This file is indexed.

/usr/src/linux-source-4.4.0/debian/scripts/config-check is in linux-source-4.4.0 4.4.0-51.72.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
#!/usr/bin/perl
#
# check-config -- check the current config for issues
#
use strict;

my $P = 'check-config';

my $test = -1;
if ($ARGV[0] eq '--test') {
	$test = $ARGV[1] + 0;
} elsif ($#ARGV != 4) {
	die "Usage: $P <config> <arch> <flavour> <commonconfig> <warn-only>\n";
}

my ($config, $arch, $flavour, $commonconfig, $warn_only) = @ARGV;

my %values = ();

# If we are in overridden then still perform the checks and emit the messages
# but do not return failure.  Those items marked FATAL will alway trigger
# failure.
my $fail_exit = 1;
$fail_exit = 0 if ($warn_only eq 'true' || $warn_only eq '1');
my $exit_val = 0;

# Load up the current configuration values -- FATAL if this fails
print "$P: $config: loading config\n";
open(CONFIG, "<$config") || die "$P: $config: open failed -- $! -- aborting\n";
while (<CONFIG>) {
	# Pull out values.
	/^#*\s*(CONFIG_\w+)[\s=](.*)$/ or next;
	if ($2 eq 'is not set') {
		$values{$1} = 'n';
	} else {
		$values{$1} = $2;
	}
}
close(CONFIG);

# ANNOTATIONS: check any annotations marked for enforcement
my $pass = 0;
my $total = 0;
my $annotations = "$commonconfig/annotations";
my ($config, $value, $options, $option, $value, $check, $policy);
print "$P: $annotations loading annotations\n";
my %annot;
my $form = 1;
open(ANNOTATIONS, "<$annotations") || die "$P: $annotations: open failed -- $! -- aborting\n";
while (<ANNOTATIONS>) {
	if (/^# FORMAT: (\S+)/) {
		die "$P: $1: unknown annotations format\n" if ($1 != 2);
		$form = $1;
	}

	/^#/ && next;
	chomp;
	/^$/ && next;

	/^CONFIG_/ || next;

	if ($form == 1) {
		($config, $value, $options) = split(' ', $_, 3);
	} elsif ($form == 2) {
		($config, $options) = split(' ', $_, 2);
	}

	$annot{$config} = $annot{$config} . ' ' . $options;
}
close(ANNOTATIONS);

my $config;
for $config (keys %annot) {
	$check = 0;
	$options = $annot{$config};

	$policy = undef;
	while ($options =~ /\s*(\S+)<(.*?)?>/g) {
		($option, $value) = ($1, $2);

		if ($option eq 'mark' && $value eq 'ENFORCED') {
			$check = 1;

		} elsif ($option eq 'policy') {
			if ($value =~ /^{/) {
				$value =~ s/:/=>/g;
				$policy = eval($value);
				warn "$@" if ($@);
			} else {
				$policy = undef;
			}
		}
	}
	if ($check == 1 && !defined($policy)) {
		print "$P: INVALID POLICY (use policy<{...}>) $config$options\n";
		$total++;
		$check = 0;
	}
	if ($check) {
		my $is = '-';
		$is = $values{$config} if (defined $values{$config});

		my $value = '-';
		for my $which ("$arch-$flavour", "$arch-*", "*-$flavour", "$arch", "*") {
			if (defined $policy->{$which}) {
				$value = $policy->{$which};
				last;
			}
		}
		if ($is eq $value) {
			$pass++;
		} else {
			print "$P: FAIL ($is != $value): $config$options\n";
			$exit_val = $fail_exit;
		}
		$total++;
	}
}

print "$P: $pass/$total checks passed -- exit $exit_val\n";
exit $exit_val;