SOLVED

uap10:PackageIntegrity not working?

%3CLINGO-SUB%20id%3D%22lingo-sub-2078940%22%20slang%3D%22en-US%22%3Euap10%3APackageIntegrity%20not%20working%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2078940%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20our%20sideloaded%20app%2C%20we%20have%20adopted%20the%20recommended%20in%20the%20.appxmanifest%3A%3C%2FP%3E%3CP%3E%60%60%60%3C%2FP%3E%3CP%3E%3CPACKAGEINTEGRITY%3E%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%3CCONTENT%20enforcement%3D%22%26quot%3Bon%26quot%3B%22%3E%3C%2FCONTENT%3E%3CBR%20%2F%3E%3C%2FPACKAGEINTEGRITY%3E%3C%2FP%3E%3CP%3E%60%60%60%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20just%20now%20I%20was%20messing%20with%20some%20of%20the%20config%20files%20inside%20the%20installed%20app%20bundle%20(%22C%3A%5CProgram%20Files%5CWindowsApps%5CMyApp_1.5.0.2_x64__hc72xxd8n0tfr%22).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20the%20app%20behaves%20just%20like%20normal%3F%20What%20is%20the%20expected%20behavior%3F%20I%20was%20under%20the%20impression%20that%20deleting%20a%20file%20in%20the%20app%20installation%20should%20render%20the%20app%20unable%20to%20start%3F%26nbsp%3B%3C%2FP%3E%3CP%3EI%20checked%20the%20app%20also%20has%20not%20repaired%20itself.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20hints%20how%20this%20should%20work%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMarvin%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2096009%22%20slang%3D%22en-US%22%3ERe%3A%20uap10%3APackageIntegrity%20not%20working%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2096009%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F548680%22%20target%3D%22_blank%22%3E%40marvin_r%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThank%20you%20for%20following%20up%20with%20us%20on%20this.%20Are%20you%20are%20including%20the%20correct%20namespace%20when%20attempting%20to%20use%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fuwp%2Fschemas%2Fappxpackage%2Fuapmanifestschema%2Felement-uap10-content%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3E%3CU%3Euap10%3APackageIntegrity%3C%2FU%3E%20attribute%3C%2FA%3E%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSTRONG%3ERequired%20Namespace%3C%2FSTRONG%3E%3A%20%22%3CA%20href%3D%22http%3A%2F%2Fschemas.microsoft.com%2Fappx%2Fmanifest%2Fuap%2Fwindows10%2F10%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttp%3A%2F%2Fschemas.microsoft.com%2Fappx%2Fmanifest%2Fuap%2Fwindows10%2F10%3C%2FA%3E%22%3CBR%20%2F%3E%3CBR%20%2F%3EThank%20you%2C%3C%2FP%3E%0A%3CP%3ERoy%20MacLachlan%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi,

 

For our sideloaded app, we have adopted the recommended in the .appxmanifest:

```

<uap10:PackageIntegrity>
   <uap10:Content Enforcement="on" />
</uap10:PackageIntegrity>

```

 

However, just now I was messing with some of the config files inside the installed app bundle ("C:\Program Files\WindowsApps\MyApp_1.5.0.2_x64__hc72xxd8n0tfr").

 

And the app behaves just like normal? What is the expected behavior? I was under the impression that deleting a file in the app installation should render the app unable to start? 

I checked the app also has not repaired itself.

 

Any hints how this should work?

 

Thanks 

 

Marvin

3 Replies

Hi @marvin_r,

 

Thank you for following up with us on this. Are you are including the correct namespace when attempting to use the uap10:PackageIntegrity attribute?

Required Namespace: "http://schemas.microsoft.com/appx/manifest/uap/windows10/10"

Thank you,

Roy MacLachlan

@Roy_MacLachlan 

 

Sorry for the super late reply,

Yes the namespace seems correct to me:

 

 

<?xml version="1.0" encoding="utf-8"?>
<Package xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" 
  xmlns:mp="http://schemas.microsoft.com/appx/2014/phone/manifest"
  xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10"
  xmlns:uap3="http://schemas.microsoft.com/appx/manifest/uap/windows10/3"
 xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities"
 
 xmlns:rescap3="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities/3"
  xmlns:uap10="http://schemas.microsoft.com/appx/manifest/uap/windows10/10" 
  IgnorableNamespaces="uap mp rescap rescap3 uap10">
...

<Properties>
  <uap10:PackageIntegrity>
    <uap10:Content Enforcement="on" />
  </uap10:PackageIntegrity>
</Properties>

 

A more detailed description on how this is supposed to work, would really help us here validate if it is working correctly.

 

Thank you for looking into this and best regards

 

Marvin

Best Response confirmed by marvin_r (Occasional Contributor)
Solution

@marvin_r 

 

To clarify the package integrity option does a light weight check against the trust level ACE to detect tampering of files. Due to I/O and performance we do not do a full rescan of the blockmap.  That being said it would not detect deletes.  We are adding some full blockmap validation that can be forced in the next version of Windows to help address this.  This is a similar experience in the Microsoft Store workflows.

 

John Vintzel (@jvintzel)
PM Lead, MSIX