From 5acccc682d1990135f402c0c90378d2f73f2c3b6 Mon Sep 17 00:00:00 2001
From: Steve Fung <stevefung@google.com>
Date: Mon, 23 Nov 2015 17:55:11 -0800
Subject: [PATCH] crash_reporter: Use cacerts_google

Use /system/etc/security/cacerts_google as the default certificates
directory.  If the crash_reporter.full_certs property is set to 1,
use the full /system/etc/security/cacerts directory.  This
property can be set in a target's product.mk, if they decide to
configure crash_reporter with a crash_server not covered by the
cacerts_google subset of certificates.

Bug: 25798318
Change-Id: I617c3d13b74af8d9577823a8f1a61f8375bcb504
---
 crash_reporter/crash_sender | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/crash_reporter/crash_sender b/crash_reporter/crash_sender
index 95204a47b..a430ab58d 100755
--- a/crash_reporter/crash_sender
+++ b/crash_reporter/crash_sender
@@ -65,6 +65,7 @@ PAUSE_CRASH_SENDING="${CRASH_STATE_DIR}/lock/crash_sender_paused"
 # Path to a directory of restricted certificates which includes
 # a certificate for the crash server.
 RESTRICTED_CERTIFICATES_PATH="/system/etc/security/cacerts"
+RESTRICTED_CERTIFICATES_PATH_GOOGLE="/system/etc/security/cacerts_google"
 
 # File whose existence implies we're running and not to start again.
 RUN_FILE="${CRASH_STATE_DIR}/run/crash_sender.pid"
@@ -183,6 +184,18 @@ is_developer_mode() {
   fi
 }
 
+# Returns the path of the certificates directory to be used when sending
+# reports to the crash server.
+# If crash_reporter.full_certs=1, return the full certificates path.
+# Otherwise return the Google-specific certificates path.
+get_certificates_path() {
+  if [ "$(getprop crash_reporter.full_certs)" = "1" ]; then
+    echo "${RESTRICTED_CERTIFICATES_PATH}"
+  else
+    echo "${RESTRICTED_CERTIFICATES_PATH_GOOGLE}"
+  fi
+}
+
 # Return 0 if the uploading of device coredumps is allowed.
 is_device_coredump_upload_allowed() {
   [ -f "${DEVCOREDUMP_UPLOAD_FLAG_FILE}" ] && return 0
@@ -455,7 +468,7 @@ send_crash() {
 
   set +e
   curl "${url}" -f -v ${proxy:+--proxy "$proxy"} \
-    --capath "${RESTRICTED_CERTIFICATES_PATH}" --ciphers HIGH \
+    --capath "$(get_certificates_path)" --ciphers HIGH \
     -F "prod=${product}" \
     -F "ver=${version}" \
     -F "bdk_version=${bdk_version}" \
@@ -682,7 +695,7 @@ main() {
   # (like with autotests) that we're still running.
   echo $$ > "${RUN_FILE}"
 
-  for dependency in "${RESTRICTED_CERTIFICATES_PATH}"; do
+  for dependency in "$(get_certificates_path)"; do
     if [ ! -x "${dependency}" ]; then
       lecho "Fatal: Crash sending disabled: ${dependency} not found."
       exit 1