Merge "Move MTE mode settings to a product variable." into udc-d1-dev

                                    $(PRODUCT_MEMTAG_HEAP_ASYNC_INCLUDE_PATHS)

    combined_exclude_paths := $(MEMTAG_HEAP_EXCLUDE_PATHS) \

                              $(PRODUCT_MEMTAG_HEAP_EXCLUDE_PATHS)

    ifneq ($(PRODUCT_MEMTAG_HEAP_SKIP_DEFAULT_PATHS),true)

      combined_sync_include_paths += $(PRODUCT_MEMTAG_HEAP_SYNC_DEFAULT_INCLUDE_PATHS)

      combined_async_include_paths += $(PRODUCT_MEMTAG_HEAP_ASYNC_DEFAULT_INCLUDE_PATHS)

    endif

    ifeq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\

          $(filter $(dir)%,$(LOCAL_PATH)))),)

# Whether any paths should have HWASan enabled for components

_product_list_vars += PRODUCT_HWASAN_INCLUDE_PATHS

# Whether any paths should have Memtag_heap enabled for components

_product_list_vars += PRODUCT_MEMTAG_HEAP_ASYNC_INCLUDE_PATHS

_product_list_vars += PRODUCT_MEMTAG_HEAP_ASYNC_DEFAULT_INCLUDE_PATHS

_product_list_vars += PRODUCT_MEMTAG_HEAP_SYNC_INCLUDE_PATHS

_product_list_vars += PRODUCT_MEMTAG_HEAP_SYNC_DEFAULT_INCLUDE_PATHS

_product_list_vars += PRODUCT_MEMTAG_HEAP_EXCLUDE_PATHS

# Whether this product wants to start with an empty list of default memtag_heap include paths

_product_single_value_vars += PRODUCT_MEMTAG_HEAP_SKIP_DEFAULT_PATHS

# Whether the Scudo hardened allocator is disabled platform-wide

_product_single_value_vars += PRODUCT_DISABLE_SCUDO

$(call add_json_list, HWASanIncludePaths,                $(HWASAN_INCLUDE_PATHS) $(PRODUCT_HWASAN_INCLUDE_PATHS))

$(call add_json_list, MemtagHeapExcludePaths,            $(MEMTAG_HEAP_EXCLUDE_PATHS) $(PRODUCT_MEMTAG_HEAP_EXCLUDE_PATHS))

$(call add_json_list, MemtagHeapAsyncIncludePaths,       $(MEMTAG_HEAP_ASYNC_INCLUDE_PATHS) $(PRODUCT_MEMTAG_HEAP_ASYNC_INCLUDE_PATHS))

$(call add_json_list, MemtagHeapSyncIncludePaths,        $(MEMTAG_HEAP_SYNC_INCLUDE_PATHS) $(PRODUCT_MEMTAG_HEAP_SYNC_INCLUDE_PATHS))

$(call add_json_list, MemtagHeapAsyncIncludePaths,       $(MEMTAG_HEAP_ASYNC_INCLUDE_PATHS) $(PRODUCT_MEMTAG_HEAP_ASYNC_INCLUDE_PATHS) $(if $(filter true,$(PRODUCT_MEMTAG_HEAP_SKIP_DEFAULT_PATHS)),,$(PRODUCT_MEMTAG_HEAP_ASYNC_DEFAULT_INCLUDE_PATHS)))

$(call add_json_list, MemtagHeapSyncIncludePaths,       $(MEMTAG_HEAP_SYNC_INCLUDE_PATHS) $(PRODUCT_MEMTAG_HEAP_SYNC_INCLUDE_PATHS) $(if $(filter true,$(PRODUCT_MEMTAG_HEAP_SKIP_DEFAULT_PATHS)),,$(PRODUCT_MEMTAG_HEAP_SYNC_DEFAULT_INCLUDE_PATHS)))

$(call add_json_bool, DisableScudo,                      $(filter true,$(PRODUCT_DISABLE_SCUDO)))

# Enable CFI for security-sensitive components

$(call inherit-product, $(SRC_TARGET_DIR)/product/cfi-common.mk)

$(call inherit-product-if-exists, vendor/google/products/cfi-vendor.mk)

# Enable MTE for security-sensitive components

$(call inherit-product, $(SRC_TARGET_DIR)/product/memtag-common.mk)

$(call inherit-product-if-exists, vendor/google/products/memtag-vendor.mk)

# Copyright (C) 2023 The Android Open Source Project

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#      http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

#

# This is a recommended set of common components to enable MTE for.

PRODUCT_MEMTAG_HEAP_ASYNC_DEFAULT_INCLUDE_PATHS := \

    external/android-clat \

    external/iproute2 \

    external/iptables \

    external/mtpd \

    external/ppp \

    hardware/st/nfc \

    hardware/st/secure_element \

    hardware/st/secure_element2 \

    packages/modules/StatsD \

    system/bpf \

    system/netd/netutil_wrappers \

    system/netd/server