Shielding Tool rules files support the following file integrity related options:
verifyAdds the specified file(s) to the integrity check process.
skipVerifyPathExcludes the specified file(s) from the integrity check process.
Verifying General Files
In your Shielding Tool rules file, the verify rule is used in the following manner:
# Verify a single file
verify "assets/my-asset.bin";
# Verify all files in the assets folder
verify "^assets/.*";
# Verify all HTML/JS files in the assets folder
verify "^assets/(.+)\.(html|js)$";If any of the files marked with verify are modified in between integrating App Shielding and running the application, App Shielding reports this as a repackaging event.
By default, all files of the application are specifically not integrity checked at startup due to possible launch time performance considerations. Integrity checks of large files can cause noticeably longer launch times.
Verifying .so files
Verifying a .so file has some additional configuration possibilities. These are specified by expanding the verify rule with { } brackets. For example:
verify "myLib.so" {
...
};The following sub-options are supported:
Option | Description |
|---|---|
| Verifies imported symbols (i.e., GOT function addresses) in the shared library against valid address ranges belonging to the application and Android core libraries. If symbols are hooked by a framework, then addresses will point outside the expected range, and Shield will detect this change when those libraries are used. |
| Skips the given symbol(s) from the |
| More strictly verifies imported symbols by looking up symbols in the library dependencies to confirm they match the source library’s exported addresses. This ensures external function calls are correctly routed. Because this method mimics the dynamic linker, a hooked GOT value will cause a mismatch. Note that the |
| Enforces consistency checks of the text section and looks for differences between build time and runtime. Enabled by default and applies to the whole text section. |
| Disables consistency checks of the text section. |
Wildcards (*) match all available import symbols in the library and can be used with the importedSymbol and importedSymbolValue options.
The following example verifies all versions of the libToCheck.so library inside the APK:
verify "lib/.*/libToCheck\.so" {
importedSymbol *;
importedSymbolValue important_sym@LIBMYLIB;
textSection;
};Considerations
The importedSymbolValue verification option is slightly slower than the importedSymbol option and might result in false alarms on some older devices for a few specific symbols. It is recommended to use the importedSymbolValue option to verify the application’s own native exported symbols and possibly some critical system functions when the protected application can be tested/verified on a broad range of devices. Exports from libc are often overridden by library exports provided by device manufacturers, which might cause problems during verification.
Skipping verification
You can use the skipVerifyPath rule to exclude certain files from the integrity check. This might apply in the following scenarios:
A file that is not present when integrating App Shielding is expected to be there later on. For example, app stores are allowed to inject or change some files. See Troubleshooting Repackaging for more details.
You need to override a previous
verifyrule.
skipVerfiyPath can be applied to a single file or several files using a * wildcard. For example:
# Skip a file
skipVerifyPath "res/xml/locales_config.xml";
# Skip all of the resources
skipVerifyPath "res/*";
# Skip all of the classes.dex files
skipVerifyPath "classes*.dex";
# Skip all of the assets files
skipVerifyPath "assets/*;The
skipVerifyPathrule always overrides averifyrule. If you use a wildcard likeskipVerifyPath "assets/*";, the ruleverify "assets/my-asset.bin";is ignored, and App Shielding will not check the file integrity of assets/my-asset.bin.