Evolution-X-Tensor/device_google_zumapro
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[v2] Disable MTE on certain system processes that have it enabled by default

Browse source 
A bunch of stuff in build/make/target/product/memtag-common.mk is specified has having MTE by default, in order to ensure that OEMs that have MTE-capable devices get a default level of MTE on security sensitive processes.

For now, on these devices, ensure that devices that enable MTE through the developer toggle (or the bootloader cmdline) only have the zygote with MTE.

Last attempt was accidentally only applied to dev boards (I thought the device product inherited), but now set it as the base of zumapro.

Bug: 327060622
Change-Id: I57b08b6edcf3ebdcbc790e29b89e70bc0edbc5fd
Test: Boot device, `fastboot oem mte enable`, follow instructions at b/b/327060622
This commit is contained in:
Mitch Phillips 2024-03-05 11:26:44 +00:00
parent c93437da20
commit 35d07fcc98
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
device-common.mk
View file

@ -53,4 +53,8 @@ PRODUCT_VENDOR_PROPERTIES += \
# force enable MTE.
ifeq (,$(filter %_fullmte,$(TARGET_PRODUCT)))
PRODUCT_PRODUCT_PROPERTIES += ro.arm64.memtag.bootctl_supported=1
PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.app.com.android.se=off
PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.app.com.google.android.bluetooth=off
PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.app.com.android.nfc=off
PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.system_server=off
endif