1 files changed, 65 insertions, 16 deletions

diff --git a/services/core/java/com/android/server/am/ProcessList.java b/services/core/java/com/android/server/am/ProcessList.java
index 812fc6c6ff56..e606b2b4e4c7 100644
--- a/services/core/java/com/android/server/am/ProcessList.java
+++ b/services/core/java/com/android/server/am/ProcessList.java
@@ -1509,6 +1509,57 @@ public final class ProcessList {
         }
     }
 
+    private boolean shouldEnableMemoryTagging(ProcessRecord app) {
+        // Ensure the hardware + kernel actually supports MTE.
+        if (!Zygote.nativeSupportsMemoryTagging()) {
+            return false;
+        }
+
+        // Enable MTE for system apps if supported.
+        if ((app.info.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
+            return true;
+        }
+
+        // Enable MTE if the compat feature is enabled.
+        if (mPlatformCompat.isChangeEnabled(NATIVE_MEMORY_TAGGING, app.info)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    private boolean shouldEnableTaggedPointers(ProcessRecord app) {
+        // Ensure we have platform + kernel support for TBI.
+        if (!Zygote.nativeSupportsTaggedPointers()) {
+            return false;
+        }
+
+        // Enable TBI for system apps if supported.
+        if ((app.info.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
+            return true;
+        }
+
+        // Enable TBI if the compat feature is enabled.
+        if (!mPlatformCompat.isChangeEnabled(NATIVE_HEAP_POINTER_TAGGING, app.info)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    private int decideTaggingLevel(ProcessRecord app) {
+        // Check MTE support first, as it should take precedence over TBI.
+        if (shouldEnableMemoryTagging(app)) {
+            return Zygote.MEMORY_TAG_LEVEL_ASYNC;
+        }
+
+        if (shouldEnableTaggedPointers(app)) {
+            return Zygote.MEMORY_TAG_LEVEL_TBI;
+        }
+
+        return 0;
+    }
+
     /**
      * @return {@code true} if process start is successful, false otherwise.
      */
@@ -1672,22 +1723,6 @@ public final class ProcessList {
                 runtimeFlags |= Zygote.USE_APP_IMAGE_STARTUP_CACHE;
             }
 
-            if (Zygote.nativeSupportsMemoryTagging()) {
-                // System apps are generally more privileged than regular apps, and don't have the
-                // same app compat concerns as regular apps, so we enable async tag checks for all
-                // of their processes.
-                if ((app.info.flags & ApplicationInfo.FLAG_SYSTEM) != 0
-                        || mPlatformCompat.isChangeEnabled(NATIVE_MEMORY_TAGGING, app.info)) {
-                    runtimeFlags |= Zygote.MEMORY_TAG_LEVEL_ASYNC;
-                }
-            } else if (Zygote.nativeSupportsTaggedPointers()) {
-                // Enable heap pointer tagging if supported by the kernel, unless disabled by the
-                // target sdk level or compat feature.
-                if (mPlatformCompat.isChangeEnabled(NATIVE_HEAP_POINTER_TAGGING, app.info)) {
-                    runtimeFlags |= Zygote.MEMORY_TAG_LEVEL_TBI;
-                }
-            }
-
             String invokeWith = null;
             if ((app.info.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0) {
                 // Debuggable apps may include a wrapper script with their library directory.
@@ -1716,6 +1751,20 @@ public final class ProcessList {
             app.setRequiredAbi(requiredAbi);
             app.instructionSet = instructionSet;
 
+            // If instructionSet is non-null, this indicates that the system_server is spawning a
+            // process with an ISA that may be different from its own. System (kernel and hardware)
+            // compatililty for these features is checked in the decideTaggingLevel in the
+            // system_server process (not the child process). As both MTE and TBI are only supported
+            // in aarch64, we can simply ensure that the new process is also aarch64. This prevents
+            // the mismatch where a 64-bit system server spawns a 32-bit child that thinks it should
+            // enable some tagging variant. Theoretically, a 32-bit system server could exist that
+            // spawns 64-bit processes, in which case the new process won't get any tagging. This is
+            // fine as we haven't seen this configuration in practice, and we can reasonable assume
+            // that if tagging is desired, the system server will be 64-bit.
+            if (instructionSet == null || instructionSet.equals("arm64")) {
+                runtimeFlags |= decideTaggingLevel(app);
+            }
+
             // the per-user SELinux context must be set
             if (TextUtils.isEmpty(app.info.seInfoUser)) {
                 Slog.wtf(ActivityManagerService.TAG, "SELinux tag not defined",