@cap-kit/integrity 8.0.0-next.6

package/android/src/main/java/io/capkit/integrity/filesystem/IntegrityFilesystemChecks.kt

@@ -0,0 +1,51 @@
+package io.capkit.integrity.filesystem
+
+import io.capkit.integrity.IntegrityCheckOptions
+import io.capkit.integrity.IntegritySignalBuilder
+import java.io.File
+
+/**
+ * Performs filesystem integrity checks related to sandbox escape
+ * and suspicious directory permissions.
+ */
+object IntegrityFilesystemChecks {
+  /**
+   * Attempts to detect sandbox escape by checking write access
+   * to protected system locations without performing mutations.
+   *
+   * NOTE:
+   * - This check is best-effort and heuristic-based
+   * - No filesystem writes are performed (read-only probes)
+   */
+  fun checkSandboxEscape(options: IntegrityCheckOptions): Map<String, Any>? {
+    val protectedPaths =
+      listOf(
+        "/system",
+        "/system/bin",
+        "/system/xbin",
+      )
+
+    return try {
+      for (path in protectedPaths) {
+        val file = File(path)
+        if (file.exists() && file.canWrite()) {
+          return IntegritySignalBuilder.build(
+            id = "android_sandbox_escaped",
+            category = "tamper",
+            confidence = "high",
+            description = "Write access detected on protected system directory",
+            metadata = mapOf("path" to path),
+            options = options,
+          )
+        }
+      }
+      null
+    } catch (_: SecurityException) {
+      // Access denied → expected in a secure environment
+      null
+    } catch (_: Exception) {
+      // Expected failure in a secure environment
+      null
+    }
+  }
+}

package/android/src/main/java/io/capkit/integrity/hook/IntegrityHookChecks.kt

@@ -0,0 +1,61 @@
+package io.capkit.integrity.hook
+
+import io.capkit.integrity.IntegrityError
+import java.io.File
+import java.net.InetSocketAddress
+import java.net.Socket
+
+/**
+ * Detects instrumentation frameworks (like Frida) via memory inspection
+ * and local network port scanning.
+ */
+object IntegrityHookChecks {
+  /**
+   * Frida detection via process memory map inspection.
+   * Looks for known library artifacts in /proc/self/maps.
+   */
+  fun checkFridaMemory(): Boolean {
+    return try {
+      val mapsFile = File("/proc/self/maps")
+      if (mapsFile.exists()) {
+        mapsFile.useLines { lines ->
+          lines.any { it.contains("frida", ignoreCase = true) || it.contains("gadget", ignoreCase = true) }
+        }
+      } else {
+        false
+      }
+    } catch (e: SecurityException) {
+      // Swallowed to allow other checks to complete
+      false
+    } catch (_: Exception) {
+      false
+    }
+  }
+
+  /**
+   * Detects known Frida server ports on localhost.
+   *
+   * @throws IntegrityError.Unavailable If socket access is restricted.
+   */
+  fun checkFridaPorts(): Boolean {
+    val ports = listOf(27042, 27043)
+    val timeoutMs = 1000
+
+    return ports.any { port ->
+      try {
+        Socket().use { socket ->
+          // Use a timeout to prevent long-running blocking calls
+          socket.connect(InetSocketAddress("127.0.0.1", port), timeoutMs)
+          true
+        }
+      } catch (e: SecurityException) {
+        throw IntegrityError.Unavailable(
+          "Socket access denied while checking Frida ports.",
+        )
+      } catch (_: Exception) {
+        // Connection failed or timed out, which is expected in clean environments
+        false
+      }
+    }
+  }
+}

package/android/src/main/java/io/capkit/integrity/remote/IntegrityRemoteAttestor.kt

@@ -0,0 +1,49 @@
+package io.capkit.integrity.remote
+
+import android.content.Context
+import io.capkit.integrity.IntegrityCheckOptions
+
+/**
+ * Handles remote attestation signals (Play Integrity API).
+ *
+ * IMPORTANT:
+ * - Play Integrity is NOT implemented yet.
+ * - Unavailability is reported explicitly.
+ * - The emitted signal is observational only and LOW confidence.
+ */
+object IntegrityRemoteAttestor {
+  /**
+   * Returns a LOW confidence signal indicating that Play Integrity
+   * attestation is not implemented or not available.
+   *
+   * The signal is emitted only when strict mode is requested.
+   */
+  fun getPlayIntegritySignal(
+    context: Context,
+    options: IntegrityCheckOptions,
+  ): Map<String, Any>? {
+    if (options.level != "strict") {
+      return null
+    }
+
+    val signal =
+      mutableMapOf<String, Any>(
+        "id" to "android_play_integrity_unavailable",
+        "category" to "environment",
+        "confidence" to "low",
+        "metadata" to
+          mapOf(
+            "attestation" to "unsupported",
+            "provider" to "play_integrity",
+            "reason" to "not_implemented",
+          ),
+      )
+
+    if (options.includeDebugInfo) {
+      signal["description"] =
+        "Google Play Integrity attestation is not implemented or not available"
+    }
+
+    return signal
+  }
+}

package/android/src/main/java/io/capkit/integrity/root/IntegrityRootDetector.kt

@@ -0,0 +1,136 @@
+package io.capkit.integrity.root
+
+import android.content.Context
+import android.content.pm.PackageManager
+import android.os.Build
+import io.capkit.integrity.IntegrityCheckOptions
+import io.capkit.integrity.IntegrityError
+import io.capkit.integrity.IntegritySignalBuilder
+import java.io.File
+
+/**
+ * Performs root detection using filesystem heuristics and package inspection.
+ */
+object IntegrityRootDetector {
+  private val suPaths =
+    listOf(
+      "/system/bin/su", "/system/xbin/su", "/sbin/su",
+      "/system/app/Superuser.apk", "/system/app/Superuser/Superuser.apk",
+      "/data/local/xbin/su", "/data/local/bin/su", "/system/sd/xbin/su",
+      "/su/bin/su", "/magisk/.core/bin/su", "/system/usr/we-need-root/su-backup/su",
+      "/system/bin/.ext/.su/su", "/system/bin/failsafe/su", "/data/local/su",
+    )
+
+  private val rootPackages =
+    listOf(
+      "com.noshufou.android.su",
+      "com.thirdparty.superuser",
+      "eu.chainfire.supersu",
+      "com.koushikdutta.superuser",
+      "com.zachareew.systemuituner",
+      "com.topjohnwu.magisk",
+      "com.alephzain.framaroot",
+      "org.adaway",
+    )
+
+  /**
+   * Cache process-lifetime for deterministic root signals.
+   *
+   * IMPORTANT:
+   * - Used ONLY for runtime checks
+   * - Boot-time checks MUST bypass this cache
+   */
+  private var cachedRootSignals: List<Map<String, Any>>? = null
+
+  /**
+   * Performs root detection using filesystem heuristics and build metadata.
+   *
+   * @param allowCache
+   *   - true  → reuse cached signals if available (runtime path)
+   *   - false → force fresh detection (boot path)
+   */
+  fun checkRootSignals(
+    options: IntegrityCheckOptions,
+    allowCache: Boolean = true,
+  ): List<Map<String, Any>> {
+    if (allowCache) {
+      cachedRootSignals?.let { return it }
+    }
+
+    val signals = mutableListOf<Map<String, Any>>()
+
+    try {
+      for (path in suPaths) {
+        if (File(path).exists()) {
+          signals.add(
+            IntegritySignalBuilder.build(
+              id = "android_root_su",
+              category = "root",
+              confidence = "high",
+              description = "Presence of su binary detected in system paths",
+              metadata = mapOf("path" to path),
+              options = options,
+            ),
+          )
+          break
+        }
+      }
+    } catch (e: SecurityException) {
+      throw IntegrityError.Unavailable("Filesystem access denied while performing root checks.")
+    }
+
+    if (Build.TAGS?.contains("test-keys") == true) {
+      signals.add(
+        IntegritySignalBuilder.build(
+          id = "android_test_keys",
+          category = "root",
+          confidence = "medium",
+          description = "Device build signed with test keys",
+          metadata = mapOf("tags" to Build.TAGS),
+          options = options,
+        ),
+      )
+    }
+
+    if (allowCache) {
+      cachedRootSignals = signals
+    }
+
+    return signals
+  }
+
+  /**
+   * Checks for the presence of known root management applications.
+   */
+  fun checkRootPackages(
+    context: Context,
+    options: IntegrityCheckOptions,
+  ): List<Map<String, Any>> {
+    val signals = mutableListOf<Map<String, Any>>()
+    val pm = context.packageManager
+
+    for (pkg in rootPackages) {
+      try {
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
+          pm.getPackageInfo(pkg, PackageManager.PackageInfoFlags.of(0))
+        } else {
+          @Suppress("DEPRECATION")
+          pm.getPackageInfo(pkg, 0)
+        }
+
+        signals.add(
+          IntegritySignalBuilder.build(
+            id = "android_root_package",
+            category = "root",
+            confidence = "high",
+            description = "Detected known root management or related application",
+            metadata = mapOf("package" to pkg),
+            options = options,
+          ),
+        )
+      } catch (_: PackageManager.NameNotFoundException) {
+      }
+    }
+    return signals
+  }
+}

package/android/src/main/java/io/capkit/integrity/runtime/IntegrityRuntimeChecks.kt

@@ -0,0 +1,87 @@
+package io.capkit.integrity.runtime
+
+import android.content.Context
+import android.content.pm.PackageManager
+import android.os.Debug
+import io.capkit.integrity.IntegrityCheckOptions
+import io.capkit.integrity.IntegrityError
+import io.capkit.integrity.IntegritySignalBuilder
+
+/**
+ * Runtime integrity checks related to debugging conditions
+ * and application signing integrity.
+ */
+object IntegrityRuntimeChecks {
+  /**
+   * Detects debugging conditions such as attached debuggers or debuggable flags.
+   */
+  fun checkDebugSignals(
+    context: Context,
+    options: IntegrityCheckOptions,
+  ): List<Map<String, Any>> {
+    val debugSignals = mutableListOf<Map<String, Any>>()
+    val isDebuggerConnected = Debug.isDebuggerConnected()
+    val isDebuggable = (context.applicationInfo.flags and android.content.pm.ApplicationInfo.FLAG_DEBUGGABLE) != 0
+
+    if (isDebuggerConnected) {
+      debugSignals.add(
+        IntegritySignalBuilder.build(
+          id = "android_debugger_attached",
+          category = "debug",
+          confidence = "high",
+          description = "A debugger is currently attached to the running process",
+          metadata = mapOf("method" to "Debug.isDebuggerConnected"),
+          options = options,
+        ),
+      )
+    }
+
+    if (isDebuggable) {
+      debugSignals.add(
+        IntegritySignalBuilder.build(
+          id = "android_runtime_debuggable",
+          category = "debug",
+          confidence = "medium",
+          description = "Process is debuggable at runtime",
+          metadata = mapOf("flag" to "FLAG_DEBUGGABLE"),
+          options = options,
+        ),
+      )
+    }
+
+    return debugSignals
+  }
+
+  /**
+   * Performs a basic application signature integrity check.
+   */
+  fun checkAppSignature(context: Context): Boolean {
+    return try {
+      val packageInfo =
+        if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.P) {
+          context.packageManager.getPackageInfo(
+            context.packageName,
+            PackageManager.GET_SIGNING_CERTIFICATES,
+          )
+        } else {
+          @Suppress("DEPRECATION")
+          context.packageManager.getPackageInfo(
+            context.packageName,
+            PackageManager.GET_SIGNATURES,
+          )
+        }
+
+      val signingInfo =
+        if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.P) {
+          packageInfo.signingInfo?.apkContentsSigners
+        } else {
+          @Suppress("DEPRECATION")
+          packageInfo.signatures
+        }
+
+      signingInfo?.isNotEmpty() == true
+    } catch (e: Exception) {
+      throw IntegrityError.InitFailed("Failed to read application signing information.")
+    }
+  }
+}

package/android/src/main/java/io/capkit/integrity/ui/IntegrityBlockActivity.kt

@@ -0,0 +1,173 @@
+package io.capkit.integrity.ui
+
+import android.annotation.SuppressLint
+import android.os.Build
+import android.os.Bundle
+import android.webkit.WebView
+import android.widget.LinearLayout
+import androidx.appcompat.app.AppCompatActivity
+import androidx.appcompat.widget.Toolbar
+import java.io.BufferedReader
+import java.io.InputStreamReader
+
+/**
+ * Dedicated activity used to present the integrity block page.
+ *
+ * Responsibilities:
+ * - Display a developer-provided HTML block page
+ * - Support query parameters (e.g. "reason")
+ * - Optionally allow dismissal via native UI controls
+ *
+ * Security note:
+ * - The block page is NOT dismissible by default
+ * - Dismissal must be explicitly enabled by the host application
+ */
+class IntegrityBlockActivity : AppCompatActivity() {
+  /**
+   * Whether the block page can be dismissed by the user.
+   *
+   * Defaults to false (secure-by-default).
+   */
+  private var dismissible: Boolean = false
+
+  @SuppressLint("SetJavaScriptEnabled")
+  override fun onCreate(savedInstanceState: Bundle?) {
+    super.onCreate(savedInstanceState)
+
+    // -------------------------------------------------------------------------
+    // Read options from Intent
+    // -------------------------------------------------------------------------
+
+    dismissible = intent.getBooleanExtra("dismissible", false)
+
+    // -------------------------------------------------------------------------
+    // Back button handling (modern API)
+    // -------------------------------------------------------------------------
+
+    if (!dismissible) {
+      onBackPressedDispatcher.addCallback(
+        this,
+        object : androidx.activity.OnBackPressedCallback(true) {
+          override fun handleOnBackPressed() {
+            // Intentionally disabled (secure-by-default)
+          }
+        },
+      )
+    }
+
+    // -------------------------------------------------------------------------
+    // Root layout (vertical)
+    // -------------------------------------------------------------------------
+
+    val root =
+      LinearLayout(this).apply {
+        orientation = LinearLayout.VERTICAL
+        layoutParams =
+          LinearLayout.LayoutParams(
+            LinearLayout.LayoutParams.MATCH_PARENT,
+            LinearLayout.LayoutParams.MATCH_PARENT,
+          )
+      }
+
+    // -------------------------------------------------------------------------
+    // Optional native toolbar (dismissible only)
+    // -------------------------------------------------------------------------
+
+    if (dismissible) {
+      val toolbar =
+        Toolbar(this).apply {
+          setNavigationIcon(android.R.drawable.ic_menu_close_clear_cancel)
+          setNavigationOnClickListener { finish() }
+          title = ""
+        }
+
+      root.addView(toolbar)
+    }
+
+    // -------------------------------------------------------------------------
+    // WebView setup
+    // -------------------------------------------------------------------------
+
+    val webView =
+      WebView(this).apply {
+        settings.javaScriptEnabled = true
+        settings.allowContentAccess = false
+        settings.domStorageEnabled = false
+      }
+
+    // Fill remaining space
+    val webViewParams =
+      LinearLayout.LayoutParams(
+        LinearLayout.LayoutParams.MATCH_PARENT,
+        0,
+        1f,
+      )
+    root.addView(webView, webViewParams)
+
+    setContentView(root)
+
+    // -------------------------------------------------------------------------
+    // URL handling
+    // -------------------------------------------------------------------------
+
+    // The plugin always passes the URL explicitly via Intent extras
+    val url = intent.getStringExtra("url") ?: return
+
+    // Remote URLs (http / https) are loaded directly
+    if (url.startsWith("http")) {
+      webView.loadUrl(url)
+      return
+    }
+
+    // -------------------------------------------------------------------------
+    // Local asset loading with query support
+    // -------------------------------------------------------------------------
+
+    // Example:
+    //   url = "public/integrity-block.html?reason=integrity_failed"
+    val assetPath = url.substringBefore("?")
+    val query = url.substringAfter("?", "")
+
+    // Read the HTML asset manually
+    val html = readAsset(assetPath)
+
+    // Use a synthetic base URL so that:
+    // - window.location.search is populated
+    // - relative paths continue to work
+    webView.loadDataWithBaseURL(
+      "file:///android_asset/$assetPath?$query",
+      html,
+      "text/html",
+      "UTF-8",
+      null,
+    )
+
+    // -------------------------------------------------------------------------
+    // Back navigation blocking
+    // -------------------------------------------------------------------------
+
+    // Disable back gesture on Android 13+ (API 33+)
+    if (!dismissible && Build.VERSION.SDK_INT >= 33) {
+      onBackInvokedDispatcher.registerOnBackInvokedCallback(
+        android.window.OnBackInvokedDispatcher.PRIORITY_DEFAULT,
+      ) {
+        // Intentionally disabled
+      }
+    }
+  }
+
+  // ---------------------------------------------------------------------------
+  // Utilities
+  // ---------------------------------------------------------------------------
+
+  /**
+   * Reads a file from the android_asset directory.
+   *
+   * @param path Relative asset path (e.g. "public/integrity-block.html")
+   */
+  private fun readAsset(path: String): String {
+    val inputStream = assets.open(path)
+    val reader = BufferedReader(InputStreamReader(inputStream))
+    return reader.use { it.readText() }
+  }
+}

package/android/src/main/java/io/capkit/integrity/ui/IntegrityUISignals.kt

@@ -0,0 +1,57 @@
+package io.capkit.integrity.ui
+
+import android.content.Context
+import android.view.accessibility.AccessibilityManager
+import io.capkit.integrity.IntegrityCheckOptions
+import io.capkit.integrity.IntegritySignalBuilder
+import io.capkit.integrity.IntegritySignalIds
+
+/**
+ * Detects UI-level attacks such as screen overlays and
+ * suspicious accessibility services.
+ */
+object IntegrityUISignals {
+  /**
+   * Checks for potential overlay attacks (Tapjacking).
+   * Combines accessibility service monitoring and window state heuristics.
+   */
+  fun checkOverlaySignals(
+    context: Context,
+    options: IntegrityCheckOptions,
+  ): Map<String, Any>? {
+    val signals = mutableMapOf<String, Any>()
+    val am = context.getSystemService(Context.ACCESSIBILITY_SERVICE) as AccessibilityManager
+
+    // Heuristic 1: Active Accessibility Services with Touch Exploration
+    // These services can read screen content and inject touches.
+    val isEnabled = am.isEnabled
+    val isTouchExplorationEnabled = am.isTouchExplorationEnabled
+
+    if (isEnabled && isTouchExplorationEnabled) {
+      return IntegritySignalBuilder.build(
+        id = IntegritySignalIds.ANDROID_OVERLAY_DETECTED,
+        category = "tamper",
+        confidence = "medium",
+        description = "Suspicious accessibility service state detected (potential overlay/UI spying)",
+        metadata =
+          mapOf(
+            "accessibility_enabled" to isEnabled,
+            "touch_exploration_enabled" to isTouchExplorationEnabled,
+            "source" to "AccessibilityManager",
+          ),
+        options = options,
+      )
+    }
+
+    // Heuristic 2: Detection via Window Focus (Passive Check)
+    // If the application is active but lacks focus, an overlay might be on top.
+    // This is a passive indicator used to increase the overall tamper score.
+    return null
+  }
+
+  /**
+   * Recommended native security practice:
+   * Developers should also set 'setFilterTouchesWhenObscured(true)'
+   * in their main View to prevent touches when an overlay is present.
+   */
+}

package/android/src/main/java/io/capkit/integrity/utils/IntegrityLogger.kt

@@ -0,0 +1,85 @@
+package io.capkit.integrity.utils
+
+import android.util.Log
+
+/**
+ * Centralized logging utility for the Integrity plugin.
+ *
+ * This logging provides a single entry point for all native logs
+ * and supports runtime-controlled verbose logging.
+ *
+ * The goal is to avoid scattering `if (verbose)` checks across
+ * business logic and keep logging behavior consistent.
+ */
+object IntegrityLogger {
+  /**
+   * Logcat tag used for all plugin logs.
+   * Helps filtering logs during debugging.
+   */
+  private const val TAG = "⚡️ Integrity"
+
+  /**
+   * Controls whether debug logs are printed.
+   *
+   * This flag should be set once during plugin initialization
+   * based on configuration values.
+   */
+  var verbose: Boolean = false
+
+  /**
+   * Prints a debug / verbose log message.
+   *
+   * This method should be used for development-time diagnostics
+   * and is automatically silenced when [verbose] is false.
+   *
+   * @param messages One or more message fragments to be concatenated.
+   */
+  fun debug(vararg messages: String) {
+    if (verbose) {
+      log(TAG, Log.DEBUG, *messages)
+    }
+  }
+
+  /**
+   * Prints an error log message.
+   *
+   * Error logs are always printed regardless of [verbose] state.
+   *
+   * @param message Human-readable error description.
+   * @param e Optional exception for stack trace logging.
+   */
+  fun error(
+    message: String,
+    e: Throwable? = null,
+  ) {
+    val sb = StringBuilder(message)
+    if (e != null) {
+      sb.append(" | Error: ").append(e.message)
+    }
+    Log.e(TAG, sb.toString(), e)
+  }
+
+  /**
+   * Internal low-level log dispatcher.
+   *
+   * Joins message fragments and forwards them to Android's Log API
+   * using the specified priority.
+   */
+  fun log(
+    tag: String,
+    level: Int,
+    vararg messages: String,
+  ) {
+    val sb = StringBuilder()
+    for (msg in messages) {
+      sb.append(msg).append(" ")
+    }
+    when (level) {
+      Log.DEBUG -> Log.d(tag, sb.toString())
+      Log.INFO -> Log.i(tag, sb.toString())
+      Log.WARN -> Log.w(tag, sb.toString())
+      Log.ERROR -> Log.e(tag, sb.toString())
+      else -> Log.v(tag, sb.toString())
+    }
+  }
+}