From f88c65f6c95fcf516658c6191331a6f3103786aa Mon Sep 17 00:00:00 2001 From: Amir Hamza Date: Wed, 10 Jun 2026 18:33:08 +0600 Subject: [PATCH] Fix Android 13+ crash and security exposure in DebugBroadcastReceiver Specifies RECEIVER_NOT_EXPORTED flag for API 33+ devices to prevent SecurityException crashes and block unauthorized local apps from accessing the RIB tree hierarchy dump. --- .../debug/broadcast/core/DebugBroadcastReceiver.java | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/tooling/utils/intellij-broadcast-core/src/main/java/com/uber/debug/broadcast/core/DebugBroadcastReceiver.java b/tooling/utils/intellij-broadcast-core/src/main/java/com/uber/debug/broadcast/core/DebugBroadcastReceiver.java index f37a993f2..b932611e5 100644 --- a/tooling/utils/intellij-broadcast-core/src/main/java/com/uber/debug/broadcast/core/DebugBroadcastReceiver.java +++ b/tooling/utils/intellij-broadcast-core/src/main/java/com/uber/debug/broadcast/core/DebugBroadcastReceiver.java @@ -20,6 +20,7 @@ import android.content.Context; import android.content.Intent; import android.content.IntentFilter; +import android.os.Build; import java.util.ArrayList; import java.util.List; @@ -43,7 +44,13 @@ public static void initWithDefaults(Context context, List initialHandle handlers.add(handler); } DebugBroadcastReceiver receiver = new DebugBroadcastReceiver(); - context.registerReceiver(receiver, intent); + + // FIX (F-01): Specifying RECEIVER_NOT_EXPORTED for Android 13+ (API 33+) to prevent SecurityException crashes and unauthorized RIB tree exposure. + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) { + context.registerReceiver(receiver, intent, Context.RECEIVER_NOT_EXPORTED); + } else { + context.registerReceiver(receiver, intent); + } } @Override @@ -93,4 +100,4 @@ public interface Handler { void handle(DebugBroadcastRequest request); } -} + }