crash-reporter: disable device coredumps in verified mode Device coredumps should only be available in developer mode. BUG=None TEST=link boot with devcoredump series Signed-off-by: Kees Cook <keescook@chromium.org> Change-Id: Ia86c32310887199b268b1f71221c6eb8a02f7827 Reviewed-on: https://chromium-review.googlesource.com/231386 Reviewed-by: Mike Frysinger <vapier@chromium.org>

commit: 554c898d6adb22b7f9e8ed77770fe4a2ee0a3afe [log] [tgz]
author: Kees Cook <keescook@chromium.org> Mon Nov 24 16:15:37 2014 -0800
committer: chrome-internal-fetch <chrome-internal-fetch@google.com> Wed Nov 26 06:07:52 2014 +0000
tree: 13baeb33ec8b991bff62fc5ba231fdf33836ed0c
parent: 8e5340a1d8a552a30dbf31acc3e885ded48d42a9 [diff]
diff --git a/crash_reporter/init/crash-reporter.conf b/crash_reporter/init/crash-reporter.conf
index 3463c60..19f2cdb 100644
--- a/crash_reporter/init/crash-reporter.conf
+++ b/crash_reporter/init/crash-reporter.conf

@@ -12,6 +12,12 @@
 
 pre-start script
   mkdir -p /var/spool
+
+  # Only allow device coredumps on a "developer system".
+  if ! is_developer_end_user; then
+    # consumer end-user - disable device coredumps, if driver exists.
+    echo 1 > /sys/class/devcoredump/disabled || true
+  fi
 end script
 
 # crash_reporter uses argv[0] as part of the command line for
commit	554c898d6adb22b7f9e8ed77770fe4a2ee0a3afe	[log] [tgz]
author	Kees Cook <keescook@chromium.org>	Mon Nov 24 16:15:37 2014 -0800
committer	chrome-internal-fetch <chrome-internal-fetch@google.com>	Wed Nov 26 06:07:52 2014 +0000
tree	13baeb33ec8b991bff62fc5ba231fdf33836ed0c
parent	8e5340a1d8a552a30dbf31acc3e885ded48d42a9 [diff]