35d07fcc98
A bunch of stuff in build/make/target/product/memtag-common.mk is specified has having MTE by default, in order to ensure that OEMs that have MTE-capable devices get a default level of MTE on security sensitive processes. For now, on these devices, ensure that devices that enable MTE through the developer toggle (or the bootloader cmdline) only have the zygote with MTE. Last attempt was accidentally only applied to dev boards (I thought the device product inherited), but now set it as the base of zumapro. Bug: 327060622 Change-Id: I57b08b6edcf3ebdcbc790e29b89e70bc0edbc5fd Test: Boot device, `fastboot oem mte enable`, follow instructions at b/b/327060622
60 lines
2.4 KiB
Makefile
60 lines
2.4 KiB
Makefile
#
|
|
# Copyright (C) 2020 The Android Open-Source Project
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
-include vendor/google_devices/zumapro/proprietary/telephony/device-vendor.mk
|
|
include device/google/zumapro/device.mk
|
|
|
|
# Telephony
|
|
PRODUCT_COPY_FILES += \
|
|
frameworks/native/data/etc/android.hardware.telephony.carrierlock.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.telephony.carrierlock.xml
|
|
|
|
# Android Verified Boot
|
|
PRODUCT_COPY_FILES += \
|
|
frameworks/native/data/etc/android.software.verified_boot.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.software.verified_boot.xml
|
|
|
|
# Set system properties identifying the chipset
|
|
PRODUCT_VENDOR_PROPERTIES += ro.soc.manufacturer=Google
|
|
TARGET_VENDOR_PROP += device/google/zumapro/vendor.prop
|
|
|
|
PRODUCT_PRODUCT_PROPERTIES += \
|
|
persist.vendor.testing_battery_profile=2
|
|
|
|
# The default value of this variable is false and should only be set to true when
|
|
# the device allows users to retain eSIM profiles after factory reset of user data.
|
|
PRODUCT_PRODUCT_PROPERTIES += \
|
|
masterclear.allow_retain_esim_profiles_after_fdr=true
|
|
|
|
# ZramWriteback
|
|
-include hardware/google/pixel/mm/device_gki.mk
|
|
|
|
# Set thermal warm reset
|
|
PRODUCT_PRODUCT_PROPERTIES += \
|
|
ro.thermal_warmreset = true
|
|
|
|
# Generic zram size setting, can be overridden in project-specific device.mk
|
|
PRODUCT_VENDOR_PROPERTIES += \
|
|
vendor.zram.size?=50p
|
|
|
|
# Indicate that the bootloader supports the MTE developer option switch
|
|
# (MISC_MEMTAG_MODE_MEMTAG_ONCE), with the exception of _fullmte products that
|
|
# force enable MTE.
|
|
ifeq (,$(filter %_fullmte,$(TARGET_PRODUCT)))
|
|
PRODUCT_PRODUCT_PROPERTIES += ro.arm64.memtag.bootctl_supported=1
|
|
PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.app.com.android.se=off
|
|
PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.app.com.google.android.bluetooth=off
|
|
PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.app.com.android.nfc=off
|
|
PRODUCT_PRODUCT_PROPERTIES += persist.arm64.memtag.system_server=off
|
|
endif
|