Add API to query MTE state of device
Test: atest MemtagBootctlTest -- \
--template:map preparers=template/preparers/feature-flags \
--flag-value enterprise/android.app.admin.flags.is_mte_enabled=true
Bug: 322777918
Change-Id: I336ddda78f380de3bb4d38dffccaa20b1671f817
diff --git a/core/api/current.txt b/core/api/current.txt
index 70babd3..5098cf3 100644
--- a/core/api/current.txt
+++ b/core/api/current.txt
@@ -8109,6 +8109,7 @@
method public boolean isLogoutEnabled();
method public boolean isManagedProfile(@NonNull android.content.ComponentName);
method public boolean isMasterVolumeMuted(@NonNull android.content.ComponentName);
+ method @FlaggedApi("android.app.admin.flags.is_mte_policy_enforced") public static boolean isMtePolicyEnforced();
method public boolean isNetworkLoggingEnabled(@Nullable android.content.ComponentName);
method public boolean isOrganizationOwnedDeviceWithManagedProfile();
method public boolean isOverrideApnEnabled(@NonNull android.content.ComponentName);
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 9d50810..c899648 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -53,6 +53,7 @@
import static android.Manifest.permission.SET_TIME_ZONE;
import static android.app.admin.flags.Flags.FLAG_ESIM_MANAGEMENT_ENABLED;
import static android.app.admin.flags.Flags.onboardingBugreportV2Enabled;
+import static android.app.admin.flags.Flags.FLAG_IS_MTE_POLICY_ENFORCED;
import static android.content.Intent.LOCAL_FLAG_FROM_SYSTEM;
import static android.net.NetworkCapabilities.NET_ENTERPRISE_ID_1;
import static android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE;
@@ -151,6 +152,7 @@
import com.android.internal.util.ArrayUtils;
import com.android.internal.util.Preconditions;
import com.android.org.conscrypt.TrustedCertificateStore;
+import com.android.internal.os.Zygote;
import java.io.ByteArrayInputStream;
import java.io.FileNotFoundException;
@@ -4115,6 +4117,19 @@
return MTE_NOT_CONTROLLED_BY_POLICY;
}
+ /**
+ * Get the current MTE state of the device.
+ *
+ * <a href="https://source.android.com/docs/security/test/memory-safety/arm-mte">
+ * Learn more about MTE</a>
+ *
+ * @return whether MTE is currently enabled on the device.
+ */
+ @FlaggedApi(FLAG_IS_MTE_POLICY_ENFORCED)
+ public static boolean isMtePolicyEnforced() {
+ return Zygote.nativeSupportsMemoryTagging();
+ }
+
/** Indicates that content protection is not controlled by policy, allowing user to choose. */
@FlaggedApi(android.view.contentprotection.flags.Flags.FLAG_MANAGE_DEVICE_POLICY_ENABLED)
public static final int CONTENT_PROTECTION_NOT_CONTROLLED_BY_POLICY = 0;
diff --git a/core/java/android/app/admin/flags/flags.aconfig b/core/java/android/app/admin/flags/flags.aconfig
index 30cd1b7..245105d 100644
--- a/core/java/android/app/admin/flags/flags.aconfig
+++ b/core/java/android/app/admin/flags/flags.aconfig
@@ -132,3 +132,10 @@
description: "Add Headless DO support."
bug: "289515470"
}
+
+flag {
+ name: "is_mte_policy_enforced"
+ namespace: "enterprise"
+ description: "Allow to query whether MTE is enabled or not to check for compliance for enterprise policy"
+ bug: "322777918"
+}