Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_base / 42d6ba6b44035df65e4226e44adf8ac34a3fa1e6^1..42d6ba6b44035df65e4226e44adf8ac34a3fa1e6 / .
commit42d6ba6b44035df65e4226e44adf8ac34a3fa1e6[log] [tgz]
authorFlorian Mayer <fmayer@google.com>Thu Feb 15 00:25:14 2024 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>Thu Feb 15 00:25:14 2024 +0000
tree4215132b5a337750a12a25856e2e45514d6e04f9
parent1d001a45ae7ec8dcb3d94fe33743bc6fc65a4a41 [diff]
parentb7e6a5f9dee8337a535916a1c12016786bded5f5 [diff]
Merge "Add API to query MTE state of device" into main
diff --git a/core/api/current.txt b/core/api/current.txt
index 6db3a4f..a3a895c 100644
--- a/core/api/current.txt
+++ b/core/api/current.txt

@@ -8117,6 +8117,7 @@
     method public boolean isLogoutEnabled();
     method public boolean isManagedProfile(@NonNull android.content.ComponentName);
     method public boolean isMasterVolumeMuted(@NonNull android.content.ComponentName);
+    method @FlaggedApi("android.app.admin.flags.is_mte_policy_enforced") public static boolean isMtePolicyEnforced();
     method public boolean isNetworkLoggingEnabled(@Nullable android.content.ComponentName);
     method public boolean isOrganizationOwnedDeviceWithManagedProfile();
     method public boolean isOverrideApnEnabled(@NonNull android.content.ComponentName);

diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 34fb754..9947c46 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java

@@ -55,6 +55,7 @@
 import static android.app.admin.flags.Flags.FLAG_ESIM_MANAGEMENT_ENABLED;
 import static android.app.admin.flags.Flags.FLAG_DEVICE_POLICY_SIZE_TRACKING_ENABLED;
 import static android.app.admin.flags.Flags.onboardingBugreportV2Enabled;
+import static android.app.admin.flags.Flags.FLAG_IS_MTE_POLICY_ENFORCED;
 import static android.content.Intent.LOCAL_FLAG_FROM_SYSTEM;
 import static android.net.NetworkCapabilities.NET_ENTERPRISE_ID_1;
 import static android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE;
@@ -153,6 +154,7 @@
 import com.android.internal.util.ArrayUtils;
 import com.android.internal.util.Preconditions;
 import com.android.org.conscrypt.TrustedCertificateStore;
+import com.android.internal.os.Zygote;
 
 import java.io.ByteArrayInputStream;
 import java.io.FileNotFoundException;
@@ -4117,6 +4119,19 @@
         return MTE_NOT_CONTROLLED_BY_POLICY;
     }
 
+    /**
+     * Get the current MTE state of the device.
+     *
+     * <a href="https://source.android.com/docs/security/test/memory-safety/arm-mte">
+     * Learn more about MTE</a>
+     *
+     * @return whether MTE is currently enabled on the device.
+     */
+    @FlaggedApi(FLAG_IS_MTE_POLICY_ENFORCED)
+    public static boolean isMtePolicyEnforced() {
+        return Zygote.nativeSupportsMemoryTagging();
+    }
+
     /** Indicates that content protection is not controlled by policy, allowing user to choose. */
     @FlaggedApi(android.view.contentprotection.flags.Flags.FLAG_MANAGE_DEVICE_POLICY_ENABLED)
     public static final int CONTENT_PROTECTION_NOT_CONTROLLED_BY_POLICY = 0;

diff --git a/core/java/android/app/admin/flags/flags.aconfig b/core/java/android/app/admin/flags/flags.aconfig
index 726ddad..cbd8e5b 100644
--- a/core/java/android/app/admin/flags/flags.aconfig
+++ b/core/java/android/app/admin/flags/flags.aconfig

@@ -139,3 +139,10 @@
   description: "Add Headless DO support."
   bug: "289515470"
 }
+
+flag {
+  name: "is_mte_policy_enforced"
+  namespace: "enterprise"
+  description: "Allow to query whether MTE is enabled or not to check for compliance for enterprise policy"
+  bug: "322777918"
+}