Set the system property that lets the DevicePolicyManager know it can
control Memory Tagging Extension on the device.
With this property set, when the user turns on AAPM, it will turn on
MTE.
Bug: 352420507
Test: Manual
Flag: android.security.aapm_feature_memory_tagging_extension
Change-Id: I2cf9b650286659bc36d0e304c1ad05ff5dac4d5c
MTE is a low overhead tool which enables detection of memory
safety bugs in interactive workloads. See
https://source.android.com/docs/security/test/memory-safety/arm-mte
for background and information.
This change enables MTE by default on -eng builds. See
go/mte-eng for more information.
Co-authored-by: Evgenii Stepanov <eugenis@google.com>
Test: Device boots and no MTE crashes
Bug: 316398899
Flag: EXEMPT only affects eng builds, not shipping code
Change-Id: I8be52af4f0349907651ae661972c85ea46e2aa72
A bunch of stuff in build/make/target/product/memtag-common.mk is specified has having MTE by default, in order to ensure that OEMs that have MTE-capable devices get a default level of MTE on security sensitive processes.
For now, on these devices, ensure that devices that enable MTE through the developer toggle (or the bootloader cmdline) only have the zygote with MTE.
Last attempt was accidentally only applied to dev boards (I thought the device product inherited), but now set it as the base of zumapro.
Bug: 327060622
Change-Id: I57b08b6edcf3ebdcbc790e29b89e70bc0edbc5fd
Test: Boot device, `fastboot oem mte enable`, follow instructions at b/b/327060622
