Gitiles
Code Review Sign In
review.blissroms.org / platform_system_core_old / f8853b712ae2da148d3be371145346de17d7cd13^! / .
commitf8853b712ae2da148d3be371145346de17d7cd13[log] [tgz]
authorSteve Fung <stevefung@google.com>Mon Nov 23 17:55:11 2015 -0800
committerSteve Fung <stevefung@google.com>Mon Nov 23 17:55:11 2015 -0800
treedc547982e136ff224757a2a79f4b7101e3124aeb
parent87d03b38ccf1acc5b8628ec993ceb2bb780299ca [diff]
crash_reporter: Use cacerts_google

Use /system/etc/security/cacerts_google as the default certificates
directory.  If the crash_reporter.full_certs property is set to 1,
use the full /system/etc/security/cacerts directory.  This
property can be set in a target's product.mk, if they decide to
configure crash_reporter with a crash_server not covered by the
cacerts_google subset of certificates.

Bug: 25798318
Change-Id: I617c3d13b74af8d9577823a8f1a61f8375bcb504

diff --git a/crash_reporter/crash_sender b/crash_reporter/crash_sender
index 95204a4..a430ab5 100755
--- a/crash_reporter/crash_sender
+++ b/crash_reporter/crash_sender

@@ -65,6 +65,7 @@
 # Path to a directory of restricted certificates which includes
 # a certificate for the crash server.
 RESTRICTED_CERTIFICATES_PATH="/system/etc/security/cacerts"
+RESTRICTED_CERTIFICATES_PATH_GOOGLE="/system/etc/security/cacerts_google"
 
 # File whose existence implies we're running and not to start again.
 RUN_FILE="${CRASH_STATE_DIR}/run/crash_sender.pid"
@@ -183,6 +184,18 @@
   fi
 }
 
+# Returns the path of the certificates directory to be used when sending
+# reports to the crash server.
+# If crash_reporter.full_certs=1, return the full certificates path.
+# Otherwise return the Google-specific certificates path.
+get_certificates_path() {
+  if [ "$(getprop crash_reporter.full_certs)" = "1" ]; then
+    echo "${RESTRICTED_CERTIFICATES_PATH}"
+  else
+    echo "${RESTRICTED_CERTIFICATES_PATH_GOOGLE}"
+  fi
+}
+
 # Return 0 if the uploading of device coredumps is allowed.
 is_device_coredump_upload_allowed() {
   [ -f "${DEVCOREDUMP_UPLOAD_FLAG_FILE}" ] && return 0
@@ -455,7 +468,7 @@
 
   set +e
   curl "${url}" -f -v ${proxy:+--proxy "$proxy"} \
-    --capath "${RESTRICTED_CERTIFICATES_PATH}" --ciphers HIGH \
+    --capath "$(get_certificates_path)" --ciphers HIGH \
     -F "prod=${product}" \
     -F "ver=${version}" \
     -F "bdk_version=${bdk_version}" \
@@ -682,7 +695,7 @@
   # (like with autotests) that we're still running.
   echo $$ > "${RUN_FILE}"
 
-  for dependency in "${RESTRICTED_CERTIFICATES_PATH}"; do
+  for dependency in "$(get_certificates_path)"; do
     if [ ! -x "${dependency}" ]; then
       lecho "Fatal: Crash sending disabled: ${dependency} not found."
       exit 1