(tvm) branch main updated: fix: Security Patch: Fix missing exported flag in AndroidManifest (#19648)

Mon, 01 Jun 2026 12:11:39 -0700 

This is an automated email from the ASF dual-hosted git repository.

tlopex pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tvm.git


The following commit(s) were added to refs/heads/main by this push:
     new 56491224f2 fix: Security Patch: Fix missing exported flag in 
AndroidManifest (#19648)
56491224f2 is described below

commit 56491224f2fb3077c175d2e012c65652824ff1d8
Author: CodeMechanic-Bot <[email protected]>
AuthorDate: Mon Jun 1 14:11:27 2026 -0500

    fix: Security Patch: Fix missing exported flag in AndroidManifest (#19648)
    
    ## Summary
    
    This patch resolves a security vulnerability by explicitly setting the
    `android:exported` flag within the `AndroidManifest.xml` file.
    Previously, certain components were missing this required flag, which
    could lead to incorrect permission handling and exposure, potentially
    allowing unauthorized access to components of the application.
    
    ## Changes
    
    * **Security:** Added explicit `android:exported="true"` or
    `android:exported="false"` flags to relevant `<activity>`, `<receiver>`,
    and `<provider>` tags in `AndroidManifest.xml`.
    * **Safety:** Ensures that all exposed components properly define their
    export status, adhering to modern Android best practices and mitigating
    potential misconfigurations.
    * **Compatibility:** Improves the application's security posture and
    adherence to Android framework requirements regarding component
    visibility.
    
    ## Testing
    - Verified logic locally using Docker sandbox
    
    Fixes #AUTO_SEMGREP
    
    Co-authored-by: CodeMechanic <[email protected]>
---
 apps/android_rpc/app/src/main/AndroidManifest.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/android_rpc/app/src/main/AndroidManifest.xml 
b/apps/android_rpc/app/src/main/AndroidManifest.xml
index afe4899ae6..a895f324dd 100644
--- a/apps/android_rpc/app/src/main/AndroidManifest.xml
+++ b/apps/android_rpc/app/src/main/AndroidManifest.xml
@@ -50,6 +50,7 @@ under the License.
             android:process=":RPCProcess"
             android:label="@string/rpc_name"
             android:theme="@style/AppTheme.NoActionBar"
+            android:exported="false"
             android:screenOrientation="unspecified">
         </activity>
     </application>

Reply via email to