search

microsoft / win32-app-isolation

Tools and documentation for Win32 app isolation
MIT License
1.26k stars 33 forks source link

Unable to parse manifest after removing `EntryPoint` #55

Closed knightzf closed 9 months ago

knightzf commented 9 months ago

Version

Windows version: Windows 10 22H2 (OS Build 19045.3086) Win32-app-isolation version: v0.1.1

Repro Steps

I tried to follow the document in https://github.com/microsoft/win32-app-isolation/blob/main/docs/packaging/msix-packaging-tool.md and got Unable to parse manifest error when setting the trustlevel.

Before: Capture

After: Capture2

Unexpected Results

image

cchavez-msft commented 9 months ago

Hi, @knightzf. Thank you so much for engaging with us. We appreciate your insights. What we can see is that the OS build is not the right one. It should be at least 25357 as you can see in the link at the end of the Getting Started section of the main page: https://github.com/microsoft/win32-app-isolation/blob/main/relnotes/windows-release-notes.md Please, let us know if this helps.

knightzf commented 9 months ago

@cchavez-msft Thanks for the info! So it'll only work on window 11?

tiangao-ms commented 9 months ago

@cchavez-msft Thanks for the info! So it'll only work on window 11?

The isolated app for now would only work on win 11 with version number > 25357 (I believe it's Windows Insider only now). However, the reason of your specific failure was probably that you forgot to include uap10 header (we've realized that there's a missing piece in our docs and we will fix it soon).

windcloudftw commented 4 weeks ago

same problem in WIP 1000.26241.5000.0

tiangao-ms commented 4 weeks ago

@windcloudftw are you using the MSIX Packaging Tool we provided in our github?

windcloudftw commented 4 weeks ago

@windcloudftw are you using the MSIX Packaging Tool we provided in our github?

yes.The MSIX Packaging Tool reminds me that 'cmd' violates pattern constraint of '\bms-resource:.{1,256}'.This problem did not occur on my wip system last month, and I was able to modify the manifest file and package it normally at that time. This problem seems to have occurred after the recent system upgrade

GF-Huang commented 3 weeks ago

Same issue.

image 
<?xml version="1.0" encoding="utf-8"?>
<Package xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" xmlns:previewsecurity2="http://schemas.microsoft.com/appx/manifest/preview/windows10/security/2" xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10" xmlns:uap10="http://schemas.microsoft.com/appx/manifest/uap/windows10/10" xmlns:desktop7="http://schemas.microsoft.com/appx/manifest/desktop/windows10/7" xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities" IgnorableNamespaces="uap uap10 desktop7 rescap previewsecurity2">
  <!--Package created by MSIX Packaging Tool version: 1.2024.405.0-->
  <Identity Name="WeChat" Publisher="CN=Win32 App Isolation, C=CN" Version="3.9.11.0" ProcessorArchitecture="x64" />
  <Properties>
    <DisplayName>微信</DisplayName>
    <PublisherDisplayName>Win32 App Isolation</PublisherDisplayName>
    <Logo>Assets\StoreLogo.png</Logo>
    <uap10:PackageIntegrity>
      <uap10:Content Enforcement="on" />
    </uap10:PackageIntegrity>
  </Properties>
  <Resources>
    <Resource Language="en-us" />
  </Resources>
  <Dependencies>
    <TargetDeviceFamily Name="Windows.Desktop" MinVersion="10.0.25357.0" MaxVersionTested="10.0.25357.0" />
    <PackageDependency Name="Microsoft.WindowsAppRuntime.1.4" MinVersion="4000.1010.1349.0" Publisher="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" />
  </Dependencies>
  <Applications>
    <Application Id="WECHAT" Executable="VFS\ProgramFilesX64\Tencent\WeChat\WeChat.exe" uap10:TrustLevel="appContainer" previewsecurity2:RuntimeBehavior="appSilo">
      <uap:VisualElements BackgroundColor="transparent" DisplayName="微信" Square150x150Logo="Assets\WECHAT-Square150x150Logo.png" Square44x44Logo="Assets\WECHAT-Square44x44Logo.png" Description="微信">
        <uap:DefaultTile Wide310x150Logo="Assets\WECHAT-Wide310x150Logo.png" Square310x310Logo="Assets\WECHAT-Square310x310Logo.png" Square71x71Logo="Assets\WECHAT-Square71x71Logo.png" />
      </uap:VisualElements>
      <Extensions>
        <desktop7:Extension Category="windows.shortcut">
          <desktop7:Shortcut File="[{Desktop}]\微信.lnk" Icon="[{Package}]\VFS\ProgramFilesX64\Tencent\WeChat\WeChat.exe" />
        </desktop7:Extension>
        <desktop7:Extension Category="windows.shortcut">
          <desktop7:Shortcut File="[{Common Programs}]\微信\微信.lnk" Icon="[{Package}]\VFS\ProgramFilesX64\Tencent\WeChat\WeChat.exe" />
        </desktop7:Extension>
      </Extensions>
    </Application>
  </Applications>
  <Capabilities>
    <Capability Name="internetClient" />
    <rescap:Capability Name="accessoryManager" />
    <rescap:Capability Name="isolatedWin32-print" />
    <rescap:Capability Name="isolatedWin32-sysTrayIcon" />
    <rescap:Capability Name="isolatedWin32-shellExtensionContextMenu" />
    <rescap:Capability Name="isolatedWin32-promptForAccess" />
    <rescap:Capability Name="isolatedWin32-accessToPublisherDirectory" />
    <rescap:Capability Name="isolatedWin32-dotNetBreadcrumbStore" />
    <rescap:Capability Name="isolatedWin32-profilesRootMinimal" />
    <rescap:Capability Name="isolatedWin32-userProfileMinimal" />
    <rescap:Capability Name="isolatedWin32-volumeRootMinimal" />
    <DeviceCapability Name="microphone" />
    <DeviceCapability Name="webcam" />
  </Capabilities>
</Package>

image

tiangao-ms commented 3 weeks ago

yes.The MSIX Packaging Tool reminds me that 'cmd' violates pattern constraint of '\bms-resource:.{1,256}'.This problem did not occur on my wip system last month, and I was able to modify the manifest file and package it normally at that time. This problem seems to have occurred after the recent system upgrade

The MSIX Packaging Tool might be updated so please double check the version.

tiangao-ms commented 3 weeks ago

@GF-Huang - for now, you have to use the exact MSIX Packaging tool we provided in our github release. The officially released version does not have the feature yet. (It will, soon).

GF-Huang commented 3 weeks ago

@GF-Huang - for now, you have to use the exact MSIX Packaging tool we provided in our github release. The officially released version does not have the feature yet. (It will, soon).

But the MS Store version seems later than the Github release version, why it has not the older feature?

tiangao-ms commented 3 weeks ago

But the MS Store version seems later than the Github release version, why it has not the older feature?

Because the version we provided is an internal version, it's customized for Win32 app isolation. The official release requires a longer process, so the feature is not in the latest version yet.