feat: Add blacklist check for currently loaded modules (#440)

* Add blacklist check for currently loaded modules

* Remove redundant bluetooth check

* Correct misuse of SYSCTL test string

* return check for flatpak bluetooth

* fix variable name

* fix array size check

files/system/usr/share/ublue-os/just/70-secureblue.just

@@ -407,18 +407,17 @@ audit-secureblue:
     fi
 
     MODPROBE_TEST_STRING="Ensuring no modprobe overrides"
-    if diff /usr/etc/modprobe.d/blacklist.conf /etc/modprobe.d/blacklist.conf > /dev/null; then
+    readarray -t unwanted_modules < <(comm -12 <(lsmod | cut -f 1 -d " " | sort) <(cat /usr/etc/modprobe.d/blacklist.conf | grep -E '^(blacklist)|(install)' | cut -f 2 -d " " | sort))
+    if [[ "${#unwanted_modules[@]}" == 0 ]] && diff /usr/etc/modprobe.d/blacklist.conf /etc/modprobe.d/blacklist.conf > /dev/null; then
         print_status "$MODPROBE_TEST_STRING" "$STATUS_SUCCESS"
     else
         print_status "$MODPROBE_TEST_STRING" "$STATUS_FAILURE"
-    fi
-
-    BLUETOOTH_TEST_STRING="Ensuring bluetooth is not loaded"
-    if ! lsmod | cut -d " " -f 1 | grep -w "bluetooth" > /dev/null; then
-        print_status "$BLUETOOTH_TEST_STRING" "$STATUS_SUCCESS"
-    else
-        print_status "$BLUETOOTH_TEST_STRING" "$STATUS_FAILURE"
-        bluetooth_loaded=true
+        for module in "${unwanted_modules[@]}"; do
+            echo "> $module is in blacklist.conf but it is loaded"
+            if [[ "$module" == "bluetooth" ]]; then
+                bluetooth_loaded=true
+            fi
+        done
     fi
 
     PTRACE_TEST_STRING="Ensuring ptrace is forbidden"