From 6f0b8b118089aa2da7ec100a22a0f11aac3adc5b Mon Sep 17 00:00:00 2001
From: Eran Messeri <eranm@google.com>
Date: Wed, 11 Dec 2024 22:01:42 +0000
Subject: [PATCH] [AAPM] Enable MTE support for DevicePolicyManager

Set the system property that lets the DevicePolicyManager know it can
control Memory Tagging Extension on the device.

With this property set, when the user turns on AAPM, it will turn on
MTE.

Bug: 352420507
Test: Manual
Flag: android.security.aapm_feature_memory_tagging_extension
Change-Id: I2cf9b650286659bc36d0e304c1ad05ff5dac4d5c
---
 device-common.mk | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/device-common.mk b/device-common.mk
index 54e363d..841bcf0 100644
--- a/device-common.mk
+++ b/device-common.mk
@@ -60,6 +60,9 @@ PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.app.com.android.se=off
 PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.app.com.google.android.bluetooth=off
 PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.app.com.android.nfc=off
 PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.system_server=off
+# Also enable the system property that would turn on MTE when Android Advanced
+# Protection Mode is turned on.
+PRODUCT_PRODUCT_PROPERTIES += ro.arm64.memtag.bootctl_device_policy_manager=true
 endif
 endif