From 30f5ad0329867d266529a4e88db287f3a5d49749 Mon Sep 17 00:00:00 2001
From: Jani Korteniemi <jani.korteniemi@qt.io>
Date: Tue, 13 May 2025 13:26:07 +0300
Subject: [PATCH] Mark qtbase/src/android files as security sensitive

QtApkFileEngine.java
-File/Data parsing

QtClipboardManager.java
-Text/Url parsing

QtEditText.java
-Password input type

Pick-to: 6.9 6.8
Fixes: QTBUG-136730
Task-number: QTBUG-135178
Change-Id: Ib2b574825e1f4acdc96c7bc781dbae00a274bd50
Reviewed-by: Assam Boudjelthia <assam.boudjelthia@qt.io>
---
 .../jar/src/org/qtproject/qt/android/QtApkFileEngine.java        | 1 +
 .../jar/src/org/qtproject/qt/android/QtClipboardManager.java     | 1 +
 src/android/jar/src/org/qtproject/qt/android/QtEditText.java     | 1 +
 3 files changed, 3 insertions(+)

diff --git a/src/android/jar/src/org/qtproject/qt/android/QtApkFileEngine.java b/src/android/jar/src/org/qtproject/qt/android/QtApkFileEngine.java
index 78eb4d5c492..78ac9748616 100644
--- a/src/android/jar/src/org/qtproject/qt/android/QtApkFileEngine.java
+++ b/src/android/jar/src/org/qtproject/qt/android/QtApkFileEngine.java
@@ -1,5 +1,6 @@
 // Copyright (C) 2024 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:file-handling
 
 package org.qtproject.qt.android;
 
diff --git a/src/android/jar/src/org/qtproject/qt/android/QtClipboardManager.java b/src/android/jar/src/org/qtproject/qt/android/QtClipboardManager.java
index 9c3e9aff768..c4fbf1ae302 100644
--- a/src/android/jar/src/org/qtproject/qt/android/QtClipboardManager.java
+++ b/src/android/jar/src/org/qtproject/qt/android/QtClipboardManager.java
@@ -1,5 +1,6 @@
 // Copyright (C) 2023 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 package org.qtproject.qt.android;
 
diff --git a/src/android/jar/src/org/qtproject/qt/android/QtEditText.java b/src/android/jar/src/org/qtproject/qt/android/QtEditText.java
index 00928cfc88e..4a0fd0a705f 100644
--- a/src/android/jar/src/org/qtproject/qt/android/QtEditText.java
+++ b/src/android/jar/src/org/qtproject/qt/android/QtEditText.java
@@ -1,6 +1,7 @@
 // Copyright (C) 2016 The Qt Company Ltd.
 // Copyright (C) 2012 BogDan Vatra <bogdan@kde.org>
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:password-input-type
 
 package org.qtproject.qt.android;