Add a function to update the kernel localversion

2025-02-24 00:20:06 -05:00 · 2018-01-10 17:52:20 -05:00 · 2018-01-10 17:52:20 -05:00 · c47dee71d8
commit c47dee71d8
parent f57f77662b
26 changed files with 45 additions and 6 deletions
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_amazon_hdx-common.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_amazon_hdx-common.sh
@ -84,4 +84,5 @@ git apply $cvePatchesLinux/CVE-2017-9242/^4.11/0001.patch
 git apply $cvePatchesLinux/CVE-2017-9684/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-9706/ANY/0001.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_asus_msm8916.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_asus_msm8916.sh
@ -57,4 +57,5 @@ git apply $cvePatchesLinux/LVT-2017-0003/3.10/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_fairphone_msm8974.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_fairphone_msm8974.sh
@ -29,4 +29,5 @@ git apply $cvePatchesLinux/CVE-2017-6348/^4.9/0001.patch
 git apply $cvePatchesLinux/CVE-2017-7533/3.4/0001.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_google_marlin.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_google_marlin.sh
@ -188,4 +188,5 @@ git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0610/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-15845/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_google_msm.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_google_msm.sh
@ -42,4 +42,5 @@ git apply $cvePatchesLinux/CVE-2017-8254/3.4/0001.patch
 git apply $cvePatchesLinux/CVE-2017-8254/3.4/0002.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_htc_flounder.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_htc_flounder.sh
@ -71,4 +71,5 @@ git apply $cvePatchesLinux/LVT-2017-0003/3.10/0001.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2016-2475/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_htc_msm8974.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_htc_msm8974.sh
@ -25,4 +25,5 @@ git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0005.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_htc_msm8994.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_htc_msm8994.sh
@ -102,4 +102,5 @@ git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-
 git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_huawei_angler.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_huawei_angler.sh
@ -143,4 +143,5 @@ git apply $cvePatchesLinux/CVE-2016-2475/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-15845/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_bullhead.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_bullhead.sh
@ -134,4 +134,5 @@ git apply $cvePatchesLinux/LVT-2017-0003/3.10/0001.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_g3.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_g3.sh
@ -27,4 +27,5 @@ git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
 git apply $cvePatchesLinux/CVE-2017-8246/3.4/0002.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_hammerhead.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_hammerhead.sh
@ -40,4 +40,5 @@ git apply $cvePatchesLinux/CVE-2017-9242/^4.11/0001.patch
 git apply $cvePatchesLinux/CVE-2017-9684/ANY/0001.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_mako.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_mako.sh
@ -15,4 +15,5 @@ git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0005.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_msm8974.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_msm8974.sh
@ -24,4 +24,5 @@ git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
 git apply $cvePatchesLinux/CVE-2017-7487/ANY/0001.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_msm8992.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_msm8992.sh
@ -158,4 +158,5 @@ git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-15845/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-8281/3.10/0003.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_msm8996.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_msm8996.sh
@ -110,4 +110,5 @@ git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0610/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_moto_shamu.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_moto_shamu.sh
@ -101,4 +101,5 @@ git apply $cvePatchesLinux/CVE-2017-9242/^4.11/0001.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2016-2475/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8916.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8916.sh
@ -80,4 +80,5 @@ git apply $cvePatchesLinux/CVE-2016-5853/3.10/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8992.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8992.sh
@ -181,4 +181,5 @@ git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-15845/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-8281/3.10/0003.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_nextbit_msm8992.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_nextbit_msm8992.sh
@ -57,4 +57,5 @@ git apply $cvePatchesLinux/LVT-2017-0003/3.10/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_oneplus_msm8974.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_oneplus_msm8974.sh
@ -45,4 +45,5 @@ git apply $cvePatchesLinux/CVE-2017-9684/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-9706/ANY/0001.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_jf.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_jf.sh
@ -51,4 +51,5 @@ git apply $cvePatchesLinux/CVE-2017-8254/3.4/0002.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2016-2475/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_msm8974.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_msm8974.sh
@ -23,4 +23,5 @@ git apply $cvePatchesLinux/CVE-2017-8254/3.4/0002.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2016-2475/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_smdk4412.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_smdk4412.sh
@ -44,4 +44,5 @@ git apply $cvePatchesLinux/CVE-2017-7184/ANY/0002.patch
 git apply $cvePatchesLinux/CVE-2017-7308/ANY/0003.patch
 git apply $cvePatchesLinux/CVE-2017-7487/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2014-9781/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_universal8890.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_universal8890.sh
@ -133,4 +133,5 @@ git apply $cvePatchesLinux/Untracked/ANY/0007-USB-usbip-fix-potential-out-of-bou
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 #git apply $cvePatchesLinux/0002-Copperhead-Kernel_Hardening/3.18/0039.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.hp"
 cd $base
--- a/Scripts/LineageOS-14.1/Functions.sh
+++ b/Scripts/LineageOS-14.1/Functions.sh
@ -106,12 +106,7 @@ enableStrongEncryption() {
 }
 export -f enableStrongEncryption;

-hardenDefconfig() {
-	cd $base$1;
-
-	#Attempts to enable/disable supported options to increase security
-	#See https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
-
+getDefconfig() {
 	if ls arch/arm/configs/lineage*defconfig 1> /dev/null 2>&1; then
 		defconfigPath="arch/arm/configs/lineage*defconfig";
 	elif ls arch/arm64/configs/lineage*defconfig 1> /dev/null 2>&1; then
@ -119,7 +114,24 @@ hardenDefconfig() {
 	else
 		defconfigPath="arch/arm/configs/*defconfig arch/arm64/configs/*defconfig";
 	fi;
+	echo $defconfigPath;
 	#echo "Found defconfig at $defconfigPath"
+}
+export -f getDefconfig;
+
+editKernelLocalversion() {
+	defconfigPath=$(getDefconfig)
+	sed -i 's/CONFIG_LOCALVERSION=".*"/CONFIG_LOCALVERSION="'$1'"/' $defconfigPath &>/dev/null || true;
+}
+export -f editKernelLocalversion;
+
+hardenDefconfig() {
+	cd $base$1;
+
+	#Attempts to enable/disable supported options to increase security
+	#See https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
+
+	defconfigPath=$(getDefconfig)

 	#Enable supported options
 	#Disabled: CONFIG_DEBUG_SG (bootloops - https://patchwork.kernel.org/patch/8989981)
@ -144,6 +156,8 @@ hardenDefconfig() {
 	sed -i 's/CONFIG_DEFAULT_MMAP_MIN_ADDR=4096/CONFIG_DEFAULT_MMAP_MIN_ADDR=32768/' $defconfigPath &>/dev/null || true;
 	sed -i 's/CONFIG_LSM_MMAP_MIN_ADDR=4096/CONFIG_DEFAULT_MMAP_MIN_ADDR=32768/' $defconfigPath &>/dev/null || true;

+	editKernelLocalversion "-dos.h";
+
 	echo "Hardened defconfig for $1";
 	cd $base;
 }