From 93f62bcad302d8a87338d482f315f6b28e71dc6d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Konsta=20Alaj=C3=A4rvi?= <konsta.alajarvi@qt.io>
Date: Thu, 15 May 2025 14:06:27 +0300
Subject: [PATCH] CRA: Android: Mark QtLoader.java as security critical

Mark QtLoader as critical with "execute-external-code" due to
library loading in:
-loadQtLibraries()
-loadLibraryHelper()
-loadMainLibrary()
-loadLibraries()
QtLoader also parses library paths in:
-parseNativeLibrariesDir()

Fixes: QTBUG-136726
Task-number: QTBUG-135178
Pick-to: 6.8
Change-Id: I58a11fd44ea8159b8399ac7a27fd50eaab8185a6
Reviewed-by: Assam Boudjelthia <assam.boudjelthia@qt.io>
(cherry picked from commit fd52f868accab86f800d632014300aaa4920663a)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 8447cd262f996b189fd30650aa1ada0c3609d66c)
---
 src/android/jar/src/org/qtproject/qt/android/QtLoader.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/android/jar/src/org/qtproject/qt/android/QtLoader.java b/src/android/jar/src/org/qtproject/qt/android/QtLoader.java
index 8ea5f526020..08fd9f6d7bc 100644
--- a/src/android/jar/src/org/qtproject/qt/android/QtLoader.java
+++ b/src/android/jar/src/org/qtproject/qt/android/QtLoader.java
@@ -1,6 +1,7 @@
 // Copyright (C) 2023 The Qt Company Ltd.
 // Copyright (c) 2019, BogDan Vatra <bogdan@kde.org>
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:significant reason:trusted-data-only
 
 package org.qtproject.qt.android;