Add option to disabe /sys hardening

etc/hide-hardware-info.d/30_default.conf

@@ -7,6 +7,9 @@
 ## Disable the /proc/cpuinfo whitelist.
 #cpuinfo_whitelist=0
 
+## Disable /sys hardening.
+#sysfs=0
+
 ## Disable selinux mode.
 ## https://www.whonix.org/wiki/Security-misc#selinux
 #selinux=0

usr/libexec/security-misc/hide-hardware-info

@@ -8,6 +8,8 @@ set -e
 sysfs_whitelist=1
 cpuinfo_whitelist=1
 
+sysfs=1
+
 ## https://www.whonix.org/wiki/Security-misc#selinux
 selinux=0
 
@@ -53,6 +55,7 @@ for i in /proc/cpuinfo /proc/bus /proc/scsi /sys
 do
   if [ -e "${i}" ]; then
     if [ "${i}" = "/sys" ]; then
+      if [ "${sysfs}" = "1" ]; then
         ## Whitelist for /sys.
         if [ "${sysfs_whitelist}" = "1" ]; then
           create_whitelist sysfs
@@ -60,6 +63,7 @@ do
           chmod og-rwx /sys
           echo "INFO: The sysfs whitelist is not enabled. Some things may not work properly."
         fi
+      fi
     elif [ "${i}" = "/proc/cpuinfo" ]; then
       ## Whitelist for /proc/cpuinfo.
       if [ "${cpuinfo_whitelist}" = "1" ]; then
@@ -80,6 +84,8 @@ do
   fi
 done
 
+
+if [ "${sysfs}" = "1" ]; then
   ## restrict permissions on everything but
   ## what is needed
   for i in /sys/* /sys/fs/*
@@ -111,3 +117,4 @@ if [ -d /sys/fs/selinux ]; then
       echo "INFO: SELinux detected, but SELinux mode is not enabled. Some userspace utilities may not work properly."
     fi
   fi
+fi