanWorkspaceForMalware() { + scanQueue="$base/android $base/art $base/bionic $base/bootable $base/build $base/compatibility $base/dalvik $base/device $base/hardware $base/libcore $base/libnativehelper $base/packages $base/pdk $base/platform_testing $base/sdk $base/system"; + scanQueue=$scanQueue" $base/lineage-sdk $base/vendor/lineage"; + scanForMalware true "$scanQueue"; +} +export -f scanWorkspaceForMalware; + buildDevice() { brunch lineage_$1-user; } @@ -40,6 +47,7 @@ buildDeviceDebug() { export -f buildDeviceDebug; buildAll() { + if [ "$MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi; #Select devices are userdebug due to SELinux policy issues brunch lineage_d852-user; brunch lineage_bacon-user; @@ -62,7 +70,7 @@ buildAll() { export -f buildAll; patchWorkspace() { - if [ "$MALWARE_SCAN_ON_PATCH" = true ]; then scanForMalware; fi; + if [ "$MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$base/build $base/vendor/lineage"; fi; source build/envsetup.sh; repopick -f 206123; #bionic: Sort and cache hosts file data for fast lookup diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index e741dc92..b206b985 100755 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -225,6 +225,7 @@ cd $base; #Fix broken options enabled by hardenDefconfig() sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/google/msm/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/lge/msm8996/arch/arm64/configs/lineageos_*_defconfig; #Breaks on compile +sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/motorola/msm8996/arch/arm64/configs/*_defconfig; #Breaks on compile # #END OF DEVICE CHANGES #