cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

uap10:PackageIntegrity not working?

marvin_r
Copper Contributor

‎Jan 20 2021 07:05 AM

‎Jan 20 2021 07:05 AM

uap10:PackageIntegrity not working?

Hi,

 

For our sideloaded app, we have adopted the recommended in the .appxmanifest:

```

<uap10:PackageIntegrity>
   <uap10:Content Enforcement="on" />
</uap10:PackageIntegrity>

```

 

However, just now I was messing with some of the config files inside the installed app bundle ("C:\Program Files\WindowsApps\MyApp_1.5.0.2_x64__hc72xxd8n0tfr").

 

And the app behaves just like normal? What is the expected behavior? I was under the impression that deleting a file in the app installation should render the app unable to start? 

I checked the app also has not repaired itself.

 

Any hints how this should work?

 

Thanks 

 

Marvin

828 Views
0 Likes
3 Replies
Reply
3 Replies
Roy_MacLachlan

‎Jan 25 2021 03:09 PM

‎Jan 25 2021 03:09 PM

Re: uap10:PackageIntegrity not working?

Hi @marvin_r,

 

Thank you for following up with us on this. Are you are including the correct namespace when attempting to use the uap10:PackageIntegrity attribute?

Required Namespace: "http://schemas.microsoft.com/appx/manifest/uap/windows10/10"

Thank you,

Roy MacLachlan

0 Likes
Reply
marvin_r

‎Feb 02 2021 11:38 PM

‎Feb 02 2021 11:38 PM

Re: uap10:PackageIntegrity not working?

@Roy_MacLachlan 

 

Sorry for the super late reply,

Yes the namespace seems correct to me:

 

 

<?xml version="1.0" encoding="utf-8"?>
<Package xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" 
  xmlns:mp="http://schemas.microsoft.com/appx/2014/phone/manifest"
  xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10"
  xmlns:uap3="http://schemas.microsoft.com/appx/manifest/uap/windows10/3"
 xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities"
 
 xmlns:rescap3="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities/3"
  xmlns:uap10="http://schemas.microsoft.com/appx/manifest/uap/windows10/10" 
  IgnorableNamespaces="uap mp rescap rescap3 uap10">
...

<Properties>
  <uap10:PackageIntegrity>
    <uap10:Content Enforcement="on" />
  </uap10:PackageIntegrity>
</Properties>

 

A more detailed description on how this is supposed to work, would really help us here validate if it is working correctly.

 

Thank you for looking into this and best regards

 

Marvin

0 Likes
Reply
best response confirmed by marvin_r (Copper Contributor)
John Vintzel

‎Feb 06 2021 08:38 AM

‎Feb 06 2021 08:38 AM

Solution

Re: uap10:PackageIntegrity not working?

@marvin_r 

 

To clarify the package integrity option does a light weight check against the trust level ACE to detect tampering of files. Due to I/O and performance we do not do a full rescan of the blockmap.  That being said it would not detect deletes.  We are adding some full blockmap validation that can be forced in the next version of Windows to help address this.  This is a similar experience in the Microsoft Store workflows.

 

John Vintzel (@jvintzel)
PM Lead, MSIX  

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by marvin_r (Copper Contributor)
John Vintzel

‎Feb 06 2021 08:38 AM

‎Feb 06 2021 08:38 AM

Solution

Re: uap10:PackageIntegrity not working?

@marvin_r 

 

To clarify the package integrity option does a light weight check against the trust level ACE to detect tampering of files. Due to I/O and performance we do not do a full rescan of the blockmap.  That being said it would not detect deletes.  We are adding some full blockmap validation that can be forced in the next version of Windows to help address this.  This is a similar experience in the Microsoft Store workflows.

 

John Vintzel (@jvintzel)
PM Lead, MSIX  

View solution in original post

0 Likes
Reply