Forum Discussion
uap10:PackageIntegrity not working?
Hi,
For our sideloaded app, we have adopted the recommended in the .appxmanifest:
```
<uap10:PackageIntegrity>
<uap10:Content Enforcement="on" />
</uap10:PackageIntegrity>
```
However, just now I was messing with some of the config files inside the installed app bundle ("C:\Program Files\WindowsApps\MyApp_1.5.0.2_x64__hc72xxd8n0tfr").
And the app behaves just like normal? What is the expected behavior? I was under the impression that deleting a file in the app installation should render the app unable to start?
I checked the app also has not repaired itself.
Any hints how this should work?
Thanks
Marvin
To clarify the package integrity option does a light weight check against the trust level ACE to detect tampering of files. Due to I/O and performance we do not do a full rescan of the blockmap. That being said it would not detect deletes. We are adding some full blockmap validation that can be forced in the next version of Windows to help address this. This is a similar experience in the Microsoft Store workflows.
John Vintzel (@jvintzel)
PM Lead, MSIX
3 Replies
- Roy_MacLachlan
Microsoft
Hi marvin_r,
Thank you for following up with us on this. Are you are including the correct namespace when attempting to use the uap10:PackageIntegrity attribute?
Required Namespace: "http://schemas.microsoft.com/appx/manifest/uap/windows10/10"
Thank you,Roy MacLachlan
Sorry for the super late reply,
Yes the namespace seems correct to me:
<?xml version="1.0" encoding="utf-8"?> <Package xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" xmlns:mp="http://schemas.microsoft.com/appx/2014/phone/manifest" xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10" xmlns:uap3="http://schemas.microsoft.com/appx/manifest/uap/windows10/3" xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities" xmlns:rescap3="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities/3" xmlns:uap10="http://schemas.microsoft.com/appx/manifest/uap/windows10/10" IgnorableNamespaces="uap mp rescap rescap3 uap10"> ... <Properties> <uap10:PackageIntegrity> <uap10:Content Enforcement="on" /> </uap10:PackageIntegrity> </Properties>A more detailed description on how this is supposed to work, would really help us here validate if it is working correctly.
Thank you for looking into this and best regards
Marvin
To clarify the package integrity option does a light weight check against the trust level ACE to detect tampering of files. Due to I/O and performance we do not do a full rescan of the blockmap. That being said it would not detect deletes. We are adding some full blockmap validation that can be forced in the next version of Windows to help address this. This is a similar experience in the Microsoft Store workflows.
John Vintzel (@jvintzel)
PM Lead, MSIX
