scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-02 03:18:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Add audit-secureblue checks for flatpak bluetooth and ptrace access (#438)

Browse Source 
* Add check for bluetooth and ptrace

* Add check for flatpak bluetooth and ptrace access
This commit is contained in:
Rubiginosa
2024-10-04 13:18:14 -04:00
committed by GitHub
parent 5deb22e35b
commit 7ae972e095
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
files/system/usr/share/ublue-os/just/70-secureblue.just
View File

@@ -418,6 +418,7 @@ audit-secureblue:
print_status "$SYSCTL_TEST_STRING" "$STATUS_SUCCESS"
else
print_status "$SYSCTL_TEST_STRING" "$STATUS_FAILURE"
bluetooth_loaded=true
fi
SYSCTL_TEST_STRING="Ensuring ptrace is forbidden"
@@ -425,6 +426,7 @@ audit-secureblue:
print_status "$SYSCTL_TEST_STRING" "$STATUS_SUCCESS"
else
print_status "$SYSCTL_TEST_STRING" "$STATUS_FAILURE"
ptrace_allowed=true
fi
AUTHSELECT_TEST_STRING="Ensuring no authselect overrides"
@@ -598,6 +600,14 @@ audit-secureblue:
status="$STATUS_FAILURE"
warnings+=("> $f is not using hardened_malloc!")
fi
if [[ "$bluetooth_loaded" == "true" ]] && hasPermission "$permissions" "features" "bluetooth"; then
status="$STATUS_FAILURE"
warnings+=("> $f has bluetooth access!")
fi
if [[ "$ptrace_allowed" == "true" ]] && hasPermission "$permissions" "features" "devel"; then
status="$STATUS_FAILURE"
warnings+=("> $f has ptrace access!")
fi
flatpak_test_string="Auditing $f"
print_status "$flatpak_test_string" "$status"
for warning in "${warnings[@]}"; do