v1.2.0: Default configurations, whitelisting and blacklisting for `:a…

…ntipiracy` scans, dependency updates and maintenance
kevlar-kt · Jan 23, 2024 · 341de24 · 341de24
1 parent f1d292f
commit 341de24
Show file tree

Hide file tree

Showing 17 changed files with 167 additions and 51 deletions.
diff --git a/README.md b/README.md
@@ -123,7 +123,7 @@ For stricter scenarios where higher fidelity and accuracy are required, you shou
 
 ```gradle
 dependencies {
-    implementation 'com.github.kevlar-kt:antipiracy:1.1.1'
+    implementation 'com.github.kevlar-kt:antipiracy:1.2.0'
 }
 ```
 
@@ -132,7 +132,7 @@ dependencies {
 
 ```gradle
 dependencies {
-    implementation 'com.github.kevlar-kt:rooting:1.1.1'
+    implementation 'com.github.kevlar-kt:rooting:1.2.0'
 }
 ```
 
@@ -142,7 +142,7 @@ dependencies {
 
 ```gradle
 dependencies {
-    implementation 'com.github.kevlar-kt:integrity:1.1.1'
+    implementation 'com.github.kevlar-kt:integrity:1.2.0'
 }
 ```
 

diff --git a/antipiracy/build.gradle b/antipiracy/build.gradle
@@ -43,7 +43,7 @@ project.ext.set("module_${ext.module_name}", new ModuleArtifactCoordinates(
         "antipiracy",
 
         // PUBLISH_VERSION
-        "1.1.1",
+        "1.2.0",
 
         // PUBLISH_ARTIFACT_DESC
         "Kevlar Antipiracy",
@@ -61,8 +61,8 @@ apply from: rootProject.file("scripts/commons/library_config.gradle")
  * */
 android {
     defaultConfig {
-        versionName "1.1.1-kevlar-antipiracy"
-        versionCode 1
+        versionName "1.2.0-kevlar-antipiracy"
+        versionCode 2
     }
     namespace 'com.kevlar.antipiracy'
 }
@@ -81,7 +81,7 @@ dependencies {
     testImplementation "junit:junit:4.13.2"
     testImplementation "androidx.test:core:1.5.0"
     testImplementation "org.mockito:mockito-core:5.9.0"
-    testImplementation "com.google.truth:truth:1.2.0"
+    testImplementation "com.google.truth:truth:1.3.0"
     testImplementation "org.robolectric:robolectric:4.11.1"
 }
 

diff --git a/assemble_all.sh b/assemble_all.sh
@@ -0,0 +1,22 @@
+#
+# Designed and developed by Kevlar Contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+
+# if this fails with a warning about java version incompatibility, add a parameter after ./gradlew to change the java home, to a version that works: -Dorg.gradle.java.home=/Library/Java/...
+
+./gradlew antipiracy:assembleRelease --warning-mode all
+./gradlew rooting:assembleRelease --warning-mode all
+./gradlew integrity:assembleRelease --warning-mode all
diff --git a/assemble_and_publish_all.sh b/assemble_and_publish_all.sh
@@ -0,0 +1,22 @@
+#
+# Designed and developed by Kevlar Contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+
+# if this fails with a warning about java version incompatibility, add a parameter after ./gradlew to change the java home, to a version that works: -Dorg.gradle.java.home=/Library/Java/...
+
+./gradlew antipiracy:assembleRelease --warning-mode all && ./gradlew antipiracy:publishReleasePublicationToSonatypeRepository
+./gradlew rooting:assembleRelease --warning-mode all && ./gradlew rooting:publishReleasePublicationToSonatypeRepository
+./gradlew integrity:assembleRelease --warning-mode all && ./gradlew integrity:publishReleasePublicationToSonatypeRepository
diff --git a/build.gradle b/build.gradle
@@ -18,7 +18,7 @@ buildscript {
     dependencies {
         classpath 'com.android.tools.build:gradle:8.2.1'
         classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
-        classpath "com.github.ben-manes:gradle-versions-plugin:0.50.0"
+        classpath "com.github.ben-manes:gradle-versions-plugin:0.51.0"
         classpath 'com.google.dagger:hilt-android-gradle-plugin:2.50'
         classpath 'io.github.gradle-nexus:publish-plugin:1.3.0'
     }

diff --git a/docs/pages/modules/antipiracy/implementation.md b/docs/pages/modules/antipiracy/implementation.md
@@ -8,15 +8,15 @@ A working example for the antipiracy module can be found in the github repositor
 
 	``` java
 	dependencies {
-    	implementation "io.github.kevlar-kt:antipiracy:1.1.1"
+    	implementation "io.github.kevlar-kt:antipiracy:1.2.0"
 	}
 	```
 
 ??? gradle "Kotlin DSL"
 
 	``` kotlin
 	dependencies {
-	    implementation("io.github.kevlar-kt:antipiracy:1.1.1")
+	    implementation("io.github.kevlar-kt:antipiracy:1.2.0")
 	}
 	```
 
@@ -26,7 +26,7 @@ A working example for the antipiracy module can be found in the github repositor
 	<dependency>
 	    <groupId>io.github.kevlar-kt</groupId>
 	    <artifactId>antipiracy</artifactId>
-	    <version>1.1.1</version>
+	    <version>1.2.0</version>
 	    <type>pom</type>
 	</dependency>
 	```

diff --git a/docs/pages/modules/antipiracy/reference.md b/docs/pages/modules/antipiracy/reference.md
@@ -40,6 +40,8 @@ withContext(externalDispatcher) {
 
 You can find all the details about what software is regarded as pirate in the [database](database.md) page.
 
+## Reference
+Here is a list of all the flags and their specification:
 
 ### Pirate Apps 
 The `pirate()` function tells kevlar to scan the application list, and match it against the local dataset for pirate applications.

diff --git a/docs/pages/modules/integrity/implementation.md b/docs/pages/modules/integrity/implementation.md
@@ -25,15 +25,15 @@ the `:showcase` module.
 
 	``` java
 	dependencies {
-    	implementation "io.github.kevlar-kt:integrity:1.1.1"
+    	implementation "io.github.kevlar-kt:integrity:1.2.0"
 	}
 	```
 
 ??? gradle "Kotlin DSL"
 
 	``` kotlin
 	dependencies {
-	    implementation("io.github.kevlar-kt:integrity:1.1.1")
+	    implementation("io.github.kevlar-kt:integrity:1.2.0")
 	}
 	```
 
@@ -43,7 +43,7 @@ the `:showcase` module.
 	<dependency>
 	    <groupId>io.github.kevlar-kt</groupId>
 	    <artifactId>integrity</artifactId>
-	    <version>1.1.1</version>
+	    <version>1.2.0</version>
 	    <type>pom</type>
 	</dependency>
 	```

diff --git a/docs/pages/modules/rooting/implementation.md b/docs/pages/modules/rooting/implementation.md
@@ -8,15 +8,15 @@ A working example for the rooting module can be found in the github repository u
 
 	``` java
 	dependencies {
-    	implementation "io.github.kevlar-kt:rooting:1.1.1"
+    	implementation "io.github.kevlar-kt:rooting:1.2.0"
 	}
 	```
 
 ??? gradle "Kotlin DSL"
 
 	``` kotlin
 	dependencies {
-	    implementation("io.github.kevlar-kt:rooting:1.1.1")
+	    implementation("io.github.kevlar-kt:rooting:1.2.0")
 	}
 	```
 
@@ -26,7 +26,7 @@ A working example for the rooting module can be found in the github repository u
 	<dependency>
 	    <groupId>io.github.kevlar-kt</groupId>
 	    <artifactId>rooting</artifactId>
-	    <version>1.1.1</version>
+	    <version>1.2.0</version>
 	    <type>pom</type>
 	</dependency>
 	```

diff --git a/docs/pages/modules/rooting/reference.md b/docs/pages/modules/rooting/reference.md
@@ -1,5 +1,7 @@
 # Reference
 
+## Configurations
+
 The complete rooting configuration is as follows.
 
 ```kotlin title="Complete Rooting settings"
@@ -23,20 +25,87 @@ private val rooting = KevlarRooting {
 }
 ```
 
-
 !!! warning
 	Bear in mind, this kind of configuration is exhaustive and should be used just in a few cases where you *really* need to detect all of those conditions.
-	Only including what your application's security environment requires is a key step in properly configuring the library.
+	Only including what your application's security environment requires is a key step in properly configuring the library and having an efficient detection mechanism.
+
+
+You can also use the pre-configured scan settings if your configuration is common:
+
+```kotlin title="Automatic settings"
+private val antipiracy = KevlarRooting.Defaults.Standard()
+```
+
+The defaults configurations are:
+
+- `KevlarRooting.Defaults.Standard`: Complete scan, no explicit root access request:
+	- Targets: `root()`, `magisk()`;
+	- Status: `emulator()`, `testKeys()` and standard `selinux()`.
+- `KevlarRooting.Defaults.JustRooting`: Only targets `root()` and `magisk()`, no explicit root access request;
+- `KevlarRooting.Defaults.JustRootingExplicit`: Only targets `root()` and `magisk()`, with explicit root access request;
+- `KevlarRooting.Defaults.JustEmulator`: Only `emulator()` and `testKeys()`;
+- `KevlarRooting.Defaults.Empty`: No scan;
+
 
+## Attestation types
 
-Unlike other Kevlar modules, here you can actually require two different types of attestation: you have `attestateTargets` and `attestateRooting`.
+Unlike other Kevlar modules, here you can actually request two different types of attestation: you have `attestateTargets` and `attestateRooting`.
 Once you require the attestation through any of those two methods, any discrepancies between your expected configuration (w.r.t. the invoked attestation type) and the actual device status will be reported back to you.
 
 ```kotlin
 withContext(externalDispatcher) {
-    val targetAttestation = rooting.attestateTargets(context)
-    val statusAttestation = rooting.attestateStatus()
+    val targetAttestation: TargetRootingAttestation = rooting.attestateTargets(context)
+    val statusAttestation: StatusRootingAttestation = rooting.attestateStatus()
+}
+```
+
+This is done because the checks are completely independent, and so they can be run independently (basing on your needs), or together and in parallel.
+
+They return their own attestation, each containing the security environment discrepancies it was instructed to scan for. (e.g. root access will be included in `TargetRootingAttestation`, while emulator will be in `StatusRootingAttestation`; granted they have been included in the kevlar configuration and they appear in the runtime systems)
+
+??? example "Asynchronous scans"
+	```kotlin
+	withContext(externalDispatcher) {
+	    val targetAttestation = rooting.attestateTargets(context)
+	}
+
+	withContext(externalDispatcher) {
+		val statusAttestation = rooting.attestateStatus()
+	}
+	```
+
+
+## Reference
+Here is a list of all the flags and their specification:
+
+⚠️ Work In Progress, you can find the code responsible for executing the system checks [here](https://github.com/kevlar-kt/kevlar/blob/master/rooting/src/main/kotlin/com/kevlar/rooting/attestator/TargetsAttestator.kt)
+
+### Targets
+
+All of the following flags constitute the targets configuration, which can be requested through `rooting.attestateTargets(context)`, returning a `TargetRootingAttestation`, which can be either `Clear`, `Blank`, `Failed`. In the latter, you have access to the list of targets that you specified in your configuration and that have actually been detected on the host system.
+
+#### Root Access
+
+Root access checks are enabled through the following flag:
+
+```kotlin title="Complete Rooting settings" hl_lines="3"
+private val rooting = KevlarRooting {
+    targets {
+        root()
+    }
 }
 ```
 
+This will run a series of checks to determine whether the `su` binary is present on the host system, without calling `su` directly (as that would imply that your application actively asks for root access as a form of detection, which is a very aggressive technique)
+
+If you need to do so, you can enable this additional check by telling kevlar it is allowed to invoke the `su` binary directly, via `allowExplicitRootCheck()`.
 
+```kotlin title="Complete Rooting settings" hl_lines="6"
+private val rooting = KevlarRooting {
+    targets {
+        root()
+    }
+
+    allowExplicitRootCheck()
+}
+```
diff --git a/docs/pages/overview/dependencies_integration.md b/docs/pages/overview/dependencies_integration.md
@@ -26,15 +26,15 @@ repositories {
 
 	``` java
 	dependencies {
-    	implementation "io.github.kevlar-kt:antipiracy:1.1.1"
+    	implementation "io.github.kevlar-kt:antipiracy:1.2.0"
 	}
 	```
 
 ??? gradle "Kotlin DSL"
 
 	``` kotlin
 	dependencies {
-	    implementation("io.github.kevlar-kt:antipiracy:1.1.1")
+	    implementation("io.github.kevlar-kt:antipiracy:1.2.0")
 	}
 	```
 
@@ -44,7 +44,7 @@ repositories {
 	<dependency>
 	    <groupId>io.github.kevlar-kt</groupId>
 	    <artifactId>antipiracy</artifactId>
-	    <version>1.1.1</version>
+	    <version>1.2.0</version>
 	    <type>pom</type>
 	</dependency>
 	```
@@ -55,15 +55,15 @@ repositories {
 
 	``` java
 	dependencies {
-    	implementation "io.github.kevlar-kt:rooting:1.1.1"
+    	implementation "io.github.kevlar-kt:rooting:1.2.0"
 	}
 	```
 
 ??? gradle "Kotlin DSL"
 
 	``` kotlin
 	dependencies {
-	    implementation("io.github.kevlar-kt:rooting:1.1.1")
+	    implementation("io.github.kevlar-kt:rooting:1.2.0")
 	}
 	```
 
@@ -73,7 +73,7 @@ repositories {
 	<dependency>
 	    <groupId>io.github.kevlar-kt</groupId>
 	    <artifactId>rooting</artifactId>
-	    <version>1.1.1</version>
+	    <version>1.2.0</version>
 	    <type>pom</type>
 	</dependency>
 	```
@@ -85,15 +85,15 @@ repositories {
 
 	``` java
 	dependencies {
-    	implementation "io.github.kevlar-kt:integrity:1.1.1"
+    	implementation "io.github.kevlar-kt:integrity:1.2.0"
 	}
 	```
 
 ??? gradle "Kotlin DSL"
 
 	``` kotlin
 	dependencies {
-	    implementation("io.github.kevlar-kt:integrity:1.1.1")
+	    implementation("io.github.kevlar-kt:integrity:1.2.0")
 	}
 	```
 
@@ -103,7 +103,7 @@ repositories {
 	<dependency>
 	    <groupId>io.github.kevlar-kt</groupId>
 	    <artifactId>integrity</artifactId>
-	    <version>1.1.1</version>
+	    <version>1.2.0</version>
 	    <type>pom</type>
 	</dependency>
 	```