Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2025-01-12 07:59:36 -05:00
Code Issues Packages Projects Releases Wiki Activity

Optimize hardenDefconfig

Browse Source
This commit is contained in:
Tad 2021-09-18 21:38:43 -04:00
parent 7e093e0500
commit ba07cfb300
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Scripts/Common/Functions.sh
View File

@ -637,6 +637,7 @@ export -f changeDefaultDNS;
editKernelLocalversion() { editKernelLocalversion() {
local defconfigPath=$(getDefconfig) local defconfigPath=$(getDefconfig)
sed -i 's/CONFIG_LOCALVERSION=".*"/CONFIG_LOCALVERSION="'"$1"'"/' $defconfigPath &>/dev/null || true; sed -i 's/CONFIG_LOCALVERSION=".*"/CONFIG_LOCALVERSION="'"$1"'"/' $defconfigPath &>/dev/null || true;
sed -zi '/CONFIG_LOCALVERSION="'"$1"'"/!s/$/\nCONFIG_LOCALVERSION="'"$1"'"/' $defconfigPath &>/dev/null;
} }
export -f editKernelLocalversion; export -f editKernelLocalversion;
@ -769,12 +770,11 @@ hardenDefconfig() {
for option in "${optionsYes[@]}" for option in "${optionsYes[@]}"
do do
sed -i 's/# '"CONFIG_$option"' is not set/'"CONFIG_$option"'=y/' $defconfigPath &>/dev/null || true; #If the option is disabled, enable it
#Some defconfigs are very minimal/not-autogenerated, so lets add the rest. Obviously most won't have any affect as they aren't supported. sed -i 's/# CONFIG_'"$option"' is not set/CONFIG_'"$option"'=y/' $defconfigPath &>/dev/null || true;
if [[ "$1" != *"kernel/oneplus/msm8996"* ]]; then if [[ "$1" != *"kernel/oneplus/msm8996"* ]]; then
if ! grep -q "CONFIG_$option=y" $defconfigPath &>/dev/null; then #If the option isn't present, add it enabled
echo "CONFIG_$option=y" | tee -a $defconfigPath &>/dev/null || true; sed -zi '/CONFIG_'"$option"'=y/!s/$/\nCONFIG_'"$option"'=y/' $defconfigPath &>/dev/null || true;
fi;
fi; fi;
done done
#Disable supported options #Disable supported options
@ -787,19 +787,19 @@ hardenDefconfig() {
for option in "${optionsNo[@]}" for option in "${optionsNo[@]}"
do do
sed -i 's/'"CONFIG_$option"'=y/# '"CONFIG_$option"' is not set/' $defconfigPath &>/dev/null || true; #If the option is enabled, disable it
#sed -i 's/'"CONFIG_$option"'=y/'"CONFIG_$option"'=n/' $defconfigPath &>/dev/null || true; sed -i 's/CONFIG_'"$option"'=y/CONFIG_'"$option"'=n/' $defconfigPath &>/dev/null || true;
#Some defconfigs are very minimal/not-autogenerated, so lets add the rest. Obviously most won't have any affect as they aren't supported. #If the option isn't present, add it disabled
if ! grep -q "CONFIG_$option=n" $defconfigPath &>/dev/null; then sed -zi '/CONFIG_'"$option"'=n/!s/$/\nCONFIG_'"$option"'=n/' $defconfigPath &>/dev/null || true;
echo "CONFIG_$option=n" | tee -a $defconfigPath &>/dev/null || true;
fi;
done done
#Extras #Extras
sed -i 's/CONFIG_ARCH_MMAP_RND_BITS=8/CONFIG_ARCH_MMAP_RND_BITS=16/' $defconfigPath &>/dev/null || true; sed -i 's/CONFIG_ARCH_MMAP_RND_BITS=8/CONFIG_ARCH_MMAP_RND_BITS=16/' $defconfigPath &>/dev/null || true;
sed -i 's/CONFIG_ARCH_MMAP_RND_BITS=18/CONFIG_ARCH_MMAP_RND_BITS=24/' $defconfigPath &>/dev/null || true; sed -i 's/CONFIG_ARCH_MMAP_RND_BITS=18/CONFIG_ARCH_MMAP_RND_BITS=24/' $defconfigPath &>/dev/null || true;
sed -i 's/CONFIG_DEFAULT_MMAP_MIN_ADDR=4096/CONFIG_DEFAULT_MMAP_MIN_ADDR=32768/' $defconfigPath &>/dev/null || true; sed -i 's/CONFIG_DEFAULT_MMAP_MIN_ADDR=4096/CONFIG_DEFAULT_MMAP_MIN_ADDR=32768/' $defconfigPath &>/dev/null || true;
sed -zi '/CONFIG_DEFAULT_MMAP_MIN_ADDR/!s/$/\nCONFIG_DEFAULT_MMAP_MIN_ADDR=32768/' $defconfigPath &>/dev/null || true;
sed -i 's/CONFIG_LSM_MMAP_MIN_ADDR=4096/CONFIG_LSM_MMAP_MIN_ADDR=32768/' $defconfigPath &>/dev/null || true; sed -i 's/CONFIG_LSM_MMAP_MIN_ADDR=4096/CONFIG_LSM_MMAP_MIN_ADDR=32768/' $defconfigPath &>/dev/null || true;
sed -zi '/CONFIG_LSM_MMAP_MIN_ADDR/!s/$/\nCONFIG_LSM_MMAP_MIN_ADDR=32768/' $defconfigPath &>/dev/null || true;
editKernelLocalversion "-dos"; editKernelLocalversion "-dos";