crash-reporter: disable device coredumps in verified mode

Device coredumps should only be available in developer mode. BUG=None TEST=link boot with devcoredump series Signed-off-by: Kees Cook <keescook@chromium.org> Change-Id: Ia86c32310887199b268b1f71221c6eb8a02f7827 Reviewed-on: https://chromium-review.googlesource.com/231386 Reviewed-by: Mike Frysinger <vapier@chromium.org>
2014-11-24 16:15:37 -08:00 · 2014-11-24 16:15:37 -08:00 · 554c898d6a
parent 8e5340a1d8
commit 554c898d6a
1 changed files with 6 additions and 0 deletions
--- a/crash_reporter/init/crash-reporter.conf
+++ b/crash_reporter/init/crash-reporter.conf
@ -12,6 +12,12 @@ start on starting system-services

 pre-start script
  mkdir -p /var/spool
+
+  # Only allow device coredumps on a "developer system".
+  if ! is_developer_end_user; then
+    # consumer end-user - disable device coredumps, if driver exists.
+    echo 1 > /sys/class/devcoredump/disabled || true
+  fi
 end script

 # crash_reporter uses argv[0] as part of the command line for