Forum Discussion
SajidRavat
Apr 11, 2023Copper Contributor
Isolating JRE within an MSIX container.
I have packaged a legacy version of Java (1.6.27) for a browser application that requires a specific version. The MSIX package works using Edge in Internet Explorer mode. However if there is a l...
Jan 02, 2024
It is interesting the area of the registry that mridulgupta is targeting in the prior reply. Traditionally we attack a subset of the Classes\{CAFFEEFAC- to solve the Java problem.
Over the holidays I have worked on a different json approach, specifically for the java problem in my PSF fork that is in final testing.
That approach adds a different rule (JavaBlocker) that just lists the java version required, which will be simpler for customers to use. Parameters are majorVersion, minorVerson, and updateVersion and hives and regex patterns not required. As Java seems to be the primary need for registry blocking, this would be easier for people to understand how to use. It just takes care of issues like whether the install was the 64- or 32- bit, or user or machine install, without having to embed that in the json.
I've also ported the DeletionMarker rule into my fork for consistency, although I really wish it didn't have a base hive and key and list of values, but a simpler list of values. For general purpose use, I find the single hive/key implementation of this rule limiting. I considered modifying this in my fork version, but opted to implement the same rule as used in the Microsoft fork for consistency.
I expect to release this to my GitHub fork soon, and in the next version of PsfLauncher/TMEditX shortly after that.
Jan 02, 2024
I looked into your proposed fix. The deletion marker you propose would block any java from running inside the container. I do not believe this is what the requester wanted.
I believe that the requester wants to package up a version of java that will work inside the package, but to block the packaged app from access to any newer version of java that is locally deployed. This is often necessary because newer versions of Java are not always backwards compatible, and the customer cannot get an updated application (and yet wants to prevent general use of an older and unsafer version of java).
This is why we target the deletion markers to all future keys of the Classes\{CAFFEEFAC- pattern, which encode the version of java into the key name. So if the package includes up to {CCAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}, which is java 1.7U45, we need to block classes keys above the 45, but also 18 and 19 ranges.
Spoiler
Update: v2023.01.02 of the TimMangan fork has been released with the JavaBlocker rule for RegLegacy.
- mridulguptaJan 09, 2024
Microsoft
We can simply use this regex ^SOFTWARE\\Classes\\CLSID\\(?!{CCAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}) to hide all java versions except java 1.7.0.45
We can be more specific in the regex for custom use cases.