Rebar Android Data at Rest

Monkton, Inc.

Part of Rebar's compliance with NIAP and other associated security profiles is adherence to the API Boundary for Data at Rest (DAR). DAR compliance for the app is achieved by leveraging Rebar's File Manager, Settings Manager, and Database Manager.

Where appropriate, Rebar implements functionality similar to Android SDK functions to reduce a developers time to learn. Rebar leverages a custom FileSystemProvider as noted below in the File Management section

Package

The io.monkton.rebar.io package provides the main IO functionality for reading and writing files securely from the file system. The functions below describe the major functions necessary to perform the various tasks.

File Management

Rebar leverages a custom FileSystemProvider, the io.monkton.rebar.io.EncryptedFileSystemProvider class to provide an encrypted file system (FileSystem).

Reading and writing to a file is simple, as below:

// Retrieve the singleton instance of the EncryptedFileSystemProvider
val provider = EncryptedFileSystemProvider.instance!!

// Grab the associated FileSystem to work from
val encryptedFileSystem = provider.fileSystem!!

try {

    // Get the path to the app data directory 
    val filesPath = RebarApplicationContext.instance!!.filesDir.absolutePath

    // Generate a path
    val dir = encryptedFileSystem.getPath("$filesPath/sample/sub")

    // Grab the path for the file path
    val path = encryptedFileSystem.getPath("$dir/$fileName")

    // Ensure that the directories exist
    provider.createDirectory(dir)

    // Generate an output stream
    val outStream = provider.newOutputStream(path, StandardOpenOption.CREATE, StandardOpenOption.WRITE)

    try {
        PrintWriter(outStream).use { p -> p.println("Hello") }
        outStream.flush();
        outStream.close();
    } catch (e1: Exception) {
        e1.printStackTrace()
    }

    // Generate an input stream
    val inStream = provider.newInputStream(path, StandardOpenOption.READ)

    // Ensure it exists
    if (inStream != null) {
        val inputStreamReader = InputStreamReader(inStream).buffered()

        // Read all the text
        inputStreamReader.useLines {
            lines -> lines.forEach { receiveString += it }
        }
    }

} catch (ex: Exception) {
    ex.printStackTrace()
}

Settings Management

Rebar provides an encrypted settings manager io.monkton.rebar.settings.SettingsManager to store settings securely. All settings will be stored with AES-256 encryption. A limitation of the secure settings is they can only be accessed after the user has authenticated.

SettingsManager can store both secure and insecure settings, depending on the need. By default, you should leverage the saveSecureSetting and getSecureSetting methods to set and retrieve settings. The convenience methods getBool, setBool, getInt, setInt all leverage the secure setting storage.

There are aptly named getNonsecureSetting and saveNonsecureSetting methods to save settings in a non-secure manner. We only suggest using these for settings required OUTSIDE of an authenticated session that are not sensitive.

Database Management

Rebar allows for apps to have zero to many databases for managing data. To configure databases for your app please visit here