Jan 20 2021 07:05 AM
Jan 20 2021 07:05 AM
For our sideloaded app, we have adopted the recommended in the .appxmanifest:
<uap10:Content Enforcement="on" />
However, just now I was messing with some of the config files inside the installed app bundle ("C:\Program Files\WindowsApps\MyApp_126.96.36.199_x64__hc72xxd8n0tfr").
And the app behaves just like normal? What is the expected behavior? I was under the impression that deleting a file in the app installation should render the app unable to start?
I checked the app also has not repaired itself.
Any hints how this should work?
Jan 25 2021 03:09 PM
Thank you for following up with us on this. Are you are including the correct namespace when attempting to use the uap10:PackageIntegrity attribute?
Required Namespace: "http://schemas.microsoft.com/appx/manifest/uap/windows10/10"
Feb 02 2021 11:38 PM
Sorry for the super late reply,
Yes the namespace seems correct to me:
<?xml version="1.0" encoding="utf-8"?> <Package xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" xmlns:mp="http://schemas.microsoft.com/appx/2014/phone/manifest" xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10" xmlns:uap3="http://schemas.microsoft.com/appx/manifest/uap/windows10/3" xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities" xmlns:rescap3="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities/3" xmlns:uap10="http://schemas.microsoft.com/appx/manifest/uap/windows10/10" IgnorableNamespaces="uap mp rescap rescap3 uap10"> ... <Properties> <uap10:PackageIntegrity> <uap10:Content Enforcement="on" /> </uap10:PackageIntegrity> </Properties>
A more detailed description on how this is supposed to work, would really help us here validate if it is working correctly.
Thank you for looking into this and best regards
Feb 06 2021 08:38 AMSolution
To clarify the package integrity option does a light weight check against the trust level ACE to detect tampering of files. Due to I/O and performance we do not do a full rescan of the blockmap. That being said it would not detect deletes. We are adding some full blockmap validation that can be forced in the next version of Windows to help address this. This is a similar experience in the Microsoft Store workflows.
John Vintzel (@jvintzel)
PM Lead, MSIX